openssl_1_1: 1.1.1 -> 1.1.1a

CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734
CVE-2018-0735: https://www.openssl.org/news/vulnerabilities.html#2018-0735
This commit is contained in:
Alyssa Ross 2018-11-20 15:56:49 +00:00
parent ae29a9e688
commit d012516c44
No known key found for this signature in database
GPG Key ID: C4844408C0657052
3 changed files with 18 additions and 17 deletions

View File

@ -0,0 +1,15 @@
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
index 244512c935..f0b70d7ea1 100644
--- a/crypto/x509/by_file.c
+++ b/crypto/x509/by_file.c
@@ -46,7 +46,9 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = ossl_safe_getenv(X509_get_default_cert_file_env());
+ file = ossl_safe_getenv("NIX_SSL_CERT_FILE");
+ if (!file)
+ file = ossl_safe_getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);

View File

@ -131,9 +131,9 @@ in {
}; };
openssl_1_1 = common { openssl_1_1 = common {
version = "1.1.1"; version = "1.1.1a";
sha256 = "0gbab2fjgms1kx5xjvqx8bxhr98k4r8l2fa8vw7kvh491xd8fdi8"; sha256 = "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w";
patches = [ ./nix-ssl-cert-file.patch ]; patches = [ ./1.1/nix-ssl-cert-file.patch ];
}; };
} }

View File

@ -1,14 +0,0 @@
diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c
--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200
+++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200
@@ -97,7 +97,9 @@
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
- file = getenv(X509_get_default_cert_file_env());
+ file = getenv("NIX_SSL_CERT_FILE");
+ if (!file)
+ file = getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);