openssl: 3.0.5 -> 3.0.6
fixes CVE-2022-3358 https://www.openssl.org/news/secadv/20221011.txt
This commit is contained in:
ajs124
parent
4b02f74d3c
commit
0c743ca36f
2 changed files with 23 additions and 20 deletions
|
|
@ -1,22 +1,25 @@
|
|||
diff --git a/Configure b/Configure
|
||||
index f0ad787bc4..a48d2008c6 100755
|
||||
index a558e5ab1a..9a884f0b0f 100755
|
||||
--- a/Configure
|
||||
+++ b/Configure
|
||||
@@ -1688,17 +1688,6 @@ unless ($disabled{devcryptoeng}) {
|
||||
@@ -1714,20 +1714,6 @@ unless ($disabled{devcryptoeng}) {
|
||||
|
||||
unless ($disabled{ktls}) {
|
||||
$config{ktls}="";
|
||||
if ($target =~ m/^linux/) {
|
||||
- my $usr = "/usr/$config{cross_compile_prefix}";
|
||||
- chop($usr);
|
||||
- if ($config{cross_compile_prefix} eq "") {
|
||||
- $usr = "/usr";
|
||||
- }
|
||||
- my $minver = (4 << 16) + (13 << 8) + 0;
|
||||
- my @verstr = split(" ",`cat $usr/include/linux/version.h | grep LINUX_VERSION_CODE`);
|
||||
-
|
||||
- if ($verstr[2] < $minver) {
|
||||
- my $cc = $config{CROSS_COMPILE}.$config{CC};
|
||||
- if ($target =~ m/^linux/) {
|
||||
- system("printf '#include <sys/types.h>\n#include <linux/tls.h>' | $cc -E - >/dev/null 2>&1");
|
||||
- if ($? != 0) {
|
||||
- disable('too-old-kernel', 'ktls');
|
||||
- }
|
||||
} elsif ($target =~ m/^BSD/) {
|
||||
my $cc = $config{CROSS_COMPILE}.$config{CC};
|
||||
system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
|
||||
- } elsif ($target =~ m/^BSD/) {
|
||||
- system("printf '#include <sys/types.h>\n#include <sys/ktls.h>' | $cc -E - >/dev/null 2>&1");
|
||||
- if ($? != 0) {
|
||||
- disable('too-old-freebsd', 'ktls');
|
||||
- }
|
||||
- } else {
|
||||
- disable('not-linux-or-freebsd', 'ktls');
|
||||
- }
|
||||
}
|
||||
|
||||
push @{$config{openssl_other_defines}}, "OPENSSL_NO_KTLS" if ($disabled{ktls});
|
||||
|
|
|
|||
|
|
@ -16,14 +16,14 @@
|
|||
# files.
|
||||
|
||||
let
|
||||
common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }:
|
||||
common = { version, hash, patches ? [], withDocs ? false, extraMeta ? {} }:
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "openssl";
|
||||
inherit version;
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://www.openssl.org/source/${pname}-${version}.tar.gz";
|
||||
inherit sha256;
|
||||
inherit hash;
|
||||
};
|
||||
|
||||
inherit patches;
|
||||
|
|
@ -214,7 +214,7 @@ in {
|
|||
|
||||
openssl_1_1 = common rec {
|
||||
version = "1.1.1q";
|
||||
sha256 = "sha256-15Oc5hQCnN/wtsIPDi5XAxWKSJpyslB7i9Ub+Mj9EMo=";
|
||||
hash = "sha256-15Oc5hQCnN/wtsIPDi5XAxWKSJpyslB7i9Ub+Mj9EMo=";
|
||||
patches = [
|
||||
./1.1/nix-ssl-cert-file.patch
|
||||
|
||||
|
|
@ -228,8 +228,8 @@ in {
|
|||
};
|
||||
|
||||
openssl_3 = common {
|
||||
version = "3.0.5";
|
||||
sha256 = "sha256-qn2Nm+9xrWUlxVuhHl9Dl4ic5Jwsk0nc6m0+TwsCSno=";
|
||||
version = "3.0.6";
|
||||
hash = "sha256-5KEKKYaUXj8aHy69aKx4BEmhdzuWtqF0/fZQ1ryWEfE=";
|
||||
patches = [
|
||||
./3.0/nix-ssl-cert-file.patch
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue