From 4bf9b4a328e2f8e34be4da1732206a85a2900855 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Tue, 27 Mar 2018 19:36:12 +0200
Subject: [PATCH 1/2] openssl: 1.0.2n -> 1.0.2o (fixes CVE-2017-3738,
 CVE-2018-0739)

Announcement can be found at [1].

[1] https://www.openssl.org/news/secadv/20180327.txt
---
 pkgs/development/libraries/openssl/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index af6a540b97c0..b029615d7920 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -113,8 +113,8 @@ let
 in {
 
   openssl_1_0_2 = common {
-    version = "1.0.2n";
-    sha256 = "1zm82pyq5a9jm10q6iv7d3dih3xwjds4x30fqph3k317byvsn2rp";
+    version = "1.0.2o";
+    sha256 = "0kcy13l701054nhpbd901mz32v1kn4g311z0nifd83xs2jbmqgzc";
   };
 
   openssl_1_1_0 = common {

From 72110322c089fc850347f86d7a45053e6b2de7b2 Mon Sep 17 00:00:00 2001
From: Andreas Rammhold <andreas@rammhold.de>
Date: Tue, 27 Mar 2018 19:40:12 +0200
Subject: [PATCH 2/2] openssl_1_1_0: 1.1.0g -> 1.1.0h (fixes CVE-2018-0739,
 CVE-2017-3738)

Also fixes CVE-2018-0733 but we do not support HP-UX to my knowledge :-)

Announcement at [1].

[1] https://www.openssl.org/news/secadv/20180327.txt
---
 pkgs/development/libraries/openssl/default.nix | 11 ++---------
 1 file changed, 2 insertions(+), 9 deletions(-)

diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index b029615d7920..5a9052222cb8 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -118,15 +118,8 @@ in {
   };
 
   openssl_1_1_0 = common {
-    version = "1.1.0g";
-    sha256 = "1bvka2wf33w2vxv7yw578nnjqyhz2b3chvfb0l4k2ffscw950kfy";
-    patches = [
-      (fetchpatch {
-        name = "CVE-2017-3738.patch";
-        url = "https://github.com/openssl/openssl/commit/563066.patch";
-        sha256 = "0ni9fwpxf8raw8b58pfa15akbqmxx4q64v0ldsm4b9dqhbxf8mkz";
-      })
-    ];
+    version = "1.1.0h";
+    sha256 = "05x509lccqjscgyi935z809pwfm708islypwhmjnb6cyvrn64daq";
   };
 
 }