summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--gnu/local.mk1
-rw-r--r--gnu/packages/nss.scm8
-rw-r--r--gnu/packages/patches/nss-CVE-2019-11745.patch24
3 files changed, 0 insertions, 33 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index 4d89f17bbe..21102514a9 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1179,7 +1179,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/ngircd-handle-zombies.patch		\
   %D%/packages/patches/nm-plugin-path.patch			\
   %D%/packages/patches/nsis-env-passthru.patch			\
-  %D%/packages/patches/nss-CVE-2019-11745.patch			\
   %D%/packages/patches/nss-freebl-stubs.patch			\
   %D%/packages/patches/nss-increase-test-timeout.patch		\
   %D%/packages/patches/nss-pkgconfig.patch			\
diff --git a/gnu/packages/nss.scm b/gnu/packages/nss.scm
index e81c859a51..2e34f8e26f 100644
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@@ -183,11 +183,3 @@ applications.  Applications built with NSS can support SSL v2 and v3, TLS,
 PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
 security standards.")
     (license license:mpl2.0)))
-
-(define nss/fixed
-  (package
-    (inherit nss)
-    (source (origin
-              (inherit (package-source nss))
-              (patches (append (search-patches "nss-CVE-2019-11745.patch")
-                               (origin-patches (package-source nss))))))))
diff --git a/gnu/packages/patches/nss-CVE-2019-11745.patch b/gnu/packages/patches/nss-CVE-2019-11745.patch
deleted file mode 100644
index ae0eeda3c8..0000000000
--- a/gnu/packages/patches/nss-CVE-2019-11745.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller
-than the block size to NSC_EncryptUpdate).
-
-Copied from Debian, equivalent to upstream fix:
-<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>.
-
-# HG changeset patch
-# User Craig Disselkoen <cdisselk@cs.ucsd.edu>
-# Date 1574189697 25200
-# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec
-# Parent  64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6
-Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus
-
---- a/nss/lib/softoken/pkcs11c.c
-+++ b/nss/lib/softoken/pkcs11c.c
-@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes
-             }
-             /* encrypt the current padded data */
-             rv = (*context->update)(context->cipherInfo, pEncryptedPart,
--                                    &padoutlen, context->blockSize, context->padBuf,
-+                                    &padoutlen, maxout, context->padBuf,
-                                     context->blockSize);
-             if (rv != SECSuccess) {
-                 return sftk_MapCryptError(PORT_GetError());