---
main/libressl/APKBUILD | 14 ++++++++------
main/libressl/fix-CVE-2017-8301.patch | 32 --------------------------------
2 files changed, 8 insertions(+), 38 deletions(-)
delete mode 100644 main/libressl/fix-CVE-2017-8301.patch
diff --git a/main/libressl/APKBUILD b/main/libressl/APKBUILD
index 94129859b4..aae777bfd8 100644
--- a/main/libressl/APKBUILD
+++ b/main/libressl/APKBUILD
@@ -7,9 +7,9 @@
# - CVE-2017-8301
#
pkgname=libressl
-pkgver=2.5.3
+pkgver=2.5.4
_namever=${pkgname}${pkgver%.*}
-pkgrel=1
+pkgrel=0
pkgdesc="Version of the TLS/crypto stack forked from OpenSSL"
url="http://www.libressl.org/"
arch="all"
@@ -21,8 +21,7 @@ makedepends="$makedepends_host"
replaces="openssl"
subpackages="$pkgname-dbg $_namever-libcrypto:_libs $_namever-libssl:_libs
$_namever-libtls:_libs $pkgname-dev $pkgname-doc"
-source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz
- fix-CVE-2017-8301.patch"
+source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz"
builddir="$srcdir/$pkgname-$pkgver"
build() {
@@ -40,6 +39,10 @@ build() {
make || return 1
}
+check() {
+ make -C "$builddir" check
+}
+
package() {
cd "$builddir"
make DESTDIR="$pkgdir" install || return 1
@@ -63,5 +66,4 @@ _libs() {
done
}
-sha512sums="e5ba2abb8a0835a025d2777d9c0e8e95813777af8167e322d8e5ae20485c32b628ced77141b156fd3619b65a5afae1a5bc90a7252166a9a54f7e3d23388b3bd0 libressl-2.5.3.tar.gz
-cc4da197c9ba0c80f45f0141e3ec80bbce5dcd4f815a3b55e26dc7fc5930f15078907a1ed1ac79e852966b1d63f48b09d9c98a766211dee88c42fc06477f862f fix-CVE-2017-8301.patch"
+sha512sums="8ca86c14af0020c90bef4651892799864938dab9d898172269cb78bad5963314e064f2b4c46e6a04e0b85d1eddbd1840b734803c11ceec8fd6bb1290e0fe204c libressl-2.5.4.tar.gz"
diff --git a/main/libressl/fix-CVE-2017-8301.patch b/main/libressl/fix-CVE-2017-8301.patch
deleted file mode 100644
index c6684b25d0..0000000000
--- a/main/libressl/fix-CVE-2017-8301.patch
@@ -1,32 +0,0 @@
-From: Jakub Jirutka <jakub@jirutka.cz>
-Date: Thu, 27 Apr 2017 20:02:00 +0200
-Subject: [PATCH] Fix CVE-2017-8301
-
-This patch reverts commit ddd98f8ea741a122952185a36c1396c14c2fda74
-that introduced the vulnerability.
-
-See also:
-
-* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8301
-* https://github.com/libressl-portable/portable/issues/307
-* https://github.com/libressl-portable/openbsd/commit/ddd98f8ea741a122952185a36c1396c14c2fda74
-
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -541,15 +541,7 @@
- /* Safety net, error returns must set ctx->error */
- if (ok <= 0 && ctx->error == X509_V_OK)
- ctx->error = X509_V_ERR_UNSPECIFIED;
--
-- /*
-- * Safety net, if user provided verify callback indicates sucess
-- * make sure they have set error to X509_V_OK
-- */
-- if (ctx->verify_cb != null_callback && ok == 1)
-- ctx->error = X509_V_OK;
--
-- return(ctx->error == X509_V_OK);
-+ return ok;
- }
-
- /* Given a STACK_OF(X509) find the issuer of cert (if any)
--
2.12.2
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---