Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libressl for openSUSE:Factory
checked in at 2022-11-01 14:26:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libressl (Old)
and /work/SRC/openSUSE:Factory/.libressl.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libressl"
Tue Nov 1 14:26:32 2022 rev:65 rq:1032685 version:3.6.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/libressl/libressl.changes 2022-10-08
01:24:43.958161898 +0200
+++ /work/SRC/openSUSE:Factory/.libressl.new.2275/libressl.changes
2022-11-01 14:26:33.793900492 +0100
@@ -1,0 +2,9 @@
+Tue Nov 1 12:35:37 UTC 2022 - Jan Engelhardt <jeng...@inai.de>
+
+- Update to release 3.6.1
+ * Custom verification callbacks could cause the X.509 verifier
+ to fail to store errors resulting from leaf certificate
+ verification.
+ * Unbreak ASN.1 indefinite length encoding.
+
+-------------------------------------------------------------------
Old:
----
libressl-3.6.0.tar.gz
libressl-3.6.0.tar.gz.asc
New:
----
libressl-3.6.1.tar.gz
libressl-3.6.1.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libressl.spec ++++++
--- /var/tmp/diff_new_pack.Xsidj3/_old 2022-11-01 14:26:34.541904506 +0100
+++ /var/tmp/diff_new_pack.Xsidj3/_new 2022-11-01 14:26:34.545904527 +0100
@@ -16,7 +16,7 @@
#
Name: libressl
-Version: 3.6.0
+Version: 3.6.1
Release: 0
Summary: An SSL/TLS protocol implementation
License: OpenSSL
++++++ libressl-3.6.0.tar.gz -> libressl-3.6.1.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.6.0/CMakeLists.txt
new/libressl-3.6.1/CMakeLists.txt
--- old/libressl-3.6.0/CMakeLists.txt 2022-05-16 04:39:46.000000000 +0200
+++ new/libressl-3.6.1/CMakeLists.txt 2022-10-25 02:33:21.000000000 +0200
@@ -291,6 +291,11 @@
add_definitions(-DHAVE_ENDIAN_H)
endif()
+check_include_files(machine/endian.h HAVE_MACHINE_ENDIAN_H)
+if(HAVE_MACHINE_ENDIAN_H)
+ add_definitions(-DHAVE_MACHINE_ENDIAN_H)
+endif()
+
check_include_files(err.h HAVE_ERR_H)
if(HAVE_ERR_H)
add_definitions(-DHAVE_ERR_H)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.6.0/ChangeLog new/libressl-3.6.1/ChangeLog
--- old/libressl-3.6.0/ChangeLog 2022-09-27 12:04:45.000000000 +0200
+++ new/libressl-3.6.1/ChangeLog 2022-10-25 02:36:52.000000000 +0200
@@ -28,6 +28,15 @@
LibreSSL Portable Release Notes:
+3.6.1 - Stable release
+
+ * Bug fixes
+ - Custom verification callbacks could cause the X.509 verifier to
+ fail to store errors resulting from leaf certificate verification.
+ Reported by Ilya Shipitsin.
+ - Unbreak ASN.1 indefinite length encoding.
+ Reported by Niklas Hallqvist.
+
3.6.0 - Development release
* Internal improvements
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.6.0/VERSION new/libressl-3.6.1/VERSION
--- old/libressl-3.6.0/VERSION 2022-09-27 12:05:18.000000000 +0200
+++ new/libressl-3.6.1/VERSION 2022-10-25 02:57:42.000000000 +0200
@@ -1,2 +1,2 @@
-3.6.0
+3.6.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.6.0/configure new/libressl-3.6.1/configure
--- old/libressl-3.6.0/configure 2022-09-27 12:05:52.000000000 +0200
+++ new/libressl-3.6.1/configure 2022-10-25 02:58:16.000000000 +0200
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libressl 3.6.0.
+# Generated by GNU Autoconf 2.69 for libressl 3.6.1.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
@@ -587,8 +587,8 @@
# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
-PACKAGE_VERSION='3.6.0'
-PACKAGE_STRING='libressl 3.6.0'
+PACKAGE_VERSION='3.6.1'
+PACKAGE_STRING='libressl 3.6.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@@ -1455,7 +1455,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures libressl 3.6.0 to adapt to many kinds of systems.
+\`configure' configures libressl 3.6.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1526,7 +1526,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of libressl 3.6.0:";;
+ short | recursive ) echo "Configuration of libressl 3.6.1:";;
esac
cat <<\_ACEOF
@@ -1644,7 +1644,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-libressl configure 3.6.0
+libressl configure 3.6.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2192,7 +2192,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by libressl $as_me 3.6.0, which was
+It was created by libressl $as_me 3.6.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -3128,7 +3128,7 @@
# Define the identity of the package.
PACKAGE='libressl'
- VERSION='3.6.0'
+ VERSION='3.6.1'
cat >>confdefs.h <<_ACEOF
@@ -12687,7 +12687,7 @@
# Check for libc headers
-for ac_header in endian.h err.h readpassphrase.h
+for ac_header in endian.h machine/endian.h err.h readpassphrase.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header"
"$ac_includes_default"
@@ -14701,7 +14701,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by libressl $as_me 3.6.0, which was
+This file was extended by libressl $as_me 3.6.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -14758,7 +14758,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-libressl config.status 3.6.0
+libressl config.status 3.6.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.6.0/crypto/asn1/tasn_enc.c
new/libressl-3.6.1/crypto/asn1/tasn_enc.c
--- old/libressl-3.6.0/crypto/asn1/tasn_enc.c 2022-08-29 13:02:26.000000000
+0200
+++ new/libressl-3.6.1/crypto/asn1/tasn_enc.c 2022-10-25 02:38:40.000000000
+0200
@@ -1,4 +1,4 @@
-/* $OpenBSD: tasn_enc.c,v 1.25 2022/08/20 17:55:08 jsing Exp $ */
+/* $OpenBSD: tasn_enc.c,v 1.25.2.1 2022/10/20 09:47:01 tb Exp $ */
/* Written by Dr Stephen N Henson (st...@openssl.org) for the OpenSSL
* project 2000.
*/
@@ -494,7 +494,7 @@
asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
const ASN1_ITEM *it, int tag, int aclass)
{
- int len;
+ int olen, len;
int utype;
int usetag;
int ndef = 0;
@@ -505,7 +505,7 @@
* out the underlying type.
*/
- len = asn1_ex_i2c(pval, NULL, &utype, it);
+ olen = len = asn1_ex_i2c(pval, NULL, &utype, it);
/* If SEQUENCE, SET or OTHER then header is
* included in pseudo content octets so don't
@@ -541,7 +541,7 @@
if (out) {
if (usetag)
ASN1_put_object(out, ndef, len, tag, aclass);
- if (asn1_ex_i2c(pval, *out, &utype, it) != len)
+ if (asn1_ex_i2c(pval, *out, &utype, it) != olen)
return -1;
if (ndef)
ASN1_put_eoc(out);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.6.0/crypto/x509/x509_verify.c
new/libressl-3.6.1/crypto/x509/x509_verify.c
--- old/libressl-3.6.0/crypto/x509/x509_verify.c 2022-08-12
11:20:51.000000000 +0200
+++ new/libressl-3.6.1/crypto/x509/x509_verify.c 2022-10-25
02:38:40.000000000 +0200
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_verify.c,v 1.60 2022/08/05 14:46:52 beck Exp $ */
+/* $OpenBSD: x509_verify.c,v 1.60.2.1 2022/10/20 09:45:18 tb Exp $ */
/*
* Copyright (c) 2020-2021 Bob Beck <b...@openbsd.org>
*
@@ -494,6 +494,15 @@
if (!x509_verify_ctx_validate_legacy_chain(ctx, chain, depth))
return 0;
+ /* Verify the leaf certificate and store any resulting error. */
+ if (!x509_verify_cert_valid(ctx, leaf, NULL))
+ return 0;
+ if (!x509_verify_cert_hostname(ctx, leaf, name))
+ return 0;
+ if (ctx->error_depth == 0 &&
+ ctx->error != X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY)
+ chain->cert_errors[0] = ctx->error;
+
/*
* In the non-legacy code, extensions and purpose are dealt
* with as the chain is built.
@@ -508,16 +517,11 @@
return x509_verify_cert_error(ctx, last, depth,
X509_V_ERR_OUT_OF_MEM, 0);
}
-
- if (!x509_verify_cert_valid(ctx, leaf, NULL))
- return 0;
-
- if (!x509_verify_cert_hostname(ctx, leaf, name))
- return 0;
-
ctx->chains_count++;
+
ctx->error = X509_V_OK;
ctx->error_depth = depth;
+
return 1;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.6.0/include/compat/endian.h
new/libressl-3.6.1/include/compat/endian.h
--- old/libressl-3.6.0/include/compat/endian.h 2022-05-16 04:39:46.000000000
+0200
+++ new/libressl-3.6.1/include/compat/endian.h 2022-10-25 02:33:21.000000000
+0200
@@ -24,6 +24,9 @@
#elif defined(HAVE_ENDIAN_H)
#include_next <endian.h>
+#elif defined(HAVE_MACHINE_ENDIAN_H)
+#include_next <machine/endian.h>
+
#elif defined(__sun) || defined(_AIX) || defined(__hpux)
#include <sys/types.h>
#include <arpa/nameser_compat.h>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.6.0/include/openssl/opensslv.h
new/libressl-3.6.1/include/openssl/opensslv.h
--- old/libressl-3.6.0/include/openssl/opensslv.h 2022-08-01
05:41:23.000000000 +0200
+++ new/libressl-3.6.1/include/openssl/opensslv.h 2022-10-25
02:38:32.000000000 +0200
@@ -3,9 +3,9 @@
#define HEADER_OPENSSLV_H
/* These will change with each release of LibreSSL-portable */
-#define LIBRESSL_VERSION_NUMBER 0x3060000fL
+#define LIBRESSL_VERSION_NUMBER 0x3060100fL
/* ^ Patch starts here */
-#define LIBRESSL_VERSION_TEXT "LibreSSL 3.6.0"
+#define LIBRESSL_VERSION_TEXT "LibreSSL 3.6.1"
/* These will never change */
#define OPENSSL_VERSION_NUMBER 0x20000000L
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/libressl-3.6.0/m4/check-libc.m4
new/libressl-3.6.1/m4/check-libc.m4
--- old/libressl-3.6.0/m4/check-libc.m4 2022-05-16 04:39:46.000000000 +0200
+++ new/libressl-3.6.1/m4/check-libc.m4 2022-10-25 02:33:21.000000000 +0200
@@ -1,6 +1,6 @@
AC_DEFUN([CHECK_LIBC_COMPAT], [
# Check for libc headers
-AC_CHECK_HEADERS([endian.h err.h readpassphrase.h])
+AC_CHECK_HEADERS([endian.h machine/endian.h err.h readpassphrase.h])
AC_CHECK_HEADERS([netinet/ip.h], [], [],
[#include <sys/types.h>
#include <arpa/inet.h>
