aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

work around CVE-2024-23342 for pkgs hwi, trezor

Browse source
This commit is contained in:
Erik Arvstedt 2025-11-22 12:58:19 +01:00
parent c4cd252753
commit e6e3a13dbb
No known key found for this signature in database
GPG key ID: 33312B944DD97846
4 changed files with 20 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

18
pkgs/python-packages/default.nix
View file

@ -33,4 +33,22 @@ rec {
}).pkgs;
nbPython3PackagesJoinmarket = nbPython3Packages;
# Re-enable pkgs `hwi`, `trezor` that are unaffected by `CVE-2024-23342` because
# they don't use python pkg `ecdsa` for signing.
# These packages no longer evaluate in nixpkgs after `ecdsa` was tagged with this CVE.
nbPython3PackagesWithUnlockedEcdsa = let
python3PackagesWithUnlockedEcdsa = (python3.override {
packageOverrides = self: super: {
ecdsa = super.ecdsa.overrideAttrs (old: {
meta = old.meta // {
knownVulnerabilities = builtins.filter (x: x != "CVE-2024-23342") old.meta.knownVulnerabilities;
};
});
};
}).pkgs;
in {
hwi = with python3PackagesWithUnlockedEcdsa; toPythonApplication hwi;
inherit (python3PackagesWithUnlockedEcdsa) trezor;
};
}