3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

285 commits

Author SHA1 Message Date
Vladimír Čunát 7cda2823be
openssl_1_0_2: mark as insecure; fixes #77503 (kinda)
No vulnerabilities are know so far (to me), but still I'd go this way.
Especially for 20.03 it seems better to deprecate it before official
release happens.

Current casualties:
$ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^
Estimating rebuild amount by counting changed Hydra jobs.
     87 x86_64-darwin
    161 x86_64-linux
2020-02-21 18:49:16 +01:00
Vladimír Čunát 5a8000dc05
openssl: revert a workaround that's no longer needed
Thanks to python3Minimal.  This reverts part of c2038483f #79738.
2020-02-14 13:22:44 +01:00
Vladimír Čunát c2038483fd
glibc, openssl: unbreak cross eval (with minor caveats)
It's certainly better to have those two caveats than not evaluate.
Both seem rather niche.  Unfortunately I failed to find a better way.
I started testing builds of several cross variants; all seem OK.
2020-02-10 15:52:20 +01:00
Antonio Nuno Monteiro 4b34c18e31 pkgsStatic: make OpenSSL 1.1 compile (#77542)
* pkgsStatic: make OpenSSL 1.1 compile
2020-01-16 20:02:38 +01:00
Matthew Bauer f23ad86d6f openssl: don’t separate debug info on useLLVM
fixes #77779
2020-01-15 13:16:10 -05:00
Jörg Thalheim 00a2084a40 openssl: fix build linux with clangStdenv 2020-01-14 22:08:15 +01:00
Vladimír Čunát e4c89a66fe
openssl_1_0_2: 1.0.2t -> 1.0.2u (low-severity security)
Fixes #77266: CVE-2019-1551
https://www.openssl.org/news/secadv/20191206.txt

(cherry picked from commit 961d0cf9f5)
Oops - I realized too late that the rebuild amount is minimal,
so why not have it immediately in master.
2020-01-11 10:25:38 +01:00
John Ericson 6a4726d602
Merge pull request #68398 from angerman/feature/fix-openssl
fix openssl for cross compilation
2019-10-26 09:39:32 +02:00
Frederik Rietdijk af491cbb7d openssl: use old method for configuring on i686, fixes #71786
unbreaks pkgsi686Linux.openssl_1_0_2
2019-10-23 15:54:07 +02:00
Ding Xiang Fei 703e44675c openssl: switch to linux-x86 and linux-x86_64 targets 2019-10-22 09:31:34 +02:00
Moritz Angermann 2df354fd1e
fix openssl 2019-10-17 21:54:16 +08:00
Moritz Angermann 8b393304b1
[win32] fix openssl 2019-10-17 21:54:15 +08:00
Vladimír Čunát 22a216849b
Re-Revert "Merge branch 'staging-next'"
This reverts commit f8a8fc6c7c.
2019-09-22 09:38:09 +02:00
Vladimír Čunát f8a8fc6c7c
Revert "Merge branch 'staging-next'"
This reverts commit 41af38f372, reversing
changes made to f0fec244ca.

Let's delay this.  We have some serious regressions.
2019-09-21 20:05:09 +02:00
Andreas Rammhold 20c7a35429
openssl_1_0_2: fixup sha256 2019-09-11 13:48:31 +02:00
Andreas Rammhold d49fb86b1b
openssl: 1.1.1c -> 1.1.1d
(cherry picked from commit 76d54c72ac)
2019-09-10 21:22:50 +02:00
Andreas Rammhold 5d5cd70516
openssl_1_0_2: 1.0.2s -> 1.0.2t
(cherry picked from commit aa6327c29c)
2019-09-10 21:22:47 +02:00
Guillaume Maudoux 92b96ce63f openssl: fix man pages collisions (#66317) 2019-08-31 08:23:39 -04:00
volth 08f68313a4 treewide: remove redundant rec 2019-08-28 11:07:32 +00:00
volth 35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
volth c814d72b51 treewide: name -> pname 2019-08-17 10:54:38 +00:00
volth 46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
volth f3282c8d1e treewide: remove unused variables (#63177)
* treewide: remove unused variables

* making ofborg happy
2019-06-16 19:59:05 +00:00
Will Dietz 642c9a7e74
Revert "openssl: fix CVE-2019-1543"
This reverts commit aae4c114a4.
2019-05-29 07:54:00 -05:00
Will Dietz f6297de3bc
openssl: 1.1.1b -> 1.1.1c
https://mta.openssl.org/pipermail/openssl-announce/2019-May/000153.html
2019-05-28 19:04:31 -05:00
Will Dietz c83b9bb6aa
openssl: 1.0.2r -> 1.0.2s
https://mta.openssl.org/pipermail/openssl-announce/2019-May/000151.html
2019-05-28 19:04:25 -05:00
Tom Bereknyei aae4c114a4 openssl: fix CVE-2019-1543
Closes https://github.com/NixOS/nixpkgs/pull/61827.
Fixes https://github.com/NixOS/nixpkgs/issues/60107.
2019-05-22 17:06:49 +02:00
Alyssa Ross fed0926960
openssl_1_1: 1.1.1a -> 1.1.1b 2019-02-26 16:35:27 +00:00
Alyssa Ross 9c94d74836
openssl: 1.0.2q -> 1.0.2r 2019-02-26 16:33:06 +00:00
Vladimír Čunát 6f61d8b0f6
openssl_1_1: use the same default CA path as 1.0.*
Fixes https://github.com/NixOS/nixpkgs/issues/54437
2019-01-21 21:15:42 +01:00
Andrew Dunham 14087abe6a
openssl_1_1: Add "doc" output to contain HTML documentation
This prevents cluttering up openssl_1_1.out with many megabytes of
documentation.

Fixes #51659
2018-12-09 14:49:00 +00:00
Frederik Rietdijk c1792242ef Merge staging-next into staging 2018-11-24 10:44:50 +01:00
Daniel Goertzen e8bce19aea openssl: fix cross compile (perl)
Fixes issue #50921. Build result was depending on build perl instead of
host perl which broke cross compilation.
2018-11-23 10:37:54 +01:00
Jan Malakhovski 7c48015019 openssl: fix cryptodev fallout from d836b811cb 2018-11-22 09:45:34 +00:00
Alyssa Ross d012516c44
openssl_1_1: 1.1.1 -> 1.1.1a
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-0735: https://www.openssl.org/news/vulnerabilities.html#2018-0735
2018-11-20 16:52:22 +00:00
Alyssa Ross ae29a9e688
openssl: 1.0.2p -> 1.0.2q
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-5407: https://www.openssl.org/news/vulnerabilities.html#2018-5407

No patches can any longer be shared between 1.0.2 and 1.1, so reorganize
patches into subdirectories (and remove an unused one).
2018-11-20 16:51:48 +00:00
Renaud de8f3b422a
Merge pull request #47953 from lopsided98/openssl-arm
openssl: don't autodetect platform on armv6/7l
2018-10-28 14:08:02 +01:00
Markus Kowalewski 598ed197db
openssl-chacha: add license 2018-10-25 23:10:00 +02:00
Ben Wolsieffer d3ba32e117 openssl: don't autodetect platform on armv6/7l 2018-10-05 22:46:45 -04:00
Alyssa Ross 1ec301ded2 openssl: 1.1.0 -> 1.1.1 (#46524) 2018-09-12 23:56:08 +00:00
John Ericson 0828e2d8c3 treewide: Remove usage of remaining redundant platform compatability stuff
Want to get this out of here for 18.09, so it can be deprecated
thereafter.
2018-08-30 17:20:32 -04:00
Vladimír Čunát 153a19df05
Merge branch 'master' into staging-next
Hydra: ?compare=1474536
2018-08-20 09:15:33 +02:00
Markus Kowalewski 4ba295b797
openssl: add license 2018-08-18 00:05:21 +02:00
Vladimír Čunát 14aa936ec5
Merge branch 'staging-next' into staging 2018-08-17 20:53:27 +02:00
Andreas Rammhold 98a7b92261
openssl_1_0_2: 1.0.2o -> 1.0.2p
this addresses:
 - Client DoS due to large DH parameter (CVE-2018-0732)
 - Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)

Changelog: https://www.openssl.org/news/cl102.txt
2018-08-15 21:35:23 +02:00
Andreas Rammhold 0a40875439
openssl_1_1_0: 1.1.0h -> 1.1.0i
this addresses:
 - Client DoS due to large DH parameter (CVE-2018-0732)
 - Cache timing vulnerability in RSA Key Generation (CVE-2018-0737)

Changelog: https://www.openssl.org/news/changelog.html#x1
2018-08-15 21:12:00 +02:00
Jan Malakhovski 7ea0904347 openssl: fix tests, also cleanup 2018-08-10 12:56:34 +00:00
Franz Pletz 459a34ce5f
openssl_1_1_0: add patch to fix c_rehash quoting 2018-08-06 22:49:29 +02:00
Matthew Bauer 4639d55562
Merge pull request #43870 from nh2/static-krb5-openssl-flags
Optional static libraries for krb5 and openssl
2018-07-23 17:31:24 -04:00
Matthew Bauer 916f096911
Merge pull request #43890 from matthewbauer/mingw-fixes
Mingw fixes
2018-07-21 17:04:20 -04:00