NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/python-cryptography: security bump to version 39.0.1

Browse Source 
Fix CVE-2023-23931: cryptography is a package designed to expose
cryptographic primitives and recipes to Python developers. In affected
versions `Cipher.update_into` would accept Python objects which
implement the buffer protocol, but provide only immutable buffers. This
would allow immutable objects (such as `bytes`) to be mutated, thus
violating fundamental rules of Python and resulting in corrupted output.
This now correctly raises an exception. This issue has been present
since `update_into` was originally introduced in cryptography 1.8.

https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
https://cryptography.io/en/latest/changelog/#v39-0-1

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine 2023-02-20 14:21:13 +01:00 committed by Peter Korsgaard
parent a85ed5d21c
commit 67c967c2d1
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/python-cryptography/python-cryptography.hash
View File

@ -1,5 +1,5 @@
# Locally calculated after vendoring
sha256 2d00e023261719f85caf360ee061d37ee27654a0344d1376441c8a29ea3bac86 cryptography-39.0.0.tar.gz
sha256 531348679f144d118156be5b17ddac750974cdcd9f44bb0a7cfd7ddcfee79c80 cryptography-39.0.1.tar.gz
# Locally computed sha256 checksums
sha256 43dad2cc752ab721cd9a9f36ece70fb53ab7713551f2d3d8694d8e8c5a06d6e2 LICENSE
sha256 aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe LICENSE.APACHE

4
package/python-cryptography/python-cryptography.mk
View File

@ -4,9 +4,9 @@
#
################################################################################
PYTHON_CRYPTOGRAPHY_VERSION = 39.0.0
PYTHON_CRYPTOGRAPHY_VERSION = 39.0.1
PYTHON_CRYPTOGRAPHY_SOURCE = cryptography-$(PYTHON_CRYPTOGRAPHY_VERSION).tar.gz
PYTHON_CRYPTOGRAPHY_SITE = https://files.pythonhosted.org/packages/12/e3/c46c274cf466b24e5d44df5d5cd31a31ff23e57f074a2bb30931a8c9b01a
PYTHON_CRYPTOGRAPHY_SITE = https://files.pythonhosted.org/packages/6a/f5/a729774d087e50fffd1438b3877a91e9281294f985bda0fd15bf99016c78
PYTHON_CRYPTOGRAPHY_SETUP_TYPE = setuptools
PYTHON_CRYPTOGRAPHY_LICENSE = Apache-2.0 or BSD-3-Clause
PYTHON_CRYPTOGRAPHY_LICENSE_FILES = LICENSE LICENSE.APACHE LICENSE.BSD