about summary refs log tree commit diff
path: root/pkgs/development/libraries/openssl/default.nix
diff options
context:
space:
mode:
authorVladimír Čunát <v@cunat.cz>2020-03-21 08:58:46 +0100
committerFlorian Klink <flokli@flokli.de>2020-04-02 10:00:49 +0200
commite48a55dd7371c7a666819e1f2dd46f2a5c1b3ffb (patch)
tree156b1b22aeff5c31a941ae22095ad86f32111700 /pkgs/development/libraries/openssl/default.nix
parent7d91eb26c497f2338fc31cd957f8f1cfb9815ca0 (diff)
downloadnixlib-e48a55dd7371c7a666819e1f2dd46f2a5c1b3ffb.tar
nixlib-e48a55dd7371c7a666819e1f2dd46f2a5c1b3ffb.tar.gz
nixlib-e48a55dd7371c7a666819e1f2dd46f2a5c1b3ffb.tar.bz2
nixlib-e48a55dd7371c7a666819e1f2dd46f2a5c1b3ffb.tar.lz
nixlib-e48a55dd7371c7a666819e1f2dd46f2a5c1b3ffb.tar.xz
nixlib-e48a55dd7371c7a666819e1f2dd46f2a5c1b3ffb.tar.zst
nixlib-e48a55dd7371c7a666819e1f2dd46f2a5c1b3ffb.zip
openssl(_1_1): patch CVE-2019-1551
fetchpatch can't be used here and fetchurl from GitHub
like in PR #82928 has the risk of breaking the hash later;
fortunately the patches aren't too large.

(cherry picked from commit 2071e3be28ee0d6ec46056352c88b88f5c0d7f60)
Diffstat (limited to 'pkgs/development/libraries/openssl/default.nix')
-rw-r--r--pkgs/development/libraries/openssl/default.nix3
1 files changed, 3 insertions, 0 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index a2a0c68c316e..79bba38d4fc8 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -161,6 +161,9 @@ in {
       (if stdenv.hostPlatform.isDarwin
        then ./1.1/use-etc-ssl-certs-darwin.patch
        else ./1.1/use-etc-ssl-certs.patch)
+
+      ./1.1/cve-2019-1551.patch
+      ./1.1/cve-2019-1551-improve.patch
     ];
     withDocs = true;
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-29 00:02:36 +0000