From 63858f8c8bbcacddbe54f178942975d96b21fe3e Mon Sep 17 00:00:00 2001 From: Maxim Cournoyer Date: Sun, 6 Jun 2021 00:10:19 -0400 Subject: gnu: gnutls: Update to 3.7.2. The 3.7 branch, while not considered the "stable" branch upstream, has been adopted by most major GNU/Linux distributions such as Debian, Arch, openSUSE, etc. It has the benefit of receiving all the security fixes. * gnu/packages/tls.scm (gnutls): Update to 3.7.2. Remove trailing #t. [source]: Remove the gnutls-CVE-2021-20231.patch and gnutls-CVE-2021-20232.patch patches, now incorporated in the source. * gnu/packages/patches/gnutls-CVE-2021-20231.patch: Delete file. * gnu/packages/patches/gnutls-CVE-2021-20232.patch: Likewise. * gnu/local.mk (dist_patch_DATA): De-register them. --- gnu/packages/patches/gnutls-CVE-2021-20231.patch | 62 ------------------------ gnu/packages/patches/gnutls-CVE-2021-20232.patch | 60 ----------------------- gnu/packages/tls.scm | 16 +++--- 3 files changed, 6 insertions(+), 132 deletions(-) delete mode 100644 gnu/packages/patches/gnutls-CVE-2021-20231.patch delete mode 100644 gnu/packages/patches/gnutls-CVE-2021-20232.patch (limited to 'gnu/packages') diff --git a/gnu/packages/patches/gnutls-CVE-2021-20231.patch b/gnu/packages/patches/gnutls-CVE-2021-20231.patch deleted file mode 100644 index 5186522eee..0000000000 --- a/gnu/packages/patches/gnutls-CVE-2021-20231.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 15beb4b193b2714d88107e7dffca781798684e7e Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 29 Jan 2021 14:06:05 +0100 -Subject: [PATCH 1/2] key_share: avoid use-after-free around realloc - -Signed-off-by: Daiki Ueno ---- - lib/ext/key_share.c | 12 +++++------- - 1 file changed, 5 insertions(+), 7 deletions(-) - -diff --git a/lib/ext/key_share.c b/lib/ext/key_share.c -index ab8abf8fe..a8c4bb5cf 100644 ---- a/lib/ext/key_share.c -+++ b/lib/ext/key_share.c -@@ -664,14 +664,14 @@ key_share_send_params(gnutls_session_t session, - { - unsigned i; - int ret; -- unsigned char *lengthp; -- unsigned int cur_length; - unsigned int generated = 0; - const gnutls_group_entry_st *group; - const version_entry_st *ver; - - /* this extension is only being sent on client side */ - if (session->security_parameters.entity == GNUTLS_CLIENT) { -+ unsigned int length_pos; -+ - ver = _gnutls_version_max(session); - if (unlikely(ver == NULL || ver->key_shares == 0)) - return 0; -@@ -679,16 +679,13 @@ key_share_send_params(gnutls_session_t session, - if (!have_creds_for_tls13(session)) - return 0; - -- /* write the total length later */ -- lengthp = &extdata->data[extdata->length]; -+ length_pos = extdata->length; - - ret = - _gnutls_buffer_append_prefix(extdata, 16, 0); - if (ret < 0) - return gnutls_assert_val(ret); - -- cur_length = extdata->length; -- - if (session->internals.hsk_flags & HSK_HRR_RECEIVED) { /* we know the group */ - group = get_group(session); - if (unlikely(group == NULL)) -@@ -736,7 +733,8 @@ key_share_send_params(gnutls_session_t session, - } - - /* copy actual length */ -- _gnutls_write_uint16(extdata->length - cur_length, lengthp); -+ _gnutls_write_uint16(extdata->length - length_pos - 2, -+ &extdata->data[length_pos]); - - } else { /* server */ - ver = get_version(session); --- -2.30.2 - diff --git a/gnu/packages/patches/gnutls-CVE-2021-20232.patch b/gnu/packages/patches/gnutls-CVE-2021-20232.patch deleted file mode 100644 index dc3a0be690..0000000000 --- a/gnu/packages/patches/gnutls-CVE-2021-20232.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 75a937d97f4fefc6f9b08e3791f151445f551cb3 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Fri, 29 Jan 2021 14:06:23 +0100 -Subject: [PATCH 2/2] pre_shared_key: avoid use-after-free around realloc - -Signed-off-by: Daiki Ueno ---- - lib/ext/pre_shared_key.c | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/lib/ext/pre_shared_key.c b/lib/ext/pre_shared_key.c -index a042c6488..380bf39ed 100644 ---- a/lib/ext/pre_shared_key.c -+++ b/lib/ext/pre_shared_key.c -@@ -267,7 +267,7 @@ client_send_params(gnutls_session_t session, - size_t spos; - gnutls_datum_t username = {NULL, 0}; - gnutls_datum_t user_key = {NULL, 0}, rkey = {NULL, 0}; -- gnutls_datum_t client_hello; -+ unsigned client_hello_len; - unsigned next_idx; - const mac_entry_st *prf_res = NULL; - const mac_entry_st *prf_psk = NULL; -@@ -428,8 +428,7 @@ client_send_params(gnutls_session_t session, - assert(extdata->length >= sizeof(mbuffer_st)); - assert(ext_offset >= (ssize_t)sizeof(mbuffer_st)); - ext_offset -= sizeof(mbuffer_st); -- client_hello.data = extdata->data+sizeof(mbuffer_st); -- client_hello.size = extdata->length-sizeof(mbuffer_st); -+ client_hello_len = extdata->length-sizeof(mbuffer_st); - - next_idx = 0; - -@@ -440,6 +439,11 @@ client_send_params(gnutls_session_t session, - } - - if (prf_res && rkey.size > 0) { -+ gnutls_datum_t client_hello; -+ -+ client_hello.data = extdata->data+sizeof(mbuffer_st); -+ client_hello.size = client_hello_len; -+ - ret = compute_psk_binder(session, prf_res, - binders_len, binders_pos, - ext_offset, &rkey, &client_hello, 1, -@@ -474,6 +478,11 @@ client_send_params(gnutls_session_t session, - } - - if (prf_psk && user_key.size > 0 && info) { -+ gnutls_datum_t client_hello; -+ -+ client_hello.data = extdata->data+sizeof(mbuffer_st); -+ client_hello.size = client_hello_len; -+ - ret = compute_psk_binder(session, prf_psk, - binders_len, binders_pos, - ext_offset, &user_key, &client_hello, 0, --- -2.30.2 - diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index 608a7d05b8..d9e62e8627 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -15,7 +15,7 @@ ;;; Copyright © 2018 Clément Lassieur ;;; Copyright © 2019 Mathieu Othacehe ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen -;;; Copyright © 2020 Maxim Cournoyer +;;; Copyright © 2020, 2021 Maxim Cournoyer ;;; ;;; This file is part of GNU Guix. ;;; @@ -166,7 +166,7 @@ living in the same process.") (define-public gnutls (package (name "gnutls") - (version "3.6.15") + (version "3.7.2") (source (origin (method url-fetch) ;; Note: Releases are no longer on ftp.gnu.org since the @@ -175,12 +175,10 @@ living in the same process.") (version-major+minor version) "/gnutls-" version ".tar.xz")) (patches (search-patches "gnutls-skip-trust-store-test.patch" - "gnutls-cross.patch" - "gnutls-CVE-2021-20231.patch" - "gnutls-CVE-2021-20232.patch")) + "gnutls-cross.patch")) (sha256 (base32 - "0n0m93ymzd0q9hbknxc2ycanz49sqlkyyf73g9fk7n787llc7a0f")))) + "0li7mwjnm64mbxhacz0rpf6i9qd83f53fvbrx96alpqqk9d6qvk4")))) (build-system gnu-build-system) (arguments `(#:tests? ,(not (or (%current-target-system) @@ -228,8 +226,7 @@ living in the same process.") (lambda _ (substitute* "tests/fastopen.sh" (("^unset RETCODE") - "exit 77\n")) ;skip - #t)) + "exit 77\n")))) ;skip (add-after 'install 'move-doc (lambda* (#:key outputs #:allow-other-keys) ;; Copy the 4.1 MiB of section 3 man pages to "doc". @@ -239,8 +236,7 @@ living in the same process.") (oldman (string-append out "/share/man/man3"))) (mkdir-p mandir) (copy-recursively oldman mandir) - (delete-file-recursively oldman) - #t)))))) + (delete-file-recursively oldman))))))) (outputs '("out" ;4.4 MiB "debug" "doc")) ;4.1 MiB of man pages -- cgit v1.2.3