python/python-PyJWT
SHA256
14
0
Fork 0
forked from pool/python-PyJWT
Code Pull Requests Activity

Accepting request 741159 from home:StefanBruens:branches:devel:languages:python

Browse Source 
- Fix build with ecdsa >= 0.13.3, #447
  * 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch

OBS-URL: https://build.opensuse.org/request/show/741159
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-PyJWT?expand=0&rev=45
This commit is contained in:
Tomáš Chvátal
2019-10-19 07:44:20 +00:00
committed by Git OBS Bridge
parent e15e45ce8b
commit 20e146e8e8
3 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch Normal file
View File

@@ -0,0 +1,27 @@
From e4563939727281cd982c3a228ea80e4b8bf69997 Mon Sep 17 00:00:00 2001
From: StefanBruens <stefan.bruens@rwth-aachen.de>
Date: Fri, 18 Oct 2019 22:10:16 +0200
Subject: [PATCH] Catch BadSignatureError raised by ecdsa 0.13.3 on
verification errors
The new ecdsa no longer uses AssertionError when the signature is too long.
This happens in the test suite, where "123" is appended to the signature.
Fixes #447
---
jwt/contrib/algorithms/py_ecdsa.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/jwt/contrib/algorithms/py_ecdsa.py b/jwt/contrib/algorithms/py_ecdsa.py
index bf0dea5..adb33f4 100644
--- a/jwt/contrib/algorithms/py_ecdsa.py
+++ b/jwt/contrib/algorithms/py_ecdsa.py
@@ -56,5 +56,7 @@ def verify(self, msg, key, sig):
try:
return key.verify(sig, msg, hashfunc=self.hash_alg,
sigdecode=ecdsa.util.sigdecode_string)
- except AssertionError:
+ # ecdsa <= 0.13.2 raises AssertionError on too long signatures,
+ # ecdsa >= 0.13.3 raises BadSignatureError for verification errors.
+ except (AssertionError, ecdsa.BadSignatureError):
return False

6
python-PyJWT.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Oct 18 20:24:47 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
- Fix build with ecdsa >= 0.13.3, #447
* 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch
-------------------------------------------------------------------
Thu Mar 7 11:13:38 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>

3
python-PyJWT.spec
View File

@@ -25,6 +25,8 @@ License: MIT
Group: Development/Languages/Python
URL: https://github.com/progrium/pyjwt
Source: https://files.pythonhosted.org/packages/source/P/PyJWT/PyJWT-%{version}.tar.gz
# PATCH-FIX-UPSTREAM https://github.com/jpadilla/pyjwt/pull/448.patch
Patch0: 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch
BuildRequires: %{python_module cryptography >= 1.4}
BuildRequires: %{python_module ecdsa}
BuildRequires: %{python_module pytest}
@@ -44,6 +46,7 @@ A Python implementation of JSON Web Token draft 01.
%prep
%setup -q -n PyJWT-%{version}
%patch0 -p1
%build
%python_build