diff options
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/packages/nss.scm | 8 | ||||
| -rw-r--r-- | gnu/packages/patches/nss-CVE-2019-11745.patch | 24 |
3 files changed, 0 insertions, 33 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 4d89f17bbe..21102514a9 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1179,7 +1179,6 @@ dist_patch_DATA = \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/nm-plugin-path.patch \ %D%/packages/patches/nsis-env-passthru.patch \ - %D%/packages/patches/nss-CVE-2019-11745.patch \ %D%/packages/patches/nss-freebl-stubs.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index e81c859a51..2e34f8e26f 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -183,11 +183,3 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.") (license license:mpl2.0))) - -(define nss/fixed - (package - (inherit nss) - (source (origin - (inherit (package-source nss)) - (patches (append (search-patches "nss-CVE-2019-11745.patch") - (origin-patches (package-source nss)))))))) diff --git a/gnu/packages/patches/nss-CVE-2019-11745.patch b/gnu/packages/patches/nss-CVE-2019-11745.patch deleted file mode 100644 index ae0eeda3c8..0000000000 --- a/gnu/packages/patches/nss-CVE-2019-11745.patch +++ /dev/null @@ -1,24 +0,0 @@ -Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller -than the block size to NSC_EncryptUpdate). - -Copied from Debian, equivalent to upstream fix: -<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>. - -# HG changeset patch -# User Craig Disselkoen <cdisselk@cs.ucsd.edu> -# Date 1574189697 25200 -# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec -# Parent 64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6 -Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus - ---- a/nss/lib/softoken/pkcs11c.c -+++ b/nss/lib/softoken/pkcs11c.c -@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes - } - /* encrypt the current padded data */ - rv = (*context->update)(context->cipherInfo, pEncryptedPart, -- &padoutlen, context->blockSize, context->padBuf, -+ &padoutlen, maxout, context->padBuf, - context->blockSize); - if (rv != SECSuccess) { - return sftk_MapCryptError(PORT_GetError()); |