1 files changed, 42 insertions, 0 deletions

diff --git a/debian/patches/75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch b/debian/patches/75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch
new file mode 100644
index 0000000..cdf062e
--- /dev/null
+++ b/debian/patches/75_82-GnuTLS-fix-autogen-cert-expiry-date.-Bug-3014.patch
@@ -0,0 +1,42 @@
+From 36bc854c86908ee921225c1d30e35c4d59eed822 Mon Sep 17 00:00:00 2001
+From: Andreas Metzler <ametzler@bebt.de>
+Date: Mon, 14 Aug 2023 17:27:16 +0100
+Subject: [PATCH] GnuTLS: fix autogen cert expiry date.  Bug 3014
+
+Broken-by: 48e9099006
+---
+ doc/ChangeLog | 3 +++
+ src/tls-gnu.c     | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+--- a/doc/ChangeLog
++++ b/doc/ChangeLog
+@@ -79,10 +79,13 @@ JH/32 Fix "tls_dhparam = none" under Gnu
+       a null-indireciton SIGSEGV for the receive process.
+ 
+ JH/34 Bug 3013: Fix use of $recipients within arguments for ${run...}.
+       In 4.96 this would expand to empty.
+ 
++JH/35 Bug 3014: GnuTLS: fix expiry date for an auto-generated server
++      certificate.  Find and fix by Andreas Metzler.
++
+ Exim version 4.96
+ -----------------
+ 
+ JH/01 Move the wait-for-next-tick (needed for unique message IDs) from
+       after reception to before a subsequent reception.  This should
+--- a/src/tls-gnu.c
++++ b/src/tls-gnu.c
+@@ -1001,11 +1001,11 @@ if ((rc = gnutls_x509_privkey_generate(p
+ where = US"configuring cert";
+ now = 1;
+ if (  (rc = gnutls_x509_crt_set_version(cert, 3))
+    || (rc = gnutls_x509_crt_set_serial(cert, &now, sizeof(now)))
+    || (rc = gnutls_x509_crt_set_activation_time(cert, now = time(NULL)))
+-   || (rc = gnutls_x509_crt_set_expiration_time(cert, (long)2 * 60 * 60))	/* 2 hour */
++   || (rc = gnutls_x509_crt_set_expiration_time(cert, now + (long)2 * 60 * 60))	/* 2 hour */
+    || (rc = gnutls_x509_crt_set_key(cert, pkey))
+ 
+    || (rc = gnutls_x509_crt_set_dn_by_oid(cert,
+ 	      GNUTLS_OID_X520_COUNTRY_NAME, 0, "UK", 2))
+    || (rc = gnutls_x509_crt_set_dn_by_oid(cert,