b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
471567 commits 2 branches 0 tags 3.3 GiB
Commit graph

379 commits

Author SHA1 Message Date
Moritz Angermann 52a64f715e openssl: allow disabling ktls 
This allows disabling ktls on demand. E.g. for platforms where building with ktls
fails.

Co-authored-by: John Ericson <git@JohnEricson.me>
 2023-03-04 06:10:18 +00:00
Sandro ef3fd36f5b
Merge pull request #190318 from elohmeier/sslscan-tlscompression 2023-02-18 01:24:32 +01:00
John Ericson d0e7867130 openssl: Add meta.pkgConfigModules and test 2023-02-13 10:24:55 -05:00
Vladimír Čunát f1fefd41d3
Merge #215143: openssl_1_1: 1.1.1s -> 1.1.1t 
...into staging-next
 2023-02-07 17:35:30 +01:00
Martin Weinelt faa4d60e7f
openssl_1_1: 1.1.1s -> 1.1.1t 
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1t/NEWS

Fixes: CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304
 2023-02-07 17:21:01 +01:00
Martin Weinelt 15cf84feea
openssl: 3.0.7 -> 3.0.8 
https://github.com/openssl/openssl/blob/openssl-3.0.8/NEWS.md

Fixes: CVE-2023-0401, CVE-2023-0286, CVE-2023-0217, CVE-2023-0216,
       CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-4203,
       CVE-2022-3996
 2023-02-07 17:02:33 +01:00
ajs124 fa8c56b8c7 openssl_3: patch CVE-2022-3996 
https://www.openssl.org/news/secadv/20221213.txt
 2022-12-13 17:34:42 +01:00
Linus Heckemann f984417f86
Merge pull request #204165 from lheckemann/openssl-cross-fix 
openssl: clean up configure script decision
 2022-12-07 15:59:49 +01:00
Linus Heckemann b7d5205f1a openssl: clean up configure script decision 
This also fixes the build for big-endian MIPS systems.
 2022-12-02 23:09:13 +01:00
Martin Weinelt 53d777c56f
Merge pull request #202126 from helsinki-systems/init/openssl_legacy 2022-11-26 23:47:31 +01:00
Artturi 821e146f51
Merge pull request #185176 from amjoseph-nixpkgs/pr/openssl/mips32 
openssl: Rosetta Stone entry for mips32
 2022-11-21 21:44:14 +02:00
ajs124 1996190b65 openssl_legacy: init 
openssl_3, but with a openssl.cnf that enables legacy ciphers
this way we can migrate away from openssl_1_1, while not breaking
applications relying on deprecated stuff
 2022-11-21 13:46:00 +01:00
Vladimír Čunát b15a637819
Merge #199009: openssl_1_1: 1.1.1q -> 1.1.1s 
...into staging
 2022-11-05 16:59:07 +01:00
Vladimír Čunát 70ca403dc2
openssl(_3): enable KTLS only on Linux 
This fixes build on *-darwin.
 2022-11-02 09:33:15 +01:00
Vladimír Čunát 6aa0c5e918
openssl_1_1: drop a long unused patch 2022-11-01 18:46:44 +01:00
Vladimír Čunát 32ebb91f4b
openssl_1_1: 1.1.1q -> 1.1.1s 
I believe this double version jump includes no security fixes.
 2022-11-01 17:29:35 +01:00
Martin Weinelt eeca5969b3
openssl: 3.0.5 -> 3.0.7 
Fixes: CVE-2022-3786, CVE-2022-3602
Co-Authored-By: Andreas Schrägle <git@ajs124.de>
 2022-11-01 16:44:23 +01:00
ajs124 0755f8c8f8 Revert "openssl: 3.0.5 -> 3.0.6" 
This reverts commit 0c743ca36f.

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html
 2022-10-13 18:10:42 +02:00
ajs124 b30d687dd0 Revert "openssl: 1.1.1q -> 1.1.1r" 
This reverts commit 0bf7095945.

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html
 2022-10-13 18:10:13 +02:00
Martin Weinelt 4828dc9d9b Merge remote-tracking branch 'helsinki-systems/upd/openssl' into staging 2022-10-12 02:20:45 +02:00
ajs124 0bf7095945 openssl: 1.1.1q -> 1.1.1r 
bugfix release, does not fix any security issues
 2022-10-11 22:29:58 +02:00
ajs124 0c743ca36f openssl: 3.0.5 -> 3.0.6 
fixes CVE-2022-3358

https://www.openssl.org/news/secadv/20221011.txt
 2022-10-11 17:00:34 +02:00
Sandro Jäckel 33944d5ddd
openssl: fix static cross compilation 2022-09-20 16:25:47 +02:00
Enno Richter 3278ce100b sslscan: enable TLS compression check 2022-09-08 14:06:32 +02:00
ajs124 075b852820 openssl: versionAtLeast 1.1.0 -> 1.1.1 
we don't have/support 1.1.0 anymore, so 1.1.1 is the new minimum
 2022-08-17 20:16:18 +02:00
ajs124 c6de1d4b24 openssl: fix static build 
https://mta.openssl.org/pipermail/openssl-users/2022-February/014906.html
 2022-08-17 20:16:18 +02:00
Adam Joseph a381f9bccf openssl: Rosetta Stone entry for mips32 2022-08-04 21:22:27 -07:00
Robert 649646d7b7
openssl: split runtime dependencies of static builds into a separate output (#182444) 2022-07-23 17:06:06 -04:00
Martin Weinelt 82da6eb46d
openssl_1_1: 1.1.1p -> 1.1.1q 
https://www.openssl.org/news/secadv/20220705.txt

Fixes: CVE-2022-2097
 2022-07-05 23:14:13 +02:00
Martin Weinelt 1dbf7b45e2
openssl_3: 3.0.4 -> 3.0.5 
https://www.openssl.org/news/secadv/20220705.txt

We already acted on the first public disclosure, so this release removes
the previous patch and upgrades to the release including the fix.

Related: CVE-2022-2274
Fixes: CVE-2022-2097
 2022-07-05 23:14:10 +02:00
Vladimír Čunát 0c4852c7bc
Merge #179333: openssl_3_0: fix apparent x86_64 AVX512 RCE 2022-06-28 01:01:42 +02:00
Martin Weinelt 62b05d9742 Merge remote-tracking branch 'origin/master' into staging-next 2022-06-27 23:50:37 +02:00
Alyssa Ross fd6a8fb894
openssl_3: rename from openssl_3_0 
With their new versioning scheme, OpenSSL have committed[1] to API and
ABI compatibility for the whole 3.x.x release series, so we shouldn't
be overly specific in our attribute name.

[1]: https://www.openssl.org/blog/blog/2018/11/28/version/
 2022-06-27 13:35:16 +00:00
Alyssa Ross c59d1ebd6e
openssl_3_0: fix apparent x86_64 AVX512 RCE 
Has been applied upstream.  No CVE.
 2022-06-27 13:14:30 +00:00
Martin Weinelt deb8ef1162 openssl_3_0: 3.0.3 -> 3.0.4 
Fixes additional sanitization issues in the c_rehash script.

https://mta.openssl.org/pipermail/openssl-announce/2022-June/000227.html

Fixes: CVE-2022-2068
 2022-06-21 18:02:47 +02:00
Martin Weinelt 0c21382922 openssl_1_1: 1.1.1o -> 1.1.1p 
Fixes additional sanitization issues in the c_rehash script.

https://mta.openssl.org/pipermail/openssl-announce/2022-June/000226.html

Fixes: CVE-2022-2068
 2022-06-21 18:02:47 +02:00
Jörg Thalheim cc60c24909
openssl: disable ct feature in static mode (#173288) 
For static binaries to be relocatable, they can't depend on data files.

Co-authored-by: zimbatm <zimbatm@zimbatm.com>
 2022-05-17 11:42:46 +02:00
github-actions[bot] 16684f8bd3
Merge master into staging-next 2022-05-04 12:01:10 +00:00
Martin Weinelt c62eceb91e
openssl_3_0: 3.0.2 -> 3.0.3 
- The c_rehash script allows command injection (CVE-2022-1292)
- OCSP_basic_verify may incorrectly verify the response signing
  certificate (CVE-2022-1343)
- Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
- Resource leakage when decoding certificates and keys (CVE-2022-1473)

https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html

Fixes: CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
 2022-05-04 07:17:01 +02:00
Martin Weinelt a7be3b2607
openssl_1_1: 1.1.1n -> 1.1.1o 
Fixes command injection in the c_rehash script, which at the same time
is also considered obsolete and should be replaced by openssl rehash.

https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html

Fixes: CVE-2022-1292
 2022-05-03 18:05:18 +02:00
sternenseemann a985b2bd99
Merge pull request #165746 from a-m-joseph/openssl-fix-mips64-abi-detection-when-not-cross-compiling 
openssl: fix mips64 abi detection when not cross compiling
 2022-04-11 22:41:29 +02:00
Adam Joseph 77d6781cdc openssl: specify the ABI explicitly on mips64 
When *not* cross-compiling, OpenSSL will not attempt to detect the
host ABI.  For mips64, the OpenSSL authors have chosen to assume that
the n32 ABI is used.

Since nixpkgs knows the correct ABI based on stdenv.hostPlatform,
let's pass this information to OpenSSL explicitly.

At the moment (bootstrappable) nixpkgs on mips64 can only be used with
the n64 ABI due to the fact that boost-context (required by nix) does
not support the n32 ABI.  Without this commit the openssl expression
can be cross-compiled to a mips64 host, but a mips64 host cannot
self-compile the expression due to OpenSSL's incorrect assumption.

https://github.com/NixOS/nixpkgs/pull/165746#pullrequestreview-924423243
 2022-04-11 11:23:19 -07:00
ajs124 49c51cdd51 openssl_1_0_2: drop 2022-04-04 15:37:05 +01:00
ajs124 0fae27376d cipherscan: drop 2022-04-04 15:10:43 +01:00
Martin Weinelt 72bb369245
openssl_1_1: 1.1.1m -> 1.1.1n 
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1n/CHANGES#L10

Fixes: CVE-2022-0778
 2022-03-15 16:39:33 +01:00
Martin Weinelt 384a708e6d
openssl_3_0: 3.0.1 -> 3.0.2 
https://github.com/openssl/openssl/blob/openssl-3.0.2/CHANGES.md#changes-between-301-and-302-15-mar-2022

Fixes: CVE-2022-0778
 2022-03-15 16:38:56 +01:00
Tom McLaughlin d01b2cc71b
openssl: remove assert restricting withPerl=false (#156949) 2022-01-27 00:41:18 -05:00
taku0 7ab79bff9f openssl: remove with lib 
See https://github.com/NixOS/nixpkgs/pull/150733/files#r785279764
 2022-01-20 09:19:19 -08:00
taku0 4a7fa6456d openssl_1_1: fix build on Darwin 
See https://github.com/NixOS/nixpkgs/pull/150733/files#r785279118
 2022-01-20 09:19:19 -08:00
Dmitry Kalinkin 2ddda43924
Merge branch 'staging' into staging-next 
Conflicts:
	pkgs/os-specific/linux/kernel/common-config.nix
 2021-12-25 17:16:26 -05:00