commit python-PyJWT for openSUSE:Factory
Hello community,
here is the log from the commit of package python-PyJWT for openSUSE:Factory checked in at 2019-11-04 17:07:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-PyJWT (Old)
and /work/SRC/openSUSE:Factory/.python-PyJWT.new.2990 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-PyJWT"
Mon Nov 4 17:07:38 2019 rev:20 rq:741201 version:1.7.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-PyJWT/python-PyJWT.changes 2019-03-12 09:44:25.407825191 +0100
+++ /work/SRC/openSUSE:Factory/.python-PyJWT.new.2990/python-PyJWT.changes 2019-11-04 17:07:40.116342035 +0100
@@ -1,0 +2,6 @@
+Fri Oct 18 20:24:47 UTC 2019 - Stefan Brüns
From e4563939727281cd982c3a228ea80e4b8bf69997 Mon Sep 17 00:00:00 2001 From: StefanBruens
Date: Fri, 18 Oct 2019 22:10:16 +0200 Subject: [PATCH] Catch BadSignatureError raised by ecdsa 0.13.3 on verification errors
The new ecdsa no longer uses AssertionError when the signature is too long. This happens in the test suite, where "123" is appended to the signature. Fixes #447 --- jwt/contrib/algorithms/py_ecdsa.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/jwt/contrib/algorithms/py_ecdsa.py b/jwt/contrib/algorithms/py_ecdsa.py index bf0dea5..adb33f4 100644 --- a/jwt/contrib/algorithms/py_ecdsa.py +++ b/jwt/contrib/algorithms/py_ecdsa.py @@ -56,5 +56,7 @@ def verify(self, msg, key, sig): try: return key.verify(sig, msg, hashfunc=self.hash_alg, sigdecode=ecdsa.util.sigdecode_string) - except AssertionError: + # ecdsa <= 0.13.2 raises AssertionError on too long signatures, + # ecdsa >= 0.13.3 raises BadSignatureError for verification errors. + except (AssertionError, ecdsa.BadSignatureError): return False
participants (1)
-
root