commit: 0c759747d0b7d726e0ab72fab846f912a3716c83 Author: itZzenXX <codeberg.giovanni <AT> aleeas <DOT> com> AuthorDate: Sat Oct 2 20:41:42 2021 +0000 Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com> CommitDate: Sat Oct 2 21:53:38 2021 +0000 URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=0c759747
Rev bump LibreSSL 3.4.0-r1: patch to fix CVE-2021-41581 Signed-off-by: itZzenXX <codeberg.giovanni <AT> aleeas.com> Closes: https://github.com/gentoo/libressl/pull/360 Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com> dev-libs/libressl/files/libressl-3.4.0-x509.patch | 51 ++++++++++++++++++++++ ...ressl-3.4.0.ebuild => libressl-3.4.0-r1.ebuild} | 3 ++ profiles/package.mask | 4 ++ 3 files changed, 58 insertions(+) diff --git a/dev-libs/libressl/files/libressl-3.4.0-x509.patch b/dev-libs/libressl/files/libressl-3.4.0-x509.patch new file mode 100644 index 0000000..c7d83e0 --- /dev/null +++ b/dev-libs/libressl/files/libressl-3.4.0-x509.patch @@ -0,0 +1,51 @@ +diff --git a/crypto/x509/x509_constraints.c b/crypto/x509/x509_constraints.c +index fade58c..9ad5d4b 100644 +--- a/crypto/x509/x509_constraints.c ++++ b/crypto/x509/x509_constraints.c +@@ -339,16 +339,16 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, + if (c == '.') + goto bad; + } +- if (wi > DOMAIN_PART_MAX_LEN) +- goto bad; + if (accept) { ++ if (wi > DOMAIN_PART_MAX_LEN) ++ goto bad; + working[wi++] = c; + accept = 0; + continue; + } + if (candidate_local != NULL) { + /* We are looking for the domain part */ +- if (wi > DOMAIN_PART_MAX_LEN) ++ if (wi >= DOMAIN_PART_MAX_LEN) + goto bad; + working[wi++] = c; + if (i == len - 1) { +@@ -363,7 +363,7 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, + continue; + } + /* We are looking for the local part */ +- if (wi > LOCAL_PART_MAX_LEN) ++ if (wi >= LOCAL_PART_MAX_LEN) + break; + + if (quoted) { +@@ -383,6 +383,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, + */ + if (c == 9) + goto bad; ++ if (wi >= LOCAL_PART_MAX_LEN) ++ goto bad; + working[wi++] = c; + continue; /* all's good inside our quoted string */ + } +@@ -412,6 +414,8 @@ x509_constraints_parse_mailbox(uint8_t *candidate, size_t len, + } + if (!local_part_ok(c)) + goto bad; ++ if (wi >= LOCAL_PART_MAX_LEN) ++ goto bad; + working[wi++] = c; + } + if (candidate_local == NULL || candidate_domain == NULL) diff --git a/dev-libs/libressl/libressl-3.4.0.ebuild b/dev-libs/libressl/libressl-3.4.0-r1.ebuild similarity index 96% rename from dev-libs/libressl/libressl-3.4.0.ebuild rename to dev-libs/libressl/libressl-3.4.0-r1.ebuild index b92c362..5b10386 100644 --- a/dev-libs/libressl/libressl-3.4.0.ebuild +++ b/dev-libs/libressl/libressl-3.4.0-r1.ebuild @@ -40,6 +40,9 @@ src_prepare() { Makefile.in || die "Removing tests failed" fi + # CVE-2021-41581 + eapply "${FILESDIR}"/${PN}-3.4.0-x509.patch + eapply "${FILESDIR}"/${PN}-2.8.3-solaris10.patch #eapply "${FILESDIR}"/${PN}-3.2.2-build.patch eapply_user diff --git a/profiles/package.mask b/profiles/package.mask index bac8f13..6689349 100644 --- a/profiles/package.mask +++ b/profiles/package.mask @@ -1,4 +1,8 @@ # 2021-10-02 # LibreSSL 3.4.0 is causing build issues on many packages. # Masked until build issues are solved. +=dev-libs/libressl-3.4.0-r1 + +# 2021-10-02 +# This version is affected by a vulnerability: CVE-2021-41581 =dev-libs/libressl-3.4.0