pyrox.dev / nixpkgs
lol
fork atom

openssl_1_1: 1.1.1v -> 1.1.1w

https://github.com/openssl/openssl/blob/OpenSSL_1_1_1w/NEWS

ajs124 93840b48 9daac02a

options
unified split
Changed files
+3 -50
pkgs
development
libraries
openssl
1.1
CVE-2023-4807.patch
default.nix
top-level
release.nix
-44
pkgs/development/libraries/openssl/1.1/CVE-2023-4807.patch 
···

       
1

       

       
-

       
From 4bfac4471f53c4f74c8d81020beb938f92d84ca5 Mon Sep 17 00:00:00 2001


     

       
2

       

       
-

       
From: Bernd Edlinger <bernd.edlinger@hotmail.de>


     

       
3

       

       
-

       
Date: Tue, 22 Aug 2023 16:07:30 +0200


     

       
4

       

       
-

       
Subject: [PATCH] Avoid clobbering non-volatile XMM registers


     

       
5

       

       
-

       



     

       
6

       

       
-

       
This affects some Poly1305 assembler functions


     

       
7

       

       
-

       
which are only used for certain CPU types.


     

       
8

       

       
-

       



     

       
9

       

       
-

       
Remove those functions for Windows targets,


     

       
10

       

       
-

       
as a simple interim solution.


     

       
11

       

       
-

       



     

       
12

       

       
-

       
Fixes #21522


     

       
13

       

       
-

       



     

       
14

       

       
-

       
Reviewed-by: Tomas Mraz <tomas@openssl.org>


     

       
15

       

       
-

       
Reviewed-by: Paul Dale <pauli@openssl.org>


     

       
16

       

       
-

       
(Merged from https://github.com/openssl/openssl/pull/21808)


     

       
17

       

       
-

       



     

       
18

       

       
-

       
(cherry picked from commit 7b8e27bc2e02238986d89ef0ece067ec1b48e165)


     

       
19

       

       
-

       
---


     

       
20

       

       
-

       
 crypto/poly1305/asm/poly1305-x86_64.pl | 4 ++--


     

       
21

       

       
-

       
 1 file changed, 2 insertions(+), 2 deletions(-)


     

       
22

       

       
-

       



     

       
23

       

       
-

       
diff --git a/crypto/poly1305/asm/poly1305-x86_64.pl b/crypto/poly1305/asm/poly1305-x86_64.pl


     

       
24

       

       
-

       
index fa9bfb7a7b81..24bab9d0bcf9 100755


     

       
25

       

       
-

       
--- a/crypto/poly1305/asm/poly1305-x86_64.pl


     

       
26

       

       
-

       
+++ b/crypto/poly1305/asm/poly1305-x86_64.pl


     

       
27

       

       
-

       
@@ -195,7 +195,7 @@ sub poly1305_iteration {


     

       
28

       

       
-

       
 	bt	\$`5+32`,%r9		# AVX2?


     

       
29

       

       
-

       
 	cmovc	%rax,%r10


     

       
30

       

       
-

       
 ___


     

       
31

       

       
-

       
-$code.=<<___	if ($avx>3);


     

       
32

       

       
-

       
+$code.=<<___	if ($avx>3 && !$win64);


     

       
33

       

       
-

       
 	mov	\$`(1<<31|1<<21|1<<16)`,%rax


     

       
34

       

       
-

       
 	shr	\$32,%r9


     

       
35

       

       
-

       
 	and	%rax,%r9


     

       
36

       

       
-

       
@@ -2724,7 +2724,7 @@ sub poly1305_iteration {


     

       
37

       

       
-

       
 .cfi_endproc


     

       
38

       

       
-

       
 .size	poly1305_blocks_avx512,.-poly1305_blocks_avx512


     

       
39

       

       
-

       
 ___


     

       
40

       

       
-

       
-if ($avx>3) {


     

       
41

       

       
-

       
+if ($avx>3 && !$win64) {


     

       
42

       

       
-

       
 ########################################################################


     

       
43

       

       
-

       
 # VPMADD52 version using 2^44 radix.


     

       
44

       

       
-

       
 #
+2 -5
pkgs/development/libraries/openssl/default.nix 
···

       
236

       
236

       
 

       
  # the permitted insecure version to ensure it gets cached for our users


     

       
237

       
237

       
 

       
  # and backport this to stable release (23.05).


     

       
238

       
238

       
 

       
  openssl_1_1 = common {


     

       
239

       

       
-

       
    version = "1.1.1v";


     

       
240

       

       
-

       
    sha256 = "sha256-1ml+KHHncjhGBALpNi1H0YOCsV758karpse9eA04prA=";


     

       

       
239

       
+

       
    version = "1.1.1w";


     

       

       
240

       
+

       
    sha256 = "sha256-zzCYlQy02FOtlcCEHx+cbT3BAtzPys1SHZOSUgi3asg=";


     

       
241

       
241

       
 

       
    patches = [


     

       
242

       
242

       
 

       
      ./1.1/nix-ssl-cert-file.patch


     

       
243

       

       
-

       



     

       
244

       

       
-

       
      # https://www.openssl.org/news/secadv/20230908.txt


     

       
245

       

       
-

       
      ./1.1/CVE-2023-4807.patch


     

       
246

       
243

       
 

       



     

       
247

       
244

       
 

       
      (if stdenv.hostPlatform.isDarwin


     

       
248

       
245

       
 

       
       then ./use-etc-ssl-certs-darwin.patch
+1 -1
pkgs/top-level/release.nix 
···

       
26

       
26

       
 

       
      # for no real reason.


     

       
27

       
27

       
 

       
      # Remove them for 23.11.


     

       
28

       
28

       
 

       
      "nodejs-16.20.2"


     

       
29

       

       
-

       
      "openssl-1.1.1v"


     

       

       
29

       
+

       
      "openssl-1.1.1w"


     

       
30

       
30

       
 

       
    ];


     

       
31

       
31

       
 

       
  }; }


     

       
32

       
32

       
 

       
}: