X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-pl0-f68.google.com (mail-pl0-f68.google.com [209.85.160.68]) by lists.alpinelinux.org (Postfix) with ESMTP id 5D2AE5C5066 for ; Sat, 2 Jun 2018 02:53:05 +0000 (GMT) Received: by mail-pl0-f68.google.com with SMTP id n10-v6so16333545plp.0 for ; Fri, 01 Jun 2018 19:53:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=scXmUuzOHQp77bJk7mBhtgXkmbwCl5htFjT+sijl7a4=; b=rcvRM9r77q3pOuZA3ynrOfB15BSv7tZdHkUo2ji/QkQO4WUZJDt0Gq/TLVeDP+ZlV6 oymUDFllcfkxt6LEidjrR4Pk4bhBhcB8tjNv3wVygqoxm8EOGoEqIbnf+7JAGPUQkhJM GAGX3AoCG8BLRzghTZlhSnwT5ad+YJ1i0+BmgxuYiVa0fcNns97PWttStzoMWTpFLjGY 1Aajn/OcvrdJJm9iwYlbm+hRT3AdBgQ4caMQ4ORvSOe63com/GNSM5f4p5xAysIApsc/ zdCmYBhAZQaLuvF6taBzud5DVeA12X1WX1YYp0y/zqk4TgkuDoTp3rE15rs1u6mMWvVM kGwA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=scXmUuzOHQp77bJk7mBhtgXkmbwCl5htFjT+sijl7a4=; b=f5NchA0fakviHoun29aKrXZEqmNb5WAwQbJH1BeJE1YI+gFGAGr1E8C5zRFPs31dC/ bH2en2zX901+gXFJqZNnxA+GbFpzMeF/ZgGjwFbziyRZdvdCBoO22UA3Gq5fqkfMw62g W7n7X2JMa4WZyHg/EfA0EAnJ1el/kKbrYsv49tmBbiUxzsA4TW0wCUOEFuRE0BhJx4oG Ts/HFOQGHjI9Z6MXI4qt2h0E9raXng+wBL4WPu7r1uqD0SHYbbvb118wUPfRnPxIgjnk sBzgo+SKCEjBFYCtzJuFrupF7SJF2oPPETsnDfKnQaMvV2ZhsO2DVKp+69hezjIBMoAm bgtg== X-Gm-Message-State: ALKqPwdR6dCG1B0IU0lT9nr5kMZpG5INtaXeB5q5lOblMIruUXsKFcUD 5UGjJrcuMXFlAnevmZFQbCgw0zFx X-Google-Smtp-Source: ADUXVKI7tjQnvQJVdxxaqIY0+O9kCg9Pr845VkoYs6KYp3uJhC454YPNPHPacssNHnd2+7oi5zZkLQ== X-Received: by 2002:a17:902:14cb:: with SMTP id y11-v6mr13082096plg.229.1527907984392; Fri, 01 Jun 2018 19:53:04 -0700 (PDT) Received: from pebble.my.domain (97-113-110-83.tukw.qwest.net. [97.113.110.83]) by smtp.gmail.com with ESMTPSA id 68-v6sm71406624pfk.46.2018.06.01.19.53.03 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 01 Jun 2018 19:53:03 -0700 (PDT) From: Bennett Goble To: alpine-aports@lists.alpinelinux.org Subject: [alpine-aports] [PATCH] community/h2o: security upgrade to 2.2.5 (CVE-2018-0608) Date: Fri, 1 Jun 2018 19:53:03 -0700 Message-Id: <20180602025303.31411-1-nivardus@gmail.com> X-Mailer: git-send-email 2.17.1 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: --- community/h2o/APKBUILD | 10 ++--- community/h2o/h2o-libressl-2.7.0.patch | 14 +++++++ community/h2o/libressl-2.7.patch | 58 -------------------------- 3 files changed, 19 insertions(+), 63 deletions(-) create mode 100644 community/h2o/h2o-libressl-2.7.0.patch delete mode 100644 community/h2o/libressl-2.7.patch diff --git a/community/h2o/APKBUILD b/community/h2o/APKBUILD index b8a9dbeb8c..3b30d5e417 100644 --- a/community/h2o/APKBUILD +++ b/community/h2o/APKBUILD @@ -1,8 +1,8 @@ # Contributor: Bennett Goble # Maintainer: Bennett Goble pkgname=h2o -pkgver=2.2.4 -pkgrel=2 +pkgver=2.2.5 +pkgrel=0 pkgdesc="An optimized HTTP/1, HTTP/2 server written in C" url="https://h2o.examp1e.net" arch="all" @@ -12,7 +12,7 @@ makedepends="cmake ruby ruby-dev bison zlib-dev wslay-dev libressl-dev libuv-dev install="$pkgname.pre-install" subpackages="$pkgname-dev $pkgname-doc" source="$pkgname-$pkgver.tar.gz::https://github.com/$pkgname/$pkgname/archive/v$pkgver.tar.gz - libressl-2.7.patch + h2o-libressl-2.7.0.patch h2o.conf h2o.initd h2o.logrotate" @@ -49,8 +49,8 @@ package() { install -m700 -d "$pkgdir"/var/log/$pkgname } -sha512sums="508ebe93b890f573e735d9b1f9c91a669144be3523e34fb7455227fd10b38e04a5db73e706fe8d05849fea3019e792754097871c073715c9eef4eae7c33560b5 h2o-2.2.4.tar.gz -5e30cadf7ad0fcecadb56c60eb71f8e4eee2f6f46977d48744a5f0e965251948dc9c5543295211c695d440f9568e04b13108c1c163f092ac6cae718fd2b02ef7 libressl-2.7.patch +sha512sums="24b07140d24fbb7796038aab44f44be5ffabc6f2841954273e2ad9f1a864e5482051dd7abfa6446297a46b6868763114695fa4f123ee3175bdac53b4c1868bc2 h2o-2.2.5.tar.gz +ac0b587cc55124a350b42470d1f514f6cb4624914f92bcc3ed125909e98ef62101d452c098bb381f71b1becd7d21bc6a0d33c3890db72e92976d373406623e6f h2o-libressl-2.7.0.patch 444f55c3eaae1f349223036086e45c983ea8be89e793068537ec25488c4065174bc509d0987ddc65a0357cb8acfec272e90d13ea7cdadf9cf112953d857aa574 h2o.conf e93e66a6b00b1bff94e37489c5fdf99d9d657adc63975ec54be30f8da23dafe7d7389f02a6452ed819efc9d8398aa716782a7fd6d8509621a975ed954b73bef9 h2o.initd 3d2c9e36c48cbb974d0691e4af8e9eb8f13e3bebb98a30417cdc87e76a4b5cddc4e4f665ebea26b95174287b95d002fdc3363f30ffcf15247fcd0530fe1abfcc h2o.logrotate" diff --git a/community/h2o/h2o-libressl-2.7.0.patch b/community/h2o/h2o-libressl-2.7.0.patch new file mode 100644 index 0000000000..ba4cdbd652 --- /dev/null +++ b/community/h2o/h2o-libressl-2.7.0.patch @@ -0,0 +1,14 @@ +diff --git a/deps/neverbleed/neverbleed.c b/deps/neverbleed/neverbleed.c +index 29b35a9..42356a6 100644 +--- a/deps/neverbleed/neverbleed.c ++++ b/deps/neverbleed/neverbleed.c +@@ -547,7 +547,7 @@ static int sign_stub(struct expbuf_t *buf) + return 0; + } + +-#if !OPENSSL_1_1_API ++#if !OPENSSL_1_1_API && (!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER < 0x2070000fL) + + static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) + { + diff --git a/community/h2o/libressl-2.7.patch b/community/h2o/libressl-2.7.patch deleted file mode 100644 index 2cd722ff82..0000000000 --- a/community/h2o/libressl-2.7.patch +++ /dev/null @@ -1,58 +0,0 @@ -From 85b7f561f3bb546b13718f495a354a6b9ecd5d03 Mon Sep 17 00:00:00 2001 -From: AIZAWA Hina -Date: Fri, 23 Mar 2018 23:30:20 +0900 -Subject: [PATCH] Add supporting LibreSSL 2.7 - -Signed-off-by: AIZAWA Hina ---- - include/h2o/openssl_backport.h | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/include/h2o/openssl_backport.h b/include/h2o/openssl_backport.h -index b24440e80..72cc43c45 100644 ---- a/include/h2o/openssl_backport.h -+++ b/include/h2o/openssl_backport.h -@@ -25,7 +25,7 @@ - #include - - /* backports for OpenSSL 1.0.2 */ --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10100000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) - - #define BIO_get_data(bio) ((bio)->ptr) - #define BIO_set_data(bio, p) ((bio)->ptr = (p)) -@@ -57,7 +57,7 @@ static inline BIO_METHOD *BIO_meth_new(int type, const char *name) - #endif - - /* backports for OpenSSL 1.0.1 and LibreSSL */ --#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) -+#if OPENSSL_VERSION_NUMBER < 0x10002000L || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) - - #define SSL_is_server(ssl) ((ssl)->server) - -diff --git a/deps/neverbleed/neverbleed.c b/deps/neverbleed/neverbleed.c -index 29b35a9..2caea00 100644 ---- a/deps/neverbleed/neverbleed.c -+++ b/deps/neverbleed/neverbleed.c -@@ -547,7 +547,7 @@ static int sign_stub(struct expbuf_t *buf) - return 0; - } - --#if !OPENSSL_1_1_API -+#if !OPENSSL_1_1_API && !(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER >= 0x2070000fL) - - static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) - { -diff --git a/deps/picotls/lib/openssl.c b/deps/picotls/lib/openssl.c -index 70ec0d0..50db1cf 100644 ---- a/deps/picotls/lib/openssl.c -+++ b/deps/picotls/lib/openssl.c -@@ -35,7 +35,7 @@ - #include "picotls.h" - #include "picotls/openssl.h" - --#if (OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)) -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) - #define OPENSSL_1_0_API 1 - #else - #define OPENSSL_1_0_API 0 -- 2.17.1 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---