diff options
| author | Fabián Heredia Montiel <303897+fabianhjr@users.noreply.github.com> | 2023-09-14 11:35:26 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-09-14 11:35:26 -0600 |
| commit | c5aab69eaafe229f15dc198eb8fde5f65e6c688b (patch) | |
| tree | ff0501cb9d5b86811876438064a4d76dc1b2daab /pkgs | |
| parent | fb0fd7a13fc377af080307e8e70c452b6b69b169 (diff) | |
| parent | 93840b48780adc5cee3c7259a2440d756f6bf32c (diff) | |
Merge pull request #254574 from helsinki-systems/upd/openssl_1_1
openssl_1_1: 1.1.1v -> 1.1.1w
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch | 44 | ||||
| -rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 7 | ||||
| -rw-r--r-- | pkgs/top-level/release.nix | 2 |
3 files changed, 3 insertions, 50 deletions
diff --git a/pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch b/pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch deleted file mode 100644 index 7312b41fc7403..0000000000000 --- a/pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 4bfac4471f53c4f74c8d81020beb938f92d84ca5 Mon Sep 17 00:00:00 2001 -From: Bernd Edlinger <bernd.edlinger@hotmail.de> -Date: Tue, 22 Aug 2023 16:07:30 +0200 -Subject: [PATCH] Avoid clobbering non-volatile XMM registers - -This affects some Poly1305 assembler functions -which are only used for certain CPU types. - -Remove those functions for Windows targets, -as a simple interim solution. - -Fixes #21522 - -Reviewed-by: Tomas Mraz <tomas@openssl.org> -Reviewed-by: Paul Dale <pauli@openssl.org> -(Merged from https://github.com/openssl/openssl/pull/21808) - -(cherry picked from commit 7b8e27bc2e02238986d89ef0ece067ec1b48e165) ---- - crypto/poly1305/asm/poly1305-x86_64.pl | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl -index fa9bfb7a7b81..24bab9d0bcf9 100755 ---- a/crypto/poly1305/asm/poly1305-x86_64.pl -+++ b/crypto/poly1305/asm/poly1305-x86_64.pl -@@ -195,7 +195,7 @@ sub poly1305_iteration { - bt \$`5+32`,%r9 # AVX2? - cmovc %rax,%r10 - ___ --$code.=<<___ if ($avx>3); -+$code.=<<___ if ($avx>3 && !$win64); - mov \$`(1<<31|1<<21|1<<16)`,%rax - shr \$32,%r9 - and %rax,%r9 -@@ -2724,7 +2724,7 @@ sub poly1305_iteration { - .cfi_endproc - .size poly1305_blocks_avx512,.-poly1305_blocks_avx512 - ___ --if ($avx>3) { -+if ($avx>3 && !$win64) { - ######################################################################## - # VPMADD52 version using 2^44 radix. - # diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 93786881a5200..2318753405674 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -236,14 +236,11 @@ in { # the permitted insecure version to ensure it gets cached for our users # and backport this to stable release (23.05). openssl_1_1 = common { - version = "1.1.1v"; - sha256 = "sha256-1ml+KHHncjhGBALpNi1H0YOCsV758karpse9eA04prA="; + version = "1.1.1w"; + sha256 = "sha256-zzCYlQy02FOtlcCEHx+cbT3BAtzPys1SHZOSUgi3asg="; patches = [ ./1.1/nix-ssl-cert-file.patch - # https://www.openssl.org/news/secadv/20230908.txt - ./1.1/CVE-2023-4807.patch - (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) diff --git a/pkgs/top-level/release.nix b/pkgs/top-level/release.nix index a34b7e1ad5484..93f7ec0e8d9d3 100644 --- a/pkgs/top-level/release.nix +++ b/pkgs/top-level/release.nix @@ -26,7 +26,7 @@ # for no real reason. # Remove them for 23.11. "nodejs-16.20.2" - "openssl-1.1.1v" + "openssl-1.1.1w" ]; }; } }: |