From 505e1ca787ce14273bcc38207d9499e0b495ea56 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Thu, 25 May 2023 07:45:11 +0200 Subject: Remove patch that was merged into stable --- patches/x509_genn.c.diff | 17 ----------------- update.sh | 2 -- 2 files changed, 19 deletions(-) delete mode 100644 patches/x509_genn.c.diff diff --git a/patches/x509_genn.c.diff b/patches/x509_genn.c.diff deleted file mode 100644 index 1c6ea8c..0000000 --- a/patches/x509_genn.c.diff +++ /dev/null @@ -1,17 +0,0 @@ -Index: lib/libcrypto/x509/x509_genn.c -=================================================================== -RCS file: /cvs/src/lib/libcrypto/x509/x509_genn.c,v -retrieving revision 1.2 -diff -u -p -r1.2 x509_genn.c ---- lib/libcrypto/x509/x509_genn.c 8 Dec 2020 15:06:42 -0000 1.2 -+++ lib/libcrypto/x509/x509_genn.c 24 Jan 2023 09:43:06 -0000 -@@ -366,7 +366,8 @@ GENERAL_NAME_cmp(GENERAL_NAME *a, GENERA - return -1; - switch (a->type) { - case GEN_X400: -- result = ASN1_TYPE_cmp(a->d.x400Address, b->d.x400Address); -+ result = ASN1_STRING_cmp((ASN1_STRING *)a->d.x400Address, -+ (ASN1_STRING *)b->d.x400Address); - break; - - case GEN_EDIPARTY: diff --git a/update.sh b/update.sh index 64f7189..3aea129 100755 --- a/update.sh +++ b/update.sh @@ -358,8 +358,6 @@ fi for i in patches/*.patch; do $PATCH -p0 < $i done -(cd crypto -$PATCH -p2 < ../patches/x509_genn.c.diff) # copy manpages echo "copying manpages" -- cgit v1.2.3-55-g6feb From e8a3e3f85ade9cfdce5f7a232aec99fe37ac65d4 Mon Sep 17 00:00:00 2001 From: Theo Buehler Date: Thu, 25 May 2023 07:49:41 +0200 Subject: Fix urllib3 CN without SAN tests for LibreSSL 3.6 This is a port of a patch by Christian Heimes and fixes an issue flagged by Quentin Pradet: https://bugs.python.org/issue43522 --- ChangeLog | 6 ++++++ patches/x509_vpm.c.patch | 21 +++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 patches/x509_vpm.c.patch diff --git a/ChangeLog b/ChangeLog index 98cc5a0..483a679 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,12 @@ history is also available from Git. LibreSSL Portable Release Notes: +3.6.3 - Stable release + + * Bug fix + - Hostflags in the verify parameters would not propagate from an + SSL_CTX to newly created SSL. + 3.6.2 - Stable release * Security fix diff --git a/patches/x509_vpm.c.patch b/patches/x509_vpm.c.patch new file mode 100644 index 0000000..b0a3215 --- /dev/null +++ b/patches/x509_vpm.c.patch @@ -0,0 +1,21 @@ +--- crypto/x509/x509_vpm.c.orig Thu May 25 07:41:58 2023 ++++ crypto/x509/x509_vpm.c Thu May 25 07:47:42 2023 +@@ -328,7 +328,9 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, con + return 0; + } + +- /* Copy the host flags if and only if we're copying the host list */ ++ if (test_x509_verify_param_copy_id(hostflags, 0)) ++ dest->id->hostflags = id->hostflags; ++ + if (test_x509_verify_param_copy_id(hosts, NULL)) { + if (dest->id->hosts) { + string_stack_free(dest->id->hosts); +@@ -339,7 +341,6 @@ X509_VERIFY_PARAM_inherit(X509_VERIFY_PARAM *dest, con + sk_deep_copy(id->hosts, strdup, str_free); + if (dest->id->hosts == NULL) + return 0; +- dest->id->hostflags = id->hostflags; + } + } + -- cgit v1.2.3-55-g6feb