New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[20.09] cryptopp: 8.2.0 -> 8.4.0 #110795
[20.09] cryptopp: 8.2.0 -> 8.4.0 #110795
Conversation
|
The For Backporting only the security fix to limit the chances of breaking the |
I suggest we just set |
d00d604
to
4a7f7e8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The commit message should start with pythonPackages.pycryptopp
.
The tests do not work with the latest version of Crypto++.
Fixes CVE-2019-14318. (cherry picked from commit eefdd09)
4a7f7e8
to
490b3f2
Compare
This is the backport of #110555 |
@ofborg build python3.pkgs.beaker python2.pkgs.pycryptopp |
I was just looking into the test failure of Also this broke |
Reading the release notes, it looks like 8.4.0 actually reintroduces CVE-2019-14318. Only 8.3.0 does have the fix, but it seems to make things worse. So I guess it'd make sense to revert this PR? It doesn't have a security benefit and it breaks packages. See also my comment on the original PR. |
This reverts commit 818f083. See NixOS#110795 (comment).
This reverts commit 490b3f2. See NixOS#110795 (comment).
This reverts commit 818f083. See #110795 (comment).
This reverts commit 490b3f2. See #110795 (comment).
Motivation for this change
Fixes CVE-2019-14318.
Cherry picked from commit eefdd09.
Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)