JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
427,099 Commits 1 Branch 0 Tags 12 GiB
aa232a31fe
Commit Graph

365 Commits

Author SHA1 Message Date
Vladimír Čunát
b15a637819
Merge #199009: openssl_1_1: 1.1.1q -> 1.1.1s 
...into staging
 2022-11-05 16:59:07 +01:00
Vladimír Čunát
70ca403dc2
openssl(_3): enable KTLS only on Linux 
This fixes build on *-darwin.
 2022-11-02 09:33:15 +01:00
Vladimír Čunát
6aa0c5e918
openssl_1_1: drop a long unused patch 2022-11-01 18:46:44 +01:00
Vladimír Čunát
32ebb91f4b
openssl_1_1: 1.1.1q -> 1.1.1s 
I believe this double version jump includes no security fixes.
 2022-11-01 17:29:35 +01:00
Martin Weinelt
eeca5969b3
openssl: 3.0.5 -> 3.0.7 
Fixes: CVE-2022-3786, CVE-2022-3602
Co-Authored-By: Andreas Schrägle <git@ajs124.de>
 2022-11-01 16:44:23 +01:00
ajs124
0755f8c8f8 Revert "openssl: 3.0.5 -> 3.0.6" 
This reverts commit 0c743ca36f.

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html
 2022-10-13 18:10:42 +02:00
ajs124
b30d687dd0 Revert "openssl: 1.1.1q -> 1.1.1r" 
This reverts commit 0bf7095945.

https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html
 2022-10-13 18:10:13 +02:00
Martin Weinelt
4828dc9d9b Merge remote-tracking branch 'helsinki-systems/upd/openssl' into staging 2022-10-12 02:20:45 +02:00
ajs124
0bf7095945 openssl: 1.1.1q -> 1.1.1r 
bugfix release, does not fix any security issues
 2022-10-11 22:29:58 +02:00
ajs124
0c743ca36f openssl: 3.0.5 -> 3.0.6 
fixes CVE-2022-3358

https://www.openssl.org/news/secadv/20221011.txt
 2022-10-11 17:00:34 +02:00
Sandro Jäckel
33944d5ddd
openssl: fix static cross compilation 2022-09-20 16:25:47 +02:00
ajs124
075b852820 openssl: versionAtLeast 1.1.0 -> 1.1.1 
we don't have/support 1.1.0 anymore, so 1.1.1 is the new minimum
 2022-08-17 20:16:18 +02:00
ajs124
c6de1d4b24 openssl: fix static build 
https://mta.openssl.org/pipermail/openssl-users/2022-February/014906.html
 2022-08-17 20:16:18 +02:00
Robert
649646d7b7
openssl: split runtime dependencies of static builds into a separate output (#182444) 2022-07-23 17:06:06 -04:00
Martin Weinelt
82da6eb46d
openssl_1_1: 1.1.1p -> 1.1.1q 
https://www.openssl.org/news/secadv/20220705.txt

Fixes: CVE-2022-2097
 2022-07-05 23:14:13 +02:00
Martin Weinelt
1dbf7b45e2
openssl_3: 3.0.4 -> 3.0.5 
https://www.openssl.org/news/secadv/20220705.txt

We already acted on the first public disclosure, so this release removes
the previous patch and upgrades to the release including the fix.

Related: CVE-2022-2274
Fixes: CVE-2022-2097
 2022-07-05 23:14:10 +02:00
Vladimír Čunát
0c4852c7bc
Merge #179333: openssl_3_0: fix apparent x86_64 AVX512 RCE 2022-06-28 01:01:42 +02:00
Martin Weinelt
62b05d9742 Merge remote-tracking branch 'origin/master' into staging-next 2022-06-27 23:50:37 +02:00
Alyssa Ross
fd6a8fb894
openssl_3: rename from openssl_3_0 
With their new versioning scheme, OpenSSL have committed[1] to API and
ABI compatibility for the whole 3.x.x release series, so we shouldn't
be overly specific in our attribute name.

[1]: https://www.openssl.org/blog/blog/2018/11/28/version/
 2022-06-27 13:35:16 +00:00
Alyssa Ross
c59d1ebd6e
openssl_3_0: fix apparent x86_64 AVX512 RCE 
Has been applied upstream.  No CVE.
 2022-06-27 13:14:30 +00:00
Martin Weinelt
deb8ef1162 openssl_3_0: 3.0.3 -> 3.0.4 
Fixes additional sanitization issues in the c_rehash script.

https://mta.openssl.org/pipermail/openssl-announce/2022-June/000227.html

Fixes: CVE-2022-2068
 2022-06-21 18:02:47 +02:00
Martin Weinelt
0c21382922 openssl_1_1: 1.1.1o -> 1.1.1p 
Fixes additional sanitization issues in the c_rehash script.

https://mta.openssl.org/pipermail/openssl-announce/2022-June/000226.html

Fixes: CVE-2022-2068
 2022-06-21 18:02:47 +02:00
Jörg Thalheim
cc60c24909
openssl: disable ct feature in static mode (#173288) 
For static binaries to be relocatable, they can't depend on data files.

Co-authored-by: zimbatm <zimbatm@zimbatm.com>
 2022-05-17 11:42:46 +02:00
github-actions[bot]
16684f8bd3
Merge master into staging-next 2022-05-04 12:01:10 +00:00
Martin Weinelt
c62eceb91e
openssl_3_0: 3.0.2 -> 3.0.3 
- The c_rehash script allows command injection (CVE-2022-1292)
- OCSP_basic_verify may incorrectly verify the response signing
  certificate (CVE-2022-1343)
- Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
- Resource leakage when decoding certificates and keys (CVE-2022-1473)

https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html

Fixes: CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
 2022-05-04 07:17:01 +02:00
Martin Weinelt
a7be3b2607
openssl_1_1: 1.1.1n -> 1.1.1o 
Fixes command injection in the c_rehash script, which at the same time
is also considered obsolete and should be replaced by openssl rehash.

https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html

Fixes: CVE-2022-1292
 2022-05-03 18:05:18 +02:00
sternenseemann
a985b2bd99
Merge pull request #165746 from a-m-joseph/openssl-fix-mips64-abi-detection-when-not-cross-compiling 
openssl: fix mips64 abi detection when not cross compiling
 2022-04-11 22:41:29 +02:00
Adam Joseph
77d6781cdc openssl: specify the ABI explicitly on mips64 
When *not* cross-compiling, OpenSSL will not attempt to detect the
host ABI.  For mips64, the OpenSSL authors have chosen to assume that
the n32 ABI is used.

Since nixpkgs knows the correct ABI based on stdenv.hostPlatform,
let's pass this information to OpenSSL explicitly.

At the moment (bootstrappable) nixpkgs on mips64 can only be used with
the n64 ABI due to the fact that boost-context (required by nix) does
not support the n32 ABI.  Without this commit the openssl expression
can be cross-compiled to a mips64 host, but a mips64 host cannot
self-compile the expression due to OpenSSL's incorrect assumption.

https://github.com/NixOS/nixpkgs/pull/165746#pullrequestreview-924423243
 2022-04-11 11:23:19 -07:00
ajs124
49c51cdd51 openssl_1_0_2: drop 2022-04-04 15:37:05 +01:00
ajs124
0fae27376d cipherscan: drop 2022-04-04 15:10:43 +01:00
Martin Weinelt
72bb369245
openssl_1_1: 1.1.1m -> 1.1.1n 
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1n/CHANGES#L10

Fixes: CVE-2022-0778
 2022-03-15 16:39:33 +01:00
Martin Weinelt
384a708e6d
openssl_3_0: 3.0.1 -> 3.0.2 
https://github.com/openssl/openssl/blob/openssl-3.0.2/CHANGES.md#changes-between-301-and-302-15-mar-2022

Fixes: CVE-2022-0778
 2022-03-15 16:38:56 +01:00
Tom McLaughlin
d01b2cc71b
openssl: remove assert restricting withPerl=false (#156949) 2022-01-27 00:41:18 -05:00
taku0
7ab79bff9f openssl: remove with lib 
See https://github.com/NixOS/nixpkgs/pull/150733/files#r785279764
 2022-01-20 09:19:19 -08:00
taku0
4a7fa6456d openssl_1_1: fix build on Darwin 
See https://github.com/NixOS/nixpkgs/pull/150733/files#r785279118
 2022-01-20 09:19:19 -08:00
Dmitry Kalinkin
2ddda43924
Merge branch 'staging' into staging-next 
Conflicts:
	pkgs/os-specific/linux/kernel/common-config.nix
 2021-12-25 17:16:26 -05:00
7c6f434c
b0f154fd44
Merge pull request #147027 from Izorkin/update-nginx-ktls 
nginxMainline: enable ktls support
 2021-12-24 10:23:17 +00:00
Martin Weinelt
8cd976ffdb
Merge pull request #150733 from mweinelt/openssl 2021-12-21 03:33:37 +01:00
Martin Weinelt
29f216c48a
openssl_1_1: 1.1.1l -> 1.1.1m 2021-12-18 15:39:12 +01:00
Martin Weinelt
35a11522ba openssl_3_0: 3.0.0 -> 3.0.1 2021-12-15 10:56:04 +01:00
Izorkin
9419b653ba
openssl 3.0.0: enable ktls support 2021-11-27 09:39:56 +03:00
Janne Heß
83ab81ae89
Merge pull request #137004 from baloo/baloo/openssl/3.0.0-init 
openssl3: init at 3.0.0
 2021-11-05 13:02:47 +01:00
Zhaofeng Li
42dcdc2c3a openssl: Fix build configuration for riscv64-linux 
Without this patch, OpenSSL would use the suboptimal linux-generic32
config when building natively on riscv64.
 2021-10-15 15:53:41 -07:00
Peter Simons
476635afe1 Drop myself from meta.maintainers for most packages. 
I'd like to reduce the number of Github notifications and
review requests I receive.
 2021-10-14 11:01:27 +02:00
Arthur Gautier
613a0bffcd openssl: openssl3 is published under Apache License v2.0 
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
 2021-09-14 00:04:27 +00:00
Arthur Gautier
0db4ebbf1f openssl3: disable build-time feature detection 
This enables KTLS support on linux.

Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
 2021-09-07 23:21:54 +00:00
Arthur Gautier
7f25b31f07 openssl3: init at 3.0.0 
Signed-off-by: Arthur Gautier <baloo@superbaloo.net>
 2021-09-07 23:13:46 +00:00
Martin Weinelt
3d245b3a37 Revert "Revert "openssl: 1.1.1k -> 1.1.1l" (#135999)" 
This reverts commit b2b0115e70.
 2021-08-28 16:58:44 +02:00
Dmitry Kalinkin
b2b0115e70
Revert "openssl: 1.1.1k -> 1.1.1l" (#135999) 2021-08-27 23:36:39 -04:00
Martin Weinelt
174868d4fa
openssl: 1.1.1k -> 1.1.1l 2021-08-28 02:21:11 +02:00