public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

openssl_1_0_2: mark as insecure; fixes #77503 (kinda) 

No vulnerabilities are know so far (to me), but still I'd go this way.
Especially for 20.03 it seems better to deprecate it before official
release happens.

Current casualties:
$ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^
Estimating rebuild amount by counting changed Hydra jobs.
     87 x86_64-darwin
    161 x86_64-linux
This commit is contained in:
Vladimír Čunát 2020-02-21 18:17:48 +01:00
parent 74ace1f0eb
commit 7cda2823be
No known key found for this signature in database
GPG Key ID: E747DF1F9575A3AA
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkgs/development/libraries/openssl/default.nix
View File

@ -7,7 +7,8 @@
with stdenv.lib;
let
common = { version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec {
common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }:
stdenv.mkDerivation rec {
pname = "openssl";
inherit version;
@ -130,7 +131,7 @@ let
license = licenses.openssl;
platforms = platforms.all;
maintainers = [ maintainers.peti ];
};
} // extraMeta;
};
in {
@ -145,6 +146,7 @@ in {
then ./1.0.2/use-etc-ssl-certs-darwin.patch
else ./1.0.2/use-etc-ssl-certs.patch)
];
extraMeta.knownVulnerabilities = [ "Support for OpenSSL 1.0.2 ended with 2019." ];
};
openssl_1_1 = common {