From 95ac5cd66854566feeb87174edadf60fccd44c31 Mon Sep 17 00:00:00 2001 From: Marius Bakke Date: Tue, 31 Mar 2020 15:15:19 +0200 Subject: gnu: OpenSSL: Update to 1.1.1f. * gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch: Delete file. * gnu/local.mk (dist_patch_DATA): Adjust accordingly. * gnu/packages/tls.scm (openssl): Update to 1.1.1f. [source](patches): Remove obsolete patch. --- gnu/local.mk | 1 - .../patches/openssl-1.1.1e-revert-detect-eof.patch | 80 ---------------------- gnu/packages/tls.scm | 7 +- 3 files changed, 3 insertions(+), 85 deletions(-) delete mode 100644 gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch diff --git a/gnu/local.mk b/gnu/local.mk index 9d62bec720..208e25572f 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1271,7 +1271,6 @@ dist_patch_DATA = \ %D%/packages/patches/openocd-nrf52.patch \ %D%/packages/patches/openssl-runpath.patch \ %D%/packages/patches/openssl-1.1-c-rehash-in.patch \ - %D%/packages/patches/openssl-1.1.1e-revert-detect-eof.patch \ %D%/packages/patches/openssl-c-rehash-in.patch \ %D%/packages/patches/openssl-CVE-2019-1559.patch \ %D%/packages/patches/open-zwave-hidapi.patch \ diff --git a/gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch b/gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch deleted file mode 100644 index 973559440f..0000000000 --- a/gnu/packages/patches/openssl-1.1.1e-revert-detect-eof.patch +++ /dev/null @@ -1,80 +0,0 @@ -This patch reverts a change in 1.1.1e that can break applications that do -not expect EOF to be reported via SSL_ERROR_SSL. - -https://bugs.python.org/issue40018 -https://github.com/openssl/openssl/pull/11400 -https://github.com/openssl/openssl/commit/0cd2ee64bffcdece599c3e4b5fac3830a55dc0fa - -Taken from upstream: -https://github.com/openssl/openssl/commit/30d190caf311d534867df97e26b552e628cb7d85 - -diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt -index f5324c6819d8..35512f9caf96 100644 ---- a/crypto/err/openssl.txt -+++ b/crypto/err/openssl.txt -@@ -2852,7 +2852,6 @@ SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES:242:unable to load ssl3 md5 routines - SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES:243:unable to load ssl3 sha1 routines - SSL_R_UNEXPECTED_CCS_MESSAGE:262:unexpected ccs message - SSL_R_UNEXPECTED_END_OF_EARLY_DATA:178:unexpected end of early data --SSL_R_UNEXPECTED_EOF_WHILE_READING:294:unexpected eof while reading - SSL_R_UNEXPECTED_MESSAGE:244:unexpected message - SSL_R_UNEXPECTED_RECORD:245:unexpected record - SSL_R_UNINITIALIZED:276:uninitialized -diff --git a/include/openssl/sslerr.h b/include/openssl/sslerr.h -index 0ef684f3c131..ba4c4ae5fbd3 100644 ---- a/include/openssl/sslerr.h -+++ b/include/openssl/sslerr.h -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -734,7 +734,6 @@ int ERR_load_SSL_strings(void); - # define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 - # define SSL_R_UNEXPECTED_CCS_MESSAGE 262 - # define SSL_R_UNEXPECTED_END_OF_EARLY_DATA 178 --# define SSL_R_UNEXPECTED_EOF_WHILE_READING 294 - # define SSL_R_UNEXPECTED_MESSAGE 244 - # define SSL_R_UNEXPECTED_RECORD 245 - # define SSL_R_UNINITIALIZED 276 -diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c -index 1c885a664f35..b2a7a47eb075 100644 ---- a/ssl/record/rec_layer_s3.c -+++ b/ssl/record/rec_layer_s3.c -@@ -296,12 +296,6 @@ int ssl3_read_n(SSL *s, size_t n, size_t max, int extend, int clearold, - ret = BIO_read(s->rbio, pkt + len + left, max - left); - if (ret >= 0) - bioread = ret; -- if (ret <= 0 -- && !BIO_should_retry(s->rbio) -- && BIO_eof(s->rbio)) { -- SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_F_SSL3_READ_N, -- SSL_R_UNEXPECTED_EOF_WHILE_READING); -- } - } else { - SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_F_SSL3_READ_N, - SSL_R_READ_BIO_NOT_SET); -diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c -index a0c7b79659d4..4b12ed1485d9 100644 ---- a/ssl/ssl_err.c -+++ b/ssl/ssl_err.c -@@ -1,6 +1,6 @@ - /* - * Generated by util/mkerr.pl DO NOT EDIT -- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. -+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy -@@ -1205,8 +1205,6 @@ static const ERR_STRING_DATA SSL_str_reasons[] = { - "unexpected ccs message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_END_OF_EARLY_DATA), - "unexpected end of early data"}, -- {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_EOF_WHILE_READING), -- "unexpected eof while reading"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_MESSAGE), "unexpected message"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNEXPECTED_RECORD), "unexpected record"}, - {ERR_PACK(ERR_LIB_SSL, 0, SSL_R_UNINITIALIZED), "uninitialized"}, diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm index eab832ce41..812057c6ed 100644 --- a/gnu/packages/tls.scm +++ b/gnu/packages/tls.scm @@ -283,7 +283,7 @@ (define-public guile3.0-gnutls (define-public openssl (package (name "openssl") - (version "1.1.1e") + (version "1.1.1f") (source (origin (method url-fetch) (uri (list (string-append "https://www.openssl.org/source/openssl-" @@ -295,9 +295,8 @@ (define-public openssl "/openssl-" version ".tar.gz"))) (sha256 (base32 - "1gnwlri1dphr5wdzmg9vlhkh6aq2yqgpfkpmffzwjlfb26n62kv9")) - (patches (search-patches "openssl-1.1-c-rehash-in.patch" - "openssl-1.1.1e-revert-detect-eof.patch")))) + "0d9zv9srjqivs8nn099fpbjv1wyhfcb8lzy491dpmfngdvz6nv0q")) + (patches (search-patches "openssl-1.1-c-rehash-in.patch")))) (build-system gnu-build-system) (outputs '("out" "doc" ;6.8 MiB of man3 pages and full HTML documentation -- cgit v1.2.3