~alpine/aports

[alpine-aports] [PATCH edge] main/libevent: security upgrade to 2.1.8 - fixes #6798

Sergei Lukin <sergej.lukin@gmail.com>
Details
Message ID
<20170202135957.21333-1-sergej.lukin@gmail.com>
Sender timestamp
1486043997
DKIM signature
missing
Download raw message
7 years ago
Patch: +121 -11 
CVE-2016-10195: dns remote stack overread vulnerability
CVE-2016-10196: (stack) buffer overflow in evutil_parse_sockaddr_port()
CVE-2016-10197: out-of-bounds read in search_make_new()
---
 main/libevent/APKBUILD       | 35 +++++++++++-----
 main/libevent/libressl.patch | 97 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 121 insertions(+), 11 deletions(-)
 create mode 100644 main/libevent/libressl.patch

diff --git a/main/libevent/APKBUILD b/main/libevent/APKBUILD
index 13ec0052c2..e57a59855e 100644
--- a/main/libevent/APKBUILD
+++ b/main/libevent/APKBUILD
@@ -1,7 +1,8 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=libevent
pkgver=2.0.22
pkgrel=1
pkgver=2.1.8
pkgrel=0
pkgdesc="An event notification library"
url="http://libevent.org/"
arch="all"
@@ -10,16 +11,25 @@ depends=""
depends_dev="python2"
makedepends="$depends_dev libressl-dev"
subpackages="$pkgname-dev"
source="https://github.com/$pkgname/$pkgname/releases/download/release-${pkgver}-stable/$pkgname-${pkgver}-stable.tar.gz"
_builddir="$srcdir"/$pkgname-$pkgver-stable
source="https://github.com/$pkgname/$pkgname/releases/download/release-${pkgver}-stable/$pkgname-${pkgver}-stable.tar.gz
	libressl.patch
	"

# secfixes:
#   2.1.8-r0:
#   - CVE-2016-10195
#   - CVE-2016-10196
#   - CVE-2016-10197

builddir="$srcdir"/$pkgname-$pkgver-stable

prepare() {
	cd "$_builddir"
	update_config_sub || return 1
	cd "$builddir"
	default_prepare || return 1
}

build() {
	cd "$_builddir"
	cd "$builddir"
	./configure \
		--build=$CBUILD \
		--host=$CHOST \
@@ -31,7 +41,7 @@ build() {
}

package() {
	cd "$_builddir"
	cd "$builddir"
	make -j1 DESTDIR=$pkgdir install || return 1
}

@@ -41,6 +51,9 @@ dev() {
	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
}

md5sums="c4c56f986aa985677ca1db89630a2e11  libevent-2.0.22-stable.tar.gz"
sha256sums="71c2c49f0adadacfdbe6332a372c38cf9c8b7895bb73dabeaa53cdcc1d4e1fa3  libevent-2.0.22-stable.tar.gz"
sha512sums="990637f12e890bfa7f86c194c8b112701436e92b60afb829194879efb85d558b986261e6508fe29bde73981feada874438e2d442cec8ea5730c889954f9bc907  libevent-2.0.22-stable.tar.gz"
md5sums="f3eeaed018542963b7d2416ef1135ecc  libevent-2.1.8-stable.tar.gz
281a6844632a5e7d76f39a0f858f7ff3  libressl.patch"
sha256sums="965cc5a8bb46ce4199a47e9b2c9e1cae3b137e8356ffdad6d94d3b9069b71dc2  libevent-2.1.8-stable.tar.gz
81ccaf983f8e3e46b19f293b49c32887da53f6daeb843cee9052aabf194df458  libressl.patch"
sha512sums="a2fd3dd111e73634e4aeb1b29d06e420b15c024d7b47778883b5f8a4ff320b5057a8164c6d50b53bd196c79d572ce2639fe6265e03a93304b09c22b41e4c2a17  libevent-2.1.8-stable.tar.gz
10abdd9195826739144b2164c2b95a65a7202ed7e1d202ec6f149e286377ee0726f05172ffabcfc6cf83b2832d883bb15632d9323f6907106580989c7af7ee95  libressl.patch"
diff --git a/main/libevent/libressl.patch b/main/libevent/libressl.patch
new file mode 100644
index 0000000000..21a750c2c3
--- /dev/null
+++ b/main/libevent/libressl.patch
@@ -0,0 +1,97 @@
diff -ru a/openssl-compat.h b/openssl-compat.h
--- a/openssl-compat.h
+++ b/openssl-compat.h
@@ -1,7 +1,7 @@
 #ifndef OPENSSL_COMPAT_H
 #define OPENSSL_COMPAT_H
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 
 static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
 {
@@ -30,6 +30,6 @@
 
 #define TLS_method SSLv23_method
 
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
 
 #endif /* OPENSSL_COMPAT_H */
diff -ru a/sample/https-client.c b/sample/https-client.c
--- a/sample/https-client.c
+++ b/sample/https-client.c
@@ -312,7 +312,7 @@
 	}
 	uri[sizeof(uri) - 1] = '\0';
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 	// Initialize OpenSSL
 	SSL_library_init();
 	ERR_load_crypto_strings();
@@ -480,7 +480,7 @@
 		SSL_CTX_free(ssl_ctx);
 	if (type == HTTP && ssl)
 		SSL_free(ssl);
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 	EVP_cleanup();
 	ERR_free_strings();
 
@@ -492,7 +492,7 @@
 	CRYPTO_cleanup_all_ex_data();
 
 	sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
-#endif /*OPENSSL_VERSION_NUMBER < 0x10100000L */
+#endif /*OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
 
 #ifdef _WIN32
 	WSACleanup();
diff -ru a/sample/le-proxy.c b/sample/le-proxy.c
--- a/sample/le-proxy.c
+++ b/sample/le-proxy.c
@@ -259,7 +259,7 @@
 
 	if (use_ssl) {
 		int r;
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 		SSL_library_init();
 		ERR_load_crypto_strings();
 		SSL_load_error_strings();
diff -ru a/sample/openssl_hostname_validation.c b/sample/openssl_hostname_validation.c
--- a/sample/openssl_hostname_validation.c
+++ b/sample/openssl_hostname_validation.c
@@ -48,7 +48,7 @@
 
 #define HOSTNAME_MAX_SIZE 255
 
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 #define ASN1_STRING_get0_data ASN1_STRING_data
 #endif
 
diff -ru a/test/regress_ssl.c b/test/regress_ssl.c
--- a/test/regress_ssl.c
+++ b/test/regress_ssl.c
@@ -186,7 +186,7 @@
 void
 init_ssl(void)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
 	SSL_library_init();
 	ERR_load_crypto_strings();
 	SSL_load_error_strings();
@@ -194,6 +194,10 @@
 	if (SSLeay() != OPENSSL_VERSION_NUMBER) {
 		TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay()));
 	}
+	if (SSLeay() != LIBRESSL_VERSION_NUMBER) {
+		TT_DECLARE("WARN", ("Version mismatch for libressl: compiled with %lx but running with %lx", (unsigned long)LIBRESSL_VERSION_NUMBER, (unsigned long) SSLeay()));
+	}
+
 #endif
 }
 
-- 
2.11.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)