1 files changed, 12 insertions, 12 deletions

diff --git a/nixpkgs/pkgs/development/libraries/libressl/default.nix b/nixpkgs/pkgs/development/libraries/libressl/default.nix
index d70672f63ac3..0d01eeb81f1a 100644
--- a/nixpkgs/pkgs/development/libraries/libressl/default.nix
+++ b/nixpkgs/pkgs/development/libraries/libressl/default.nix
@@ -40,14 +40,20 @@ let
     # removing ./configure pre-config.
     preConfigure = ''
       rm configure
+      substituteInPlace CMakeLists.txt \
+        --replace 'exec_prefix \''${prefix}' "exec_prefix ${placeholder "bin"}" \
+        --replace 'libdir      \''${exec_prefix}' 'libdir \''${prefix}'
     '';
 
     inherit patches;
 
     # Since 2.9.x the default location can't be configured from the build using
     # DEFAULT_CA_FILE anymore, instead we have to patch the default value.
-    postPatch = lib.optionalString (lib.versionAtLeast version "2.9.2") ''
-      substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"'
+    postPatch = ''
+      patchShebangs tests/
+      ${lib.optionalString (lib.versionAtLeast version "2.9.2") ''
+        substituteInPlace ./tls/tls_config.c --replace '"/etc/ssl/cert.pem"' '"${cacert}/etc/ssl/certs/ca-bundle.crt"'
+      ''}
     '';
 
     doCheck = true;
@@ -81,17 +87,11 @@ let
 
 in {
   libressl_3_2 = generic {
-    version = "3.2.5";
-    sha256 = "1zkwrs3b19s1ybz4q9hrb7pqsbsi8vxcs44qanfy11fkc7ynb2kr";
-    patches = [
-      ./CVE-2021-41581.patch
-    ];
+    version = "3.2.7";
+    sha256 = "112bjfrwwqlk0lak7fmfhcls18ydf62cp7gxghf4gklpfl1zyckw";
   };
   libressl_3_4 = generic {
-    version = "3.4.0";
-    sha256 = "1lhn76nd59p1dfd27b4636zj6wh3f5xsi8b3sxqnl820imsswbp5";
-    patches = [
-      ./CVE-2021-41581.patch
-    ];
+    version = "3.4.1";
+    sha256 = "0766yxb599lx7qmlmsddiw9wgminz9mc311mav5q23l0rbkflz0h";
   };
 }