I wouldn't apply that patch until someone else can verify it.
Only reason I say is .. I didn't have to do any patch for the compile to work.
Because you didn't compiled crave, that's even more dangerous! to just download a binary without having its signature verified.
You can check the patch, it does nothing abnormal, just updates crave to use the latest API after this commit (
https://github.com/bitcoin/secp256k1/commit/a9b6595ef812e8e52b0cb56d22109de5636b82aa)
You're right to have those concerns.
you can rollback libsecp to a older commit:
git reset a0d3b8
And then compile it.