diff options
author | Alyssa Ross <hi@alyssa.is> | 2018-11-20 15:56:49 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2018-11-20 16:52:22 +0000 |
commit | d012516c44dc6937e0b3eab5c3b6c5af6222da86 (patch) | |
tree | 7565f7949ca4a9cb5d45ec630f42dc39aa4a48e6 /pkgs/development/libraries/openssl | |
parent | ae29a9e688845f276c60aa48e3d8426a2b9b2d6d (diff) | |
download | nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.gz nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.bz2 nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.lz nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.xz nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.tar.zst nixpkgs-d012516c44dc6937e0b3eab5c3b6c5af6222da86.zip |
openssl_1_1: 1.1.1 -> 1.1.1a
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734 CVE-2018-0735: https://www.openssl.org/news/vulnerabilities.html#2018-0735
Diffstat (limited to 'pkgs/development/libraries/openssl')
3 files changed, 18 insertions, 17 deletions
diff --git a/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch new file mode 100644 index 00000000000..9e871cfb1d3 --- /dev/null +++ b/pkgs/development/libraries/openssl/1.1/nix-ssl-cert-file.patch @@ -0,0 +1,15 @@ +diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c +index 244512c935..f0b70d7ea1 100644 +--- a/crypto/x509/by_file.c ++++ b/crypto/x509/by_file.c +@@ -46,7 +46,9 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, + switch (cmd) { + case X509_L_FILE_LOAD: + if (argl == X509_FILETYPE_DEFAULT) { +- file = ossl_safe_getenv(X509_get_default_cert_file_env()); ++ file = ossl_safe_getenv("NIX_SSL_CERT_FILE"); ++ if (!file) ++ file = ossl_safe_getenv(X509_get_default_cert_file_env()); + if (file) + ok = (X509_load_cert_crl_file(ctx, file, + X509_FILETYPE_PEM) != 0); diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 3e643807f1c..8efcbd58dd1 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -131,9 +131,9 @@ in { }; openssl_1_1 = common { - version = "1.1.1"; - sha256 = "0gbab2fjgms1kx5xjvqx8bxhr98k4r8l2fa8vw7kvh491xd8fdi8"; - patches = [ ./nix-ssl-cert-file.patch ]; + version = "1.1.1a"; + sha256 = "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w"; + patches = [ ./1.1/nix-ssl-cert-file.patch ]; }; } diff --git a/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch b/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch deleted file mode 100644 index 893fb3eb664..00000000000 --- a/pkgs/development/libraries/openssl/nix-ssl-cert-file.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c ---- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200 -+++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200 -@@ -97,7 +97,9 @@ - switch (cmd) { - case X509_L_FILE_LOAD: - if (argl == X509_FILETYPE_DEFAULT) { -- file = getenv(X509_get_default_cert_file_env()); -+ file = getenv("NIX_SSL_CERT_FILE"); -+ if (!file) -+ file = getenv(X509_get_default_cert_file_env()); - if (file) - ok = (X509_load_cert_crl_file(ctx, file, - X509_FILETYPE_PEM) != 0); |