openeuler24.03-LTS 构建不成功 backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch失败

ERROR: openssl-3.0.12-r0 do_patch: Applying patch 'backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch' on target directory '/home/openeuler/build/ty-d2000-001/tmp/work/aarch64-openeuler-linux/openssl/3.0.12-r0/openssl-3.0.12'
CmdError('quilt --quiltrc /home/openeuler/build/ty-d2000-001/tmp/work/aarch64-openeuler-linux/openssl/3.0.12-r0/recipe-sysroot-native/etc/quiltrc push', 0, "stdout: Applying patch backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch
can't find file to patch at input line 40
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|From b52867a9f618bb955bed2a3ce3db4d4f97ed8e5d Mon Sep 17 00:00:00 2001
|From: Matt Caswell <matt@openssl.org>
|Date: Tue, 5 Mar 2024 15:43:53 +0000
|Subject: [PATCH] Fix unconstrained session cache growth in TLSv1.3
|
|In TLSv1.3 we create a new session object for each ticket that we send.
|We do this by duplicating the original session. If SSL_OP_NO_TICKET is in
|use then the new session will be added to the session cache. However, if
|early data is not in use (and therefore anti-replay protection is being
|used), then multiple threads could be resuming from the same session
|simultaneously. If this happens and a problem occurs on one of the threads,
|then the original session object could be marked as not_resumable. When we
|duplicate the session object this not_resumable status gets copied into the
|new session object. The new session object is then added to the session
|cache even though it is not_resumable.
|
|Subsequently, another bug means that the session_id_length is set to 0 for
|sessions that are marked as not_resumable - even though that session is
|still in the cache. Once this happens the session can never be removed from
|the cache. When that object gets to be the session cache tail object the
|cache never shrinks again and grows indefinitely.
|
|CVE-2024-2511
|
|Reviewed-by: Neil Horman <nhorman@openssl.org>
|Reviewed-by: Tomas Mraz <tomas@openssl.org>
|(Merged from https://github.com/openssl/openssl/pull/24044)
|
|(cherry picked from commit 7e4d731b1c07201ad9374c1cd9ac5263bdf35bce)
|---
| ssl/ssl_lib.c            |  5 +++--
| ssl/ssl_sess.c           | 28 ++++++++++++++++++++++------
| ssl/statem/statem_srvr.c |  5 ++---
| 3 files changed, 27 insertions(+), 11 deletions(-)
|
|diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
|index 2c8479eb5f..eed649c6fd 100644
|--- a/ssl/ssl_lib.c
|+++ b/ssl/ssl_lib.c
--------------------------
No file to patch.  Skipping patch.
1 out of 1 hunk ignored
can't find file to patch at input line 57
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff --git a/ssl/ssl_sess.c b/ssl/ssl_sess.c
|index d836b33ed0..75adbd9e52 100644
|--- a/ssl/ssl_sess.c
|+++ b/ssl/ssl_sess.c
--------------------------
No file to patch.  Skipping patch.
2 out of 2 hunks ignored
can't find file to patch at input line 107
Perhaps you used the wrong -p or --strip option?
The text leading up to this was:
--------------------------
|diff --git a/ssl/statem/statem_srvr.c b/ssl/statem/statem_srvr.c
|index a9e67f9d32..6c942e6bce 100644
|--- a/ssl/statem/statem_srvr.c
|+++ b/ssl/statem/statem_srvr.c
--------------------------
No file to patch.  Skipping patch.
1 out of 1 hunk ignored
Patch backport-CVE-2024-2511-Fix-unconstrained-session-cache-growth-in-TLSv1.3.patch does not apply (enforce with -f)

stderr: ")
ERROR: Logfile of failure stored in: /home/openeuler/build/ty-d2000-001/tmp/work/aarch64-openeuler-linux/openssl/3.0.12-r0/temp/log.do_patch.167079
ERROR: Task (/usr1/openeuler/src/yocto-poky/meta/recipes-connectivity/openssl/openssl_3.0.8.bb:do_patch) failed with exit code '1'

Second Keyboard Interrupt, stopping...

src-openEuler/openssl
关闭

内容风险标识

评论 (5)

src-openEuler/openssl关闭 .gitee-modal { width: 500px !important; }

内容风险标识