From 7cda2823be93e412b9c167f92ae87e65ebc05ea5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vladim=C3=ADr=20=C4=8Cun=C3=A1t?= <v@cunat.cz> Date: Fri, 21 Feb 2020 18:17:48 +0100 Subject: [PATCH] openssl_1_0_2: mark as insecure; fixes #77503 (kinda) No vulnerabilities are know so far (to me), but still I'd go this way. Especially for 20.03 it seems better to deprecate it before official release happens. Current casualties: $ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^ Estimating rebuild amount by counting changed Hydra jobs. 87 x86_64-darwin 161 x86_64-linux --- pkgs/development/libraries/openssl/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/pkgs/development/libraries/openssl/default.nix b/pkgs/development/libraries/openssl/default.nix index 63657cfc5e6e..d9028ddfbb5b 100644 --- a/pkgs/development/libraries/openssl/default.nix +++ b/pkgs/development/libraries/openssl/default.nix @@ -7,7 +7,8 @@ with stdenv.lib; let - common = { version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec { + common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }: + stdenv.mkDerivation rec { pname = "openssl"; inherit version; @@ -130,7 +131,7 @@ let license = licenses.openssl; platforms = platforms.all; maintainers = [ maintainers.peti ]; - }; + } // extraMeta; }; in { @@ -145,6 +146,7 @@ in { then ./1.0.2/use-etc-ssl-certs-darwin.patch else ./1.0.2/use-etc-ssl-certs.patch) ]; + extraMeta.knownVulnerabilities = [ "Support for OpenSSL 1.0.2 ended with 2019." ]; }; openssl_1_1 = common {