From 44b7d77591e9fe271dfb97c6f20f0ef8453ebcd9 Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Thu, 10 Dec 2020 13:38:54 +0100
Subject: [PATCH] python3Packages.cryptography: 3.2.1 -> 3.3.1

Backward incompatible changes:
- Support for Python 3.5 has been removed due to low usage and
  maintenance burden.
- The GCM and AESGCM now require 64-bit to 1024-bit (8 byte to 128 byte)
  initialization vectors. This change is to conform with an upcoming
  OpenSSL release that will no longer support sizes outside this window.
- When deserializing asymmetric keys we now raise ValueError rather than
  UnsupportedAlgorithm when an unsupported cipher is used. This change
  is to conform with an upcoming OpenSSL release that will no longer
  distinguish between error types.
- We no longer allow loading of finite field Diffie-Hellman parameters
  of less than 512 bits in length. This change is to conform with an
  upcoming OpenSSL release that no longer supports smaller sizes. These
  keys were already wildly insecure and should not have been used in any
  application outside of testing.
---
 pkgs/development/python-modules/cryptography/default.nix | 4 ++--
 pkgs/development/python-modules/cryptography/vectors.nix | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix
index 41802f0d0651..0bee19c3f4f3 100644
--- a/pkgs/development/python-modules/cryptography/default.nix
+++ b/pkgs/development/python-modules/cryptography/default.nix
@@ -22,11 +22,11 @@
 
 buildPythonPackage rec {
   pname = "cryptography";
-  version = "3.2.1"; # Also update the hash in vectors.nix
+  version = "3.3.1"; # Also update the hash in vectors.nix
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1qxz02kfsrihq1h4afyqwcsv9nh3s9mmrr6y9lhi4angw05y3mfk";
+    sha256 = "1ribd1vxq9wwz564mg60dzcy699gng54admihjjkgs9dx95pw5vy";
   };
 
   outputs = [ "out" "dev" ];
diff --git a/pkgs/development/python-modules/cryptography/vectors.nix b/pkgs/development/python-modules/cryptography/vectors.nix
index 567ce23783ea..94526c8268ef 100644
--- a/pkgs/development/python-modules/cryptography/vectors.nix
+++ b/pkgs/development/python-modules/cryptography/vectors.nix
@@ -7,7 +7,7 @@ buildPythonPackage rec {
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "12dq1grn0bjj7c6sj6apd6328525n7xq4kbbmww63sn3x7081vls";
+    sha256 = "192wix3sr678x21brav5hgc6j93l7ab1kh69p2scr3fsblq9qy03";
   };
 
   # No tests included