diff options
author | Vladimír Čunát <v@cunat.cz> | 2020-02-21 18:17:48 +0100 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2020-02-21 18:49:16 +0100 |
commit | 7cda2823be93e412b9c167f92ae87e65ebc05ea5 (patch) | |
tree | 77e3232b09fc4ba5741b2ffc16fe1f9701b71902 /pkgs/development/libraries/openssl/default.nix | |
parent | 74ace1f0eba184615e51e42ccff10d98828fffe1 (diff) | |
download | nixlib-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar nixlib-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.gz nixlib-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.bz2 nixlib-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.lz nixlib-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.xz nixlib-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.zst nixlib-7cda2823be93e412b9c167f92ae87e65ebc05ea5.zip |
openssl_1_0_2: mark as insecure; fixes #77503 (kinda)
No vulnerabilities are know so far (to me), but still I'd go this way. Especially for 20.03 it seems better to deprecate it before official release happens. Current casualties: $ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^ Estimating rebuild amount by counting changed Hydra jobs. 87 x86_64-darwin 161 x86_64-linux
Diffstat (limited to 'pkgs/development/libraries/openssl/default.nix')
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 63657cfc5e6e..d9028ddfbb5b 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -7,7 +7,8 @@ with stdenv.lib; let - common = { version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec { + common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }: + stdenv.mkDerivation rec { pname = "openssl"; inherit version; @@ -130,7 +131,7 @@ let license = licenses.openssl; platforms = platforms.all; maintainers = [ maintainers.peti ]; - }; + } // extraMeta; }; in { @@ -145,6 +146,7 @@ in { then ./1.0.2/use-etc-ssl-certs-darwin.patch else ./1.0.2/use-etc-ssl-certs.patch) ]; + extraMeta.knownVulnerabilities = [ "Support for OpenSSL 1.0.2 ended with 2019." ]; }; openssl_1_1 = common { |