movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 12:45:27 +03:00
Code Issues Projects Releases Packages Wiki Activity

openssl_3_2: 3.2.2 -> 3.2.3

Browse source 
Contains two CVE fixes.

* Fixed possible denial of service in X.509 name checks. (CVE-2024-6119)
* Fixed possible buffer overread in SSL_select_next_proto(). (CVE-2024-5535)

Changelog: https://github.com/openssl/openssl/blob/openssl-3.2/CHANGES.md#changes-between-322-and-323-3-sep-2024

Signed-off-by: Markus Theil <theil.markus@gmail.com>
This commit is contained in:
Markus Theil 2024-09-04 21:49:53 +02:00
parent 6fef5775cc
commit 2cd1c935bb
1 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pkgs/development/libraries/openssl/default.nix
View file

@ -309,8 +309,8 @@ in {
}; };
openssl_3_2 = common { openssl_3_2 = common {
version = "3.2.2"; version = "3.2.3";
hash = "sha256-GXFJwY2enyksQ/BACsq6EuX1LKz+BQ89GZJ36nOOwuc="; hash = "sha256-UrXxxrgCK8WGjDCMVPt3cF5wLWxvRZT5mg3yFqz0Yjk=";
patches = [ patches = [
./3.0/nix-ssl-cert-file.patch ./3.0/nix-ssl-cert-file.patch
@ -319,8 +319,6 @@ in {
# This patch disables build-time detection. # This patch disables build-time detection.
./3.0/openssl-disable-kernel-detection.patch ./3.0/openssl-disable-kernel-detection.patch
./3.3/CVE-2024-5535.patch
(if stdenv.hostPlatform.isDarwin (if stdenv.hostPlatform.isDarwin
then ./3.2/use-etc-ssl-certs-darwin.patch then ./3.2/use-etc-ssl-certs-darwin.patch
else ./3.2/use-etc-ssl-certs.patch) else ./3.2/use-etc-ssl-certs.patch)