1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
{
lib,
buildPythonPackage,
fetchFromGitHub,
fetchpatch,
# build-system
setuptools,
# dependencies
ecdsa,
rsa,
pyasn1,
# optional-dependencies
cryptography,
pycrypto,
pycryptodome,
# tests
pytestCheckHook,
}:
buildPythonPackage rec {
pname = "python-jose";
version = "3.3.0";
pyproject = true;
src = fetchFromGitHub {
owner = "mpdavis";
repo = pname;
rev = version;
hash = "sha256-6VGC6M5oyGCOiXcYp6mpyhL+JlcYZKIqOQU9Sm/TkKM=";
};
patches = [
(fetchpatch {
name = "CVE-2024-33663.patch";
url = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33663.patch?rev=36cd8815411620042f56a3b81599b341";
hash = "sha256-uxOCa7Lg82zY2nuHzw6CbcymCKUodITrFU3lLY1XMFU=";
})
(fetchpatch {
name = "CVE-2024-33664.patch";
url = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33664.patch?rev=36cd8815411620042f56a3b81599b341";
hash = "sha256-wx/U1T7t7TloP+dMXxGxEVB3bMC7e6epmN8RE8FKksM=";
})
];
postPatch = ''
substituteInPlace setup.py \
--replace '"pytest-runner",' ""
'';
nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
ecdsa
pyasn1
rsa
];
passthru.optional-dependencies = {
cryptography = [ cryptography ];
pycrypto = [ pycrypto ];
pycryptodome = [ pycryptodome ];
};
pythonImportsCheck = [ "jose" ];
nativeCheckInputs = [
pytestCheckHook
] ++ lib.flatten (lib.attrValues passthru.optional-dependencies);
disabledTests = [
# https://github.com/mpdavis/python-jose/issues/348
"TestBackendEcdsaCompatibility"
];
meta = with lib; {
changelog = "https://github.com/mpdavis/python-jose/releases/tag/${version}";
homepage = "https://github.com/mpdavis/python-jose";
description = "JOSE implementation in Python";
license = licenses.mit;
maintainers = with maintainers; [ jhhuh ];
};
}
|