Skip to content

Libressl 2.3 patches#11674

Closed
globin wants to merge 8 commits intoNixOS:masterfrom
mayflower:libressl-2_3-patches
Closed

Libressl 2.3 patches#11674
globin wants to merge 8 commits intoNixOS:masterfrom
mayflower:libressl-2_3-patches

Conversation

@globin
Copy link
Copy Markdown
Member

@globin globin commented Dec 13, 2015

These patches fix building some software with libressl 2.3 which removed some obsolete features from libssl (SSLv3, sha0, ...):

  • ruby
  • bind
  • qt4
  • qt5
  • qca2
  • wpa_supplicant
  • socat
  • w3m

All patches don't change anything for users using old openssl versions.

hydra builds using libressl 2.3 at https://hydra.mayflower.de/project/nixos

@mention-bot
Copy link
Copy Markdown

mention-bot commented Dec 13, 2015

By analyzing the blame information on this pull request, we identified @pikajude, @zimbatm and @edolstra to be potential reviewers

@globin
Copy link
Copy Markdown
Member Author

globin commented Dec 13, 2015

Oh this probably should be targeted at staging

@globin globin mentioned this pull request Dec 13, 2015
Closed
zimbatm
zimbatm reviewed Dec 13, 2015
View reviewed changes
pkgs/development/libraries/qca2/libressl.patch
Copy link
Copy Markdown
Member

@zimbatm zimbatm Dec 13, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't understand this change

Copy link
Copy Markdown
Member Author

@globin globin Dec 14, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SSLv23 always uses the newest SSL/TLS version which is negotiable between server and client. This is a misnomer in libssl sadly, but security-wise the better option.

@zimbatm
Copy link
Copy Markdown
Member

zimbatm commented Dec 19, 2015

LGTM

@vcunat
Copy link
Copy Markdown
Member

vcunat commented Dec 19, 2015

Oh this probably should be targeted at staging.

Qt* have nontrivial rebuild impact (although not too big), but the rest could go directly, I think.

@globin globin force-pushed the libressl-2_3-patches branch from 612dcf7 to f8ee267 Compare December 23, 2015 22:10
@globin
Copy link
Copy Markdown
Member Author

globin commented Dec 23, 2015

Rebased

@vcunat vcunat self-assigned this Dec 23, 2015
vcunat added a commit that referenced this pull request Dec 23, 2015
@vcunat
Merge #11674: libressl-2.3 patches for various pkgs
12a0e09
@vcunat
Copy link
Copy Markdown
Member

vcunat commented Dec 23, 2015

Staged after partial testing.

@vcunat vcunat closed this Dec 23, 2015
@globin
Copy link
Copy Markdown
Member Author

globin commented Dec 23, 2015

Thanks 👍

@globin globin deleted the libressl-2_3-patches branch December 23, 2015 23:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@vcunat vcunat

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@globin @mention-bot @zimbatm @vcunat