openssl_1_1: 1.1.1 -> 1.1.1a
CVE-2018-0734: https://www.openssl.org/news/vulnerabilities.html#2018-0734 CVE-2018-0735: https://www.openssl.org/news/vulnerabilities.html#2018-0735
This commit is contained in:
parent
ae29a9e688
commit
d012516c44
@ -0,0 +1,15 @@
|
|||||||
|
diff --git a/crypto/x509/by_file.c b/crypto/x509/by_file.c
|
||||||
|
index 244512c935..f0b70d7ea1 100644
|
||||||
|
--- a/crypto/x509/by_file.c
|
||||||
|
+++ b/crypto/x509/by_file.c
|
||||||
|
@@ -46,7 +46,9 @@ static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
|
||||||
|
switch (cmd) {
|
||||||
|
case X509_L_FILE_LOAD:
|
||||||
|
if (argl == X509_FILETYPE_DEFAULT) {
|
||||||
|
- file = ossl_safe_getenv(X509_get_default_cert_file_env());
|
||||||
|
+ file = ossl_safe_getenv("NIX_SSL_CERT_FILE");
|
||||||
|
+ if (!file)
|
||||||
|
+ file = ossl_safe_getenv(X509_get_default_cert_file_env());
|
||||||
|
if (file)
|
||||||
|
ok = (X509_load_cert_crl_file(ctx, file,
|
||||||
|
X509_FILETYPE_PEM) != 0);
|
@ -131,9 +131,9 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
openssl_1_1 = common {
|
openssl_1_1 = common {
|
||||||
version = "1.1.1";
|
version = "1.1.1a";
|
||||||
sha256 = "0gbab2fjgms1kx5xjvqx8bxhr98k4r8l2fa8vw7kvh491xd8fdi8";
|
sha256 = "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w";
|
||||||
patches = [ ./nix-ssl-cert-file.patch ];
|
patches = [ ./1.1/nix-ssl-cert-file.patch ];
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -1,14 +0,0 @@
|
|||||||
diff -ru -x '*~' openssl-1.0.2j-orig/crypto/x509/by_file.c openssl-1.0.2j/crypto/x509/by_file.c
|
|
||||||
--- openssl-1.0.2j-orig/crypto/x509/by_file.c 2016-09-26 11:49:07.000000000 +0200
|
|
||||||
+++ openssl-1.0.2j/crypto/x509/by_file.c 2016-10-13 16:54:31.400288302 +0200
|
|
||||||
@@ -97,7 +97,9 @@
|
|
||||||
switch (cmd) {
|
|
||||||
case X509_L_FILE_LOAD:
|
|
||||||
if (argl == X509_FILETYPE_DEFAULT) {
|
|
||||||
- file = getenv(X509_get_default_cert_file_env());
|
|
||||||
+ file = getenv("NIX_SSL_CERT_FILE");
|
|
||||||
+ if (!file)
|
|
||||||
+ file = getenv(X509_get_default_cert_file_env());
|
|
||||||
if (file)
|
|
||||||
ok = (X509_load_cert_crl_file(ctx, file,
|
|
||||||
X509_FILETYPE_PEM) != 0);
|
|
Loading…
Reference in New Issue
Block a user