Date: Monday, April 25, 2022 @ 20:58:59 Author: eworm Revision: 443969
upgpkg: curl 7.82.0-3: apply "openssl: fix CN check error code" (FS#74250) Added: curl/trunk/0004-openssl-fix-CN-check-error-code.patch Modified: curl/trunk/PKGBUILD --------------------------------------------+ 0004-openssl-fix-CN-check-error-code.patch | 30 +++++++++++++++++++++++++++ PKGBUILD | 10 ++++++--- 2 files changed, 37 insertions(+), 3 deletions(-) Added: 0004-openssl-fix-CN-check-error-code.patch =================================================================== --- 0004-openssl-fix-CN-check-error-code.patch (rev 0) +++ 0004-openssl-fix-CN-check-error-code.patch 2022-04-25 20:58:59 UTC (rev 443969) @@ -0,0 +1,30 @@ +From 911714d617c106ed5d553bf003e34ec94ab6a136 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg <[email protected]> +Date: Tue, 8 Mar 2022 13:38:13 +0100 +Subject: [PATCH] openssl: fix CN check error code + +Due to a missing 'else' this returns error too easily. + +Regressed in: d15692ebb + +Reported-by: Kristoffer Gleditsch +Fixes #8559 +Closes #8560 +--- + lib/vtls/openssl.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c +index 0b79fc50a9c5..4618beeb3867 100644 +--- a/lib/vtls/openssl.c ++++ b/lib/vtls/openssl.c +@@ -1817,7 +1817,8 @@ CURLcode Curl_ossl_verifyhost(struct Curl_easy *data, struct connectdata *conn, + memcpy(peer_CN, ASN1_STRING_get0_data(tmp), peerlen); + peer_CN[peerlen] = '\0'; + } +- result = CURLE_OUT_OF_MEMORY; ++ else ++ result = CURLE_OUT_OF_MEMORY; + } + } + else /* not a UTF8 name */ Modified: PKGBUILD =================================================================== --- PKGBUILD 2022-04-25 20:58:51 UTC (rev 443968) +++ PKGBUILD 2022-04-25 20:58:59 UTC (rev 443969) @@ -7,7 +7,7 @@ pkgbase=curl pkgname=(curl libcurl-compat libcurl-gnutls) pkgver=7.82.0 -pkgrel=2 +pkgrel=3 pkgdesc='An URL retrieval utility and library' arch=('x86_64') url='https://curl.haxx.se' @@ -20,12 +20,14 @@ source=("https://curl.haxx.se/download/${pkgname}-${pkgver}.tar.gz"{,.asc} 0001-http2-handle-DONE-called-for-the-paused-stream.patch 0002-http-close-the-stream-not-connection-on-time-conditi.patch - 0003-http2-RST-the-stream-if-we-stop-it-on-our-own-will.patch) + 0003-http2-RST-the-stream-if-we-stop-it-on-our-own-will.patch + 0004-openssl-fix-CN-check-error-code.patch) sha512sums=('d4c4a785876e0d1ba1c1adbe65528d56a8b81fc03ff724e87819cfe51aca60f8a7bf2ac9384f30c3a6bbd28669b2bd3e9a6794737243c836c4902d085a72c474' 'SKIP' '0d883c3fc267c4c5d82078e03689db31f83292cb41f3f6fab26d05fa9cbaa77ae75cfd3bbb4f6953bbc4bc9760c54b49bdfdae219cd48af92312abbb1ba70ec6' '422df75880b107a5c457d25ca1488166f5e61cc2876ad0193a742ad6cf4cae5363b0c7bd00cbaf9f49a5e5d503159cb2d2fd3d602abf3935dc3f77f14e9027dc' - '394f27e8721c23b82924064df8f72aa33f6e5064d0a3798a59543fd7d9660939437f1a6f45f03370d517edf5d4a218a9d41b4d62e7498d4f520f026da68007b1') + '394f27e8721c23b82924064df8f72aa33f6e5064d0a3798a59543fd7d9660939437f1a6f45f03370d517edf5d4a218a9d41b4d62e7498d4f520f026da68007b1' + 'bb2e3d40d65c5c1c07b2623c2d5db11fe232ecf4d9f223ec2bdd8fba32c76c991292b36114b48dd0cad2ed376d127070a65f30fcec7af4b328e4adaab81b4dc1') validpgpkeys=('27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2') # Daniel Stenberg _configure_options=( @@ -49,6 +51,8 @@ patch -Np1 -i ../0001-http2-handle-DONE-called-for-the-paused-stream.patch patch -Np1 -i ../0002-http-close-the-stream-not-connection-on-time-conditi.patch patch -Np1 -i ../0003-http2-RST-the-stream-if-we-stop-it-on-our-own-will.patch + # https://github.com/curl/curl/issues/8559 + patch -Np1 -i ../0004-openssl-fix-CN-check-error-code.patch } build() {
