branch core-updates updated: gnu: OpenSSL: Add upstream patch to preserv

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch core-updates updated: gnu: OpenSSL: Add upstream patch to preserv

From:	guix-commits
Subject:	branch core-updates updated: gnu: OpenSSL: Add upstream patch to preserve compatibility in EOF handling.
Date:	Thu, 26 Mar 2020 18:09:47 -0400

This is an automated email from the git hooks/post-receive script.

mbakke pushed a commit to branch core-updates
in repository guix.

The following commit(s) were added to refs/heads/core-updates by this push:
     new 0ab8ad4  gnu: OpenSSL: Add upstream patch to preserve compatibility in 
EOF handling.
0ab8ad4 is described below

commit 0ab8ad46322bea331ed5f5592843ba35e7f38b37
Author: Marius Bakke <address@hidden>
AuthorDate: Thu Mar 26 23:09:15 2020 +0100

    gnu: OpenSSL: Add upstream patch to preserve compatibility in EOF handling.
    
    This is a follow-up to ad8254c23a86c3ca4ca32bc68fc8d76954aa80fd, which
    unexpectedly caused a test failure in the Python test suite.
    
    * gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch: New file.
    * gnu/local.mk (dist_patch_DATA): Adjust accordingly.
    * gnu/packages/tls.scm (openssl)[source](patches): Add it.
---
 gnu/local.mk                                       |  1 +
 .../patches/openssl-1.1.1e-revert-detect-eof.patch | 80 ++++++++++++++++++++++
 gnu/packages/tls.scm                               |  3 +-
 3 files changed, 83 insertions(+), 1 deletion(-)

diff --git a/gnu/local.mk b/gnu/local.mk
index c1ee251..d687c53 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1267,6 +1267,7 @@ dist_patch_DATA =                                         
\
   %D%/packages/patches/openocd-nrf52.patch                     \
   %D%/packages/patches/openssl-runpath.patch                   \
   %D%/packages/patches/openssl-1.1-c-rehash-in.patch           \
+  %D%/packages/patches/openssl-1.1.1e-revert-detect-eof.patch  \
   %D%/packages/patches/openssl-c-rehash-in.patch               \
   %D%/packages/patches/openssl-CVE-2019-1559.patch             \
   %D%/packages/patches/open-zwave-hidapi.patch                 \
diff --git a/gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch 
b/gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch
new file mode 100644
index 0000000..9735594
--- /dev/null
+++ b/gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch
@@ -0,0 +1,80 @@
+This patch reverts a change in 1.1.1e that can break applications that do
+not expect EOF to be reported via SSL_ERROR_SSL.
+
+https://bugs.python.org/issue40018
+https://github.com/openssl/openssl/pull/11400
+https://github.com/openssl/openssl/commit/0cd2ee64bffcdece599c3e4b5fac3830a55dc0fa
+
+Taken from upstream:
+https://github.com/openssl/openssl/commit/30d190caf311d534867df97e26b552e628cb7d85
+
+diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
+index f5324c6819d8..35512f9caf96 100644
+--- a/crypto/err/openssl.txt
++++ b/crypto/err/openssl.txt
+@@ -2852,7 +2852,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to 
load ssl3 md5 routines
+ SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
+ SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
+ SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
+-SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
+ SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
+ SSL_R_UNEXPECTED_RECORD:245:unexpected record
+ SSL_R_UNINITIALIZED:276:uninitialized
+diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
+index 0ef684f3c131..ba4c4ae5fbd3 100644
+--- a/include/openssl/sslerr.h
++++ b/include/openssl/sslerr.h
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the OpenSSL license (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void);
+ # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
+ # define SSL_R_UNEXPECTED_CCS_MESSAGE                     262
+ # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
+-# define SSL_R_UNEXPECTED_EOF_WHILE_READING               294
+ # define SSL_R_UNEXPECTED_MESSAGE                         244
+ # define SSL_R_UNEXPECTED_RECORD                          245
+ # define SSL_R_UNINITIALIZED                              276
+diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
+index 1c885a664f35..b2a7a47eb075 100644
+--- a/ssl/record/rec_layer_s3.c
++++ b/ssl/record/rec_layer_s3.c
+@@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, 
int clearold,
+             ret = BIO_read(s->rbio, pkt + len + left, max - left);
+             if (ret >= 0)
+                 bioread = ret;
+-            if (ret <= 0
+-                    && !BIO_should_retry(s->rbio)
+-                    && BIO_eof(s->rbio)) {
+-                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N,
+-                         SSL_R_UNEXPECTED_EOF_WHILE_READING);
+-            }
+         } else {
+             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
+                      SSL_R_READ_BIO_NOT_SET);
+diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
+index a0c7b79659d4..4b12ed1485d9 100644
+--- a/ssl/ssl_err.c
++++ b/ssl/ssl_err.c
+@@ -1,6 +1,6 @@
+ /*
+  * Generated by util/mkerr.pl DO NOT EDIT
+- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
++ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+  *
+  * Licensed under the OpenSSL license (the "License").  You may not use
+  * this file except in compliance with the License.  You can obtain a copy
+@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
+     "unexpected ccs message"},
+     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
+     "unexpected end of early data"},
+-    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
+-    "unexpected eof while reading"},
+     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected 
message"},
+     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
+     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index f631022..a057432 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -293,7 +293,8 @@ required structures.")
              (sha256
               (base32
                "1gnwlri1dphr5wdzmg9vlhkh6aq2yqgpfkpmffzwjlfb26n62kv9"))
-             (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
+             (patches (search-patches "openssl-1.1-c-rehash-in.patch"
+                                      
"openssl-1.1.1e-revert-detect-eof.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"         ;6.8 MiB of man3 pages and full HTML documentation

[Prev in Thread]

Current Thread

[Next in Thread]

branch core-updates updated: gnu: OpenSSL: Add upstream patch to preserve compatibility in EOF handling., guix-commits <=

Prev by Date: 06/15: gnu: gd: Update to 2.3.0.
Next by Date: branch master updated: gnu: Add ROPgadget.
Previous by thread: branch core-updates updated (3a1c364 -> b12acff)
Next by thread: branch master updated: gnu: Add ROPgadget.
Index(es):
- Date
- Thread