commit 3a2670c74a03cd2c6fac98a0dd45780b7f4d3010 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

xca: fix ssl

Jaka Hudoklin 11 years ago 3a2670c7 c457bbb2

+59

2 changed files

expand all

unified split

pkgs

applications

misc

xca

0001-Fix-for-openssl-1.0.1i.patch

default.nix

+57

pkgs/applications/misc/xca/0001-Fix-for-openssl-1.0.1i.patch

··· 1 + From abd9d530776e8bb6d8f05312fc3ae3044796139c Mon Sep 17 00:00:00 2001 2 + From: Oliver Winker <oliver@oli1170.net> 3 + Date: Tue, 12 Aug 2014 19:08:05 +0200 4 + Subject: [PATCH] Fix for openssl 1.0.1i 5 + 6 + Fixes following application error 7 + --- 8 + Errors 9 + error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error 10 + --- 11 + 12 + Due to openssl 1.0.1i change: 13 + --- 14 + commit 03b04ddac162c7b7fa3c57eadccc5a583a00d291 15 + Author: Emilia Kasper <emilia@openssl.org> 16 + Date: Wed Jul 2 19:02:33 2014 +0200 17 + 18 + Fix OID handling: 19 + 20 + - Upon parsing, reject OIDs with invalid base-128 encoding. 21 + - Always NUL-terminate the destination buffer in OBJ_obj2txt printing function. 22 + 23 + CVE-2014-3508 24 + 25 + Reviewed-by: Dr. Stephen Henson <steve@openssl.org> 26 + Reviewed-by: Kurt Roeckx <kurt@openssl.org> 27 + Reviewed-by: Tim Hudson <tjh@openssl.org> 28 + --- 29 + --- 30 + lib/x509v3ext.cpp | 4 +++- 31 + 1 file changed, 3 insertions(+), 1 deletion(-) 32 + 33 + diff --git a/lib/x509v3ext.cpp b/lib/x509v3ext.cpp 34 + index cf74c32..d94cbda 100644 35 + --- a/lib/x509v3ext.cpp 36 + +++ b/lib/x509v3ext.cpp 37 + @@ -27,6 +27,8 @@ x509v3ext::x509v3ext(const X509_EXTENSION *n) 38 + x509v3ext::x509v3ext(const x509v3ext &n) 39 + { 40 + ext = NULL; 41 + + if (!n.isValid()) 42 + + return; 43 + set(n.ext); 44 + } 45 + 46 + @@ -743,7 +745,7 @@ X509_EXTENSION *x509v3ext::get() const 47 + 48 + bool x509v3ext::isValid() const 49 + { 50 + - return ext->value->length > 0 && 51 + + return ext && ext->value && ext->value->length > 0 && 52 + OBJ_obj2nid(ext->object) != NID_undef; 53 + } 54 + 55 + -- 56 + 2.0.1 57 +

pkgs/applications/misc/xca/default.nix

··· 9 9 sha256 = "1fn6kh8mdy65rrgjif7j9wn3mxg1mrrcnhzpi86hfy24ic6bahk8"; 10 10 }; 11 11 12 + patches = [ ./0001-Fix-for-openssl-1.0.1i.patch ]; 13 + 12 14 configurePhase = '' 13 15 export PATH=$PATH:${which}/bin 14 16 export QTDIR=${qt4}