diff options
author | Vladimír Čunát <v@cunat.cz> | 2020-02-21 18:17:48 +0100 |
---|---|---|
committer | Vladimír Čunát <v@cunat.cz> | 2020-02-21 18:49:16 +0100 |
commit | 7cda2823be93e412b9c167f92ae87e65ebc05ea5 (patch) | |
tree | 77e3232b09fc4ba5741b2ffc16fe1f9701b71902 /pkgs/development/libraries/openssl | |
parent | 74ace1f0eba184615e51e42ccff10d98828fffe1 (diff) | |
download | nixpkgs-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar nixpkgs-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.gz nixpkgs-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.bz2 nixpkgs-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.lz nixpkgs-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.xz nixpkgs-7cda2823be93e412b9c167f92ae87e65ebc05ea5.tar.zst nixpkgs-7cda2823be93e412b9c167f92ae87e65ebc05ea5.zip |
openssl_1_0_2: mark as insecure; fixes #77503 (kinda)
No vulnerabilities are know so far (to me), but still I'd go this way. Especially for 20.03 it seems better to deprecate it before official release happens. Current casualties: $ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^ Estimating rebuild amount by counting changed Hydra jobs. 87 x86_64-darwin 161 x86_64-linux
Diffstat (limited to 'pkgs/development/libraries/openssl')
-rw-r--r-- | pkgs/development/libraries/openssl/default.nix | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 63657cfc5e6..d9028ddfbb5 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -7,7 +7,8 @@ with stdenv.lib; let - common = { version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec { + common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }: + stdenv.mkDerivation rec { pname = "openssl"; inherit version; @@ -130,7 +131,7 @@ let license = licenses.openssl; platforms = platforms.all; maintainers = [ maintainers.peti ]; - }; + } // extraMeta; }; in { @@ -145,6 +146,7 @@ in { then ./1.0.2/use-etc-ssl-certs-darwin.patch else ./1.0.2/use-etc-ssl-certs.patch) ]; + extraMeta.knownVulnerabilities = [ "Support for OpenSSL 1.0.2 ended with 2019." ]; }; openssl_1_1 = common { |