Merge pull request #289685 from dotlambda/ceph-cryptography

ceph: fix cryptography override
This commit is contained in:
Robert Schütz 2024-02-19 06:03:10 +00:00 committed by GitHub
commit 711b0df692
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -195,7 +195,7 @@ let
hash = "sha256-gFfDTc2QWBWHBCycVH1dYlCsWQMVcRZfOBIau+njtDU=";
};
patches = (old.patches or []) ++ [
patches = [
# Fix https://nvd.nist.gov/vuln/detail/CVE-2023-49083 which has no upstream backport.
# See https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a#diff-f5134bf8f3cf0a5cc8601df55e50697acc866c603a38caff98802bd8e17976c5R1893
./python-cryptography-Cherry-pick-fix-for-CVE-2023-49083-on-cryptography-40.patch