John Ericson
d0e7867130
openssl: Add meta.pkgConfigModules
and test
2023-02-13 10:24:55 -05:00
Vladimír Čunát
f1fefd41d3
Merge #215143 : openssl_1_1: 1.1.1s -> 1.1.1t
...
...into staging-next
2023-02-07 17:35:30 +01:00
Martin Weinelt
faa4d60e7f
openssl_1_1: 1.1.1s -> 1.1.1t
...
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1t/NEWS
Fixes: CVE-2023-0286, CVE-2023-0215, CVE-2022-4450, CVE-2022-4304
2023-02-07 17:21:01 +01:00
Martin Weinelt
15cf84feea
openssl: 3.0.7 -> 3.0.8
...
https://github.com/openssl/openssl/blob/openssl-3.0.8/NEWS.md
Fixes: CVE-2023-0401, CVE-2023-0286, CVE-2023-0217, CVE-2023-0216,
CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-4203,
CVE-2022-3996
2023-02-07 17:02:33 +01:00
ajs124
fa8c56b8c7
openssl_3: patch CVE-2022-3996
...
https://www.openssl.org/news/secadv/20221213.txt
2022-12-13 17:34:42 +01:00
Linus Heckemann
f984417f86
Merge pull request #204165 from lheckemann/openssl-cross-fix
...
openssl: clean up configure script decision
2022-12-07 15:59:49 +01:00
Linus Heckemann
b7d5205f1a
openssl: clean up configure script decision
...
This also fixes the build for big-endian MIPS systems.
2022-12-02 23:09:13 +01:00
Martin Weinelt
53d777c56f
Merge pull request #202126 from helsinki-systems/init/openssl_legacy
2022-11-26 23:47:31 +01:00
Artturi
821e146f51
Merge pull request #185176 from amjoseph-nixpkgs/pr/openssl/mips32
...
openssl: Rosetta Stone entry for mips32
2022-11-21 21:44:14 +02:00
ajs124
1996190b65
openssl_legacy: init
...
openssl_3, but with a openssl.cnf that enables legacy ciphers
this way we can migrate away from openssl_1_1, while not breaking
applications relying on deprecated stuff
2022-11-21 13:46:00 +01:00
Vladimír Čunát
b15a637819
Merge #199009 : openssl_1_1: 1.1.1q -> 1.1.1s
...
...into staging
2022-11-05 16:59:07 +01:00
Vladimír Čunát
70ca403dc2
openssl(_3): enable KTLS only on Linux
...
This fixes build on *-darwin.
2022-11-02 09:33:15 +01:00
Vladimír Čunát
6aa0c5e918
openssl_1_1: drop a long unused patch
2022-11-01 18:46:44 +01:00
Vladimír Čunát
32ebb91f4b
openssl_1_1: 1.1.1q -> 1.1.1s
...
I believe this double version jump includes no security fixes.
2022-11-01 17:29:35 +01:00
Martin Weinelt
eeca5969b3
openssl: 3.0.5 -> 3.0.7
...
Fixes: CVE-2022-3786, CVE-2022-3602
Co-Authored-By: Andreas Schrägle <git@ajs124.de>
2022-11-01 16:44:23 +01:00
ajs124
0755f8c8f8
Revert "openssl: 3.0.5 -> 3.0.6"
...
This reverts commit 0c743ca36f
.
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html
2022-10-13 18:10:42 +02:00
ajs124
b30d687dd0
Revert "openssl: 1.1.1q -> 1.1.1r"
...
This reverts commit 0bf7095945
.
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000237.html
2022-10-13 18:10:13 +02:00
Martin Weinelt
4828dc9d9b
Merge remote-tracking branch 'helsinki-systems/upd/openssl' into staging
2022-10-12 02:20:45 +02:00
ajs124
0bf7095945
openssl: 1.1.1q -> 1.1.1r
...
bugfix release, does not fix any security issues
2022-10-11 22:29:58 +02:00
ajs124
0c743ca36f
openssl: 3.0.5 -> 3.0.6
...
fixes CVE-2022-3358
https://www.openssl.org/news/secadv/20221011.txt
2022-10-11 17:00:34 +02:00
Sandro Jäckel
33944d5ddd
openssl: fix static cross compilation
2022-09-20 16:25:47 +02:00
ajs124
075b852820
openssl: versionAtLeast 1.1.0 -> 1.1.1
...
we don't have/support 1.1.0 anymore, so 1.1.1 is the new minimum
2022-08-17 20:16:18 +02:00
ajs124
c6de1d4b24
openssl: fix static build
...
https://mta.openssl.org/pipermail/openssl-users/2022-February/014906.html
2022-08-17 20:16:18 +02:00
Adam Joseph
a381f9bccf
openssl: Rosetta Stone entry for mips32
2022-08-04 21:22:27 -07:00
Robert
649646d7b7
openssl: split runtime dependencies of static builds into a separate output ( #182444 )
2022-07-23 17:06:06 -04:00
Martin Weinelt
82da6eb46d
openssl_1_1: 1.1.1p -> 1.1.1q
...
https://www.openssl.org/news/secadv/20220705.txt
Fixes: CVE-2022-2097
2022-07-05 23:14:13 +02:00
Martin Weinelt
1dbf7b45e2
openssl_3: 3.0.4 -> 3.0.5
...
https://www.openssl.org/news/secadv/20220705.txt
We already acted on the first public disclosure, so this release removes
the previous patch and upgrades to the release including the fix.
Related: CVE-2022-2274
Fixes: CVE-2022-2097
2022-07-05 23:14:10 +02:00
Vladimír Čunát
0c4852c7bc
Merge #179333 : openssl_3_0: fix apparent x86_64 AVX512 RCE
2022-06-28 01:01:42 +02:00
Martin Weinelt
62b05d9742
Merge remote-tracking branch 'origin/master' into staging-next
2022-06-27 23:50:37 +02:00
Alyssa Ross
fd6a8fb894
openssl_3: rename from openssl_3_0
...
With their new versioning scheme, OpenSSL have committed[1] to API and
ABI compatibility for the whole 3.x.x release series, so we shouldn't
be overly specific in our attribute name.
[1]: https://www.openssl.org/blog/blog/2018/11/28/version/
2022-06-27 13:35:16 +00:00
Alyssa Ross
c59d1ebd6e
openssl_3_0: fix apparent x86_64 AVX512 RCE
...
Has been applied upstream. No CVE.
2022-06-27 13:14:30 +00:00
Martin Weinelt
deb8ef1162
openssl_3_0: 3.0.3 -> 3.0.4
...
Fixes additional sanitization issues in the c_rehash script.
https://mta.openssl.org/pipermail/openssl-announce/2022-June/000227.html
Fixes: CVE-2022-2068
2022-06-21 18:02:47 +02:00
Martin Weinelt
0c21382922
openssl_1_1: 1.1.1o -> 1.1.1p
...
Fixes additional sanitization issues in the c_rehash script.
https://mta.openssl.org/pipermail/openssl-announce/2022-June/000226.html
Fixes: CVE-2022-2068
2022-06-21 18:02:47 +02:00
Jörg Thalheim
cc60c24909
openssl: disable ct feature in static mode ( #173288 )
...
For static binaries to be relocatable, they can't depend on data files.
Co-authored-by: zimbatm <zimbatm@zimbatm.com>
2022-05-17 11:42:46 +02:00
github-actions[bot]
16684f8bd3
Merge master into staging-next
2022-05-04 12:01:10 +00:00
Martin Weinelt
c62eceb91e
openssl_3_0: 3.0.2 -> 3.0.3
...
- The c_rehash script allows command injection (CVE-2022-1292)
- OCSP_basic_verify may incorrectly verify the response signing
certificate (CVE-2022-1343)
- Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
- Resource leakage when decoding certificates and keys (CVE-2022-1473)
https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html
Fixes: CVE-2022-1292, CVE-2022-1343, CVE-2022-1434, CVE-2022-1473
2022-05-04 07:17:01 +02:00
Martin Weinelt
a7be3b2607
openssl_1_1: 1.1.1n -> 1.1.1o
...
Fixes command injection in the c_rehash script, which at the same time
is also considered obsolete and should be replaced by openssl rehash.
https://mta.openssl.org/pipermail/openssl-announce/2022-May/000224.html
Fixes: CVE-2022-1292
2022-05-03 18:05:18 +02:00
sternenseemann
a985b2bd99
Merge pull request #165746 from a-m-joseph/openssl-fix-mips64-abi-detection-when-not-cross-compiling
...
openssl: fix mips64 abi detection when not cross compiling
2022-04-11 22:41:29 +02:00
Adam Joseph
77d6781cdc
openssl: specify the ABI explicitly on mips64
...
When *not* cross-compiling, OpenSSL will not attempt to detect the
host ABI. For mips64, the OpenSSL authors have chosen to assume that
the n32 ABI is used.
Since nixpkgs knows the correct ABI based on stdenv.hostPlatform,
let's pass this information to OpenSSL explicitly.
At the moment (bootstrappable) nixpkgs on mips64 can only be used with
the n64 ABI due to the fact that boost-context (required by nix) does
not support the n32 ABI. Without this commit the openssl expression
can be cross-compiled to a mips64 host, but a mips64 host cannot
self-compile the expression due to OpenSSL's incorrect assumption.
https://github.com/NixOS/nixpkgs/pull/165746#pullrequestreview-924423243
2022-04-11 11:23:19 -07:00
ajs124
49c51cdd51
openssl_1_0_2: drop
2022-04-04 15:37:05 +01:00
ajs124
0fae27376d
cipherscan: drop
2022-04-04 15:10:43 +01:00
Martin Weinelt
72bb369245
openssl_1_1: 1.1.1m -> 1.1.1n
...
https://github.com/openssl/openssl/blob/OpenSSL_1_1_1n/CHANGES#L10
Fixes: CVE-2022-0778
2022-03-15 16:39:33 +01:00
Martin Weinelt
384a708e6d
openssl_3_0: 3.0.1 -> 3.0.2
...
https://github.com/openssl/openssl/blob/openssl-3.0.2/CHANGES.md#changes-between-301-and-302-15-mar-2022
Fixes: CVE-2022-0778
2022-03-15 16:38:56 +01:00
Tom McLaughlin
d01b2cc71b
openssl: remove assert restricting withPerl=false ( #156949 )
2022-01-27 00:41:18 -05:00
taku0
7ab79bff9f
openssl: remove with lib
...
See https://github.com/NixOS/nixpkgs/pull/150733/files#r785279764
2022-01-20 09:19:19 -08:00
taku0
4a7fa6456d
openssl_1_1: fix build on Darwin
...
See https://github.com/NixOS/nixpkgs/pull/150733/files#r785279118
2022-01-20 09:19:19 -08:00
Dmitry Kalinkin
2ddda43924
Merge branch 'staging' into staging-next
...
Conflicts:
pkgs/os-specific/linux/kernel/common-config.nix
2021-12-25 17:16:26 -05:00
7c6f434c
b0f154fd44
Merge pull request #147027 from Izorkin/update-nginx-ktls
...
nginxMainline: enable ktls support
2021-12-24 10:23:17 +00:00
Martin Weinelt
8cd976ffdb
Merge pull request #150733 from mweinelt/openssl
2021-12-21 03:33:37 +01:00
Martin Weinelt
29f216c48a
openssl_1_1: 1.1.1l -> 1.1.1m
2021-12-18 15:39:12 +01:00