openssl_1_0_2: mark as insecure; fixes #77503 (kinda)

No vulnerabilities are know so far (to me), but still I'd go this way.
Especially for 20.03 it seems better to deprecate it before official
release happens.

Current casualties:
$ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^
Estimating rebuild amount by counting changed Hydra jobs.
     87 x86_64-darwin
    161 x86_64-linux
This commit is contained in:
Vladimír Čunát 2020-02-21 18:17:48 +01:00
parent 74ace1f0eb
commit 7cda2823be
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
1 changed files with 4 additions and 2 deletions

View File

@ -7,7 +7,8 @@
with stdenv.lib;
let
common = { version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec {
common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }:
stdenv.mkDerivation rec {
pname = "openssl";
inherit version;
@ -130,7 +131,7 @@ let
license = licenses.openssl;
platforms = platforms.all;
maintainers = [ maintainers.peti ];
};
} // extraMeta;
};
in {
@ -145,6 +146,7 @@ in {
then ./1.0.2/use-etc-ssl-certs-darwin.patch
else ./1.0.2/use-etc-ssl-certs.patch)
];
extraMeta.knownVulnerabilities = [ "Support for OpenSSL 1.0.2 ended with 2019." ];
};
openssl_1_1 = common {