diff options
| author |   Sam James <sam@gentoo.org> | 2022-06-29 00:07:53 +0000 |
|---|---|---|
| committer | Sam James <sam@gentoo.org> | 2022-06-29 00:08:02 +0000 |
| commit | 4237aff222a1f435f3cd335ddfcdda9513290d28 (patch) | |
| tree | d04711c484117e74222d72840b9f8d6453684b35 | |
| parent | Revert "dev-libs/openssl: add 1.1.1p" (diff) | |
| download | gentoo-4237aff222a1f435f3cd335ddfcdda9513290d28.tar.gz gentoo-4237aff222a1f435f3cd335ddfcdda9513290d28.tar.bz2 gentoo-4237aff222a1f435f3cd335ddfcdda9513290d28.zip | |
profiles: mask broken OpenSSL versions
I should've pre-emptively masked these before to explain to avoid
someone bumping them.
See: e7b9a095de5e6f78668385223fa6ccd9fdeb36ae
See: ac22f739ccb5a81016f42859ec489d9fdbc416dd
See: e509d05a877800358c778520f149e51c978ca0f4
Signed-off-by: Sam James <sam@gentoo.org>
| -rw-r--r-- | profiles/package.mask | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/profiles/package.mask b/profiles/package.mask index c454d1c3be13..1e9b1d33bf8c 100644 --- a/profiles/package.mask +++ b/profiles/package.mask @@ -33,6 +33,15 @@ #--- END OF EXAMPLES --- +# Sam James <sam@gentoo.org> (2022-06-29) +# Pre-emptively mask broken upstream versions. +# 1. openssl 1.1.1o fails tests (https://github.com/openssl/openssl/issues/18619) +# 2. openssl 3.0.4 has a buffer overflow w/ AVX512 (https://github.com/openssl/openssl/issues/18625) +# Gentoo isn't vulnerable to the original CVE which caused these releases +# (CVE-2022-2068) as we have our own rehash script. +=dev-libs/openssl-1.1.1p +=dev-libs/openssl-3.0.4 + # Piotr Karbowski <slashbeast@gentoo.org> (2022-06-26) # Abandoned upstream, depends on API that no longer exists. # Removal on 2022-07-26. |