me
/
guix
Archived
1
0
Fork 0

gnu: Remove unused patch.

* gnu/packages/patches/openssl-CVE-2019-1559.patch: Delete file.
* gnu/local.mk (dist_patch_DATA): Adjust accordingly.
master
Marius Bakke 2022-01-30 16:29:48 +01:00
parent 2932c421a3
commit 9b8839099e
No known key found for this signature in database
GPG Key ID: A2A06DF2A33A54FA
2 changed files with 0 additions and 61 deletions

View File

@ -1581,7 +1581,6 @@ dist_patch_DATA = \
%D%/packages/patches/openssl-1.1-c-rehash-in.patch \ %D%/packages/patches/openssl-1.1-c-rehash-in.patch \
%D%/packages/patches/openssl-3.0-c-rehash-in.patch \ %D%/packages/patches/openssl-3.0-c-rehash-in.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \
%D%/packages/patches/openssl-CVE-2019-1559.patch \
%D%/packages/patches/open-zwave-hidapi.patch \ %D%/packages/patches/open-zwave-hidapi.patch \
%D%/packages/patches/orpheus-cast-errors-and-includes.patch \ %D%/packages/patches/orpheus-cast-errors-and-includes.patch \
%D%/packages/patches/osip-CVE-2017-7853.patch \ %D%/packages/patches/osip-CVE-2017-7853.patch \

View File

@ -1,60 +0,0 @@
From e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 14 Dec 2018 07:28:30 +0000
Subject: [PATCH] Go into the error state if a fatal alert is sent or received
If an application calls SSL_shutdown after a fatal alert has occured and
then behaves different based on error codes from that function then the
application may be vulnerable to a padding oracle.
CVE-2019-1559
Reviewed-by: Richard Levitte <levitte@openssl.org>
---
ssl/d1_pkt.c | 1 +
ssl/s3_pkt.c | 10 +++++++---
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 23aa9db..c7fe977 100644
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
+ s->state = SSL_ST_ERR;
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
index 6527df8..830b723 100644
--- a/ssl/s3_pkt.c
+++ b/ssl/s3_pkt.c
@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
ERR_add_error_data(2, "SSL alert number ", tmp);
s->shutdown |= SSL_RECEIVED_SHUTDOWN;
SSL_CTX_remove_session(s->session_ctx, s->session);
+ s->state = SSL_ST_ERR;
return (0);
} else {
al = SSL_AD_ILLEGAL_PARAMETER;
@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc)
* protocol_version alerts */
if (desc < 0)
return -1;
- /* If a fatal one, remove from cache */
- if ((level == 2) && (s->session != NULL))
- SSL_CTX_remove_session(s->session_ctx, s->session);
+ /* If a fatal one, remove from cache and go into the error state */
+ if (level == SSL3_AL_FATAL) {
+ if (s->session != NULL)
+ SSL_CTX_remove_session(s->session_ctx, s->session);
+ s->state = SSL_ST_ERR;
+ }
s->s3->alert_dispatch = 1;
s->s3->send_alert[0] = level;
--
2.7.4