- update to 2.0.1:

* Drop support for Python 2 and Python 3.0-3.5
  * Require cryptography >= 3
  * Drop support for PyCrypto and ECDSA
  * Drop CLI
  * Improve typings
  * Dropped deprecated errors
  * Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
  * Dropped deprecated ``verify`` param in ``jwt.decode(...)``
  * Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
  * Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
  * Introduce better experience for JWKs
  * further details see included CHANGELOG.rst
- drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-PyJWT?expand=0&rev=47

0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch

@@ -1,27 +0,0 @@
-From e4563939727281cd982c3a228ea80e4b8bf69997 Mon Sep 17 00:00:00 2001
-From: StefanBruens <stefan.bruens@rwth-aachen.de>
-Date: Fri, 18 Oct 2019 22:10:16 +0200
-Subject: [PATCH] Catch BadSignatureError raised by ecdsa 0.13.3 on
- verification errors
-
-The new ecdsa no longer uses AssertionError when the signature is too long.
-This happens in the test suite, where "123" is appended to the signature.
-
-Fixes #447
----
- jwt/contrib/algorithms/py_ecdsa.py | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/jwt/contrib/algorithms/py_ecdsa.py b/jwt/contrib/algorithms/py_ecdsa.py
-index bf0dea5..adb33f4 100644
---- a/jwt/contrib/algorithms/py_ecdsa.py
-+++ b/jwt/contrib/algorithms/py_ecdsa.py
-@@ -56,5 +56,7 @@ def verify(self, msg, key, sig):
-         try:
-             return key.verify(sig, msg, hashfunc=self.hash_alg,
-                               sigdecode=ecdsa.util.sigdecode_string)
--        except AssertionError:
-+        # ecdsa <= 0.13.2 raises AssertionError on too long signatures,
-+        # ecdsa >= 0.13.3 raises BadSignatureError for verification errors.
-+        except (AssertionError, ecdsa.BadSignatureError):
-             return False

PyJWT-1.7.1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8d59a976fb773f3e6a39c85636357c4f0e242707394cadadd9814f5cbaa20e96
-size 41979

PyJWT-2.0.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a5c70a06e1f33d81ef25eecd50d50bd30e34de1ca8b2b9fa3fe0daaabcf69bf7
+size 57496

python-PyJWT.changes

@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Mon Feb  1 20:52:39 UTC 2021 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.0.1:
+  * Drop support for Python 2 and Python 3.0-3.5
+  * Require cryptography >= 3
+  * Drop support for PyCrypto and ECDSA
+  * Drop CLI
+  * Improve typings
+  * Dropped deprecated errors
+  * Dropped deprecated ``verify_expiration`` param in ``jwt.decode(...)``
+  * Dropped deprecated ``verify`` param in ``jwt.decode(...)``
+  * Require explicit ``algorithms`` in ``jwt.decode(...)`` by default
+  * Dropped deprecated ``require_*`` options in ``jwt.decode(...)``
+  * Introduce better experience for JWKs
+  * further details see included CHANGELOG.rst
+- drop 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch (obsolete)
+
 -------------------------------------------------------------------
 Fri Oct 18 20:24:47 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
 

python-PyJWT.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-PyJWT
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,24 +17,21 @@
 
 
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+%global skip_python2 1
 Name:           python-PyJWT
-Version:        1.7.1
+Version:        2.0.1
 Release:        0
 Summary:        JSON Web Token implementation in Python
 License:        MIT
 Group:          Development/Languages/Python
 URL:            https://github.com/progrium/pyjwt
 Source:         https://files.pythonhosted.org/packages/source/P/PyJWT/PyJWT-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM https://github.com/jpadilla/pyjwt/pull/448.patch
+BuildRequires:  %{python_module cryptography >= 3.3.1}
-Patch0:         0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch
-BuildRequires:  %{python_module cryptography >= 1.4}
-BuildRequires:  %{python_module ecdsa}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
-Requires:       python-cryptography >= 1.4
+Requires:       python-cryptography >= 3.3.1
-Requires:       python-ecdsa
 Requires:       python-setuptools
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
@@ -46,7 +43,6 @@ A Python implementation of JSON Web Token draft 01.
 
 %prep
 %setup -q -n PyJWT-%{version}
-%patch0 -p1
 
 %build
 %python_build
@@ -56,21 +52,13 @@ find ./ -type f -name "*.py" -perm 644 -exec sed -i -e '1{\@^#!%{_bindir}/env py
 %install
 %python_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
-%python_clone -a %{buildroot}%{_bindir}/pyjwt
-
-%post
-%python_install_alternative pyjwt
-
-%postun
-%python_uninstall_alternative pyjwt
 
 %check
 %python_expand PYTHONPATH=%{buildroot}%{$python_sitelib} py.test-%{$python_bin_suffix} -o addopts="" -k "not test_verify_false_deprecated"
 
 %files %{python_files}
 %license LICENSE
-%doc AUTHORS CHANGELOG.md README.rst
+%doc AUTHORS.rst CHANGELOG.rst README.rst
 %{python_sitelib}/*
-%python_alternative %{_bindir}/pyjwt
 
 %changelog