Martin Weinelt
bb4f46855f
openssl: 1.1.1f → 1.1.1g
...
Fixes: CVE-2020-1967
Segmentation fault in SSL_check_chain (CVE-2020-1967)
=====================================================
Severity: High
Server or client applications that call the SSL_check_chain() function during or
after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a
result of incorrect handling of the "signature_algorithms_cert" TLS extension.
The crash occurs if an invalid or unrecognised signature algorithm is received
from the peer. This could be exploited by a malicious peer in a Denial of
Service attack.
OpenSSL version 1.1.1d, 1.1.1e, and 1.1.1f are affected by this issue. This
issue did not affect OpenSSL versions prior to 1.1.1d.
Affected OpenSSL 1.1.1 users should upgrade to 1.1.1g
This issue was found by Bernd Edlinger and reported to OpenSSL on 7th April
2020. It was found using the new static analysis pass being implemented in GCC,
- -fanalyzer. Additional analysis was performed by Matt Caswell and Benjamin
Kaduk.
2020-04-22 02:14:44 +02:00
Jan Tojnar
3d8e436917
Merge branch 'master' into staging-next
2020-04-16 10:09:43 +02:00
Robin Gloster
f6be629595
sslscan: enabling scanning for sslv3
2020-04-13 21:23:22 +02:00
Jan Tojnar
a04625379a
Merge branch 'master' into staging-next
2020-04-13 18:50:35 +02:00
Michael Reilly
84cf00f980
treewide: Per RFC45, remove all unquoted URLs
2020-04-10 17:54:53 +01:00
Vladimír Čunát
6c8692feb4
openssl: 1.1.1d -> 1.1.1f
...
https://github.com/pyca/pyopenssl/issues/899#issuecomment-607709065
The tests in python3.pkgs.pyopenssl succeed!
Fixing this problem we experienced is listed as the only major change:
https://www.openssl.org/news/openssl-1.1.1-notes.html
2020-04-02 11:52:58 +02:00
Vladimír Čunát
e48a55dd73
openssl(_1_1): patch CVE-2019-1551
...
fetchpatch can't be used here and fetchurl from GitHub
like in PR #82928 has the risk of breaking the hash later;
fortunately the patches aren't too large.
(cherry picked from commit 2071e3be28ee0d6ec46056352c88b88f5c0d7f60)
2020-04-02 10:00:49 +02:00
Hamish Mackenzie
6040c11041
openssl: Fix openssl build for musl
2020-03-16 15:59:06 +13:00
Andrew Childs
e271476a4e
openssl: fix platform detection on armv5tel-linux
2020-03-14 04:33:05 +00:00
Vladimír Čunát
7cda2823be
openssl_1_0_2: mark as insecure; fixes #77503 (kinda)
...
No vulnerabilities are know so far (to me), but still I'd go this way.
Especially for 20.03 it seems better to deprecate it before official
release happens.
Current casualties:
$ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^
Estimating rebuild amount by counting changed Hydra jobs.
87 x86_64-darwin
161 x86_64-linux
2020-02-21 18:49:16 +01:00
Vladimír Čunát
5a8000dc05
openssl: revert a workaround that's no longer needed
...
Thanks to python3Minimal. This reverts part of c2038483f
#79738 .
2020-02-14 13:22:44 +01:00
Vladimír Čunát
c2038483fd
glibc, openssl: unbreak cross eval (with minor caveats)
...
It's certainly better to have those two caveats than not evaluate.
Both seem rather niche. Unfortunately I failed to find a better way.
I started testing builds of several cross variants; all seem OK.
2020-02-10 15:52:20 +01:00
Antonio Nuno Monteiro
4b34c18e31
pkgsStatic: make OpenSSL 1.1 compile ( #77542 )
...
* pkgsStatic: make OpenSSL 1.1 compile
2020-01-16 20:02:38 +01:00
Matthew Bauer
f23ad86d6f
openssl: don’t separate debug info on useLLVM
...
fixes #77779
2020-01-15 13:16:10 -05:00
Jörg Thalheim
00a2084a40
openssl: fix build linux with clangStdenv
2020-01-14 22:08:15 +01:00
Vladimír Čunát
e4c89a66fe
openssl_1_0_2: 1.0.2t -> 1.0.2u (low-severity security)
...
Fixes #77266 : CVE-2019-1551
https://www.openssl.org/news/secadv/20191206.txt
(cherry picked from commit 961d0cf9f5
)
Oops - I realized too late that the rebuild amount is minimal,
so why not have it immediately in master.
2020-01-11 10:25:38 +01:00
John Ericson
6a4726d602
Merge pull request #68398 from angerman/feature/fix-openssl
...
fix openssl for cross compilation
2019-10-26 09:39:32 +02:00
Frederik Rietdijk
af491cbb7d
openssl: use old method for configuring on i686, fixes #71786
...
unbreaks pkgsi686Linux.openssl_1_0_2
2019-10-23 15:54:07 +02:00
Ding Xiang Fei
703e44675c
openssl: switch to linux-x86 and linux-x86_64 targets
2019-10-22 09:31:34 +02:00
Moritz Angermann
2df354fd1e
fix openssl
2019-10-17 21:54:16 +08:00
Moritz Angermann
8b393304b1
[win32] fix openssl
2019-10-17 21:54:15 +08:00
Vladimír Čunát
22a216849b
Re-Revert "Merge branch 'staging-next'"
...
This reverts commit f8a8fc6c7c
.
2019-09-22 09:38:09 +02:00
Vladimír Čunát
f8a8fc6c7c
Revert "Merge branch 'staging-next'"
...
This reverts commit 41af38f372
, reversing
changes made to f0fec244ca
.
Let's delay this. We have some serious regressions.
2019-09-21 20:05:09 +02:00
Andreas Rammhold
20c7a35429
openssl_1_0_2: fixup sha256
2019-09-11 13:48:31 +02:00
Andreas Rammhold
d49fb86b1b
openssl: 1.1.1c -> 1.1.1d
...
(cherry picked from commit 76d54c72acaaa32e2c1f8b13002f0ceac3b7b06f)
2019-09-10 21:22:50 +02:00
Andreas Rammhold
5d5cd70516
openssl_1_0_2: 1.0.2s -> 1.0.2t
...
(cherry picked from commit aa6327c29c2de41a61db5aef8444385c531d4cc2)
2019-09-10 21:22:47 +02:00
Guillaume Maudoux
92b96ce63f
openssl: fix man pages collisions ( #66317 )
2019-08-31 08:23:39 -04:00
volth
08f68313a4
treewide: remove redundant rec
2019-08-28 11:07:32 +00:00
volth
35d68ef143
treewide: remove redundant quotes
2019-08-26 21:40:19 +00:00
volth
c814d72b51
treewide: name -> pname
2019-08-17 10:54:38 +00:00
volth
46420bbaa3
treewide: name -> pname (easy cases) ( #66585 )
...
treewide replacement of
stdenv.mkDerivation rec {
name = "*-${version}";
version = "*";
to pname
2019-08-15 13:41:18 +01:00
volth
f3282c8d1e
treewide: remove unused variables ( #63177 )
...
* treewide: remove unused variables
* making ofborg happy
2019-06-16 19:59:05 +00:00
Will Dietz
642c9a7e74
Revert "openssl: fix CVE-2019-1543"
...
This reverts commit aae4c114a4
.
2019-05-29 07:54:00 -05:00
Will Dietz
f6297de3bc
openssl: 1.1.1b -> 1.1.1c
...
https://mta.openssl.org/pipermail/openssl-announce/2019-May/000153.html
2019-05-28 19:04:31 -05:00
Will Dietz
c83b9bb6aa
openssl: 1.0.2r -> 1.0.2s
...
https://mta.openssl.org/pipermail/openssl-announce/2019-May/000151.html
2019-05-28 19:04:25 -05:00
Tom Bereknyei
aae4c114a4
openssl: fix CVE-2019-1543
...
Closes https://github.com/NixOS/nixpkgs/pull/61827 .
Fixes https://github.com/NixOS/nixpkgs/issues/60107 .
2019-05-22 17:06:49 +02:00
Alyssa Ross
fed0926960
openssl_1_1: 1.1.1a -> 1.1.1b
2019-02-26 16:35:27 +00:00
Alyssa Ross
9c94d74836
openssl: 1.0.2q -> 1.0.2r
2019-02-26 16:33:06 +00:00
Vladimír Čunát
6f61d8b0f6
openssl_1_1: use the same default CA path as 1.0.*
...
Fixes https://github.com/NixOS/nixpkgs/issues/54437
2019-01-21 21:15:42 +01:00
Andrew Dunham
14087abe6a
openssl_1_1: Add "doc" output to contain HTML documentation
...
This prevents cluttering up openssl_1_1.out with many megabytes of
documentation.
Fixes #51659
2018-12-09 14:49:00 +00:00
Frederik Rietdijk
c1792242ef
Merge staging-next into staging
2018-11-24 10:44:50 +01:00
Daniel Goertzen
e8bce19aea
openssl: fix cross compile (perl)
...
Fixes issue #50921 . Build result was depending on build perl instead of
host perl which broke cross compilation.
2018-11-23 10:37:54 +01:00
Jan Malakhovski
7c48015019
openssl: fix cryptodev
fallout from d836b811cb
2018-11-22 09:45:34 +00:00
Alyssa Ross
d012516c44
openssl_1_1: 1.1.1 -> 1.1.1a
...
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-0735: https://www.openssl.org/news/vulnerabilities.html#2018-0735
2018-11-20 16:52:22 +00:00
Alyssa Ross
ae29a9e688
openssl: 1.0.2p -> 1.0.2q
...
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-5407: https://www.openssl.org/news/vulnerabilities.html#2018-5407
No patches can any longer be shared between 1.0.2 and 1.1, so reorganize
patches into subdirectories (and remove an unused one).
2018-11-20 16:51:48 +00:00
Renaud
de8f3b422a
Merge pull request #47953 from lopsided98/openssl-arm
...
openssl: don't autodetect platform on armv6/7l
2018-10-28 14:08:02 +01:00
Markus Kowalewski
598ed197db
openssl-chacha: add license
2018-10-25 23:10:00 +02:00
Ben Wolsieffer
d3ba32e117
openssl: don't autodetect platform on armv6/7l
2018-10-05 22:46:45 -04:00
Alyssa Ross
1ec301ded2
openssl: 1.1.0 -> 1.1.1 ( #46524 )
2018-09-12 23:56:08 +00:00
John Ericson
0828e2d8c3
treewide: Remove usage of remaining redundant platform compatability stuff
...
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
2018-08-30 17:20:32 -04:00