diff options
| author | Alyssa Ross <hi@alyssa.is> | 2023-09-14 13:17:39 +0000 |
|---|---|---|
| committer | Alyssa Ross <hi@alyssa.is> | 2023-09-14 13:17:39 +0000 |
| commit | 56e87d10ec12e00eab5c4b5710e01ab50eec267f (patch) | |
| tree | baff33c3da97619d02441379b3f0f369da8f3d5a /nixpkgs/pkgs/development/libraries/openssl | |
| parent | cc14c6e02d8424c1d446d248f71e08243181af8d (diff) | |
| parent | 3a2786eea085f040a66ecde1bc3ddc7099f6dbeb (diff) | |
| download | nixlib-56e87d10ec12e00eab5c4b5710e01ab50eec267f.tar nixlib-56e87d10ec12e00eab5c4b5710e01ab50eec267f.tar.gz nixlib-56e87d10ec12e00eab5c4b5710e01ab50eec267f.tar.bz2 nixlib-56e87d10ec12e00eab5c4b5710e01ab50eec267f.tar.lz nixlib-56e87d10ec12e00eab5c4b5710e01ab50eec267f.tar.xz nixlib-56e87d10ec12e00eab5c4b5710e01ab50eec267f.tar.zst nixlib-56e87d10ec12e00eab5c4b5710e01ab50eec267f.zip | |
Merge branch 'nixos-unstable' of https://github.com/NixOS/nixpkgs
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/openssl')
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch | 44 | ||||
| -rw-r--r-- | nixpkgs/pkgs/development/libraries/openssl/default.nix | 3 |
2 files changed, 47 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch b/nixpkgs/pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch new file mode 100644 index 000000000000..7312b41fc740 --- /dev/null +++ b/nixpkgs/pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch @@ -0,0 +1,44 @@ +From 4bfac4471f53c4f74c8d81020beb938f92d84ca5 Mon Sep 17 00:00:00 2001 +From: Bernd Edlinger <bernd.edlinger@hotmail.de> +Date: Tue, 22 Aug 2023 16:07:30 +0200 +Subject: [PATCH] Avoid clobbering non-volatile XMM registers + +This affects some Poly1305 assembler functions +which are only used for certain CPU types. + +Remove those functions for Windows targets, +as a simple interim solution. + +Fixes #21522 + +Reviewed-by: Tomas Mraz <tomas@openssl.org> +Reviewed-by: Paul Dale <pauli@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/21808) + +(cherry picked from commit 7b8e27bc2e02238986d89ef0ece067ec1b48e165) +--- + crypto/poly1305/asm/poly1305-x86_64.pl | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl +index fa9bfb7a7b81..24bab9d0bcf9 100755 +--- a/crypto/poly1305/asm/poly1305-x86_64.pl ++++ b/crypto/poly1305/asm/poly1305-x86_64.pl +@@ -195,7 +195,7 @@ sub poly1305_iteration { + bt \$`5+32`,%r9 # AVX2? + cmovc %rax,%r10 + ___ +-$code.=<<___ if ($avx>3); ++$code.=<<___ if ($avx>3 && !$win64); + mov \$`(1<<31|1<<21|1<<16)`,%rax + shr \$32,%r9 + and %rax,%r9 +@@ -2724,7 +2724,7 @@ sub poly1305_iteration { + .cfi_endproc + .size poly1305_blocks_avx512,.-poly1305_blocks_avx512 + ___ +-if ($avx>3) { ++if ($avx>3 && !$win64) { + ######################################################################## + # VPMADD52 version using 2^44 radix. + # diff --git a/nixpkgs/pkgs/development/libraries/openssl/default.nix b/nixpkgs/pkgs/development/libraries/openssl/default.nix index aaee6685cfc5..93786881a520 100644 --- a/nixpkgs/pkgs/development/libraries/openssl/default.nix +++ b/nixpkgs/pkgs/development/libraries/openssl/default.nix @@ -241,6 +241,9 @@ in { patches = [ ./1.1/nix-ssl-cert-file.patch + # https://www.openssl.org/news/secadv/20230908.txt + ./1.1/CVE-2023-4807.patch + (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) |