nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-30 09:33:41 +00:00
Code Issues Packages Projects Releases Wiki Activity
1083cdd279
nixpkgs/pkgs/development/python-modules/cryptography/default.nix
Michael Weiss 1083cdd279
python3Packages.cryptography: 3.1.1 -> 3.2 (security, CVE-2020-25659) 
SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more
constant time, to protect against Bleichenbacher vulnerabilities. Due to
limitations imposed by our API, we cannot completely mitigate this
vulnerability and a future release will contain a new API which is
designed to be resilient to these for contexts where it is required.
Credit to Hubert Kario for reporting the issue. CVE-2020-25659
2020-10-26 12:19:28 +01:00

75 lines
1.8 KiB
Nix
Raw Blame History

{ stdenv
, buildPythonPackage
, fetchPypi
, fetchpatch
, isPy27
, ipaddress
, openssl
, cryptography_vectors
, darwin
, packaging
, six
, pythonOlder
, isPyPy
, cffi
, pytest
, pretend
, iso8601
, pytz
, hypothesis
, enum34
}:
buildPythonPackage rec {
pname = "cryptography";
version = "3.2"; # Also update the hash in vectors.nix
src = fetchPypi {
inherit pname version;
sha256 = "1afcw79yg4bvw4v4l6dvkhnphi3jzrdpq7s4900ikpyyz229ny74";
};
outputs = [ "out" "dev" ];
buildInputs = [ openssl ]
++ stdenv.lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
propagatedBuildInputs = [
packaging
six
] ++ stdenv.lib.optional (!isPyPy) cffi
++ stdenv.lib.optionals isPy27 [ ipaddress enum34 ];
checkInputs = [
cryptography_vectors
hypothesis
iso8601
pretend
pytest
pytz
];
checkPhase = ''
py.test --disable-pytest-warnings tests
'';
# IOKit's dependencies are inconsistent between OSX versions, so this is the best we
# can do until nix 1.11's release
__impureHostDeps = [ "/usr/lib" ];
meta = with stdenv.lib; {
description = "A package which provides cryptographic recipes and primitives";
longDescription = ''
Cryptography includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message
digests, and key derivation functions.
Our goal is for it to be your "cryptographic standard library". It
supports Python 2.7, Python 3.5+, and PyPy 5.4+.
'';
homepage = "https://github.com/pyca/cryptography";
changelog = "https://cryptography.io/en/latest/changelog/#v"
+ replaceStrings [ "." ] [ "-" ] version;
license = with licenses; [ asl20 bsd3 psfl ];
maintainers = with maintainers; [ primeos ];
};
}
Reference in New Issue View Git Blame Copy Permalink