Guillaume Maudoux
c86f05e7ce
openssl: default to default profile CA on darwin
2017-03-22 12:09:09 +01:00
Domen Kožar
c3c9412c7d
git, openssl, curl: Respect $NIX_SSL_CERT_FILE
...
Slightly modified version of 942dbf89c6
2017-03-20 14:11:20 +01:00
Matthew Maurer
0d2ba7ef2b
openssl: 1.1.0d -> 1.1.0e for High severity CVE-2017-3733
2017-02-16 09:16:41 -05:00
Robin Gloster
426b61a1c7
openssl_1_0_1: remove
2017-01-27 21:29:53 +01:00
Franz Pletz
6626b62241
openssl_1_0_1: not maintained anymore, rename as -vulnerable
...
This is not maintained anymore upstream but is still used by sslscan.
Until this package is updated or fixed, we'll keep it around under
the unambiguous name openssl_1_0_1-vulnerable.
2017-01-26 15:41:07 +01:00
Franz Pletz
49bfd6068d
openssl_1_1_0: 1.1.0c -> 1.1.0d for multiple CVEs
...
Fixes:
* CVE-2017-3731
* CVE-2017-3730
* CVE-2017-3732
* CVE-2016-7055
2017-01-26 15:38:42 +01:00
Franz Pletz
434c15193a
openssl_1_0_2: 1.0.2j -> 1.0.2k for multiple CVEs
...
Fixes:
* CVE-2017-3731
* CVE-2017-3730
* CVE-2017-3732
* CVE-2016-7055
2017-01-26 15:38:33 +01:00
John Ericson
94df8e7e4d
openssl: Output-santizing hack properly uses native perl again
2017-01-24 11:37:56 -05:00
Graham Christensen
bb2a67d226
openssl_1_1_0: 1.1.0b -> 1.1.0c
2016-11-11 07:11:29 -05:00
David McFarland
a50784b34e
openssl: add custom build of 1.0.2 for steam
2016-11-09 21:18:32 -04:00
Eelco Dolstra
811b876fab
Revert "openssl, curl, git: Respect $NIX_SSL_CERT_FILE"
...
This reverts commit 942dbf89c6
. Sorry,
this was supposed to go to staging instead of master...
2016-10-14 16:01:54 +02:00
Eelco Dolstra
942dbf89c6
openssl, curl, git: Respect $NIX_SSL_CERT_FILE
...
$NIX_SSL_CERT_FILE overrides $SSL_CERT_FILE, which in turn overrides
the default CA path (/etc/ssl/certs/ca-certificates.crt). This allows
Nix to set a CA path without interfering with other packages (such as
Homebrew).
See https://github.com/NixOS/nix/issues/921 .
2016-10-14 12:06:10 +02:00
Robin Gloster
b743ddf8f9
sslscan: enable ssl2 checking
2016-10-12 14:36:41 +02:00
Franz Pletz
4d75c71f38
openssl: 1.0.2i -> 1.0.2j, 1.1.0a -> 1.1.0b
...
https://www.openssl.org/news/secadv/20160926.txt
2016-09-26 15:02:01 +02:00
Eelco Dolstra
ac03df96ba
openssl: 1.0.1t -> 1.0.1u, 1.0.2h -> 1.0.2i, 1.1.0 -> 1.1.0a
...
https://www.openssl.org/news/secadv/20160922.txt
2016-09-22 15:05:09 +02:00
Franz Pletz
c45bf3c43d
openssl-chacha: 2016-01-27 -> 2016-08-22
2016-09-05 22:50:57 +02:00
Tuomas Tynkkynen
a17216af4c
treewide: Shuffle outputs
...
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
obadz
ed01e0ca4f
openssl: fix merge conflict between b6dabe3
and 6e7ca92
2016-08-28 03:53:13 +01:00
obadz
3de6e5be50
Merge branch 'master' into staging
...
Conflicts:
pkgs/applications/misc/navit/default.nix
pkgs/applications/networking/mailreaders/alpine/default.nix
pkgs/applications/networking/mailreaders/realpine/default.nix
pkgs/development/compilers/ghc/head.nix
pkgs/development/libraries/openssl/default.nix
pkgs/games/liquidwar/default.nix
pkgs/games/spring/springlobby.nix
pkgs/os-specific/linux/kernel/perf.nix
pkgs/servers/sip/freeswitch/default.nix
pkgs/tools/archivers/cromfs/default.nix
pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Robin Gloster
b6dabe3df0
openssl_1_1_0: init at 1.1.0
2016-08-26 07:39:18 +00:00
Alexey Shmalko
6e7ca9272e
openssl: fix CVE-2016-2177
2016-08-23 03:41:03 +03:00
Peter Simons
8e462995ba
Bring my stdenv.lib.maintainers user name in line with my github nick.
2016-05-16 22:49:55 +02:00
Tuomas Tynkkynen
aadaa91379
Merge remote-tracking branch 'upstream/master' into staging
...
Conflicts:
pkgs/applications/networking/browsers/vivaldi/default.nix
pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Nathan Zadoks
bdafc6df04
openssl: 1.0.1s -> 1.0.1t, 1.0.2g -> 1.0.2h
...
CVE-2016-2108, high severity: Memory corruption in the ASN.1 encoder
CVE-2016-2107, high severity: Padding oracle in AES-NI CBC MAC check
CVE-2016-2105, low severity: EVP_EncodeUpdate overflow
CVE-2016-2106, low severity: EVP_EncryptUpdate overflow
CVE-2016-2109, low severity: ASN.1 BIO excessive memory allocation
CVE-2016-2176, low severity: EBCDIC overread
2016-05-03 10:54:15 -04:00
Tuomas Tynkkynen
26f90102b8
openssl: fix indentation
2016-04-25 18:19:40 +03:00
Tuomas Tynkkynen
f34655e28c
openssl-chacha: Split into multiple outputs
...
Mainly done because of this in all-packages.nix:
````
cipherscan = callPackage ../tools/security/cipherscan {
openssl = if stdenv.system == "x86_64-linux"
then openssl-chacha
else openssl;
};
````
... and inside cipherscan we want to refer to `openssl.bin`
2016-04-14 08:32:20 +03:00
Vladimír Čunát
ab15a62c68
Merge branch 'master' into closure-size
...
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Vladimír Čunát
09af15654f
Merge master into closure-size
...
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Eelco Dolstra
e0d17fdf10
openssl: Use 1.0.2 by default
...
Provided that not too much breaks, we should probably cherry-pick this
to 16.03, since the end of the 1.0.1 support window is a bit too close
to the expected lifetime of 16.0.3. @domenkozar
2016-03-01 15:25:53 +01:00
Eelco Dolstra
cdbd14a1a8
openssl: 1.0.1r -> 1.0.1s, 1.0.2f -> 1.0.2g
...
CVE-2016-0800
2016-03-01 15:18:57 +01:00
Eelco Dolstra
ef86e9506d
Untested fix for #13401
2016-02-24 14:01:20 +01:00
Vladimír Čunát
d039c87984
Merge branch 'master' into closure-size
2016-02-14 08:33:51 +01:00
Vladimír Čunát
a115bff08c
Merge branch 'master' into staging
2016-02-07 13:52:42 +01:00
Charles Strahan
4c57b932ab
cipherscan: init at rev 18b0d1b (Dec 17, 2015)
...
CipherScan is a simple way to find out which SSL ciphersuites are
supported by a target.
It can take advantage of the extra features in Peter Mosmans' openssl
fork (which is also included in this commit).
2016-02-03 12:01:24 -05:00
Vladimír Čunát
ae74c356d9
Merge recent 'staging' into closure-size
...
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Eelco Dolstra
917ca8920d
Move setting $SSL_CERT_FILE to stdenv
...
Doing it in an openssl setup hook only works if packages have openssl
as a build input - it doesn't work if they're using a program linked
against openssl.
2016-02-03 13:59:10 +01:00
Eelco Dolstra
cc2cec6300
openssl: Unify 1.0.1 and 1.0.2 expressions
2016-02-03 13:54:22 +01:00
Eelco Dolstra
788da6894f
openssl: Compile in /etc/ssl/certs/ca-certificates.crt
2016-02-03 13:45:05 +01:00
Guillaume Maudoux
9f358f809d
Configure a default trust store for openssl
2016-02-03 12:42:01 +01:00
Vladimír Čunát
de0af30716
Merge branch 'master' into staging
2016-01-29 10:19:48 +01:00
Vladimír Čunát
a92c2cb994
openssl_1_0_2: high-severity security update e -> f
...
Fixes CVE-2016-0701 and CVE-2015-3197.
2016-01-28 20:35:00 +01:00
Eelco Dolstra
2ecb6b4574
openssl: 1.0.1q -> 1.0.1r
...
CVE-2015-3197 (low severity)
2016-01-28 18:57:23 +01:00
Luca Bruno
5b0352a6a4
Merge branch 'master' into closure-size
2015-12-11 18:31:00 +01:00
codsl
51a5f49d70
openssl: security update 1.0.2d -> 1.0.2e
...
Fixes CVE-2015-3193, CVE-2015-3194, CVE-2015-3195 and CVE-2015-3196.
Close #11469 .
2015-12-05 11:32:49 +01:00
codsl
fb3b9f5f8b
openssl: security update 1.0.1p -> 1.0.1q
...
Fixes CVE-2015-3194 and CVE-2015-3195.
Taken from #11469 .
2015-12-05 11:25:27 +01:00
Vladimír Čunát
333d69a5f0
Merge staging into closure-size
...
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Matthias C. M. Troffaes
1c0b060295
openssl: use prefixed windres and ranlib for cross build
2015-11-04 08:48:38 +00:00
Vladimír Čunát
9fbb83b467
openssl: fixup after merge
2015-10-03 16:28:39 +02:00
Vladimír Čunát
f361938b21
Merge staging into closure-size
...
This makes gcc5 the default builder, etc.
2015-10-03 15:23:13 +02:00
Vladimír Čunát
5227fb1dd5
Merge commit staging+systemd into closure-size
...
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
William A. Kennington III
eae9889b82
openssl: Major bump 1.0.1 -> 1.0.2
2015-09-15 12:14:12 -07:00
Eelco Dolstra
e1f78bf677
More docs/manpages in separate outputs
2015-07-27 00:27:54 +02:00
Eelco Dolstra
5e156b9db7
openssl: Update to 1.0.2d
2015-07-09 15:17:14 +02:00
Eelco Dolstra
9539db1ec3
openssl: Update to 1.0.1p
2015-07-09 15:15:52 +02:00
William A. Kennington III
7f9a4957ee
openssl: Make 1.0.2 conform to the 1.0.1 derivation
2015-06-22 20:00:44 -07:00
William A. Kennington III
c6e512b80c
Merge branch 'master.upstream' into staging.upstream
2015-06-22 12:43:12 -07:00
Mike Sperber
bd003198b3
openssl: patch not needed anymore for darwin platform, closes #8456
...
The darwin-arch.patch that was needed for previous releases doesn't
apply, and also doesn't work anymore. It builds fine without.
2015-06-22 19:59:28 +02:00
William A. Kennington III
282d03befa
Merge branch 'master.upstream' into staging.upstream
2015-06-22 10:57:36 -07:00
William A. Kennington III
507bb016cc
openssl: Clean up the cross compile arguments
...
Also add a check to make sure we don't depend on perl in the output
2015-06-20 14:30:18 -07:00
Vladimír Čunát
f5cae29005
openssl-1.0.2: bug+security upate ( Fixes #8415 )
2015-06-20 09:10:54 +02:00
Peter Simons
b333a2cb19
openssl: remove some cruft
2015-06-16 14:19:25 +02:00
Eelco Dolstra
a4178b1b8a
openssl: Update to 1.0.1o
...
From https://www.openssl.org/news/openssl-1.0.1-notes.html :
"Fix HMAC ABI incompatibility"
2015-06-16 14:16:08 +02:00
Eelco Dolstra
415407bd93
openssl: Update to 1.0.1n
...
CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176
2015-06-11 18:32:13 +02:00
Eelco Dolstra
3aee39bb83
openssl: Fix removal of the ssl/misc scripts
...
This drops the dependency of $out on Perl.
(cherry picked from commit a5fb18473e
)
Signed-off-by: Domen Kožar <domen@dev.si>
Conflicts:
pkgs/development/libraries/openssl/default.nix
2015-06-01 11:01:57 +02:00
William A. Kennington III
867d2c5c46
openssl: Remove References to OPENSSL_X509_CERT_FILE
2015-05-31 15:50:51 -07:00
William A. Kennington III
afa5859716
openssl: Cleanup some old, untested patches
2015-05-29 16:08:27 -07:00
Peter Simons
d9cc38757a
openssl: add version 1.0.2a as attribute 'openssl_1_0_2'
...
We'll try switching our default version after the 15.06 release has been
branched off. Resolves https://github.com/NixOS/nixpkgs/issues/7970 .
2015-05-29 09:52:29 +02:00
Marko Durkovic
3f6949c3ef
cygwin: openssl for x86_64
2015-05-28 10:53:35 +02:00
Vladimír Čunát
bf414c9d4f
Merge 'staging' into closure-size
...
- there were many easy merge conflicts
- cc-wrapper needed nontrivial changes
Many other problems might've been created by interaction of the branches,
but stdenv and a few other packages build fine now.
2015-04-18 11:22:20 +02:00
Russell O'Connor
e2e4c1182e
Update OpenSSL dependency of bitcoin to be the latest OpenSSL.
...
Purge OpenSSL version 1.0.1j.
2015-03-21 17:49:42 -04:00
Vladimír Čunát
cd97c58110
openssl_1_0_1j: fix after updating the main version
2015-03-19 20:28:35 +01:00
Eelco Dolstra
2fe351c7e3
openssl: Update to 1.0.1m
...
Fixes various "Moderate" / "Low" CVEs:
http://openssl.org/news/secadv_20150319.txt
2015-03-19 15:57:17 +01:00
Domen Kožar
1fb78f8994
openssl: 1.0.1k -> 1.0.1l
2015-02-27 12:59:59 +01:00
Russell O'Connor
af3c4a2744
Bitcoin 0.9.3 won't work with OpenSSL 1.0.1k.
...
This patch restores OpenSSL 1.0.1j and builds Bitcoin against it.
2015-02-05 11:40:57 -05:00
Domen Kožar
dbbd849ce8
openssl: 1.0.1j -> 1.0.1k
...
(cherry picked from commit 70a7d4bd16454b8b27d404a109c615462cc4fa9e)
Signed-off-by: Domen Kožar <domen@dev.si>
2015-01-09 20:22:02 +01:00
Eelco Dolstra
09dc132e04
Merge remote-tracking branch 'origin/master' into staging
...
Conflicts:
pkgs/development/libraries/poppler/default.nix
2014-10-16 15:16:50 +02:00
Domen Kožar
c758ec756b
openssl: 1.0.1i -> 1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
2014-10-15 16:12:23 +02:00
Alexander Kjeldaas
e431a3e0b5
openssl: make it deterministic
2014-09-13 15:05:27 +02:00
Vladimír Čunát
a70180ba73
mutiout: make it builtin
2014-08-30 08:27:43 +02:00
Vladimír Čunát
fb59f27a43
WIP: getting good
2014-08-27 01:14:09 +02:00
Vladimír Čunát
4dccb224c5
WIP2
2014-08-26 01:10:56 +02:00
Vladimír Čunát
96cec2a7bd
Merge 'staging' into multiple-outputs
...
Conflicts:
pkgs/applications/audio/flac/default.nix
pkgs/build-support/gcc-wrapper/builder.sh
pkgs/development/libraries/apr-util/default.nix
pkgs/development/libraries/apr/default.nix
pkgs/development/libraries/atk/default.nix
pkgs/development/libraries/freetype/default.nix
pkgs/development/libraries/gdk-pixbuf/default.nix
pkgs/development/libraries/glib/default.nix
pkgs/development/libraries/glibc/2.17/builder.sh
pkgs/development/libraries/glibc/2.17/locales.nix
pkgs/development/libraries/libjpeg/default.nix
pkgs/development/libraries/libogg/default.nix
pkgs/development/libraries/libsamplerate/default.nix
pkgs/development/libraries/libtiff/default.nix
pkgs/development/libraries/libvorbis/default.nix
pkgs/development/libraries/mesa/default.nix
pkgs/development/libraries/pango/default.nix
pkgs/development/web/nodejs/default.nix
pkgs/os-specific/linux/pam/default.nix
pkgs/os-specific/linux/systemd/default.nix
pkgs/stdenv/generic/setup.sh
pkgs/stdenv/linux/default.nix
pkgs/top-level/all-packages.nix
pkgs/top-level/release-small.nix
2014-08-23 16:04:53 +02:00
Vladimír Čunát
d1ed0f44cd
Merge #2823 : better cygwin support, also add x86_64
...
Conflicts (easy):
pkgs/development/interpreters/perl/5.16/default.nix
2014-08-14 20:38:09 +02:00
Peter Simons
5c276c4f68
openssl: update to version 1.0.1i
...
See https://www.openssl.org/news/secadv_20140806.txt for a long list of CVE numbers.
Fixes <https://github.com/NixOS/nixpkgs/issues/3485 >.
2014-08-08 09:46:57 +02:00
Domen Kožar
15f092d7a7
openssl: 1.0.1g -> 1.0.1h
...
CVE-2014-0224
CVE-2014-0221
CVE-2014-0195
CVE-2014-0198
CVE-2010-5298
CVE-2014-3470
2014-06-05 14:32:11 +02:00
Sander van der Burg
9ec52d6323
Fixes to make basic builds on Cygwin work again + additions to support x86_64-cygwin
2014-05-29 14:47:07 +02:00
aszlig
625d7b9043
Merge pull request #1928 from 'cross-win-osx'.
...
This includes a lot of fixes for cross-building to Windows and Mac OS X
and could possibly fix things even for non-cross-builds, like for
example OpenSSL on Windows.
The main reason for merging this in 14.04 already is that we already
have runInWindowsVM in master and it doesn't work until we actually
cross-build Cygwin's setup binary as the upstream version is a fast
moving target which gets _overwritten_ on every new release.
Conflicts:
pkgs/top-level/all-packages.nix
2014-04-21 10:00:35 +02:00
Domen Kožar
1140f06e0f
openssl: 1.0.1f -> 1.0.1g
...
CVE-2014-0160, CVE-2014-0076
2014-04-07 20:33:38 +02:00
aszlig
c7bac81c66
Merge 'mingw-w64' and 'darwin' into cross-win-osx.
...
Both branches have quite a lot in common, so it's time for a merge and
do the cleanups with respect to both implementations and also generalize
both implementations as much as possible.
This also closes #1876 .
Conflicts:
pkgs/development/interpreters/lua-5/5.2.nix
pkgs/development/libraries/SDL/default.nix
pkgs/development/libraries/glew/default.nix
pkgs/top-level/all-packages.nix
2014-03-12 10:16:51 +01:00
aszlig
5e95800f26
openssl: Use Darwin patch for cross-builds too.
...
Might be better to have something like stdenv.isDarwinTarget, which can
be used to test for native Darwin _and_ cross-built Darwin as a target.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:47 +01:00
aszlig
30962765e0
openssl/cross: Fix build for Darwin.
...
This is just a minor fix, because when using "darwin64-x86_64-cc" for
config.openssl.system, the OpenSSL build scripts try to compile with
$prefix-cc, which is not available with the gcc-cross-wrapper.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-03-12 10:00:47 +01:00
aszlig
60a2fc1fec
openssl: Fix Windows compat in cert-file.patch.
...
In Windows there is no get(e)uid() call available, so the build fails.
The patch now checks whether OPENSSL_SYS_WINDOWS is defined and only
uses those calls if _not_ on Windows.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-02-24 07:26:22 +01:00
Eelco Dolstra
340b6ab649
openssl: Update to 1.0.1f
...
CVE-2013-6449, CVE-2013-6450, CVE-2013-4353.
2014-01-07 09:40:35 +01:00
Eelco Dolstra
2cfeca153c
openssl, cups: Fix stripping libraries
2013-06-12 16:10:54 +02:00
Eelco Dolstra
2c9fa33521
openssl: Split header files from the libraries
2013-06-11 14:28:49 +02:00
Eelco Dolstra
a5fb18473e
openssl: Fix removal of the ssl/misc scripts
...
This drops the dependency of $out on Perl.
2013-06-11 12:39:32 +02:00
Eelco Dolstra
99b88cfb53
Merge remote-tracking branch 'origin/master' into multiple-outputs
...
Conflicts:
pkgs/development/libraries/acl/default.nix
pkgs/development/libraries/atk/2.6.x.nix
pkgs/development/libraries/attr/default.nix
pkgs/development/libraries/cairo/default.nix
pkgs/development/libraries/freetype/default.nix
pkgs/development/libraries/glib/2.34.x.nix
pkgs/development/libraries/gtk+/2.24.x.nix
pkgs/development/libraries/libtiff/default.nix
pkgs/development/libraries/openssl/default.nix
pkgs/development/libraries/pango/1.30.x.nix
pkgs/misc/cups/default.nix
pkgs/os-specific/linux/util-linux/default.nix
pkgs/servers/x11/xorg/builder.sh
pkgs/servers/x11/xorg/default.nix
pkgs/top-level/all-packages.nix
2013-06-09 00:41:27 +02:00
Danny Wilson
cf42601f92
Coreutils update and Illumos compatibility fixes.
...
- GNU Coreutils 8.21
- Add is64Bit checks to stdenv for Solaris.
- Fix OpenSSL Illumos build.
2013-02-28 20:04:01 +01:00
Peter Simons
e259e52a7d
openssl: update to version 1.0.1e
2013-02-18 11:53:57 +01:00
Eelco Dolstra
ab3eeabfed
Rename buildNativeInputs -> nativeBuildInputs
...
Likewise for propagatedBuildNativeInputs, etc. "buildNativeInputs"
sounds like an imperative rather than a noun phrase.
2012-12-28 19:20:09 +01:00