git: 617228983fd2 - 2022Q2 - security/openssl-quictls: Security patch for CVE-2022-2068

From: Bernard Spil <brnrd_at_FreeBSD.org>
Date: Sat, 25 Jun 2022 11:05:18 UTC
The branch 2022Q2 has been updated by brnrd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=617228983fd2d49639186b02f72fdd15c1fec3ed

commit 617228983fd2d49639186b02f72fdd15c1fec3ed
Author:     Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2022-06-25 11:03:35 +0000
Commit:     Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2022-06-25 11:05:12 +0000

    security/openssl-quictls: Security patch for CVE-2022-2068
    
    Security:       4eeb93bf-f204-11ec-8fbd-d4c9ef517024
    MFH:            2022Q2
    (cherry picked from commit 21e8fd3ad74fbb8c52d375aec9bc77e4c1cb53d4)
---
 security/openssl-quictls/Makefile                  |  1 +
 security/openssl-quictls/files/patch-CVE-2022-2068 | 23 ++++++++++++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/security/openssl-quictls/Makefile b/security/openssl-quictls/Makefile
index 2ca92fb4b599..77b5247f56ba 100644
--- a/security/openssl-quictls/Makefile
+++ b/security/openssl-quictls/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	openssl
 PORTVERSION=	3.0.3
+PORTREVISION=	1
 CATEGORIES=	security devel
 PKGNAMESUFFIX=	-quictls
 
diff --git a/security/openssl-quictls/files/patch-CVE-2022-2068 b/security/openssl-quictls/files/patch-CVE-2022-2068
new file mode 100644
index 000000000000..367fd562181b
--- /dev/null
+++ b/security/openssl-quictls/files/patch-CVE-2022-2068
@@ -0,0 +1,23 @@
+From 8a3579a7b7067a983e69a4eda839ac408c120739 Mon Sep 17 00:00:00 2001
+From: Tomas Mraz <tomas@openssl.org>
+Date: Mon, 13 Jun 2022 17:10:15 +0200
+Subject: [PATCH] c_rehash: Drop the issuer_name_hash= prefix from the CRL hash
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+Reviewed-by: Matt Caswell <matt@openssl.org>
+---
+ tools/c_rehash.in | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/tools/c_rehash.in b/tools/c_rehash.in
+index 2f735d68c9c8..343cdc1e7575 100644
+--- tools/c_rehash.in.orig
++++ tools/c_rehash.in
+@@ -222,6 +222,7 @@ sub link_hash {
+                                        "-fingerprint", "-noout",
+                                        "-in", $fname);
+     chomp $hash;
++    $hash =~ s/^.*=// if !$is_cert;
+     chomp $fprint;
+     return if !$hash;
+     $fprint =~ s/^.*=//;