Mail archive
alpine-aports

[alpine-aports] [PATCH] community/h2o: security upgrade to 2.2.5 (CVE-2018-0608)

From: Bennett Goble <nivardus_at_gmail.com>
Date: Fri, 1 Jun 2018 19:53:03 -0700

---
 community/h2o/APKBUILD                 | 10 ++---
 community/h2o/h2o-libressl-2.7.0.patch | 14 +++++++
 community/h2o/libressl-2.7.patch       | 58 --------------------------
 3 files changed, 19 insertions(+), 63 deletions(-)
 create mode 100644 community/h2o/h2o-libressl-2.7.0.patch
 delete mode 100644 community/h2o/libressl-2.7.patch
diff --git a/community/h2o/APKBUILD b/community/h2o/APKBUILD
index b8a9dbeb8c..3b30d5e417 100644
--- a/community/h2o/APKBUILD
+++ b/community/h2o/APKBUILD
_at_@ -1,8 +1,8 @@
 # Contributor: Bennett Goble <nivardus_at_gmail.com>
 # Maintainer: Bennett Goble <nivardus_at_gmail.com>
 pkgname=h2o
-pkgver=2.2.4
-pkgrel=2
+pkgver=2.2.5
+pkgrel=0
 pkgdesc="An optimized HTTP/1, HTTP/2 server written in C"
 url="https://h2o.examp1e.net"
 arch="all"
_at_@ -12,7 +12,7 @@ makedepends="cmake ruby ruby-dev bison zlib-dev wslay-dev libressl-dev libuv-dev
 install="$pkgname.pre-install"
 subpackages="$pkgname-dev $pkgname-doc"
 source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz
-	libressl-2.7.patch
+	h2o-libressl-2.7.0.patch
 	h2o.conf
 	h2o.initd
 	h2o.logrotate"
_at_@ -49,8 +49,8 @@ package() {
 	install -m700 -d "$pkgdir"/var/log/$pkgname
 }
 
-sha512sums="508ebe93b890f573e735d9b1f9c91a669144be3523e34fb7455227fd10b38e04a5db73e706fe8d05849fea3019e792754097871c073715c9eef4eae7c33560b5  h2o-2.2.4.tar.gz
-5e30cadf7ad0fcecadb56c60eb71f8e4eee2f6f46977d48744a5f0e965251948dc9c5543295211c695d440f9568e04b13108c1c163f092ac6cae718fd2b02ef7  libressl-2.7.patch
+sha512sums="24b07140d24fbb7796038aab44f44be5ffabc6f2841954273e2ad9f1a864e5482051dd7abfa6446297a46b6868763114695fa4f123ee3175bdac53b4c1868bc2  h2o-2.2.5.tar.gz
+ac0b587cc55124a350b42470d1f514f6cb4624914f92bcc3ed125909e98ef62101d452c098bb381f71b1becd7d21bc6a0d33c3890db72e92976d373406623e6f  h2o-libressl-2.7.0.patch
 444f55c3eaae1f349223036086e45c983ea8be89e793068537ec25488c4065174bc509d0987ddc65a0357cb8acfec272e90d13ea7cdadf9cf112953d857aa574  h2o.conf
 e93e66a6b00b1bff94e37489c5fdf99d9d657adc63975ec54be30f8da23dafe7d7389f02a6452ed819efc9d8398aa716782a7fd6d8509621a975ed954b73bef9  h2o.initd
 3d2c9e36c48cbb974d0691e4af8e9eb8f13e3bebb98a30417cdc87e76a4b5cddc4e4f665ebea26b95174287b95d002fdc3363f30ffcf15247fcd0530fe1abfcc  h2o.logrotate"
diff --git a/community/h2o/h2o-libressl-2.7.0.patch b/community/h2o/h2o-libressl-2.7.0.patch
new file mode 100644
index 0000000000..ba4cdbd652
--- /dev/null
+++ b/community/h2o/h2o-libressl-2.7.0.patch
_at_@ -0,0 +1,14 @@
+diff --git a/deps/neverbleed/neverbleed.c b/deps/neverbleed/neverbleed.c
+index 29b35a9..42356a6 100644
+--- a/deps/neverbleed/neverbleed.c
++++ b/deps/neverbleed/neverbleed.c
+_at_@ -547,7 +547,7 @@ static int sign_stub(struct expbuf_t *buf)
+     return 0;
+ }
+
+-#if !OPENSSL_1_1_API
++#if !OPENSSL_1_1_API && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL)
+
+ static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+ {
+
diff --git a/community/h2o/libressl-2.7.patch b/community/h2o/libressl-2.7.patch
deleted file mode 100644
index 2cd722ff82..0000000000
--- a/community/h2o/libressl-2.7.patch
+++ /dev/null
_at_@ -1,58 +0,0 @@
-From 85b7f561f3bb546b13718f495a354a6b9ecd5d03 Mon Sep 17 00:00:00 2001
-From: AIZAWA Hina <hina_at_bouhime.com>
-Date: Fri, 23 Mar 2018 23:30:20 +0900
-Subject: [PATCH] Add supporting LibreSSL 2.7
-
-Signed-off-by: AIZAWA Hina <hina_at_bouhime.com>
----
- include/h2o/openssl_backport.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/include/h2o/openssl_backport.h b/include/h2o/openssl_backport.h
-index b24440e80..72cc43c45 100644
---- a/include/h2o/openssl_backport.h
-+++ b/include/h2o/openssl_backport.h
-_at_@ -25,7 +25,7 @@
- #include <stdlib.h>
- 
- /* backports for OpenSSL 1.0.2 */
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- 
- #define BIO_get_data(bio) ((bio)->ptr)
- #define BIO_set_data(bio, p) ((bio)->ptr = (p))
-_at_@ -57,7 +57,7 @@ static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
- #endif
- 
- /* backports for OpenSSL 1.0.1 and LibreSSL */
--#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
-+#if OPENSSL_VERSION_NUMBER < 0x10002000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- 
- #define SSL_is_server(ssl) ((ssl)->server)
- 
-diff --git a/deps/neverbleed/neverbleed.c b/deps/neverbleed/neverbleed.c
-index 29b35a9..2caea00 100644
---- a/deps/neverbleed/neverbleed.c
-+++ b/deps/neverbleed/neverbleed.c
-_at_@ -547,7 +547,7 @@ static int sign_stub(struct expbuf_t *buf)
-     return 0;
- }
- 
--#if !OPENSSL_1_1_API
-+#if !OPENSSL_1_1_API && !(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL)
- 
- static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
- {
-diff --git a/deps/picotls/lib/openssl.c b/deps/picotls/lib/openssl.c
-index 70ec0d0..50db1cf 100644
---- a/deps/picotls/lib/openssl.c
-+++ b/deps/picotls/lib/openssl.c
-_at_@ -35,7 +35,7 @@
- #include "picotls.h"
- #include "picotls/openssl.h"
- 
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER))
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
- #define OPENSSL_1_0_API 1
- #else
- #define OPENSSL_1_0_API 0
-- 
2.17.1
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Fri Jun 01 2018 - 19:53:03 GMT