From ccaad56e4b7d3fb3c7b461ef3d43045992b54e5f Mon Sep 17 00:00:00 2001
From: Markus Theil <theil.markus@gmail.com>
Date: Tue, 30 Jan 2024 16:27:44 +0100
Subject: openssl_3: 3.0.12 -> 3.0.13

Full release notes:
  https://github.com/openssl/openssl/blob/openssl-3.0.13/CHANGES.md#changes-between-3012-and-3013-30-jan-2024

Fixes:
  - CVE-2024-0727 (PKCS12 Handling Crash)
  - CVE-2023-6237 (long time taken for RSA key check)
  - CVE-2023-6129 (corrupt registers on PowerPC for Poly1305)
  - CVE-2023-5678 (excessive time in DH param check)

Signed-off-by: Markus Theil <theil.markus@gmail.com>
---
 pkgs/development/libraries/openssl/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'pkgs/development/libraries/openssl/default.nix')

diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index c7234c3da81ec..f6385d515c110 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -264,8 +264,8 @@ in {
   };
 
   openssl_3 = common {
-    version = "3.0.12";
-    hash = "sha256-+Tyejt3l6RZhGd4xdV/Ie0qjSGNmL2fd/LoU0La2m2E=";
+    version = "3.0.13";
+    hash = "sha256-iFJXU/edO+wn0vp8ZqoLkrOqlJja/ZPXz6SzeAza4xM=";
 
     patches = [
       ./3.0/nix-ssl-cert-file.patch
-- 
cgit 1.4.1