From 3d43659204400261c4f759dfb3d0b55eb8ccb0e7 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Oct 06 2021 12:37:12 +0000
Subject: import python-cryptography-3.2.1-5.el8


---

diff --git a/SOURCES/0005-CVE-2020-36242.patch b/SOURCES/0005-CVE-2020-36242.patch
new file mode 100644
index 0000000..1f2f9c5
--- /dev/null
+++ b/SOURCES/0005-CVE-2020-36242.patch
@@ -0,0 +1,18 @@
+From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Sun, 7 Feb 2021 11:04:43 -0600
+Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242
+
+diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
+index 2b10681b31..0f96795fdc 100644
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -16,7 +16,7 @@
+ class _CipherContext(object):
+     _ENCRYPT = 1
+     _DECRYPT = 0
+-    _MAX_CHUNK_SIZE = 2 ** 31 - 1
++    _MAX_CHUNK_SIZE = 2 ** 30 - 1
+ 
+     def __init__(self, backend, cipher, mode, operation):
+         self._backend = backend
diff --git a/SPECS/python-cryptography.spec b/SPECS/python-cryptography.spec
index e475ba0..7132873 100644
--- a/SPECS/python-cryptography.spec
+++ b/SPECS/python-cryptography.spec
@@ -4,7 +4,7 @@
 
 Name:           python-%{srcname}
 Version:        3.2.1
-Release:        3%{?dist}
+Release:        5%{?dist}
 Summary:        PyCA's cryptography library
 
 Group:          Development/Libraries
@@ -16,6 +16,7 @@ Patch0001:      0001-Re-add-deprecated-and-removed-features.patch
 Patch0002:      0002-Support-pytest-3.4.2.patch
 Patch0003:	0003-Skip-iso8601-test-cases.patch
 Patch0004:	0004-Revert-remove-NPN-bindings.patch
+Patch0005:	0005-CVE-2020-36242.patch
 
 BuildRequires:  openssl-devel
 BuildRequires:  gcc
@@ -81,6 +82,16 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest
 
 
 %changelog
+* Tue Jun 08 2021 Christian Heimes <cheimes@redhat.com> - 3.2.1-5
+- Rebuild for RHEL 8.5
+- Resolves: rhbz#1933071
+
+* Tue Feb 09 2021 Christian Heimes <cheimes@redhat.com> - 3.2.1-4
+- CVE-2020-36242: Fixed a bug where certain sequences of update() calls
+  when symmetrically encrypting very large payloads (>2GB) could result
+  in an integer overflow, leading to buffer overflows.
+- Resolves: rhbz#1926528
+
 * Mon Dec 14 17:24:01 CET 2020 Christian Heimes <cheimes@redhat.com> - 3.2.1-3
 - Conflict with non-matching vector package