JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openssl: 3.0.5 -> 3.0.7

Browse Source 
Fixes: CVE-2022-3786, CVE-2022-3602
Co-Authored-By: Andreas Schrägle <git@ajs124.de>
This commit is contained in:
Martin Weinelt 2022-11-01 16:37:18 +01:00
parent 2088dd4269
commit eeca5969b3
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
2 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch
View File

@ -1,22 +1,25 @@
diff --git a/Configure b/Configure
index f0ad787bc4..a48d2008c6 100755
index a558e5ab1a..9a884f0b0f 100755
--- a/Configure
+++ b/Configure
@@ -1688,17 +1688,6 @@ unless ($disabled{devcryptoeng}) {
@@ -1714,20 +1714,6 @@ unless ($disabled{devcryptoeng}) {
unless ($disabled{ktls}) {
$config{ktls}="";
if ($target =~ m/^linux/) {
- my $usr = "/usr/$config{cross_compile_prefix}";
- chop($usr);
- if ($config{cross_compile_prefix} eq "") {
- $usr = "/usr";
- }
- my $minver = (4 << 16) + (13 << 8) + 0;
- my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
-
- if ($verstr[2] < $minver) {
- my $cc = $config{CROSS_COMPILE}.$config{CC};
- if ($target =~ m/^linux/) {
- system("printf '#include <sys/types.h>\n#include <linux/tls.h>' | $cc -E - >/dev/null 2>&1");
- if ($? != 0) {
- disable('too-old-kernel', 'ktls');
- }
} elsif ($target =~ m/^BSD/) {
my $cc = $config{CROSS_COMPILE}.$config{CC};
system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
- } elsif ($target =~ m/^BSD/) {
- system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
- if ($? != 0) {
- disable('too-old-freebsd', 'ktls');
- }
- } else {
- disable('not-linux-or-freebsd', 'ktls');
- }
}
push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});

4
pkgs/development/libraries/openssl/default.nix
View File

@ -228,8 +228,8 @@ in {
};
openssl_3 = common {
version = "3.0.5";
sha256 = "sha256-qn2Nm+9xrWUlxVuhHl9Dl4ic5Jwsk0nc6m0+TwsCSno=";
version = "3.0.7";
sha256 = "sha256-gwSdBComDmlvYkBqxcCL9wb9hDg/lFzyG9YentlcOW4=";
patches = [
./3.0/nix-ssl-cert-file.patch