From 1f6909fb24bc5c364c3dfb52d946575752fd5e6d Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Tue, 1 Nov 2022 21:36:16 +0100
Subject: [PATCH] apply OpenSSL 3.0.7 patch

---
 packages.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/packages.nix b/packages.nix
index a9c6704..b2450b7 100644
--- a/packages.nix
+++ b/packages.nix
@@ -31,4 +31,23 @@
     smartmontools
   ];
 
+  # OpenSSL 3.0.7 patch
+  system.replaceRuntimeDependencies = lib.singleton {
+    original = pkgs.openssl_3.out;
+    replacement = (pkgs.openssl_3.overrideAttrs (old: {
+      patches = old.patches ++ [
+        (pkgs.fetchpatch {
+          name = "CVE-2022-3602.patch";
+          url = "https://github.com/openssl/openssl/commit/fe3b639dc19b325846f4f6801f2f4604f56e3de3.patch";
+          sha256 = "sha256-+CrWEz6JIbO3n33RyzJ+l+3zlJ7AhyrTcvF9BDgOj+U=";
+        })
+        (pkgs.fetchpatch {
+          name = "CVE-2022-3786.patch";
+          url = "https://github.com/openssl/openssl/commit/c42165b5706e42f67ef8ef4c351a9a4c5d21639a.patch";
+          sha256 = "sha256-ZjsyOdgaRi1w16/BNlGFRokOEzfUeYFf3z90ezConF0=";
+        })
+      ];
+    })).out;
+  };
+
 }