Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

python2.pkgs.cryptography: Fix CVE-2020-25659 #105865

Merged
merged 1 commit into from Dec 4, 2020
Merged

python2.pkgs.cryptography: Fix CVE-2020-25659 #105865

merged 1 commit into from Dec 4, 2020

Conversation

adisbladis
Copy link
Member

@adisbladis adisbladis commented Dec 4, 2020
edited

This patch is from Ubuntu 20.04's backport.

Motivation for this change
Things done
  • Tested using sandboxing (nix.useSandbox on NixOS, or option sandbox in nix.conf on non-NixOS linux)
  • Built on platform(s)
    • NixOS
    • macOS
    • other Linux distributions
  • Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
  • Tested execution of all binary files (usually in ./result/bin/)
  • Determined the impact on package closure size (by running nix path-info -S before and after)
  • Ensured that relevant documentation is up to date
  • Fits CONTRIBUTING.md.

@adisbladis
python2.pkgs.cryptography: Fix CVE-2020-25659
cbe4b09 
This patch is from Ubuntu 20.04's backport.
@FRidh
Copy link
Member

FRidh commented Dec 4, 2020

cc @primeos

@adisbladis adisbladis merged commit 6c2d29a into NixOS:master Dec 4, 2020
@adisbladis
Copy link
Member Author

As this fixes NixOps I feel like this is very urgent, hence I'm merging it quickly.

@SuperSandro2000
Copy link
Member

SuperSandro2000 commented Dec 4, 2020
edited

As this fixes NixOps I feel like this is very urgent, hence I'm merging it quickly.

Did you at least try to build it? You can always whitelist this package to continue to use it.

@adisbladis
Copy link
Member Author

Did you at least try to build it?

Yes, everything is fully tested.

@primeos
Copy link
Member

primeos commented Dec 4, 2020

This patch is from Ubuntu 20.04's backport.

A link to the source would've been nice:
https://git.launchpad.net/ubuntu/+source/python-cryptography/tree/debian/patches/CVE-2020-25659.patch?h=ubuntu/focal-security

As this fixes NixOps I feel like this is very urgent, hence I'm merging it quickly.

Not really urgent (at least IMO). NixOps was only depending on an insecure package (i.e. not broken), this was known in advance, and Jon notified upstream well in advance (NixOS/nixops#1242 (comment)).

This fix is obviously nice (thanks for that!) but I don't find it urgent given no one cared before.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FRidh FRidh Awaiting requested review from FRidh

@jonringer jonringer Awaiting requested review from jonringer

Assignees
No one assigned
Labels
6.topic: python 10.rebuild-darwin: 11-100 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@adisbladis @FRidh @SuperSandro2000 @primeos