Unverified Commit 87c0c5e5 authored by Markus Theil's avatar Markus Theil
Browse files

openssl: 3.5.2 -> 3.6.0 

Changelog (security fixes):
https://github.com/openssl/openssl/blob/openssl-3.5/CHANGES.md#changes-between-353-and-354-30-sep-2025

Changelog (features):
https://github.com/openssl/openssl/blob/openssl-3.6/CHANGES.md#changes-between-35-and-360-1-oct-2025



Notably:
- more work on PQC algorithms (LMS)
- performance improvements for some assembly implementations

Fixed CVEs:
- CVE-2025-9230
- CVE-2025-9231
- CVE-2025-9232

Signed-off-by: default avatarMarkus Theil <theil.markus@gmail.com>
parent 9e4cf668

pkgs/development/libraries/openssl/default.nix

+3 −3
Original line number Diff line number Diff line
@@ -396,9 +396,9 @@ in 
    };

  };



  openssl_3_5 = common {

    version = "3.5.2";

    hash = "sha256-xTpH5eRByTDDkoz3v2+wDl0Sm2MOCqhzsIJYZW5zRew=";

  openssl_3_6 = common {

    version = "3.6.0";

    hash = "sha256-tqX0S362nj+jXb8VUkQFtEg3pIHUPYHa3d4/8h/LuOk=";



    patches = [

      # Support for NIX_SSL_CERT_FILE, motivation:

pkgs/top-level/all-packages.nix

+2 −2
Original line number Diff line number Diff line
@@ -8462,7 +8462,7 @@ with pkgs; 


  libressl = libressl_4_1;



  openssl = openssl_3_5;

  openssl = openssl_3_6;



  openssl_legacy = openssl.override {

    conf = ../development/libraries/openssl/3.0/legacy.cnf;
@@ -8471,7 +8471,7 @@ with pkgs; 
  inherit (callPackages ../development/libraries/openssl { })

    openssl_1_1

    openssl_3

    openssl_3_5

    openssl_3_6

    ;



  pcre = callPackage ../development/libraries/pcre { };