From 6f3597024b0c0253d093318eae945c1aa5a3965d Mon Sep 17 00:00:00 2001
From: sxt1001 <shixuantong@huawei.com>
Date: Tue, 23 Feb 2021 09:56:05 +0800
Subject: [PATCH] fix CVE-2020-36242

(cherry picked from commit 86b787f079b767a50dc80417d49690a3c9922f9d)
---
 backport-CVE-2020-36242.patch | 46 +++++++++++++++++++++++++++++++++++
 python-cryptography.spec      |  6 ++++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2020-36242.patch

diff --git a/backport-CVE-2020-36242.patch b/backport-CVE-2020-36242.patch
new file mode 100644
index 0000000..fbfb2a2
--- /dev/null
+++ b/backport-CVE-2020-36242.patch
@@ -0,0 +1,46 @@
+From 962eac3925c7184fb5dc174357823223beba0d85 Mon Sep 17 00:00:00 2001
+From: Paul Kehrer <paul.l.kehrer@gmail.com>
+Date: Sun, 7 Feb 2021 11:04:43 -0600
+Subject: [PATCH] port changelog and fix back to master for CVE-2020-36242
+
+---
+ CHANGELOG.rst                                       | 9 +++++++++
+ src/cryptography/hazmat/backends/openssl/ciphers.py | 2 +-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/CHANGELOG.rst b/CHANGELOG.rst
+index 3cb53d0..4dd7146 100644
+--- a/CHANGELOG.rst
++++ b/CHANGELOG.rst
+@@ -1,6 +1,15 @@
+ Changelog
+ =========
+ 
++.. _v3-3-2:
++
++3.3.2 - 2021-02-07
++~~~~~~~~~~~~~~~~~~
++
++* **SECURITY ISSUE:** Fixed a bug where certain sequences of ``update()`` calls
++  when symmetrically encrypting very large payloads (>2GB) could result in an
++  integer overflow, leading to buffer overflows. *CVE-2020-36242*
++
+ .. _v3-3-1:
+ 
+ 3.3.1 - 2020-12-09
+diff --git a/src/cryptography/hazmat/backends/openssl/ciphers.py b/src/cryptography/hazmat/backends/openssl/ciphers.py
+index 1e805d2..ad5dad3 100644
+--- a/src/cryptography/hazmat/backends/openssl/ciphers.py
++++ b/src/cryptography/hazmat/backends/openssl/ciphers.py
+@@ -17,7 +17,7 @@ from cryptography.hazmat.primitives.ciphers import modes
+ class _CipherContext(object):
+     _ENCRYPT = 1
+     _DECRYPT = 0
+-    _MAX_CHUNK_SIZE = 2 ** 31 - 1
++    _MAX_CHUNK_SIZE = 2 ** 30 - 1
+ 
+     def __init__(self, backend, cipher, mode, operation):
+         self._backend = backend
+-- 
+1.8.3.1
+
diff --git a/python-cryptography.spec b/python-cryptography.spec
index 1380854..07ba422 100644
--- a/python-cryptography.spec
+++ b/python-cryptography.spec
@@ -1,12 +1,13 @@
 %global srcname cryptography
 Name:           python-%{srcname}
 Version:        3.3.1
-Release:        1
+Release:        2
 Summary:        PyCA's cryptography library
 License:        ASL 2.0 or BSD
 URL:            https://cryptography.io/en/latest/  
 Source0:        %{pypi_source}
 
+Patch6000:      backport-CVE-2020-36242.patch
 
 BuildRequires:  openssl-devel
 BuildRequires:  gcc
@@ -70,6 +71,9 @@ PYTHONPATH=%{buildroot}%{python3_sitearch} %{__python3} -m pytest -k "not (test_
 %doc README.rst docs
 
 %changelog
+* Tue Feb 23 2021 shixuantong <shixuantong@huawei.com> - 3.3.1-2
+- fix CVE-2020-36242
+
 * Mon Feb 1 2021 liudabo <liudabo1@huawei.com> - 3.3.1-1
 - upgrade version to 3.3.1
 
-- 
Gitee