commit bdfdf2c602dba71ca96b720a5383f68509fa253d · tjh.dev/nixpkgs

tjh.dev / nixpkgs

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

mbedtls: 3.5.2 -> 3.6.0

Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0
Fixes CVE-2024-28960

Raphael Robatsch 2 years ago bdfdf2c6 92f5f12a

+18 -3

2 changed files

expand all

unified split

pkgs

development

libraries

mbedtls

3.nix

generic.nix

+15 -3

pkgs/development/libraries/mbedtls/3.nix

··· 1 - { callPackage }: 1 + { callPackage 2 + , fetchpatch 3 + }: 2 4 3 5 callPackage ./generic.nix { 4 - version = "3.5.2"; 5 - hash = "sha256-lVGmnSYccNmRS6vfF/fDiny5cYRPc/wJBpgciFLPUvM="; 6 + version = "3.6.0"; 7 + hash = "sha256-tCwAKoTvY8VCjcTPNwS3DeitflhpKHLr6ygHZDbR6wQ="; 8 + 9 + patches = [ 10 + # https://github.com/Mbed-TLS/mbedtls/pull/9000 11 + # Remove at next version update 12 + (fetchpatch { 13 + name = "fix-darwin-memcpy-error.patch"; 14 + url = "https://github.com/Mbed-TLS/mbedtls/commit/b32d7ae0fee2f906be59780b42a0cd4468a39bd1.patch"; 15 + hash = "sha256-BTkJs9NEkCl+/Q8EwB/LW9uwF95jQOKWmoCK4B/7/sU="; 16 + }) 17 + ]; 6 18 }

pkgs/development/libraries/mbedtls/generic.nix

··· 2 2 , stdenv 3 3 , version 4 4 , hash 5 + , patches ? [] 5 6 , fetchFromGitHub 6 7 7 8 , cmake ··· 24 25 # mbedtls >= 3.6.0 uses git submodules 25 26 fetchSubmodules = true; 26 27 }; 28 + 29 + inherit patches; 27 30 28 31 nativeBuildInputs = [ cmake ninja perl python3 ]; 29 32