diff options
author | Mark H Weaver <mhw@netris.org> | 2019-12-10 18:20:51 -0500 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2019-12-11 01:52:10 -0500 |
commit | 04b33ce205f38813b4dbd04b6ad3c7aa0be0b6f6 (patch) | |
tree | 7fd5fa9d8c81036f36a950299f7dfa42e20375f5 | |
parent | bc587eb178799ccb9bd051f8f46569e1673a9991 (diff) |
gnu: nss: Fix CVE-2019-11745 via graft.
* gnu/packages/patches/nss-CVE-2019-11745.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/nss.scm (nss/fixed): New variable.
(nss)[replacement]: Add field.
-rw-r--r-- | gnu/local.mk | 1 | ||||
-rw-r--r-- | gnu/packages/nss.scm | 9 | ||||
-rw-r--r-- | gnu/packages/patches/nss-CVE-2019-11745.patch | 24 |
3 files changed, 34 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 0faa0ba07c..00ff3b8d61 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1180,6 +1180,7 @@ dist_patch_DATA = \ %D%/packages/patches/ngircd-handle-zombies.patch \ %D%/packages/patches/nm-plugin-path.patch \ %D%/packages/patches/nsis-env-passthru.patch \ + %D%/packages/patches/nss-CVE-2019-11745.patch \ %D%/packages/patches/nss-freebl-stubs.patch \ %D%/packages/patches/nss-increase-test-timeout.patch \ %D%/packages/patches/nss-pkgconfig.patch \ diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm index 65f95aaa8a..4f421f6e9d 100644 --- a/gnu/packages/nss.scm +++ b/gnu/packages/nss.scm @@ -71,6 +71,7 @@ in the Mozilla clients.") (package (name "nss") (version "3.46.1") + (replacement nss/fixed) (source (origin (method url-fetch) (uri (let ((version-with-underscores @@ -183,3 +184,11 @@ applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards.") (license license:mpl2.0))) + +(define nss/fixed + (package + (inherit nss) + (source (origin + (inherit (package-source nss)) + (patches (append (search-patches "nss-CVE-2019-11745.patch") + (origin-patches (package-source nss)))))))) diff --git a/gnu/packages/patches/nss-CVE-2019-11745.patch b/gnu/packages/patches/nss-CVE-2019-11745.patch new file mode 100644 index 0000000000..ae0eeda3c8 --- /dev/null +++ b/gnu/packages/patches/nss-CVE-2019-11745.patch @@ -0,0 +1,24 @@ +Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller +than the block size to NSC_EncryptUpdate). + +Copied from Debian, equivalent to upstream fix: +<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>. + +# HG changeset patch +# User Craig Disselkoen <cdisselk@cs.ucsd.edu> +# Date 1574189697 25200 +# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec +# Parent 64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6 +Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus + +--- a/nss/lib/softoken/pkcs11c.c ++++ b/nss/lib/softoken/pkcs11c.c +@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes + } + /* encrypt the current padded data */ + rv = (*context->update)(context->cipherInfo, pEncryptedPart, +- &padoutlen, context->blockSize, context->padBuf, ++ &padoutlen, maxout, context->padBuf, + context->blockSize); + if (rv != SECSuccess) { + return sftk_MapCryptError(PORT_GetError()); |