openssl: fix CVE-2019-1543

Closes https://github.com/NixOS/nixpkgs/pull/61827. Fixes https://github.com/NixOS/nixpkgs/issues/60107.
2019-05-21 14:31:46 -04:00 · 2019-05-21 14:31:46 -04:00 · aae4c114a4
parent 4a2fad0cf7
commit aae4c114a4
1 changed files with 5 additions and 0 deletions
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@ -136,6 +136,11 @@ in {
    sha256 = "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw";
    patches = [
      ./1.1/nix-ssl-cert-file.patch
+      (fetchurl {
+        name = "long-chacha-nonce.patch";
+        url = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff_plain;h=f426625b6ae9a7831010750490a5f0ad689c5ba3";
+        sha256= "02ghqg3vzmzx3s1dwwwbm1p1l4asaiampyg4k9vfrjwficvgpdgp";
+      })

      (if stdenv.hostPlatform.isDarwin
       then ./1.1/use-etc-ssl-certs-darwin.patch