57bccb3cb8
treewide: http -> https sources ( #42676 )
...
* treewide: http -> https sources
This updates the source urls of all top-level packages from http to
https where possible.
* buildtorrent: fix url and tab -> spaces
6 years ago
0c3efb9ba0
openssl: Support iOS cross compilation (in theory)
6 years ago
01a4d957dd
openssl: enable parallel building
...
There is no improvement for the build duration of openssl 1.0
but the one of openssl 1.1 is reduced significantly.
6 years ago
72110322c0
openssl_1_1_0: 1.1.0g -> 1.1.0h (fixes CVE-2018-0739, CVE-2017-3738)
...
Also fixes CVE-2018-0733 but we do not support HP-UX to my knowledge :-)
Announcement at [1].
[1] https://www.openssl.org/news/secadv/20180327.txt
6 years ago
4bf9b4a328
openssl: 1.0.2n -> 1.0.2o (fixes CVE-2017-3738, CVE-2018-0739)
...
Announcement can be found at [1].
[1] https://www.openssl.org/news/secadv/20180327.txt
6 years ago
cccf48ca0c
openssl: isMusl
6 years ago
6593d882a9
openssl: fix cross, ensure 'Configure' has shebang patched
6 years ago
aa00d53708
openssl 1.1.0: disable 'async' bits relating to setcontext/etc on musl
6 years ago
57b01b1bcf
lib, openssl: Get rid of openssl.system
...
We compute it on the fly, careful to avoid any mass rebuilds for now.
7 years ago
4cc3510a92
openssl_1_1_0: Fix CVE-2017-3738
7 years ago
0841f14a8f
openssl_1_0_2: 1.0.2m -> 1.0.2n (CVE-2017-3737, CVE-2017-3738)
...
See [1] for more details
[1] https://www.openssl.org/news/secadv/20171207.txt
7 years ago
e06dbe4f5b
openssl: fix nix patch for recent update
7 years ago
5e2d96deb3
openssl_1_1_0: 1.1.0f -> 1.1.0g
7 years ago
7726b46027
openssl_1_0_2: 1.0.2l -> 1.0.2m
7 years ago
269f057be3
openssl: use https for homepage
7 years ago
e85a855d2c
openssl 1_1_0: fix build on aarch64
7 years ago
c23dcd72a0
Enable some more debug info
7 years ago
60eff17b27
openssl: cc-wrapper can be relied on to export these env vars
7 years ago
c580ab4fcf
openssl: fix cygwin build
7 years ago
67c1f0e65a
openssl: 1.0.2k -> 1.0.2l
...
cc #26435
7 years ago
a64194f9d4
openssl: 1.1.0e -> 1.1.0f
7 years ago
2c006ca805
Revert "openssl: add custom build of 1.0.2 for steam"
...
No longer necessary. See https://github.com/NixOS/nixpkgs/pull/23034#issuecomment-291005754
This reverts commit a50784b34e
7 years ago
c86f05e7ce
openssl: default to default profile CA on darwin
7 years ago
c3c9412c7d
git, openssl, curl: Respect $NIX_SSL_CERT_FILE
...
Slightly modified version of 942dbf89c6
7 years ago
0d2ba7ef2b
openssl: 1.1.0d -> 1.1.0e for High severity CVE-2017-3733
7 years ago
426b61a1c7
openssl_1_0_1: remove
8 years ago
6626b62241
openssl_1_0_1: not maintained anymore, rename as -vulnerable
...
This is not maintained anymore upstream but is still used by sslscan.
Until this package is updated or fixed, we'll keep it around under
the unambiguous name openssl_1_0_1-vulnerable.
8 years ago
49bfd6068d
openssl_1_1_0: 1.1.0c -> 1.1.0d for multiple CVEs
...
Fixes:
* CVE-2017-3731
* CVE-2017-3730
* CVE-2017-3732
* CVE-2016-7055
8 years ago
434c15193a
openssl_1_0_2: 1.0.2j -> 1.0.2k for multiple CVEs
...
Fixes:
* CVE-2017-3731
* CVE-2017-3730
* CVE-2017-3732
* CVE-2016-7055
8 years ago
94df8e7e4d
openssl: Output-santizing hack properly uses native perl again
8 years ago
bb2a67d226
openssl_1_1_0: 1.1.0b -> 1.1.0c
8 years ago
a50784b34e
openssl: add custom build of 1.0.2 for steam
8 years ago
811b876fab
Revert "openssl, curl, git: Respect $NIX_SSL_CERT_FILE"
...
This reverts commit 942dbf89c6
8 years ago
942dbf89c6
openssl, curl, git: Respect $NIX_SSL_CERT_FILE
...
$NIX_SSL_CERT_FILE overrides $SSL_CERT_FILE, which in turn overrides
the default CA path (/etc/ssl/certs/ca-certificates.crt). This allows
Nix to set a CA path without interfering with other packages (such as
Homebrew).
See https://github.com/NixOS/nix/issues/921 .
8 years ago
b743ddf8f9
sslscan: enable ssl2 checking
8 years ago
4d75c71f38
openssl: 1.0.2i -> 1.0.2j, 1.1.0a -> 1.1.0b
...
https://www.openssl.org/news/secadv/20160926.txt
8 years ago
ac03df96ba
openssl: 1.0.1t -> 1.0.1u, 1.0.2h -> 1.0.2i, 1.1.0 -> 1.1.0a
...
https://www.openssl.org/news/secadv/20160922.txt
8 years ago
c45bf3c43d
openssl-chacha: 2016-01-27 -> 2016-08-22
8 years ago
a17216af4c
treewide: Shuffle outputs
...
Make either 'bin' or 'out' the first output.
8 years ago
ed01e0ca4f
openssl: fix merge conflict between b6dabe3 and 6e7ca92
8 years ago
b6dabe3df0
openssl_1_1_0: init at 1.1.0
8 years ago
6e7ca9272e
openssl: fix CVE-2016-2177
8 years ago
8e462995ba
Bring my stdenv.lib.maintainers user name in line with my github nick.
8 years ago
bdafc6df04
openssl: 1.0.1s -> 1.0.1t, 1.0.2g -> 1.0.2h
...
CVE-2016-2108, high severity: Memory corruption in the ASN.1 encoder
CVE-2016-2107, high severity: Padding oracle in AES-NI CBC MAC check
CVE-2016-2105, low severity: EVP_EncodeUpdate overflow
CVE-2016-2106, low severity: EVP_EncryptUpdate overflow
CVE-2016-2109, low severity: ASN.1 BIO excessive memory allocation
CVE-2016-2176, low severity: EBCDIC overread
8 years ago
26f90102b8
openssl: fix indentation
8 years ago
f34655e28c
openssl-chacha: Split into multiple outputs
...
Mainly done because of this in all-packages.nix:
````
cipherscan = callPackage ../tools/security/cipherscan {
openssl = if stdenv.system == "x86_64-linux"
then openssl-chacha
else openssl;
};
````
... and inside cipherscan we want to refer to `openssl.bin`
8 years ago
e0d17fdf10
openssl: Use 1.0.2 by default
...
Provided that not too much breaks, we should probably cherry-pick this
to 16.03, since the end of the 1.0.1 support window is a bit too close
to the expected lifetime of 16.0.3. @domenkozar
8 years ago
cdbd14a1a8
openssl: 1.0.1r -> 1.0.1s, 1.0.2f -> 1.0.2g
...
CVE-2016-0800
8 years ago
b6ff8f9314
disable darwin-arch.patch on openssl >= 1.0.2
8 years ago
ef86e9506d
Untested fix for #13401
8 years ago
Silvan Mosberger