From 641aa9e27db6ac58c5693324d3f2693c8b3f83ce Mon Sep 17 00:00:00 2001 From: Robert Hensing Date: Fri, 19 Mar 2021 16:36:28 +0100 Subject: [PATCH] adoptopenjdk-{13,14}: mark insecure --- .../compilers/adoptopenjdk-bin/jdk-darwin-base.nix | 3 ++- .../compilers/adoptopenjdk-bin/jdk-linux-base.nix | 3 ++- .../compilers/adoptopenjdk-bin/jdk11-darwin.nix | 8 ++++---- .../compilers/adoptopenjdk-bin/jdk11-linux.nix | 8 ++++---- .../compilers/adoptopenjdk-bin/jdk13-darwin.nix | 8 ++++---- .../compilers/adoptopenjdk-bin/jdk13-linux.nix | 8 ++++---- .../compilers/adoptopenjdk-bin/jdk14-darwin.nix | 8 ++++---- .../compilers/adoptopenjdk-bin/jdk14-linux.nix | 8 ++++---- .../compilers/adoptopenjdk-bin/jdk15-darwin.nix | 8 ++++---- .../compilers/adoptopenjdk-bin/jdk15-linux.nix | 8 ++++---- .../compilers/adoptopenjdk-bin/jdk8-darwin.nix | 8 ++++---- .../development/compilers/adoptopenjdk-bin/jdk8-linux.nix | 8 ++++---- 12 files changed, 44 insertions(+), 42 deletions(-) diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix index 31a7346108e7..0bcfcafaae1b 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk-darwin-base.nix @@ -1,4 +1,4 @@ -sourcePerArch: +{ sourcePerArch, knownVulnerabilities ? [] }: { swingSupport ? true # not used for now , lib, stdenv @@ -48,6 +48,7 @@ let cpuName = stdenv.hostPlatform.parsed.cpu.name; description = "AdoptOpenJDK, prebuilt OpenJDK binary"; platforms = [ "x86_64-darwin" ]; # some inherit jre.meta.platforms maintainers = with lib.maintainers; [ taku0 ]; + inherit knownVulnerabilities; }; }; in result diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix index ed8935b00421..95e72facaee2 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk-linux-base.nix @@ -1,4 +1,4 @@ -sourcePerArch: +{ sourcePerArch, knownVulnerabilities ? [] }: { stdenv , lib @@ -107,6 +107,7 @@ let result = stdenv.mkDerivation rec { description = "AdoptOpenJDK, prebuilt OpenJDK binary"; platforms = lib.mapAttrsToList (arch: _: arch + "-linux") sourcePerArch; # some inherit jre.meta.platforms maintainers = with lib.maintainers; [ taku0 ]; + inherit knownVulnerabilities; }; }; in result diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix index d1db77215d16..7fec8fd3ff60 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk11-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk11.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk11.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk11.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk11.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk11.mac.jdk.hotspot; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk11.mac.jre.hotspot; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk11.mac.jdk.openj9; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk11.mac.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk11-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk11-linux.nix index 755ffaab271e..e802e2eea528 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk11-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk11-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk11.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk11.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk11.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk11.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk11.linux.jdk.hotspot; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk11.linux.jre.hotspot; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk11.linux.jdk.openj9; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk11.linux.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk13-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk13-darwin.nix index 48806143c87c..2654c4f9e726 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk13-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk13-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk13.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk13.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk13.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk13.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk13.mac.jdk.hotspot; knownVulnerabilities = ["Support ended"]; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk13.mac.jre.hotspot; knownVulnerabilities = ["Support ended"]; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk13.mac.jdk.openj9; knownVulnerabilities = ["Support ended"]; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk13.mac.jre.openj9; knownVulnerabilities = ["Support ended"]; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk13-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk13-linux.nix index 1bd7bb884481..c33d6afad102 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk13-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk13-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk13.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk13.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk13.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk13.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk13.linux.jdk.hotspot; knownVulnerabilities = ["Support ended"]; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk13.linux.jre.hotspot; knownVulnerabilities = ["Support ended"]; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk13.linux.jdk.openj9; knownVulnerabilities = ["Support ended"]; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk13.linux.jre.openj9; knownVulnerabilities = ["Support ended"]; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk14-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk14-darwin.nix index e440903ad526..6941a6dd0ddf 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk14-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk14-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk14.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk14.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk14.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk14.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk14.mac.jdk.hotspot; knownVulnerabilities = ["Support ended"]; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk14.mac.jre.hotspot; knownVulnerabilities = ["Support ended"]; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk14.mac.jdk.openj9; knownVulnerabilities = ["Support ended"]; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk14.mac.jre.openj9; knownVulnerabilities = ["Support ended"]; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk14-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk14-linux.nix index 90ae65ba970c..756b419434df 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk14-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk14-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk14.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk14.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk14.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk14.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk14.linux.jdk.hotspot; knownVulnerabilities = ["Support ended"]; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk14.linux.jre.hotspot; knownVulnerabilities = ["Support ended"]; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk14.linux.jdk.openj9; knownVulnerabilities = ["Support ended"]; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk14.linux.jre.openj9; knownVulnerabilities = ["Support ended"]; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk15-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk15-darwin.nix index b9b67f271ac5..d627fd9311f8 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk15-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk15-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk15.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk15.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk15.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk15.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk15.mac.jdk.hotspot; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk15.mac.jre.hotspot; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk15.mac.jdk.openj9; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk15.mac.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk15-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk15-linux.nix index d48f9312dd6e..6663d9778bc2 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk15-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk15-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk15.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk15.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk15.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk15.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk15.linux.jdk.hotspot; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk15.linux.jre.hotspot; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk15.linux.jdk.openj9; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk15.linux.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk8-darwin.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk8-darwin.nix index a170e0141cf0..5e2d42276ce7 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk8-darwin.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk8-darwin.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-darwin-base.nix sources.openjdk8.mac.jdk.hotspot; - jre-hotspot = import ./jdk-darwin-base.nix sources.openjdk8.mac.jre.hotspot; - jdk-openj9 = import ./jdk-darwin-base.nix sources.openjdk8.mac.jdk.openj9; - jre-openj9 = import ./jdk-darwin-base.nix sources.openjdk8.mac.jre.openj9; + jdk-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk8.mac.jdk.hotspot; }; + jre-hotspot = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk8.mac.jre.hotspot; }; + jdk-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk8.mac.jdk.openj9; }; + jre-openj9 = import ./jdk-darwin-base.nix { sourcePerArch = sources.openjdk8.mac.jre.openj9; }; } diff --git a/pkgs/development/compilers/adoptopenjdk-bin/jdk8-linux.nix b/pkgs/development/compilers/adoptopenjdk-bin/jdk8-linux.nix index 4937eace4903..c2a4085f730c 100644 --- a/pkgs/development/compilers/adoptopenjdk-bin/jdk8-linux.nix +++ b/pkgs/development/compilers/adoptopenjdk-bin/jdk8-linux.nix @@ -2,8 +2,8 @@ let sources = builtins.fromJSON (builtins.readFile ./sources.json); in { - jdk-hotspot = import ./jdk-linux-base.nix sources.openjdk8.linux.jdk.hotspot; - jre-hotspot = import ./jdk-linux-base.nix sources.openjdk8.linux.jre.hotspot; - jdk-openj9 = import ./jdk-linux-base.nix sources.openjdk8.linux.jdk.openj9; - jre-openj9 = import ./jdk-linux-base.nix sources.openjdk8.linux.jre.openj9; + jdk-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk8.linux.jdk.hotspot; }; + jre-hotspot = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk8.linux.jre.hotspot; }; + jdk-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk8.linux.jdk.openj9; }; + jre-openj9 = import ./jdk-linux-base.nix { sourcePerArch = sources.openjdk8.linux.jre.openj9; }; }