diff options
| author | Alyssa Ross <hi@alyssa.is> | 2022-12-06 19:57:55 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-02-08 13:48:30 +0000 |
| commit | bf3aadfdd39aa197e18bade671fab6726349ffa4 (patch) | |
| tree | 698567af766ed441d757b57a7b21e68d4a342a2b /nixpkgs/pkgs/development/libraries/libressl | |
| parent | f4afc5a01d9539ce09e47494e679c51f80723d07 (diff) | |
| parent | 99665eb45f58d959d2cb9e49ddb960c79d596f33 (diff) | |
| download | nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.gz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.bz2 nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.lz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.xz nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.tar.zst nixlib-bf3aadfdd39aa197e18bade671fab6726349ffa4.zip | |
Merge commit '99665eb45f58d959d2cb9e49ddb960c79d596f33'
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/libressl')
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/libressl/default.nix | 24 | ||||
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/libressl/fix-build-with-glibc.patch | 92 |
2 files changed, 110 insertions, 6 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libressl/default.nix b/nixpkgs/pkgs/development/libraries/libressl/default.nix index 1ad63db733df..82974fe07283 100644 --- a/nixpkgs/pkgs/development/libraries/libressl/default.nix +++ b/nixpkgs/pkgs/development/libraries/libressl/default.nix @@ -12,13 +12,13 @@ let then "DYLD_LIBRARY_PATH" else "LD_LIBRARY_PATH"; - generic = { version, sha256, patches ? [] }: stdenv.mkDerivation rec { + generic = { version, hash, patches ? [] }: stdenv.mkDerivation rec { pname = "libressl"; inherit version; src = fetchurl { url = "mirror://openbsd/LibreSSL/${pname}-${version}.tar.gz"; - inherit sha256; + inherit hash; }; nativeBuildInputs = [ cmake ]; @@ -71,11 +71,9 @@ let moveToOutput "bin/nc" "$nc" moveToOutput "bin/openssl" "$bin" moveToOutput "bin/ocspcheck" "$bin" - moveToOutput "share/man/man1/nc.1${lib.optionalString (dontGzipMan==null) ".gz"}" "$nc" + moveToOutput "share/man/man1/nc.1.gz" "$nc" ''; - dontGzipMan = if stdenv.isDarwin then true else null; # not sure what's wrong - meta = with lib; { description = "Free TLS/SSL implementation"; homepage = "https://www.libressl.org"; @@ -88,6 +86,20 @@ let in { libressl_3_4 = generic { version = "3.4.3"; - sha256 = "sha256-/4i//jVIGLPM9UXjyv5FTFAxx6dyFwdPUzJx1jw38I0="; + hash = "sha256-/4i//jVIGLPM9UXjyv5FTFAxx6dyFwdPUzJx1jw38I0="; + }; + + libressl_3_5 = generic { + version = "3.5.3"; + hash = "sha256-OrXl6u9pziDGsXDuZNeFtCI19I8uYrCV/KXXtmcriyg="; + + patches = [ + # Fix endianness detection on aarch64-darwin, issue #181187 + (fetchpatch { + name = "fix-endian-header-detection.patch"; + url = "https://patch-diff.githubusercontent.com/raw/libressl-portable/portable/pull/771.patch"; + sha256 = "sha256-in5U6+sl0HB9qMAtUL6Py4X2rlv0HsqRMIQhhM1oThE="; + }) + ]; }; } diff --git a/nixpkgs/pkgs/development/libraries/libressl/fix-build-with-glibc.patch b/nixpkgs/pkgs/development/libraries/libressl/fix-build-with-glibc.patch new file mode 100644 index 000000000000..db482bcb35da --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/libressl/fix-build-with-glibc.patch @@ -0,0 +1,92 @@ +diff --git a/tests/explicit_bzero.c b/tests/explicit_bzero.c +index 34c60baa8a..9c0e917829 100644 +--- a/tests/explicit_bzero.c ++++ b/tests/explicit_bzero.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: explicit_bzero.c,v 1.6 2014/07/11 01:10:35 matthew Exp $ */ ++/* $OpenBSD: explicit_bzero.c,v 1.7 2021/03/27 11:17:58 bcook Exp $ */ + /* + * Copyright (c) 2014 Google Inc. + * +@@ -18,6 +18,7 @@ + #include <assert.h> + #include <errno.h> + #include <signal.h> ++#include <stdlib.h> + #include <string.h> + #include <unistd.h> + +@@ -36,19 +37,33 @@ enum { + SECRETBYTES = SECRETCOUNT * sizeof(secret) + }; + +-static char altstack[SIGSTKSZ + SECRETBYTES]; ++/* ++ * As of glibc 2.34, when _GNU_SOURCE is defined, SIGSTKSZ is no longer ++ * constant on Linux. SIGSTKSZ is redefined to sysconf (_SC_SIGSTKSZ). ++ */ ++static char *altstack; ++#define ALTSTACK_SIZE (SIGSTKSZ + SECRETBYTES) + + static void + setup_stack(void) + { ++ altstack = calloc(1, ALTSTACK_SIZE); ++ ASSERT_NE(NULL, altstack); ++ + const stack_t sigstk = { + .ss_sp = altstack, +- .ss_size = sizeof(altstack), ++ .ss_size = ALTSTACK_SIZE + }; + + ASSERT_EQ(0, sigaltstack(&sigstk, NULL)); + } + ++static void ++cleanup_stack(void) ++{ ++ free(altstack); ++} ++ + static void + assert_on_stack(void) + { +@@ -129,7 +144,7 @@ test_without_bzero() + char buf[SECRETBYTES]; + assert_on_stack(); + populate_secret(buf, sizeof(buf)); +- char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf)); ++ char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf)); + ASSERT_NE(NULL, res); + return (res); + } +@@ -140,7 +155,7 @@ test_with_bzero() + char buf[SECRETBYTES]; + assert_on_stack(); + populate_secret(buf, sizeof(buf)); +- char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf)); ++ char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf)); + ASSERT_NE(NULL, res); + explicit_bzero(buf, sizeof(buf)); + return (res); +@@ -183,15 +198,17 @@ main() + * on the stack. This sanity checks that call_on_stack() and + * populate_secret() work as intended. + */ +- memset(altstack, 0, sizeof(altstack)); ++ memset(altstack, 0, ALTSTACK_SIZE); + call_on_stack(do_test_without_bzero); + + /* + * Now test with a call to explicit_bzero() and check that we + * *don't* find any instances of the secret data. + */ +- memset(altstack, 0, sizeof(altstack)); ++ memset(altstack, 0, ALTSTACK_SIZE); + call_on_stack(do_test_with_bzero); + ++ cleanup_stack(); ++ + return (0); + } |