Skip to content
Snippets Groups Projects
Commit d1adc7e8 authored by Natanael Copa's avatar Natanael Copa
Browse files

main/libressl: upgrade to 2.5.4

parent 47b1df49
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
main/libressl/APKBUILD
+ 4
6
View file @ d1adc7e8
...@@ -7,9 +7,9 @@ ...@@ -7,9 +7,9 @@
# - CVE-2017-8301 # - CVE-2017-8301
# #
pkgname=libressl pkgname=libressl
pkgver=2.5.3 pkgver=2.5.4
_namever=${pkgname}${pkgver%.*} _namever=${pkgname}${pkgver%.*}
pkgrel=1 pkgrel=0
pkgdesc="Version of the TLS/crypto stack forked from OpenSSL" pkgdesc="Version of the TLS/crypto stack forked from OpenSSL"
url="http://www.libressl.org/" url="http://www.libressl.org/"
arch="all" arch="all"
...@@ -21,8 +21,7 @@ makedepends="$makedepends_host" ...@@ -21,8 +21,7 @@ makedepends="$makedepends_host"
replaces="openssl" replaces="openssl"
subpackages="$pkgname-dbg $_namever-libcrypto:_libs $_namever-libssl:_libs subpackages="$pkgname-dbg $_namever-libcrypto:_libs $_namever-libssl:_libs
$_namever-libtls:_libs $pkgname-dev $pkgname-doc" $_namever-libtls:_libs $pkgname-dev $pkgname-doc"
source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz source="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$pkgname-$pkgver.tar.gz"
fix-CVE-2017-8301.patch"
builddir="$srcdir/$pkgname-$pkgver" builddir="$srcdir/$pkgname-$pkgver"
build() { build() {
...@@ -63,5 +62,4 @@ _libs() { ...@@ -63,5 +62,4 @@ _libs() {
done done
} }
sha512sums="e5ba2abb8a0835a025d2777d9c0e8e95813777af8167e322d8e5ae20485c32b628ced77141b156fd3619b65a5afae1a5bc90a7252166a9a54f7e3d23388b3bd0 libressl-2.5.3.tar.gz sha512sums="8ca86c14af0020c90bef4651892799864938dab9d898172269cb78bad5963314e064f2b4c46e6a04e0b85d1eddbd1840b734803c11ceec8fd6bb1290e0fe204c libressl-2.5.4.tar.gz"
cc4da197c9ba0c80f45f0141e3ec80bbce5dcd4f815a3b55e26dc7fc5930f15078907a1ed1ac79e852966b1d63f48b09d9c98a766211dee88c42fc06477f862f fix-CVE-2017-8301.patch"
main/libressl/fix-CVE-2017-8301.patch deleted 100644 → 0
+ 0
32
View file @ 47b1df49
From: Jakub Jirutka <jakub@jirutka.cz>
Date: Thu, 27 Apr 2017 20:02:00 +0200
Subject: [PATCH] Fix CVE-2017-8301
This patch reverts commit ddd98f8ea741a122952185a36c1396c14c2fda74
that introduced the vulnerability.
See also:
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8301
* https://github.com/libressl-portable/portable/issues/307
* https://github.com/libressl-portable/openbsd/commit/ddd98f8ea741a122952185a36c1396c14c2fda74
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -541,15 +541,7 @@
/* Safety net, error returns must set ctx->error */
if (ok <= 0 && ctx->error == X509_V_OK)
ctx->error = X509_V_ERR_UNSPECIFIED;
-
- /*
- * Safety net, if user provided verify callback indicates sucess
- * make sure they have set error to X509_V_OK
- */
- if (ctx->verify_cb != null_callback && ok == 1)
- ctx->error = X509_V_OK;
-
- return(ctx->error == X509_V_OK);
+ return ok;
}
/* Given a STACK_OF(X509) find the issuer of cert (if any)
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment