libressl_3_4: backport security fix

2023-02-14 21:00:47 +01:00 · 2023-02-14 21:00:47 +01:00 · b958f017b7
parent cb8d827b9a
commit b958f017b7
1 changed files with 11 additions and 4 deletions
--- a/pkgs/development/libraries/libressl/default.nix
+++ b/pkgs/development/libraries/libressl/default.nix
@ -86,7 +86,7 @@ let
      license = with licenses; [ publicDomain bsdOriginal bsd0 bsd3 gpl3 isc openssl ];
      platforms   = platforms.all;
      maintainers = with maintainers; [ thoughtpolice fpletz ];
-      knownVulnerabilities = knownVulnerabilities;
+      inherit knownVulnerabilities;
    };
  };

@ -94,9 +94,16 @@ in {
  libressl_3_4 = generic {
    version = "3.4.3";
    hash = "sha256-/4i//jVIGLPM9UXjyv5FTFAxx6dyFwdPUzJx1jw38I0=";
-    knownVulnerabilities = [
-      "Support ended 2022-10-14."
-      "https://marc.info/?l=libressl&m=167582148932407&w=2"
+    knownVulnerabilities = [ "Support ended 2022-10-14." ];
+    patches = [
+      (fetchpatch {
+        # https://marc.info/?l=libressl&m=167582148932407&w=2
+        name = "backport-type-confusion-fix.patch";
+        url = "https://raw.githubusercontent.com/libressl/portable/30dc760ed1d7c70766b135500950d8ca9d17b13a/patches/x509_genn.c.diff";
+        sha256 = "sha256-N9jsOueqposDWZwaR+n/v/cHgNiZbZ644d8/wKjN2/M=";
+        stripLen = 2;
+        extraPrefix = "crypto/";
+      })
    ];
  };