summary refs log tree commit diff
path: root/pkgs/development/libraries/openssl
diff options
context:
space:
mode:
authorAlyssa Ross <hi@alyssa.is>2018-11-20 15:56:49 +0000
committerAlyssa Ross <hi@alyssa.is>2018-11-20 16:52:22 +0000
commitd012516c44dc6937e0b3eab5c3b6c5af6222da86 (patch)
tree7565f7949ca4a9cb5d45ec630f42dc39aa4a48e6 /pkgs/development/libraries/openssl
parentae29a9e688845f276c60aa48e3d8426a2b9b2d6d (diff)
downloadnixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar
nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.gz
nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.bz2
nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.lz
nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.xz
nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.zst
nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.zip
openssl_1_1: 1.1.1 -> 1.1.1a
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-0735: https://www.openssl.org/news/vulnerabilities.html#2018-0735
Diffstat (limited to 'pkgs/development/libraries/openssl')
-rw-r--r--pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch15
-rw-r--r--pkgs/development/libraries/openssl/default.nix6
-rw-r--r--pkgs/development/libraries/openssl/nix-ssl-cert-file.patch14
3 files changed, 18 insertions, 17 deletions
diff --git a/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch
new file mode 100644
index 00000000000..9e871cfb1d3
--- /dev/null
+++ b/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch
@@ -0,0 +1,15 @@
+diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
+index 244512c935..f0b70d7ea1 100644
+--- a/crypto/x509/by_file.c
++++ b/crypto/x509/by_file.c
+@@ -46,7 +46,9 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
+     switch (cmd) {
+     case X509_L_FILE_LOAD:
+         if (argl == X509_FILETYPE_DEFAULT) {
+-            file = ossl_safe_getenv(X509_get_default_cert_file_env());
++            file = ossl_safe_getenv("NIX_SSL_CERT_FILE");
++            if (!file)
++                file = ossl_safe_getenv(X509_get_default_cert_file_env());
+             if (file)
+                 ok = (X509_load_cert_crl_file(ctx, file,
+                                               X509_FILETYPE_PEM) != 0);
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 3e643807f1c..8efcbd58dd1 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -131,9 +131,9 @@ in {
   };
 
   openssl_1_1 = common {
-    version = "1.1.1";
-    sha256 = "0gbab2fjgms1kx5xjvqx8bxhr98k4r8l2fa8vw7kvh491xd8fdi8";
-    patches = [ ./nix-ssl-cert-file.patch ];
+    version = "1.1.1a";
+    sha256 = "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w";
+    patches = [ ./1.1/nix-ssl-cert-file.patch ];
   };
 
 }
diff --git a/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch
deleted file mode 100644
index 893fb3eb664..00000000000
--- a/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c
---- openssl-1.0.2j-orig/crypto/x509/by_file.c	2016-09-26 11:49:07.000000000 +0200
-+++ openssl-1.0.2j/crypto/x509/by_file.c	2016-10-13 16:54:31.400288302 +0200
-@@ -97,7 +97,9 @@
-     switch (cmd) {
-     case X509_L_FILE_LOAD:
-         if (argl == X509_FILETYPE_DEFAULT) {
--            file = getenv(X509_get_default_cert_file_env());
-+            file = getenv("NIX_SSL_CERT_FILE");
-+            if (!file)
-+                file = getenv(X509_get_default_cert_file_env());
-             if (file)
-                 ok = (X509_load_cert_crl_file(ctx, file,
-                                               X509_FILETYPE_PEM) != 0);
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-03 10:14:41 +0000