From 226f3574fbd590c7f35c7265f9cb27996070ce3b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 19 Sep 2023 16:03:05 +0200 Subject: openssl: 3.0.10 -> 3.0.11 https://github.com/openssl/openssl/blob/openssl-3.0/NEWS.md#major-changes-between-openssl-3010-and-openssl-3011-19-sep-2023 Fixes CVE-2023-4807 --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/development/libraries/openssl/default.nix') diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 2be34feeaa8..2b0d778ef3d 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -255,8 +255,8 @@ in { }; openssl_3 = common { - version = "3.0.10"; - sha256 = "sha256-F2HU9bE6ECi5tvPUuOF/6wztyTcPav5h1xk9LNzoMyM="; + version = "3.0.11"; + sha256 = "sha256-s0JdO7SiIY0Gl+tB9/wM3t4BbtGcpJ0Wi3jo2UeIf1U="; patches = [ ./3.0/nix-ssl-cert-file.patch -- cgit 1.4.1 From 5a881224c5cd34deb1f2f8e24140866e66b310fc Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Sat, 22 Jul 2023 21:49:30 +0200 Subject: openssl_3_1: init at 3.1.1 OpenSSL 3.1 is the most recent release to develop against, while OpenSSL 3.0 is a LTS release, most developers should probably choose now (see: https://github.com/openssl/openssl/issues/20722). Add OpenSSL 3.1.1 in order to allow development against this version with Nix. Currently OpenSSL 3.0 and 3.1 are independent release lines. Signed-off-by: Markus Theil --- pkgs/development/libraries/openssl/default.nix | 22 ++++++++++++++++++++++ pkgs/top-level/all-packages.nix | 3 ++- 2 files changed, 24 insertions(+), 1 deletion(-) (limited to 'pkgs/development/libraries/openssl/default.nix') diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 2b0d778ef3d..ca10574be3f 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -275,4 +275,26 @@ in { license = licenses.asl20; }; }; + + openssl_3_1 = common { + version = "3.1.1"; + sha256 = "sha256-s6phM0IzuFK2PdsEjfGBF3wsZZ651DdgCBGPnAjQdnQ="; + patches = [ + ./3.0/nix-ssl-cert-file.patch + + # openssl will only compile in KTLS if the current kernel supports it. + # This patch disables build-time detection. + ./3.0/openssl-disable-kernel-detection.patch + + (if stdenv.hostPlatform.isDarwin + then ./use-etc-ssl-certs-darwin.patch + else ./use-etc-ssl-certs.patch) + ]; + + withDocs = true; + + extraMeta = with lib; { + license = licenses.asl20; + }; + }; } diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 90f1baa4973..6f4764f3d7b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24578,7 +24578,8 @@ with pkgs; inherit (callPackages ../development/libraries/openssl { }) openssl_1_1 - openssl_3; + openssl_3 + openssl_3_1; opensubdiv = callPackage ../development/libraries/opensubdiv { }; -- cgit 1.4.1 From 1bd767f56b3bd666721f0f1ae90328406dcfee37 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Tue, 25 Jul 2023 17:31:27 +0200 Subject: openssl: use hash, add thillux as maintainer Signed-off-by: Markus Theil --- pkgs/development/libraries/openssl/default.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'pkgs/development/libraries/openssl/default.nix') diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index ca10574be3f..3a420168f0d 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -18,14 +18,14 @@ # files. let - common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }: + common = { version, hash, patches ? [], withDocs ? false, extraMeta ? {} }: stdenv.mkDerivation (finalAttrs: { pname = "openssl"; inherit version; src = fetchurl { url = "https://www.openssl.org/source/${finalAttrs.pname}-${version}.tar.gz"; - inherit sha256; + inherit hash; }; inherit patches; @@ -222,6 +222,7 @@ let description = "A cryptographic library that implements the SSL and TLS protocols"; license = licenses.openssl; mainProgram = "openssl"; + maintainers = with maintainers; [ thillux ]; pkgConfigModules = [ "libcrypto" "libssl" @@ -238,7 +239,7 @@ in { # and backport this to stable release (23.05). openssl_1_1 = common { version = "1.1.1w"; - sha256 = "sha256-zzCYlQy02FOtlcCEHx+cbT3BAtzPys1SHZOSUgi3asg="; + hash = "sha256-zzCYlQy02FOtlcCEHx+cbT3BAtzPys1SHZOSUgi3asg="; patches = [ ./1.1/nix-ssl-cert-file.patch @@ -256,7 +257,7 @@ in { openssl_3 = common { version = "3.0.11"; - sha256 = "sha256-s0JdO7SiIY0Gl+tB9/wM3t4BbtGcpJ0Wi3jo2UeIf1U="; + hash = "sha256-s0JdO7SiIY0Gl+tB9/wM3t4BbtGcpJ0Wi3jo2UeIf1U="; patches = [ ./3.0/nix-ssl-cert-file.patch @@ -278,7 +279,7 @@ in { openssl_3_1 = common { version = "3.1.1"; - sha256 = "sha256-s6phM0IzuFK2PdsEjfGBF3wsZZ651DdgCBGPnAjQdnQ="; + hash = "sha256-s6phM0IzuFK2PdsEjfGBF3wsZZ651DdgCBGPnAjQdnQ="; patches = [ ./3.0/nix-ssl-cert-file.patch -- cgit 1.4.1 From 9cf9b9d897faa0ad9322a764c823cd5f2126ec63 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Tue, 1 Aug 2023 17:41:37 +0200 Subject: openssl_3_1: 3.1.1 -> 3.1.2 Signed-off-by: Markus Theil --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/development/libraries/openssl/default.nix') diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 3a420168f0d..7e5ab95d74e 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -278,8 +278,8 @@ in { }; openssl_3_1 = common { - version = "3.1.1"; - hash = "sha256-s6phM0IzuFK2PdsEjfGBF3wsZZ651DdgCBGPnAjQdnQ="; + version = "3.1.2"; + hash = "sha256-oM5puLl+pqNblodSNapFO5Zro8uory3iNlfYtnZ9ZTk="; patches = [ ./3.0/nix-ssl-cert-file.patch -- cgit 1.4.1 From f5449675faa50feee5365ff9e24f7cedb1ce8be1 Mon Sep 17 00:00:00 2001 From: Markus Theil Date: Sun, 24 Sep 2023 18:55:18 +0200 Subject: openssl_3_1: 3.1.2 -> 3.1.3 Signed-off-by: Markus Theil --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/development/libraries/openssl/default.nix') diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 7e5ab95d74e..9ae20a0e2e4 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -278,8 +278,8 @@ in { }; openssl_3_1 = common { - version = "3.1.2"; - hash = "sha256-oM5puLl+pqNblodSNapFO5Zro8uory3iNlfYtnZ9ZTk="; + version = "3.1.3"; + hash = "sha256-8DFqLr2J5/I1KXZEVFhon4AwIJN4jEZmkvsqGIsurPY="; patches = [ ./3.0/nix-ssl-cert-file.patch -- cgit 1.4.1 From 97c9e3ab780b08c2804dc1a81f88f1887d200182 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 24 Oct 2023 16:07:47 +0200 Subject: openssl_3: 3.0.11 -> 3.0.12 https://github.com/openssl/openssl/blob/openssl-3.0.12/NEWS.md Fixes: CVE-2023-5363 --- pkgs/development/libraries/openssl/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'pkgs/development/libraries/openssl/default.nix') diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 9ae20a0e2e4..8eaa5ddc2eb 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -256,8 +256,9 @@ in { }; openssl_3 = common { - version = "3.0.11"; - hash = "sha256-s0JdO7SiIY0Gl+tB9/wM3t4BbtGcpJ0Wi3jo2UeIf1U="; + version = "3.0.12"; + hash = "sha256-+Tyejt3l6RZhGd4xdV/Ie0qjSGNmL2fd/LoU0La2m2E="; + patches = [ ./3.0/nix-ssl-cert-file.patch @@ -280,6 +281,7 @@ in { openssl_3_1 = common { version = "3.1.3"; hash = "sha256-8DFqLr2J5/I1KXZEVFhon4AwIJN4jEZmkvsqGIsurPY="; + patches = [ ./3.0/nix-ssl-cert-file.patch -- cgit 1.4.1 From eb016c821acf6f2ffed30dc686691a7c6b0450d3 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 24 Oct 2023 16:12:38 +0200 Subject: openssL_3_1: 3.1.3 -> 3.1.4 https://github.com/openssl/openssl/blob/openssl-3.1.4/NEWS.md Fixes: CVE-2023-5363 --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'pkgs/development/libraries/openssl/default.nix') diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 8eaa5ddc2eb..efc2f480f3f 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -279,8 +279,8 @@ in { }; openssl_3_1 = common { - version = "3.1.3"; - hash = "sha256-8DFqLr2J5/I1KXZEVFhon4AwIJN4jEZmkvsqGIsurPY="; + version = "3.1.4"; + hash = "sha256-hAr1Nmq5tSK95SWCa+PvD7Cvgcap69hMqmAP6hcx7uM="; patches = [ ./3.0/nix-ssl-cert-file.patch -- cgit 1.4.1 From 0fa664e76c326762db5e384f1ea7b8c23bb64c6a Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 24 Oct 2023 16:20:31 +0200 Subject: openssl: set up meta.changelog --- pkgs/development/libraries/openssl/default.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'pkgs/development/libraries/openssl/default.nix') diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index efc2f480f3f..3aeafccb1ed 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -219,6 +219,7 @@ let meta = with lib; { homepage = "https://www.openssl.org/"; + changelog = "https://github.com/openssl/openssl/blob/openssl-${version}/CHANGES.md"; description = "A cryptographic library that implements the SSL and TLS protocols"; license = licenses.openssl; mainProgram = "openssl"; -- cgit 1.4.1