about summary refs log tree commit diff
path: root/pkgs/development/python-modules/python-jose/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/python-modules/python-jose/default.nix')
-rw-r--r--pkgs/development/python-modules/python-jose/default.nix72
1 files changed, 41 insertions, 31 deletions
diff --git a/pkgs/development/python-modules/python-jose/default.nix b/pkgs/development/python-modules/python-jose/default.nix
index 6e3f406fe5a30..92f2bd6ce9b33 100644
--- a/pkgs/development/python-modules/python-jose/default.nix
+++ b/pkgs/development/python-modules/python-jose/default.nix
@@ -1,22 +1,24 @@
-{ lib
-, buildPythonPackage
-, fetchFromGitHub
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  fetchpatch,
 
-# build-system
-, setuptools
+  # build-system
+  setuptools,
 
-# dependencies
-, ecdsa
-, rsa
-, pyasn1
+  # dependencies
+  ecdsa,
+  rsa,
+  pyasn1,
 
-# optional-dependencies
-, cryptography
-, pycrypto
-, pycryptodome
+  # optional-dependencies
+  cryptography,
+  pycrypto,
+  pycryptodome,
 
-# tests
-, pytestCheckHook
+  # tests
+  pytestCheckHook,
 }:
 
 buildPythonPackage rec {
@@ -31,14 +33,25 @@ buildPythonPackage rec {
     hash = "sha256-6VGC6M5oyGCOiXcYp6mpyhL+JlcYZKIqOQU9Sm/TkKM=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-33663.patch";
+      url = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33663.patch?rev=36cd8815411620042f56a3b81599b341";
+      hash = "sha256-uxOCa7Lg82zY2nuHzw6CbcymCKUodITrFU3lLY1XMFU=";
+    })
+    (fetchpatch {
+      name = "CVE-2024-33664.patch";
+      url = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33664.patch?rev=36cd8815411620042f56a3b81599b341";
+      hash = "sha256-wx/U1T7t7TloP+dMXxGxEVB3bMC7e6epmN8RE8FKksM=";
+    })
+  ];
+
   postPatch = ''
     substituteInPlace setup.py \
       --replace '"pytest-runner",' ""
   '';
 
-  nativeBuildInputs = [
-    setuptools
-  ];
+  nativeBuildInputs = [ setuptools ];
 
   propagatedBuildInputs = [
     ecdsa
@@ -47,24 +60,21 @@ buildPythonPackage rec {
   ];
 
   passthru.optional-dependencies = {
-    cryptography = [
-      cryptography
-    ];
-    pycrypto = [
-      pycrypto
-    ];
-    pycryptodome = [
-      pycryptodome
-    ];
+    cryptography = [ cryptography ];
+    pycrypto = [ pycrypto ];
+    pycryptodome = [ pycryptodome ];
   };
 
-  pythonImportsCheck = [
-    "jose"
-  ];
+  pythonImportsCheck = [ "jose" ];
 
   nativeCheckInputs = [
     pytestCheckHook
-  ] ++ lib.flatten (builtins.attrValues passthru.optional-dependencies);
+  ] ++ lib.flatten (lib.attrValues passthru.optional-dependencies);
+
+  disabledTests = [
+    # https://github.com/mpdavis/python-jose/issues/348
+    "TestBackendEcdsaCompatibility"
+  ];
 
   meta = with lib; {
     changelog = "https://github.com/mpdavis/python-jose/releases/tag/${version}";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-02 05:19:32 +0000