diff --git a/srcpkgs/libressl/patches/CVE-2016-7056.patch b/srcpkgs/libressl/patches/CVE-2016-7056.patch deleted file mode 100644 index 7941cd188b..0000000000 --- a/srcpkgs/libressl/patches/CVE-2016-7056.patch +++ /dev/null @@ -1,12 +0,0 @@ -Avoid possible side-channel leak of ECDSA private keys when signing. ---- crypto/ecdsa/ecs_ossl.c -+++ crypto/ecdsa/ecs_ossl.c -@@ -141,6 +141,8 @@ ecdsa_sign_setup(EC_KEY *eckey, BN_CTX * - if (BN_num_bits(k) <= BN_num_bits(order)) - if (!BN_add(k, k, order)) - goto err; -+ -+ BN_set_flags(k, BN_FLG_CONSTTIME); - - /* compute r the x-coordinate of generator * k */ - if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) { diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template index 985c661ba5..1386de9f35 100644 --- a/srcpkgs/libressl/template +++ b/srcpkgs/libressl/template @@ -1,7 +1,7 @@ # Template file for 'libressl' pkgname=libressl -version=2.4.4 -revision=2 +version=2.4.5 +revision=1 bootstrap=yes build_style=gnu-configure short_desc="Version of the TLS/crypto stack forked from OpenSSL" @@ -9,7 +9,7 @@ maintainer="Juan RP " license="OpenSSL-License, SSLeay-License, ISC" homepage="http://www.libressl.org/" distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${pkgname}-${version}.tar.gz" -checksum=6fcfaf6934733ea1dcb2f6a4d459d9600e2f488793e51c2daf49b70518eebfd1 +checksum=d300c4e358aee951af6dfd1684ef0c034758b47171544230f3ccf6ce24fe4347 provides="openssl-${version}_${revision}" replaces="openssl>=0"