gnu: OpenSSL: Update to 1.1.1f.

* gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/tls.scm (openssl): Update to 1.1.1f. [source](patches): Remove obsolete patch.
2020-03-31 15:15:19 +02:00 · 2020-03-31 15:15:19 +02:00 · 95ac5cd668
commit 95ac5cd668
parent 47cd0febe9
3 changed files with 3 additions and 85 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1271,7 +1271,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/openocd-nrf52.patch			\
  %D%/packages/patches/openssl-runpath.patch			\
  %D%/packages/patches/openssl-1.1-c-rehash-in.patch		\
  %D%/packages/patches/openssl-1.1.1e-revert-detect-eof.patch	\
  %D%/packages/patches/openssl-c-rehash-in.patch		\
  %D%/packages/patches/openssl-CVE-2019-1559.patch		\
  %D%/packages/patches/open-zwave-hidapi.patch			\
--- a/gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch
+++ b/gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch
@ -1,80 +0,0 @@
 This patch reverts a change in 1.1.1e that can break applications that do
 not expect EOF to be reported via SSL_ERROR_SSL.
 https://bugs.python.org/issue40018
 https://github.com/openssl/openssl/pull/11400
 https://github.com/openssl/openssl/commit/0cd2ee64bffcdece599c3e4b5fac3830a55dc0fa
 Taken from upstream:
 https://github.com/openssl/openssl/commit/30d190caf311d534867df97e26b552e628cb7d85
 diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
 index f5324c6819d8..35512f9caf96 100644
 --- a/crypto/err/openssl.txt
 +++ b/crypto/err/openssl.txt
@@ -2852,7 +2852,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines
 SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines
 SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message
 SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data
 -SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading
 SSL_R_UNEXPECTED_MESSAGE:244:unexpected message
 SSL_R_UNEXPECTED_RECORD:245:unexpected record
 SSL_R_UNINITIALIZED:276:uninitialized
 diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h
 index 0ef684f3c131..ba4c4ae5fbd3 100644
 --- a/include/openssl/sslerr.h
 +++ b/include/openssl/sslerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
 - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void);
 # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
 # define SSL_R_UNEXPECTED_CCS_MESSAGE                     262
 # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA               178
 -# define SSL_R_UNEXPECTED_EOF_WHILE_READING               294
 # define SSL_R_UNEXPECTED_MESSAGE                         244
 # define SSL_R_UNEXPECTED_RECORD                          245
 # define SSL_R_UNINITIALIZED                              276
 diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
 index 1c885a664f35..b2a7a47eb075 100644
 --- a/ssl/record/rec_layer_s3.c
 +++ b/ssl/record/rec_layer_s3.c
@@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold,
             ret = BIO_read(s->rbio, pkt + len + left, max - left);
             if (ret >= 0)
                 bioread = ret;
 -            if (ret <= 0
 -                    && !BIO_should_retry(s->rbio)
 -                    && BIO_eof(s->rbio)) {
 -                SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N,
 -                         SSL_R_UNEXPECTED_EOF_WHILE_READING);
 -            }
         } else {
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N,
                      SSL_R_READ_BIO_NOT_SET);
 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c
 index a0c7b79659d4..4b12ed1485d9 100644
 --- a/ssl/ssl_err.c
 +++ b/ssl/ssl_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
 - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the OpenSSL license (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = {
     "unexpected ccs message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA),
     "unexpected end of early data"},
 -    {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING),
 -    "unexpected eof while reading"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"},
     {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"},
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@ -283,7 +283,7 @@ required structures.")
 (define-public openssl
  (package
   (name "openssl")
-   (version "1.1.1e")
+   (version "1.1.1f")
   (source (origin
             (method url-fetch)
             (uri (list (string-append "https://www.openssl.org/source/openssl-"
@ -295,9 +295,8 @@ required structures.")
                                       "/openssl-" version ".tar.gz")))
             (sha256
              (base32
-               "1gnwlri1dphr5wdzmg9vlhkh6aq2yqgpfkpmffzwjlfb26n62kv9"))
+               "0d9zv9srjqivs8nn099fpbjv1wyhfcb8lzy491dpmfngdvz6nv0q"))
-             (patches (search-patches "openssl-1.1-c-rehash-in.patch"
+             (patches (search-patches "openssl-1.1-c-rehash-in.patch"))))
                                      "openssl-1.1.1e-revert-detect-eof.patch"))))
   (build-system gnu-build-system)
   (outputs '("out"
              "doc"         ;6.8 MiB of man3 pages and full HTML documentation