diff options
author | V3n3RiX <venerix@koprulu.sector> | 2023-03-28 21:51:32 +0100 |
---|---|---|
committer | V3n3RiX <venerix@koprulu.sector> | 2023-03-28 21:51:32 +0100 |
commit | c55c2cf7b5e5e8ce7f21c53ee7996c2ea918279d (patch) | |
tree | e8bb447a647aa737a0da2ede957972eb72e7dcd4 /dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch | |
parent | d41bd0acd3d0cd850cdd815b12e69ee2c89c5697 (diff) |
gentoo auto-resync : 28:03:2023 - 21:51:31
Diffstat (limited to 'dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch')
-rw-r--r-- | dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch new file mode 100644 index 000000000000..9a315f4c00fd --- /dev/null +++ b/dev-libs/openssl/files/openssl-3.1.0-CVE-2023-0466.patch @@ -0,0 +1,41 @@ +commit fc814a30fc4f0bc54fcea7d9a7462f5457aab061 +Author: Tomas Mraz <tomas@openssl.org> +Date: Tue Mar 21 16:15:47 2023 +0100 + + Fix documentation of X509_VERIFY_PARAM_add0_policy() + + The function was incorrectly documented as enabling policy checking. + + Fixes: CVE-2023-0466 + + Reviewed-by: Paul Dale <pauli@openssl.org> + Reviewed-by: Matt Caswell <matt@openssl.org> + (Merged from https://github.com/openssl/openssl/pull/20562) + +diff --git a/doc/man3/X509_VERIFY_PARAM_set_flags.pod b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +index 20aea99b5b..fcbbfc4c30 100644 +--- a/doc/man3/X509_VERIFY_PARAM_set_flags.pod ++++ b/doc/man3/X509_VERIFY_PARAM_set_flags.pod +@@ -98,8 +98,9 @@ B<trust>. + X509_VERIFY_PARAM_set_time() sets the verification time in B<param> to + B<t>. Normally the current time is used. + +-X509_VERIFY_PARAM_add0_policy() enables policy checking (it is disabled +-by default) and adds B<policy> to the acceptable policy set. ++X509_VERIFY_PARAM_add0_policy() adds B<policy> to the acceptable policy set. ++Contrary to preexisting documentation of this function it does not enable ++policy checking. + + X509_VERIFY_PARAM_set1_policies() enables policy checking (it is disabled + by default) and sets the acceptable policy set to B<policies>. Any existing +@@ -400,6 +401,10 @@ The X509_VERIFY_PARAM_get_hostflags() function was added in OpenSSL 1.1.0i. + The X509_VERIFY_PARAM_get0_host(), X509_VERIFY_PARAM_get0_email(), + and X509_VERIFY_PARAM_get1_ip_asc() functions were added in OpenSSL 3.0. + ++The function X509_VERIFY_PARAM_add0_policy() was historically documented as ++enabling policy checking however the implementation has never done this. ++The documentation was changed to align with the implementation. ++ + =head1 COPYRIGHT + + Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved. |