diff options
author | Alex Gaynor <alex.gaynor@gmail.com> | 2021-02-07 11:36:56 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-02-07 10:36:56 -0600 |
commit | 82b6ce28389f0a317bc55ba2091a74b346db7cae (patch) | |
tree | 7664b5f2c5af817e737da24d729ecb93ea011e42 | |
parent | 1ff0d50948bbb6f2aa53d5648f1188a567d941cd (diff) | |
download | pyca-cryptography-3.3.x.zip pyca-cryptography-3.3.x.tar.gz pyca-cryptography-3.3.x.tar.bz2 |
* correct buffer overflows cause by integer overflow in openssl
frustratingly, there is no test for this -- that's because testing this
requires allocating more memory than is available in CI.
fixes #5615.
* backport CI fixes
* another CI backport
-rw-r--r-- | .github/workflows/ci.yml | 4 | ||||
-rw-r--r-- | .github/workflows/wheel-builder.yml | 2 | ||||
-rw-r--r-- | .zuul.d/jobs.yaml | 6 | ||||
-rw-r--r-- | CHANGELOG.rst | 9 | ||||
-rw-r--r-- | docs/conf.py | 2 | ||||
-rw-r--r-- | src/cryptography/__about__.py | 4 | ||||
-rw-r--r-- | src/cryptography/hazmat/backends/openssl/ciphers.py | 2 | ||||
-rw-r--r-- | vectors/cryptography_vectors/__about__.py | 4 |
8 files changed, 21 insertions, 12 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1e03eae..3cc8433 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -82,7 +82,7 @@ jobs: linux-distros: runs-on: ubuntu-latest - container: ${{ matrix.IMAGE.IMAGE }} + container: ghcr.io/${{ matrix.IMAGE.IMAGE }} strategy: matrix: IMAGE: @@ -91,7 +91,7 @@ jobs: - {IMAGE: "pyca/cryptography-runner-centos8-fips", TOXENV: "py36", FIPS: true} - {IMAGE: "pyca/cryptography-runner-stretch", TOXENV: "py27"} - {IMAGE: "pyca/cryptography-runner-buster", TOXENV: "py37"} - - {IMAGE: "pyca/cryptography-runner-bullseye", TOXENV: "py38"} + - {IMAGE: "pyca/cryptography-runner-bullseye", TOXENV: "py39"} - {IMAGE: "pyca/cryptography-runner-sid", TOXENV: "py39"} - {IMAGE: "pyca/cryptography-runner-ubuntu-bionic", TOXENV: "py36"} - {IMAGE: "pyca/cryptography-runner-ubuntu-focal", TOXENV: "py38"} diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index b74edc2..94d24c5 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -8,7 +8,7 @@ on: jobs: manylinux: runs-on: ubuntu-latest - container: ${{ matrix.MANYLINUX.CONTAINER }} + container: ghcr.io/${{ matrix.MANYLINUX.CONTAINER }} strategy: matrix: PYTHON: ["cp27-cp27m", "cp27-cp27mu", "cp36-cp36m"] diff --git a/.zuul.d/jobs.yaml b/.zuul.d/jobs.yaml index 38cab29..83f2c65 100644 --- a/.zuul.d/jobs.yaml +++ b/.zuul.d/jobs.yaml @@ -44,7 +44,7 @@ vars: wheel_builds: - platform: manylinux2014_aarch64 - image: pyca/cryptography-manylinux2014_aarch64 + image: ghcr.io/pyca/cryptography-manylinux2014_aarch64 pythons: - cp36-cp36m @@ -55,13 +55,13 @@ vars: wheel_builds: - platform: manylinux1_x86_64 - image: pyca/cryptography-manylinux1:x86_64 + image: ghcr.io/pyca/cryptography-manylinux1:x86_64 pythons: - cp27-cp27m - cp27-cp27mu - cp36-cp36m - platform: manylinux2010_x86_64 - image: pyca/cryptography-manylinux2010:x86_64 + image: ghcr.io/pyca/cryptography-manylinux2010:x86_64 pythons: - cp27-cp27m - cp27-cp27mu diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 3cb53d0..4dd7146 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -1,6 +1,15 @@ Changelog ========= +.. _v3-3-2: + +3.3.2 - 2021-02-07 +~~~~~~~~~~~~~~~~~~ + +* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls + when symmetrically encrypting very large payloads (>2GB) could result in an + integer overflow, leading to buffer overflows. *CVE-2020-36242* + .. _v3-3-1: 3.3.1 - 2020-12-09 diff --git a/docs/conf.py b/docs/conf.py index 33240d8..fb67ada 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -71,7 +71,7 @@ master_doc = "index" # General information about the project. project = "Cryptography" -copyright = "2013-2020, Individual Contributors" +copyright = "2013-2021, Individual Contributors" # The version info for the project you're documenting, acts as replacement for # |version| and |release|, also used in various other places throughout the diff --git a/src/cryptography/__about__.py b/src/cryptography/__about__.py index 0c7eaaa..f816509 100644 --- a/src/cryptography/__about__.py +++ b/src/cryptography/__about__.py @@ -22,10 +22,10 @@ __summary__ = ( ) __uri__ = "https://github.com/pyca/cryptography" -__version__ = "3.3.1" +__version__ = "3.3.2" __author__ = "The cryptography developers" __email__ = "cryptography-dev@python.org" __license__ = "BSD or Apache License, Version 2.0" -__copyright__ = "Copyright 2013-2020 {}".format(__author__) +__copyright__ = "Copyright 2013-2021 {}".format(__author__) diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py index 1e805d2..ad5dad3 100644 --- a/src/cryptography/hazmat/backends/openssl/ciphers.py +++ b/src/cryptography/hazmat/backends/openssl/ciphers.py @@ -17,7 +17,7 @@ from cryptography.hazmat.primitives.ciphers import modes class _CipherContext(object): _ENCRYPT = 1 _DECRYPT = 0 - _MAX_CHUNK_SIZE = 2 ** 31 - 1 + _MAX_CHUNK_SIZE = 2 ** 30 - 1 def __init__(self, backend, cipher, mode, operation): self._backend = backend diff --git a/vectors/cryptography_vectors/__about__.py b/vectors/cryptography_vectors/__about__.py index 44fe9e7..dc069d5 100644 --- a/vectors/cryptography_vectors/__about__.py +++ b/vectors/cryptography_vectors/__about__.py @@ -20,10 +20,10 @@ __summary__ = "Test vectors for the cryptography package." __uri__ = "https://github.com/pyca/cryptography" -__version__ = "3.3.1" +__version__ = "3.3.2" __author__ = "The cryptography developers" __email__ = "cryptography-dev@python.org" __license__ = "BSD or Apache License, Version 2.0" -__copyright__ = "Copyright 2013-2020 %s" % __author__ +__copyright__ = "Copyright 2013-2021 %s" % __author__ |