Mail archive
alpine-aports

[alpine-aports] [PATCH] main/libressl: upgrade to 2.5.4

From: Valery Kartel <valery.kartel_at_gmail.com>
Date: Wed, 3 May 2017 09:58:12 +0300

---
 main/libressl/APKBUILD                | 14 ++++++++------
 main/libressl/fix-CVE-2017-8301.patch | 32 --------------------------------
 2 files changed, 8 insertions(+), 38 deletions(-)
 delete mode 100644 main/libressl/fix-CVE-2017-8301.patch
diff --git a/main/libressl/APKBUILD b/main/libressl/APKBUILD
index 94129859b4..aae777bfd8 100644
--- a/main/libressl/APKBUILD
+++ b/main/libressl/APKBUILD
_at_@ -7,9 +7,9 @@
 #     - CVE-2017-8301
 #
 pkgname=libressl
-pkgver=2.5.3
+pkgver=2.5.4
 _namever=${pkgname}${pkgver%.*}
-pkgrel=1
+pkgrel=0
 pkgdesc="Version of the TLS/crypto stack forked from OpenSSL"
 url="http://www.libressl.org/"
 arch="all"
_at_@ -21,8 +21,7 @@ makedepends="$makedepends_host"
 replaces="openssl"
 subpackages="$pkgname-dbg $_namever-libcrypto:_libs $_namever-libssl:_libs
 	$_namever-libtls:_libs $pkgname-dev $pkgname-doc"
-source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz
-	fix-CVE-2017-8301.patch"
+source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz"
 builddir="$srcdir/$pkgname-$pkgver"
 
 build() {
_at_@ -40,6 +39,10 @@ build() {
 	make || return 1
 }
 
+check() {
+	make -C "$builddir" check
+}
+
 package() {
 	cd "$builddir"
 	make DESTDIR="$pkgdir" install || return 1
_at_@ -63,5 +66,4 @@ _libs() {
 	done
 }
 
-sha512sums="e5ba2abb8a0835a025d2777d9c0e8e95813777af8167e322d8e5ae20485c32b628ced77141b156fd3619b65a5afae1a5bc90a7252166a9a54f7e3d23388b3bd0  libressl-2.5.3.tar.gz
-cc4da197c9ba0c80f45f0141e3ec80bbce5dcd4f815a3b55e26dc7fc5930f15078907a1ed1ac79e852966b1d63f48b09d9c98a766211dee88c42fc06477f862f  fix-CVE-2017-8301.patch"
+sha512sums="8ca86c14af0020c90bef4651892799864938dab9d898172269cb78bad5963314e064f2b4c46e6a04e0b85d1eddbd1840b734803c11ceec8fd6bb1290e0fe204c  libressl-2.5.4.tar.gz"
diff --git a/main/libressl/fix-CVE-2017-8301.patch b/main/libressl/fix-CVE-2017-8301.patch
deleted file mode 100644
index c6684b25d0..0000000000
--- a/main/libressl/fix-CVE-2017-8301.patch
+++ /dev/null
_at_@ -1,32 +0,0 @@
-From: Jakub Jirutka <jakub_at_jirutka.cz>
-Date: Thu, 27 Apr 2017 20:02:00 +0200
-Subject: [PATCH] Fix CVE-2017-8301
-
-This patch reverts commit ddd98f8ea741a122952185a36c1396c14c2fda74
-that introduced the vulnerability.
-
-See also:
-
-* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8301
-* https://github.com/libressl-portable/portable/issues/307
-* https://github.com/libressl-portable/openbsd/commit/ddd98f8ea741a122952185a36c1396c14c2fda74
-
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-_at_@ -541,15 +541,7 @@
- 	/* Safety net, error returns must set ctx->error */
- 	if (ok <= 0 && ctx->error == X509_V_OK)
- 		ctx->error = X509_V_ERR_UNSPECIFIED;
--
--	/*
--	 * Safety net, if user provided verify callback indicates sucess
--	 * make sure they have set error to X509_V_OK
--	 */
--	if (ctx->verify_cb != null_callback && ok == 1)
--		ctx->error = X509_V_OK;
--
--	return(ctx->error == X509_V_OK);
-+	return ok;
- }
- 
- /* Given a STACK_OF(X509) find the issuer of cert (if any)
-- 
2.12.2
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Wed May 03 2017 - 09:58:12 GMT