python3Packages.cryptography: 3.3.1 -> 3.3.2 (security, CVE-2020-36242)

SECURITY ISSUE: Fixed a bug where certain sequences of update() calls
when symmetrically encrypting very large payloads (>2GB) could result in
an integer overflow, leading to buffer overflows. CVE-2020-36242

Note: This also updates {,vectors-}3.3.nix (for Python 2 / nixops)
because of the security issue.
This commit is contained in:
Michael Weiss 2021-02-07 19:34:48 +01:00
parent 2226996f6c
commit af9568fae8
No known key found for this signature in database
GPG key ID: 5BE487C4D4771D83
4 changed files with 6 additions and 6 deletions

View file

@ -22,11 +22,11 @@
buildPythonPackage rec {
pname = "cryptography";
version = "3.3.1"; # Also update the hash in vectors-3.3.nix
version = "3.3.2"; # Also update the hash in vectors-3.3.nix
src = fetchPypi {
inherit pname version;
sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
};
patches = [ ./cryptography-py27-warning.patch ];

View file

@ -22,11 +22,11 @@
buildPythonPackage rec {
pname = "cryptography";
version = "3.3.1"; # Also update the hash in vectors.nix
version = "3.3.2"; # Also update the hash in vectors.nix
src = fetchPypi {
inherit pname version;
sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
};
outputs = [ "out" "dev" ];

View file

@ -7,7 +7,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit pname version;
sha256 = "192wix3sr678x21brav5hgc6j93l7ab1kh69p2scr3fsblq9qy03";
sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc";
};
# No tests included

View file

@ -7,7 +7,7 @@ buildPythonPackage rec {
src = fetchPypi {
inherit pname version;
sha256 = "192wix3sr678x21brav5hgc6j93l7ab1kh69p2scr3fsblq9qy03";
sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc";
};
# No tests included