diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2017-05-04 15:15:01 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2017-05-04 15:17:56 +0000 |
| commit | d1adc7e878dfb93233c8115bc639ace3a961a9ed (patch) | |
| tree | eb15fbd75df37fd669578d7b33d21f50dcc6eb31 /main | |
| parent | 47b1df4933df0f4031b079858013d6a7e0d6fa60 (diff) | |
| download | aports-d1adc7e878dfb93233c8115bc639ace3a961a9ed.tar.bz2 aports-d1adc7e878dfb93233c8115bc639ace3a961a9ed.tar.xz | |
main/libressl: upgrade to 2.5.4
Diffstat (limited to 'main')
| -rw-r--r-- | main/libressl/APKBUILD | 10 | ||||
| -rw-r--r-- | main/libressl/fix-CVE-2017-8301.patch | 32 |
2 files changed, 4 insertions, 38 deletions
diff --git a/main/libressl/APKBUILD b/main/libressl/APKBUILD index 94129859b4..b4a003c6a1 100644 --- a/main/libressl/APKBUILD +++ b/main/libressl/APKBUILD @@ -7,9 +7,9 @@ # - CVE-2017-8301 # pkgname=libressl -pkgver=2.5.3 +pkgver=2.5.4 _namever=${pkgname}${pkgver%.*} -pkgrel=1 +pkgrel=0 pkgdesc="Version of the TLS/crypto stack forked from OpenSSL" url="http://www.libressl.org/" arch="all" @@ -21,8 +21,7 @@ makedepends="$makedepends_host" replaces="openssl" subpackages="$pkgname-dbg $_namever-libcrypto:_libs $_namever-libssl:_libs $_namever-libtls:_libs $pkgname-dev $pkgname-doc" -source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz - fix-CVE-2017-8301.patch" +source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz" builddir="$srcdir/$pkgname-$pkgver" build() { @@ -63,5 +62,4 @@ _libs() { done } -sha512sums="e5ba2abb8a0835a025d2777d9c0e8e95813777af8167e322d8e5ae20485c32b628ced77141b156fd3619b65a5afae1a5bc90a7252166a9a54f7e3d23388b3bd0 libressl-2.5.3.tar.gz -cc4da197c9ba0c80f45f0141e3ec80bbce5dcd4f815a3b55e26dc7fc5930f15078907a1ed1ac79e852966b1d63f48b09d9c98a766211dee88c42fc06477f862f fix-CVE-2017-8301.patch" +sha512sums="8ca86c14af0020c90bef4651892799864938dab9d898172269cb78bad5963314e064f2b4c46e6a04e0b85d1eddbd1840b734803c11ceec8fd6bb1290e0fe204c libressl-2.5.4.tar.gz" diff --git a/main/libressl/fix-CVE-2017-8301.patch b/main/libressl/fix-CVE-2017-8301.patch deleted file mode 100644 index c6684b25d0..0000000000 --- a/main/libressl/fix-CVE-2017-8301.patch +++ /dev/null @@ -1,32 +0,0 @@ -From: Jakub Jirutka <jakub@jirutka.cz> -Date: Thu, 27 Apr 2017 20:02:00 +0200 -Subject: [PATCH] Fix CVE-2017-8301 - -This patch reverts commit ddd98f8ea741a122952185a36c1396c14c2fda74 -that introduced the vulnerability. - -See also: - -* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8301 -* https://github.com/libressl-portable/portable/issues/307 -* https://github.com/libressl-portable/openbsd/commit/ddd98f8ea741a122952185a36c1396c14c2fda74 - ---- a/crypto/x509/x509_vfy.c -+++ b/crypto/x509/x509_vfy.c -@@ -541,15 +541,7 @@ - /* Safety net, error returns must set ctx->error */ - if (ok <= 0 && ctx->error == X509_V_OK) - ctx->error = X509_V_ERR_UNSPECIFIED; -- -- /* -- * Safety net, if user provided verify callback indicates sucess -- * make sure they have set error to X509_V_OK -- */ -- if (ctx->verify_cb != null_callback && ok == 1) -- ctx->error = X509_V_OK; -- -- return(ctx->error == X509_V_OK); -+ return ok; - } - - /* Given a STACK_OF(X509) find the issuer of cert (if any) |