python/python-PyJWT
SHA256
14
0
Fork 0
forked from pool/python-PyJWT
Code Pull Requests Activity

Accepting request 741201 from devel:languages:python

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/741201
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-PyJWT?expand=0&rev=20
This commit is contained in:
Dominique Leuenberger
2019-11-04 16:07:38 +00:00
committed by Git OBS Bridge
parent 97909b04b9 20e146e8e8
commit 8e7bbfc3d3
3 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch Normal file
View File

@@ -0,0 +1,27 @@
From e4563939727281cd982c3a228ea80e4b8bf69997 Mon Sep 17 00:00:00 2001
From: StefanBruens <stefan.bruens@rwth-aachen.de>
Date: Fri, 18 Oct 2019 22:10:16 +0200
Subject: [PATCH] Catch BadSignatureError raised by ecdsa 0.13.3 on
verification errors
The new ecdsa no longer uses AssertionError when the signature is too long.
This happens in the test suite, where "123" is appended to the signature.
Fixes #447
---
jwt/contrib/algorithms/py_ecdsa.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/jwt/contrib/algorithms/py_ecdsa.py b/jwt/contrib/algorithms/py_ecdsa.py
index bf0dea5..adb33f4 100644
--- a/jwt/contrib/algorithms/py_ecdsa.py
+++ b/jwt/contrib/algorithms/py_ecdsa.py
@@ -56,5 +56,7 @@ def verify(self, msg, key, sig):
try:
return key.verify(sig, msg, hashfunc=self.hash_alg,
sigdecode=ecdsa.util.sigdecode_string)
- except AssertionError:
+ # ecdsa <= 0.13.2 raises AssertionError on too long signatures,
+ # ecdsa >= 0.13.3 raises BadSignatureError for verification errors.
+ except (AssertionError, ecdsa.BadSignatureError):
return False

6
python-PyJWT.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Fri Oct 18 20:24:47 UTC 2019 - Stefan Brüns <stefan.bruens@rwth-aachen.de>
- Fix build with ecdsa >= 0.13.3, #447
* 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 7 11:13:38 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com> Thu Mar 7 11:13:38 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>

3
python-PyJWT.spec
View File

@@ -25,6 +25,8 @@ License: MIT
Group: Development/Languages/Python Group: Development/Languages/Python
URL: https://github.com/progrium/pyjwt URL: https://github.com/progrium/pyjwt
Source: https://files.pythonhosted.org/packages/source/P/PyJWT/PyJWT-%{version}.tar.gz Source: https://files.pythonhosted.org/packages/source/P/PyJWT/PyJWT-%{version}.tar.gz
# PATCH-FIX-UPSTREAM https://github.com/jpadilla/pyjwt/pull/448.patch
Patch0: 0001-Catch-BadSignatureError-raised-by-ecdsa-0.13.3.patch
BuildRequires: %{python_module cryptography >= 1.4} BuildRequires: %{python_module cryptography >= 1.4}
BuildRequires: %{python_module ecdsa} BuildRequires: %{python_module ecdsa}
BuildRequires: %{python_module pytest} BuildRequires: %{python_module pytest}
@@ -44,6 +46,7 @@ A Python implementation of JSON Web Token draft 01.
%prep %prep
%setup -q -n PyJWT-%{version} %setup -q -n PyJWT-%{version}
%patch0 -p1
%build %build
%python_build %python_build