cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

python3Packages.nassl: improve overridden openssl versions

Browse source 
firstly override the correct respective base openssl version - this
gives us an approximately appropriate set of patches and
knownVulnerabilities to start with.

filter patches that don't apply to the overridden source, fixing
the build on darwin.
This commit is contained in:
Robert Scott 2021-11-06 19:40:47 +00:00
parent d3501f7427
commit 86e62e7386
1 changed files with 21 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
pkgs/development/python-modules/nassl/default.nix
View file

@ -3,7 +3,8 @@
, fetchurl , fetchurl
, buildPythonPackage , buildPythonPackage
, pkgsStatic , pkgsStatic
, openssl , openssl_1_1
, openssl_1_0_2
, invoke , invoke
, tls-parser , tls-parser
, cacert , cacert
@ -36,7 +37,7 @@ let
"enable-mdc2" "enable-mdc2"
"-fPIC" "-fPIC"
]; ];
opensslStatic = (openssl.override nasslOpensslArgs).overrideAttrs ( opensslStatic = (openssl_1_1.override nasslOpensslArgs).overrideAttrs (
oldAttrs: rec { oldAttrs: rec {
name = "openssl-${version}"; name = "openssl-${version}";
version = "1.1.1h"; version = "1.1.1h";
@ -49,10 +50,24 @@ let
"enable-tls1_3" "enable-tls1_3"
"no-async" "no-async"
]; ];
patches = builtins.filter (
p: (builtins.baseNameOf (toString p)) != "macos-yosemite-compat.patch"
) oldAttrs.patches;
buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ]; buildInputs = oldAttrs.buildInputs ++ [ zlibStatic cacert ];
meta = oldAttrs.meta // {
knownVulnerabilities = [
"CVE-2020-1971"
"CVE-2021-23840"
"CVE-2021-23841"
"CVE-2021-3449"
"CVE-2021-3450"
"CVE-2021-3711"
"CVE-2021-3712"
];
};
} }
); );
opensslLegacyStatic = (openssl.override nasslOpensslArgs).overrideAttrs ( opensslLegacyStatic = (openssl_1_0_2.override nasslOpensslArgs).overrideAttrs (
oldAttrs: rec { oldAttrs: rec {
name = "openssl-${version}"; name = "openssl-${version}";
version = "1.0.2e"; version = "1.0.2e";
@ -61,7 +76,9 @@ let
sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72"; sha256 = "1zqb1rff1wikc62a7vj5qxd1k191m8qif5d05mwdxz2wnzywlg72";
}; };
configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon; configureFlags = oldAttrs.configureFlags ++ nasslOpensslFlagsCommon;
patches = [ ]; patches = builtins.filter (
p: (builtins.baseNameOf (toString p)) == "darwin64-arm64.patch"
) oldAttrs.patches;
buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ]; buildInputs = oldAttrs.buildInputs ++ [ zlibStatic ];
# openssl_1_0_2 needs `withDocs = false` # openssl_1_0_2 needs `withDocs = false`
outputs = lib.remove "doc" oldAttrs.outputs; outputs = lib.remove "doc" oldAttrs.outputs;