Commit Graph

160 Commits

Author SHA1 Message Date
Eelco Dolstra
e0d17fdf10 openssl: Use 1.0.2 by default
Provided that not too much breaks, we should probably cherry-pick this
to 16.03, since the end of the 1.0.1 support window is a bit too close
to the expected lifetime of 16.0.3. @domenkozar
2016-03-01 15:25:53 +01:00
Eelco Dolstra
cdbd14a1a8 openssl: 1.0.1r -> 1.0.1s, 1.0.2f -> 1.0.2g
CVE-2016-0800
2016-03-01 15:18:57 +01:00
Eelco Dolstra
ef86e9506d Untested fix for #13401 2016-02-24 14:01:20 +01:00
Vladimír Čunát
a115bff08c Merge branch 'master' into staging 2016-02-07 13:52:42 +01:00
Charles Strahan
4c57b932ab cipherscan: init at rev 18b0d1b (Dec 17, 2015)
CipherScan is a simple way to find out which SSL ciphersuites are
supported by a target.

It can take advantage of the extra features in Peter Mosmans' openssl
fork (which is also included in this commit).
2016-02-03 12:01:24 -05:00
Eelco Dolstra
917ca8920d Move setting $SSL_CERT_FILE to stdenv
Doing it in an openssl setup hook only works if packages have openssl
as a build input - it doesn't work if they're using a program linked
against openssl.
2016-02-03 13:59:10 +01:00
Eelco Dolstra
cc2cec6300 openssl: Unify 1.0.1 and 1.0.2 expressions 2016-02-03 13:54:22 +01:00
Eelco Dolstra
788da6894f openssl: Compile in /etc/ssl/certs/ca-certificates.crt 2016-02-03 13:45:05 +01:00
Guillaume Maudoux
9f358f809d Configure a default trust store for openssl 2016-02-03 12:42:01 +01:00
Vladimír Čunát
de0af30716 Merge branch 'master' into staging 2016-01-29 10:19:48 +01:00
Vladimír Čunát
a92c2cb994 openssl_1_0_2: high-severity security update e -> f
Fixes CVE-2016-0701 and CVE-2015-3197.
2016-01-28 20:35:00 +01:00
Eelco Dolstra
2ecb6b4574 openssl: 1.0.1q -> 1.0.1r
CVE-2015-3197 (low severity)
2016-01-28 18:57:23 +01:00
codsl
51a5f49d70 openssl: security update 1.0.2d -> 1.0.2e
Fixes CVE-2015-3193, CVE-2015-3194, CVE-2015-3195 and CVE-2015-3196.
Close #11469.
2015-12-05 11:32:49 +01:00
codsl
fb3b9f5f8b openssl: security update 1.0.1p -> 1.0.1q
Fixes CVE-2015-3194 and CVE-2015-3195.
Taken from #11469.
2015-12-05 11:25:27 +01:00
Matthias C. M. Troffaes
1c0b060295 openssl: use prefixed windres and ranlib for cross build 2015-11-04 08:48:38 +00:00
Eelco Dolstra
e1f78bf677 More docs/manpages in separate outputs 2015-07-27 00:27:54 +02:00
Eelco Dolstra
5e156b9db7 openssl: Update to 1.0.2d 2015-07-09 15:17:14 +02:00
Eelco Dolstra
9539db1ec3 openssl: Update to 1.0.1p 2015-07-09 15:15:52 +02:00
William A. Kennington III
7f9a4957ee openssl: Make 1.0.2 conform to the 1.0.1 derivation 2015-06-22 20:00:44 -07:00
William A. Kennington III
c6e512b80c Merge branch 'master.upstream' into staging.upstream 2015-06-22 12:43:12 -07:00
Mike Sperber
bd003198b3 openssl: patch not needed anymore for darwin platform, closes #8456
The darwin-arch.patch that was needed for previous releases doesn't
apply, and also doesn't work anymore. It builds fine without.
2015-06-22 19:59:28 +02:00
William A. Kennington III
282d03befa Merge branch 'master.upstream' into staging.upstream 2015-06-22 10:57:36 -07:00
William A. Kennington III
507bb016cc openssl: Clean up the cross compile arguments
Also add a check to make sure we don't depend on perl in the output
2015-06-20 14:30:18 -07:00
Vladimír Čunát
f5cae29005 openssl-1.0.2: bug+security upate (Fixes #8415) 2015-06-20 09:10:54 +02:00
Peter Simons
b333a2cb19 openssl: remove some cruft 2015-06-16 14:19:25 +02:00
Eelco Dolstra
a4178b1b8a openssl: Update to 1.0.1o
From https://www.openssl.org/news/openssl-1.0.1-notes.html:

"Fix HMAC ABI incompatibility"
2015-06-16 14:16:08 +02:00
Eelco Dolstra
415407bd93 openssl: Update to 1.0.1n
CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176
2015-06-11 18:32:13 +02:00
Eelco Dolstra
3aee39bb83 openssl: Fix removal of the ssl/misc scripts
This drops the dependency of $out on Perl.

(cherry picked from commit a5fb18473e)
Signed-off-by: Domen Kožar <domen@dev.si>

Conflicts:
	pkgs/development/libraries/openssl/default.nix
2015-06-01 11:01:57 +02:00
William A. Kennington III
867d2c5c46 openssl: Remove References to OPENSSL_X509_CERT_FILE 2015-05-31 15:50:51 -07:00
William A. Kennington III
afa5859716 openssl: Cleanup some old, untested patches 2015-05-29 16:08:27 -07:00
Peter Simons
d9cc38757a openssl: add version 1.0.2a as attribute 'openssl_1_0_2'
We'll try switching our default version after the 15.06 release has been
branched off. Resolves https://github.com/NixOS/nixpkgs/issues/7970.
2015-05-29 09:52:29 +02:00
Marko Durkovic
3f6949c3ef cygwin: openssl for x86_64 2015-05-28 10:53:35 +02:00
Russell O'Connor
e2e4c1182e Update OpenSSL dependency of bitcoin to be the latest OpenSSL.
Purge OpenSSL version 1.0.1j.
2015-03-21 17:49:42 -04:00
Vladimír Čunát
cd97c58110 openssl_1_0_1j: fix after updating the main version 2015-03-19 20:28:35 +01:00
Eelco Dolstra
2fe351c7e3 openssl: Update to 1.0.1m
Fixes various "Moderate" / "Low" CVEs:
http://openssl.org/news/secadv_20150319.txt
2015-03-19 15:57:17 +01:00
Domen Kožar
1fb78f8994 openssl: 1.0.1k -> 1.0.1l 2015-02-27 12:59:59 +01:00
Russell O'Connor
af3c4a2744 Bitcoin 0.9.3 won't work with OpenSSL 1.0.1k.
This patch restores OpenSSL 1.0.1j and builds Bitcoin against it.
2015-02-05 11:40:57 -05:00
Domen Kožar
dbbd849ce8 openssl: 1.0.1j -> 1.0.1k
(cherry picked from commit 70a7d4bd16454b8b27d404a109c615462cc4fa9e)
Signed-off-by: Domen Kožar <domen@dev.si>
2015-01-09 20:22:02 +01:00
Eelco Dolstra
09dc132e04 Merge remote-tracking branch 'origin/master' into staging
Conflicts:
	pkgs/development/libraries/poppler/default.nix
2014-10-16 15:16:50 +02:00
Domen Kožar
c758ec756b openssl: 1.0.1i -> 1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568) 2014-10-15 16:12:23 +02:00
Alexander Kjeldaas
e431a3e0b5 openssl: make it deterministic 2014-09-13 15:05:27 +02:00
Vladimír Čunát
d1ed0f44cd Merge #2823: better cygwin support, also add x86_64
Conflicts (easy):
	pkgs/development/interpreters/perl/5.16/default.nix
2014-08-14 20:38:09 +02:00
Peter Simons
5c276c4f68 openssl: update to version 1.0.1i
See https://www.openssl.org/news/secadv_20140806.txt for a long list of CVE numbers.
Fixes <https://github.com/NixOS/nixpkgs/issues/3485>.
2014-08-08 09:46:57 +02:00
Domen Kožar
15f092d7a7 openssl: 1.0.1g -> 1.0.1h
CVE-2014-0224
CVE-2014-0221
CVE-2014-0195
CVE-2014-0198
CVE-2010-5298
CVE-2014-3470
2014-06-05 14:32:11 +02:00
Sander van der Burg
9ec52d6323 Fixes to make basic builds on Cygwin work again + additions to support x86_64-cygwin 2014-05-29 14:47:07 +02:00
aszlig
625d7b9043
Merge pull request #1928 from 'cross-win-osx'.
This includes a lot of fixes for cross-building to Windows and Mac OS X
and could possibly fix things even for non-cross-builds, like for
example OpenSSL on Windows.

The main reason for merging this in 14.04 already is that we already
have runInWindowsVM in master and it doesn't work until we actually
cross-build Cygwin's setup binary as the upstream version is a fast
moving target which gets _overwritten_ on every new release.

Conflicts:
	pkgs/top-level/all-packages.nix
2014-04-21 10:00:35 +02:00
Domen Kožar
1140f06e0f openssl: 1.0.1f -> 1.0.1g
CVE-2014-0160, CVE-2014-0076
2014-04-07 20:33:38 +02:00
aszlig
c7bac81c66
Merge 'mingw-w64' and 'darwin' into cross-win-osx.
Both branches have quite a lot in common, so it's time for a merge and
do the cleanups with respect to both implementations and also generalize
both implementations as much as possible.

This also closes #1876.

Conflicts:
	pkgs/development/interpreters/lua-5/5.2.nix
	pkgs/development/libraries/SDL/default.nix
	pkgs/development/libraries/glew/default.nix
	pkgs/top-level/all-packages.nix
2014-03-12 10:16:51 +01:00
aszlig
5e95800f26
openssl: Use Darwin patch for cross-builds too.
Might be better to have something like stdenv.isDarwinTarget, which can
be used to test for native Darwin _and_ cross-built Darwin as a target.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:47 +01:00
aszlig
30962765e0
openssl/cross: Fix build for Darwin.
This is just a minor fix, because when using "darwin64-x86_64-cc" for
config.openssl.system, the OpenSSL build scripts try to compile with
$prefix-cc, which is not available with the gcc-cross-wrapper.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:47 +01:00