WilliButz
01a4d957dd
openssl: enable parallel building
...
There is no improvement for the build duration of openssl 1.0
but the one of openssl 1.1 is reduced significantly.
2018-04-20 14:55:01 +02:00
Andreas Rammhold
72110322c0
openssl_1_1_0: 1.1.0g -> 1.1.0h (fixes CVE-2018-0739, CVE-2017-3738)
...
Also fixes CVE-2018-0733 but we do not support HP-UX to my knowledge :-)
Announcement at [1].
[1] https://www.openssl.org/news/secadv/20180327.txt
2018-03-27 21:31:59 +02:00
Andreas Rammhold
4bf9b4a328
openssl: 1.0.2n -> 1.0.2o (fixes CVE-2017-3738, CVE-2018-0739)
...
Announcement can be found at [1].
[1] https://www.openssl.org/news/secadv/20180327.txt
2018-03-27 21:31:41 +02:00
Will Dietz
cccf48ca0c
openssl: isMusl
2018-02-13 09:44:50 -06:00
Will Dietz
6593d882a9
openssl: fix cross, ensure 'Configure' has shebang patched
2018-02-13 09:44:49 -06:00
Will Dietz
aa00d53708
openssl 1.1.0: disable 'async' bits relating to setcontext/etc on musl
2018-02-13 09:44:49 -06:00
John Ericson
57b01b1bcf
lib, openssl: Get rid of openssl.system
...
We compute it on the fly, careful to avoid any mass rebuilds for now.
2018-01-26 21:22:00 -05:00
adisbladis
4cc3510a92
openssl_1_1_0: Fix CVE-2017-3738
2018-01-07 14:48:24 +01:00
Andreas Rammhold
0841f14a8f
openssl_1_0_2: 1.0.2m -> 1.0.2n (CVE-2017-3737, CVE-2017-3738)
...
See [1] for more details
[1] https://www.openssl.org/news/secadv/20171207.txt
2017-12-09 13:15:00 +01:00
Graham Christensen
e06dbe4f5b
openssl: fix nix patch for recent update
2017-11-02 15:16:41 -04:00
Graham Christensen
5e2d96deb3
openssl_1_1_0: 1.1.0f -> 1.1.0g
2017-11-02 14:44:04 -04:00
Graham Christensen
7726b46027
openssl_1_0_2: 1.0.2l -> 1.0.2m
2017-11-02 14:40:25 -04:00
Matthew Bauer
269f057be3
openssl: use https for homepage
2017-08-17 15:04:22 -07:00
georgewhewell
e85a855d2c
openssl 1_1_0: fix build on aarch64
2017-08-06 20:38:32 +02:00
Eelco Dolstra
c23dcd72a0
Enable some more debug info
2017-07-05 16:04:54 +02:00
John Ericson
16be434b0b
Merge accepted cross compilation PRs into staging
2017-06-28 23:17:21 -04:00
John Ericson
60eff17b27
openssl: cc-wrapper can be relied on to export these env vars
2017-06-28 18:31:37 -04:00
David McFarland
c580ab4fcf
openssl: fix cygwin build
2017-06-26 09:33:22 -03:00
Vladimír Čunát
ae6df000d0
Merge branch 'master' into staging
2017-06-07 18:11:27 +02:00
Tim Steinbach
67c1f0e65a
openssl: 1.0.2k -> 1.0.2l
...
cc #26435
2017-06-07 06:17:45 +02:00
Tim Steinbach
a64194f9d4
openssl: 1.1.0e -> 1.1.0f
2017-06-06 18:46:40 -04:00
David McFarland
2c006ca805
Revert "openssl: add custom build of 1.0.2 for steam"
...
No longer necessary. See https://github.com/NixOS/nixpkgs/pull/23034#issuecomment-291005754
This reverts commit a50784b34e
.
2017-04-03 09:04:44 +02:00
Guillaume Maudoux
c86f05e7ce
openssl: default to default profile CA on darwin
2017-03-22 12:09:09 +01:00
Domen Kožar
c3c9412c7d
git, openssl, curl: Respect $NIX_SSL_CERT_FILE
...
Slightly modified version of 942dbf89c6
2017-03-20 14:11:20 +01:00
Matthew Maurer
0d2ba7ef2b
openssl: 1.1.0d -> 1.1.0e for High severity CVE-2017-3733
2017-02-16 09:16:41 -05:00
Robin Gloster
426b61a1c7
openssl_1_0_1: remove
2017-01-27 21:29:53 +01:00
Franz Pletz
6626b62241
openssl_1_0_1: not maintained anymore, rename as -vulnerable
...
This is not maintained anymore upstream but is still used by sslscan.
Until this package is updated or fixed, we'll keep it around under
the unambiguous name openssl_1_0_1-vulnerable.
2017-01-26 15:41:07 +01:00
Franz Pletz
49bfd6068d
openssl_1_1_0: 1.1.0c -> 1.1.0d for multiple CVEs
...
Fixes:
* CVE-2017-3731
* CVE-2017-3730
* CVE-2017-3732
* CVE-2016-7055
2017-01-26 15:38:42 +01:00
Franz Pletz
434c15193a
openssl_1_0_2: 1.0.2j -> 1.0.2k for multiple CVEs
...
Fixes:
* CVE-2017-3731
* CVE-2017-3730
* CVE-2017-3732
* CVE-2016-7055
2017-01-26 15:38:33 +01:00
John Ericson
94df8e7e4d
openssl: Output-santizing hack properly uses native perl again
2017-01-24 11:37:56 -05:00
Graham Christensen
bb2a67d226
openssl_1_1_0: 1.1.0b -> 1.1.0c
2016-11-11 07:11:29 -05:00
David McFarland
a50784b34e
openssl: add custom build of 1.0.2 for steam
2016-11-09 21:18:32 -04:00
Eelco Dolstra
811b876fab
Revert "openssl, curl, git: Respect $NIX_SSL_CERT_FILE"
...
This reverts commit 942dbf89c6
. Sorry,
this was supposed to go to staging instead of master...
2016-10-14 16:01:54 +02:00
Eelco Dolstra
942dbf89c6
openssl, curl, git: Respect $NIX_SSL_CERT_FILE
...
$NIX_SSL_CERT_FILE overrides $SSL_CERT_FILE, which in turn overrides
the default CA path (/etc/ssl/certs/ca-certificates.crt). This allows
Nix to set a CA path without interfering with other packages (such as
Homebrew).
See https://github.com/NixOS/nix/issues/921 .
2016-10-14 12:06:10 +02:00
Robin Gloster
b743ddf8f9
sslscan: enable ssl2 checking
2016-10-12 14:36:41 +02:00
Franz Pletz
4d75c71f38
openssl: 1.0.2i -> 1.0.2j, 1.1.0a -> 1.1.0b
...
https://www.openssl.org/news/secadv/20160926.txt
2016-09-26 15:02:01 +02:00
Eelco Dolstra
ac03df96ba
openssl: 1.0.1t -> 1.0.1u, 1.0.2h -> 1.0.2i, 1.1.0 -> 1.1.0a
...
https://www.openssl.org/news/secadv/20160922.txt
2016-09-22 15:05:09 +02:00
Franz Pletz
c45bf3c43d
openssl-chacha: 2016-01-27 -> 2016-08-22
2016-09-05 22:50:57 +02:00
Tuomas Tynkkynen
a17216af4c
treewide: Shuffle outputs
...
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
obadz
ed01e0ca4f
openssl: fix merge conflict between b6dabe3
and 6e7ca92
2016-08-28 03:53:13 +01:00
obadz
3de6e5be50
Merge branch 'master' into staging
...
Conflicts:
pkgs/applications/misc/navit/default.nix
pkgs/applications/networking/mailreaders/alpine/default.nix
pkgs/applications/networking/mailreaders/realpine/default.nix
pkgs/development/compilers/ghc/head.nix
pkgs/development/libraries/openssl/default.nix
pkgs/games/liquidwar/default.nix
pkgs/games/spring/springlobby.nix
pkgs/os-specific/linux/kernel/perf.nix
pkgs/servers/sip/freeswitch/default.nix
pkgs/tools/archivers/cromfs/default.nix
pkgs/tools/graphics/plotutils/default.nix
2016-08-27 23:54:54 +01:00
Robin Gloster
b6dabe3df0
openssl_1_1_0: init at 1.1.0
2016-08-26 07:39:18 +00:00
Alexey Shmalko
6e7ca9272e
openssl: fix CVE-2016-2177
2016-08-23 03:41:03 +03:00
Peter Simons
8e462995ba
Bring my stdenv.lib.maintainers user name in line with my github nick.
2016-05-16 22:49:55 +02:00
Tuomas Tynkkynen
aadaa91379
Merge remote-tracking branch 'upstream/master' into staging
...
Conflicts:
pkgs/applications/networking/browsers/vivaldi/default.nix
pkgs/misc/emulators/wine/base.nix
2016-05-03 23:12:48 +03:00
Nathan Zadoks
bdafc6df04
openssl: 1.0.1s -> 1.0.1t, 1.0.2g -> 1.0.2h
...
CVE-2016-2108, high severity: Memory corruption in the ASN.1 encoder
CVE-2016-2107, high severity: Padding oracle in AES-NI CBC MAC check
CVE-2016-2105, low severity: EVP_EncodeUpdate overflow
CVE-2016-2106, low severity: EVP_EncryptUpdate overflow
CVE-2016-2109, low severity: ASN.1 BIO excessive memory allocation
CVE-2016-2176, low severity: EBCDIC overread
2016-05-03 10:54:15 -04:00
Tuomas Tynkkynen
26f90102b8
openssl: fix indentation
2016-04-25 18:19:40 +03:00
Tuomas Tynkkynen
f34655e28c
openssl-chacha: Split into multiple outputs
...
Mainly done because of this in all-packages.nix:
````
cipherscan = callPackage ../tools/security/cipherscan {
openssl = if stdenv.system == "x86_64-linux"
then openssl-chacha
else openssl;
};
````
... and inside cipherscan we want to refer to `openssl.bin`
2016-04-14 08:32:20 +03:00
Vladimír Čunát
ab15a62c68
Merge branch 'master' into closure-size
...
Beware that stdenv doesn't build. It seems something more will be needed
than just resolution of merge conflicts.
2016-04-01 10:06:01 +02:00
Vladimír Čunát
09af15654f
Merge master into closure-size
...
The kde-5 stuff still didn't merge well.
I hand-fixed what I saw, but there may be more problems.
2016-03-08 09:58:19 +01:00
Eelco Dolstra
e0d17fdf10
openssl: Use 1.0.2 by default
...
Provided that not too much breaks, we should probably cherry-pick this
to 16.03, since the end of the 1.0.1 support window is a bit too close
to the expected lifetime of 16.0.3. @domenkozar
2016-03-01 15:25:53 +01:00
Eelco Dolstra
cdbd14a1a8
openssl: 1.0.1r -> 1.0.1s, 1.0.2f -> 1.0.2g
...
CVE-2016-0800
2016-03-01 15:18:57 +01:00
Eelco Dolstra
ef86e9506d
Untested fix for #13401
2016-02-24 14:01:20 +01:00
Vladimír Čunát
d039c87984
Merge branch 'master' into closure-size
2016-02-14 08:33:51 +01:00
Vladimír Čunát
a115bff08c
Merge branch 'master' into staging
2016-02-07 13:52:42 +01:00
Charles Strahan
4c57b932ab
cipherscan: init at rev 18b0d1b (Dec 17, 2015)
...
CipherScan is a simple way to find out which SSL ciphersuites are
supported by a target.
It can take advantage of the extra features in Peter Mosmans' openssl
fork (which is also included in this commit).
2016-02-03 12:01:24 -05:00
Vladimír Čunát
ae74c356d9
Merge recent 'staging' into closure-size
...
Let's get rid of those merge conflicts.
2016-02-03 16:57:19 +01:00
Eelco Dolstra
917ca8920d
Move setting $SSL_CERT_FILE to stdenv
...
Doing it in an openssl setup hook only works if packages have openssl
as a build input - it doesn't work if they're using a program linked
against openssl.
2016-02-03 13:59:10 +01:00
Eelco Dolstra
cc2cec6300
openssl: Unify 1.0.1 and 1.0.2 expressions
2016-02-03 13:54:22 +01:00
Eelco Dolstra
788da6894f
openssl: Compile in /etc/ssl/certs/ca-certificates.crt
2016-02-03 13:45:05 +01:00
Guillaume Maudoux
9f358f809d
Configure a default trust store for openssl
2016-02-03 12:42:01 +01:00
Vladimír Čunát
de0af30716
Merge branch 'master' into staging
2016-01-29 10:19:48 +01:00
Vladimír Čunát
a92c2cb994
openssl_1_0_2: high-severity security update e -> f
...
Fixes CVE-2016-0701 and CVE-2015-3197.
2016-01-28 20:35:00 +01:00
Eelco Dolstra
2ecb6b4574
openssl: 1.0.1q -> 1.0.1r
...
CVE-2015-3197 (low severity)
2016-01-28 18:57:23 +01:00
Luca Bruno
5b0352a6a4
Merge branch 'master' into closure-size
2015-12-11 18:31:00 +01:00
codsl
51a5f49d70
openssl: security update 1.0.2d -> 1.0.2e
...
Fixes CVE-2015-3193, CVE-2015-3194, CVE-2015-3195 and CVE-2015-3196.
Close #11469 .
2015-12-05 11:32:49 +01:00
codsl
fb3b9f5f8b
openssl: security update 1.0.1p -> 1.0.1q
...
Fixes CVE-2015-3194 and CVE-2015-3195.
Taken from #11469 .
2015-12-05 11:25:27 +01:00
Vladimír Čunát
333d69a5f0
Merge staging into closure-size
...
The most complex problems were from dealing with switches reverted in
the meantime (gcc5, gmp6, ncurses6).
It's likely that darwin is (still) broken nontrivially.
2015-11-20 14:32:58 +01:00
Matthias C. M. Troffaes
1c0b060295
openssl: use prefixed windres and ranlib for cross build
2015-11-04 08:48:38 +00:00
Vladimír Čunát
9fbb83b467
openssl: fixup after merge
2015-10-03 16:28:39 +02:00
Vladimír Čunát
f361938b21
Merge staging into closure-size
...
This makes gcc5 the default builder, etc.
2015-10-03 15:23:13 +02:00
Vladimír Čunát
5227fb1dd5
Merge commit staging+systemd into closure-size
...
Many non-conflict problems weren't (fully) resolved in this commit yet.
2015-10-03 13:33:37 +02:00
William A. Kennington III
eae9889b82
openssl: Major bump 1.0.1 -> 1.0.2
2015-09-15 12:14:12 -07:00
Eelco Dolstra
e1f78bf677
More docs/manpages in separate outputs
2015-07-27 00:27:54 +02:00
Eelco Dolstra
5e156b9db7
openssl: Update to 1.0.2d
2015-07-09 15:17:14 +02:00
Eelco Dolstra
9539db1ec3
openssl: Update to 1.0.1p
2015-07-09 15:15:52 +02:00
William A. Kennington III
7f9a4957ee
openssl: Make 1.0.2 conform to the 1.0.1 derivation
2015-06-22 20:00:44 -07:00
William A. Kennington III
c6e512b80c
Merge branch 'master.upstream' into staging.upstream
2015-06-22 12:43:12 -07:00
Mike Sperber
bd003198b3
openssl: patch not needed anymore for darwin platform, closes #8456
...
The darwin-arch.patch that was needed for previous releases doesn't
apply, and also doesn't work anymore. It builds fine without.
2015-06-22 19:59:28 +02:00
William A. Kennington III
282d03befa
Merge branch 'master.upstream' into staging.upstream
2015-06-22 10:57:36 -07:00
William A. Kennington III
507bb016cc
openssl: Clean up the cross compile arguments
...
Also add a check to make sure we don't depend on perl in the output
2015-06-20 14:30:18 -07:00
Vladimír Čunát
f5cae29005
openssl-1.0.2: bug+security upate ( Fixes #8415 )
2015-06-20 09:10:54 +02:00
Peter Simons
b333a2cb19
openssl: remove some cruft
2015-06-16 14:19:25 +02:00
Eelco Dolstra
a4178b1b8a
openssl: Update to 1.0.1o
...
From https://www.openssl.org/news/openssl-1.0.1-notes.html :
"Fix HMAC ABI incompatibility"
2015-06-16 14:16:08 +02:00
Eelco Dolstra
415407bd93
openssl: Update to 1.0.1n
...
CVE-2015-4000, CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1792, CVE-2015-1791, CVE-2014-8176
2015-06-11 18:32:13 +02:00
Eelco Dolstra
3aee39bb83
openssl: Fix removal of the ssl/misc scripts
...
This drops the dependency of $out on Perl.
(cherry picked from commit a5fb18473e
)
Signed-off-by: Domen Kožar <domen@dev.si>
Conflicts:
pkgs/development/libraries/openssl/default.nix
2015-06-01 11:01:57 +02:00
William A. Kennington III
867d2c5c46
openssl: Remove References to OPENSSL_X509_CERT_FILE
2015-05-31 15:50:51 -07:00
William A. Kennington III
afa5859716
openssl: Cleanup some old, untested patches
2015-05-29 16:08:27 -07:00
Peter Simons
d9cc38757a
openssl: add version 1.0.2a as attribute 'openssl_1_0_2'
...
We'll try switching our default version after the 15.06 release has been
branched off. Resolves https://github.com/NixOS/nixpkgs/issues/7970 .
2015-05-29 09:52:29 +02:00
Marko Durkovic
3f6949c3ef
cygwin: openssl for x86_64
2015-05-28 10:53:35 +02:00
Vladimír Čunát
bf414c9d4f
Merge 'staging' into closure-size
...
- there were many easy merge conflicts
- cc-wrapper needed nontrivial changes
Many other problems might've been created by interaction of the branches,
but stdenv and a few other packages build fine now.
2015-04-18 11:22:20 +02:00
Russell O'Connor
e2e4c1182e
Update OpenSSL dependency of bitcoin to be the latest OpenSSL.
...
Purge OpenSSL version 1.0.1j.
2015-03-21 17:49:42 -04:00
Vladimír Čunát
cd97c58110
openssl_1_0_1j: fix after updating the main version
2015-03-19 20:28:35 +01:00
Eelco Dolstra
2fe351c7e3
openssl: Update to 1.0.1m
...
Fixes various "Moderate" / "Low" CVEs:
http://openssl.org/news/secadv_20150319.txt
2015-03-19 15:57:17 +01:00
Domen Kožar
1fb78f8994
openssl: 1.0.1k -> 1.0.1l
2015-02-27 12:59:59 +01:00
Russell O'Connor
af3c4a2744
Bitcoin 0.9.3 won't work with OpenSSL 1.0.1k.
...
This patch restores OpenSSL 1.0.1j and builds Bitcoin against it.
2015-02-05 11:40:57 -05:00
Domen Kožar
dbbd849ce8
openssl: 1.0.1j -> 1.0.1k
...
(cherry picked from commit 70a7d4bd16454b8b27d404a109c615462cc4fa9e)
Signed-off-by: Domen Kožar <domen@dev.si>
2015-01-09 20:22:02 +01:00
Eelco Dolstra
09dc132e04
Merge remote-tracking branch 'origin/master' into staging
...
Conflicts:
pkgs/development/libraries/poppler/default.nix
2014-10-16 15:16:50 +02:00
Domen Kožar
c758ec756b
openssl: 1.0.1i -> 1.0.1j (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568)
2014-10-15 16:12:23 +02:00
Alexander Kjeldaas
e431a3e0b5
openssl: make it deterministic
2014-09-13 15:05:27 +02:00