diff options
| author | Alyssa Ross <hi@alyssa.is> | 2022-01-03 23:55:00 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2022-02-19 11:03:39 +0000 |
| commit | f4cf97a04cd5d0b86aa46baec9fb228a8f671c03 (patch) | |
| tree | 28192415ff39a661d0001563bf81cc93fa25d16d /nixpkgs/pkgs/development/libraries/libressl | |
| parent | f8422837c9bde058e8f2de37702e7e94b2226040 (diff) | |
| parent | 18c84ea816348e2a098390101b92d1e39a9dbd45 (diff) | |
| download | nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.gz nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.bz2 nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.lz nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.xz nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.tar.zst nixlib-f4cf97a04cd5d0b86aa46baec9fb228a8f671c03.zip | |
Merge commit '18c84ea816348e2a098390101b92d1e39a9dbd45'
Conflicts: nixpkgs/nixos/modules/misc/documentation.nix nixpkgs/pkgs/applications/networking/browsers/firefox/packages.nix nixpkgs/pkgs/applications/window-managers/sway/default.nix nixpkgs/pkgs/build-support/rust/build-rust-package/default.nix nixpkgs/pkgs/development/go-modules/generic/default.nix nixpkgs/pkgs/development/interpreters/ruby/default.nix nixpkgs/pkgs/development/interpreters/ruby/patchsets.nix nixpkgs/pkgs/development/libraries/boehm-gc/7.6.6.nix nixpkgs/pkgs/development/python-modules/django-mailman3/default.nix nixpkgs/pkgs/servers/mail/mailman/web.nix nixpkgs/pkgs/top-level/aliases.nix nixpkgs/pkgs/top-level/all-packages.nix nixpkgs/pkgs/top-level/impure.nix
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/libressl')
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/libressl/CVE-2021-41581.patch | 53 | ||||
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/libressl/default.nix | 24 |
2 files changed, 12 insertions, 65 deletions
diff --git a/nixpkgs/pkgs/development/libraries/libressl/CVE-2021-41581.patch b/nixpkgs/pkgs/development/libraries/libressl/CVE-2021-41581.patch deleted file mode 100644 index 244792567192..000000000000 --- a/nixpkgs/pkgs/development/libraries/libressl/CVE-2021-41581.patch +++ /dev/null @@ -1,53 +0,0 @@ -Based on upstream https://github.com/openbsd/src/commit/62ceddea5b1d64a1a362bbb7071d9e15adcde6b1 -with paths switched to apply to libressl-portable and CVS header -hunk removed. - ---- a/crypto/x509/x509_constraints.c -+++ b/crypto/x509/x509_constraints.c -@@ -339,16 +339,16 @@ - if (c == '.') - goto bad; - } -- if (wi > DOMAIN_PART_MAX_LEN) -- goto bad; - if (accept) { -+ if (wi >= DOMAIN_PART_MAX_LEN) -+ goto bad; - working[wi++] = c; - accept = 0; - continue; - } - if (candidate_local != NULL) { - /* We are looking for the domain part */ -- if (wi > DOMAIN_PART_MAX_LEN) -+ if (wi >= DOMAIN_PART_MAX_LEN) - goto bad; - working[wi++] = c; - if (i == len - 1) { -@@ -363,7 +363,7 @@ - continue; - } - /* We are looking for the local part */ -- if (wi > LOCAL_PART_MAX_LEN) -+ if (wi >= LOCAL_PART_MAX_LEN) - break; - - if (quoted) { -@@ -383,6 +383,8 @@ - */ - if (c == 9) - goto bad; -+ if (wi >= LOCAL_PART_MAX_LEN) -+ goto bad; - working[wi++] = c; - continue; /* all's good inside our quoted string */ - } -@@ -412,6 +414,8 @@ - } - if (!local_part_ok(c)) - goto bad; -+ if (wi >= LOCAL_PART_MAX_LEN) -+ goto bad; - working[wi++] = c; - } - if (candidate_local == NULL || candidate_domain == NULL) diff --git a/nixpkgs/pkgs/development/libraries/libressl/default.nix b/nixpkgs/pkgs/development/libraries/libressl/default.nix index d70672f63ac3..0d01eeb81f1a 100644 --- a/nixpkgs/pkgs/development/libraries/libressl/default.nix +++ b/nixpkgs/pkgs/development/libraries/libressl/default.nix @@ -40,14 +40,20 @@ let # removing ./configure pre-config. preConfigure = '' rm configure + substituteInPlace CMakeLists.txt \ + --replace 'exec_prefix \''${prefix}' "exec_prefix ${placeholder "bin"}" \ + --replace 'libdir \''${exec_prefix}' 'libdir \''${prefix}' ''; inherit patches; # Since 2.9.x the default location can't be configured from the build using # DEFAULT_CA_FILE anymore, instead we have to patch the default value. - postPatch = lib.optionalString (lib.versionAtLeast version "2.9.2") '' - substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"' + postPatch = '' + patchShebangs tests/ + ${lib.optionalString (lib.versionAtLeast version "2.9.2") '' + substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"' + ''} ''; doCheck = true; @@ -81,17 +87,11 @@ let in { libressl_3_2 = generic { - version = "3.2.5"; - sha256 = "1zkwrs3b19s1ybz4q9hrb7pqsbsi8vxcs44qanfy11fkc7ynb2kr"; - patches = [ - ./CVE-2021-41581.patch - ]; + version = "3.2.7"; + sha256 = "112bjfrwwqlk0lak7fmfhcls18ydf62cp7gxghf4gklpfl1zyckw"; }; libressl_3_4 = generic { - version = "3.4.0"; - sha256 = "1lhn76nd59p1dfd27b4636zj6wh3f5xsi8b3sxqnl820imsswbp5"; - patches = [ - ./CVE-2021-41581.patch - ]; + version = "3.4.1"; + sha256 = "0766yxb599lx7qmlmsddiw9wgminz9mc311mav5q23l0rbkflz0h"; }; } |