From f39013a4697d36183065831bb5e11a3f538c39a3 Mon Sep 17 00:00:00 2001 From: Alessio Sergi Date: Thu, 9 Jun 2016 21:53:36 +0200 Subject: [PATCH] libressl: update to 2.3.6 --- srcpkgs/libressl/patches/011_crypto.patch | 32 ----------------------- srcpkgs/libressl/template | 6 ++--- 2 files changed, 3 insertions(+), 35 deletions(-) delete mode 100644 srcpkgs/libressl/patches/011_crypto.patch diff --git a/srcpkgs/libressl/patches/011_crypto.patch b/srcpkgs/libressl/patches/011_crypto.patch deleted file mode 100644 index 51dbe5b834..0000000000 --- a/srcpkgs/libressl/patches/011_crypto.patch +++ /dev/null @@ -1,32 +0,0 @@ -OpenBSD 5.9 errata 11, June 6, 2016: - -Correct a problem that prevents the DSA signing algorithm from running -in constant time even if the flag BN_FLG_CONSTTIME is set. This issue -was reported by Cesar Pereida (Aalto University), Billy Brumley -(Tampere University of Technology), and Yuval Yarom (The University of -Adelaide and NICTA). The fix was developed by Cesar Pereida. - ---- crypto/dsa/dsa_ossl.c 10 Sep 2015 07:58:28 -0000 1.23 -+++ crypto/dsa/dsa_ossl.c 5 Jun 2016 20:17:11 -0000 -@@ -247,9 +247,6 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, - if (!BN_rand_range(&k, dsa->q)) - goto err; - } while (BN_is_zero(&k)); -- if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -- BN_set_flags(&k, BN_FLG_CONSTTIME); -- } - - if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { - if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p, -@@ -283,6 +280,11 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, - } else { - K = &k; - } -+ -+ if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { -+ BN_set_flags(&k, BN_FLG_CONSTTIME); -+ } -+ - DSA_BN_MOD_EXP(goto err, dsa, r, dsa->g, K, dsa->p, ctx, - dsa->method_mont_p); - if (!BN_mod(r,r,dsa->q,ctx)) diff --git a/srcpkgs/libressl/template b/srcpkgs/libressl/template index 06d9994da4..f51871a7c3 100644 --- a/srcpkgs/libressl/template +++ b/srcpkgs/libressl/template @@ -1,7 +1,7 @@ # Template file for 'libressl' pkgname=libressl -version=2.3.5 -revision=2 +version=2.3.6 +revision=1 bootstrap=yes build_style=gnu-configure short_desc="Version of the TLS/crypto stack forked from OpenSSL" @@ -9,7 +9,7 @@ maintainer="Juan RP " license="OpenSSL-License, SSLeay-License, ISC" homepage="http://www.libressl.org/" distfiles="http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${pkgname}-${version}.tar.gz" -checksum=f425275ce7debcc7282c9dcb46bd6eebbaf41ac60136e2fd32d8fd60be8b753b +checksum=358a4779e6813bd06f07db0cf0f0fe531401ed0c6ed958973d404416c3d537fa provides="openssl-${version}_${revision}" replaces="openssl>=0"