diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2015-12-05 07:42:01 -0500 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2015-12-05 07:42:01 -0500 |
| commit | 1ace67d81ba5a5bee571ed3b171187dc3c8b76c7 (patch) | |
| tree | 0217a62bf457934d1dcc3f5dd8acc948589e5799 /dev-libs/libressl/files | |
| parent | profiles/package.mask: Mask dev-java/{jpf,jpfcodegen} for removal. See bug 56... (diff) | |
| download | gentoo-1ace67d81ba5a5bee571ed3b171187dc3c8b76c7.tar.gz gentoo-1ace67d81ba5a5bee571ed3b171187dc3c8b76c7.tar.bz2 gentoo-1ace67d81ba5a5bee571ed3b171187dc3c8b76c7.zip | |
dev-libs/libressl: add upstream patch to address CVE-2015-3194, bug #567564
Package-Manager: portage-2.2.20.1
Diffstat (limited to 'dev-libs/libressl/files')
| -rw-r--r-- | dev-libs/libressl/files/libressl-2.2.4-clientcert.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch new file mode 100644 index 000000000000..ac2f88e2b901 --- /dev/null +++ b/dev-libs/libressl/files/libressl-2.2.4-clientcert.patch @@ -0,0 +1,35 @@ +untrusted comment: signature from openbsd 5.8 base secret key +RWQNNZXtC/MqP8u13/pPZfTpPeHhU93PG0DBihXvQ7lB0CvONLwoTfHr9f40s515bidPGcGLAH4xu+yz3skT6b3tKETEWZw8BgA= + +OpenBSD 5.8 errata 9, Dec 3, 2015: + +CVE-2015-3194 - NULL pointer dereference in client certificate validation + +Apply by doing: + signify -Vep /etc/signify/openbsd-58-base.pub -x 009_clientcert.patch.sig \ + -m - | (cd /usr/src && patch -p0) + +And then rebuild and install libcrypto: + cd /usr/src/lib/libcrypto + make obj + make depend + make + make install + +Index: lib/libssl/src/crypto/rsa/rsa_ameth.c +=================================================================== +RCS file: /cvs/src/lib/libssl/src/crypto/rsa/rsa_ameth.c,v +retrieving revision 1.14 +retrieving revision 1.14.6.1 +diff -u -p -u -p -r1.14 -r1.14.6.1 +--- lib/libssl/src/crypto/rsa/rsa_ameth.c 11 Feb 2015 04:05:14 -0000 1.14 ++++ lib/libssl/src/crypto/rsa/rsa_ameth.c 4 Dec 2015 04:13:43 -0000 1.14.6.1 +@@ -298,7 +298,7 @@ rsa_pss_decode(const X509_ALGOR *alg, X5 + if (pss->maskGenAlgorithm) { + ASN1_TYPE *param = pss->maskGenAlgorithm->parameter; + if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1 && +- param->type == V_ASN1_SEQUENCE) { ++ param && param->type == V_ASN1_SEQUENCE) { + p = param->value.sequence->data; + plen = param->value.sequence->length; + *pmaskHash = d2i_X509_ALGOR(NULL, &p, plen); |