summary refs log tree commit diff
path: root/gnu/packages/patches
diff options
context:
space:
mode:
authorMarius Bakke <mbakke@fastmail.com>2019-12-11 23:21:27 +0100
committerMarius Bakke <mbakke@fastmail.com>2019-12-11 23:21:27 +0100
commit9b601fc2110193435e61955c04499fed019aac62 (patch)
tree37cca3a505989485fcfb653ebcb0dd8ee55d5308 /gnu/packages/patches
parent939c5b2cb6952cd8549bf17d6fd3bcbfb582f0bd (diff)
parent27664ea0f08e6c207b7b61c1fd7b8446dce98478 (diff)
downloadguix-9b601fc2110193435e61955c04499fed019aac62.tar.gz
Merge branch 'master' into staging
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r--gnu/packages/patches/nss-CVE-2019-11745.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/gnu/packages/patches/nss-CVE-2019-11745.patch b/gnu/packages/patches/nss-CVE-2019-11745.patch
new file mode 100644
index 0000000000..ae0eeda3c8
--- /dev/null
+++ b/gnu/packages/patches/nss-CVE-2019-11745.patch
@@ -0,0 +1,24 @@
+Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller
+than the block size to NSC_EncryptUpdate).
+
+Copied from Debian, equivalent to upstream fix:
+<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>.
+
+# HG changeset patch
+# User Craig Disselkoen <cdisselk@cs.ucsd.edu>
+# Date 1574189697 25200
+# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec
+# Parent  64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6
+Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus
+
+--- a/nss/lib/softoken/pkcs11c.c
++++ b/nss/lib/softoken/pkcs11c.c
+@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes
+             }
+             /* encrypt the current padded data */
+             rv = (*context->update)(context->cipherInfo, pEncryptedPart,
+-                                    &padoutlen, context->blockSize, context->padBuf,
++                                    &padoutlen, maxout, context->padBuf,
+                                     context->blockSize);
+             if (rv != SECSuccess) {
+                 return sftk_MapCryptError(PORT_GetError());