diff options
author | Graham Christensen <graham@grahamc.com> | 2017-11-02 15:21:52 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-02 15:21:52 -0400 |
commit | e080b87b26812e43e39be51fcd1281c63c5491a6 (patch) | |
tree | 07ac1081f07c9c28740bd828debc911fa1d31144 | |
parent | 4d7c34fb337f1845d3c5a9804e70e17ed5a8f996 (diff) | |
parent | e06dbe4f5b51850746ef2c363be8326a1a3e84bf (diff) | |
download | nixpkgs-e080b87b26812e43e39be51fcd1281c63c5491a6.tar nixpkgs-e080b87b26812e43e39be51fcd1281c63c5491a6.tar.gz nixpkgs-e080b87b26812e43e39be51fcd1281c63c5491a6.tar.bz2 nixpkgs-e080b87b26812e43e39be51fcd1281c63c5491a6.tar.lz nixpkgs-e080b87b26812e43e39be51fcd1281c63c5491a6.tar.xz nixpkgs-e080b87b26812e43e39be51fcd1281c63c5491a6.tar.zst nixpkgs-e080b87b26812e43e39be51fcd1281c63c5491a6.zip |
Merge pull request #31147 from grahamc/openssl
Upgrade OpenSSL for CVE-2017-3732, CVE-2017-3193
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 8 | ||||
-rw-r--r-- | pkgs/development/libraries/openssl/nix-ssl-cert-file.patch | 6 |
2 files changed, 7 insertions, 7 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 5a4d23b6a39..68e88cc57d0 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -107,13 +107,13 @@ let in { openssl_1_0_2 = common { - version = "1.0.2l"; - sha256 = "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf"; + version = "1.0.2m"; + sha256 = "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc"; }; openssl_1_1_0 = common { - version = "1.1.0f"; - sha256 = "0r97n4n552ns571diz54qsgarihrxvbn7kvyv8wjyfs9ybrldxqj"; + version = "1.1.0g"; + sha256 = "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy"; }; } diff --git a/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch index b615f1482b7..893fb3eb664 100644 --- a/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch +++ b/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch @@ -5,10 +5,10 @@ diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto switch (cmd) { case X509_L_FILE_LOAD: if (argl == X509_FILETYPE_DEFAULT) { -- file = (char *)getenv(X509_get_default_cert_file_env()); -+ file = (char *)getenv("NIX_SSL_CERT_FILE"); +- file = getenv(X509_get_default_cert_file_env()); ++ file = getenv("NIX_SSL_CERT_FILE"); + if (!file) -+ file = (char *)getenv(X509_get_default_cert_file_env()); ++ file = getenv(X509_get_default_cert_file_env()); if (file) ok = (X509_load_cert_crl_file(ctx, file, X509_FILETYPE_PEM) != 0); |