diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:16:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 16:16:14 +0000 |
commit | 318a1a2246a9f521e5a02313dcc1f6d68a0af7ec (patch) | |
tree | e28c79d572e488bf782444e31d81291b99ef1932 /debian/patches/75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch | |
parent | Adding upstream version 4.96. (diff) | |
download | exim4-318a1a2246a9f521e5a02313dcc1f6d68a0af7ec.tar.xz exim4-318a1a2246a9f521e5a02313dcc1f6d68a0af7ec.zip |
Adding debian version 4.96-15+deb12u4.debian/4.96-15+deb12u4debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch')
-rw-r--r-- | debian/patches/75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/debian/patches/75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch b/debian/patches/75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch new file mode 100644 index 0000000..cdf062e --- /dev/null +++ b/debian/patches/75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch @@ -0,0 +1,42 @@ +From 36bc854c86908ee921225c1d30e35c4d59eed822 Mon Sep 17 00:00:00 2001 +From: Andreas Metzler <ametzler@bebt.de> +Date: Mon, 14 Aug 2023 17:27:16 +0100 +Subject: [PATCH] GnuTLS: fix autogen cert expiry date. Bug 3014 + +Broken-by: 48e9099006 +--- + doc/ChangeLog | 3 +++ + src/tls-gnu.c | 2 +- + 2 files changed, 4 insertions(+), 1 deletion(-) + +--- a/doc/ChangeLog ++++ b/doc/ChangeLog +@@ -79,10 +79,13 @@ JH/32 Fix "tls_dhparam = none" under Gnu + a null-indireciton SIGSEGV for the receive process. + + JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}. + In 4.96 this would expand to empty. + ++JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server ++ certificate. Find and fix by Andreas Metzler. ++ + Exim version 4.96 + ----------------- + + JH/01 Move the wait-for-next-tick (needed for unique message IDs) from + after reception to before a subsequent reception. This should +--- a/src/tls-gnu.c ++++ b/src/tls-gnu.c +@@ -1001,11 +1001,11 @@ if ((rc = gnutls_x509_privkey_generate(p + where = US"configuring cert"; + now = 1; + if ( (rc = gnutls_x509_crt_set_version(cert, 3)) + || (rc = gnutls_x509_crt_set_serial(cert, &now, sizeof(now))) + || (rc = gnutls_x509_crt_set_activation_time(cert, now = time(NULL))) +- || (rc = gnutls_x509_crt_set_expiration_time(cert, (long)2 * 60 * 60)) /* 2 hour */ ++ || (rc = gnutls_x509_crt_set_expiration_time(cert, now + (long)2 * 60 * 60)) /* 2 hour */ + || (rc = gnutls_x509_crt_set_key(cert, pkey)) + + || (rc = gnutls_x509_crt_set_dn_by_oid(cert, + GNUTLS_OID_X520_COUNTRY_NAME, 0, "UK", 2)) + || (rc = gnutls_x509_crt_set_dn_by_oid(cert, |