From af9568fae8267c3c8b2ca18d3403ed1455387ae3 Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Sun, 7 Feb 2021 19:34:48 +0100
Subject: [PATCH] python3Packages.cryptography: 3.3.1 -> 3.3.2 (security,
 CVE-2020-36242)

SECURITY ISSUE: Fixed a bug where certain sequences of update() calls
when symmetrically encrypting very large payloads (>2GB) could result in
an integer overflow, leading to buffer overflows. CVE-2020-36242

Note: This also updates {,vectors-}3.3.nix (for Python 2 / nixops)
because of the security issue.
---
 pkgs/development/python-modules/cryptography/3.3.nix         | 4 ++--
 pkgs/development/python-modules/cryptography/default.nix     | 4 ++--
 pkgs/development/python-modules/cryptography/vectors-3.3.nix | 2 +-
 pkgs/development/python-modules/cryptography/vectors.nix     | 2 +-
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkgs/development/python-modules/cryptography/3.3.nix b/pkgs/development/python-modules/cryptography/3.3.nix
index b6972e6d56b..04971852075 100644
--- a/pkgs/development/python-modules/cryptography/3.3.nix
+++ b/pkgs/development/python-modules/cryptography/3.3.nix
@@ -22,11 +22,11 @@
 
 buildPythonPackage rec {
   pname = "cryptography";
-  version = "3.3.1"; # Also update the hash in vectors-3.3.nix
+  version = "3.3.2"; # Also update the hash in vectors-3.3.nix
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
+    sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
   };
 
   patches = [ ./cryptography-py27-warning.patch ];
diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix
index ad402efd759..eb4eba0f587 100644
--- a/pkgs/development/python-modules/cryptography/default.nix
+++ b/pkgs/development/python-modules/cryptography/default.nix
@@ -22,11 +22,11 @@
 
 buildPythonPackage rec {
   pname = "cryptography";
-  version = "3.3.1"; # Also update the hash in vectors.nix
+  version = "3.3.2"; # Also update the hash in vectors.nix
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
+    sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/python-modules/cryptography/vectors-3.3.nix b/pkgs/development/python-modules/cryptography/vectors-3.3.nix
index 94526c8268e..f9b7c525237 100644
--- a/pkgs/development/python-modules/cryptography/vectors-3.3.nix
+++ b/pkgs/development/python-modules/cryptography/vectors-3.3.nix
@@ -7,7 +7,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "192wix3sr678x21brav5hgc6j93l7ab1kh69p2scr3fsblq9qy03";
+    sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc";
   };
 
   # No tests included
diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix
index 94526c8268e..f9b7c525237 100644
--- a/pkgs/development/python-modules/cryptography/vectors.nix
+++ b/pkgs/development/python-modules/cryptography/vectors.nix
@@ -7,7 +7,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "192wix3sr678x21brav5hgc6j93l7ab1kh69p2scr3fsblq9qy03";
+    sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc";
   };
 
   # No tests included