| Message ID | 1701214852-1755-1-git-send-email-wangmy@fujitsu.com |
|---|---|
| State | New |
| Headers | show |
| Series | python3-cryptography-vectors: upgrade 41.0.5 -> 41.0.7 | expand |
Once again. You CANNOT upgrade python3-cryptography-vectors without also upgrading python3-cryptography. PLEASE STOP SENDING THESE. On Tue, Nov 28, 2023 at 3:41 PM wangmy <wangmy@fujitsu.com> wrote: > From: Wang Mingyu <wangmy@fujitsu.com> > > Changelog: > ============= > -Fixed compilation when using LibreSSL 3.8.2. > -Fixed a null-pointer-dereference and segfault that could occur when > loading > certificates from a PKCS#7 bundle. Credit to pkuzco for reporting the > issue. > CVE-2023-49083 > > Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> > --- > ...vectors_41.0.5.bb => python3-cryptography-vectors_41.0.7.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename meta/recipes-devtools/python/{ > python3-cryptography-vectors_41.0.5.bb => > python3-cryptography-vectors_41.0.7.bb} (91%) > > diff --git a/meta/recipes-devtools/python/ > python3-cryptography-vectors_41.0.5.bb b/meta/recipes-devtools/python/ > python3-cryptography-vectors_41.0.7.bb > similarity index 91% > rename from meta/recipes-devtools/python/ > python3-cryptography-vectors_41.0.5.bb > rename to meta/recipes-devtools/python/ > python3-cryptography-vectors_41.0.7.bb > index 44c67fdd76..4bfdb5f100 100644 > --- a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb > +++ b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb > @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = > "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ > # NOTE: Make sure to keep this recipe at the same version as > python3-cryptography > # Upgrade both recipes at the same time > > -SRC_URI[sha256sum] = > "75e82aea2982729312af735adb2983f347bb21fff88ad5dda3673ed70e1d1caf" > +SRC_URI[sha256sum] = > "7b36f976b6e58cc1801310e1c93c584c6539d371da7f8538edd8fc463dc80d5b" > > PYPI_PACKAGE = "cryptography_vectors" > > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#191416): > https://lists.openembedded.org/g/openembedded-core/message/191416 > Mute This Topic: https://lists.openembedded.org/mt/102862304/924729 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ > ticotimo@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > >
I'm sorry for causing you trouble, it was indeed my negligence. I will carefully consider to do more confirmation work before submitting to avoid similar issues. -- Best Regards --------------------------------------------------- Wang Mingyu Development Dept.I Nanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) No. 6 Wenzhu Road, Nanjing, 210012, China TEL: +86+25-86630566-8568 COINS: 79988548 FAX: +86+25-83317685 MAIL: wangmy@fujitsu.com<mailto:wangmy@fujitsu.com> http://www.fujitsu.com/cn/fnst/ From: Tim Orling <ticotimo@gmail.com> Sent: Wednesday, November 29, 2023 10:15 AM To: Wang, Mingyu/王 鸣瑜 <wangmy@fujitsu.com> Cc: openembedded-core@lists.openembedded.org Subject: Re: [OE-core] [PATCH] python3-cryptography-vectors: upgrade 41.0.5 -> 41.0.7 Once again. You CANNOT upgrade python3-cryptography-vectors without also upgrading python3-cryptography. PLEASE STOP SENDING THESE. On Tue, Nov 28, 2023 at 3:41 PM wangmy <wangmy@fujitsu.com<mailto:wangmy@fujitsu.com>> wrote: From: Wang Mingyu <wangmy@fujitsu.com<mailto:wangmy@fujitsu.com>> Changelog: ============= -Fixed compilation when using LibreSSL 3.8.2. -Fixed a null-pointer-dereference and segfault that could occur when loading certificates from a PKCS#7 bundle. Credit to pkuzco for reporting the issue. CVE-2023-49083 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com<mailto:wangmy@fujitsu.com>> --- ...vectors_41.0.5.bb<http://vectors_41.0.5.bb> => python3-cryptography-vectors_41.0.7.bb<http://python3-cryptography-vectors_41.0.7.bb>} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devtools/python/{python3-cryptography-vectors_41.0.5.bb<http://python3-cryptography-vectors_41.0.5.bb> => python3-cryptography-vectors_41.0.7.bb<http://python3-cryptography-vectors_41.0.7.bb>} (91%) diff --git a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb<http://python3-cryptography-vectors_41.0.5.bb> b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb<http://python3-cryptography-vectors_41.0.7.bb> similarity index 91% rename from meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb<http://python3-cryptography-vectors_41.0.5.bb> rename to meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb<http://python3-cryptography-vectors_41.0.7.bb> index 44c67fdd76..4bfdb5f100 100644 --- a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb<http://python3-cryptography-vectors_41.0.5.bb> +++ b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb<http://python3-cryptography-vectors_41.0.7.bb> @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ # NOTE: Make sure to keep this recipe at the same version as python3-cryptography # Upgrade both recipes at the same time -SRC_URI[sha256sum] = <file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4%20/%0b #%20NOTE:%20Make%20sure%20to%20keep%20this%20recipe%20at%20the%20same%20version%20as%20python3-cryptography # %20 %20 %20 Upgrade%20both%20recipes%20at%20the%20same%20time -SRC_URI[sha256sum]%20=> "75e82aea2982729312af735adb2983f347bb21fff88ad5dda3673ed70e1d1caf" +SRC_URI[sha256sum] = "7b36f976b6e58cc1801310e1c93c584c6539d371da7f8538edd8fc463dc80d5b" PYPI_PACKAGE = "cryptography_vectors" -- 2.34.1 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191416): https://lists.openembedded.org/g/openembedded-core/message/191416 Mute This Topic: https://lists.openembedded.org/mt/102862304/924729 Group Owner: openembedded-core+owner@lists.openembedded.org<mailto:openembedded-core%2Bowner@lists.openembedded.org> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [ticotimo@gmail.com<mailto:ticotimo@gmail.com>] -=-=-=-=-=-=-=-=-=-=-=-
diff --git a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb similarity index 91% rename from meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb rename to meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb index 44c67fdd76..4bfdb5f100 100644 --- a/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.5.bb +++ b/meta/recipes-devtools/python/python3-cryptography-vectors_41.0.7.bb @@ -9,7 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=8c3617db4fb6fae01f1d253ab91511e4 \ # NOTE: Make sure to keep this recipe at the same version as python3-cryptography # Upgrade both recipes at the same time -SRC_URI[sha256sum] = "75e82aea2982729312af735adb2983f347bb21fff88ad5dda3673ed70e1d1caf" +SRC_URI[sha256sum] = "7b36f976b6e58cc1801310e1c93c584c6539d371da7f8538edd8fc463dc80d5b" PYPI_PACKAGE = "cryptography_vectors"