nixpkgs/pkgs/development/python-modules/cryptography/3.3.nix
Michael Weiss af9568fae8
python3Packages.cryptography: 3.3.1 -> 3.3.2 (security, CVE-2020-36242)
SECURITY ISSUE: Fixed a bug where certain sequences of update() calls
when symmetrically encrypting very large payloads (>2GB) could result in
an integer overflow, leading to buffer overflows. CVE-2020-36242

Note: This also updates {,vectors-}3.3.nix (for Python 2 / nixops)
because of the security issue.
2021-02-07 20:09:55 +01:00

84 lines
1.9 KiB
Nix

{ lib, stdenv
, buildPythonPackage
, fetchPypi
, fetchpatch
, isPy27
, ipaddress
, openssl
, cryptography_vectors
, darwin
, packaging
, six
, pythonOlder
, isPyPy
, cffi
, pytest
, pretend
, iso8601
, pytz
, hypothesis
, enum34
}:
buildPythonPackage rec {
pname = "cryptography";
version = "3.3.2"; # Also update the hash in vectors-3.3.nix
src = fetchPypi {
inherit pname version;
sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
};
patches = [ ./cryptography-py27-warning.patch ];
outputs = [ "out" "dev" ];
nativeBuildInputs = lib.optionals (!isPyPy) [
cffi
];
buildInputs = [ openssl ]
++ lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
propagatedBuildInputs = [
packaging
six
] ++ lib.optionals (!isPyPy) [
cffi
] ++ lib.optionals isPy27 [
ipaddress enum34
];
checkInputs = [
cryptography_vectors
hypothesis
iso8601
pretend
pytest
pytz
];
checkPhase = ''
py.test --disable-pytest-warnings tests
'';
# IOKit's dependencies are inconsistent between OSX versions, so this is the best we
# can do until nix 1.11's release
__impureHostDeps = [ "/usr/lib" ];
meta = with lib; {
description = "A package which provides cryptographic recipes and primitives";
longDescription = ''
Cryptography includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message
digests, and key derivation functions.
Our goal is for it to be your "cryptographic standard library". It
supports Python 2.7, Python 3.5+, and PyPy 5.4+.
'';
homepage = "https://github.com/pyca/cryptography";
changelog = "https://cryptography.io/en/latest/changelog/#v"
+ replaceStrings [ "." ] [ "-" ] version;
license = with licenses; [ asl20 bsd3 psfl ];
maintainers = with maintainers; [ primeos ];
};
}