Commit graph

72 commits

Author SHA1 Message Date
Matthew Bauer
37744d2c36 libressl: add static override 2019-09-19 12:38:08 -04:00
Matthew Bauer
8f01848075 libressl: support musl in libressl 2.9.2 2019-09-19 12:38:08 -04:00
Dima
044f771d59 libressl: fixing nc for version>=2.9
This addresses https://github.com/NixOS/nixpkgs/issues/68286

When `-R` (CA file location) is not specified, nc tries to fall back to
a default location. In 2.8 this was still configurable at compile time,
but was changed somewhere after. This replaces `/etc/ssl/cert.pem`
with `${cacert}/etc/ssl/cert.pem` in the code directly.

For a discussion of this, see https://github.com/NixOS/nixpkgs/pull/68456
2019-09-17 23:08:43 +02:00
Vladimír Čunát
2e6bf42a22
Merge branch 'master' into staging-next
There ver very many conflicts, basically all due to
name -> pname+version.  Fortunately, almost everything was auto-resolved
by kdiff3, and for now I just fixed up a couple evaluation problems,
as verified by the tarball job.  There might be some fallback to these
conflicts, but I believe it should be minimal.

Hydra nixpkgs: ?compare=1538299
2019-08-24 08:55:37 +02:00
Matthew Bauer
856d10a9b8
Merge pull request #66454 from ruuda/libcrypto-noexecstack
libressl: build libcrypto with noexecstack
2019-08-21 14:11:08 -04:00
Ruud van Asseldonk
fdd78a5387 libressl: use CFLAGS to avoid exectuable stack
It turns out that libcrypto had an exectuable stack, because it linked
some objects without a .note.GNU-stack section. Compilers add this
section by default, but the objects produced from .S files did not
contain it. The .S files do include a directive to add the section, but
guarded behind an #ifdef HAVE_GNU_STACK. So define HAVE_GNU_STACK, to
ensure that all objects have a .note.GNU-stack section.
2019-08-21 00:16:08 +02:00
Robin Gloster
4e60b0efae
treewide: update globin's maintained drvs 2019-08-20 19:36:05 +02:00
Ruud van Asseldonk
bc185504ca libressl_3_0: init at 3.0.0 2019-08-20 08:50:57 -05:00
volth
46420bbaa3 treewide: name -> pname (easy cases) (#66585)
treewide replacement of

stdenv.mkDerivation rec {
  name = "*-${version}";
  version = "*";

to pname
2019-08-15 13:41:18 +01:00
Ruud van Asseldonk
c02b4a1cc8 libressl: do not set noexecstack on Darwin at all
It is not needed on Darwin. [1] Thanks Matthew for explaining this.

[1]: https://github.com/NixOS/nixpkgs/pull/66454#issuecomment-520970986
2019-08-13 22:20:16 +02:00
Ruud van Asseldonk
b3c613b9aa libressl: fix noexecstack on Darwin
The flags to disable executable stacks are different for Clang and GCC,
and Clang is used on Darwin.
2019-08-11 20:34:57 +02:00
Ruud van Asseldonk
8b6a9202e7 libressl: build libcrypto with noexecstack
For some reasons, libcrypto would be built with the executable stack
flag set. I found out about this when Nginx failed to load the shared
library, because I was running it with MemoryDenyWriteExecute=true,
which does not permit executable stacks.

I am not sure why the stack ends up executable; the other shared
libraries which are part of LibreSSL do not have this flag set. You can
verify this with 'execstack -q'. Non-executable stacks should be the
default, and from checking some other files, that does appear to be the
case. The LibreSSL sources do not contain the string "execstack", so
I am not sure what causes the default to be overridden.

Adding '-z noexecstack' to the linker flags makes the linker unset the
flag. Now my Nginx can load the library, and so far I have not run into
other issues.
2019-08-10 22:21:57 +02:00
Bas van Dijk
4099a9ad38 libressl: add openssl license
LibreSSL is also licensed under the OpenSSL license. See:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libssl/LICENSE?rev=1.12&content-type=text/plain
2019-06-24 10:16:02 +02:00
Franz Pletz
cea163252a
libressl_2_7: remove, not maintained anymore
Stable LibreSSL releases are supported one year after their OpenBSD release.
OpenBSD 6.3 with this branch was released on 2018-04-01.
2019-06-02 19:52:04 +02:00
Izorkin
67709c3c1b libressl_2_9: 2.9.1 -> 2.9.2 2019-06-01 16:08:01 +00:00
Ruud van Asseldonk
5f594be463 libressl: ensure we can link against libtls
Without setting BUILD_SHARED_LIBS, the package would build file, but
when linking it into acme-client or nginx, I got the following error:

    libressl-2.9.1/lib/libtls.a(tls.c.o): undefined reference to symbol 'pthread_once@@GLIBC_2.2.5'
    binutils-2.31.1/bin/ld: glibc-2.27/lib/libpthread.so.0: error adding symbols: DSO missing from command line
    collect2: error: ld returned 1 exit status

After looking at the CMakeLists.txt in libressl/tls, I noticed the
BUILD_SHARED_LIBS option, and setting it resolves the linking error.
2019-05-04 18:40:21 +02:00
Ruud van Asseldonk
8c7cde5df2 libressl: build with cmake
LibreSSL 2.9.1 no longer builds with the default autotools configuration.
When I searched for the error, I noticed that Buildroot ran into the
same issue, and they resolved the problem by building with CMake rather
than autotools. [1] I followed the same approach here.

[1]: e783d60473
2019-05-04 15:55:14 +02:00
Ruud van Asseldonk
3415872fe4 libressl_2_9: 2.9.0 -> 2.9.1
This new version does not build as-is, it will need to be patched.
2019-05-04 15:07:34 +02:00
Jörg Thalheim
b5c1deca8a
treewide: remove wkennington as maintainer
He prefers to contribute to his own nixpkgs fork triton.
Since he is still marked as maintainer in many packages
this leaves the wrong impression he still maintains those.
2019-01-26 10:05:32 +00:00
Franz Pletz
51c8e01676
libressl_2_9: init at 2.9.0 2018-12-18 00:09:00 +01:00
Franz Pletz
949dc60acc
libressl_2_8: 2.8.2 -> 2.8.3 2018-12-18 00:08:59 +01:00
Franz Pletz
b7254b6b2c
libressl_2_7: 2.7.4 -> 2.7.5 2018-12-18 00:08:59 +01:00
Franz Pletz
5911d54457
libressl_2_6: remove, not maintained anymore 2018-12-18 00:08:58 +01:00
R. RyanTM
d888c03784 libressl_2_8: 2.8.1 -> 2.8.2 (#49293)
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libressl/versions
2018-10-27 20:11:48 -04:00
R. RyanTM
807d73c391 libressl_2_8: 2.8.0 -> 2.8.1
Semi-automatic update generated by
https://github.com/ryantm/nixpkgs-update tools. This update was made
based on information from
https://repology.org/metapackage/libressl/versions
2018-10-03 11:58:32 -05:00
Markus Kowalewski
7dceb84419
libressl: add licenses 2018-08-17 22:15:45 +02:00
Austin Seipp
078da082b6 libressl: add 2.8.0
This does not remove any prior versions: LibreSSL versions are
maintained for a year after their corresponding OpenBSD branch is tagged
for release:

   - v2.6.x, part of OpenBSD 6.2-release, Nov 2017 (EOL: Nov 2018)
   - v2.7.x, part of OpenBSD 6.3-release, Apr 2018 (EOL: Apr 2019)
   - v2.8.x, expected OpenBSD 6.4-release, ETA Sep 2018 (EOL: Sep 2019)

This also does not change the default version: the stable branch remains
2.7.x, and 2.8.0 is the newest released development version. 2.8 can
become the default after OpenBSD-6.4

Closes #44760 (as it's redundant).

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2018-08-08 18:59:22 -05:00
Franz Pletz
26501a9bf9
libressl_2_6: 2.6.4 -> 2.6.5 2018-06-19 18:07:40 +02:00
Franz Pletz
96a2217e92
libressl_2_5: remove, unmaintained 2018-06-19 18:07:40 +02:00
R. RyanTM
c2867828bb libressl: 2.7.3 -> 2.7.4
Semi-automatic update generated by https://github.com/ryantm/nixpkgs-update tools.

This update was made based on information from https://repology.org/metapackage/libressl/versions.

These checks were done:

- built on NixOS
- Warning: no invocation of /nix/store/2sj5bh1lwzls0vc31v2fhxaw648n0i9v-libressl-2.7.4-bin/bin/ocspcheck had a zero exit code or showed the expected version
- /nix/store/2sj5bh1lwzls0vc31v2fhxaw648n0i9v-libressl-2.7.4-bin/bin/openssl passed the binary check.
- 1 of 2 passed binary check by having a zero exit code.
- 1 of 2 passed binary check by having the new version present in output.
- found 2.7.4 with grep in /nix/store/2sj5bh1lwzls0vc31v2fhxaw648n0i9v-libressl-2.7.4-bin
- directory tree listing: https://gist.github.com/e28b9d47b987d9408427c7ec06e3b9fb
- du listing: https://gist.github.com/0d61c26c272780f10c5ce5359fb79bc7
2018-06-19 16:06:15 +00:00
Ruud van Asseldonk
3e293b2dc3 libressl: use https url in metadata 2018-05-13 15:26:34 +02:00
Ruud van Asseldonk
4371e5be0b libressl_2_7: init at 2.7.3 2018-05-13 15:25:24 +02:00
Matthew Justin Bauer
e8672c8b37
libressl: fix eval 2018-04-29 15:14:34 -05:00
Matthew Bauer
c2148482c2 libressl: move netcat stuff to '.nc' output
I still feel weird about doing this because it seems a little hacky
but this was requested by @Mic92 and seems understandable to not want
to mix up libressl outputs with netcat stuff.
2018-04-29 14:47:12 -05:00
Matthew Bauer
949bb98872 libressl: build netcat 2018-04-27 19:33:05 -05:00
Robin Gloster
1729c65736
libressl_2_6: 2.6.2 -> 2.6.4 2018-01-17 00:10:07 +01:00
Franz Pletz
4d7d5c8c34
libressl_2_6: 2.6.0 -> 2.6.2 2017-09-26 17:28:46 +02:00
Franz Pletz
3e8a565a04
libressl: refactor, drop 2.4, 2.5.4 -> 2.5.5, init 2.6 2017-07-20 19:31:08 +02:00
Vladimír Čunát
ed93e8e16b
libressl: work around some problem with man pages
https://github.com/NixOS/nixpkgs/commit/20ffc3cd73#commitcomment-22368612
2017-06-02 16:21:35 +02:00
Joachim Fasting
e2bc4e4bde
libressl: 2.5.3 -> 2.5.4
Contains a fix for CVE-2017-8301: TLS verification vulnerability in
LibreSSL 2.5.1 - 2.5.3 [1][2]

[1]: http://seclists.org/oss-sec/2017/q2/145
[2]: https://github.com/libressl-portable/portable/issues/307
2017-05-05 07:37:48 +02:00
Franz Pletz
29ed67faea
libressl_2_5: 2.5.1 -> 2.5.3 2017-04-11 19:41:01 +02:00
Robin Gloster
2110d59fa1
libressl_2_5: 2.5.0 -> 2.5.1
security update, no CVE assigned AFAICS

/cc @grahamc
2017-02-02 00:26:47 +01:00
Robin Gloster
0b19f2f742
libressl_2_4: 2.4.4 -> 2.4.5
security update, no CVE assigned AFAICS

/cc @grahamc
2017-02-02 00:25:51 +01:00
Robin Gloster
c466e31a0f
libressl_2_3: remove 2017-01-27 20:39:32 +01:00
Franz Pletz
52f1a37898
libressl_2_4: 2.4.3 -> 2.4.4 2016-11-09 20:02:45 +01:00
Franz Pletz
ecfb8df7a7
libressl_2_3: 2.3.8 -> 2.3.9 2016-11-09 20:02:09 +01:00
Franz Pletz
8916ba141b
libressl_2_5: init at 2.5.0 2016-09-28 15:15:56 +02:00
Franz Pletz
f749a16662
libressl_2_4: 2.4.2 -> 2.4.3 2016-09-28 15:15:55 +02:00
Franz Pletz
6b8aed6649
libressl_2_3: 2.3.7 -> 2.3.8 2016-09-28 15:15:55 +02:00
Tuomas Tynkkynen
a17216af4c treewide: Shuffle outputs
Make either 'bin' or 'out' the first output.
2016-08-29 14:49:51 +03:00