X-Original-To: alpine-aports@lists.alpinelinux.org
Received: from mail-lf0-f67.google.com (mail-lf0-f67.google.com [209.85.215.67])
	by lists.alpinelinux.org (Postfix) with ESMTP id BAE955C0D98
	for <alpine-aports@lists.alpinelinux.org>; Thu,  2 Feb 2017 14:00:06 +0000 (GMT)
Received: by mail-lf0-f67.google.com with SMTP id v186so1491249lfa.2
        for <alpine-aports@lists.alpinelinux.org>; Thu, 02 Feb 2017 06:00:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id;
        bh=H9UvQ8q1/w3BBhK601QlpDrrz09XGg4HDDmPgYJYJZE=;
        b=R7NIWcDPurmiX8ThuzLCKjLHVOX3D5+wzmZsP17BmtvhxcON/2JB+8ZE0CZul8QOyX
         cCzcq9ORWpTJwFzJmUvVAgs+46+CNLq+rJU1xPxYQxa3L0byIV+MVMEb/zRrfWWL1zGR
         eEail4HLGAouPm6dop0PfzouT/SDJ38ODqMTRUuHKkJRnQKYYka+3Q70O4kTNua7kvT+
         ol8nxZSQ+U/qGoS5/4cm7egPEAn8dG13dDZ0alDYUZCCn2EmM7aM5eg2MKSZwO85q1Oc
         qrdXpN3kuSUIffQZ4CcMh3eUexTqXlWjkMjWjxXyW4JOk3v0Nmcq3KK4XUU8WHH/Rfuh
         Raow==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id;
        bh=H9UvQ8q1/w3BBhK601QlpDrrz09XGg4HDDmPgYJYJZE=;
        b=GAe1FR8S27KSlw1lblbX2HRmu7CY/ipHFo0scemMYPVJIL11N2nVIphi7sNEr05IdV
         7flE4g/KMSSYcIV/JNSeDO78uRIPZCHR50MkaROuf3ttX/z8to2TK5Fh4MfV7V1a+nua
         x+VqXQaTmj7dk38ExVcBmeLgQcvaw864eemBjR9+c1y0ewsXwXMfXc+Tk0Xf2MCraFDN
         nr48BG+m4ZbJ846dSeNu9qN2BIcmNqR7IFplx4OTJgMbs6GdjQcdlm1+9JhnIk5PpCDQ
         o2ADJxRn78Y0c0U+95YytHF8sFmDBNEtMxhSM8YLlZR+scOHnvOWaEkSEI9+SROyiC+2
         K2vA==
X-Gm-Message-State: AIkVDXJq5HCvnfQ1iUHWQva9GrM70baVEjYHnaVJiu3m0xsc+3bwEBqMFUOiwtAXlVIvtA==
X-Received: by 10.46.22.15 with SMTP id w15mr3413653ljd.35.1486044005578;
        Thu, 02 Feb 2017 06:00:05 -0800 (PST)
Received: from edge.util.wtbts.net ([83.145.235.199])
        by smtp.gmail.com with ESMTPSA id u30sm509586ljd.4.2017.02.02.06.00.04
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 02 Feb 2017 06:00:04 -0800 (PST)
From: Sergei Lukin <sergej.lukin@gmail.com>
To: alpine-aports@lists.alpinelinux.org
Cc: Sergei Lukin <sergej.lukin@gmail.com>
Subject: [alpine-aports] [PATCH edge] main/libevent: security upgrade to 2.1.8 - fixes #6798
Date: Thu,  2 Feb 2017 13:59:57 +0000
Message-Id: <20170202135957.21333-1-sergej.lukin@gmail.com>
X-Mailer: git-send-email 2.11.0
X-Mailinglist: alpine-aports
Precedence: list
List-Id: Alpine Development <alpine-aports.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-aports+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-aports@lists.alpinelinux.org>
List-Help: <mailto:alpine-aports+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-aports+subscribe@lists.alpinelinux.org?subject=subscribe>

CVE-2016-10195: dns remote stack overread vulnerability
CVE-2016-10196: (stack) buffer overflow in evutil_parse_sockaddr_port()
CVE-2016-10197: out-of-bounds read in search_make_new()
---
 main/libevent/APKBUILD       | 35 +++++++++++-----
 main/libevent/libressl.patch | 97 ++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 121 insertions(+), 11 deletions(-)
 create mode 100644 main/libevent/libressl.patch

diff --git a/main/libevent/APKBUILD b/main/libevent/APKBUILD
index 13ec0052c2..e57a59855e 100644
--- a/main/libevent/APKBUILD
+++ b/main/libevent/APKBUILD
@@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libevent
-pkgver=2.0.22
-pkgrel=1
+pkgver=2.1.8
+pkgrel=0
 pkgdesc="An event notification library"
 url="http://libevent.org/"
 arch="all"
@@ -10,16 +11,25 @@ depends=""
 depends_dev="python2"
 makedepends="$depends_dev libressl-dev"
 subpackages="$pkgname-dev"
-source="https://github.com/$pkgname/$pkgname/releases/download/release-${pkgver}-stable/$pkgname-${pkgver}-stable.tar.gz"
-_builddir="$srcdir"/$pkgname-$pkgver-stable
+source="https://github.com/$pkgname/$pkgname/releases/download/release-${pkgver}-stable/$pkgname-${pkgver}-stable.tar.gz
+	libressl.patch
+	"
+
+# secfixes:
+#   2.1.8-r0:
+#   - CVE-2016-10195
+#   - CVE-2016-10196
+#   - CVE-2016-10197
+
+builddir="$srcdir"/$pkgname-$pkgver-stable
 
 prepare() {
-	cd "$_builddir"
-	update_config_sub || return 1
+	cd "$builddir"
+	default_prepare || return 1
 }
 
 build() {
-	cd "$_builddir"
+	cd "$builddir"
 	./configure \
 		--build=$CBUILD \
 		--host=$CHOST \
@@ -31,7 +41,7 @@ build() {
 }
 
 package() {
-	cd "$_builddir"
+	cd "$builddir"
 	make -j1 DESTDIR=$pkgdir install || return 1
 }
 
@@ -41,6 +51,9 @@ dev() {
 	mv "$pkgdir"/usr/bin "$subpkgdir"/usr/
 }
 
-md5sums="c4c56f986aa985677ca1db89630a2e11  libevent-2.0.22-stable.tar.gz"
-sha256sums="71c2c49f0adadacfdbe6332a372c38cf9c8b7895bb73dabeaa53cdcc1d4e1fa3  libevent-2.0.22-stable.tar.gz"
-sha512sums="990637f12e890bfa7f86c194c8b112701436e92b60afb829194879efb85d558b986261e6508fe29bde73981feada874438e2d442cec8ea5730c889954f9bc907  libevent-2.0.22-stable.tar.gz"
+md5sums="f3eeaed018542963b7d2416ef1135ecc  libevent-2.1.8-stable.tar.gz
+281a6844632a5e7d76f39a0f858f7ff3  libressl.patch"
+sha256sums="965cc5a8bb46ce4199a47e9b2c9e1cae3b137e8356ffdad6d94d3b9069b71dc2  libevent-2.1.8-stable.tar.gz
+81ccaf983f8e3e46b19f293b49c32887da53f6daeb843cee9052aabf194df458  libressl.patch"
+sha512sums="a2fd3dd111e73634e4aeb1b29d06e420b15c024d7b47778883b5f8a4ff320b5057a8164c6d50b53bd196c79d572ce2639fe6265e03a93304b09c22b41e4c2a17  libevent-2.1.8-stable.tar.gz
+10abdd9195826739144b2164c2b95a65a7202ed7e1d202ec6f149e286377ee0726f05172ffabcfc6cf83b2832d883bb15632d9323f6907106580989c7af7ee95  libressl.patch"
diff --git a/main/libevent/libressl.patch b/main/libevent/libressl.patch
new file mode 100644
index 0000000000..21a750c2c3
--- /dev/null
+++ b/main/libevent/libressl.patch
@@ -0,0 +1,97 @@
+diff -ru a/openssl-compat.h b/openssl-compat.h
+--- a/openssl-compat.h
++++ b/openssl-compat.h
+@@ -1,7 +1,7 @@
+ #ifndef OPENSSL_COMPAT_H
+ #define OPENSSL_COMPAT_H
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 
+ static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
+ {
+@@ -30,6 +30,6 @@
+ 
+ #define TLS_method SSLv23_method
+ 
+-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
+ 
+ #endif /* OPENSSL_COMPAT_H */
+diff -ru a/sample/https-client.c b/sample/https-client.c
+--- a/sample/https-client.c
++++ b/sample/https-client.c
+@@ -312,7 +312,7 @@
+ 	}
+ 	uri[sizeof(uri) - 1] = '\0';
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	// Initialize OpenSSL
+ 	SSL_library_init();
+ 	ERR_load_crypto_strings();
+@@ -480,7 +480,7 @@
+ 		SSL_CTX_free(ssl_ctx);
+ 	if (type == HTTP && ssl)
+ 		SSL_free(ssl);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	EVP_cleanup();
+ 	ERR_free_strings();
+ 
+@@ -492,7 +492,7 @@
+ 	CRYPTO_cleanup_all_ex_data();
+ 
+ 	sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
+-#endif /*OPENSSL_VERSION_NUMBER < 0x10100000L */
++#endif /*OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) */
+ 
+ #ifdef _WIN32
+ 	WSACleanup();
+diff -ru a/sample/le-proxy.c b/sample/le-proxy.c
+--- a/sample/le-proxy.c
++++ b/sample/le-proxy.c
+@@ -259,7 +259,7 @@
+ 
+ 	if (use_ssl) {
+ 		int r;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 		SSL_library_init();
+ 		ERR_load_crypto_strings();
+ 		SSL_load_error_strings();
+diff -ru a/sample/openssl_hostname_validation.c b/sample/openssl_hostname_validation.c
+--- a/sample/openssl_hostname_validation.c
++++ b/sample/openssl_hostname_validation.c
+@@ -48,7 +48,7 @@
+ 
+ #define HOSTNAME_MAX_SIZE 255
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ #define ASN1_STRING_get0_data ASN1_STRING_data
+ #endif
+ 
+diff -ru a/test/regress_ssl.c b/test/regress_ssl.c
+--- a/test/regress_ssl.c
++++ b/test/regress_ssl.c
+@@ -186,7 +186,7 @@
+ void
+ init_ssl(void)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	SSL_library_init();
+ 	ERR_load_crypto_strings();
+ 	SSL_load_error_strings();
+@@ -194,6 +194,10 @@
+ 	if (SSLeay() != OPENSSL_VERSION_NUMBER) {
+ 		TT_DECLARE("WARN", ("Version mismatch for openssl: compiled with %lx but running with %lx", (unsigned long)OPENSSL_VERSION_NUMBER, (unsigned long) SSLeay()));
+ 	}
++	if (SSLeay() != LIBRESSL_VERSION_NUMBER) {
++		TT_DECLARE("WARN", ("Version mismatch for libressl: compiled with %lx but running with %lx", (unsigned long)LIBRESSL_VERSION_NUMBER, (unsigned long) SSLeay()));
++	}
++
+ #endif
+ }
+ 
-- 
2.11.0



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---