gnu: nss: Fix CVE-2019-11745 via graft.

* gnu/packages/patches/nss-CVE-2019-11745.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/nss.scm (nss/fixed): New variable. (nss)[replacement]: Add field.
2025-01-22 18:49:14 -05:00 · 2019-12-10 18:20:51 -05:00 · 2019-12-10 18:20:51 -05:00 · 04b33ce205
commit 04b33ce205
parent bc587eb178
3 changed files with 34 additions and 0 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -1180,6 +1180,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/ngircd-handle-zombies.patch		\
  %D%/packages/patches/nm-plugin-path.patch			\
  %D%/packages/patches/nsis-env-passthru.patch			\
+  %D%/packages/patches/nss-CVE-2019-11745.patch			\
  %D%/packages/patches/nss-freebl-stubs.patch			\
  %D%/packages/patches/nss-increase-test-timeout.patch		\
  %D%/packages/patches/nss-pkgconfig.patch			\
--- a/gnu/packages/nss.scm
+++ b/gnu/packages/nss.scm
@ -71,6 +71,7 @@ (define-public nss
  (package
    (name "nss")
    (version "3.46.1")
+    (replacement nss/fixed)
    (source (origin
              (method url-fetch)
              (uri (let ((version-with-underscores
@ -183,3 +184,11 @@ (define-public nss
 PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other
 security standards.")
    (license license:mpl2.0)))
+
+(define nss/fixed
+  (package
+    (inherit nss)
+    (source (origin
+              (inherit (package-source nss))
+              (patches (append (search-patches "nss-CVE-2019-11745.patch")
+                               (origin-patches (package-source nss))))))))
--- a/gnu/packages/patches/nss-CVE-2019-11745.patch
+++ b/gnu/packages/patches/nss-CVE-2019-11745.patch
@ -0,0 +1,24 @@
+Fix CVE-2019-11745 (Out-of-bounds write when passing an output buffer smaller
+than the block size to NSC_EncryptUpdate).
+
+Copied from Debian, equivalent to upstream fix:
+<https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda>.
+
+# HG changeset patch
+# User Craig Disselkoen <cdisselk@cs.ucsd.edu>
+# Date 1574189697 25200
+# Node ID 60bca7c6dc6dc44579b9b3e0fb62ca3b82d92eec
+# Parent  64e55c9f658e2a75f0835d00a8a1cdc2f25c74d6
+Bug 1586176 - EncryptUpdate should use maxout not block size. r=franziskus
+
+--- a/nss/lib/softoken/pkcs11c.c
+++ b/nss/lib/softoken/pkcs11c.c
+@@ -1285,7 +1285,7 @@ NSC_EncryptUpdate(CK_SESSION_HANDLE hSes
+             }
+             /* encrypt the current padded data */
+             rv = (*context->update)(context->cipherInfo, pEncryptedPart,
+-                                    &padoutlen, context->blockSize, context->padBuf,
+                                    &padoutlen, maxout, context->padBuf,
+                                     context->blockSize);
+             if (rv != SECSuccess) {
+                 return sftk_MapCryptError(PORT_GetError());