Commit graph

69 commits

Author SHA1 Message Date
Martin Weinelt
0e83e67ae1
python3Packages.cryptography: fix disabledTestPaths value
Expects a path, not a pytest argument.
2022-04-15 16:02:21 +02:00
Sandro Jäckel
8df7949791
pythonPackages.cryptography-vectors: make internal to cryptography 2022-03-27 16:08:55 +02:00
Sandro
6ef7b6baf7
Merge pull request #165381 from SuperSandro2000/cryptography 2022-03-26 15:31:33 +01:00
Sandro
3bf4b66d7d
Merge pull request #165384 from SuperSandro2000/python39Packages.cryptography 2022-03-26 14:56:25 +01:00
Sandro
95d7a7bbf1
pythonPackages.cryptography*: remove primeos from maintainers
Based on his request
2022-03-26 14:55:58 +01:00
Sandro Jäckel
4cc71fa97d
python39Packages.cryptography: 36.0.0 -> 36.0.2 2022-03-23 11:38:29 +01:00
Sandro Jäckel
37a6c262f3
python39Packages.cryptography: format 2022-03-23 06:45:36 +01:00
Sandro Jäckel
2c7290a189
python39Packages.cryptography: remove depedencies which have no mentions in code 2022-03-23 06:44:54 +01:00
Sandro Jäckel
de6171a441
python39Packages.cryptography: switch to pytestCheckHook 2022-03-23 06:44:15 +01:00
Sandro Jäckel
ece9e8200f
python39Packages.cryptography: remove darwin from inputs 2022-03-23 06:44:13 +01:00
Sandro Jäckel
85b84125e1
python39Packages.cryptography: add SuperSandro2000 as maintainer 2022-03-23 06:43:19 +01:00
Sandro Jäckel
facde176d2
python39Packages.cryptography-vectors: add pythonImportsCheck 2022-03-23 06:41:02 +01:00
Frederik Rietdijk
ae18d68b6b python2.pkgs: move expressions into python2-modules/ folder
Another step in further separating python2 from python3.
2022-01-16 10:00:16 +01:00
Martin Weinelt
d23d17d703
python3Packages.cryptography: 3.4.2 -> 36.0.0 (#150320)
* python3Packages.cryptography: 3.4.8 -> 36.0.0

* python3Packages.python-miio: 0.5.8 -> 0.5.9.1
2021-12-25 16:57:43 -05:00
toonn
1f8566980d cryptography: Drop impure host deps
Nix 1.11 has long come and gone. It seems this is no longer necessary.
2021-11-24 15:17:13 -08:00
Markus S. Wamser
2043dbb6fa pkgs.development.python-modules: remove unused args 2021-11-12 19:10:54 -08:00
Michael Weiss
de7d826233
python3Packages.cryptography: 3.4.7 -> 3.4.8 2021-08-24 22:28:47 +02:00
Ivan Babrou
703579f722 python3Packages.cryptography: add missing libiconv build dependency on darwin
Fixing the following:

```
error: linking with `/nix/store/l3ca456ppdy8hi9hc0rvyr6mrm76si08-clang-wrapper-11.1.0/bin/cc` failed: exit code: 1
  = note: ld: library not found for -liconv
```
2021-05-19 11:37:32 -07:00
Ivan Babrou
6815776cb0 python3Packages.cryptography: ignore test_openssl_memleak.py on aarch64-darwin
The test fails due to dependency on W+X memory, which is forbidden as of 11.2.
2021-05-17 00:27:03 +09:00
Alex Wied
a6439090f0 python3Packages.cryptography: Update Cargo hash 2021-04-16 15:03:47 -04:00
Michael Weiss
9a2d028cc3
python3Packages.cryptography: 3.4.6 -> 3.4.7 2021-03-26 14:10:34 +01:00
Frederik Rietdijk
2edf46ca6a pypy3.pkgs.cryptography: fix build
setuptools-rust was accidentally added to the wrong list.
2021-03-13 15:59:58 +01:00
Michael Weiss
e5bb19173e
python3Packages.cryptography: 3.4.5 -> 3.4.6 2021-02-17 21:10:58 +01:00
Michael Weiss
9b17dda68c
python3Packages.cryptography: 3.4.4 -> 3.4.5 2021-02-14 12:37:01 +01:00
Michael Weiss
939c9aa22c
python3Packages.cryptography: 3.4.2 -> 3.4.4
Contains a few minor fixes and improvements.
2021-02-11 15:14:37 +01:00
Michael Weiss
da73f94622 python3Packages.cryptography: 3.3.2 -> 3.4.2
Backwards incompatible changes: Support for Python 2 has been removed.
Note: This isn't a problem for Nixpkgs because
pythonPackages.cryptography is frozen at version 3.3.2.

Other important packaging changes: "Cryptography now incorporates Rust
code. Users building cryptography themselves will need to have the Rust
toolchain installed. Users who use an officially produced wheel will not
need to make any changes. The minimum supported Rust version is 1.45.0."
2021-02-10 07:03:40 +01:00
Michael Weiss
af9568fae8
python3Packages.cryptography: 3.3.1 -> 3.3.2 (security, CVE-2020-36242)
SECURITY ISSUE: Fixed a bug where certain sequences of update() calls
when symmetrically encrypting very large payloads (>2GB) could result in
an integer overflow, leading to buffer overflows. CVE-2020-36242

Note: This also updates {,vectors-}3.3.nix (for Python 2 / nixops)
because of the security issue.
2021-02-07 20:09:55 +01:00
Pavol Rusnak
a4bbfba80d
pkgs/development/python-modules: stdenv.lib -> lib 2021-01-24 01:29:22 +01:00
Profpatsch
4a7f99d55d treewide: with stdenv.lib; in meta -> with lib;
Part of: https://github.com/NixOS/nixpkgs/issues/108938

meta = with stdenv.lib;

is a widely used pattern. We want to slowly remove
the `stdenv.lib` indirection and encourage people
to use `lib` directly. Thus let’s start with the meta
field.

This used a rewriting script to mostly automatically
replace all occurances of this pattern, and add the
`lib` argument to the package header if it doesn’t
exist yet.

The script in its current form is available at
https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix
2021-01-11 10:38:22 +01:00
github-actions[bot]
ce7773fcf7
Merge staging-next into staging 2020-12-14 18:14:34 +00:00
Orivej Desh
6fa76f018b
python2Packages.cryptography: 2.9.2 -> 3.3.1 (#106792)
Fixes py2 build of pyOpenSSL:
https://github.com/NixOS/nixpkgs/issues/106275#issuecomment-743790876
2020-12-14 16:31:26 +00:00
Michael Weiss
44b7d77591
python3Packages.cryptography: 3.2.1 -> 3.3.1
Backward incompatible changes:
- Support for Python 3.5 has been removed due to low usage and
  maintenance burden.
- The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte)
  initialization vectors. This change is to conform with an upcoming
  OpenSSL release that will no longer support sizes outside this window.
- When deserializing asymmetric keys we now raise ValueError rather than
  UnsupportedAlgorithm when an unsupported cipher is used. This change
  is to conform with an upcoming OpenSSL release that will no longer
  distinguish between error types.
- We no longer allow loading of finite field Diffie-Hellman parameters
  of less than 512 bits in length. This change is to conform with an
  upcoming OpenSSL release that no longer supports smaller sizes. These
  keys were already wildly insecure and should not have been used in any
  application outside of testing.
2020-12-10 13:40:57 +01:00
adisbladis
cbe4b091b8
python2.pkgs.cryptography: Fix CVE-2020-25659
This patch is from Ubuntu 20.04's backport.
2020-12-04 11:29:50 +01:00
Frederik Rietdijk
b2a3891e12 Merge master into staging-next 2020-11-27 15:09:19 +01:00
Jonathan Ringer
2545e3f370 python2Packages.cryptography: mark insecure, CVE-2020-25659 2020-11-24 17:32:50 +01:00
Frederik Rietdijk
489912ee8b pythonPackages.cffi: cffi is a native build input as well 2020-11-19 20:59:16 +01:00
Michael Weiss
c2694ef30d python3Packages.cryptography: 3.2 -> 3.2.1
Changelog:
- Disable blinding on RSA public keys to address an error with some
  versions of OpenSSL.
2020-10-29 12:20:02 -07:00
Michael Weiss
1083cdd279
python3Packages.cryptography: 3.1.1 -> 3.2 (security, CVE-2020-25659)
SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more
constant time, to protect against Bleichenbacher vulnerabilities. Due to
limitations imposed by our API, we cannot completely mitigate this
vulnerability and a future release will contain a new API which is
designed to be resilient to these for contexts where it is required.
Credit to Hubert Kario for reporting the issue. CVE-2020-25659
2020-10-26 12:19:28 +01:00
Michael Weiss
6afb5823e1
python3Packages.cryptography: 3.1 -> 3.1.1 2020-09-22 22:02:38 +02:00
Michael Weiss
16ecb025bd python3Packages.cryptography: 3.0 -> 3.1
Backwards incompatible changes:
- Removed support for idna based U-label parsing in various X.509
  classes. This support was originally deprecated in version 2.1 and
  moved to an extra in 2.5.
2020-08-29 13:35:56 +02:00
Jonathan Ringer
6f17a51e72 python2Packages.cryptography-vectors: pin at 2.9.2 2020-08-09 11:08:33 -07:00
Jonathan Ringer
22cc69ca01 python2Packages.cryptography: pin to 2.9.2 2020-08-09 11:08:33 -07:00
Michael Weiss
434a0111f6 python3Packages.cryptography: 2.9.2 -> 3.0
Backwards incompatible changes:
- Removed support for passing an Extension instance to
  from_issuer_subject_key_identifier(), as per our deprecation policy.
- Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed (2.9.1+
  is still supported).
- Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or
  newer.
- RSA generate_private_key() no longer accepts public_exponent values
  except 65537 and 3 (the latter for legacy purposes).
- X.509 certificate parsing now enforces that the version field contains
  a valid value, rather than deferring this check until version is
  accessed.

Deprecations:
- Deprecated support for Python 2. At the time there is no time table
  for actually dropping support, however we strongly encourage all users
  to upgrade their Python, as Python 2 no longer receives support from
  the Python core team.
2020-07-22 16:54:20 +02:00
Daiderd Jordan
b7ddbd52bd
treewide: replace SRI hashes 2020-06-01 15:24:19 +02:00
Frederik Rietdijk
31c25c7a38 python.pkgs.cryptography_vectors: 2.9.1 -> 2.9.2 2020-05-11 22:13:15 +02:00
Frederik Rietdijk
51a4f9d4ca python3Packages.cryptography: 2.9.1 -> 2.9.2 2020-05-11 22:12:10 +02:00
Michael Weiss
c6e3c006b1 python3Packages.cryptography: 2.9 -> 2.9.1
"Updated Windows, macOS, and ``manylinux`` wheels to be compiled with
OpenSSL 1.1.1g."
2020-04-22 17:08:52 +02:00
Vladimír Čunát
312e9037f4
python2.pkgs.cryptography: fixup build of dependants
... most notably fix pyopenssl.  I can't say I really understand this,
but the commit seems safe enough.
2020-04-18 07:39:10 +02:00
Jonathan Ringer
2e6fb22992 python2Packages.cryptography: add missing ipaddress dependency 2020-04-10 12:04:47 +02:00
Michael Weiss
af1cb9f1b5 python3Packages.cryptography: 2.8 -> 2.9
Backwards incompatible changes:
- Support for Python 3.4 has been removed due to low usage and
  maintenance burden.
- Support for OpenSSL 1.0.1 has been removed. Users on older version of
  OpenSSL will need to upgrade.
- Support for LibreSSL 2.6.x has been removed.
- Reversed the order in which rfc4514_string() returns the RDNs as
  required by RFC 4514.

Note: The first three changes should have no impact on Nixpkgs as we
already removed Python 3.4 and OpenSSL 1.0.1. Additionally we don't
support LibreSSL for this package.
2020-04-05 13:14:45 +02:00