Commit graph

81 commits

Author SHA1 Message Date
Ruud van Asseldonk 7903e4b4e0 libressl_3_1: 3.1.2 -> 3.1.3 2020-06-16 21:01:49 +02:00
Ruud van Asseldonk fd3f22f35d libressl_3_1: 3.1.1 -> 3.1.2 2020-05-26 19:23:00 +02:00
Ruud van Asseldonk 79865f4d88 libressl_2_9: remove, not maintained anymore
Stable LibreSSL releases are supported one year after their OpenBSD
release. OpenBSD 6.5 with the 2.9 branch was released on 2019-05-01.
2020-05-26 19:22:13 +02:00
Ruud van Asseldonk 5a287e7102 libressl_3_1: init at 3.1.1 2020-05-26 19:22:13 +02:00
Ruud van Asseldonk 671a1182e3 libressl_2_8: remove, not maintained anymore
Stable LibreSSL releases are supported one year after their OpenBSD release.
OpenBSD 6.4 with this branch was released on 2018-10-18.
2019-10-23 21:32:40 +02:00
Ruud van Asseldonk 1126db828f libressl_3_0: 3.0.1 -> 3.0.2 2019-10-23 19:08:55 +02:00
Matthew Bauer 6a87355211
Merge branch 'master' into libressl-static 2019-10-15 12:55:16 -04:00
Franz Pletz da20b8a7f6
libressl: fix libdir in pkgconfig files
Fix #71107.
2019-10-14 11:32:26 +02:00
Franz Pletz a86f16d864
libressl_3_0: 3.0.0 -> 3.0.1 2019-10-14 11:32:25 +02:00
Matthew Bauer 37744d2c36 libressl: add static override 2019-09-19 12:38:08 -04:00
Matthew Bauer 8f01848075 libressl: support musl in libressl 2.9.2 2019-09-19 12:38:08 -04:00
Dima 044f771d59 libressl: fixing nc for version>=2.9
This addresses https://github.com/NixOS/nixpkgs/issues/68286

When `-R` (CA file location) is not specified, nc tries to fall back to
a default location. In 2.8 this was still configurable at compile time,
but was changed somewhere after. This replaces `/etc/ssl/cert.pem`
with `${cacert}/etc/ssl/cert.pem` in the code directly.

For a discussion of this, see https://github.com/NixOS/nixpkgs/pull/68456
2019-09-17 23:08:43 +02:00
Vladimír Čunát 2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
Matthew Bauer 856d10a9b8
Merge pull request #66454 from ruuda/libcrypto-noexecstack
libressl: build libcrypto with noexecstack
2019-08-21 14:11:08 -04:00
Ruud van Asseldonk fdd78a5387 libressl: use CFLAGS to avoid exectuable stack
It turns out that libcrypto had an exectuable stack, because it linked
some objects without a .note.GNU-stack section. Compilers add this
section by default, but the objects produced from .S files did not
contain it. The .S files do include a directive to add the section, but
guarded behind an #ifdef HAVE_GNU_STACK. So define HAVE_GNU_STACK, to
ensure that all objects have a .note.GNU-stack section.
2019-08-21 00:16:08 +02:00
Robin Gloster 4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
Ruud van Asseldonk bc185504ca libressl_3_0: init at 3.0.0 2019-08-20 08:50:57 -05:00
volth 46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Ruud van Asseldonk c02b4a1cc8 libressl: do not set noexecstack on Darwin at all
It is not needed on Darwin. [1] Thanks Matthew for explaining this.

[1]: https://github.com/NixOS/nixpkgs/pull/66454#issuecomment-520970986
2019-08-13 22:20:16 +02:00
Ruud van Asseldonk b3c613b9aa libressl: fix noexecstack on Darwin
The flags to disable executable stacks are different for Clang and GCC,
and Clang is used on Darwin.
2019-08-11 20:34:57 +02:00
Ruud van Asseldonk 8b6a9202e7 libressl: build libcrypto with noexecstack
For some reasons, libcrypto would be built with the executable stack
flag set. I found out about this when Nginx failed to load the shared
library, because I was running it with MemoryDenyWriteExecute=true,
which does not permit executable stacks.

I am not sure why the stack ends up executable; the other shared
libraries which are part of LibreSSL do not have this flag set. You can
verify this with 'execstack -q'. Non-executable stacks should be the
default, and from checking some other files, that does appear to be the
case. The LibreSSL sources do not contain the string "execstack", so
I am not sure what causes the default to be overridden.

Adding '-z noexecstack' to the linker flags makes the linker unset the
flag. Now my Nginx can load the library, and so far I have not run into
other issues.
2019-08-10 22:21:57 +02:00
Bas van Dijk 4099a9ad38 libressl: add openssl license
LibreSSL is also licensed under the OpenSSL license. See:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libssl/LICENSE?rev=1.12&content-type=text/plain
2019-06-24 10:16:02 +02:00
Franz Pletz cea163252a
libressl_2_7: remove, not maintained anymore
Stable LibreSSL releases are supported one year after their OpenBSD release.
OpenBSD 6.3 with this branch was released on 2018-04-01.
2019-06-02 19:52:04 +02:00
Izorkin 67709c3c1b libressl_2_9: 2.9.1 -> 2.9.2 2019-06-01 16:08:01 +00:00
Ruud van Asseldonk 5f594be463 libressl: ensure we can link against libtls
Without setting BUILD_SHARED_LIBS, the package would build file, but
when linking it into acme-client or nginx, I got the following error:

    libressl-2.9.1/lib/libtls.a(tls.c.o): undefined reference to symbol 'pthread_once@@GLIBC_2.2.5'
    binutils-2.31.1/bin/ld: glibc-2.27/lib/libpthread.so.0: error adding symbols: DSO missing from command line
    collect2: error: ld returned 1 exit status

After looking at the CMakeLists.txt in libressl/tls, I noticed the
BUILD_SHARED_LIBS option, and setting it resolves the linking error.
2019-05-04 18:40:21 +02:00
Ruud van Asseldonk 8c7cde5df2 libressl: build with cmake
LibreSSL 2.9.1 no longer builds with the default autotools configuration.
When I searched for the error, I noticed that Buildroot ran into the
same issue, and they resolved the problem by building with CMake rather
than autotools. [1] I followed the same approach here.

[1]: e783d60473
2019-05-04 15:55:14 +02:00
Ruud van Asseldonk 3415872fe4 libressl_2_9: 2.9.0 -> 2.9.1
This new version does not build as-is, it will need to be patched.
2019-05-04 15:07:34 +02:00
Jörg Thalheim b5c1deca8a
treewide: remove wkennington as maintainer
He prefers to contribute to his own nixpkgs fork triton.
Since he is still marked as maintainer in many packages
this leaves the wrong impression he still maintains those.
2019-01-26 10:05:32 +00:00
Franz Pletz 51c8e01676
libressl_2_9: init at 2.9.0 2018-12-18 00:09:00 +01:00
Franz Pletz 949dc60acc
libressl_2_8: 2.8.2 -> 2.8.3 2018-12-18 00:08:59 +01:00
Franz Pletz b7254b6b2c
libressl_2_7: 2.7.4 -> 2.7.5 2018-12-18 00:08:59 +01:00
Franz Pletz 5911d54457
libressl_2_6: remove, not maintained anymore 2018-12-18 00:08:58 +01:00
R. RyanTM d888c03784 libressl_2_8: 2.8.1 -> 2.8.2 (#49293)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libressl/versions
2018-10-27 20:11:48 -04:00
R. RyanTM 807d73c391 libressl_2_8: 2.8.0 -> 2.8.1
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libressl/versions
2018-10-03 11:58:32 -05:00
Markus Kowalewski 7dceb84419
libressl: add licenses 2018-08-17 22:15:45 +02:00
Austin Seipp 078da082b6 libressl: add 2.8.0
This does not remove any prior versions: LibreSSL versions are
maintained for a year after their corresponding OpenBSD branch is tagged
for release:

   - v2.6.x, part of OpenBSD 6.2-release, Nov 2017 (EOL: Nov 2018)
   - v2.7.x, part of OpenBSD 6.3-release, Apr 2018 (EOL: Apr 2019)
   - v2.8.x, expected OpenBSD 6.4-release, ETA Sep 2018 (EOL: Sep 2019)

This also does not change the default version: the stable branch remains
2.7.x, and 2.8.0 is the newest released development version. 2.8 can
become the default after OpenBSD-6.4

Closes #44760 (as it's redundant).

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-08-08 18:59:22 -05:00
Franz Pletz 26501a9bf9
libressl_2_6: 2.6.4 -> 2.6.5 2018-06-19 18:07:40 +02:00
Franz Pletz 96a2217e92
libressl_2_5: remove, unmaintained 2018-06-19 18:07:40 +02:00
R. RyanTM c2867828bb libressl: 2.7.3 -> 2.7.4
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/libressl/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/2sj5bh1lwzls0vc31v2fhxaw648n0i9v-libressl-2.7.4-bin/bin/ocspcheck had a zero exit code or showed the expected version
- /nix/store/2sj5bh1lwzls0vc31v2fhxaw648n0i9v-libressl-2.7.4-bin/bin/openssl passed the binary check.
- 1 of 2 passed binary check by having a zero exit code.
- 1 of 2 passed binary check by having the new version present in output.
- found 2.7.4 with grep in /nix/store/2sj5bh1lwzls0vc31v2fhxaw648n0i9v-libressl-2.7.4-bin
- directory tree listing: https://gist.github.com/e28b9d47b987d9408427c7ec06e3b9fb
- du listing: https://gist.github.com/0d61c26c272780f10c5ce5359fb79bc7
2018-06-19 16:06:15 +00:00
Ruud van Asseldonk 3e293b2dc3 libressl: use https url in metadata 2018-05-13 15:26:34 +02:00
Ruud van Asseldonk 4371e5be0b libressl_2_7: init at 2.7.3 2018-05-13 15:25:24 +02:00
Matthew Justin Bauer e8672c8b37
libressl: fix eval 2018-04-29 15:14:34 -05:00
Matthew Bauer c2148482c2 libressl: move netcat stuff to '.nc' output
I still feel weird about doing this because it seems a little hacky
but this was requested by @Mic92 and seems understandable to not want
to mix up libressl outputs with netcat stuff.
2018-04-29 14:47:12 -05:00
Matthew Bauer 949bb98872 libressl: build netcat 2018-04-27 19:33:05 -05:00
Robin Gloster 1729c65736
libressl_2_6: 2.6.2 -> 2.6.4 2018-01-17 00:10:07 +01:00
Franz Pletz 4d7d5c8c34
libressl_2_6: 2.6.0 -> 2.6.2 2017-09-26 17:28:46 +02:00
Franz Pletz 3e8a565a04
libressl: refactor, drop 2.4, 2.5.4 -> 2.5.5, init 2.6 2017-07-20 19:31:08 +02:00
Vladimír Čunát ed93e8e16b
libressl: work around some problem with man pages
https://github.com/NixOS/nixpkgs/commit/20ffc3cd73#commitcomment-22368612
2017-06-02 16:21:35 +02:00
Joachim Fasting e2bc4e4bde
libressl: 2.5.3 -> 2.5.4
Contains a fix for CVE-2017-8301: TLS verification vulnerability in
LibreSSL 2.5.1 - 2.5.3 [1][2]

[1]: http://seclists.org/oss-sec/2017/q2/145
[2]: https://github.com/libressl-portable/portable/issues/307
2017-05-05 07:37:48 +02:00
Franz Pletz 29ed67faea
libressl_2_5: 2.5.1 -> 2.5.3 2017-04-11 19:41:01 +02:00