From 0c213829222e20c83eb2044c36ff205854a583b9 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 21 Jun 2022 17:57:43 +0200 Subject: [PATCH 1/2] openssl_1_1: 1.1.1o -> 1.1.1p Fixes additional sanitization issues in the c_rehash script. https://mta.openssl.org/pipermail/openssl-announce/2022-June/000226.html Fixes: CVE-2022-2068 --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index a0506dda1f6..a14615b878b 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -186,8 +186,8 @@ in { openssl_1_1 = common rec { - version = "1.1.1o"; - sha256 = "sha256-k4SisFcN2ANYhBRkZ3EV33he25QccSEfdQdtcv5rQ48="; + version = "1.1.1p"; + sha256 = "sha256-v2G2Kqpmx8djmUKpTeTJroKAwI8X1OrC5EZE2fyKzm8="; patches = [ ./1.1/nix-ssl-cert-file.patch From deb8ef11623db2127133293642a8719f71f76b82 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 21 Jun 2022 17:57:43 +0200 Subject: [PATCH 2/2] openssl_3_0: 3.0.3 -> 3.0.4 Fixes additional sanitization issues in the c_rehash script. https://mta.openssl.org/pipermail/openssl-announce/2022-June/000227.html Fixes: CVE-2022-2068 --- pkgs/development/libraries/openssl/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index a14615b878b..8f940b69256 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -201,8 +201,8 @@ in { }; openssl_3_0 = common { - version = "3.0.3"; - sha256 = "sha256-7gB4rc7x3l8APGLIDMllJ3IWCcbzu0K3eV3zH4tVjAs="; + version = "3.0.4"; + sha256 = "sha256-KDGEPppmigq0eOcCCtY9LWXlH3KXdHLcc+/O+6/AwA8="; patches = [ ./3.0/nix-ssl-cert-file.patch