MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-16 14:54:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #142232 from jbellerb/libressl

Browse source
This commit is contained in:
Sandro 2021-11-01 16:39:33 +01:00 committed by GitHub
commit 7053541084
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
pkgs/development/libraries/libressl/CVE-2021-41581.patch
View file

@ -1,53 +0,0 @@
Based on upstream https://github.com/openbsd/src/commit/62ceddea5b1d64a1a362bbb7071d9e15adcde6b1
with paths switched to apply to libressl-portable and CVS header
hunk removed.
--- a/crypto/x509/x509_constraints.c
+++ b/crypto/x509/x509_constraints.c
@@ -339,16 +339,16 @@
if (c == '.')
goto bad;
}
- if (wi > DOMAIN_PART_MAX_LEN)
- goto bad;
if (accept) {
+ if (wi >= DOMAIN_PART_MAX_LEN)
+ goto bad;
working[wi++] = c;
accept = 0;
continue;
}
if (candidate_local != NULL) {
/* We are looking for the domain part */
- if (wi > DOMAIN_PART_MAX_LEN)
+ if (wi >= DOMAIN_PART_MAX_LEN)
goto bad;
working[wi++] = c;
if (i == len - 1) {
@@ -363,7 +363,7 @@
continue;
}
/* We are looking for the local part */
- if (wi > LOCAL_PART_MAX_LEN)
+ if (wi >= LOCAL_PART_MAX_LEN)
break;
if (quoted) {
@@ -383,6 +383,8 @@
*/
if (c == 9)
goto bad;
+ if (wi >= LOCAL_PART_MAX_LEN)
+ goto bad;
working[wi++] = c;
continue; /* all's good inside our quoted string */
}
@@ -412,6 +414,8 @@
}
if (!local_part_ok(c))
goto bad;
+ if (wi >= LOCAL_PART_MAX_LEN)
+ goto bad;
working[wi++] = c;
}
if (candidate_local == NULL || candidate_domain == NULL)

17
pkgs/development/libraries/libressl/default.nix
View file

@ -40,6 +40,9 @@ let
# removing ./configure pre-config.
preConfigure = ''
rm configure
substituteInPlace CMakeLists.txt \
--replace 'exec_prefix \''${prefix}' "exec_prefix ${placeholder "bin"}" \
--replace 'libdir \''${exec_prefix}' 'libdir \''${prefix}'
'';
inherit patches;
@ -81,17 +84,11 @@ let
in {
libressl_3_2 = generic {
version = "3.2.5";
sha256 = "1zkwrs3b19s1ybz4q9hrb7pqsbsi8vxcs44qanfy11fkc7ynb2kr";
patches = [
./CVE-2021-41581.patch
];
version = "3.2.7";
sha256 = "112bjfrwwqlk0lak7fmfhcls18ydf62cp7gxghf4gklpfl1zyckw";
};
libressl_3_4 = generic {
version = "3.4.0";
sha256 = "1lhn76nd59p1dfd27b4636zj6wh3f5xsi8b3sxqnl820imsswbp5";
patches = [
./CVE-2021-41581.patch
];
version = "3.4.1";
sha256 = "0766yxb599lx7qmlmsddiw9wgminz9mc311mav5q23l0rbkflz0h";
};
}