3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

63 commits

Author SHA1 Message Date
Ruud van Asseldonk c02b4a1cc8 libressl: do not set noexecstack on Darwin at all
It is not needed on Darwin. [1] Thanks Matthew for explaining this.

[1]: https://github.com/NixOS/nixpkgs/pull/66454#issuecomment-520970986
2019-08-13 22:20:16 +02:00
Ruud van Asseldonk b3c613b9aa libressl: fix noexecstack on Darwin
The flags to disable executable stacks are different for Clang and GCC,
and Clang is used on Darwin.
2019-08-11 20:34:57 +02:00
Ruud van Asseldonk 8b6a9202e7 libressl: build libcrypto with noexecstack
For some reasons, libcrypto would be built with the executable stack
flag set. I found out about this when Nginx failed to load the shared
library, because I was running it with MemoryDenyWriteExecute=true,
which does not permit executable stacks.

I am not sure why the stack ends up executable; the other shared
libraries which are part of LibreSSL do not have this flag set. You can
verify this with 'execstack -q'. Non-executable stacks should be the
default, and from checking some other files, that does appear to be the
case. The LibreSSL sources do not contain the string "execstack", so
I am not sure what causes the default to be overridden.

Adding '-z noexecstack' to the linker flags makes the linker unset the
flag. Now my Nginx can load the library, and so far I have not run into
other issues.
2019-08-10 22:21:57 +02:00
Bas van Dijk 4099a9ad38 libressl: add openssl license
LibreSSL is also licensed under the OpenSSL license. See:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libssl/LICENSE?rev=1.12&content-type=text/plain
2019-06-24 10:16:02 +02:00
Franz Pletz cea163252a
libressl_2_7: remove, not maintained anymore
Stable LibreSSL releases are supported one year after their OpenBSD release.
OpenBSD 6.3 with this branch was released on 2018-04-01.
2019-06-02 19:52:04 +02:00
Izorkin 67709c3c1b libressl_2_9: 2.9.1 -> 2.9.2 2019-06-01 16:08:01 +00:00
Ruud van Asseldonk 5f594be463 libressl: ensure we can link against libtls
Without setting BUILD_SHARED_LIBS, the package would build file, but
when linking it into acme-client or nginx, I got the following error:

    libressl-2.9.1/lib/libtls.a(tls.c.o): undefined reference to symbol 'pthread_once@@GLIBC_2.2.5'
    binutils-2.31.1/bin/ld: glibc-2.27/lib/libpthread.so.0: error adding symbols: DSO missing from command line
    collect2: error: ld returned 1 exit status

After looking at the CMakeLists.txt in libressl/tls, I noticed the
BUILD_SHARED_LIBS option, and setting it resolves the linking error.
2019-05-04 18:40:21 +02:00
Ruud van Asseldonk 8c7cde5df2 libressl: build with cmake
LibreSSL 2.9.1 no longer builds with the default autotools configuration.
When I searched for the error, I noticed that Buildroot ran into the
same issue, and they resolved the problem by building with CMake rather
than autotools. [1] I followed the same approach here.

[1]: e783d60473
2019-05-04 15:55:14 +02:00
Ruud van Asseldonk 3415872fe4 libressl_2_9: 2.9.0 -> 2.9.1
This new version does not build as-is, it will need to be patched.
2019-05-04 15:07:34 +02:00
Jörg Thalheim b5c1deca8a
treewide: remove wkennington as maintainer
He prefers to contribute to his own nixpkgs fork triton.
Since he is still marked as maintainer in many packages
this leaves the wrong impression he still maintains those.
2019-01-26 10:05:32 +00:00
Franz Pletz 51c8e01676
libressl_2_9: init at 2.9.0 2018-12-18 00:09:00 +01:00
Franz Pletz 949dc60acc
libressl_2_8: 2.8.2 -> 2.8.3 2018-12-18 00:08:59 +01:00
Franz Pletz b7254b6b2c
libressl_2_7: 2.7.4 -> 2.7.5 2018-12-18 00:08:59 +01:00
Franz Pletz 5911d54457
libressl_2_6: remove, not maintained anymore 2018-12-18 00:08:58 +01:00
R. RyanTM d888c03784 libressl_2_8: 2.8.1 -> 2.8.2 (#49293)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libressl/versions
2018-10-27 20:11:48 -04:00
R. RyanTM 807d73c391 libressl_2_8: 2.8.0 -> 2.8.1
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libressl/versions
2018-10-03 11:58:32 -05:00
Markus Kowalewski 7dceb84419
libressl: add licenses 2018-08-17 22:15:45 +02:00
Austin Seipp 078da082b6 libressl: add 2.8.0
This does not remove any prior versions: LibreSSL versions are
maintained for a year after their corresponding OpenBSD branch is tagged
for release:

   - v2.6.x, part of OpenBSD 6.2-release, Nov 2017 (EOL: Nov 2018)
   - v2.7.x, part of OpenBSD 6.3-release, Apr 2018 (EOL: Apr 2019)
   - v2.8.x, expected OpenBSD 6.4-release, ETA Sep 2018 (EOL: Sep 2019)

This also does not change the default version: the stable branch remains
2.7.x, and 2.8.0 is the newest released development version. 2.8 can
become the default after OpenBSD-6.4

Closes #44760 (as it's redundant).

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-08-08 18:59:22 -05:00
Franz Pletz 26501a9bf9
libressl_2_6: 2.6.4 -> 2.6.5 2018-06-19 18:07:40 +02:00
Franz Pletz 96a2217e92
libressl_2_5: remove, unmaintained 2018-06-19 18:07:40 +02:00
R. RyanTM c2867828bb libressl: 2.7.3 -> 2.7.4
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/libressl/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/2sj5bh1lwzls0vc31v2fhxaw648n0i9v-libressl-2.7.4-bin/bin/ocspcheck had a zero exit code or showed the expected version
- /nix/store/2sj5bh1lwzls0vc31v2fhxaw648n0i9v-libressl-2.7.4-bin/bin/openssl passed the binary check.
- 1 of 2 passed binary check by having a zero exit code.
- 1 of 2 passed binary check by having the new version present in output.
- found 2.7.4 with grep in /nix/store/2sj5bh1lwzls0vc31v2fhxaw648n0i9v-libressl-2.7.4-bin
- directory tree listing: https://gist.github.com/e28b9d47b987d9408427c7ec06e3b9fb
- du listing: https://gist.github.com/0d61c26c272780f10c5ce5359fb79bc7
2018-06-19 16:06:15 +00:00
Ruud van Asseldonk 3e293b2dc3 libressl: use https url in metadata 2018-05-13 15:26:34 +02:00
Ruud van Asseldonk 4371e5be0b libressl_2_7: init at 2.7.3 2018-05-13 15:25:24 +02:00
Matthew Justin Bauer e8672c8b37
libressl: fix eval 2018-04-29 15:14:34 -05:00
Matthew Bauer c2148482c2 libressl: move netcat stuff to '.nc' output
I still feel weird about doing this because it seems a little hacky
but this was requested by @Mic92 and seems understandable to not want
to mix up libressl outputs with netcat stuff.
2018-04-29 14:47:12 -05:00
Matthew Bauer 949bb98872 libressl: build netcat 2018-04-27 19:33:05 -05:00
Robin Gloster 1729c65736
libressl_2_6: 2.6.2 -> 2.6.4 2018-01-17 00:10:07 +01:00
Franz Pletz 4d7d5c8c34
libressl_2_6: 2.6.0 -> 2.6.2 2017-09-26 17:28:46 +02:00
Franz Pletz 3e8a565a04
libressl: refactor, drop 2.4, 2.5.4 -> 2.5.5, init 2.6 2017-07-20 19:31:08 +02:00
Vladimír Čunát ed93e8e16b
libressl: work around some problem with man pages
https://github.com/NixOS/nixpkgs/commit/20ffc3cd73#commitcomment-22368612
2017-06-02 16:21:35 +02:00
Joachim Fasting e2bc4e4bde
libressl: 2.5.3 -> 2.5.4
Contains a fix for CVE-2017-8301: TLS verification vulnerability in
LibreSSL 2.5.1 - 2.5.3 [1][2]

[1]: http://seclists.org/oss-sec/2017/q2/145
[2]: https://github.com/libressl-portable/portable/issues/307
2017-05-05 07:37:48 +02:00
Franz Pletz 29ed67faea
libressl_2_5: 2.5.1 -> 2.5.3 2017-04-11 19:41:01 +02:00
Robin Gloster 2110d59fa1
libressl_2_5: 2.5.0 -> 2.5.1
security update, no CVE assigned AFAICS

/cc @grahamc
2017-02-02 00:26:47 +01:00
Robin Gloster 0b19f2f742
libressl_2_4: 2.4.4 -> 2.4.5
security update, no CVE assigned AFAICS

/cc @grahamc
2017-02-02 00:25:51 +01:00
Robin Gloster c466e31a0f
libressl_2_3: remove 2017-01-27 20:39:32 +01:00
Franz Pletz 52f1a37898
libressl_2_4: 2.4.3 -> 2.4.4 2016-11-09 20:02:45 +01:00
Franz Pletz ecfb8df7a7
libressl_2_3: 2.3.8 -> 2.3.9 2016-11-09 20:02:09 +01:00
Franz Pletz 8916ba141b
libressl_2_5: init at 2.5.0 2016-09-28 15:15:56 +02:00
Franz Pletz f749a16662
libressl_2_4: 2.4.2 -> 2.4.3 2016-09-28 15:15:55 +02:00
Franz Pletz 6b8aed6649
libressl_2_3: 2.3.7 -> 2.3.8 2016-09-28 15:15:55 +02:00
Tuomas Tynkkynen a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00
Franz Pletz 9cfcf90832 libressl: 2.3.6 -> 2.3.7, 2.4.1 -> 2.4.2
Version 2.2.x is removed because it is not maintained by upstream anymore.
2016-08-02 21:21:02 +02:00
Franz Pletz 8ace098f43 libressl_2_4: init at 2.4.1 2016-06-27 00:30:24 +02:00
Franz Pletz 4157f53bf1 libressl: 2.2.7 -> 2.2.9, 2.3.5 -> 2.3.6 2016-06-27 00:29:43 +02:00
Franz Pletz a0996c2c60 libressl: 2.3.4 -> 2.3.5 2016-06-09 17:37:29 +02:00
Franz Pletz 6d55b2e9c0 libressl: 2.2.6 -> 2.2.7, 2.3.3 -> 2.3.4
Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.

http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.7-relnotes.txt
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.3.4-relnotes.txt
2016-05-03 17:22:35 +02:00
Aneesh Agrawal 9fb0bf1335 libressl 2.2: enable multiple outputs 2016-04-15 10:43:04 -04:00
Aneesh Agrawal 60f97245a2 libressl 2.3: enable multiple outputs 2016-04-14 17:45:43 -04:00
Franz Pletz ebf21fd29e libressl_2_3: 2.3.2 -> 2.3.3 2016-03-29 04:55:14 +02:00
Robin Gloster edad608f56 libressl_2_3: 2.3.1 -> 2.3.2 2016-01-29 03:42:14 +00:00