Date: Tuesday, February 7, 2023 @ 20:27:18
Author: blakkheim
Revision: 1396024
archrelease: copy trunk to community-x86_64
Added:
libressl/repos/community-x86_64/018_x509.patch
(from rev 1396023, libressl/trunk/018_x509.patch)
libressl/repos/community-x86_64/PKGBUILD
(from rev 1396023, libressl/trunk/PKGBUILD)
libressl/repos/community-x86_64/keys/
Deleted:
libressl/repos/community-x86_64/PKGBUILD
libressl/repos/community-x86_64/keys/
----------------+
018_x509.patch | 21 +++++++++
PKGBUILD | 117 ++++++++++++++++++++++++++++---------------------------
2 files changed, 81 insertions(+), 57 deletions(-)
Copied: libressl/repos/community-x86_64/018_x509.patch (from rev 1396023,
libressl/trunk/018_x509.patch)
===================================================================
--- 018_x509.patch (rev 0)
+++ 018_x509.patch 2023-02-07 20:27:18 UTC (rev 1396024)
@@ -0,0 +1,21 @@
+OpenBSD 7.2 errata 018, February 7, 2023:
+
+A malicious certificate revocation list or timestamp response token would
+allow an attacker to read arbitrary memory.
+
+https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig
+
+diff --git a/crypto/x509/x509_genn.c b/crypto/x509/x509_genn.c
+index dadf6f1e4..1905e8cac 100644
+--- a/crypto/x509/x509_genn.c
++++ b/crypto/x509/x509_genn.c
+@@ -366,7 +366,8 @@ GENERAL_NAME_cmp(GENERAL_NAME *a, GENERAL_NAME *b)
+ return -1;
+ switch (a->type) {
+ case GEN_X400:
+- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address);
++ result = ASN1_STRING_cmp((ASN1_STRING *)a->d.x400Address,
++ (ASN1_STRING *)b->d.x400Address);
+ break;
+
+ case GEN_EDIPARTY:
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2023-02-07 20:26:44 UTC (rev 1396023)
+++ PKGBUILD 2023-02-07 20:27:18 UTC (rev 1396024)
@@ -1,57 +0,0 @@
-# Maintainer: Levente Polyak <[email protected]>
-# Maintainer: Bruno Pagani <[email protected]>
-# Maintainer: T.J. Townsend <[email protected]>
-# Contributor: Maarten de Vries <[email protected]>
-# Contributor: Reventlov <[email protected]>
-# Contributor: kpcyrd <[email protected]>
-
-pkgname=libressl
-pkgver=3.6.1
-pkgrel=1
-pkgdesc="Free version of the TLS/crypto stack forked from OpenSSL"
-arch=(x86_64)
-url="https://www.libressl.org/";
-license=(ISC custom:OpenSSL)
-depends=(glibc)
-optdepends=(ca-certificates)
-backup=(etc/libressl/openssl.cnf)
-source=(https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${pkgver}.tar.gz{,.asc})
-sha256sums=('acfac61316e93b919c28d62d53037ca734de85c46b4d703f19fd8395cf006774'
- 'SKIP')
-validpgpkeys=(A1EB079B8D3EB92B4EBD3139663AF51BD5E4D8D5) # Brent Cook
<[email protected]>
-
-prepare() {
- cd ${pkgname}-${pkgver}
- autoreconf -vfi
-}
-
-build() {
- cd ${pkgname}-${pkgver}
- ./configure \
- --prefix=/usr \
- --with-openssldir=/etc/libressl \
- --libdir=/usr/lib/libressl \
- --includedir=/usr/include/libressl \
- --program-prefix "libressl-"
- sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
- make
-}
-
-check() {
- cd ${pkgname}-${pkgver}
- make check
-}
-
-package() {
- cd ${pkgname}-${pkgver}
- make DESTDIR="${pkgdir}" install
- install -Dm644 COPYING -t "${pkgdir}"/usr/share/licenses/${pkgname}/
-
- # Remove symlink man pages that point to OpenSSL ones since the prefix is
not accounted for
- for manlink in $(find -L "${pkgdir}"/usr/share/man/man3/ -type l) ;
- do
- rm "${manlink}" ;
- done
-}
-
-# vim: ts=4 sw=4 et:
Copied: libressl/repos/community-x86_64/PKGBUILD (from rev 1396023,
libressl/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2023-02-07 20:27:18 UTC (rev 1396024)
@@ -0,0 +1,60 @@
+# Maintainer: Levente Polyak <[email protected]>
+# Maintainer: Bruno Pagani <[email protected]>
+# Maintainer: T.J. Townsend <[email protected]>
+# Contributor: Maarten de Vries <[email protected]>
+# Contributor: Reventlov <[email protected]>
+# Contributor: kpcyrd <[email protected]>
+
+pkgname=libressl
+pkgver=3.6.1
+pkgrel=2
+pkgdesc="Free version of the TLS/crypto stack forked from OpenSSL"
+arch=(x86_64)
+url="https://www.libressl.org/";
+license=(ISC custom:OpenSSL)
+depends=(glibc)
+optdepends=(ca-certificates)
+backup=(etc/libressl/openssl.cnf)
+source=(https://cdn.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${pkgver}.tar.gz{,.asc}
+ 018_x509.patch)
+sha256sums=('acfac61316e93b919c28d62d53037ca734de85c46b4d703f19fd8395cf006774'
+ 'SKIP'
+ '5ecbb5618579b2305fea0adfc59b13aa2233982ed34b5f385eef2c6c04b7ed8e')
+validpgpkeys=(A1EB079B8D3EB92B4EBD3139663AF51BD5E4D8D5) # Brent Cook
<[email protected]>
+
+prepare() {
+ cd ${pkgname}-${pkgver}
+ patch -Np1 -i ../018_x509.patch
+ autoreconf -vfi
+}
+
+build() {
+ cd ${pkgname}-${pkgver}
+ ./configure \
+ --prefix=/usr \
+ --with-openssldir=/etc/libressl \
+ --libdir=/usr/lib/libressl \
+ --includedir=/usr/include/libressl \
+ --program-prefix "libressl-"
+ sed -i -e 's/ -shared / -Wl,-O1,--as-needed\0/g' libtool
+ make
+}
+
+check() {
+ cd ${pkgname}-${pkgver}
+ make check
+}
+
+package() {
+ cd ${pkgname}-${pkgver}
+ make DESTDIR="${pkgdir}" install
+ install -Dm644 COPYING -t "${pkgdir}"/usr/share/licenses/${pkgname}/
+
+ # Remove symlink man pages that point to OpenSSL ones since the prefix is
not accounted for
+ for manlink in $(find -L "${pkgdir}"/usr/share/man/man3/ -type l) ;
+ do
+ rm "${manlink}" ;
+ done
+}
+
+# vim: ts=4 sw=4 et:
