diff options
| author | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-01-24 23:03:33 +0100 |
|---|---|---|
| committer | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-01-24 23:03:33 +0100 |
| commit | 43535900fddfdf176693929eac8771cb090a6ee1 (patch) | |
| tree | b6ecb3fc3ac4d48868c5d23ec110f517d700cd74 /pkgs | |
| parent | c457bbb2bbe1cef5ad56effc87cb7ff1ddd86509 (diff) | |
| parent | 3a2670c74a03cd2c6fac98a0dd45780b7f4d3010 (diff) | |
| download | nixlib-43535900fddfdf176693929eac8771cb090a6ee1.tar nixlib-43535900fddfdf176693929eac8771cb090a6ee1.tar.gz nixlib-43535900fddfdf176693929eac8771cb090a6ee1.tar.bz2 nixlib-43535900fddfdf176693929eac8771cb090a6ee1.tar.lz nixlib-43535900fddfdf176693929eac8771cb090a6ee1.tar.xz nixlib-43535900fddfdf176693929eac8771cb090a6ee1.tar.zst nixlib-43535900fddfdf176693929eac8771cb090a6ee1.zip | |
Merge pull request #5938 from offlinehacker/pkgs/xca/fix_ssl
xca: fix ssl
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/applications/misc/xca/0001-Fix-for-openssl-1.0.1i.patch | 57 | ||||
| -rw-r--r-- | pkgs/applications/misc/xca/default.nix | 2 |
2 files changed, 59 insertions, 0 deletions
diff --git a/pkgs/applications/misc/xca/0001-Fix-for-openssl-1.0.1i.patch b/pkgs/applications/misc/xca/0001-Fix-for-openssl-1.0.1i.patch new file mode 100644 index 000000000000..9bfe3831c4aa --- /dev/null +++ b/pkgs/applications/misc/xca/0001-Fix-for-openssl-1.0.1i.patch @@ -0,0 +1,57 @@ +From abd9d530776e8bb6d8f05312fc3ae3044796139c Mon Sep 17 00:00:00 2001 +From: Oliver Winker <oliver@oli1170.net> +Date: Tue, 12 Aug 2014 19:08:05 +0200 +Subject: [PATCH] Fix for openssl 1.0.1i + +Fixes following application error +--- +Errors +error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error +--- + +Due to openssl 1.0.1i change: +--- +commit 03b04ddac162c7b7fa3c57eadccc5a583a00d291 +Author: Emilia Kasper <emilia@openssl.org> +Date: Wed Jul 2 19:02:33 2014 +0200 + + Fix OID handling: + + - Upon parsing, reject OIDs with invalid base-128 encoding. + - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. + + CVE-2014-3508 + + Reviewed-by: Dr. Stephen Henson <steve@openssl.org> + Reviewed-by: Kurt Roeckx <kurt@openssl.org> + Reviewed-by: Tim Hudson <tjh@openssl.org> +--- +--- + lib/x509v3ext.cpp | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/lib/x509v3ext.cpp b/lib/x509v3ext.cpp +index cf74c32..d94cbda 100644 +--- a/lib/x509v3ext.cpp ++++ b/lib/x509v3ext.cpp +@@ -27,6 +27,8 @@ x509v3ext::x509v3ext(const X509_EXTENSION *n) + x509v3ext::x509v3ext(const x509v3ext &n) + { + ext = NULL; ++ if (!n.isValid()) ++ return; + set(n.ext); + } + +@@ -743,7 +745,7 @@ X509_EXTENSION *x509v3ext::get() const + + bool x509v3ext::isValid() const + { +- return ext->value->length > 0 && ++ return ext && ext->value && ext->value->length > 0 && + OBJ_obj2nid(ext->object) != NID_undef; + } + +-- +2.0.1 + diff --git a/pkgs/applications/misc/xca/default.nix b/pkgs/applications/misc/xca/default.nix index 0bc2170340c8..1be4de8f9705 100644 --- a/pkgs/applications/misc/xca/default.nix +++ b/pkgs/applications/misc/xca/default.nix @@ -9,6 +9,8 @@ stdenv.mkDerivation rec { sha256 = "1fn6kh8mdy65rrgjif7j9wn3mxg1mrrcnhzpi86hfy24ic6bahk8"; }; + patches = [ ./0001-Fix-for-openssl-1.0.1i.patch ]; + configurePhase = '' export PATH=$PATH:${which}/bin export QTDIR=${qt4} |