openssl: 3.0.5 -> 3.0.7

Fixes: CVE-2022-3786, CVE-2022-3602
Co-Authored-By: Andreas Schrägle <git@ajs124.de>
This commit is contained in:
Martin Weinelt 2022-11-01 16:37:18 +01:00
parent 2088dd4269
commit eeca5969b3
No known key found for this signature in database
GPG Key ID: 87C1E9888F856759
2 changed files with 20 additions and 17 deletions

View File

@ -1,22 +1,25 @@
diff --git a/Configure b/Configure diff --git a/Configure b/Configure
index f0ad787bc4..a48d2008c6 100755 index a558e5ab1a..9a884f0b0f 100755
--- a/Configure --- a/Configure
+++ b/Configure +++ b/Configure
@@ -1688,17 +1688,6 @@ unless ($disabled{devcryptoeng}) { @@ -1714,20 +1714,6 @@ unless ($disabled{devcryptoeng}) {
unless ($disabled{ktls}) { unless ($disabled{ktls}) {
$config{ktls}=""; $config{ktls}="";
if ($target =~ m/^linux/) { - my $cc = $config{CROSS_COMPILE}.$config{CC};
- my $usr = "/usr/$config{cross_compile_prefix}"; - if ($target =~ m/^linux/) {
- chop($usr); - system("printf '#include <sys/types.h>\n#include <linux/tls.h>' | $cc -E - >/dev/null 2>&1");
- if ($config{cross_compile_prefix} eq "") { - if ($? != 0) {
- $usr = "/usr";
- }
- my $minver = (4 << 16) + (13 << 8) + 0;
- my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
-
- if ($verstr[2] < $minver) {
- disable('too-old-kernel', 'ktls'); - disable('too-old-kernel', 'ktls');
- } - }
} elsif ($target =~ m/^BSD/) { - } elsif ($target =~ m/^BSD/) {
my $cc = $config{CROSS_COMPILE}.$config{CC}; - system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1"); - if ($? != 0) {
- disable('too-old-freebsd', 'ktls');
- }
- } else {
- disable('not-linux-or-freebsd', 'ktls');
- }
}
push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});

View File

@ -228,8 +228,8 @@ in {
}; };
openssl_3 = common { openssl_3 = common {
version = "3.0.5"; version = "3.0.7";
sha256 = "sha256-qn2Nm+9xrWUlxVuhHl9Dl4ic5Jwsk0nc6m0+TwsCSno="; sha256 = "sha256-gwSdBComDmlvYkBqxcCL9wb9hDg/lFzyG9YentlcOW4=";
patches = [ patches = [
./3.0/nix-ssl-cert-file.patch ./3.0/nix-ssl-cert-file.patch