public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #31147 from grahamc/openssl 

Upgrade OpenSSL for CVE-2017-3732, CVE-2017-3193
This commit is contained in:
Graham Christensen 2017-11-02 15:21:52 -04:00 committed by GitHub
parent 4d7c34fb33 e06dbe4f5b
commit e080b87b26
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkgs/development/libraries/openssl/default.nix
View File

@ -107,13 +107,13 @@ let
in {
openssl_1_0_2 = common {
version = "1.0.2l";
sha256 = "037kvpisc6qh5dkppcwbm5bg2q800xh2hma3vghz8xcycmdij1yf";
version = "1.0.2m";
sha256 = "03vvlfnxx4lhxc83ikfdl6jqph4h52y7lb7li03va6dkqrgg2vwc";
};
openssl_1_1_0 = common {
version = "1.1.0f";
sha256 = "0r97n4n552ns571diz54qsgarihrxvbn7kvyv8wjyfs9ybrldxqj";
version = "1.1.0g";
sha256 = "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy";
};
}

6
pkgs/development/libraries/openssl/nix-ssl-cert-file.patch
View File

@ -5,10 +5,10 @@ diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = (char *)getenv(X509_get_default_cert_file_env());
+ file = (char *)getenv("NIX_SSL_CERT_FILE");
- file = getenv(X509_get_default_cert_file_env());
+ file = getenv("NIX_SSL_CERT_FILE");
+ if (!file)
+ file = (char *)getenv(X509_get_default_cert_file_env());
+ file = getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);