diff options
author | Leo Famulari <leo@famulari.name> | 2017-01-06 13:43:38 -0500 |
---|---|---|
committer | Leo Famulari <leo@famulari.name> | 2017-01-06 13:50:18 -0500 |
commit | aa21c764d65068783ae31febee2a92eb3d138a24 (patch) | |
tree | 16ce9d75b61b80fc1a42635eb7aa22e4b6ddbacb /gnu/packages/python.scm | |
parent | 707c65aad74f185d1463da174473a2364aa40133 (diff) | |
download | guix-aa21c764d65068783ae31febee2a92eb3d138a24.tar.gz |
gnu: python-pycrypto: Fix CVE-2013-7459.
* gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-pycrypto, python2-pycrypto)[source]: Use the patch. Use pypi-uri.
Diffstat (limited to 'gnu/packages/python.scm')
-rw-r--r-- | gnu/packages/python.scm | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm index 5faebae3d9..d8ca83d810 100644 --- a/gnu/packages/python.scm +++ b/gnu/packages/python.scm @@ -958,13 +958,11 @@ Python 3 support.") (define-public python2-setuptools (package-with-python2 python-setuptools)) -;;; Pycrypto is abandoned upstream [0] and contains at least one bug that can be -;;; exploited to achieve arbitrary code execution [1]. +;;; Pycrypto is abandoned upstream: ;;; -;;; TODO Remove this package from GNU Guix. +;;; https://github.com/dlitz/pycrypto/issues/173 ;;; -;;; [0] https://github.com/dlitz/pycrypto/issues/173 -;;; [1] https://github.com/dlitz/pycrypto/issues/176 +;;; TODO Remove this package from GNU Guix. (define-public python-pycrypto (package (name "python-pycrypto") @@ -972,8 +970,8 @@ Python 3 support.") (source (origin (method url-fetch) - (uri (string-append "https://pypi.python.org/packages/source/p/" - "pycrypto/pycrypto-" version ".tar.gz")) + (uri (pypi-uri "pycrypto" version)) + (patches (search-patches "python-pycrypto-CVE-2013-7459.patch")) (sha256 (base32 "0g0ayql5b9mkjam8hym6zyg6bv77lbh66rv1fyvgqb17kfc1xkpj")))) |