diff --git a/0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch b/0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch deleted file mode 100644 index f52aec9..0000000 --- a/0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch +++ /dev/null @@ -1,27 +0,0 @@ -From e4563939727281cd982c3a228ea80e4b8bf69997 Mon Sep 17 00:00:00 2001 -From: StefanBruens -Date: Fri, 18 Oct 2019 22:10:16 +0200 -Subject: [PATCH] Catch BadSignatureError raised by ecdsa 0.13.3 on - verification errors - -The new ecdsa no longer uses AssertionError when the signature is too long. -This happens in the test suite, where "123" is appended to the signature. - -Fixes #447 ---- - jwt/contrib/algorithms/py_ecdsa.py | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/jwt/contrib/algorithms/py_ecdsa.py b/jwt/contrib/algorithms/py_ecdsa.py -index bf0dea5..adb33f4 100644 ---- a/jwt/contrib/algorithms/py_ecdsa.py -+++ b/jwt/contrib/algorithms/py_ecdsa.py -@@ -56,5 +56,7 @@ def verify(self, msg, key, sig): - try: - return key.verify(sig, msg, hashfunc=self.hash_alg, - sigdecode=ecdsa.util.sigdecode_string) -- except AssertionError: -+ # ecdsa <= 0.13.2 raises AssertionError on too long signatures, -+ # ecdsa >= 0.13.3 raises BadSignatureError for verification errors. -+ except (AssertionError, ecdsa.BadSignatureError): - return False diff --git a/PyJWT-1.7.1.tar.gz b/PyJWT-1.7.1.tar.gz deleted file mode 100644 index 472f101..0000000 --- a/PyJWT-1.7.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8d59a976fb773f3e6a39c85636357c4f0e242707394cadadd9814f5cbaa20e96 -size 41979 diff --git a/PyJWT-2.0.1.tar.gz b/PyJWT-2.0.1.tar.gz new file mode 100644 index 0000000..c7a50b2 --- /dev/null +++ b/PyJWT-2.0.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a5c70a06e1f33d81ef25eecd50d50bd30e34de1ca8b2b9fa3fe0daaabcf69bf7 +size 57496 diff --git a/python-PyJWT.changes b/python-PyJWT.changes index 31e486b..d9ea436 100644 --- a/python-PyJWT.changes +++ b/python-PyJWT.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Mon Feb 1 20:52:39 UTC 2021 - Dirk Müller + +- update to 2.0.1: + * Drop support for Python 2 and Python 3.0-3.5 + * Require cryptography >= 3 + * Drop support for PyCrypto and ECDSA + * Drop CLI + * Improve typings + * Dropped deprecated errors + * Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)`` + * Dropped deprecated ``verify`` param in ``jwt.decode(...)`` + * Require explicit ``algorithms`` in ``jwt.decode(...)`` by default + * Dropped deprecated ``require_*`` options in ``jwt.decode(...)`` + * Introduce better experience for JWKs + * further details see included CHANGELOG.rst +- drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete) + ------------------------------------------------------------------- Fri Oct 18 20:24:47 UTC 2019 - Stefan Brüns diff --git a/python-PyJWT.spec b/python-PyJWT.spec index d11d955..ca3c0b5 100644 --- a/python-PyJWT.spec +++ b/python-PyJWT.spec @@ -1,7 +1,7 @@ # # spec file for package python-PyJWT # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,24 +17,21 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} +%global skip_python2 1 Name: python-PyJWT -Version: 1.7.1 +Version: 2.0.1 Release: 0 Summary: JSON Web Token implementation in Python License: MIT Group: Development/Languages/Python URL: https://github.com/progrium/pyjwt Source: https://files.pythonhosted.org/packages/source/P/PyJWT/PyJWT-%{version}.tar.gz -# PATCH-FIX-UPSTREAM https://github.com/jpadilla/pyjwt/pull/448.patch -Patch0: 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch -BuildRequires: %{python_module cryptography >= 1.4} -BuildRequires: %{python_module ecdsa} +BuildRequires: %{python_module cryptography >= 3.3.1} BuildRequires: %{python_module pytest} BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros -Requires: python-cryptography >= 1.4 -Requires: python-ecdsa +Requires: python-cryptography >= 3.3.1 Requires: python-setuptools Requires(post): update-alternatives Requires(postun): update-alternatives @@ -46,7 +43,6 @@ A Python implementation of JSON Web Token draft 01. %prep %setup -q -n PyJWT-%{version} -%patch0 -p1 %build %python_build @@ -56,21 +52,13 @@ find ./ -type f -name "*.py" -perm 644 -exec sed -i -e '1{\@^#!%{_bindir}/env py %install %python_install %python_expand %fdupes %{buildroot}%{$python_sitelib} -%python_clone -a %{buildroot}%{_bindir}/pyjwt - -%post -%python_install_alternative pyjwt - -%postun -%python_uninstall_alternative pyjwt %check %python_expand PYTHONPATH=%{buildroot}%{$python_sitelib} py.test-%{$python_bin_suffix} -o addopts="" -k "not test_verify_false_deprecated" %files %{python_files} %license LICENSE -%doc AUTHORS CHANGELOG.md README.rst +%doc AUTHORS.rst CHANGELOG.rst README.rst %{python_sitelib}/* -%python_alternative %{_bindir}/pyjwt %changelog