diff options
Diffstat (limited to 'pkgs/development/libraries/openssl/default.nix')
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index a0506dda1f694..db6e0101fec78 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -186,8 +186,8 @@ in { openssl_1_1 = common rec { - version = "1.1.1o"; - sha256 = "sha256-k4SisFcN2ANYhBRkZ3EV33he25QccSEfdQdtcv5rQ48="; + version = "1.1.1p"; + sha256 = "sha256-v2G2Kqpmx8djmUKpTeTJroKAwI8X1OrC5EZE2fyKzm8="; patches = [ ./1.1/nix-ssl-cert-file.patch @@ -200,9 +200,9 @@ in { withDocs = true; }; - openssl_3_0 = common { - version = "3.0.3"; - sha256 = "sha256-7gB4rc7x3l8APGLIDMllJ3IWCcbzu0K3eV3zH4tVjAs="; + openssl_3 = common { + version = "3.0.4"; + sha256 = "sha256-KDGEPppmigq0eOcCCtY9LWXlH3KXdHLcc+/O+6/AwA8="; patches = [ ./3.0/nix-ssl-cert-file.patch @@ -210,6 +210,10 @@ in { # This patch disables build-time detection. ./3.0/openssl-disable-kernel-detection.patch + # https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/ + # https://github.com/openssl/openssl/commit/4d8a88c134df634ba610ff8db1eb8478ac5fd345.patch + 3.0/rsa-fix-bn_reduce_once_in_place-call-for-rsaz_mod_exp_avx512_x2.patch + (if stdenv.hostPlatform.isDarwin then ./use-etc-ssl-certs-darwin.patch else ./use-etc-ssl-certs.patch) |