Skip to content

Commit

Permalink
openssl_1_0_2: mark as insecure; fixes NixOS#77503 (kinda)
Browse files Browse the repository at this point in the history 
No vulnerabilities are know so far (to me), but still I'd go this way.
Especially for 20.03 it seems better to deprecate it before official
release happens.

Current casualties:
$ ./maintainers/scripts/rebuild-amount.sh --print HEAD HEAD^
Estimating rebuild amount by counting changed Hydra jobs.
     87 x86_64-darwin
    161 x86_64-linux
  • Loading branch information
@vcunat
vcunat committed Feb 21, 2020
1 parent 74ace1f commit 7cda282
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions pkgs/development/libraries/openssl/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
with stdenv.lib;

let
common = { version, sha256, patches ? [], withDocs ? false }: stdenv.mkDerivation rec {
common = { version, sha256, patches ? [], withDocs ? false, extraMeta ? {} }:
stdenv.mkDerivation rec {
pname = "openssl";
inherit version;

Expand Down Expand Up @@ -130,7 +131,7 @@ let
license = licenses.openssl;
platforms = platforms.all;
maintainers = [ maintainers.peti ];
};
} // extraMeta;
};

in {
Expand All @@ -145,6 +146,7 @@ in {
then ./1.0.2/use-etc-ssl-certs-darwin.patch
else ./1.0.2/use-etc-ssl-certs.patch)
];
extraMeta.knownVulnerabilities = [ "Support for OpenSSL 1.0.2 ended with 2019." ];
};

openssl_1_1 = common {
Expand Down

0 comments on commit 7cda282

Please sign in to comment.