[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
58/73: gnu: python-cryptography: Update to 40.0.1 [fixes CVE-2023-23931]
|
From: |
guix-commits |
|
Subject: |
58/73: gnu: python-cryptography: Update to 40.0.1 [fixes CVE-2023-23931]. |
|
Date: |
Tue, 11 Apr 2023 22:07:31 -0400 (EDT) |
apteryx pushed a commit to branch staging
in repository guix.
commit 5ec5e560ad518c52b614111b013733ccc0d56c8d
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Tue Apr 11 08:57:03 2023 -0400
gnu: python-cryptography: Update to 40.0.1 [fixes CVE-2023-23931].
* gnu/packages/python-crypto.scm (python-cryptography-vectors): Delete
variable.
(python-cryptography-vectors-next): Rename to...
(python-cryptography-vectors): ... this. Update to 40.0.1.
(python-cryptography): Delete variable.
(python-cryptography-next): Rename to...
(python-cryptography): ... this. Update to 40.0.1.
[build-system]: Use pyproject-build-system.
[arguments]: Remove #:imported-modules and #:modules arguments. Remove
check
phase override. Remove adjust-pyo3-requirement and configure-cargo phases.
Add disable-rust-extension-build and symlink-rust-library phases.
[native-inputs]: Replace python-cryptography-vectors-next with
python-cryptography-vectors. Add python-iso8601. Remove python-pytz.
Replace python-pytest with python-pytest-7.1. Remove rust, rust:cargo and
python-setuptools-rust.
[inputs]: Remove all inputs. Add python-cryptography-rust.
[propagated-inputs]: Remove python-asn1crypto, python-six, python-idna and
python-iso8601.
[description]: Start description with @code to avoid a lint warning.
---
gnu/packages/python-crypto.scm | 178 ++++++++---------------------------------
1 file changed, 35 insertions(+), 143 deletions(-)
diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index 3a3993b532..a9355d134f 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -525,17 +525,17 @@ for example, for recording or replaying web content.")
is used by the Requests library to verify HTTPS requests.")
(license license:asl2.0)))
-(define-public python-cryptography-vectors-next
+(define-public python-cryptography-vectors
(package
(name "python-cryptography-vectors")
- (version "37.0.4")
+ (version "40.0.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "cryptography_vectors" version))
(sha256
(base32
- "1a1yi37ygw0jp72q280cmxd3qn9y9vmcch2bcnjkg2g2202l0qas"))))
+ "0hd0ppss5xg0kzf36q8cdaxh1xw8ry4k7jkianlf832xbdmp0q44"))))
(build-system python-build-system)
(home-page "https://github.com/pyca/cryptography";)
(synopsis "Test vectors for the cryptography package")
@@ -544,166 +544,58 @@ is used by the Requests library to verify HTTPS
requests.")
;; Distributed under either BSD-3 or ASL2.0
(license (list license:bsd-3 license:asl2.0))))
-(define-public python-cryptography-vectors
- (package
- (inherit python-cryptography-vectors-next)
- (version "3.4.8")
- (source (origin
- (method url-fetch)
- (uri (pypi-uri "cryptography_vectors" version))
- (sha256
- (base32
"1wl0ynh3lzhc6q59g8mybvijmnp195x7fjxlb3h3sgcraw14312c"))))))
-
-(define-public python-cryptography-next
+(define-public python-cryptography
(package
(name "python-cryptography")
- (version "37.0.4")
+ (version "40.0.1")
(source
(origin
(method url-fetch)
(uri (pypi-uri "cryptography" version))
(sha256
(base32
- "10haq7sn8mrdlhcfs791rczknnxm0wpww0lkpjzcqx141ryc3yb3"))))
- (build-system python-build-system)
+ "0wilrilfcyl78caxcpna2k3aya6qamppwv4j35262pz9n7wg40r8"))))
+ (build-system pyproject-build-system)
(arguments
(list
- #:imported-modules (append %cargo-build-system-modules
- %python-build-system-modules)
- #:modules `(((guix build cargo-build-system) #:prefix cargo:)
- ,@%python-build-system-modules
- (srfi srfi-1)
- (ice-9 match))
- #:phases
- #~(modify-phases (@ (guix build python-build-system) %standard-phases)
- (add-after 'unpack 'adjust-pyo3-requirement
- (lambda _
- ;; The package depends on 0.15.2, which is not on crates.io(!?).
- ;; Downgrade to 0.15.1...
- (substitute* "src/rust/Cargo.toml"
- (("pyo3 = \\{ version = \"0\\.15\\.2\"")
- "pyo3 = { version = \"0.15.1\""))))
- (add-before 'build 'configure-cargo
- (lambda* (#:key inputs #:allow-other-keys)
- ;; Hide irrelevant inputs from cargo-build-system so it does
- ;; not try to unpack sanity-check.py, etc.
- (let ((cargo-inputs (filter (match-lambda
- ((name . path)
- (or (string-prefix? "rust-" name)
- (string=? "gcc" name))))
- inputs)))
- (with-directory-excursion "src/rust"
- ((assoc-ref cargo:%standard-phases 'unpack-rust-crates)
- #:inputs cargo-inputs
- #:vendor-dir "guix-vendor")
- ((assoc-ref cargo:%standard-phases 'configure)
- #:inputs cargo-inputs)
- ((assoc-ref cargo:%standard-phases 'patch-cargo-checksums)
- #:vendor-dir "guix-vendor"))
- (rename-file "src/rust/.cargo" ".cargo"))))
- (replace 'check
- (lambda* (#:key tests? #:allow-other-keys)
- (when tests?
- (invoke "pytest" "-vv" "tests")))))))
- (inputs
- (list openssl
- ;; TODO: Most of these inputs are transitive dependencies of
- ;; the Rust requirements (see src/rust/cargo.toml). Surely
- ;; there is a better way than manually listing everything..?
- rust-aliasable-0.1
- rust-asn1-0.8
- rust-asn1-derive-0.8
- rust-autocfg-1
- rust-base64-0.13
- rust-bitflags-1
- rust-cfg-if-0.1
- rust-cfg-if-1
- rust-chrono-0.4
- rust-cloudabi-0.1
- rust-lazy-static-1
- rust-libc-0.2
- rust-indoc-0.3
- rust-indoc-impl-0.3
- rust-inflector-0.11
- rust-instant-0.1
- rust-lock-api-0.4
- rust-num-integer-0.1
- rust-num-traits-0.2
- rust-once-cell-1
- rust-ouroboros-0.15
- rust-ouroboros-macro-0.15
- rust-parking-lot-0.11
- rust-parking-lot-core-0.8
- rust-paste-0.1
- rust-paste-impl-0.1
- rust-pem-1
- rust-proc-macro-error-1
- rust-proc-macro-error-attr-1
- rust-proc-macro-hack-0.5
- rust-proc-macro2-1
- rust-pyo3-0.15
- rust-pyo3-build-config-0.15
- rust-pyo3-macros-0.15
- rust-pyo3-macros-backend-0.15
- rust-quote-1
- rust-redox-syscall-0.2
- rust-scopeguard-1
- rust-smallvec-1
- rust-stable-deref-trait-1
- rust-syn-1
- rust-unicode-xid-0.2
- rust-unindent-0.1
- rust-version-check-0.9
- rust-winapi-0.3))
- (propagated-inputs
- (list python-asn1crypto python-cffi python-six python-idna
- python-iso8601))
+ #:phases #~(modify-phases %standard-phases
+ (add-after 'unpack 'disable-rust-extension-build
+ (lambda _
+ ;; The Rust extension is built separately as
+ ;; 'python-cryptography-rust', so there's no need
+ ;; to build it here.
+ (substitute* "pyproject.toml"
+ ((".*setuptools-rust.*") ""))
+ (delete-file "setup.py")))
+ (add-before 'check 'symlink-rust-library
+ (lambda* (#:key inputs outputs #:allow-other-keys)
+ (symlink (search-input-file
+ inputs "lib/libcryptography_rust.so")
+ (string-append (site-packages inputs outputs)
+ "/cryptography/hazmat/bindings/"
+ "_rust.abi3.so")))))))
+
(native-inputs
- (list python-cryptography-vectors-next
+ (list python-cryptography-vectors
python-hypothesis
+ python-iso8601
python-pretend
- python-pytz
- python-pytest
+ python-pytest-7.1 ;for subtests
python-pytest-benchmark
- python-pytest-subtests
- python-setuptools-rust
- rust
- `(,rust "cargo")))
+ python-pytest-subtests))
+ (inputs (list python-cryptography-rust))
+ (propagated-inputs (list python-cffi))
(home-page "https://github.com/pyca/cryptography";)
(synopsis "Cryptographic recipes and primitives for Python")
(description
- "cryptography is a package which provides cryptographic recipes and
-primitives to Python developers. It aims to be the “cryptographic standard
-library” for Python. The package includes both high level recipes, and low
-level interfaces to common cryptographic algorithms such as symmetric ciphers,
-message digests and key derivation functions.")
+ "@code{cryptography} is a package which provides cryptographic recipes
+and primitives to Python developers. It aims to be the “cryptographic
+standard library” for Python. The package includes both high level recipes,
+and low level interfaces to common cryptographic algorithms such as symmetric
+ciphers, message digests and key derivation functions.")
;; Distributed under either BSD-3 or ASL2.0
(license (list license:bsd-3 license:asl2.0))))
-(define-public python-cryptography
- (package
- (inherit python-cryptography-next)
- (version "3.4.8")
- (source (origin
- (method url-fetch)
- (uri (pypi-uri "cryptography" version))
- (sha256
- (base32
"072awar70cwfd2hnx0pvp1dkc7gw45mbm3wcyddvxz5frva5xk4l"))))
- (arguments
- (list #:phases
- #~(modify-phases %standard-phases
- (add-after 'unpack 'set-no-rust
- (lambda _
- (setenv "CRYPTOGRAPHY_DONT_BUILD_RUST" "1"))))))
- (inputs (list openssl-1.1))
- (native-inputs
- (list python-cryptography-vectors
- python-hypothesis
- python-pretend
- python-pytz
- python-pytest
- python-setuptools-rust))))
-
;;; This is the Rust component of the python-cryptography library, extracted
;;; as a separate package to ease the Rust build.
(define-public python-cryptography-rust
- 30/73: gnu: rust-openssl-sys-0.9: Update to 0.9.84., (continued)
- 30/73: gnu: rust-openssl-sys-0.9: Update to 0.9.84., guix-commits, 2023/04/11
- 32/73: gnu: Add rust-portable-atomic-1., guix-commits, 2023/04/11
- 31/73: gnu: Add rust-sptr-0.3., guix-commits, 2023/04/11
- 35/73: gnu: rust-pin-project-1: Update to 1.0.12., guix-commits, 2023/04/11
- 36/73: gnu: rust-pin-project-internal-1: Update to 1.0.12., guix-commits, 2023/04/11
- 37/73: gnu: rust-slab-0.4: Update to 0.4.8., guix-commits, 2023/04/11
- 39/73: gnu: rust-futures-channel-0.3: Update to 0.3.26., guix-commits, 2023/04/11
- 42/73: gnu: rust-futures-io-0.3: Update to 0.3.26., guix-commits, 2023/04/11
- 49/73: gnu: libexif: Update to 0.6.24. [fixes CVE-2020-0198, CVE-2020-0452], guix-commits, 2023/04/11
- 53/73: gnu: Add python-cryptography-rust., guix-commits, 2023/04/11
- 58/73: gnu: python-cryptography: Update to 40.0.1 [fixes CVE-2023-23931].,
guix-commits <=
- 43/73: gnu: rust-futures-macro-0.3: Update to 0.3.26., guix-commits, 2023/04/11
- 45/73: gnu: rust-futures-test-0.3: Update to 0.3.26., guix-commits, 2023/04/11
- 46/73: gnu: rust-futures-util-0.3: Update to 0.3.26., guix-commits, 2023/04/11
- 47/73: gnu: rust-futures-sink-0.3: Update to 0.3.26., guix-commits, 2023/04/11
- 44/73: gnu: rust-futures-task-0.3: Update to 0.3.26., guix-commits, 2023/04/11
- 48/73: gnu: Add rust-base64-0.21., guix-commits, 2023/04/11
- 50/73: gnu: rust-pem-1: Update to 1.1.1., guix-commits, 2023/04/11
- 63/73: gnu: gstreamer-docs: Update to 1.22.2., guix-commits, 2023/04/11
- 64/73: gnu: gstreamer: Update to 1.22.2., guix-commits, 2023/04/11
- 66/73: gnu: gst-plugins-good: Update to 1.22.2., guix-commits, 2023/04/11