From 60daee8fc2f3052e1be59d2a55f5c22144706d5f Mon Sep 17 00:00:00 2001 From: jk464 Date: Mon, 6 Nov 2023 19:11:30 +0000 Subject: [PATCH] Bump cryptography to 41.0.4, pyopenssl to 23.2.0 Fixes: * CVE-2023-4807 * CVE-2023-2650 * CVE-2023-3446 pyopenssl 23.2.0 required for cryptography to 41.0.x support --- fixed-requirements.txt | 4 ++-- requirements-pants.txt | 2 +- requirements.txt | 4 ++-- st2client/in-requirements.txt | 4 ++-- st2client/requirements.txt | 4 ++-- st2common/in-requirements.txt | 4 ++-- st2common/requirements.txt | 4 ++-- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/fixed-requirements.txt b/fixed-requirements.txt index 611eadb0838..44f2b022501 100644 --- a/fixed-requirements.txt +++ b/fixed-requirements.txt @@ -7,7 +7,7 @@ chardet<3.1.0 cffi<1.15.0 # NOTE: 2.0 version breaks pymongo work with hosts dnspython>=1.16.0,<2.0.0 -cryptography==39.0.1 +cryptography==41.0.4 # Note: 0.20.0 removed select.poll() on which some of our code and libraries we # depend on rely eventlet==0.30.2 @@ -45,7 +45,7 @@ pymongo==3.11.3 pyparsing<3 zstandard==0.15.2 # pyOpenSSL 23.1.0 supports cryptography up to 40.0.x -pyOpenSSL==23.1.0 +pyOpenSSL==23.2.0 python-editor==1.0.4 python-keyczar==0.716 pytz==2021.1 diff --git a/requirements-pants.txt b/requirements-pants.txt index 15a2177b93e..e92a82383b9 100644 --- a/requirements-pants.txt +++ b/requirements-pants.txt @@ -9,7 +9,7 @@ apscheduler argcomplete ciso8601 -cryptography +cryptography==41.0.4 # eventlet 0.31+ and gunicorn 20.1.0 are not compatible eventlet<0.31 # flex parses the openapi 2 spec in our router diff --git a/requirements.txt b/requirements.txt index ff2967991ec..e2470ec5814 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,7 +14,7 @@ bcrypt==3.2.0 cffi<1.15.0 chardet<3.1.0 ciso8601 -cryptography==39.0.1 +cryptography==41.0.4 decorator==4.4.2 dnspython>=1.16.0,<2.0.0 eventlet==0.30.2 @@ -45,7 +45,7 @@ passlib==1.7.4 prettytable==2.1.0 prompt-toolkit==1.0.15 psutil==5.8.0 -pyOpenSSL==23.1.0 +pyOpenSSL==23.2.0 pyinotify==0.9.6 ; platform_system=="Linux" pymongo==3.11.3 pyparsing<3 diff --git a/st2client/in-requirements.txt b/st2client/in-requirements.txt index b0057916f1d..517b92e4f04 100644 --- a/st2client/in-requirements.txt +++ b/st2client/in-requirements.txt @@ -16,12 +16,12 @@ python-editor prompt-toolkit # mention cffi used by cryptography so we can control version cffi -cryptography +cryptography==41.0.4 orjson # needed by requests chardet # required for SOCKS proxy support (HTTP_PROXY, HTTPS_PROXY, NO_PROXY) -pyOpenSSL +pyOpenSSL==23.2.0 pysocks # adding so can set version zipp diff --git a/st2client/requirements.txt b/st2client/requirements.txt index af86d57040a..381c425bcc1 100644 --- a/st2client/requirements.txt +++ b/st2client/requirements.txt @@ -8,14 +8,14 @@ argcomplete==1.12.2 cffi<1.15.0 chardet<3.1.0 -cryptography==39.0.1 +cryptography==41.0.4 importlib-metadata==4.10.1 jsonpath-rw==1.4.0 jsonschema==2.6.0 orjson==3.5.2 prettytable==2.1.0 prompt-toolkit==1.0.15 -pyOpenSSL==23.1.0 +pyOpenSSL==23.2.0 pysocks python-dateutil==2.8.1 python-editor==1.0.4 diff --git a/st2common/in-requirements.txt b/st2common/in-requirements.txt index 9580fa2fbed..87db38b452f 100644 --- a/st2common/in-requirements.txt +++ b/st2common/in-requirements.txt @@ -24,7 +24,7 @@ pymongo zstandard # mention cffi used by cryptography so we can control version cffi -cryptography +cryptography==41.0.4 requests retrying semver @@ -40,7 +40,7 @@ routes flex webob jsonpath-rw -pyOpenSSL +pyOpenSSL==23.2.0 python-statsd ciso8601 orjson diff --git a/st2common/requirements.txt b/st2common/requirements.txt index f01de64ef8f..0ae568402c2 100644 --- a/st2common/requirements.txt +++ b/st2common/requirements.txt @@ -11,7 +11,7 @@ apscheduler==3.7.0 cffi<1.15.0 chardet<3.1.0 ciso8601 -cryptography==39.0.1 +cryptography==41.0.4 decorator==4.4.2 dnspython>=1.16.0,<2.0.0 eventlet==0.30.2 @@ -30,7 +30,7 @@ orjson==3.5.2 orquesta@ git+https://github.com/StackStorm/orquesta.git@v1.5.0 oslo.config>=1.12.1,<1.13 paramiko==2.11.0 -pyOpenSSL==23.1.0 +pyOpenSSL==23.2.0 pymongo==3.11.3 python-dateutil==2.8.1 python-statsd==2.1.0