From 0565276a075531b6dad21171de459473dd5e6a27 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Fri, 10 Dec 2021 18:04:11 +0100 Subject: [PATCH 01/81] openssl: Default version to 3.0 --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 115e5b2696e42..fee4873e8a623 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20627,7 +20627,7 @@ with pkgs; wolfssl = callPackage ../development/libraries/wolfssl { }; - openssl = openssl_1_1; + openssl = openssl_3; inherit (callPackages ../development/libraries/openssl { }) openssl_1_1 From c6de1d4b2442b96b66f0cd8bafcc0b50e62179a3 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 17:47:15 +0200 Subject: [PATCH 02/81] openssl: fix static build https://mta.openssl.org/pipermail/openssl-users/2022-February/014906.html --- pkgs/development/libraries/openssl/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 0b4050c76cce6..60f3a0eb45ee3 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -135,6 +135,7 @@ let # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options # for a comprehensive list of configuration options. ++ lib.optional (lib.versionAtLeast version "1.1.0" && static) "no-shared" + ++ lib.optional (lib.versionAtLeast version "3.0.0" && static) "no-module" # This introduces a reference to the CTLOG_FILE which is undesired when # trying to build binaries statically. ++ lib.optional static "no-ct" From 075b85282026478801afaa7680f99d8a047c7fe8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 17:48:17 +0200 Subject: [PATCH 03/81] openssl: versionAtLeast 1.1.0 -> 1.1.1 we don't have/support 1.1.0 anymore, so 1.1.1 is the new minimum --- pkgs/development/libraries/openssl/default.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 60f3a0eb45ee3..471666129fc10 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -30,7 +30,7 @@ let postPatch = '' patchShebangs Configure - '' + lib.optionalString (lib.versionOlder version "1.1.0") '' + '' + lib.optionalString (lib.versionOlder version "1.1.1") '' patchShebangs test/* for a in test/t* ; do substituteInPlace "$a" \ @@ -40,7 +40,7 @@ let # config is a configure script which is not installed. + lib.optionalString (lib.versionAtLeast version "1.1.1") '' substituteInPlace config --replace '/usr/bin/env' '${buildPackages.coreutils}/bin/env' - '' + lib.optionalString (lib.versionAtLeast version "1.1.0" && stdenv.hostPlatform.isMusl) '' + '' + lib.optionalString (lib.versionAtLeast version "1.1.1" && stdenv.hostPlatform.isMusl) '' substituteInPlace crypto/async/arch/async_posix.h \ --replace '!defined(__ANDROID__) && !defined(__OpenBSD__)' \ '!defined(__ANDROID__) && !defined(__OpenBSD__) && 0' @@ -130,11 +130,11 @@ let ] ++ lib.optional enableSSL2 "enable-ssl2" ++ lib.optional enableSSL3 "enable-ssl3" ++ lib.optional (lib.versionAtLeast version "3.0.0") "enable-ktls" - ++ lib.optional (lib.versionAtLeast version "1.1.0" && stdenv.hostPlatform.isAarch64) "no-afalgeng" + ++ lib.optional (lib.versionAtLeast version "1.1.1" && stdenv.hostPlatform.isAarch64) "no-afalgeng" # OpenSSL needs a specific `no-shared` configure flag. # See https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options # for a comprehensive list of configuration options. - ++ lib.optional (lib.versionAtLeast version "1.1.0" && static) "no-shared" + ++ lib.optional (lib.versionAtLeast version "1.1.1" && static) "no-shared" ++ lib.optional (lib.versionAtLeast version "3.0.0" && static) "no-module" # This introduces a reference to the CTLOG_FILE which is undesired when # trying to build binaries statically. From ac6e552a3049218b13362b4fed3b1fe4042dc0b8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 7 Feb 2022 23:06:07 +0100 Subject: [PATCH 04/81] oven-media-engine: openssl_3_0 -> openssl --- pkgs/servers/misc/oven-media-engine/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/servers/misc/oven-media-engine/default.nix b/pkgs/servers/misc/oven-media-engine/default.nix index 02e904fa98e63..76357bb4d8ab5 100644 --- a/pkgs/servers/misc/oven-media-engine/default.nix +++ b/pkgs/servers/misc/oven-media-engine/default.nix @@ -5,7 +5,7 @@ , bc , pkg-config , perl -, openssl_3 +, openssl , zlib , ffmpeg , libvpx @@ -32,7 +32,7 @@ stdenv.mkDerivation rec { enableParallelBuilding = true; nativeBuildInputs = [ bc pkg-config perl ]; - buildInputs = [ openssl_3 srt zlib ffmpeg libvpx libopus srtp jemalloc pcre2 libuuid ]; + buildInputs = [ openssl srt zlib ffmpeg libvpx libopus srtp jemalloc pcre2 libuuid ]; preBuild = '' patchShebangs core/colorg++ From af91144ef52a2ccb929b7af29cd16a4cf689c5ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Sat, 25 Dec 2021 19:45:48 +0100 Subject: [PATCH 05/81] ibm-sw-tpm2: Pin OpenSSL 1.1.1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fee4873e8a623..de1d9aeec5861 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7424,7 +7424,9 @@ with pkgs; jamulus = libsForQt5.callPackage ../applications/audio/jamulus { }; - ibm-sw-tpm2 = callPackage ../tools/security/ibm-sw-tpm2 { }; + ibm-sw-tpm2 = callPackage ../tools/security/ibm-sw-tpm2 { + openssl = openssl_1_1; + }; ibniz = callPackage ../tools/graphics/ibniz { }; From 8b1f16573cc6fa50facc3fe3154ba437e64a9220 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 3 Apr 2022 22:42:33 +0100 Subject: [PATCH 06/81] python3.pkgs.cryptography: use openssl_1_1 --- pkgs/top-level/python-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index fc9c4d56149d5..a010651b51b07 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -2086,6 +2086,7 @@ in { cryptography = callPackage ../development/python-modules/cryptography { inherit (pkgs.darwin) libiconv; inherit (pkgs.darwin.apple_sdk.frameworks) Security; + openssl = pkgs.openssl_1_1; }; cryptolyzer = callPackage ../development/python-modules/cryptolyzer { }; From 5cb3e0708147327d5f5fa8c8008a06cf462210c0 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sat, 9 Apr 2022 00:24:36 +0100 Subject: [PATCH 07/81] openvpn*: use matching openssl version for each release --- pkgs/tools/networking/openvpn/default.nix | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkgs/tools/networking/openvpn/default.nix b/pkgs/tools/networking/openvpn/default.nix index 71a14b169ac10..f6d4590e3185f 100644 --- a/pkgs/tools/networking/openvpn/default.nix +++ b/pkgs/tools/networking/openvpn/default.nix @@ -5,6 +5,7 @@ , iproute2 , lzo , openssl +, openssl_1_1 , pam , useSystemd ? stdenv.isLinux , systemd @@ -17,7 +18,7 @@ let inherit (lib) versionOlder optional optionals optionalString; - generic = { version, sha256 }: + generic = { version, sha256, extraBuildInputs ? [] }: let withIpRoute = stdenv.isLinux && (versionOlder version "2.5.4"); in @@ -33,11 +34,12 @@ let nativeBuildInputs = [ pkg-config ]; - buildInputs = [ lzo openssl ] + buildInputs = [ lzo ] ++ optional stdenv.isLinux pam ++ optional withIpRoute iproute2 ++ optional useSystemd systemd - ++ optional pkcs11Support pkcs11helper; + ++ optional pkcs11Support pkcs11helper + ++ extraBuildInputs; configureFlags = optionals withIpRoute [ "--enable-iproute2" @@ -75,10 +77,12 @@ in openvpn_24 = generic { version = "2.4.12"; sha256 = "1vjx82nlkxrgzfiwvmmlnz8ids5m2fiqz7scy1smh3j9jnf2v5b6"; + extraBuildInputs = [ openssl_1_1 ]; }; openvpn = generic { version = "2.5.6"; sha256 = "0gdd88rcan9vfiwkzsqn6fxxdim7kb1bsxrcra59c5xksprpwfik"; + extraBuildInputs = [ openssl ]; }; } From a90227726294c7de57fee120c3a193d9272a89a7 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sat, 9 Apr 2022 10:54:25 +0100 Subject: [PATCH 08/81] ruby*: use matching openssl version for each release --- pkgs/development/interpreters/ruby/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/development/interpreters/ruby/default.nix b/pkgs/development/interpreters/ruby/default.nix index 236508d673534..524734b5a5fac 100644 --- a/pkgs/development/interpreters/ruby/default.nix +++ b/pkgs/development/interpreters/ruby/default.nix @@ -1,9 +1,10 @@ { stdenv, buildPackages, lib , fetchurl, fetchpatch, fetchFromSavannah, fetchFromGitHub -, zlib, openssl, gdbm, ncurses, readline, groff, libyaml, libffi, jemalloc, autoreconfHook, bison +, zlib, gdbm, ncurses, readline, groff, libyaml, libffi, jemalloc, autoreconfHook, bison , autoconf, libiconv, libobjc, libunwind, Foundation , buildEnv, bundler, bundix , makeWrapper, buildRubyGem, defaultGemConfig, removeReferencesTo +, openssl, openssl_1_1 } @ args: let @@ -26,7 +27,7 @@ let , useRailsExpress ? true , rubygemsSupport ? true , zlib, zlibSupport ? true - , openssl, opensslSupport ? true + , openssl, openssl_1_1, opensslSupport ? true , gdbm, gdbmSupport ? true , ncurses, readline, cursesSupport ? true , groff, docSupport ? true @@ -75,7 +76,8 @@ let ++ (op fiddleSupport libffi) ++ (ops cursesSupport [ ncurses readline ]) ++ (op zlibSupport zlib) - ++ (op opensslSupport openssl) + ++ (op (lib.versionOlder ver.majMin "3.0" && opensslSupport) openssl_1_1) + ++ (op (atLeast30 && opensslSupport) openssl_1_1) ++ (op gdbmSupport gdbm) ++ (op yamlSupport libyaml) # Looks like ruby fails to build on darwin without readline even if curses From 498d67e45efa175e324f0811a613f9b6c5a55212 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 17 Apr 2022 23:34:47 +0100 Subject: [PATCH 09/81] krb5: use openssl_1_1 --- pkgs/top-level/all-packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index de1d9aeec5861..3960ef1c67e2e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -18714,6 +18714,8 @@ with pkgs; krb5 = callPackage ../development/libraries/kerberos/krb5.nix { inherit (buildPackages.darwin) bootstrap_cmds; + # TODO: can be removed once we have 1.20 + openssl = openssl_1_1; }; krb5Full = krb5; libkrb5 = krb5.override { type = "lib"; }; From 7cf34b26e97e72100557aa4903dea4d1607b1e95 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 31 May 2022 22:21:24 +0200 Subject: [PATCH 10/81] coturn: use openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3960ef1c67e2e..91ca44afdcb26 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3410,7 +3410,9 @@ with pkgs; cot = with python3Packages; toPythonApplication cot; - coturn = callPackage ../servers/coturn { }; + coturn = callPackage ../servers/coturn { + openssl = openssl_1_1; + }; coursier = callPackage ../development/tools/coursier {}; From 94d808692485abbdf2f60743502e873243de9ccf Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 31 May 2022 23:37:19 +0200 Subject: [PATCH 11/81] lighttpd: pin to openssl_1_1 tests fail with openssl_3_0 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 91ca44afdcb26..f072782835319 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22640,7 +22640,9 @@ with pkgs; nodejs = nodejs-14_x; }; - lighttpd = callPackage ../servers/http/lighttpd { }; + lighttpd = callPackage ../servers/http/lighttpd { + openssl = openssl_1_1; + }; listmonk = callPackage ../servers/mail/listmonk { }; From ed3fab51733f66c455c5b828891cd40580680a93 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 31 May 2022 23:57:20 +0200 Subject: [PATCH 12/81] nodejs-14_x: pin to openssl_1_1 --- pkgs/development/web/nodejs/v14.nix | 3 ++- pkgs/top-level/all-packages.nix | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/pkgs/development/web/nodejs/v14.nix b/pkgs/development/web/nodejs/v14.nix index ab2d2c01bc185..457e0ff29e1a1 100644 --- a/pkgs/development/web/nodejs/v14.nix +++ b/pkgs/development/web/nodejs/v14.nix @@ -1,7 +1,8 @@ -{ callPackage, python3, lib, stdenv, enableNpm ? true }: +{ callPackage, python3, lib, stdenv, openssl, enableNpm ? true }: let buildNodejs = callPackage ./nodejs.nix { + inherit openssl; python = python3; }; in diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f072782835319..4316d33fc10e3 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8241,8 +8241,11 @@ with pkgs; nodejs-slim = nodejs-slim-16_x; - nodejs-14_x = callPackage ../development/web/nodejs/v14.nix { }; + nodejs-14_x = callPackage ../development/web/nodejs/v14.nix { + openssl = openssl_1_1; + }; nodejs-slim-14_x = callPackage ../development/web/nodejs/v14.nix { + openssl = openssl_1_1; enableNpm = false; }; nodejs-16_x = callPackage ../development/web/nodejs/v16.nix { }; From bf95b6e456e80a820e2d27f6b8c4a56ef74a5b2b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 26 May 2022 02:51:04 +0200 Subject: [PATCH 13/81] qca2: remove --- pkgs/development/libraries/qca2/default.nix | 35 ------------------- .../development/libraries/qca2/libressl.patch | 28 --------------- pkgs/top-level/aliases.nix | 1 + pkgs/top-level/all-packages.nix | 2 -- 4 files changed, 1 insertion(+), 65 deletions(-) delete mode 100644 pkgs/development/libraries/qca2/default.nix delete mode 100644 pkgs/development/libraries/qca2/libressl.patch diff --git a/pkgs/development/libraries/qca2/default.nix b/pkgs/development/libraries/qca2/default.nix deleted file mode 100644 index 42dcf1a87d36a..0000000000000 --- a/pkgs/development/libraries/qca2/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, stdenv, fetchurl, openssl, cmake, pkg-config, qt, darwin }: - -stdenv.mkDerivation rec { - pname = "qca"; - version = "2.2.1"; - - src = fetchurl { - url = "http://download.kde.org/stable/qca/${version}/qca-${version}.tar.xz"; - sha256 = "00kv1vsrc8fp556hm8s6yw3240vx3l4067q6vfxrb3gdwgcd45np"; - }; - - nativeBuildInputs = [ cmake pkg-config ]; - buildInputs = [ openssl qt ] - ++ lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security; - - # tells CMake to use this CA bundle file if it is accessible - preConfigure = '' - export QC_CERTSTORE_PATH=/etc/ssl/certs/ca-certificates.crt - ''; - - # tricks CMake into using this CA bundle file if it is not accessible (in a sandbox) - cmakeFlags = [ "-Dqca_CERTSTORE=/etc/ssl/certs/ca-certificates.crt" ]; - - postPatch = '' - sed -i -e '1i cmake_policy(SET CMP0025 NEW)' CMakeLists.txt - ''; - - meta = with lib; { - description = "Qt Cryptographic Architecture"; - license = "LGPL"; - homepage = "http://delta.affinix.com/qca"; - maintainers = [ maintainers.sander ]; - platforms = platforms.unix; - }; -} diff --git a/pkgs/development/libraries/qca2/libressl.patch b/pkgs/development/libraries/qca2/libressl.patch deleted file mode 100644 index c9b0267f85d85..0000000000000 --- a/pkgs/development/libraries/qca2/libressl.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- a/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:34:25.810682094 +0000 -+++ b/plugins/qca-ossl/qca-ossl.cpp 2015-12-02 09:29:51.720392423 +0000 -@@ -5403,11 +5403,13 @@ - ctx = SSL_CTX_new(SSLv2_client_method()); - break; - #endif -+#ifndef OPENSSL_NO_SSL3 - case TLS::SSL_v3: - ctx = SSL_CTX_new(SSLv3_client_method()); - break; -+#endif - case TLS::TLS_v1: -+ ctx = SSL_CTX_new(SSLv23_client_method()); -- ctx = SSL_CTX_new(TLSv1_client_method()); - break; - case TLS::DTLS_v1: - default: -@@ -7133,8 +7135,10 @@ - return new opensslInfoContext(this); - else if ( type == "sha1" ) - return new opensslHashContext( EVP_sha1(), this, type); -+#ifndef OPENSSL_NO_SHA0 - else if ( type == "sha0" ) - return new opensslHashContext( EVP_sha(), this, type); -+#endif - else if ( type == "ripemd160" ) - return new opensslHashContext( EVP_ripemd160(), this, type); - #ifdef HAVE_OPENSSL_MD2 diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix index 3d1eb0c2035a2..f7e0a6fd87a3c 100644 --- a/pkgs/top-level/aliases.nix +++ b/pkgs/top-level/aliases.nix @@ -1192,6 +1192,7 @@ mapAliases ({ QmidiNet = throw "'QmidiNet' has been renamed to/replaced by 'qmidinet'"; # Converted to throw 2022-02-22 qca-qt5 = throw "'qca-qt5' has been renamed to/replaced by 'libsForQt5.qca-qt5'"; # Converted to throw 2022-02-22 + qca2 = throw "qca2 has been removed, because it depended on qt4"; # Added 2022-05-26 qcsxcad = libsForQt5.qcsxcad; # Added 2020-11-05 qflipper = qFlipper; # Added 2022-02-11 qmk_firmware = throw "qmk_firmware has been removed because it was broken"; # Added 2021-04-02 diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4316d33fc10e3..fb3a8de23630a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20832,8 +20832,6 @@ with pkgs; qbs = libsForQt5.callPackage ../development/tools/build-managers/qbs { }; - qca2 = callPackage ../development/libraries/qca2 { qt = qt4; }; - qimageblitz = callPackage ../development/libraries/qimageblitz {}; qolibri = libsForQt5.callPackage ../applications/misc/qolibri { }; From 1c6327d79d72bdb2526341903ceedbe05017b3ef Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:12:25 +0200 Subject: [PATCH 14/81] freeswitch: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fb3a8de23630a..1c30ed673d2db 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22482,6 +22482,7 @@ with pkgs; freeswitch = callPackage ../servers/sip/freeswitch { inherit (darwin.apple_sdk.frameworks) SystemConfiguration; + openssl = openssl_1_1; }; fusionInventory = callPackage ../servers/monitoring/fusion-inventory { }; From 08ed8cfc65d70bf19fc2aa46526ed31d013fe978 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:14:04 +0200 Subject: [PATCH 15/81] libsForQt.qca-qt5_2_3_2: pin to openssl_1_1 --- pkgs/top-level/qt5-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/qt5-packages.nix b/pkgs/top-level/qt5-packages.nix index c4bd055f5738d..02735c5b0f462 100644 --- a/pkgs/top-level/qt5-packages.nix +++ b/pkgs/top-level/qt5-packages.nix @@ -175,7 +175,9 @@ in (kdeFrameworks // plasmaMobileGear // plasma5 // plasma5.thirdParty // kdeGea qca-qt5 = callPackage ../development/libraries/qca-qt5 { }; # Until macOS SDK allows for Qt 5.15, darwin is limited to 2.3.2 - qca-qt5_2_3_2 = callPackage ../development/libraries/qca-qt5/2.3.2.nix { }; + qca-qt5_2_3_2 = callPackage ../development/libraries/qca-qt5/2.3.2.nix { + openssl = pkgs.openssl_1_1; + }; qcoro = callPackage ../development/libraries/qcoro { }; From 3c33219182cc4666754a2022a60f1aae5a7f2b5e Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:14:59 +0200 Subject: [PATCH 16/81] mysql57: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1c30ed673d2db..8c96e59a7a960 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23015,6 +23015,7 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) CoreServices; boost = boost159; protobuf = protobuf3_7; + openssl = openssl_1_1; }; mysql80 = callPackage ../servers/sql/mysql/8.0.x.nix { From b802fc1e5c6aae7a8800433938cbba7df707bed0 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:15:04 +0200 Subject: [PATCH 17/81] mysql80: pin to openssl_1_1 --- pkgs/servers/sql/mysql/8.0.x.nix | 2 +- pkgs/top-level/all-packages.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/servers/sql/mysql/8.0.x.nix b/pkgs/servers/sql/mysql/8.0.x.nix index a59bd44fb028c..d40d42a41d074 100644 --- a/pkgs/servers/sql/mysql/8.0.x.nix +++ b/pkgs/servers/sql/mysql/8.0.x.nix @@ -23,7 +23,7 @@ self = stdenv.mkDerivation rec { ''; buildInputs = [ - boost curl icu libedit libevent lz4 ncurses openssl protobuf re2 readline zlib + boost (curl.override { inherit openssl; }) icu libedit libevent lz4 ncurses openssl protobuf re2 readline zlib zstd libfido2 ] ++ lib.optionals stdenv.isLinux [ numactl libtirpc diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 8c96e59a7a960..7c692ab1e8756 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23024,6 +23024,7 @@ with pkgs; boost = boost177; # Configure checks for specific version. protobuf = protobuf3_19; icu = icu69; + openssl = openssl_1_1; }; mysql_jdbc = callPackage ../servers/sql/mysql/jdbc { }; From 1f48d6fd5000461e7501942f4f2da9b62330bfe8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 01:23:48 +0200 Subject: [PATCH 18/81] cyrus_sasl: pin to openssl_1_1 fixes openldap(???) can hopefully be dropped once https://github.com/cyrusimap/cyrus-sasl/pull/653 makes it into a release --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 7c692ab1e8756..6e1b6833d4c0a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -17570,6 +17570,7 @@ with pkgs; cyrus_sasl = callPackage ../development/libraries/cyrus-sasl { libkrb5 = if stdenv.isFreeBSD then libheimdal else libkrb5; + openssl = openssl_1_1; }; # Make bdb5 the default as it is the last release under the custom From de5a1214ce07075f3800fe4a9e2c10821a32bf10 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 9 Jun 2022 00:35:29 +0200 Subject: [PATCH 19/81] openldap: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6e1b6833d4c0a..00d838c123321 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20590,7 +20590,9 @@ with pkgs; openexrid-unstable = callPackage ../development/libraries/openexrid-unstable { }; - openldap = callPackage ../development/libraries/openldap { }; + openldap = callPackage ../development/libraries/openldap { + openssl = openssl_1_1; + }; opencolorio = callPackage ../development/libraries/opencolorio { inherit (darwin.apple_sdk.frameworks) Carbon GLUT Cocoa; From 484f8ab00c9a5074fe1558ded47100b29d5c6901 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 13:12:06 +0200 Subject: [PATCH 20/81] python3.pkgs.m2crypto: pin to openssl_1_1 --- pkgs/top-level/python-packages.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index a010651b51b07..6cfcdc82c07ec 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -5313,7 +5313,10 @@ in { lzstring = callPackage ../development/python-modules/lzstring { }; - m2crypto = callPackage ../development/python-modules/m2crypto { }; + m2crypto = callPackage ../development/python-modules/m2crypto { + # https://gitlab.com/m2crypto/m2crypto/-/issues/310 + openssl = pkgs.openssl_1_1; + }; m2r = callPackage ../development/python-modules/m2r { }; From e472d36311af193497efaef846d025985ca074b6 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 13:23:51 +0200 Subject: [PATCH 21/81] perlPackages.CryptOpenSSLRSA: pin to openssl_1_1 https://github.com/toddr/Crypt-OpenSSL-RSA/issues/31 --- pkgs/top-level/perl-packages.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 39cd70147d4b2..55f09410856c6 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -4862,8 +4862,8 @@ let sha256 = "4173403ad4cf76732192099f833fbfbf3cd8104e0246b3844187ae384d2c5436"; }; propagatedBuildInputs = [ CryptOpenSSLRandom ]; - NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; - NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; + NIX_CFLAGS_COMPILE = "-I${pkgs.openssl_1_1.dev}/include"; + NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl_1_1}/lib -lcrypto"; buildInputs = [ CryptOpenSSLGuess ]; }; From f8ce3f931111401eebd2e1753577ab66b38e2ddf Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 13:33:27 +0200 Subject: [PATCH 22/81] lua-modules: pin to openssl_1_1 --- pkgs/development/lua-modules/overrides.nix | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/pkgs/development/lua-modules/overrides.nix b/pkgs/development/lua-modules/overrides.nix index 60fcf2ca1ca59..418db1b7bd3b7 100644 --- a/pkgs/development/lua-modules/overrides.nix +++ b/pkgs/development/lua-modules/overrides.nix @@ -31,8 +31,8 @@ with prev; cqueues = (prev.lib.overrideLuarocks prev.cqueues (drv: { externalDeps = [ - { name = "CRYPTO"; dep = pkgs.openssl; } - { name = "OPENSSL"; dep = pkgs.openssl; } + { name = "CRYPTO"; dep = pkgs.openssl_1_1; } + { name = "OPENSSL"; dep = pkgs.openssl_1_1; } ]; disabled = luaOlder "5.1" || luaAtLeast "5.4"; })).overrideAttrs(oa: rec { @@ -271,14 +271,15 @@ with prev; luaossl = prev.lib.overrideLuarocks prev.luaossl (drv: { externalDeps = [ - { name = "CRYPTO"; dep = pkgs.openssl; } - { name = "OPENSSL"; dep = pkgs.openssl; } + # https://github.com/wahern/luaossl/pull/199 + { name = "CRYPTO"; dep = pkgs.openssl_1_1; } + { name = "OPENSSL"; dep = pkgs.openssl_1_1; } ]; }); luasec = prev.lib.overrideLuarocks prev.luasec (drv: { externalDeps = [ - { name = "OPENSSL"; dep = pkgs.openssl; } + { name = "OPENSSL"; dep = pkgs.openssl_1_1; } ]; }); From c88c43e559d84e2fdcc406bfb083b1616b74ece3 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 2 Jun 2022 01:41:50 +0200 Subject: [PATCH 23/81] libs3: update and fix build against openssl3 --- pkgs/development/libraries/libs3/default.nix | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/pkgs/development/libraries/libs3/default.nix b/pkgs/development/libraries/libs3/default.nix index d30fc55fc77f1..b9f9278fad8cf 100644 --- a/pkgs/development/libraries/libs3/default.nix +++ b/pkgs/development/libraries/libs3/default.nix @@ -1,19 +1,26 @@ -{ lib, stdenv, fetchFromGitHub, curl, libxml2 }: +{ lib, stdenv, fetchFromGitHub, fetchpatch, curl, libxml2 }: stdenv.mkDerivation { pname = "libs3"; - version = "unstable-2018-12-03"; + version = "unstable-2019-04-10"; src = fetchFromGitHub { owner = "bji"; repo = "libs3"; - rev = "111dc30029f64bbf82031f3e160f253a0a63c119"; - sha256 = "1ahf08hc7ql3fazfmlyj9vrhq7cvarsmgn2v8149y63zr1fl61hs"; + rev = "287e4bee6fd430ffb52604049de80a27a77ff6b4"; + hash = "sha256-xgiY8oJlRMiXB1fw5dhNidfaq18YVwaJ8aErKU11O6U="; }; + patches = [ + (fetchpatch { # Fix compilation with openssl 3.0 + url = "https://github.com/bji/libs3/pull/112/commits/3c3a1cf915e62b730db854d8007ba835cb38677c.patch"; + hash = "sha256-+rWRh8dOznHlamc/T9qbgN0E2Rww3Hn94UeErxNDccs="; + }) + ]; + buildInputs = [ curl libxml2 ]; - makeFlags = [ "DESTDIR=$(out)" ]; + makeFlags = [ "DESTDIR=${placeholder "out"}" ]; meta = with lib; { homepage = "https://github.com/bji/libs3"; From 58edfe972f134b964a1bd7a60c9aef05fde58727 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 7 Jun 2022 19:55:39 +0200 Subject: [PATCH 24/81] apk-tools: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 00d838c123321..4e9c802e2fb0f 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -1912,6 +1912,7 @@ with pkgs; apk-tools = callPackage ../tools/package-management/apk-tools { lua = lua5_3; + openssl = openssl_1_1; }; apkid = callPackage ../development/tools/apkid { }; From 2a49c87bc5365ebbaad4cc3eebdec78b2474cf6e Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 8 Jun 2022 23:42:43 +0200 Subject: [PATCH 25/81] haskellPackages.hopenssl: use openssl_1_1 --- pkgs/development/haskell-modules/configuration-common.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/development/haskell-modules/configuration-common.nix b/pkgs/development/haskell-modules/configuration-common.nix index 3db220ab901a4..676bff6252670 100644 --- a/pkgs/development/haskell-modules/configuration-common.nix +++ b/pkgs/development/haskell-modules/configuration-common.nix @@ -2393,6 +2393,9 @@ self: super: { ''; }) super.linear-base; + # https://github.com/peti/hopenssl/issues/5 + hopenssl = super.hopenssl.override { openssl = pkgs.openssl_1_1; }; + # Fixes compilation with GHC 9.0 and above # https://hub.darcs.net/shelarcy/regex-compat-tdfa/issue/3 regex-compat-tdfa = appendPatches [ From 2a32ce73ac50846e064f767609098aebba9301e0 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 9 Jun 2022 00:48:49 +0200 Subject: [PATCH 26/81] serf: pin to openssl_1_1 to fix the subversion build --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4e9c802e2fb0f..b4e50213e2aa1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21192,7 +21192,9 @@ with pkgs; serd = callPackage ../development/libraries/serd {}; - serf = callPackage ../development/libraries/serf {}; + serf = callPackage ../development/libraries/serf { + openssl = openssl_1_1; + }; sfsexp = callPackage ../development/libraries/sfsexp {}; From 35099b99b018338d0c5b5a538e81c1b135e6f01c Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Jun 2022 17:54:49 +0200 Subject: [PATCH 27/81] dovecot: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b4e50213e2aa1..78fbabe6224e9 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22424,7 +22424,9 @@ with pkgs; dodgy = with python3Packages; toPythonApplication dodgy; - dovecot = callPackage ../servers/mail/dovecot { }; + dovecot = callPackage ../servers/mail/dovecot { + openssl = openssl_1_1; + }; dovecot_pigeonhole = callPackage ../servers/mail/dovecot/plugins/pigeonhole { }; dovecot_fts_xapian = callPackage ../servers/mail/dovecot/plugins/fts_xapian { }; From 9601981023536af15822c11673d8891c9e1a26d1 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Jun 2022 18:27:08 +0200 Subject: [PATCH 28/81] libewf: fix build with OpenSSL 3.0 --- pkgs/development/libraries/libewf/default.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/libewf/default.nix b/pkgs/development/libraries/libewf/default.nix index 1935c7d947ffc..c7311d166b33a 100644 --- a/pkgs/development/libraries/libewf/default.nix +++ b/pkgs/development/libraries/libewf/default.nix @@ -1,4 +1,4 @@ -{ fetchurl, lib, stdenv, zlib, openssl, libuuid, pkg-config, bzip2 }: +{ fetchurl, fetchpatch, lib, stdenv, zlib, openssl, libuuid, pkg-config, bzip2 }: stdenv.mkDerivation rec { version = "20201230"; @@ -6,9 +6,17 @@ stdenv.mkDerivation rec { src = fetchurl { url = "https://github.com/libyal/libewf/releases/download/${version}/libewf-experimental-${version}.tar.gz"; - sha256 = "sha256-10r4jPzsA30nHQzjdg/VkwTG1PwOskwv8Bra34ZPMgc="; + hash = "sha256-10r4jPzsA30nHQzjdg/VkwTG1PwOskwv8Bra34ZPMgc="; }; + patches = [ + # fix build with OpenSSL 3.0 + (fetchpatch { + url = "https://github.com/libyal/libewf/commit/033ea5b4e5f8f1248f74a2ec61fc1be183c6c46b.patch"; + hash = "sha256-R4+NO/91kiZP48SJyVF9oYjKCg1h/9Kh8/0VOEmJXPQ="; + }) + ]; + nativeBuildInputs = [ pkg-config ]; buildInputs = [ zlib openssl libuuid ] ++ lib.optionals stdenv.isDarwin [ bzip2 ]; From 6ebaf8532ecc4b467518622b188e6737b44faf4d Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Jun 2022 18:33:32 +0200 Subject: [PATCH 29/81] thrift: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 78fbabe6224e9..00ee17172cd16 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -21559,7 +21559,9 @@ with pkgs; theft = callPackage ../development/libraries/theft { }; - thrift = callPackage ../development/libraries/thrift { }; + thrift = callPackage ../development/libraries/thrift { + openssl = openssl_1_1; + }; thrift-0_10 = callPackage ../development/libraries/thrift/0.10.nix { }; From 84f17a3082491d6a01baa840e3a94c5fb6128941 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 1 Jun 2022 00:07:33 +0200 Subject: [PATCH 30/81] mariadb: use openssl_1_1 for older releases https://jira.mariadb.org/browse/MDEV-28339 --- pkgs/servers/sql/mariadb/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/sql/mariadb/default.nix b/pkgs/servers/sql/mariadb/default.nix index 71b638b9ab8c2..6cedd8d05fb4b 100644 --- a/pkgs/servers/sql/mariadb/default.nix +++ b/pkgs/servers/sql/mariadb/default.nix @@ -2,7 +2,7 @@ # Native buildInputs components , bison, boost, cmake, fixDarwinDylibNames, flex, makeWrapper, pkg-config # Common components -, curl, libiconv, ncurses, openssl, pcre, pcre2 +, curl, libiconv, ncurses, openssl, openssl_1_1, pcre, pcre2 , libkrb5, libaio, liburing, systemd , CoreServices, cctools, perl , jemalloc, less, libedit @@ -39,13 +39,16 @@ commonOptions = packageSettings: rec { # attributes common to both builds ++ lib.optional (!stdenv.hostPlatform.isDarwin) makeWrapper; buildInputs = [ - curl libiconv ncurses openssl zlib + libiconv ncurses zlib ] ++ (packageSettings.extraBuildInputs or []) ++ lib.optionals stdenv.hostPlatform.isLinux ([ libkrb5 systemd ] ++ (if (lib.versionOlder version "10.6") then [ libaio ] else [ liburing ])) ++ lib.optionals stdenv.hostPlatform.isDarwin [ CoreServices cctools perl libedit ] ++ lib.optional (!stdenv.hostPlatform.isDarwin) [ jemalloc ] - ++ (if (lib.versionOlder version "10.5") then [ pcre ] else [ pcre2 ]); + ++ (if (lib.versionOlder version "10.5") then [ pcre ] else [ pcre2 ]) + ++ (if (lib.versionOlder version "10.8") + then [ openssl_1_1 (curl.override { openssl = openssl_1_1; }) ] + else [ openssl curl ]); prePatch = '' sed -i 's,[^"]*/var/log,/var/log,g' storage/mroonga/vendor/groonga/CMakeLists.txt From e51d2c27156721c47842429dc824ec39fc094321 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 15 Jun 2022 19:10:57 +0200 Subject: [PATCH 31/81] erlang*: use matching openssl version for each release --- pkgs/top-level/beam-packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/top-level/beam-packages.nix b/pkgs/top-level/beam-packages.nix index 714873775269a..9cd28546dd407 100644 --- a/pkgs/top-level/beam-packages.nix +++ b/pkgs/top-level/beam-packages.nix @@ -1,4 +1,5 @@ { beam, callPackage, wxGTK30, buildPackages, stdenv +, openssl_1_1 , wxSupport ? true , systemdSupport ? stdenv.isLinux }: @@ -51,6 +52,7 @@ with beam; { # R23 erlangR23 = lib.callErlang ../development/interpreters/erlang/R23.nix { + openssl = openssl_1_1; wxGTK = wxGTK30; # Can be enabled since the bug has been fixed in https://github.com/erlang/otp/pull/2508 parallelBuild = true; @@ -66,6 +68,7 @@ with beam; { # R22 erlangR22 = lib.callErlang ../development/interpreters/erlang/R22.nix { + openssl = openssl_1_1; wxGTK = wxGTK30; # Can be enabled since the bug has been fixed in https://github.com/erlang/otp/pull/2508 parallelBuild = true; @@ -81,6 +84,7 @@ with beam; { # R21 erlangR21 = lib.callErlang ../development/interpreters/erlang/R21.nix { + openssl = openssl_1_1; wxGTK = wxGTK30; autoconf = buildPackages.autoconf269; inherit wxSupport systemdSupport; From 80f2c05c52ce35177e87ae40c6cc591632da55ad Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 13:28:48 +0200 Subject: [PATCH 32/81] php80Extensions.openssl: pin to openssl_1_1 --- pkgs/top-level/php-packages.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/php-packages.nix b/pkgs/top-level/php-packages.nix index ce3af252abc74..e3f03fd468776 100644 --- a/pkgs/top-level/php-packages.nix +++ b/pkgs/top-level/php-packages.nix @@ -31,6 +31,7 @@ , net-snmp , oniguruma , openldap +, openssl_1_1 , openssl , pam , pcre2 @@ -407,7 +408,7 @@ lib.makeScope pkgs.newScope (self: with self; { } { name = "openssl"; - buildInputs = [ openssl ]; + buildInputs = if (lib.versionAtLeast php.version "8.1") then [ openssl ] else [ openssl_1_1 ]; configureFlags = [ "--with-openssl" ]; doCheck = false; } From 8d8f4cde9bfd1dd77fc68cd432a6f6fcbb9b7406 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 17:39:27 +0200 Subject: [PATCH 33/81] sbsigntool: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 00ee17172cd16..ce97fe5b1468c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7117,7 +7117,9 @@ with pkgs; efitools = callPackage ../tools/security/efitools { }; - sbsigntool = callPackage ../tools/security/sbsigntool { }; + sbsigntool = callPackage ../tools/security/sbsigntool { + openssl = openssl_1_1; + }; gsmartcontrol = callPackage ../tools/misc/gsmartcontrol { }; From 3ab75249abcbb1b2352999bfb97e2c7bb6f8e5c8 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 17:39:34 +0200 Subject: [PATCH 34/81] sbsigntool: clean up a bit --- pkgs/tools/security/sbsigntool/default.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/pkgs/tools/security/sbsigntool/default.nix b/pkgs/tools/security/sbsigntool/default.nix index 4c548bbd535fe..34c5e4d235c81 100644 --- a/pkgs/tools/security/sbsigntool/default.nix +++ b/pkgs/tools/security/sbsigntool/default.nix @@ -35,12 +35,7 @@ stdenv.mkDerivation rec { automake --add-missing -Wno-portability ./configure --prefix=$out - ''; - - installPhase = '' - mkdir -p $out - make install - ''; + ''; meta = with lib; { description = "Tools for maintaining UEFI signature databases"; @@ -50,4 +45,3 @@ stdenv.mkDerivation rec { license = licenses.gpl3; }; } - From 8496e1a448c6aef75afeae2bb3ed4084da3b8729 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 18:01:25 +0200 Subject: [PATCH 35/81] dot-http: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ce97fe5b1468c..34b93f0aece33 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -2374,6 +2374,7 @@ with pkgs; dpt-rp1-py = callPackage ../tools/misc/dpt-rp1-py { }; dot-http = callPackage ../development/tools/dot-http { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From f38d2ae25a095fc031f5d85b7ceb95fa4f420aa5 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 18:01:35 +0200 Subject: [PATCH 36/81] dogdns: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 34b93f0aece33..2cf755af55919 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -5610,6 +5610,7 @@ with pkgs; dog = callPackage ../tools/system/dog { }; dogdns = callPackage ../tools/networking/dogdns { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From 42d8c348f8c34aa859f67124e0c25be79b735afb Mon Sep 17 00:00:00 2001 From: ajs124 Date: Fri, 17 Jun 2022 18:01:41 +0200 Subject: [PATCH 37/81] freeradius: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 2cf755af55919..04d352d5061c4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22492,7 +22492,9 @@ with pkgs; inherit (callPackages ../servers/firebird { }) firebird_4 firebird_3 firebird_2_5 firebird; - freeradius = callPackage ../servers/freeradius { }; + freeradius = callPackage ../servers/freeradius { + openssl = openssl_1_1; + }; freeswitch = callPackage ../servers/sip/freeswitch { inherit (darwin.apple_sdk.frameworks) SystemConfiguration; From 69f1ec7f3a394353161b12eb99fb60d02e5a8e4b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 28 Jun 2022 00:39:38 +0200 Subject: [PATCH 38/81] qt5_openssl_1_1: init this is needed, because some qt modules propagate openssl --- pkgs/top-level/all-packages.nix | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 04d352d5061c4..bfa304c812d12 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -20925,6 +20925,21 @@ with pkgs; qt5 = qt515; libsForQt5 = libsForQt515; + # TODO: remove once no package needs this anymore or together with OpenSSL 1.1 + qt5_openssl_1_1 = qt5.overrideScope' (_: super: { + qtbase = super.qtbase.override { + openssl = openssl_1_1; + libmysqlclient = libmysqlclient.override { + openssl = openssl_1_1; + curl = curl.override { openssl = openssl_1_1; }; + }; + }; + }); + libsForQt5_openssl_1_1 = recurseIntoAttrs (import ./qt5-packages.nix { + inherit lib pkgs; + qt5 = qt5_openssl_1_1; + }); + # plasma5Packages maps to the Qt5 packages set that is used to build the plasma5 desktop plasma5Packages = libsForQt515; From e20f0040c63c73a866bada759831d66a64c808c9 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 27 Jun 2022 20:51:35 +0200 Subject: [PATCH 39/81] mumble: fix build by using qt5_openssl_1_1 --- pkgs/top-level/all-packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bfa304c812d12..efc7345769f64 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29322,12 +29322,14 @@ with pkgs; pulseSupport = config.pulseaudio or false; iceSupport = config.murmur.iceSupport or true; grpcSupport = config.murmur.grpcSupport or true; + qt5 = qt5_openssl_1_1; }).murmur; mumble = (callPackages ../applications/networking/mumble { avahi = avahi-compat; jackSupport = config.mumble.jackSupport or false; speechdSupport = config.mumble.speechdSupport or false; + qt5 = qt5_openssl_1_1; }).mumble; mumble_overlay = callPackage ../applications/networking/mumble/overlay.nix { From 302e4e8c75eba6bf26e717959ee50120f2de3d2b Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 01:46:32 +0200 Subject: [PATCH 40/81] amarok: pin to openssl 1.1 --- pkgs/top-level/all-packages.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index efc7345769f64..f3477ce258842 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -26060,7 +26060,7 @@ with pkgs; msgviewer = callPackage ../applications/networking/mailreaders/msgviewer { }; - amarok = libsForQt5.callPackage ../applications/audio/amarok { }; + amarok = libsForQt5_openssl_1_1.callPackage ../applications/audio/amarok { }; amarok-kf5 = amarok; # for compatibility amfora = callPackage ../applications/networking/browsers/amfora { }; From d39a635d8ce3f5a67c4a4d1ae288a66149381923 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 02:51:02 +0200 Subject: [PATCH 41/81] hurl: pin to openssl 1.1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index f3477ce258842..ad40d3e19d682 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7396,7 +7396,9 @@ with pkgs; httpx = callPackage ../tools/security/httpx { }; - hurl = callPackage ../tools/networking/hurl { }; + hurl = callPackage ../tools/networking/hurl { + openssl = openssl_1_1; + }; hub = callPackage ../applications/version-management/git-and-tools/hub { }; From ece71cc343eff654ddc5a9560fa37c84b90fcf7c Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 13:31:22 +0200 Subject: [PATCH 42/81] nodejs-16_x-openssl_1_1 & yarn2nix-moretea-openssl_1_1: init --- pkgs/top-level/all-packages.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index ad40d3e19d682..1af26dc71297c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -8259,6 +8259,7 @@ with pkgs; nodejs-slim-16_x = callPackage ../development/web/nodejs/v16.nix { enableNpm = false; }; + nodejs-16_x-openssl_1_1 = callPackage ../development/web/nodejs/v16.nix { }; nodejs-18_x = callPackage ../development/web/nodejs/v18.nix { }; nodejs-slim-18_x = callPackage ../development/web/nodejs/v18.nix { enableNpm = false; @@ -12389,6 +12390,9 @@ with pkgs; yarn = callPackage ../development/tools/yarn { }; yarn2nix-moretea = callPackage ../development/tools/yarn2nix-moretea/yarn2nix { }; + yarn2nix-moretea-openssl_1_1 = callPackage ../development/tools/yarn2nix-moretea/yarn2nix { + nodejs = nodejs.override { openssl = openssl_1_1; }; + }; inherit (yarn2nix-moretea) yarn2nix From d1b2156d4288ef9e0df05933426745fcc48bb86f Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 13:31:31 +0200 Subject: [PATCH 43/81] element-web: use openssl 1.1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1af26dc71297c..e743e092191aa 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -3692,6 +3692,7 @@ with pkgs; ''; element-web = callPackage ../applications/networking/instant-messengers/element/element-web.nix { + inherit (yarn2nix-moretea-openssl_1_1) mkYarnPackage fixup_yarn_lock; conf = config.element-web.conf or {}; }; From 945ac1c9d83c7d216b7a655d02b3e7eefb9e2393 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 01:48:24 +0200 Subject: [PATCH 44/81] google-cloud-cpp: pin to openssl 1.1 --- pkgs/development/libraries/google-cloud-cpp/default.nix | 2 +- pkgs/top-level/all-packages.nix | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/pkgs/development/libraries/google-cloud-cpp/default.nix b/pkgs/development/libraries/google-cloud-cpp/default.nix index 8758daf9c3ab3..2c5cade6b69c0 100644 --- a/pkgs/development/libraries/google-cloud-cpp/default.nix +++ b/pkgs/development/libraries/google-cloud-cpp/default.nix @@ -61,7 +61,7 @@ stdenv.mkDerivation rec { abseil-cpp c-ares crc32c - curl + (curl.override { inherit openssl; }) grpc nlohmann_json openssl diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e743e092191aa..3005b5150cfc4 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6955,6 +6955,7 @@ with pkgs; google-guest-oslogin = callPackage ../tools/virtualization/google-guest-oslogin { }; google-cloud-cpp = callPackage ../development/libraries/google-cloud-cpp { + openssl = openssl_1_1; abseil-cpp = abseil-cpp.override { cxxStandard = "14"; }; From cc120206d830998a1bcb8ad7aa9f1b2e8c213b31 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 16:03:29 +0200 Subject: [PATCH 45/81] tqsl: pin to openssl_1_1 --- pkgs/applications/radio/tqsl/default.nix | 2 +- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/applications/radio/tqsl/default.nix b/pkgs/applications/radio/tqsl/default.nix index b5198f78b0aaf..069656560c9fa 100644 --- a/pkgs/applications/radio/tqsl/default.nix +++ b/pkgs/applications/radio/tqsl/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { openssl zlib db - curl + (curl.override { inherit openssl; }) wxGTK ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 3005b5150cfc4..fb8a9f4ab7b1e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -31102,7 +31102,9 @@ with pkgs; buildGoModule = buildGo117Module; }; - tqsl = callPackage ../applications/radio/tqsl { }; + tqsl = callPackage ../applications/radio/tqsl { + openssl = openssl_1_1; + }; trustedqsl = tqsl; # Alias added 2019-02-10 transcode = callPackage ../applications/audio/transcode { }; From b9c0db8d86d7a2d278fb5d439c3a2504ff010073 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 16:03:36 +0200 Subject: [PATCH 46/81] odp-dpdk: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index fb8a9f4ab7b1e..be853bd4a7622 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24406,7 +24406,9 @@ with pkgs; odin = callPackage ../development/compilers/odin { }; - odp-dpdk = callPackage ../os-specific/linux/odp-dpdk { }; + odp-dpdk = callPackage ../os-specific/linux/odp-dpdk { + openssl = openssl_1_1; + }; odroid-xu3-bootloader = callPackage ../tools/misc/odroid-xu3-bootloader { }; From 659ea66a8ece39d414e02f66819619edf52aad35 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 16:10:09 +0200 Subject: [PATCH 47/81] rustup: pin to openssl_1_1 --- pkgs/development/tools/rust/rustup/default.nix | 3 ++- pkgs/top-level/all-packages.nix | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/development/tools/rust/rustup/default.nix b/pkgs/development/tools/rust/rustup/default.nix index 65bad79aa8c31..12e69bae20ba0 100644 --- a/pkgs/development/tools/rust/rustup/default.nix +++ b/pkgs/development/tools/rust/rustup/default.nix @@ -6,6 +6,7 @@ , rustPlatform , makeWrapper , pkg-config +, openssl , curl , zlib , Security @@ -36,7 +37,7 @@ rustPlatform.buildRustPackage rec { nativeBuildInputs = [ makeWrapper pkg-config ]; buildInputs = [ - curl + (curl.override { inherit openssl; }) zlib ] ++ lib.optionals stdenv.isDarwin [ CoreServices Security libiconv xz ]; diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index be853bd4a7622..42a63a4b41267 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14438,6 +14438,7 @@ with pkgs; }; rust-script = callPackage ../development/tools/rust/rust-script { }; rustup = callPackage ../development/tools/rust/rustup { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) CoreServices Security; }; rustup-toolchain-install-master = callPackage ../development/tools/rust/rustup-toolchain-install-master { From 50e225d42b7be18e5b11233f8a7e58201a26b061 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 17:31:50 +0200 Subject: [PATCH 48/81] s3rs: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 42a63a4b41267..0982e11c1b195 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -10504,6 +10504,7 @@ with pkgs; s3cmd = python3Packages.callPackage ../tools/networking/s3cmd { }; s3rs = callPackage ../tools/networking/s3rs { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From ea94d17deba812a1d928ccd2c6a76dbcf4a96d54 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:15:25 +0200 Subject: [PATCH 49/81] simple-http-server: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 0982e11c1b195..e2d4d2d56bbd0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -36331,6 +36331,7 @@ with pkgs; simplehttp2server = callPackage ../servers/simplehttp2server { }; simple-http-server = callPackage ../servers/simple-http-server { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From faac333edd78482aa743627e85fc41d9e5abcafb Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:16:14 +0200 Subject: [PATCH 50/81] python3.pkgs.uamqp: pin to openssl_1_1 --- pkgs/top-level/python-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix index 6cfcdc82c07ec..0fdfc3723ce32 100644 --- a/pkgs/top-level/python-packages.nix +++ b/pkgs/top-level/python-packages.nix @@ -11096,6 +11096,7 @@ in { tzlocal = callPackage ../development/python-modules/tzlocal { }; uamqp = callPackage ../development/python-modules/uamqp { + openssl = pkgs.openssl_1_1; inherit (pkgs.darwin.apple_sdk.frameworks) CFNetwork CoreFoundation Security; }; From 04e9a388b208832a32acac6749e69a473a1c1fd1 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:18:05 +0200 Subject: [PATCH 51/81] nginx: remove openssl_3 override --- pkgs/top-level/all-packages.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e2d4d2d56bbd0..73ea3c84abce2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -22816,7 +22816,6 @@ with pkgs; nginxStable = callPackage ../servers/http/nginx/stable.nix { zlib = zlib-ng.override { withZlibCompat = true; }; - openssl = openssl_3; withPerl = false; # We don't use `with` statement here on purpose! # See https://github.com/NixOS/nixpkgs/pull/10474#discussion_r42369334 @@ -22825,7 +22824,6 @@ with pkgs; nginxMainline = callPackage ../servers/http/nginx/mainline.nix { zlib = zlib-ng.override { withZlibCompat = true; }; - openssl = openssl_3; withKTLS = true; withPerl = false; # We don't use `with` statement here on purpose! From 3908614fe9061c51800c6451f620819ee687d1ee Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:18:21 +0200 Subject: [PATCH 52/81] tengine: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 73ea3c84abce2..cb6d6e1f63f87 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -33372,6 +33372,7 @@ with pkgs; teeworlds = callPackage ../games/teeworlds { }; tengine = callPackage ../servers/http/tengine { + openssl = openssl_1_1; modules = with nginxModules; [ rtmp dav moreheaders modsecurity-nginx ]; }; From 03d1fd84d5a5e9af1eaca2b10c13330a3f6fd2cd Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 18:30:48 +0200 Subject: [PATCH 53/81] gemConfig/openssl: pin to openssl_1_1 --- pkgs/development/ruby-modules/gem-config/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkgs/development/ruby-modules/gem-config/default.nix b/pkgs/development/ruby-modules/gem-config/default.nix index 5a6d885159a57..4e935c6537a18 100644 --- a/pkgs/development/ruby-modules/gem-config/default.nix +++ b/pkgs/development/ruby-modules/gem-config/default.nix @@ -20,7 +20,7 @@ { lib, fetchurl, writeScript, ruby, libkrb5, libxml2, libxslt, python2, stdenv, which , libiconv, postgresql, v8, clang, sqlite, zlib, imagemagick, lasem , pkg-config , ncurses, xapian, gpgme, util-linux, tzdata, icu, libffi -, cmake, libssh2, openssl, libmysqlclient, git, perl, pcre, gecode_3, curl +, cmake, libssh2, openssl, openssl_1_1, libmysqlclient, git, perl, pcre, gecode_3, curl , msgpack, libsodium, snappy, libossp_uuid, lxc, libpcap, xorg, gtk2, buildRubyGem , cairo, re2, rake, gobject-introspection, gdk-pixbuf, zeromq, czmq, graphicsmagick, libcxx , file, libvirt, glib, vips, taglib, libopus, linux-pam, libidn, protobuf, fribidi, harfbuzz @@ -478,7 +478,8 @@ in }; openssl = attrs: { - buildInputs = [ openssl ]; + # https://github.com/ruby/openssl/issues/369 + buildInputs = [ openssl_1_1 ]; }; opus-ruby = attrs: { From b6aad16660f0b7d3e5027b1d7556a8d07e8a3964 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 4 Jul 2022 02:50:56 +0200 Subject: [PATCH 54/81] gitlab: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index cb6d6e1f63f87..eb0948fca9d0a 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6774,8 +6774,11 @@ with pkgs; gitkraken = callPackage ../applications/version-management/gitkraken { }; - gitlab = callPackage ../applications/version-management/gitlab { }; + gitlab = callPackage ../applications/version-management/gitlab { + openssl = openssl_1_1; + }; gitlab-ee = callPackage ../applications/version-management/gitlab { + openssl = openssl_1_1; gitlabEnterprise = true; }; From 240ace010db8979fed8c0246fe978497b4404484 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 02:40:59 +0200 Subject: [PATCH 55/81] sysdig: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + pkgs/top-level/linux-kernels.nix | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index eb0948fca9d0a..1cdfb7bbddc84 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24623,6 +24623,7 @@ with pkgs; statifier = callPackage ../os-specific/linux/statifier { }; sysdig = callPackage ../os-specific/linux/sysdig { + openssl = openssl_1_1; kernel = null; }; # sysdig is a client, for a driver look at linuxPackagesFor diff --git a/pkgs/top-level/linux-kernels.nix b/pkgs/top-level/linux-kernels.nix index bb19710ffd87e..3dd6e2c43c30b 100644 --- a/pkgs/top-level/linux-kernels.nix +++ b/pkgs/top-level/linux-kernels.nix @@ -442,7 +442,9 @@ in { rr-zen_workaround = callPackage ../development/tools/analysis/rr/zen_workaround.nix { }; - sysdig = callPackage ../os-specific/linux/sysdig {}; + sysdig = callPackage ../os-specific/linux/sysdig { + openssl = pkgs.openssl_1_1; + }; systemtap = callPackage ../development/tools/profiling/systemtap { }; From 09f53a8624ba3b7a9bea9da5a64f8e680b68c0fd Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 02:41:55 +0200 Subject: [PATCH 56/81] swiProlog: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1cdfb7bbddc84..bbbfe9b4487c0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -14544,6 +14544,7 @@ with pkgs; swift = callPackage ../development/compilers/swift { }; swiProlog = callPackage ../development/compilers/swi-prolog { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; jdk = openjdk8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731 }; From f6390b357d4a3c6f96cefdd9c5d4f56ae762c42d Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 4 Nov 2021 05:06:29 +0100 Subject: [PATCH 57/81] percona-server56: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index bbbfe9b4487c0..001c63b5331d1 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23039,7 +23039,10 @@ with pkgs; nginx-sso = callPackage ../servers/nginx-sso { }; - percona-server56 = callPackage ../servers/sql/percona/5.6.x.nix { stdenv = gcc10StdenvCompat; }; + percona-server56 = callPackage ../servers/sql/percona/5.6.x.nix { + stdenv = gcc10StdenvCompat; + openssl = openssl_1_1; + }; percona-server = percona-server56; influxdb = callPackage ../servers/nosql/influxdb { From 4915e5913604c4ee246156ad584ce7856b99f8dc Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 03:06:38 +0200 Subject: [PATCH 58/81] pam_p11: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 001c63b5331d1..081f9b14f392c 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -24447,7 +24447,9 @@ with pkgs; pam_mysql = callPackage ../os-specific/linux/pam_mysql { }; - pam_p11 = callPackage ../os-specific/linux/pam_p11 { }; + pam_p11 = callPackage ../os-specific/linux/pam_p11 { + openssl = openssl_1_1; + }; pam_pgsql = callPackage ../os-specific/linux/pam_pgsql { }; From bf4c320600c3a28d0c1e5910076c446245b712f9 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 03:09:53 +0200 Subject: [PATCH 59/81] umurmur: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 081f9b14f392c..4cdd834503a43 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -31203,7 +31203,9 @@ with pkgs; uhhyou.lv2 = callPackage ../applications/audio/uhhyou.lv2 { }; - umurmur = callPackage ../applications/networking/umurmur { }; + umurmur = callPackage ../applications/networking/umurmur { + openssl = openssl_1_1; + }; udocker = callPackage ../tools/virtualization/udocker { }; From a9fc19c7cfdb532bc24d3461a5031bf5563ea529 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 03:10:22 +0200 Subject: [PATCH 60/81] libstrophe: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4cdd834503a43..4c3862fcb1931 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19842,7 +19842,9 @@ with pkgs; libstroke = callPackage ../development/libraries/libstroke { }; - libstrophe = callPackage ../development/libraries/libstrophe { }; + libstrophe = callPackage ../development/libraries/libstrophe { + openssl = openssl_1_1; + }; libspatialaudio = callPackage ../development/libraries/libspatialaudio { }; From 0a90c5d1603ee14f5c8438ffcfa9eb4a8bf10716 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 03:19:24 +0200 Subject: [PATCH 61/81] zookeeper_mt: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4c3862fcb1931..633f17fe28e60 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23516,7 +23516,9 @@ with pkgs; zookeeper = callPackage ../servers/zookeeper { }; - zookeeper_mt = callPackage ../development/libraries/zookeeper_mt { }; + zookeeper_mt = callPackage ../development/libraries/zookeeper_mt { + openssl = openssl_1_1; + }; xqilla = callPackage ../development/tools/xqilla { stdenv = gcc10StdenvCompat; }; From 8dfc998207dca2e2928cd1f204e4f37444aa40a6 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 7 Jul 2022 15:47:56 +0200 Subject: [PATCH 62/81] python3: pin to openssl_1_1 --- .../interpreters/python/cpython/default.nix | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/pkgs/development/interpreters/python/cpython/default.nix b/pkgs/development/interpreters/python/cpython/default.nix index 44cf836fc9c82..73197f065625f 100644 --- a/pkgs/development/interpreters/python/cpython/default.nix +++ b/pkgs/development/interpreters/python/cpython/default.nix @@ -7,6 +7,7 @@ , mailcap, mimetypesSupport ? true , ncurses , openssl +, openssl_1_1 , readline , sqlite , tcl ? null, tk ? null, tix ? null, libX11 ? null, xorgproto ? null, x11Support ? false @@ -75,6 +76,10 @@ assert lib.assertMsg (reproducibleBuild -> (!rebuildBytecode)) with lib; let + # cpython does support/build with openssl 3.0, but some libraries using the ssl module seem to have issues with it + # null check for Minimal + openssl' = if openssl != null then openssl_1_1 else null; + buildPackages = pkgsBuildHost; inherit (passthru) pythonForBuild; @@ -115,7 +120,7 @@ let ]; buildInputs = filter (p: p != null) ([ - zlib bzip2 expat xz libffi gdbm sqlite readline ncurses openssl ] + zlib bzip2 expat xz libffi gdbm sqlite readline ncurses openssl' ] ++ optionals x11Support [ tcl tk libX11 xorgproto ] ++ optionals (bluezSupport && stdenv.isLinux) [ bluez ] ++ optionals stdenv.isDarwin [ configd ]) @@ -321,8 +326,8 @@ in with passthru; stdenv.mkDerivation { "--with-threads" ] ++ optionals (sqlite != null && isPy3k) [ "--enable-loadable-sqlite-extensions" - ] ++ optionals (openssl != null) [ - "--with-openssl=${openssl.dev}" + ] ++ optionals (openssl' != null) [ + "--with-openssl=${openssl'.dev}" ] ++ optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ "ac_cv_buggy_getaddrinfo=no" # Assume little-endian IEEE 754 floating point when cross compiling @@ -484,7 +489,7 @@ in with passthru; stdenv.mkDerivation { # Enforce that we don't have references to the OpenSSL -dev package, which we # explicitly specify in our configure flags above. disallowedReferences = - lib.optionals (openssl != null && !static) [ openssl.dev ] + lib.optionals (openssl' != null && !static) [ openssl'.dev ] ++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [ # Ensure we don't have references to build-time packages. # These typically end up in shebangs. From b2bed48781c1e78aca4044f7af598f09549d948a Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:25:17 +0200 Subject: [PATCH 63/81] fractal: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 633f17fe28e60..24058c9db8e7e 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -27535,7 +27535,9 @@ with pkgs; foxtrotgps = callPackage ../applications/misc/foxtrotgps { }; - fractal = callPackage ../applications/networking/instant-messengers/fractal { }; + fractal = callPackage ../applications/networking/instant-messengers/fractal { + openssl = openssl_1_1; + }; fractal-next = callPackage ../applications/networking/instant-messengers/fractal-next { inherit (gst_all_1) gstreamer gst-plugins-base gst-plugins-bad; From ad76e3dd39255770ddba7774c5bab96d1317858e Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:35:00 +0200 Subject: [PATCH 64/81] ceph: pin to openssl_1_1 propagated through curl --- pkgs/top-level/all-packages.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 24058c9db8e7e..c24c74dec26f2 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -4919,6 +4919,8 @@ with pkgs; libceph = ceph.lib; inherit (callPackages ../tools/filesystems/ceph { lua = lua5_4; + # needs to be the same openssl version as python/pyopenssl + curl = (curl.override { openssl = openssl_1_1; }); }) ceph ceph-client; From 9c8e33f2cebde1c1e0ad17598021517bccfc0069 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:45:34 +0200 Subject: [PATCH 65/81] git-crypt: fix build with openssl_3 --- .../version-management/git-and-tools/git-crypt/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix b/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix index 1cf29fbd6c2d9..49dcb14fc0139 100644 --- a/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix +++ b/pkgs/applications/version-management/git-and-tools/git-crypt/default.nix @@ -37,6 +37,11 @@ stdenv.mkDerivation rec { "DOCBOOK_XSL=${docbook_xsl}/share/xml/docbook-xsl-nons/manpages/docbook.xsl" ]; + # https://github.com/AGWA/git-crypt/issues/232 + CXXFLAGS = [ + "-DOPENSSL_API_COMPAT=0x30000000L" + ]; + postFixup = '' wrapProgram $out/bin/git-crypt \ --suffix PATH : ${lib.makeBinPath [ git gnupg ]} From 14f18b31c3f9c7d6762f4b687ae8a5ccac35fe13 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:57:36 +0200 Subject: [PATCH 66/81] git-backup: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c24c74dec26f2..e345dbdad6c11 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6626,6 +6626,7 @@ with pkgs; git-appraise = callPackage ../applications/version-management/git-and-tools/git-appraise {}; git-backup = callPackage ../applications/version-management/git-backup { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From ce6deb535b6d300dfbe107315d63f58cac1d9620 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 31 Jul 2022 23:58:54 +0200 Subject: [PATCH 67/81] firmware-manager: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index e345dbdad6c11..1dd5b05b2c363 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23813,7 +23813,9 @@ with pkgs; fwupd-efi = callPackage ../os-specific/linux/firmware/fwupd-efi { }; - firmware-manager = callPackage ../os-specific/linux/firmware/firmware-manager { }; + firmware-manager = callPackage ../os-specific/linux/firmware/firmware-manager { + openssl = openssl_1_1; + }; firmware-updater = callPackage ../os-specific/linux/firmware/firmware-updater { }; From e891feb271e036cfac4fd20e1827164519996965 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 00:03:47 +0200 Subject: [PATCH 68/81] meli: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 1dd5b05b2c363..77369d197c4dd 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -29041,7 +29041,9 @@ with pkgs; meld = callPackage ../applications/version-management/meld { }; - meli = callPackage ../applications/networking/mailreaders/meli { }; + meli = callPackage ../applications/networking/mailreaders/meli { + openssl = openssl_1_1; + }; melmatcheq.lv2 = callPackage ../applications/audio/melmatcheq.lv2 { }; From dd5518bd8fafa8be0e9e00562225649418b72ae3 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 00:07:31 +0200 Subject: [PATCH 69/81] squid: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 77369d197c4dd..dbcff8972bae0 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -23409,7 +23409,10 @@ with pkgs; spring-boot-cli = callPackage ../development/tools/spring-boot-cli { }; - squid = callPackage ../servers/squid { }; + squid = callPackage ../servers/squid { + # https://bugs.squid-cache.org/show_bug.cgi?id=5133 + openssl = openssl_1_1; + }; duckling-proxy = callPackage ../servers/duckling-proxy { }; From 5cc75bbb98cd5dc94be1dee3aba10547b62dbdd1 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Mon, 1 Aug 2022 00:49:43 +0200 Subject: [PATCH 70/81] percona-xtrabackup_*: pin to openssl_1_1 --- pkgs/tools/backup/percona-xtrabackup/generic.nix | 2 +- pkgs/top-level/all-packages.nix | 14 ++++++++++---- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/pkgs/tools/backup/percona-xtrabackup/generic.nix b/pkgs/tools/backup/percona-xtrabackup/generic.nix index 4caafcae679be..2ea2088645e47 100644 --- a/pkgs/tools/backup/percona-xtrabackup/generic.nix +++ b/pkgs/tools/backup/percona-xtrabackup/generic.nix @@ -19,7 +19,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ bison boost cmake makeWrapper pkg-config ]; buildInputs = [ - curl cyrus_sasl libaio libedit libev libevent libgcrypt libgpg-error lz4 + (curl.override { inherit openssl; }) cyrus_sasl libaio libedit libev libevent libgcrypt libgpg-error lz4 ncurses numactl openssl protobuf valgrind xxd zlib ] ++ (with perlPackages; [ perl DBI DBDmysql ]); diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index dbcff8972bae0..6d9583ea3018d 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9645,10 +9645,16 @@ with pkgs; perceptualdiff = callPackage ../tools/graphics/perceptualdiff { }; percona-xtrabackup = percona-xtrabackup_8_0; - percona-xtrabackup_2_4 = callPackage ../tools/backup/percona-xtrabackup/2_4.nix - { stdenv = gcc10StdenvCompat; boost = boost159; }; - percona-xtrabackup_8_0 = callPackage ../tools/backup/percona-xtrabackup/8_0.nix - { stdenv = gcc10StdenvCompat; boost = boost170; }; + percona-xtrabackup_2_4 = callPackage ../tools/backup/percona-xtrabackup/2_4.nix { + stdenv = gcc10StdenvCompat; + boost = boost159; + openssl = openssl_1_1; + }; + percona-xtrabackup_8_0 = callPackage ../tools/backup/percona-xtrabackup/8_0.nix { + stdenv = gcc10StdenvCompat; + boost = boost170; + openssl = openssl_1_1; + }; pick = callPackage ../tools/misc/pick { }; From dc13b70ad9cc5f5f55b2b93373bd4a649c806a8a Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 3 Aug 2022 01:12:53 +0200 Subject: [PATCH 71/81] ipfs: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 6d9583ea3018d..635854ab47618 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7585,7 +7585,9 @@ with pkgs; ipfetch = callPackage ../tools/networking/ipfetch { }; - ipfs = callPackage ../applications/networking/ipfs { }; + ipfs = callPackage ../applications/networking/ipfs { + openssl = openssl_1_1; + }; ipfs-cluster = callPackage ../applications/networking/ipfs-cluster { }; ipfs-migrator-all-fs-repo-migrations = callPackage ../applications/networking/ipfs-migrator/all-migrations.nix { }; From fffda8a63ff9ce66ecd89a577745901255bb9bfd Mon Sep 17 00:00:00 2001 From: ajs124 Date: Wed, 3 Aug 2022 01:13:04 +0200 Subject: [PATCH 72/81] nzbget: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 635854ab47618..12a40b658322b 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -9263,7 +9263,9 @@ with pkgs; inherit (darwin.apple_sdk.frameworks) Security; }; - nzbget = callPackage ../tools/networking/nzbget { }; + nzbget = callPackage ../tools/networking/nzbget { + openssl = openssl_1_1; + }; nzbhydra2 = callPackage ../servers/nzbhydra2 { # You need Java (at least 8, at most 15) From b17c551aa2bc948181a5e62e4fd4e813c2cb224c Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 4 Aug 2022 01:12:12 +0200 Subject: [PATCH 73/81] libmysqlconnectorcpp: pin to openssl_1_1 --- pkgs/development/compilers/dotnet/build-dotnet.nix | 4 ++-- pkgs/top-level/all-packages.nix | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/development/compilers/dotnet/build-dotnet.nix b/pkgs/development/compilers/dotnet/build-dotnet.nix index f8cf3d302ec45..6cc7dace6f159 100644 --- a/pkgs/development/compilers/dotnet/build-dotnet.nix +++ b/pkgs/development/compilers/dotnet/build-dotnet.nix @@ -15,7 +15,7 @@ assert if type == "sdk" then packages != null else true; , autoPatchelfHook , makeWrapper , libunwind -, openssl +, openssl_1_1 , libuuid , zlib , curl @@ -48,7 +48,7 @@ stdenv.mkDerivation rec { icu libunwind libuuid - openssl + openssl_1_1 ] ++ lib.optional stdenv.isLinux lttng-ust_2_12); nativeBuildInputs = [ diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 12a40b658322b..4f5d695a16f85 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -19440,7 +19440,9 @@ with pkgs; libmysofa = callPackage ../development/libraries/audio/libmysofa { }; - libmysqlconnectorcpp = callPackage ../development/libraries/libmysqlconnectorcpp { }; + libmysqlconnectorcpp = callPackage ../development/libraries/libmysqlconnectorcpp { + openssl = openssl_1_1; + }; libnatpmp = callPackage ../development/libraries/libnatpmp { }; From 4921d9473fbc5e4095b35bd42ab6e07ee458fd41 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 4 Aug 2022 01:13:33 +0200 Subject: [PATCH 74/81] git-trim: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 4f5d695a16f85..c813026cbd1c6 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6744,6 +6744,7 @@ with pkgs; git-test = callPackage ../applications/version-management/git-and-tools/git-test { }; git-trim = callPackage ../applications/version-management/git-and-tools/git-trim { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From 76064cccc240946a80a972ca64ede231920b51dd Mon Sep 17 00:00:00 2001 From: ajs124 Date: Thu, 4 Aug 2022 01:13:50 +0200 Subject: [PATCH 75/81] git-subset: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index c813026cbd1c6..b96095a52e642 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -6734,6 +6734,7 @@ with pkgs; git-subrepo = callPackage ../applications/version-management/git-and-tools/git-subrepo { }; git-subset = callPackage ../applications/version-management/git-and-tools/git-subset { + openssl = openssl_1_1; inherit (darwin.apple_sdk.frameworks) Security; }; From 424885f5f8f1db8df2991d5ddfbc579bc4719c74 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 7 Aug 2022 00:19:16 +0200 Subject: [PATCH 76/81] perlPackages.CryptOpenSSLGuess: 0.11 -> 0.15 --- pkgs/top-level/perl-packages.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 55f09410856c6..72449e9d5a03f 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -4826,10 +4826,10 @@ let CryptOpenSSLGuess = buildPerlPackage { pname = "Crypt-OpenSSL-Guess"; - version = "0.11"; + version = "0.15"; src = fetchurl { - url = "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-0.11.tar.gz"; - sha256 = "0rvi9l4ljcbhwwvspq019nfq2h2v746dk355h2nwnlmqikiihsxa"; + url = "mirror://cpan/authors/id/A/AK/AKIYM/Crypt-OpenSSL-Guess-0.15.tar.gz"; + sha256 = "1c5033381819fdb4c9087dd291b90ec70e7810d31d57eade9b388eccfd70386d"; }; meta = { description = "Guess OpenSSL include path"; From 1a75cc1f1f77a0842e8b6c2d5d462c03f9e14bec Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 7 Aug 2022 00:19:22 +0200 Subject: [PATCH 77/81] perlPackages.CryptOpenSSLX509: 1.813 -> 1.914 for openssl 3.x support --- pkgs/top-level/perl-packages.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix index 72449e9d5a03f..5bfa31154e1a8 100644 --- a/pkgs/top-level/perl-packages.nix +++ b/pkgs/top-level/perl-packages.nix @@ -4869,13 +4869,15 @@ let CryptOpenSSLX509 = buildPerlPackage rec { pname = "Crypt-OpenSSL-X509"; - version = "1.813"; + version = "1.914"; src = fetchurl { - url = "mirror://cpan/authors/id/J/JO/JONASBN/Crypt-OpenSSL-X509-1.813.tar.gz"; - sha256 = "684bd888d2ed4c748f8f6dd8e87c14afa2974b12ee01faa082ad9cfa1e321e62"; + url = "mirror://cpan/authors/id/J/JO/JONASBN/Crypt-OpenSSL-X509-1.914.tar.gz"; + sha256 = "49c575257e6408ad5a89011e5b5800d598f9ccafdf42e71004ed81cb2f44ee7a"; }; NIX_CFLAGS_COMPILE = "-I${pkgs.openssl.dev}/include"; NIX_CFLAGS_LINK = "-L${lib.getLib pkgs.openssl}/lib -lcrypto"; + buildInputs = [ CryptOpenSSLGuess ]; + propagatedBuildInputs = [ ConvertASN1 ]; meta = { homepage = "https://github.com/dsully/perl-crypt-openssl-x509"; description = "Perl extension to OpenSSL's X509 API"; From cc375c4d89c4cedf7de1fc26b2888fabb155e597 Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 7 Aug 2022 00:25:43 +0200 Subject: [PATCH 78/81] wraith: pin to openssl_1_1 --- pkgs/top-level/all-packages.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index b96095a52e642..45112bcd15425 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -36091,7 +36091,9 @@ with pkgs; wprecon = callPackage ../tools/security/wprecon { }; - wraith = callPackage ../applications/networking/irc/wraith { }; + wraith = callPackage ../applications/networking/irc/wraith { + openssl = openssl_1_1; + }; wxsqlite3 = callPackage ../development/libraries/wxsqlite3 { wxGTK = wxGTK30; From d761390cd04a1a9510b9a4f42803878e0ca268ba Mon Sep 17 00:00:00 2001 From: ajs124 Date: Sun, 7 Aug 2022 00:31:47 +0200 Subject: [PATCH 79/81] sgx/sdk/ipp-crypto: pin to openssl_1_1 --- pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix b/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix index 85fcfc9c554d7..16f3d836833d5 100644 --- a/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix +++ b/pkgs/os-specific/linux/sgx/sdk/ipp-crypto.nix @@ -3,7 +3,7 @@ , fetchFromGitHub , cmake , nasm -, openssl +, openssl_1_1 , python3 , extraCmakeFlags ? [ ] }: @@ -30,7 +30,7 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ cmake nasm - openssl + openssl_1_1 python3 ]; } From 63adbbdb6611e0eb7f4db06ea862052cd799d7d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Janne=20He=C3=9F?= Date: Tue, 9 Aug 2022 19:12:07 +0100 Subject: [PATCH 80/81] nixos/changelog: Mention openssl3 update --- nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 5 +++++ nixos/doc/manual/release-notes/rl-2211.section.md | 2 ++ 2 files changed, 7 insertions(+) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 47f8fbb3abc57..1930184a50e9d 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -100,6 +100,11 @@ Cinnamon has been updated to 5.4. + + + OpenSSL now defaults to OpenSSL 3, updated from 1.1.1. + + hardware.nvidia has a new option diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 2fd8b1bbe753c..09c6b767de9bf 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -48,6 +48,8 @@ In addition to numerous new and upgraded packages, this release has the followin - Cinnamon has been updated to 5.4. +- OpenSSL now defaults to OpenSSL 3, updated from 1.1.1. + - `hardware.nvidia` has a new option `open` that can be used to opt in the opensource version of NVIDIA kernel driver. Note that the driver's support for GeForce and Workstation GPUs is still alpha quality, see [NVIDIA Releases Open-Source GPU Kernel Modules](https://developer.nvidia.com/blog/nvidia-releases-open-source-gpu-kernel-modules/) for the official announcement. From 0df0cbff9482893c5db2d6c98c372c9973ed4d8c Mon Sep 17 00:00:00 2001 From: ajs124 Date: Tue, 16 Aug 2022 23:49:14 +0200 Subject: [PATCH 81/81] proxysql: don't reference openssl_3 explicitly it's the default now --- pkgs/servers/sql/proxysql/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/servers/sql/proxysql/default.nix b/pkgs/servers/sql/proxysql/default.nix index f4c244e6632a2..94d6e28c569bf 100644 --- a/pkgs/servers/sql/proxysql/default.nix +++ b/pkgs/servers/sql/proxysql/default.nix @@ -20,7 +20,7 @@ , libuuid , lz4 , nlohmann_json -, openssl_3 +, openssl , pcre , perl , python2 @@ -55,7 +55,7 @@ stdenv.mkDerivation rec { buildInputs = [ bison - (curl.override { openssl = openssl_3; }) + curl flex gnutls libgcrypt @@ -101,7 +101,7 @@ stdenv.mkDerivation rec { { f = "libev"; p = libev; } { f = "libinjection"; p = libinjection; } { f = "libmicrohttpd"; p = libmicrohttpd_0_9_70; } - { f = "libssl"; p = openssl_3; } + { f = "libssl"; p = openssl; } { f = "lz4"; p = lz4; } { f = "pcre"; p = pcre; } { f = "re2"; p = re2; }