diff options
author | Alexey Shmalko <rasen.dubi@gmail.com> | 2016-08-23 03:39:02 +0300 |
---|---|---|
committer | Alexey Shmalko <rasen.dubi@gmail.com> | 2016-08-23 03:41:03 +0300 |
commit | 6e7ca9272e96eec503b44db358c4f683e470f9b4 (patch) | |
tree | a6eb1aab8d6d9b21cf0e78cf3711793db0a21fdc /pkgs/development/libraries/openssl/default.nix | |
parent | 298b479c229fdcc227bb7cc4cd4f9d04cafe5eff (diff) | |
download | nixpkgs-6e7ca9272e96eec503b44db358c4f683e470f9b4.tar nixpkgs-6e7ca9272e96eec503b44db358c4f683e470f9b4.tar.gz nixpkgs-6e7ca9272e96eec503b44db358c4f683e470f9b4.tar.bz2 nixpkgs-6e7ca9272e96eec503b44db358c4f683e470f9b4.tar.lz nixpkgs-6e7ca9272e96eec503b44db358c4f683e470f9b4.tar.xz nixpkgs-6e7ca9272e96eec503b44db358c4f683e470f9b4.tar.zst nixpkgs-6e7ca9272e96eec503b44db358c4f683e470f9b4.zip |
openssl: fix CVE-2016-2177
Diffstat (limited to 'pkgs/development/libraries/openssl/default.nix')
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 8c0ad107d77..5b8a36444eb 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -8,7 +8,7 @@ let opensslCrossSystem = stdenv.cross.openssl.system or (throw "openssl needs its platform name cross building"); - common = { version, sha256 }: stdenv.mkDerivation rec { + common = args@{ version, sha256, patches ? [] }: stdenv.mkDerivation rec { name = "openssl-${version}"; src = fetchurl { @@ -17,7 +17,8 @@ let }; patches = - [ ./use-etc-ssl-certs.patch ] + args.patches + ++ [ ./use-etc-ssl-certs.patch ] ++ optional stdenv.isCygwin ./1.0.1-cygwin64.patch ++ optional (versionOlder version "1.0.2" && (stdenv.isDarwin || (stdenv ? cross && stdenv.cross.libc == "libSystem"))) @@ -107,11 +108,19 @@ in { openssl_1_0_1 = common { version = "1.0.1t"; sha256 = "4a6ee491a2fdb22e519c76fdc2a628bb3cec12762cd456861d207996c8a07088"; + patches = [ + # https://git.openssl.org/?p=openssl.git;a=commit;h=6f35f6deb5ca7daebe289f86477e061ce3ee5f46 + ./1.0.1-CVE-2016-2177.diff + ]; }; openssl_1_0_2 = common { version = "1.0.2h"; sha256 = "1d4007e53aad94a5b2002fe045ee7bb0b3d98f1a47f8b2bc851dcd1c74332919"; + patches = [ + # https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7 + ./1.0.2-CVE-2016-2177.diff + ]; }; } |