Merge pull request #224434 from dotlambda/nixops_unstable-insecure

nixops_unstable: mark cryptography insecure
2023-04-04 17:18:32 -07:00 · 2023-04-04 17:18:32 -07:00 · b7d86c0c36
commit b7d86c0c36
parent cc5bde4085 f2bb0266c1
1 changed files with 18 additions and 0 deletions
--- a/pkgs/applications/networking/cluster/nixops/default.nix
+++ b/pkgs/applications/networking/cluster/nixops/default.nix
@ -69,6 +69,24 @@ let
          };
        })

+        (self: super: {
+          cryptography = super.cryptography.overridePythonAttrs (old: {
+            meta = old.meta // {
+              knownVulnerabilities = old.meta.knownVulnerabilities or [ ]
+                ++ lib.optionals (lib.versionOlder old.version "39.0.1") [
+                  "CVE-2022-4304"
+                  "CVE-2023-0215"
+                  "CVE-2023-0216"
+                  "CVE-2023-0217"
+                  "CVE-2023-0401"
+                  "CVE-2022-4203"
+                  "CVE-2022-4450"
+                  "CVE-2023-23931"
+                ];
+            };
+          });
+        })
+
      ];
    }
  ).python;