core/openssl to 1.1.0.f-2

core/openssl/PKGBUILD

@@ -9,7 +9,7 @@ _ver=1.1.0f
 # use a pacman compatible version scheme
 pkgver=${_ver/[a-z]/.${_ver//[0-9.]/}}
 #pkgver=$_ver
-pkgrel=1
+pkgrel=2
 pkgdesc='The Open Source toolkit for Secure Sockets Layer and Transport Layer Security'
 arch=('i686' 'x86_64')
 url='https://www.openssl.org'
@@ -19,21 +19,25 @@ optdepends=('ca-certificates')
 backup=('etc/ssl/openssl.cnf')
 source=("https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz"
         "https://www.openssl.org/source/${pkgname}-${_ver}.tar.gz.asc"
-        'ca-dir.patch')
+        'ca-dir.patch'
-md5sums=('7b521dea79ab159e8ec879d2333369fa'
+	'fs54205.patch')
-         'SKIP'
+sha256sums=('12f746f3f2493b2f39da7ecf63d7ee19c6ac9ec6a4fcd8c229da8a522cb12765'
-         '02b53865fb70faef763e262b4971aa4b')
+            'SKIP'
+            '90c7411fed0157116f2df8f4be755aaf5a26e8484351b4e6a79492805d5f2790'
+            '04de0feaaa81b5fb1c70a00c9f46670eb748f6d6795bd228d613c5f15c92af15')
 validpgpkeys=('8657ABB260F056B1E5190839D9C4D26D0E604491')
 
 prepare() {
-	cd $srcdir/$pkgname-$_ver
+	cd "$srcdir/$pkgname-$_ver"
 
 	# set ca dir to /etc/ssl by default
-	patch -p0 -i $srcdir/ca-dir.patch
+	patch -p0 -i "$srcdir/ca-dir.patch"
+
+	patch -Np1 -i "$srcdir/fs54205.patch"
 }
 
 build() {
-	cd $srcdir/$pkgname-$_ver
+	cd "$srcdir/$pkgname-$_ver"
 
 	if [ "${CARCH}" == 'x86_64' ]; then
 		openssltarget='linux-x86_64'
@@ -60,16 +64,16 @@ build() {
 }
 
 check() {
-	cd $srcdir/$pkgname-$_ver
+	cd "$srcdir/$pkgname-$_ver"
 	# the test fails due to missing write permissions in /etc/ssl
 	# revert this patch for make test
-	patch -p0 -R -i $srcdir/ca-dir.patch
+	patch -p0 -R -i "$srcdir/ca-dir.patch"
 	make test
-	patch -p0 -i $srcdir/ca-dir.patch
+	patch -p0 -i "$srcdir/ca-dir.patch"
 }
 
 package() {
-	cd $srcdir/$pkgname-$_ver
+	cd "$srcdir/$pkgname-$_ver"
 	make DESTDIR=$pkgdir MANDIR=/usr/share/man MANSUFFIX=ssl install_sw install_ssldirs install_man_docs
 	install -D -m644 LICENSE $pkgdir/usr/share/licenses/$pkgname/LICENSE
 }

core/openssl/fs54205.patch

@@ -0,0 +1,41 @@
+From 6831138ced3804f8ebd2079b671a40c74794a8c4 Mon Sep 17 00:00:00 2001
+From: Rich Salz <rsalz@openssl.org>
+Date: Wed, 31 May 2017 12:14:55 -0400
+Subject: [PATCH] Only release thread-local key if we created it.
+
+Thanks to Jan Alexander Steffens for finding the bug and confirming the
+fix.
+---
+ crypto/err/err.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/err/err.c b/crypto/err/err.c
+index f866f2fdd0a..c55f849590b 100644
+--- a/crypto/err/err.c
++++ b/crypto/err/err.c
+@@ -122,6 +122,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = {
+ #endif
+ 
+ static CRYPTO_ONCE err_init = CRYPTO_ONCE_STATIC_INIT;
++static int set_err_thread_local;
+ static CRYPTO_THREAD_LOCAL err_thread_local;
+ 
+ static CRYPTO_ONCE err_string_init = CRYPTO_ONCE_STATIC_INIT;
+@@ -260,7 +261,8 @@ DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
+ 
+ void err_cleanup(void)
+ {
+-    CRYPTO_THREAD_cleanup_local(&err_thread_local);
++    if (set_err_thread_local != 0)
++        CRYPTO_THREAD_cleanup_local(&err_thread_local);
+     CRYPTO_THREAD_lock_free(err_string_lock);
+     err_string_lock = NULL;
+ }
+@@ -639,6 +641,7 @@ void ERR_remove_state(unsigned long pid)
+ 
+ DEFINE_RUN_ONCE_STATIC(err_do_init)
+ {
++    set_err_thread_local = 1;
+     return CRYPTO_THREAD_init_local(&err_thread_local, NULL);
+ }
+