From af9568fae8267c3c8b2ca18d3403ed1455387ae3 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Sun, 7 Feb 2021 19:34:48 +0100 Subject: [PATCH] python3Packages.cryptography: 3.3.1 -> 3.3.2 (security, CVE-2020-36242) SECURITY ISSUE: Fixed a bug where certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. CVE-2020-36242 Note: This also updates {,vectors-}3.3.nix (for Python 2 / nixops) because of the security issue. --- pkgs/development/python-modules/cryptography/3.3.nix | 4 ++-- pkgs/development/python-modules/cryptography/default.nix | 4 ++-- pkgs/development/python-modules/cryptography/vectors-3.3.nix | 2 +- pkgs/development/python-modules/cryptography/vectors.nix | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/development/python-modules/cryptography/3.3.nix b/pkgs/development/python-modules/cryptography/3.3.nix index b6972e6d56bb..049718520753 100644 --- a/pkgs/development/python-modules/cryptography/3.3.nix +++ b/pkgs/development/python-modules/cryptography/3.3.nix @@ -22,11 +22,11 @@ buildPythonPackage rec { pname = "cryptography"; - version = "3.3.1"; # Also update the hash in vectors-3.3.nix + version = "3.3.2"; # Also update the hash in vectors-3.3.nix src = fetchPypi { inherit pname version; - sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy"; + sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s"; }; patches = [ ./cryptography-py27-warning.patch ]; diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index ad402efd7593..eb4eba0f5879 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -22,11 +22,11 @@ buildPythonPackage rec { pname = "cryptography"; - version = "3.3.1"; # Also update the hash in vectors.nix + version = "3.3.2"; # Also update the hash in vectors.nix src = fetchPypi { inherit pname version; - sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy"; + sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/python-modules/cryptography/vectors-3.3.nix b/pkgs/development/python-modules/cryptography/vectors-3.3.nix index 94526c8268ef..f9b7c525237a 100644 --- a/pkgs/development/python-modules/cryptography/vectors-3.3.nix +++ b/pkgs/development/python-modules/cryptography/vectors-3.3.nix @@ -7,7 +7,7 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - sha256 = "192wix3sr678x21brav5hgc6j93l7ab1kh69p2scr3fsblq9qy03"; + sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc"; }; # No tests included diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix index 94526c8268ef..f9b7c525237a 100644 --- a/pkgs/development/python-modules/cryptography/vectors.nix +++ b/pkgs/development/python-modules/cryptography/vectors.nix @@ -7,7 +7,7 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - sha256 = "192wix3sr678x21brav5hgc6j93l7ab1kh69p2scr3fsblq9qy03"; + sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc"; }; # No tests included