python3Packages.cryptography: 3.3.1 -> 3.3.2 (security, CVE-2020-36242)
SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 Note: This also updates {,vectors-}3.3.nix (for Python 2 / nixops) because of the security issue.
This commit is contained in:
parent
2226996f6c
commit
af9568fae8
4 changed files with 6 additions and 6 deletions
|
@ -22,11 +22,11 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "cryptography";
|
||||
version = "3.3.1"; # Also update the hash in vectors-3.3.nix
|
||||
version = "3.3.2"; # Also update the hash in vectors-3.3.nix
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
|
||||
sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
|
||||
};
|
||||
|
||||
patches = [ ./cryptography-py27-warning.patch ];
|
||||
|
|
|
@ -22,11 +22,11 @@
|
|||
|
||||
buildPythonPackage rec {
|
||||
pname = "cryptography";
|
||||
version = "3.3.1"; # Also update the hash in vectors.nix
|
||||
version = "3.3.2"; # Also update the hash in vectors.nix
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
|
||||
sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
|
|
@ -7,7 +7,7 @@ buildPythonPackage rec {
|
|||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "192wix3sr678x21brav5hgc6j93l7ab1kh69p2scr3fsblq9qy03";
|
||||
sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc";
|
||||
};
|
||||
|
||||
# No tests included
|
||||
|
|
|
@ -7,7 +7,7 @@ buildPythonPackage rec {
|
|||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "192wix3sr678x21brav5hgc6j93l7ab1kh69p2scr3fsblq9qy03";
|
||||
sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc";
|
||||
};
|
||||
|
||||
# No tests included
|
||||
|
|
Loading…
Reference in a new issue