Merge pull request #309943 from stigtsp/fix/python-jose-2-cves

python3Packages.python-jose: Add patches for CVE-2024-33663 and CVE-2024-33664
NixOS · May 8, 2024 · 045375d · 045375d
2 parents dce50cf + f05f40d
commit 045375d
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/pkgs/development/python-modules/python-jose/default.nix b/pkgs/development/python-modules/python-jose/default.nix
@@ -1,6 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchFromGitHub
+, fetchpatch
 
 # build-system
 , setuptools
@@ -31,6 +32,19 @@ buildPythonPackage rec {
     hash = "sha256-6VGC6M5oyGCOiXcYp6mpyhL+JlcYZKIqOQU9Sm/TkKM=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-33663.patch";
+      url  = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33663.patch?rev=36cd8815411620042f56a3b81599b341";
+      hash = "sha256-uxOCa7Lg82zY2nuHzw6CbcymCKUodITrFU3lLY1XMFU=";
+    })
+    (fetchpatch {
+      name = "CVE-2024-33664.patch";
+      url  = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33664.patch?rev=36cd8815411620042f56a3b81599b341";
+      hash = "sha256-wx/U1T7t7TloP+dMXxGxEVB3bMC7e6epmN8RE8FKksM=";
+    })
+  ];
+
   postPatch = ''
     substituteInPlace setup.py \
       --replace '"pytest-runner",' ""