From 71b546ed8595b14d29efc1e8b951f8c845ad10c4 Mon Sep 17 00:00:00 2001 From: Mingli Yu Date: Fri, 23 Apr 2021 13:48:04 +0800 Subject: python3-cryptography: Upgrade to 3.3.2 Fix a security issue CVE-2020-36242 where certain sequences of ``update()`` calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. Signed-off-by: Mingli Yu Signed-off-by: Khem Raj Signed-off-by: Trevor Gamblin Signed-off-by: Armin Kuster --- .../python/python3-cryptography_3.3.1.bb | 65 ---------------------- .../python/python3-cryptography_3.3.2.bb | 65 ++++++++++++++++++++++ 2 files changed, 65 insertions(+), 65 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-cryptography_3.3.1.bb create mode 100644 meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb diff --git a/meta-python/recipes-devtools/python/python3-cryptography_3.3.1.bb b/meta-python/recipes-devtools/python/python3-cryptography_3.3.1.bb deleted file mode 100644 index 79a7ac1bf9..0000000000 --- a/meta-python/recipes-devtools/python/python3-cryptography_3.3.1.bb +++ /dev/null @@ -1,65 +0,0 @@ -SUMMARY = "Provides cryptographic recipes and primitives to python developers" -HOMEPAGE = "https://cryptography.io/" -SECTION = "devel/python" -LICENSE = "Apache-2.0 | BSD" -LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba" - -LDSHARED += "-pthread" - -SRC_URI[sha256sum] = "7e177e4bea2de937a584b13645cab32f25e3d96fc0bc4a4cf99c27dc77682be6" - -SRC_URI += " \ - file://run-ptest \ - file://h-test.patch \ -" - -inherit pypi setuptools3 - -DEPENDS += " \ - ${PYTHON_PN}-cffi \ - ${PYTHON_PN}-cffi-native \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-six \ -" - -RDEPENDS_${PN} += " \ - ${PYTHON_PN}-cffi \ - ${PYTHON_PN}-idna \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-setuptools \ - ${PYTHON_PN}-six \ -" - -RDEPENDS_${PN}_class-target += " \ - ${PYTHON_PN}-cffi \ - ${PYTHON_PN}-idna \ - ${PYTHON_PN}-numbers \ - ${PYTHON_PN}-asn1crypto \ - ${PYTHON_PN}-setuptools \ - ${PYTHON_PN}-six \ - ${PYTHON_PN}-threading \ -" - -RDEPENDS_${PN}-ptest += " \ - ${PN} \ - ${PYTHON_PN}-cryptography-vectors \ - ${PYTHON_PN}-iso8601 \ - ${PYTHON_PN}-pretend \ - ${PYTHON_PN}-pytest \ - ${PYTHON_PN}-pytz \ -" - -inherit ptest - -do_install_ptest() { - install -d ${D}${PTEST_PATH}/tests - cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ - install -d ${D}${PTEST_PATH}/tests/hazmat - cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ -} - -FILES_${PN}-dbg += " \ - ${libdir}/${PYTHON_PN}2.7/site-packages/${SRCNAME}/hazmat/bindings/.debug \ -" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb b/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb new file mode 100644 index 0000000000..0a36ffe1bd --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cryptography_3.3.2.bb @@ -0,0 +1,65 @@ +SUMMARY = "Provides cryptographic recipes and primitives to python developers" +HOMEPAGE = "https://cryptography.io/" +SECTION = "devel/python" +LICENSE = "Apache-2.0 | BSD" +LIC_FILES_CHKSUM = "file://LICENSE;md5=bf405a8056a6647e7d077b0e7bc36aba" + +LDSHARED += "-pthread" + +SRC_URI[sha256sum] = "5a60d3780149e13b7a6ff7ad6526b38846354d11a15e21068e57073e29e19bed" + +SRC_URI += " \ + file://run-ptest \ + file://h-test.patch \ +" + +inherit pypi setuptools3 + +DEPENDS += " \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-cffi-native \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-six \ +" + +RDEPENDS_${PN} += " \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-idna \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-setuptools \ + ${PYTHON_PN}-six \ +" + +RDEPENDS_${PN}_class-target += " \ + ${PYTHON_PN}-cffi \ + ${PYTHON_PN}-idna \ + ${PYTHON_PN}-numbers \ + ${PYTHON_PN}-asn1crypto \ + ${PYTHON_PN}-setuptools \ + ${PYTHON_PN}-six \ + ${PYTHON_PN}-threading \ +" + +RDEPENDS_${PN}-ptest += " \ + ${PN} \ + ${PYTHON_PN}-cryptography-vectors \ + ${PYTHON_PN}-iso8601 \ + ${PYTHON_PN}-pretend \ + ${PYTHON_PN}-pytest \ + ${PYTHON_PN}-pytz \ +" + +inherit ptest + +do_install_ptest() { + install -d ${D}${PTEST_PATH}/tests + cp -rf ${S}/tests/* ${D}${PTEST_PATH}/tests/ + install -d ${D}${PTEST_PATH}/tests/hazmat + cp -rf ${S}/tests/hazmat/* ${D}${PTEST_PATH}/tests/hazmat/ +} + +FILES_${PN}-dbg += " \ + ${libdir}/${PYTHON_PN}2.7/site-packages/${SRCNAME}/hazmat/bindings/.debug \ +" + +BBCLASSEXTEND = "native nativesdk" -- cgit 1.2.3-korg