[staging-25.11] python3Packages.pyopenssl: backport 26.0 security fixes#510573
Conversation
There was a problem hiding this comment.
This report is automatically generated by the PR / Check / cherry-pick CI workflow.
Some of the commits in this PR require the author's and reviewer's attention.
Please follow the backporting guidelines and cherry-pick with the -x flag.
This requires changes to the unstable master and staging branches first, before backporting them.
Occasionally, commits are not cherry-picked at all, for example when updating minor versions of packages which have already advanced to the next major on unstable.
These commits can optionally be marked with a Not-cherry-picked-because: <reason> footer.
If you need to merge this PR despite the warnings, please dismiss this review shortly before merging.
Warning
Couldn't locate the cherry-picked commit's hash in the commit message of b03b950.
Hint: The full diffs are also available in the runner logs with slightly better highlighting.
|
/cc ceph.meta.maintainers: @adevress @alexanderkjeldaas @johanot @krav @nh2 @benaryorg and the staging-next-25.11 PR #507470 |
According to OpenCVE CVE-2026-27459 applies to 26.05 will ship Ceph Tentacle which is back to using the regular nixpkgs versions for all things Python with no vendoring, so this is an issue specifically for 25.11 and the time it remains supported, but nonetheless an issue. |
|
The probability that Ceph actually uses those callbacks is low (though I haven't checked), but actually backporting is more or less trivial. Attached is a cherry-pick of the Feel free to pick this up here, otherwise I'll see if I get around to opening a proper PR tomorrow. |
Fixes: CVE-2026-27459, CVE-2026-27448
Things done
passthru.tests.nixpkgs-reviewon this PR. See nixpkgs-review usage../result/bin/.