forked from pool/python-PyJWT
		
	Accepting request 868465 from devel:languages:python
- update to 2.0.1: * Drop support for Python 2 and Python 3.0-3.5 * Require cryptography >= 3 * Drop support for PyCrypto and ECDSA * Drop CLI * Improve typings * Dropped deprecated errors * Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)`` * Dropped deprecated ``verify`` param in ``jwt.decode(...)`` * Require explicit ``algorithms`` in ``jwt.decode(...)`` by default * Dropped deprecated ``require_*`` options in ``jwt.decode(...)`` * Introduce better experience for JWKs * further details see included CHANGELOG.rst - drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete) OBS-URL: https://build.opensuse.org/request/show/868465 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-PyJWT?expand=0&rev=21
This commit is contained in:
		| @@ -1,27 +0,0 @@ | ||||
| From e4563939727281cd982c3a228ea80e4b8bf69997 Mon Sep 17 00:00:00 2001 | ||||
| From: StefanBruens <stefan.bruens@rwth-aachen.de> | ||||
| Date: Fri, 18 Oct 2019 22:10:16 +0200 | ||||
| Subject: [PATCH] Catch BadSignatureError raised by ecdsa 0.13.3 on | ||||
|  verification errors | ||||
|  | ||||
| The new ecdsa no longer uses AssertionError when the signature is too long. | ||||
| This happens in the test suite, where "123" is appended to the signature. | ||||
|  | ||||
| Fixes #447 | ||||
| --- | ||||
|  jwt/contrib/algorithms/py_ecdsa.py | 4 +++- | ||||
|  1 file changed, 3 insertions(+), 1 deletion(-) | ||||
|  | ||||
| diff --git a/jwt/contrib/algorithms/py_ecdsa.py b/jwt/contrib/algorithms/py_ecdsa.py | ||||
| index bf0dea5..adb33f4 100644 | ||||
| --- a/jwt/contrib/algorithms/py_ecdsa.py | ||||
| +++ b/jwt/contrib/algorithms/py_ecdsa.py | ||||
| @@ -56,5 +56,7 @@ def verify(self, msg, key, sig): | ||||
|          try: | ||||
|              return key.verify(sig, msg, hashfunc=self.hash_alg, | ||||
|                                sigdecode=ecdsa.util.sigdecode_string) | ||||
| -        except AssertionError: | ||||
| +        # ecdsa <= 0.13.2 raises AssertionError on too long signatures, | ||||
| +        # ecdsa >= 0.13.3 raises BadSignatureError for verification errors. | ||||
| +        except (AssertionError, ecdsa.BadSignatureError): | ||||
|              return False | ||||
| @@ -1,3 +0,0 @@ | ||||
| version https://git-lfs.github.com/spec/v1 | ||||
| oid sha256:8d59a976fb773f3e6a39c85636357c4f0e242707394cadadd9814f5cbaa20e96 | ||||
| size 41979 | ||||
							
								
								
									
										3
									
								
								PyJWT-2.0.1.tar.gz
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								PyJWT-2.0.1.tar.gz
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | ||||
| version https://git-lfs.github.com/spec/v1 | ||||
| oid sha256:a5c70a06e1f33d81ef25eecd50d50bd30e34de1ca8b2b9fa3fe0daaabcf69bf7 | ||||
| size 57496 | ||||
| @@ -1,3 +1,21 @@ | ||||
| ------------------------------------------------------------------- | ||||
| Mon Feb  1 20:52:39 UTC 2021 - Dirk Müller <dmueller@suse.com> | ||||
|  | ||||
| - update to 2.0.1: | ||||
|   * Drop support for Python 2 and Python 3.0-3.5 | ||||
|   * Require cryptography >= 3 | ||||
|   * Drop support for PyCrypto and ECDSA | ||||
|   * Drop CLI | ||||
|   * Improve typings | ||||
|   * Dropped deprecated errors | ||||
|   * Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)`` | ||||
|   * Dropped deprecated ``verify`` param in ``jwt.decode(...)`` | ||||
|   * Require explicit ``algorithms`` in ``jwt.decode(...)`` by default | ||||
|   * Dropped deprecated ``require_*`` options in ``jwt.decode(...)`` | ||||
|   * Introduce better experience for JWKs | ||||
|   * further details see included CHANGELOG.rst | ||||
| - drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete) | ||||
|  | ||||
| ------------------------------------------------------------------- | ||||
| Fri Oct 18 20:24:47 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de> | ||||
|  | ||||
|   | ||||
| @@ -1,7 +1,7 @@ | ||||
| # | ||||
| # spec file for package python-PyJWT | ||||
| # | ||||
| # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. | ||||
| # Copyright (c) 2021 SUSE LLC | ||||
| # | ||||
| # All modifications and additions to the file contributed by third parties | ||||
| # remain the property of their copyright owners, unless otherwise agreed | ||||
| @@ -17,24 +17,21 @@ | ||||
|  | ||||
|  | ||||
| %{?!python_module:%define python_module() python-%{**} python3-%{**}} | ||||
| %global skip_python2 1 | ||||
| Name:           python-PyJWT | ||||
| Version:        1.7.1 | ||||
| Version:        2.0.1 | ||||
| Release:        0 | ||||
| Summary:        JSON Web Token implementation in Python | ||||
| License:        MIT | ||||
| Group:          Development/Languages/Python | ||||
| URL:            https://github.com/progrium/pyjwt | ||||
| Source:         https://files.pythonhosted.org/packages/source/P/PyJWT/PyJWT-%{version}.tar.gz | ||||
| # PATCH-FIX-UPSTREAM https://github.com/jpadilla/pyjwt/pull/448.patch | ||||
| Patch0:         0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch | ||||
| BuildRequires:  %{python_module cryptography >= 1.4} | ||||
| BuildRequires:  %{python_module ecdsa} | ||||
| BuildRequires:  %{python_module cryptography >= 3.3.1} | ||||
| BuildRequires:  %{python_module pytest} | ||||
| BuildRequires:  %{python_module setuptools} | ||||
| BuildRequires:  fdupes | ||||
| BuildRequires:  python-rpm-macros | ||||
| Requires:       python-cryptography >= 1.4 | ||||
| Requires:       python-ecdsa | ||||
| Requires:       python-cryptography >= 3.3.1 | ||||
| Requires:       python-setuptools | ||||
| Requires(post): update-alternatives | ||||
| Requires(postun): update-alternatives | ||||
| @@ -46,7 +43,6 @@ A Python implementation of JSON Web Token draft 01. | ||||
|  | ||||
| %prep | ||||
| %setup -q -n PyJWT-%{version} | ||||
| %patch0 -p1 | ||||
|  | ||||
| %build | ||||
| %python_build | ||||
| @@ -56,21 +52,13 @@ find ./ -type f -name "*.py" -perm 644 -exec sed -i -e '1{\@^#!%{_bindir}/env py | ||||
| %install | ||||
| %python_install | ||||
| %python_expand %fdupes %{buildroot}%{$python_sitelib} | ||||
| %python_clone -a %{buildroot}%{_bindir}/pyjwt | ||||
|  | ||||
| %post | ||||
| %python_install_alternative pyjwt | ||||
|  | ||||
| %postun | ||||
| %python_uninstall_alternative pyjwt | ||||
|  | ||||
| %check | ||||
| %python_expand PYTHONPATH=%{buildroot}%{$python_sitelib} py.test-%{$python_bin_suffix} -o addopts="" -k "not test_verify_false_deprecated" | ||||
|  | ||||
| %files %{python_files} | ||||
| %license LICENSE | ||||
| %doc AUTHORS CHANGELOG.md README.rst | ||||
| %doc AUTHORS.rst CHANGELOG.rst README.rst | ||||
| %{python_sitelib}/* | ||||
| %python_alternative %{_bindir}/pyjwt | ||||
|  | ||||
| %changelog | ||||
|   | ||||
		Reference in New Issue
	
	Block a user