diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-11-01 16:37:18 +0100 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-11-01 16:44:23 +0100 |
commit | eeca5969b3f42ac943639aaec503816f053e5e53 (patch) | |
tree | 70ad23f5fd0c54cd36ee6147b9124c2fdc5f92b2 /pkgs/development/libraries | |
parent | 2088dd42690bb5e6e845e4ac9d1d8bc6946ed3b0 (diff) |
openssl: 3.0.5 -> 3.0.7
Fixes: CVE-2022-3786, CVE-2022-3602 Co-Authored-By: Andreas Schrägle <git@ajs124.de>
Diffstat (limited to 'pkgs/development/libraries')
-rw-r--r-- | pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch | 33 | ||||
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 4 |
2 files changed, 20 insertions, 17 deletions
diff --git a/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch b/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch index baf162e88d09f..04585565a331a 100644 --- a/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch +++ b/pkgs/development/libraries/openssl/3.0/openssl-disable-kernel-detection.patch @@ -1,22 +1,25 @@ diff --git a/Configure b/Configure -index f0ad787bc4..a48d2008c6 100755 +index a558e5ab1a..9a884f0b0f 100755 --- a/Configure +++ b/Configure -@@ -1688,17 +1688,6 @@ unless ($disabled{devcryptoeng}) { +@@ -1714,20 +1714,6 @@ unless ($disabled{devcryptoeng}) { + unless ($disabled{ktls}) { $config{ktls}=""; - if ($target =~ m/^linux/) { -- my $usr = "/usr/$config{cross_compile_prefix}"; -- chop($usr); -- if ($config{cross_compile_prefix} eq "") { -- $usr = "/usr"; -- } -- my $minver = (4 << 16) + (13 << 8) + 0; -- my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`); -- -- if ($verstr[2] < $minver) { +- my $cc = $config{CROSS_COMPILE}.$config{CC}; +- if ($target =~ m/^linux/) { +- system("printf '#include <sys/types.h>\n#include <linux/tls.h>' | $cc -E - >/dev/null 2>&1"); +- if ($? != 0) { - disable('too-old-kernel', 'ktls'); - } - } elsif ($target =~ m/^BSD/) { - my $cc = $config{CROSS_COMPILE}.$config{CC}; - system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1"); +- } elsif ($target =~ m/^BSD/) { +- system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1"); +- if ($? != 0) { +- disable('too-old-freebsd', 'ktls'); +- } +- } else { +- disable('not-linux-or-freebsd', 'ktls'); +- } + } + + push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls}); diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 78cc680c7be50..12f48aaaa39a1 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -228,8 +228,8 @@ in { }; openssl_3 = common { - version = "3.0.5"; - sha256 = "sha256-qn2Nm+9xrWUlxVuhHl9Dl4ic5Jwsk0nc6m0+TwsCSno="; + version = "3.0.7"; + sha256 = "sha256-gwSdBComDmlvYkBqxcCL9wb9hDg/lFzyG9YentlcOW4="; patches = [ ./3.0/nix-ssl-cert-file.patch |