From 4cc3510a92d6d8497bcaab95efd3bc5335026e36 Mon Sep 17 00:00:00 2001
From: adisbladis <adis@blad.is>
Date: Sun, 7 Jan 2018 06:39:08 +0800
Subject: [PATCH] openssl_1_1_0: Fix CVE-2017-3738

---
 pkgs/development/libraries/openssl/default.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 78792e5b8dc4..94c49af8c4f1 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -1,5 +1,6 @@
 { stdenv, fetchurl, buildPackages, perl
 , hostPlatform
+, fetchpatch
 , withCryptodev ? false, cryptodevHeaders
 , enableSSL2 ? false
 }:
@@ -114,6 +115,13 @@ in {
   openssl_1_1_0 = common {
     version = "1.1.0g";
     sha256 = "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy";
+    patches = [
+      (fetchpatch {
+        name = "CVE-2017-3738.patch";
+        url = "https://github.com/openssl/openssl/commit/563066.patch";
+        sha256 = "0ni9fwpxf8raw8b58pfa15akbqmxx4q64v0ldsm4b9dqhbxf8mkz";
+      })
+    ];
   };
 
 }