Update alpine revision numbers
Bump busybox and libressl revisions. (Both changes are related)
The patch descriptions are as follows:
Busybox
From: Jakub Jirutka
Date: Mon, 28 May 2018 00:04:00 +0200
Subject: [PATCH] wget: verify certificate when openssl helper is used
This patch is based on
http://lists.busybox.net/pipermail/busybox/2018-May/086458.html.
When TLS verification fails, e.g. due to invalid certificate, wget will print:
Connecting to example.org (...:443)
wget: error getting response: Connection reset by peer
wget executes openssl s_client as an external command and communicates
with it using stdin/stdout. Since s_client prints debug output to stderr
even when -quiet option is used, wget throws it to /dev/null. s_client
also does not disquish various error states using different exit codes,
so if openssl s_client exits prematurely, it cannot know why.
From: Jakub Jirutka
Date: Thu, 24 May 2018 02:19:23 +0200
Subject: [PATCH] wget: print warning when internal TLS is used
Internal TLS code (FEATURE_WGET_SSL_HELPER) does not implement verification
of the server's certificate. It is documented in the code, but not
even mentioned in the --help message, so users typically don't know
about this behaviour. That's a crime against security!
This patch changes this behaviour for the case when both
FEATURE_WGET_LONG_OPTIONS and FEATURE_WGET_SSL_HELPER are enabled -
before initializing a TLS connection using the internal TLS code (i.e.
without certificate validation) warning message is printed, unless the
user specified option "--no-check-certificate".
See-Also: http://lists.busybox.net/pipermail/busybox/2018-May/086444.html
libressl
From: Jakub Jirutka
Date: Sun, 27 May 2018 22:08:00 +0200
Subject: [PATCH] s_client: Add options -verify_{hostname,ip}
This code is ported from OpenSSL 1.0.2o. We need it for Busybox wget.
Symbols X509_VERIFY_PARAM_set1_host and X509_VERIFY_PARAM_set1_ip_asc
are exposed since LibreSSL 2.7.0, so we had to backport it too.
Edited by DJ Mountney