From 0bf7095945924617004e34f83c38849eb360b186 Mon Sep 17 00:00:00 2001
From: ajs124 <git@ajs124.de>
Date: Tue, 11 Oct 2022 17:05:14 +0200
Subject: [PATCH 1/2] openssl: 1.1.1q -> 1.1.1r

bugfix release, does not fix any security issues
---
 pkgs/development/libraries/openssl/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix
index 78cc680c7be50..3420cb657e503 100644
--- a/pkgs/development/libraries/openssl/default.nix
+++ b/pkgs/development/libraries/openssl/default.nix
@@ -213,8 +213,8 @@ in {
 
 
   openssl_1_1 = common rec {
-    version = "1.1.1q";
-    sha256 = "sha256-15Oc5hQCnN/wtsIPDi5XAxWKSJpyslB7i9Ub+Mj9EMo=";
+    version = "1.1.1r";
+    sha256 = "sha256-44k1KuPVrk04WXv4pU8dy2+zyLUPT+WKlLsb9/hdgqA=";
     patches = [
       ./1.1/nix-ssl-cert-file.patch
 

From 9247a6667c5e44bcd98f2f4415f0579bd0b1467a Mon Sep 17 00:00:00 2001
From: ajs124 <git@ajs124.de>
Date: Tue, 11 Oct 2022 20:08:05 +0200
Subject: [PATCH 2/2] Revert "krb5: use openssl_1_1"

This reverts commit 498d67e45efa175e324f0811a613f9b6c5a55212.

not needed anymore after cfebc8fc6477d65cbb2387a715107a5eae60a298

This way, updating openssl_1_1 shouldn't be a darwin stdenv rebuild
anymore.
---
 pkgs/top-level/all-packages.nix | 2 --
 1 file changed, 2 deletions(-)

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 10cd802c22947..b123d2482ae94 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -19410,8 +19410,6 @@ with pkgs;
 
   krb5 = callPackage ../development/libraries/kerberos/krb5.nix {
     inherit (buildPackages.darwin) bootstrap_cmds;
-    # TODO: can be removed once we have 1.20
-    openssl = openssl_1_1;
   };
   krb5Full = krb5;
   libkrb5 = krb5.override { type = "lib"; };