[Buildroot] [git commit] package/python-cryptography: security bump to version 39.0.1
Peter Korsgaard
peter at korsgaard.com
Mon Feb 20 17:11:07 UTC 2023
commit: https://git.buildroot.net/buildroot/commit/?id=67c967c2d16c29f193fde43b3c48edf0911baccd
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fix CVE-2023-23931: cryptography is a package designed to expose
cryptographic primitives and recipes to Python developers. In affected
versions `Cipher.update_into` would accept Python objects which
implement the buffer protocol, but provide only immutable buffers. This
would allow immutable objects (such as `bytes`) to be mutated, thus
violating fundamental rules of Python and resulting in corrupted output.
This now correctly raises an exception. This issue has been present
since `update_into` was originally introduced in cryptography 1.8.
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
https://cryptography.io/en/latest/changelog/#v39-0-1
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/python-cryptography/python-cryptography.hash | 2 +-
package/python-cryptography/python-cryptography.mk | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/package/python-cryptography/python-cryptography.hash b/package/python-cryptography/python-cryptography.hash
index 3f2204eeb1..a23944a06f 100644
--- a/package/python-cryptography/python-cryptography.hash
+++ b/package/python-cryptography/python-cryptography.hash
@@ -1,5 +1,5 @@
# Locally calculated after vendoring
-sha256 2d00e023261719f85caf360ee061d37ee27654a0344d1376441c8a29ea3bac86 cryptography-39.0.0.tar.gz
+sha256 531348679f144d118156be5b17ddac750974cdcd9f44bb0a7cfd7ddcfee79c80 cryptography-39.0.1.tar.gz
# Locally computed sha256 checksums
sha256 43dad2cc752ab721cd9a9f36ece70fb53ab7713551f2d3d8694d8e8c5a06d6e2 LICENSE
sha256 aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe LICENSE.APACHE
diff --git a/package/python-cryptography/python-cryptography.mk b/package/python-cryptography/python-cryptography.mk
index 6868ff4633..a130b2d10d 100644
--- a/package/python-cryptography/python-cryptography.mk
+++ b/package/python-cryptography/python-cryptography.mk
@@ -4,9 +4,9 @@
#
################################################################################
-PYTHON_CRYPTOGRAPHY_VERSION = 39.0.0
+PYTHON_CRYPTOGRAPHY_VERSION = 39.0.1
PYTHON_CRYPTOGRAPHY_SOURCE = cryptography-$(PYTHON_CRYPTOGRAPHY_VERSION).tar.gz
-PYTHON_CRYPTOGRAPHY_SITE = https://files.pythonhosted.org/packages/12/e3/c46c274cf466b24e5d44df5d5cd31a31ff23e57f074a2bb30931a8c9b01a
+PYTHON_CRYPTOGRAPHY_SITE = https://files.pythonhosted.org/packages/6a/f5/a729774d087e50fffd1438b3877a91e9281294f985bda0fd15bf99016c78
PYTHON_CRYPTOGRAPHY_SETUP_TYPE = setuptools
PYTHON_CRYPTOGRAPHY_LICENSE = Apache-2.0 or BSD-3-Clause
PYTHON_CRYPTOGRAPHY_LICENSE_FILES = LICENSE LICENSE.APACHE LICENSE.BSD
More information about the buildroot
mailing list