[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/10: gnu: nss: Remove replacement package.
|
From: |
guix-commits |
|
Subject: |
02/10: gnu: nss: Remove replacement package. |
|
Date: |
Wed, 11 Dec 2019 17:27:46 -0500 (EST) |
mbakke pushed a commit to branch staging
in repository guix.
commit f8a8984c4b95538d027dd63e23d8340dfbea72e2
Author: Marius Bakke <address@hidden>
Date: Wed Dec 11 22:40:40 2019 +0100
gnu: nss: Remove replacement package.
The merge preceding this commit ignored the 'replacement' added to nss in
commit 04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6, because the security fix is
already present in NSS 3.48. This commit removes the remaining bits.
* gnu/packages/patches/nss-CVE-2019-11745.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
* gnu/packages/nss.scm (nss/fixed): Remove variable.
---
gnu/local.mk | 1 -
gnu/packages/nss.scm | 8 --------
gnu/packages/patches/nss-CVE-2019-11745.patch | 24 ------------------------
3 files changed, 33 deletions(-)
diff --git a/gnu/local.mk b/gnu/local.mk
index 4d89f17..2110251 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1179,7 +1179,6 @@ dist_patch_DATA =
\
%D%/packages/patches/ngircd-handle-zombies.patch \
%D%/packages/patches/nm-plugin-path.patch \
%D%/packages/patches/nsis-env-passthru.patch \
- %D%/packages/patches/nss-CVE-2019-11745.patch \
%D%/packages/patches/nss-freebl-stubs.patch \
%D%/packages/patches/nss-increase-test-timeout.patch \
%D%/packages/patches/nss-pkgconfig.patch \
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index e81c859..2e34f8e 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -183,11 +183,3 @@ applications. Applications built with NSS can support SSL
v2 and v3, TLS,
PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
security standards.")
(license license:mpl2.0)))
-
-(define nss/fixed
- (package
- (inherit nss)
- (source (origin
- (inherit (package-source nss))
- (patches (append (search-patches "nss-CVE-2019-11745.patch")
- (origin-patches (package-source nss))))))))
diff --git a/gnu/packages/patches/nss-CVE-2019-11745.patch
b/gnu/packages/patches/nss-CVE-2019-11745.patch
deleted file mode 100644
index ae0eeda..0000000
--- a/gnu/packages/patches/nss-CVE-2019-11745.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller
-than the block size to NSC_EncryptUpdate).
-
-Copied from Debian, equivalent to upstream fix:
-<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>.
-
-# HG changeset patch
-# User Craig Disselkoen <address@hidden>
-# Date 1574189697 25200
-# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec
-# Parent 64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6
-Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus
-
---- a/nss/lib/softoken/pkcs11c.c
-+++ b/nss/lib/softoken/pkcs11c.c
-@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes
- }
- /* encrypt the current padded data */
- rv = (*context->update)(context->cipherInfo, pEncryptedPart,
-- &padoutlen, context->blockSize,
context->padBuf,
-+ &padoutlen, maxout, context->padBuf,
- context->blockSize);
- if (rv != SECSuccess) {
- return sftk_MapCryptError(PORT_GetError());
- branch staging updated (939c5b2 -> 28b4ff2), guix-commits, 2019/12/11
- 10/10: gnu: speexdsp: Do not build static libraries., guix-commits, 2019/12/11
- 04/10: gnu: pcre2: Do not build static libraries., guix-commits, 2019/12/11
- 08/10: gnu: libvorbis: Do not build static libraries., guix-commits, 2019/12/11
- 05/10: gnu: libwebp: Do not build static libraries., guix-commits, 2019/12/11
- 03/10: gnu: pcre2: Update to 10.34., guix-commits, 2019/12/11
- 01/10: Merge branch 'master' into staging, guix-commits, 2019/12/11
- 09/10: gnu: libtheora: Do not build static libraries., guix-commits, 2019/12/11
- 06/10: gnu: opus: Do not build static libraries., guix-commits, 2019/12/11
- 07/10: gnu: libogg: Do not build static libraries., guix-commits, 2019/12/11
- 02/10: gnu: nss: Remove replacement package.,
guix-commits <=