From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C5FF2158094 for ; Wed, 29 Jun 2022 00:08:48 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CE1C1E0ABB; Wed, 29 Jun 2022 00:08:47 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 75445E0ABB for ; Wed, 29 Jun 2022 00:08:47 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 508D634183A for ; Wed, 29 Jun 2022 00:08:46 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id ED2CB501 for ; Wed, 29 Jun 2022 00:08:44 +0000 (UTC) From: "Sam James" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Sam James" Message-ID: <1656461282.4237aff222a1f435f3cd335ddfcdda9513290d28.sam@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: profiles/ X-VCS-Repository: repo/gentoo X-VCS-Files: profiles/package.mask X-VCS-Directories: profiles/ X-VCS-Committer: sam X-VCS-Committer-Name: Sam James X-VCS-Revision: 4237aff222a1f435f3cd335ddfcdda9513290d28 X-VCS-Branch: master Date: Wed, 29 Jun 2022 00:08:44 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: d9442195-bc45-488a-ae6d-861489932c07 X-Archives-Hash: eb9ac58cebf12c49a0e25a601f6741e1 commit: 4237aff222a1f435f3cd335ddfcdda9513290d28 Author: Sam James gentoo org> AuthorDate: Wed Jun 29 00:07:53 2022 +0000 Commit: Sam James gentoo org> CommitDate: Wed Jun 29 00:08:02 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4237aff2 profiles: mask broken OpenSSL versions I should've pre-emptively masked these before to explain to avoid someone bumping them. See: e7b9a095de5e6f78668385223fa6ccd9fdeb36ae See: ac22f739ccb5a81016f42859ec489d9fdbc416dd See: e509d05a877800358c778520f149e51c978ca0f4 Signed-off-by: Sam James gentoo.org> profiles/package.mask | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/profiles/package.mask b/profiles/package.mask index c454d1c3be13..1e9b1d33bf8c 100644 --- a/profiles/package.mask +++ b/profiles/package.mask @@ -33,6 +33,15 @@ #--- END OF EXAMPLES --- +# Sam James (2022-06-29) +# Pre-emptively mask broken upstream versions. +# 1. openssl 1.1.1o fails tests (https://github.com/openssl/openssl/issues/18619) +# 2. openssl 3.0.4 has a buffer overflow w/ AVX512 (https://github.com/openssl/openssl/issues/18625) +# Gentoo isn't vulnerable to the original CVE which caused these releases +# (CVE-2022-2068) as we have our own rehash script. +=dev-libs/openssl-1.1.1p +=dev-libs/openssl-3.0.4 + # Piotr Karbowski (2022-06-26) # Abandoned upstream, depends on API that no longer exists. # Removal on 2022-07-26.