diff options
author | Thomas Gerbet <thomas@gerbet.me> | 2022-11-02 17:17:03 +0100 |
---|---|---|
committer | Thomas Gerbet <thomas@gerbet.me> | 2022-11-02 17:17:03 +0100 |
commit | bbae16baa9cbb6a1bf1574bd272fc23a46c5217b (patch) | |
tree | 97545df7c6f8be326ff58cee725e780adc85e999 /pkgs/development/libraries | |
parent | 4b05cc6f66f5cd9e4c340467cf1c1d99954e76ca (diff) |
quictls: 3.0.5+quick_unstable-2022-07.05 -> 3.0.7+quic1
Fixes CVE-2022-3786 and CVE-2022-3602. See eeca5969b3f42ac943639aaec503816f053e5e53 and 70ca403dc22e97fb4b73ab74af29e1c8a1f45f69.
Diffstat (limited to 'pkgs/development/libraries')
-rw-r--r-- | pkgs/development/libraries/quictls/default.nix | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/pkgs/development/libraries/quictls/default.nix b/pkgs/development/libraries/quictls/default.nix index 22981bfef7af4..cd0ae4d3eef42 100644 --- a/pkgs/development/libraries/quictls/default.nix +++ b/pkgs/development/libraries/quictls/default.nix @@ -12,13 +12,13 @@ stdenv.mkDerivation rec { pname = "quictls"; - version = "3.0.5+quick_unstable-2022-07.05"; + version = "3.0.7+quic1"; src = fetchFromGitHub { owner = "quictls"; repo = "openssl"; - rev = "75e940831d0570d6b020cfebf128ae500f424867"; - sha256 = "sha256-1HBGKafcCbM0RZWLvyl3vpSfGBsAcGDgjz1Nm/qclWM="; + rev = "openssl-${version}"; + sha256 = "sha256-ZRS0ZV+/U4PD2lVE+PsUAWSuk5EFg5mOKYlwgY3Ecus="; }; patches = [ @@ -108,6 +108,9 @@ stdenv.mkDerivation rec { "-DUSE_CRYPTODEV_DIGESTS" ] ++ lib.optional enableSSL2 "enable-ssl2" ++ lib.optional enableSSL3 "enable-ssl3" + # We select KTLS here instead of the configure-time detection (which we patch out). + # KTLS should work on FreeBSD 13+ as well, so we could enable it if someone tests it. + ++ lib.optional (stdenv.isLinux && lib.versionAtLeast version "3.0.0") "enable-ktls" ++ lib.optional stdenv.hostPlatform.isAarch64 "no-afalgeng" # OpenSSL needs a specific `no-shared` configure flag. # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options |