bartronx7/guix
1
0
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2026-01-25 12:05:19 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: nss: Remove replacement package.

Browse source 
The merge preceding this commit ignored the 'replacement' added to nss in
commit 04b33ce205, because the security fix is
already present in NSS 3.48.  This commit removes the remaining bits.

* gnu/packages/patches/nss-CVE-2019-11745.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/nss.scm (nss/fixed): Remove variable.
This commit is contained in:
Marius Bakke 2019-12-11 22:40:40 +01:00
parent 9b601fc211
commit f8a8984c4b
No known key found for this signature in database
GPG key ID: A2A06DF2A33A54FA
3 changed files with 0 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -1179,7 +1179,6 @@ dist_patch_DATA = \
%D%/packages/patches/ngircd-handle-zombies.patch \
%D%/packages/patches/nm-plugin-path.patch \
%D%/packages/patches/nsis-env-passthru.patch \
%D%/packages/patches/nss-CVE-2019-11745.patch \
%D%/packages/patches/nss-freebl-stubs.patch \
%D%/packages/patches/nss-increase-test-timeout.patch \
%D%/packages/patches/nss-pkgconfig.patch \

8
gnu/packages/nss.scm
View file

@ -183,11 +183,3 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS,
PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
security standards.")
(license license:mpl2.0)))
(define nss/fixed
(package
(inherit nss)
(source (origin
(inherit (package-source nss))
(patches (append (search-patches "nss-CVE-2019-11745.patch")
(origin-patches (package-source nss))))))))

24
gnu/packages/patches/nss-CVE-2019-11745.patch
View file

@ -1,24 +0,0 @@
Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller
than the block size to NSC_EncryptUpdate).
Copied from Debian, equivalent to upstream fix:
<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>.
# HG changeset patch
# User Craig Disselkoen <cdisselk@cs.ucsd.edu>
# Date 1574189697 25200
# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec
# Parent 64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6
Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus
--- a/nss/lib/softoken/pkcs11c.c
+++ b/nss/lib/softoken/pkcs11c.c
@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes
}
/* encrypt the current padded data */
rv = (*context->update)(context->cipherInfo, pEncryptedPart,
- &padoutlen, context->blockSize, context->padBuf,
+ &padoutlen, maxout, context->padBuf,
context->blockSize);
if (rv != SECSuccess) {
return sftk_MapCryptError(PORT_GetError());