From f05f40d64fefa2ff1308f8b28677875f963accf3 Mon Sep 17 00:00:00 2001
From: Stig Palmquist <git@stig.io>
Date: Tue, 7 May 2024 23:12:15 +0200
Subject: [PATCH] python3Packages.python-jose: add patches for CVE-2024-33663
 and CVE-2024-33664

---
 .../python-modules/python-jose/default.nix         | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/pkgs/development/python-modules/python-jose/default.nix b/pkgs/development/python-modules/python-jose/default.nix
index 9739e5bf7f65e..82600b4d3e59e 100644
--- a/pkgs/development/python-modules/python-jose/default.nix
+++ b/pkgs/development/python-modules/python-jose/default.nix
@@ -1,6 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchFromGitHub
+, fetchpatch
 
 # build-system
 , setuptools
@@ -31,6 +32,19 @@ buildPythonPackage rec {
     hash = "sha256-6VGC6M5oyGCOiXcYp6mpyhL+JlcYZKIqOQU9Sm/TkKM=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-33663.patch";
+      url  = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33663.patch?rev=36cd8815411620042f56a3b81599b341";
+      hash = "sha256-uxOCa7Lg82zY2nuHzw6CbcymCKUodITrFU3lLY1XMFU=";
+    })
+    (fetchpatch {
+      name = "CVE-2024-33664.patch";
+      url  = "https://build.opensuse.org/public/source/openSUSE:Factory/python-python-jose/CVE-2024-33664.patch?rev=36cd8815411620042f56a3b81599b341";
+      hash = "sha256-wx/U1T7t7TloP+dMXxGxEVB3bMC7e6epmN8RE8FKksM=";
+    })
+  ];
+
   postPatch = ''
     substituteInPlace setup.py \
       --replace '"pytest-runner",' ""