Summary: | [Tracker] Denial of service in OpenSSL/LibreSSL X509 parser (CVE-2020-1971) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bugs-gentoo01 |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 759079, 759175 | ||
Bug Blocks: |
Description
Sam James
2020-12-10 17:37:08 UTC
I'm running openssl-1.0.2u (https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/openssl-1.0.2u.ebuild) with this patches from ubuntu: https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.5 What I did: * Created a new overlay (for testing) * Extracted debian/patches/CVE-2020-1971-*.patch from https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openssl1.0/1.0.2n-1ubuntu5.5/openssl1.0_1.0.2n-1ubuntu5.5.debian.tar.xz * Put them in ./files dir of dev-libs/openssl * Copied openssl-1.0.2u.ebuild to openssl-1.0.2u-r1.ebuild * Adjusted openssl-1.0.2u-r1.ebuild * Added to the start of the src_prepare() section: --cut-- epatch "${FILESDIR}"/CVE-2020-1971-1.patch epatch "${FILESDIR}"/CVE-2020-1971-2.patch epatch "${FILESDIR}"/CVE-2020-1971-3.patch epatch "${FILESDIR}"/CVE-2020-1971-4.patch epatch "${FILESDIR}"/CVE-2020-1971-5.patch --cut-- Dead tracker, closing. |