From 1083cdd279dc71b8aebb1e600fe9ad52d9e47b70 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Mon, 26 Oct 2020 11:49:18 +0100 Subject: [PATCH] python3Packages.cryptography: 3.1.1 -> 3.2 (security, CVE-2020-25659) SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659 --- pkgs/development/python-modules/cryptography/default.nix | 4 ++-- pkgs/development/python-modules/cryptography/vectors.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix index 426f6af7aa6..b9d66203d8d 100644 --- a/pkgs/development/python-modules/cryptography/default.nix +++ b/pkgs/development/python-modules/cryptography/default.nix @@ -22,11 +22,11 @@ buildPythonPackage rec { pname = "cryptography"; - version = "3.1.1"; # Also update the hash in vectors.nix + version = "3.2"; # Also update the hash in vectors.nix src = fetchPypi { inherit pname version; - sha256 = "0z81q4d1nangw3r0v5f41mfl4d9r04qnbayl5ll5v5jpcfhwd7wx"; + sha256 = "1afcw79yg4bvw4v4l6dvkhnphi3jzrdpq7s4900ikpyyz229ny74"; }; outputs = [ "out" "dev" ]; diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix index c7b244ff041..90fbda940b3 100644 --- a/pkgs/development/python-modules/cryptography/vectors.nix +++ b/pkgs/development/python-modules/cryptography/vectors.nix @@ -7,7 +7,7 @@ buildPythonPackage rec { src = fetchPypi { inherit pname version; - sha256 = "1xp2j79c1y8qj4b97ygx451gzp8l4cp830hnvg3zw8j134bcaaam"; + sha256 = "1r4qzmm15mrmlblrmxxvqg3jfy3s5bbn9cfhd7fkpixvs3zhcpvq"; }; # No tests included