Fix CVE-2018-0732: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0732 Patch copied from upstream source repository: https://github.com/openssl/openssl/commit/3984ef0b72831da8b3ece4745cac4f8575b19098 From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Mon, 11 Jun 2018 19:38:54 +0200 Subject: [PATCH] Reject excessively large primes in DH key generation. CVE-2018-0732 Signed-off-by: Guido Vranken (cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe) Reviewed-by: Tim Hudson Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/6457) --- crypto/dh/dh_key.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 387558f146..f235e0d682 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -130,10 +130,15 @@ static int generate_key(DH *dh) int ok = 0; int generate_new_key = 0; unsigned l; - BN_CTX *ctx; + BN_CTX *ctx = NULL; BN_MONT_CTX *mont = NULL; BIGNUM *pub_key = NULL, *priv_key = NULL; + if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) { + DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE); + return 0; + } + ctx = BN_CTX_new(); if (ctx == NULL) goto err; -- 2.17.1 b.scm?id=e52c64cb04f1cf52611b2f8fd2660675a6829db4'>diff
path: root/gnu/tests/web.scm
AgeCommit message (Expand)Author
2021-04-18tests: Increase VM memory size....The patchwork test sometimes fail because there's not enough available RAM in the marionette. Increase the VM memory size to 1024MiB. * gnu/tests/web.scm (run-patchwork-test): Increase VM memory size to 1024MiB. Mathieu Othacehe
2021-04-18tests: patchwork: Fix it....The "http-get" test is sometimes failing because the Web server is not yet initialized and returns the 500 error code. Use the retry-or-error procedure, like in the tailon test to do a few retries. * gnu/tests/web.scm (run-tailon-test): Move "retry-or-error" procedure to the top level and adapt its call. (run-patchwork-test): Use it. Mathieu Othacehe
2021-04-12services: postgresql: Change service default socket directory....Fixes <https://bugs.gnu.org/46737>. PostgreSQL running with a different socket directory to the default one in the package itself breaks some services, this commit restores the previous behaviour where PostgreSQL by default will run with a socket directory that matches the default used by PostgreSQL packaged for Guix. Switching to a different default value can happen, but only alongside changing the PostgreSQL package. * gnu/services/databases.scm (<postgresql-config-file>)[socket-directory]: Change default to #false. * doc/guix.texi (Database Services): Update documentation, and specify a different value for disabling connections via sockets. * gnu/tests/guix.scm (%guix-data-service-os): Use default PostgreSQL behaviour. * gnu/tests/monitoring.scm (%zabbix-os): Likewise. * gnu/tests/web.scm (patchwork-os): Likewise. Signed-off-by: Leo Famulari <leo@famulari.name> Christopher Baines
2021-01-28services: postgresql: Add socket directory support....* gnu/services/databases.scm (postgresql-config-file-socket-directory): New procedure. (<postgresql-config-file>)[socket-directory]: New field. (postgresql-config-file-compiler): Honor it. (postgresql-activation): Create the socket directory if needed. * doc/guix.texi (Database Services): Document it. * gnu/tests/guix.scm (%guix-data-service-os): Adapt it. * gnu/tests/monitoring.scm (%zabbix-os): Ditto. * gnu/tests/web.scm (patchwork-os): Ditto. Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Mathieu Othacehe