CVE-2016-10128: smart_pkt: verify packet length exceeds PKT_LEN_SIZE
CVE-2016-10129: smart_pkt: treat empty packet lines as error
CVE-2016-10130: http: check certificate validity before clobbering the error variable
---
main/libgit2/APKBUILD | 14 ++++++++++++--
main/libgit2/libressl.patch | 12 ++++++++++++
2 files changed, 24 insertions(+), 2 deletions(-)
create mode 100644 main/libgit2/libressl.patch
diff --git a/main/libgit2/APKBUILD b/main/libgit2/APKBUILD
index 8082165..c1e8098 100644
--- a/main/libgit2/APKBUILD
+++ b/main/libgit2/APKBUILD
@@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Sören Tempel <soeren+alpine@soeren-tempel.net>
# Contributor: Pierre-Gilas MILLON <pgmillon@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libgit2
-pkgver=0.24.3
+pkgver=0.24.6
# Maintenance Release. It contains fixes for CVE-2016-8568 and CVE-2016-8569
pkgrel=0
pkgdesc="A linkable library for Git"
@@ -14,7 +15,16 @@ depends_dev="curl-dev libssh2-dev"
makedepends="$depends_dev python cmake zlib-dev openssl-dev"
install=""
subpackages="$pkgname-dev $pkgname-libs"
-source="$pkgname-$pkgver.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/v${pkgver}.tar.gz"
+source="$pkgname-$pkgver.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/v${pkgver}.tar.gz
+ libressl.patch
+ "
+
+# secfixes:
+# 0.24.6-r0:
+# - CVE-2016-10128
+# - CVE-2016-10129
+# - CVE-2016-10130
+
builddir="$srcdir/$pkgname-$pkgver"
build() {
diff --git a/main/libgit2/libressl.patch b/main/libgit2/libressl.patch
new file mode 100644
index 0000000..967cdc4
--- /dev/null
+++ b/main/libgit2/libressl.patch
@@ -0,0 +1,12 @@
+diff -ru src.orig/libgit2-0.25.1/src/openssl_stream.h src/libgit2-0.25.1/src/openssl_stream.h
+--- libgit2-0.25.1/src/copenssl_stream.h.orig
++++ libgit2-0.25.1/src/openssl_stream.h
+@@ -27,7 +27,7 @@
+
+
+
+-# if OPENSSL_VERSION_NUMBER < 0x10100000L
++# if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+
+ GIT_INLINE(BIO_METHOD*) BIO_meth_new(int type, const char *name)
+ {
--
2.8.3
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---