swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-20 12:29:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
500941 commits 5 branches 0 tags 27 GiB
Commit graph

385 commits

Author SHA1 Message Date
Martin Weinelt 72bb369245
openssl_1_1: 1.1.1m -> 1.1.1n 
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1n/CHANGES#L10

Fixes: CVE-2022-0778
 2022-03-15 16:39:33 +01:00
Martin Weinelt 384a708e6d
openssl_3_0: 3.0.1 -> 3.0.2 
https://github.com/openssl/openssl/blob/openssl-3.0.2/CHANGES.md#changes-between-301-and-302-15-mar-2022

Fixes: CVE-2022-0778
 2022-03-15 16:38:56 +01:00
Tom McLaughlin d01b2cc71b
openssl: remove assert restricting withPerl=false (#156949) 2022-01-27 00:41:18 -05:00
taku0 7ab79bff9f openssl: remove with lib 
See https://github.com/NixOS/nixpkgs/pull/150733/files#r785279764
 2022-01-20 09:19:19 -08:00
taku0 4a7fa6456d openssl_1_1: fix build on Darwin 
See https://github.com/NixOS/nixpkgs/pull/150733/files#r785279118
 2022-01-20 09:19:19 -08:00
Dmitry Kalinkin 2ddda43924
Merge branch 'staging' into staging-next 
Conflicts:
	pkgs/os-specific/linux/kernel/common-config.nix
 2021-12-25 17:16:26 -05:00
7c6f434c b0f154fd44
Merge pull request #147027 from Izorkin/update-nginx-ktls 
nginxMainline: enable ktls support
 2021-12-24 10:23:17 +00:00
Martin Weinelt 8cd976ffdb
Merge pull request #150733 from mweinelt/openssl 2021-12-21 03:33:37 +01:00
Martin Weinelt 29f216c48a
openssl_1_1: 1.1.1l -> 1.1.1m 2021-12-18 15:39:12 +01:00
Martin Weinelt 35a11522ba openssl_3_0: 3.0.0 -> 3.0.1 2021-12-15 10:56:04 +01:00
Izorkin 9419b653ba
openssl 3.0.0: enable ktls support 2021-11-27 09:39:56 +03:00
Janne Heß 83ab81ae89
Merge pull request #137004 from baloo/baloo/openssl/3.0.0-init 
openssl3: init at 3.0.0
 2021-11-05 13:02:47 +01:00
Zhaofeng Li 42dcdc2c3a openssl: Fix build configuration for riscv64-linux 
Without this patch, OpenSSL would use the suboptimal linux-generic32
config when building natively on riscv64.
 2021-10-15 15:53:41 -07:00
Peter Simons 476635afe1 Drop myself from meta.maintainers for most packages. 
I'd like to reduce the number of Github notifications and
review requests I receive.
 2021-10-14 11:01:27 +02:00
Arthur Gautier 613a0bffcd openssl: openssl3 is published under Apache License v2.0 
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
 2021-09-14 00:04:27 +00:00
Arthur Gautier 0db4ebbf1f openssl3: disable build-time feature detection 
This enables KTLS support on linux.

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
 2021-09-07 23:21:54 +00:00
Arthur Gautier 7f25b31f07 openssl3: init at 3.0.0 
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
 2021-09-07 23:13:46 +00:00
Martin Weinelt 3d245b3a37 Revert "Revert "openssl: 1.1.1k -> 1.1.1l" (#135999)" 
This reverts commit b2b0115e70.
 2021-08-28 16:58:44 +02:00
Dmitry Kalinkin b2b0115e70
Revert "openssl: 1.1.1k -> 1.1.1l" (#135999) 2021-08-27 23:36:39 -04:00
Martin Weinelt 174868d4fa
openssl: 1.1.1k -> 1.1.1l 2021-08-28 02:21:11 +02:00
Lisa Ugray 0a44a61f39
openssl-1.0.2u: Add patch for darwin64-arm64 
openssl-1.0.2u doesn't have build flags for Apple's new arm chips
 2021-08-10 19:34:31 -04:00
Jan Tojnar e3dfa79441
Merge branch 'staging-next' into staging 
Regenerated pkgs/servers/x11/xorg/default.nix to resolve the conflict.
 2021-06-16 19:59:05 +02:00
Alyssa Ross 502de3c377
openssl: fix Darwin cross infinite recursion 
stdenv depends on openssl, and isGNU depends on stdenv.

Thanks-to: sternenseemann <0rpkxez4ksa01gb3typccl0i@systemli.org>
Fixes: https://github.com/NixOS/nixpkgs/issues/126829
 2021-06-14 15:41:13 +00:00
Alyssa Ross b0b5ef7286 stdenv: introduce dontAddStaticConfigureFlags 
With removeUnknownConfigureFlags, it's impossible to express a package
that needs --enable-static, but will not accept --disable-shared,
without overriding the result of removeUnknownConfigureFlags _again_
in pkgs/top-level/static.nix.

It would be much better (and more in line with the rest of Nixpkgs) if
we encoded changes needed for static builds in package definitions
themselves, rather than in an ever-expanding list in static.nix.  This
is especially true when doing it in static.nix is going to require
multiple overrides to express what could be expressed with stdenv
options.

So as a step in that direction, and to fix the problem described
above, here I replace removeUnknownConfigureFlags with a new stdenv
option, dontAddStaticConfigureFlags.  With this mechanism, a package
that needs one but not both of the flags just needs to set
dontAddStaticConfigureFlags and then set up configureFlags manually
based on stdenv.hostPlatform.isStatic.
 2021-06-11 14:16:05 -07:00
Andrew Childs 529346745c openssl: Apple Silicon support 2021-05-17 00:26:59 +09:00
github-actions[bot] 92003c2ff7
Merge staging-next into staging 2021-04-27 06:05:54 +00:00
brano543 dc9694c78e openssl: correct cross compile for mingw 2021-04-26 18:51:10 +00:00
Jonathan Ringer 9d8c015cb3
[staging] openssl: fix bin installation for static builds (#119825) 
Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
 2021-04-20 23:49:39 +02:00
Alyssa Ross 29058f9a43 openssl: add BSD support 2021-04-19 10:35:28 +00:00
Alyssa Ross 71326310d8 openssl: remove redundant platform check 
This is already covered by the x86_64-linux check above.
 2021-04-19 10:35:28 +00:00
github-actions[bot] 7c9222212f
Merge master into staging-next 2021-03-25 18:14:01 +00:00
Martin Weinelt f69bf8fd28
openssl: 1.1.1j -> 1.1.1k 2021-03-25 14:46:34 +01:00
Andrew Childs ef24a2815e openssl: cross compilation without host perl 
The perl reference is in the interpreter line for c_rehash, so fix
that while we're here.
 2021-03-13 17:46:32 +01:00
Martin Weinelt ff613e296e
openssl: 1.1.1i -> 1.1.1j 
https://www.openssl.org/news/secadv/20210216.txt

Fixes: CVE-2021-23839, CVE-2021-23840, CVE-2021-23841
 2021-02-17 23:59:20 +01:00
Ben Siraphob 66e44425c6 pkgs/development/libraries: stdenv.lib -> lib 2021-01-21 19:11:02 -08:00
John Ericson f52263ced0 treewide: Start to break up static overlay 
We can use use `stdenv.hostPlatform.isStatic` instead, and move the
logic per package. The least opionated benefit of this is that it makes
it much easier to replace packages with modified ones, as there is no
longer any issue of overlay order.

CC @FRidh @matthewbauer
 2021-01-03 19:18:16 +00:00
Martin Weinelt 76e01978bd
openssl: 1.1.1h -> 1.1.1i 
Fixes: CVE-2020-1971
Closes: #106218
 2020-12-08 18:25:22 +01:00
Vladimír Čunát 336bc8283b
Re-Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2" 
This reverts commit c778945806.

I believe this is exactly what brings the staging branch into
the right shape after the last merge from master (through staging-next);
otherwise part of staging changes would be lost
(due to being already reachable from master but reverted).
 2020-10-26 08:19:17 +01:00
Vladimír Čunát c778945806
Revert "Merge #101508: libraw: 0.20.0 -> 0.20.2" 
I'm sorry; I didn't notice it contained staging commits.

This reverts commit 17f5305b6c, reversing
changes made to a8a018ddc0.
 2020-10-25 09:41:51 +01:00
Martin Weinelt 39447e1591
openssl: 1.1.1g -> 1.1.1h 2020-10-08 01:56:18 +02:00
Matthew Bauer d0677e6d45 treewide: add warning comment to “boot” packages 
This adds a warning to the top of each “boot” package that reads:

  Note: this package is used for bootstrapping fetchurl, and thus cannot
  use fetchpatch! All mutable patches (generated by GitHub or cgit) that
  are needed here should be included directly in Nixpkgs as files.

This makes it clear to maintainer that they may need to treat this
package a little differently than others. Importantly, we can’t use
fetchpatch here due to using <nix/fetchurl.nix>. To avoid having stale
hashes, we need to include patches that are subject to changing
overtime (for instance, gitweb’s patches contain a version number at
the bottom).
 2020-07-31 08:56:53 +02:00
Martin Weinelt bb4f46855f openssl: 1.1.1f → 1.1.1g 
Fixes: CVE-2020-1967

Segmentation fault in SSL_check_chain (CVE-2020-1967)
=====================================================

Severity: High

Server or client applications that call the SSL_check_chain() function during or
after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
result of incorrect handling of the "signature_algorithms_cert" TLS extension.
The crash occurs if an invalid or unrecognised signature algorithm is received
from the peer. This could be exploited by a malicious peer in a Denial of
Service attack.

OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue.  This
issue did not affect OpenSSL versions prior to 1.1.1d.

Affected OpenSSL 1.1.1 users should upgrade to 1.1.1g

This issue was found by Bernd Edlinger and reported to OpenSSL on 7th April
2020. It was found using the new static analysis pass being implemented in GCC,
- -fanalyzer. Additional analysis was performed by Matt Caswell and Benjamin
Kaduk.
 2020-04-22 02:14:44 +02:00
Jan Tojnar 3d8e436917
Merge branch 'master' into staging-next 2020-04-16 10:09:43 +02:00
Robin Gloster f6be629595
sslscan: enabling scanning for sslv3 2020-04-13 21:23:22 +02:00
Jan Tojnar a04625379a
Merge branch 'master' into staging-next 2020-04-13 18:50:35 +02:00
Michael Reilly 84cf00f980
treewide: Per RFC45, remove all unquoted URLs 2020-04-10 17:54:53 +01:00
Vladimír Čunát 6c8692feb4
openssl: 1.1.1d -> 1.1.1f 
https://github.com/pyca/pyopenssl/issues/899#issuecomment-607709065
The tests in python3.pkgs.pyopenssl succeed!
Fixing this problem we experienced is listed as the only major change:
https://www.openssl.org/news/openssl-1.1.1-notes.html
 2020-04-02 11:52:58 +02:00
Vladimír Čunát e48a55dd73 openssl(_1_1): patch CVE-2019-1551 
fetchpatch can't be used here and fetchurl from GitHub
like in PR #82928 has the risk of breaking the hash later;
fortunately the patches aren't too large.

(cherry picked from commit 2071e3be28ee0d6ec46056352c88b88f5c0d7f60)
 2020-04-02 10:00:49 +02:00
Hamish Mackenzie 6040c11041
openssl: Fix openssl build for musl 2020-03-16 15:59:06 +13:00
Andrew Childs e271476a4e openssl: fix platform detection on armv5tel-linux 2020-03-14 04:33:05 +00:00
Vladimír Čunát 7cda2823be
openssl_1_0_2: mark as insecure; fixes #77503 (kinda) 
No vulnerabilities are know so far (to me), but still I'd go this way.
Especially for 20.03 it seems better to deprecate it before official
release happens.

Current casualties:
$ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^
Estimating rebuild amount by counting changed Hydra jobs.
     87 x86_64-darwin
    161 x86_64-linux
 2020-02-21 18:49:16 +01:00
Vladimír Čunát 5a8000dc05
openssl: revert a workaround that's no longer needed 
Thanks to python3Minimal.  This reverts part of c2038483f #79738.
 2020-02-14 13:22:44 +01:00
Vladimír Čunát c2038483fd
glibc, openssl: unbreak cross eval (with minor caveats) 
It's certainly better to have those two caveats than not evaluate.
Both seem rather niche.  Unfortunately I failed to find a better way.
I started testing builds of several cross variants; all seem OK.
 2020-02-10 15:52:20 +01:00
Antonio Nuno Monteiro 4b34c18e31 pkgsStatic: make OpenSSL 1.1 compile (#77542) 
* pkgsStatic: make OpenSSL 1.1 compile
 2020-01-16 20:02:38 +01:00
Matthew Bauer f23ad86d6f openssl: don’t separate debug info on useLLVM 
fixes #77779
 2020-01-15 13:16:10 -05:00
Jörg Thalheim 00a2084a40 openssl: fix build linux with clangStdenv 2020-01-14 22:08:15 +01:00
Vladimír Čunát e4c89a66fe
openssl_1_0_2: 1.0.2t -> 1.0.2u (low-severity security) 
Fixes #77266: CVE-2019-1551
https://www.openssl.org/news/secadv/20191206.txt

(cherry picked from commit 961d0cf9f5)
Oops - I realized too late that the rebuild amount is minimal,
so why not have it immediately in master.
 2020-01-11 10:25:38 +01:00
John Ericson 6a4726d602
Merge pull request #68398 from angerman/feature/fix-openssl 
fix openssl for cross compilation
 2019-10-26 09:39:32 +02:00
Frederik Rietdijk af491cbb7d openssl: use old method for configuring on i686, fixes #71786 
unbreaks pkgsi686Linux.openssl_1_0_2
 2019-10-23 15:54:07 +02:00
Ding Xiang Fei 703e44675c openssl: switch to linux-x86 and linux-x86_64 targets 2019-10-22 09:31:34 +02:00
Moritz Angermann 2df354fd1e
fix openssl 2019-10-17 21:54:16 +08:00
Moritz Angermann 8b393304b1
[win32] fix openssl 2019-10-17 21:54:15 +08:00
Vladimír Čunát 22a216849b
Re-Revert "Merge branch 'staging-next'" 
This reverts commit f8a8fc6c7c.
 2019-09-22 09:38:09 +02:00
Vladimír Čunát f8a8fc6c7c
Revert "Merge branch 'staging-next'" 
This reverts commit 41af38f372, reversing
changes made to f0fec244ca.

Let's delay this.  We have some serious regressions.
 2019-09-21 20:05:09 +02:00
Andreas Rammhold 20c7a35429
openssl_1_0_2: fixup sha256 2019-09-11 13:48:31 +02:00
Andreas Rammhold d49fb86b1b
openssl: 1.1.1c -> 1.1.1d 
(cherry picked from commit 76d54c72acaaa32e2c1f8b13002f0ceac3b7b06f)
 2019-09-10 21:22:50 +02:00
Andreas Rammhold 5d5cd70516
openssl_1_0_2: 1.0.2s -> 1.0.2t 
(cherry picked from commit aa6327c29c2de41a61db5aef8444385c531d4cc2)
 2019-09-10 21:22:47 +02:00
Guillaume Maudoux 92b96ce63f openssl: fix man pages collisions (#66317) 2019-08-31 08:23:39 -04:00
volth 08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
volth c814d72b51 treewide: name -> pname 2019-08-17 10:54:38 +00:00
volth 46420bbaa3 treewide: name -> pname (easy cases) (#66585) 
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
 2019-08-15 13:41:18 +01:00
volth f3282c8d1e treewide: remove unused variables (#63177) 
* treewide: remove unused variables

* making ofborg happy
 2019-06-16 19:59:05 +00:00
Will Dietz 642c9a7e74
Revert "openssl: fix CVE-2019-1543" 
This reverts commit aae4c114a4.
 2019-05-29 07:54:00 -05:00
Will Dietz f6297de3bc
openssl: 1.1.1b -> 1.1.1c 
https://mta.openssl.org/pipermail/openssl-announce/2019-May/000153.html
 2019-05-28 19:04:31 -05:00
Will Dietz c83b9bb6aa
openssl: 1.0.2r -> 1.0.2s 
https://mta.openssl.org/pipermail/openssl-announce/2019-May/000151.html
 2019-05-28 19:04:25 -05:00
Tom Bereknyei aae4c114a4 openssl: fix CVE-2019-1543 
Closes https://github.com/NixOS/nixpkgs/pull/61827.
Fixes https://github.com/NixOS/nixpkgs/issues/60107.
 2019-05-22 17:06:49 +02:00
Alyssa Ross fed0926960
openssl_1_1: 1.1.1a -> 1.1.1b 2019-02-26 16:35:27 +00:00
Alyssa Ross 9c94d74836
openssl: 1.0.2q -> 1.0.2r 2019-02-26 16:33:06 +00:00
Vladimír Čunát 6f61d8b0f6
openssl_1_1: use the same default CA path as 1.0.* 
Fixes https://github.com/NixOS/nixpkgs/issues/54437
 2019-01-21 21:15:42 +01:00
Andrew Dunham 14087abe6a
openssl_1_1: Add "doc" output to contain HTML documentation 
This prevents cluttering up openssl_1_1.out with many megabytes of
documentation.

Fixes #51659
 2018-12-09 14:49:00 +00:00
Frederik Rietdijk c1792242ef Merge staging-next into staging 2018-11-24 10:44:50 +01:00
Daniel Goertzen e8bce19aea openssl: fix cross compile (perl) 
Fixes issue #50921. Build result was depending on build perl instead of
host perl which broke cross compilation.
 2018-11-23 10:37:54 +01:00
Jan Malakhovski 7c48015019 openssl: fix cryptodev fallout from d836b811cb 2018-11-22 09:45:34 +00:00
Alyssa Ross d012516c44
openssl_1_1: 1.1.1 -> 1.1.1a 
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-0735: https://www.openssl.org/news/vulnerabilities.html#2018-0735
 2018-11-20 16:52:22 +00:00
Alyssa Ross ae29a9e688
openssl: 1.0.2p -> 1.0.2q 
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-5407: https://www.openssl.org/news/vulnerabilities.html#2018-5407

No patches can any longer be shared between 1.0.2 and 1.1, so reorganize
patches into subdirectories (and remove an unused one).
 2018-11-20 16:51:48 +00:00
Renaud de8f3b422a
Merge pull request #47953 from lopsided98/openssl-arm 
openssl: don't autodetect platform on armv6/7l
 2018-10-28 14:08:02 +01:00
Markus Kowalewski 598ed197db
openssl-chacha: add license 2018-10-25 23:10:00 +02:00
Ben Wolsieffer d3ba32e117 openssl: don't autodetect platform on armv6/7l 2018-10-05 22:46:45 -04:00
Alyssa Ross 1ec301ded2 openssl: 1.1.0 -> 1.1.1 (#46524) 2018-09-12 23:56:08 +00:00
John Ericson 0828e2d8c3 treewide: Remove usage of remaining redundant platform compatability stuff 
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
 2018-08-30 17:20:32 -04:00
Vladimír Čunát 153a19df05
Merge branch 'master' into staging-next 
Hydra: ?compare=1474536
 2018-08-20 09:15:33 +02:00
Markus Kowalewski 4ba295b797
openssl: add license 2018-08-18 00:05:21 +02:00
Vladimír Čunát 14aa936ec5
Merge branch 'staging-next' into staging 2018-08-17 20:53:27 +02:00
Andreas Rammhold 98a7b92261
openssl_1_0_2: 1.0.2o -> 1.0.2p 
this addresses:
 - Client DoS due to large DH parameter (CVE-2018-0732)
 - Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)

Changelog: https://www.openssl.org/news/cl102.txt
 2018-08-15 21:35:23 +02:00
Andreas Rammhold 0a40875439
openssl_1_1_0: 1.1.0h -> 1.1.0i 
this addresses:
 - Client DoS due to large DH parameter (CVE-2018-0732)
 - Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)

Changelog: https://www.openssl.org/news/changelog.html#x1
 2018-08-15 21:12:00 +02:00
Jan Malakhovski 7ea0904347 openssl: fix tests, also cleanup 2018-08-10 12:56:34 +00:00
Franz Pletz 459a34ce5f
openssl_1_1_0: add patch to fix c_rehash quoting 2018-08-06 22:49:29 +02:00
Matthew Bauer 4639d55562
Merge pull request #43870 from nh2/static-krb5-openssl-flags 
Optional static libraries for krb5 and openssl
 2018-07-23 17:31:24 -04:00
Matthew Bauer 916f096911
Merge pull request #43890 from matthewbauer/mingw-fixes 
Mingw fixes
 2018-07-21 17:04:20 -04:00