diff options
| author | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2021-06-06 00:10:19 -0400 |
|---|---|---|
| committer | Maxim Cournoyer <maxim.cournoyer@gmail.com> | 2021-06-06 00:50:16 -0400 |
| commit | 63858f8c8bbcacddbe54f178942975d96b21fe3e (patch) | |
| tree | d73d94ccd05f0e3884816de3c9279b10e450566a /gnu/packages/patches/gnutls-CVE-2021-20231.patch | |
| parent | f72a1253a18798a25245b4124c1da35ed993e0d1 (diff) | |
| download | guix-63858f8c8bbcacddbe54f178942975d96b21fe3e.tar.gz | |
gnu: gnutls: Update to 3.7.2.
The 3.7 branch, while not considered the "stable" branch upstream, has been adopted by most major GNU/Linux distributions such as Debian, Arch, openSUSE, etc. It has the benefit of receiving all the security fixes. * gnu/packages/tls.scm (gnutls): Update to 3.7.2. Remove trailing #t. [source]: Remove the gnutls-CVE-2021-20231.patch and gnutls-CVE-2021-20232.patch patches, now incorporated in the source. * gnu/packages/patches/gnutls-CVE-2021-20231.patch: Delete file. * gnu/packages/patches/gnutls-CVE-2021-20232.patch: Likewise. * gnu/local.mk (dist_patch_DATA): De-register them.
Diffstat (limited to 'gnu/packages/patches/gnutls-CVE-2021-20231.patch')
| -rw-r--r-- | gnu/packages/patches/gnutls-CVE-2021-20231.patch | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/gnu/packages/patches/gnutls-CVE-2021-20231.patch b/gnu/packages/patches/gnutls-CVE-2021-20231.patch deleted file mode 100644 index 5186522eee..0000000000 --- a/gnu/packages/patches/gnutls-CVE-2021-20231.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 15beb4b193b2714d88107e7dffca781798684e7e Mon Sep 17 00:00:00 2001 -From: Daiki Ueno <ueno@gnu.org> -Date: Fri, 29 Jan 2021 14:06:05 +0100 -Subject: [PATCH 1/2] key_share: avoid use-after-free around realloc - -Signed-off-by: Daiki Ueno <ueno@gnu.org> ---- - lib/ext/key_share.c | 12 +++++------- - 1 file changed, 5 insertions(+), 7 deletions(-) - -diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c -index ab8abf8fe..a8c4bb5cf 100644 ---- a/lib/ext/key_share.c -+++ b/lib/ext/key_share.c -@@ -664,14 +664,14 @@ key_share_send_params(gnutls_session_t session, - { - unsigned i; - int ret; -- unsigned char *lengthp; -- unsigned int cur_length; - unsigned int generated = 0; - const gnutls_group_entry_st *group; - const version_entry_st *ver; - - /* this extension is only being sent on client side */ - if (session->security_parameters.entity == GNUTLS_CLIENT) { -+ unsigned int length_pos; -+ - ver = _gnutls_version_max(session); - if (unlikely(ver == NULL || ver->key_shares == 0)) - return 0; -@@ -679,16 +679,13 @@ key_share_send_params(gnutls_session_t session, - if (!have_creds_for_tls13(session)) - return 0; - -- /* write the total length later */ -- lengthp = &extdata->data[extdata->length]; -+ length_pos = extdata->length; - - ret = - _gnutls_buffer_append_prefix(extdata, 16, 0); - if (ret < 0) - return gnutls_assert_val(ret); - -- cur_length = extdata->length; -- - if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */ - group = get_group(session); - if (unlikely(group == NULL)) -@@ -736,7 +733,8 @@ key_share_send_params(gnutls_session_t session, - } - - /* copy actual length */ -- _gnutls_write_uint16(extdata->length - cur_length, lengthp); -+ _gnutls_write_uint16(extdata->length - length_pos - 2, -+ &extdata->data[length_pos]); - - } else { /* server */ - ver = get_version(session); --- -2.30.2 - |