opkg

statically linked package installer
git clone anongit@rnpnr.xyz:opkg.git
Log | Files | Refs | Feed | Submodules | README | LICENSE
Commit: caa5489aee2c228536e746b471d05f6ed2d66571
Parent: a4d03cd6978796c8c114190c2a06ac5d51c6c14e
Author: Michael Forney
Date:   Tue, 14 Apr 2026 23:50:54 -0700

bearssl: Add patch to disallow empty wildcards and wildcards under TLD level

Diffstat:

Apkg/bearssl/patch/0003-Disallow-empty-wildcards-and-wildcards-at-TLD-level.patch | 67+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Mpkg/bearssl/ver | 2+-


2 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/pkg/bearssl/patch/0003-Disallow-empty-wildcards-and-wildcards-at-TLD-level.patch b/pkg/bearssl/patch/0003-Disallow-empty-wildcards-and-wildcards-at-TLD-level.patch
@@ -0,0 +1,67 @@
+From 7077cb239f9405b02b4db968dff0d2fa16698893 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sat, 13 Nov 2021 11:28:29 -0800
+Subject: [PATCH] Disallow empty wildcards and wildcards at TLD level
+
+---
+ src/x509/x509_minimal.c  | 10 +++++++++-
+ src/x509/x509_minimal.t0 | 10 +++++++++-
+ 2 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/src/x509/x509_minimal.c b/src/x509/x509_minimal.c
+index 04f149b..fc5fa6b 100644
+--- a/src/x509/x509_minimal.c
++++ b/src/x509/x509_minimal.c
+@@ -1474,13 +1474,21 @@ br_x509_minimal_run(void *t0ctx)
+ 	if (n2 >= 2 && CTX->pad[1] == '*' && CTX->pad[2] == '.') {
+ 		size_t u;
+ 
++		u = 3;
++		while (u <= n2 && CTX->pad[u] != '.') {
++			u ++;
++		}
++		if (u > n2) {
++			T0_PUSH(0);
++			T0_RET();
++		}
+ 		u = 0;
+ 		while (u < n1 && CTX->server_name[u] != '.') {
+ 			u ++;
+ 		}
+ 		u ++;
+ 		n1 -= u;
+-		if ((n2 - 2) == n1
++		if (u > 1 && (n2 - 2) == n1
+ 			&& eqnocase(&CTX->pad[3], CTX->server_name + u, n1))
+ 		{
+ 			T0_PUSHi(-1);
+diff --git a/src/x509/x509_minimal.t0 b/src/x509/x509_minimal.t0
+index 80a3701..d3d01da 100644
+--- a/src/x509/x509_minimal.t0
++++ b/src/x509/x509_minimal.t0
+@@ -778,13 +778,21 @@ cc: match-server-name ( -- bool ) {
+ 	if (n2 >= 2 && CTX->pad[1] == '*' && CTX->pad[2] == '.') {
+ 		size_t u;
+ 
++		u = 3;
++		while (u <= n2 && CTX->pad[u] != '.') {
++			u ++;
++		}
++		if (u > n2) {
++			T0_PUSH(0);
++			T0_RET();
++		}
+ 		u = 0;
+ 		while (u < n1 && CTX->server_name[u] != '.') {
+ 			u ++;
+ 		}
+ 		u ++;
+ 		n1 -= u;
+-		if ((n2 - 2) == n1
++		if (u > 1 && (n2 - 2) == n1
+ 			&& eqnocase(&CTX->pad[3], CTX->server_name + u, n1))
+ 		{
+ 			T0_PUSHi(-1);
+-- 
+2.49.0
+
diff --git a/pkg/bearssl/ver b/pkg/bearssl/ver
@@ -1 +1 @@
-0.6-39-g7bea48e
+0.6-39-g7bea48e r1