Commit Graph

104 Commits

Author SHA1 Message Date
Jiajie Chen
c77489d524 libressl: fix build on aarch64-darwin
Apply upstream pr to fix endian.h detection on aarch64-darwin.

Fix issue #181187.
2022-07-12 22:38:23 +08:00
ajs124
a07161dd73 libressl: 3.5.2 -> 3.5.3 2022-07-06 23:40:39 +02:00
Sandro
9f357ca413
Merge pull request #172102 from SuperSandro2000/libressl 2022-05-09 12:01:16 +02:00
Sandro Jäckel
0d7637203e
libressl: remove weird and old man compression workaround 2022-05-09 11:16:58 +02:00
ajs124
489e27efa8 libressl_3_5: init at 3.5.2 2022-05-08 22:30:21 +01:00
Martin Weinelt
f4f3622cb1 Merge remote-tracking branch 'origin/staging-next' into staging 2022-03-20 00:00:32 +01:00
Franz Pletz
c836666218
libressl_3_2: drop, unmaintained 2022-03-15 18:43:02 +01:00
Franz Pletz
c201e773c6
libressl: 3.4.2 -> 3.4.3
Fixes CVE-2022-0778.
2022-03-15 18:40:07 +01:00
Maximilian Bosch
3aa6c49ab4
libressl: fix build w/glibc-2.34
Failing Hydra build: https://hydra.nixos.org/build/151984996
2022-02-27 10:25:36 +01:00
Izorkin
fac05cccc5
libressl: 3.4.1 -> 3.4.2 2022-01-06 09:32:25 +03:00
Jared Beller
40a19aca8e
libressl: patch tests to avoid using system shell 2021-11-02 23:09:12 -04:00
Jared Beller
494882232c
libressl: 3.4.0 -> 3.4.1, libressl_3_2: 3.2.5 -> 3.2.7 2021-10-19 11:57:28 -04:00
Jared Beller
bb9f3e73ac
libressl: fix pkg-config exec_prefix 2021-10-19 11:12:45 -04:00
Robert Scott
01cc988d96 libressl_3_2, libressl_3_4: add patch for CVE-2021-41581 2021-10-03 17:02:21 +01:00
Robert Scott
0f88e9ff05 libressl: enable tests 2021-10-03 17:01:52 +01:00
Robert Scott
6a709d4e69 libressl: 3.2.5 -> 3.4.0, leaving libressl_3_2 available 2021-10-03 15:59:22 +01:00
Samuel Ainsworth
ecf14039f6 libressl: remove vulnerable libressl_3_1 2021-08-14 02:10:03 +00:00
Masanori Ogino
59617f748e libressl_3_2: init at 3.2.5, libressl_3_1: 3.1.4 -> 3.1.5
Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
2021-03-17 23:48:00 +09:00
Masanori Ogino
556a725173 libressl_3_0: remove
Signed-off-by: Masanori Ogino <167209+omasanori@users.noreply.github.com>
2021-02-24 20:57:53 +09:00
Jan Tojnar
f19eb635b4
Merge branch 'master' into staging-next
b04fc593e7 seems to have accidentally changed mkDerivation function for dfilemanager and solarus-quest-editor so I have reverted that here.
2021-01-07 13:04:31 +01:00
John Ericson
5c2965145f treewide: Inline more of the static overlay
Picking up where #107238 left off. I think I'll have gotten all the easy
stuff with this.
2021-01-03 21:46:14 +00:00
Ben Siraphob
3ae5e6ce03 treewide: remove enableParallelBuilding = true if using cmake 2021-01-03 18:37:40 +07:00
Ruud van Asseldonk
b36dbcb23c libressl_3_1: 3.1.3 -> 3.1.4 2020-10-03 10:26:06 +02:00
Ruud van Asseldonk
7903e4b4e0 libressl_3_1: 3.1.2 -> 3.1.3 2020-06-16 21:01:49 +02:00
Ruud van Asseldonk
fd3f22f35d libressl_3_1: 3.1.1 -> 3.1.2 2020-05-26 19:23:00 +02:00
Ruud van Asseldonk
79865f4d88 libressl_2_9: remove, not maintained anymore
Stable LibreSSL releases are supported one year after their OpenBSD
release. OpenBSD 6.5 with the 2.9 branch was released on 2019-05-01.
2020-05-26 19:22:13 +02:00
Ruud van Asseldonk
5a287e7102 libressl_3_1: init at 3.1.1 2020-05-26 19:22:13 +02:00
Ruud van Asseldonk
671a1182e3 libressl_2_8: remove, not maintained anymore
Stable LibreSSL releases are supported one year after their OpenBSD release.
OpenBSD 6.4 with this branch was released on 2018-10-18.
2019-10-23 21:32:40 +02:00
Ruud van Asseldonk
1126db828f libressl_3_0: 3.0.1 -> 3.0.2 2019-10-23 19:08:55 +02:00
Matthew Bauer
6a87355211
Merge branch 'master' into libressl-static 2019-10-15 12:55:16 -04:00
Franz Pletz
da20b8a7f6
libressl: fix libdir in pkgconfig files
Fix #71107.
2019-10-14 11:32:26 +02:00
Franz Pletz
a86f16d864
libressl_3_0: 3.0.0 -> 3.0.1 2019-10-14 11:32:25 +02:00
Matthew Bauer
37744d2c36 libressl: add static override 2019-09-19 12:38:08 -04:00
Matthew Bauer
8f01848075 libressl: support musl in libressl 2.9.2 2019-09-19 12:38:08 -04:00
Dima
044f771d59 libressl: fixing nc for version>=2.9
This addresses https://github.com/NixOS/nixpkgs/issues/68286

When `-R` (CA file location) is not specified, nc tries to fall back to
a default location. In 2.8 this was still configurable at compile time,
but was changed somewhere after. This replaces `/etc/ssl/cert.pem`
with `${cacert}/etc/ssl/cert.pem` in the code directly.

For a discussion of this, see https://github.com/NixOS/nixpkgs/pull/68456
2019-09-17 23:08:43 +02:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
Matthew Bauer
856d10a9b8
Merge pull request #66454 from ruuda/libcrypto-noexecstack
libressl: build libcrypto with noexecstack
2019-08-21 14:11:08 -04:00
Ruud van Asseldonk
fdd78a5387 libressl: use CFLAGS to avoid exectuable stack
It turns out that libcrypto had an exectuable stack, because it linked
some objects without a .note.GNU-stack section. Compilers add this
section by default, but the objects produced from .S files did not
contain it. The .S files do include a directive to add the section, but
guarded behind an #ifdef HAVE_GNU_STACK. So define HAVE_GNU_STACK, to
ensure that all objects have a .note.GNU-stack section.
2019-08-21 00:16:08 +02:00
Robin Gloster
4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
Ruud van Asseldonk
bc185504ca libressl_3_0: init at 3.0.0 2019-08-20 08:50:57 -05:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Ruud van Asseldonk
c02b4a1cc8 libressl: do not set noexecstack on Darwin at all
It is not needed on Darwin. [1] Thanks Matthew for explaining this.

[1]: https://github.com/NixOS/nixpkgs/pull/66454#issuecomment-520970986
2019-08-13 22:20:16 +02:00
Ruud van Asseldonk
b3c613b9aa libressl: fix noexecstack on Darwin
The flags to disable executable stacks are different for Clang and GCC,
and Clang is used on Darwin.
2019-08-11 20:34:57 +02:00
Ruud van Asseldonk
8b6a9202e7 libressl: build libcrypto with noexecstack
For some reasons, libcrypto would be built with the executable stack
flag set. I found out about this when Nginx failed to load the shared
library, because I was running it with MemoryDenyWriteExecute=true,
which does not permit executable stacks.

I am not sure why the stack ends up executable; the other shared
libraries which are part of LibreSSL do not have this flag set. You can
verify this with 'execstack -q'. Non-executable stacks should be the
default, and from checking some other files, that does appear to be the
case. The LibreSSL sources do not contain the string "execstack", so
I am not sure what causes the default to be overridden.

Adding '-z noexecstack' to the linker flags makes the linker unset the
flag. Now my Nginx can load the library, and so far I have not run into
other issues.
2019-08-10 22:21:57 +02:00
Bas van Dijk
4099a9ad38 libressl: add openssl license
LibreSSL is also licensed under the OpenSSL license. See:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libssl/LICENSE?rev=1.12&content-type=text/plain
2019-06-24 10:16:02 +02:00
Franz Pletz
cea163252a
libressl_2_7: remove, not maintained anymore
Stable LibreSSL releases are supported one year after their OpenBSD release.
OpenBSD 6.3 with this branch was released on 2018-04-01.
2019-06-02 19:52:04 +02:00
Izorkin
67709c3c1b libressl_2_9: 2.9.1 -> 2.9.2 2019-06-01 16:08:01 +00:00
Ruud van Asseldonk
5f594be463 libressl: ensure we can link against libtls
Without setting BUILD_SHARED_LIBS, the package would build file, but
when linking it into acme-client or nginx, I got the following error:

    libressl-2.9.1/lib/libtls.a(tls.c.o): undefined reference to symbol 'pthread_once@@GLIBC_2.2.5'
    binutils-2.31.1/bin/ld: glibc-2.27/lib/libpthread.so.0: error adding symbols: DSO missing from command line
    collect2: error: ld returned 1 exit status

After looking at the CMakeLists.txt in libressl/tls, I noticed the
BUILD_SHARED_LIBS option, and setting it resolves the linking error.
2019-05-04 18:40:21 +02:00
Ruud van Asseldonk
8c7cde5df2 libressl: build with cmake
LibreSSL 2.9.1 no longer builds with the default autotools configuration.
When I searched for the error, I noticed that Buildroot ran into the
same issue, and they resolved the problem by building with CMake rather
than autotools. [1] I followed the same approach here.

[1]: e783d60473
2019-05-04 15:55:14 +02:00
Ruud van Asseldonk
3415872fe4 libressl_2_9: 2.9.0 -> 2.9.1
This new version does not build as-is, it will need to be patched.
2019-05-04 15:07:34 +02:00