Explicitly upgrade openssl in docker file and enforce new version of cryptography (#9697)

This commit is contained in:
Erik Johnston 2021-03-26 12:00:25 +00:00 committed by GitHub
parent e2904f720d
commit 12d6184713
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 28 additions and 20 deletions

1
changelog.d/9697.docker Normal file
View file

@ -0,0 +1 @@
Ensure that the docker container has up to date versions of openssl.

1
changelog.d/9697.misc Normal file
View file

@ -0,0 +1 @@
Enforce that `cryptography` dependency is up to date to ensure it has the most recent openssl patches.

View file

@ -28,6 +28,7 @@ RUN apt-get update && apt-get install -y \
libwebp-dev \
libxml++2.6-dev \
libxslt1-dev \
openssl \
rustc \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
@ -70,6 +71,8 @@ RUN apt-get update && apt-get install -y \
libwebp6 \
xmlsec1 \
libjemalloc2 \
libssl-dev \
openssl \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder /install /usr/local

View file

@ -82,6 +82,9 @@ REQUIREMENTS = [
"Jinja2>=2.9",
"bleach>=1.4.3",
"typing-extensions>=3.7.4",
# We enforce that we have a `cryptography` version that bundles an `openssl`
# with the latest security patches.
"cryptography>=3.4.7;python_version>='3.6'",
]
CONDITIONAL_REQUIREMENTS = {