diff options
| author | Andy Postnikov <apostnikov@gmail.com> | 2018-09-12 00:20:21 +0300 |
|---|---|---|
| committer | Andy Postnikov <apostnikov@gmail.com> | 2018-09-27 22:06:13 +0300 |
| commit | a57932244b45177d81afdefc4a207ba34d939d9a (patch) | |
| tree | 49cb536b548e7a2362f5c5ff482fb3d200e2feac /testing/openssl1.1 | |
| parent | b70506a6d10658d79535f3f8519677e7df75b235 (diff) | |
| download | aports-a57932244b45177d81afdefc4a207ba34d939d9a.tar.bz2 aports-a57932244b45177d81afdefc4a207ba34d939d9a.tar.xz | |
testing/openssl1.1: upgrade to 1.1.1
Diffstat (limited to 'testing/openssl1.1')
| -rw-r--r-- | testing/openssl1.1/APKBUILD | 8 | ||||
| -rw-r--r-- | testing/openssl1.1/CVE-2018-0732.patch | 39 |
2 files changed, 3 insertions, 44 deletions
diff --git a/testing/openssl1.1/APKBUILD b/testing/openssl1.1/APKBUILD index 7e0b1fd52f..2c56ffc213 100644 --- a/testing/openssl1.1/APKBUILD +++ b/testing/openssl1.1/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> -pkgver=1.1.0h +pkgver=1.1.1 _osslver=${pkgver%.*} pkgname=openssl$_osslver -pkgrel=2 +pkgrel=0 pkgdesc="Toolkit for SSL v2/v3 and TLS v1" url="https://www.openssl.org" arch="all" @@ -13,7 +13,6 @@ makedepends_host="zlib-dev linux-headers" makedepends="$makedepends_host $makedepends_build" subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc openssl$_osslver-libcrypto:_libcrypto openssl$_osslver-libssl:_libssl" source="http://www.openssl.org/source/openssl-$pkgver.tar.gz - CVE-2018-0732.patch " builddir="$srcdir/openssl-$pkgver" @@ -84,5 +83,4 @@ _libssl() { done } -sha512sums="fb7750fcd98e6126eb5b92e7ed63d811a5cfa3391d98572003d925f6c7b477690df86a9aa1fa6bf6bf33d02c6c7aee6cff50a38faa8911409f310645898fda39 openssl-1.1.0h.tar.gz -ff91298629f157496a012da00ba7325923f5d087bfa54b60e205bf2dfb06374e958912e0df39dbdf39773555455c1a3afa3dcde1ddfec6e85cf89b0b62cc0eb4 CVE-2018-0732.patch" +sha512sums="c0284a4fe84bdf765ca5bc5148da4441ffc36392cfecaf9d372af00cf93b6de5681cab1248b6f8246474532155dc205da5ad49549ad7c61c07c917145e7c9c71 openssl-1.1.1.tar.gz" diff --git a/testing/openssl1.1/CVE-2018-0732.patch b/testing/openssl1.1/CVE-2018-0732.patch deleted file mode 100644 index 148e7c3bc1..0000000000 --- a/testing/openssl1.1/CVE-2018-0732.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001 -From: Guido Vranken <guidovranken@gmail.com> -Date: Mon, 11 Jun 2018 19:38:54 +0200 -Subject: [PATCH] Reject excessively large primes in DH key generation. - -CVE-2018-0732 - -Signed-off-by: Guido Vranken <guidovranken@gmail.com> - -(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) - -Reviewed-by: Tim Hudson <tjh@openssl.org> -Reviewed-by: Matt Caswell <matt@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/6457) ---- - crypto/dh/dh_key.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c -index 387558f1467..f235e0d682b 100644 ---- a/crypto/dh/dh_key.c -+++ b/crypto/dh/dh_key.c -@@ -130,10 +130,15 @@ static int generate_key(DH *dh) - int ok = 0; - int generate_new_key = 0; - unsigned l; -- BN_CTX *ctx; -+ BN_CTX *ctx = NULL; - BN_MONT_CTX *mont = NULL; - BIGNUM *pub_key = NULL, *priv_key = NULL; - -+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { -+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); -+ return 0; -+ } -+ - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; |