aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/python.scm
diff options
context:
space:
mode:
authorLeo Famulari <leo@famulari.name>2017-01-06 13:43:38 -0500
committerLeo Famulari <leo@famulari.name>2017-01-06 13:50:18 -0500
commitaa21c764d65068783ae31febee2a92eb3d138a24 (patch)
tree16ce9d75b61b80fc1a42635eb7aa22e4b6ddbacb /gnu/packages/python.scm
parent707c65aad74f185d1463da174473a2364aa40133 (diff)
downloadguix-aa21c764d65068783ae31febee2a92eb3d138a24.tar
guix-aa21c764d65068783ae31febee2a92eb3d138a24.tar.gz
gnu: python-pycrypto: Fix CVE-2013-7459.
* gnu/packages/patches/python-pycrypto-CVE-2013-7459.patch: New file. * gnu/local.mk (dist_patch_DATA): Add it. * gnu/packages/python.scm (python-pycrypto, python2-pycrypto)[source]: Use the patch. Use pypi-uri.
Diffstat (limited to 'gnu/packages/python.scm')
-rw-r--r--gnu/packages/python.scm12
1 files changed, 5 insertions, 7 deletions
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index 5faebae3d9..d8ca83d810 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -958,13 +958,11 @@ Python 3 support.")
(define-public python2-setuptools
(package-with-python2 python-setuptools))
-;;; Pycrypto is abandoned upstream [0] and contains at least one bug that can be
-;;; exploited to achieve arbitrary code execution [1].
+;;; Pycrypto is abandoned upstream:
;;;
-;;; TODO Remove this package from GNU Guix.
+;;; https://github.com/dlitz/pycrypto/issues/173
;;;
-;;; [0] https://github.com/dlitz/pycrypto/issues/173
-;;; [1] https://github.com/dlitz/pycrypto/issues/176
+;;; TODO Remove this package from GNU Guix.
(define-public python-pycrypto
(package
(name "python-pycrypto")
@@ -972,8 +970,8 @@ Python 3 support.")
(source
(origin
(method url-fetch)
- (uri (string-append "https://pypi.python.org/packages/source/p/"
- "pycrypto/pycrypto-" version ".tar.gz"))
+ (uri (pypi-uri "pycrypto" version))
+ (patches (search-patches "python-pycrypto-CVE-2013-7459.patch"))
(sha256
(base32
"0g0ayql5b9mkjam8hym6zyg6bv77lbh66rv1fyvgqb17kfc1xkpj"))))