diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 78792e5b8dc4..94c49af8c4f1 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -1,5 +1,6 @@ { stdenv, fetchurl, buildPackages, perl , hostPlatform +, fetchpatch , withCryptodev ? false, cryptodevHeaders , enableSSL2 ? false }: @@ -114,6 +115,13 @@ in { openssl_1_1_0 = common { version = "1.1.0g"; sha256 = "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy"; + patches = [ + (fetchpatch { + name = "CVE-2017-3738.patch"; + url = "https://github.com/openssl/openssl/commit/563066.patch"; + sha256 = "0ni9fwpxf8raw8b58pfa15akbqmxx4q64v0ldsm4b9dqhbxf8mkz"; + }) + ]; }; }