openssl_1_1_0: Fix CVE-2017-3738

2018-01-07 06:39:08 +08:00 · 2018-01-07 06:39:08 +08:00 · 4cc3510a92
parent dc84ce085f
commit 4cc3510a92
1 changed files with 8 additions and 0 deletions
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@ -1,5 +1,6 @@
 { stdenv, fetchurl, buildPackages, perl
 , hostPlatform
+, fetchpatch
 , withCryptodev ? false, cryptodevHeaders
 , enableSSL2 ? false
 }:
@ -114,6 +115,13 @@ in {
  openssl_1_1_0 = common {
    version = "1.1.0g";
    sha256 = "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy";
+    patches = [
+      (fetchpatch {
+        name = "CVE-2017-3738.patch";
+        url = "https://github.com/openssl/openssl/commit/563066.patch";
+        sha256 = "0ni9fwpxf8raw8b58pfa15akbqmxx4q64v0ldsm4b9dqhbxf8mkz";
+      })
+    ];
  };

 }