X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail.infogroup.kiev.ua (tera.infogroup.kiev.ua [195.144.25.26]) by lists.alpinelinux.org (Postfix) with ESMTP id C9CB85C4A81 for ; Wed, 3 May 2017 06:58:22 +0000 (GMT) Received: from ost.org.ua ([195.144.25.230] helo=alpine.ost.org.ua) by mail.infogroup.kiev.ua with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80.1) (envelope-from ) id 1d5oEv-0005lD-Vj for alpine-aports@lists.alpinelinux.org; Wed, 03 May 2017 09:58:22 +0300 From: Valery Kartel To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] [PATCH] main/libressl: upgrade to 2.5.4 Date: Wed, 3 May 2017 09:58:12 +0300 Message-Id: <20170503065812.24854-1-valery.kartel@gmail.com> X-Mailer: git-send-email 2.12.2 Sender: droid@infogroup.kiev.ua X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: --- main/libressl/APKBUILD | 14 ++++++++------ main/libressl/fix-CVE-2017-8301.patch | 32 -------------------------------- 2 files changed, 8 insertions(+), 38 deletions(-) delete mode 100644 main/libressl/fix-CVE-2017-8301.patch diff --git a/main/libressl/APKBUILD b/main/libressl/APKBUILD index 94129859b4..aae777bfd8 100644 --- a/main/libressl/APKBUILD +++ b/main/libressl/APKBUILD @@ -7,9 +7,9 @@ # - CVE-2017-8301 # pkgname=libressl -pkgver=2.5.3 +pkgver=2.5.4 _namever=${pkgname}${pkgver%.*} -pkgrel=1 +pkgrel=0 pkgdesc="Version of the TLS/crypto stack forked from OpenSSL" url="http://www.libressl.org/" arch="all" @@ -21,8 +21,7 @@ makedepends="$makedepends_host" replaces="openssl" subpackages="$pkgname-dbg $_namever-libcrypto:_libs $_namever-libssl:_libs $_namever-libtls:_libs $pkgname-dev $pkgname-doc" -source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz - fix-CVE-2017-8301.patch" +source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz" builddir="$srcdir/$pkgname-$pkgver" build() { @@ -40,6 +39,10 @@ build() { make || return 1 } +check() { + make -C "$builddir" check +} + package() { cd "$builddir" make DESTDIR="$pkgdir" install || return 1 @@ -63,5 +66,4 @@ _libs() { done } -sha512sums="e5ba2abb8a0835a025d2777d9c0e8e95813777af8167e322d8e5ae20485c32b628ced77141b156fd3619b65a5afae1a5bc90a7252166a9a54f7e3d23388b3bd0 libressl-2.5.3.tar.gz -cc4da197c9ba0c80f45f0141e3ec80bbce5dcd4f815a3b55e26dc7fc5930f15078907a1ed1ac79e852966b1d63f48b09d9c98a766211dee88c42fc06477f862f fix-CVE-2017-8301.patch" +sha512sums="8ca86c14af0020c90bef4651892799864938dab9d898172269cb78bad5963314e064f2b4c46e6a04e0b85d1eddbd1840b734803c11ceec8fd6bb1290e0fe204c libressl-2.5.4.tar.gz" diff --git a/main/libressl/fix-CVE-2017-8301.patch b/main/libressl/fix-CVE-2017-8301.patch deleted file mode 100644 index c6684b25d0..0000000000 --- a/main/libressl/fix-CVE-2017-8301.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Jakub Jirutka -Date: Thu, 27 Apr 2017 20:02:00 +0200 -Subject: [PATCH] Fix CVE-2017-8301 - -This patch reverts commit ddd98f8ea741a122952185a36c1396c14c2fda74 -that introduced the vulnerability. - -See also: - -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8301 -* https://github.com/libressl-portable/portable/issues/307 -* https://github.com/libressl-portable/openbsd/commit/ddd98f8ea741a122952185a36c1396c14c2fda74 - ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -541,15 +541,7 @@ - /* Safety net, error returns must set ctx->error */ - if (ok <= 0 && ctx->error == X509_V_OK) - ctx->error = X509_V_ERR_UNSPECIFIED; -- -- /* -- * Safety net, if user provided verify callback indicates sucess -- * make sure they have set error to X509_V_OK -- */ -- if (ctx->verify_cb != null_callback && ok == 1) -- ctx->error = X509_V_OK; -- -- return(ctx->error == X509_V_OK); -+ return ok; - } - - /* Given a STACK_OF(X509) find the issuer of cert (if any) -- 2.12.2 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---