.gitignore

@@ -1 +1 @@
-SOURCES/jwcrypto-0.5.0.tar.gz
+SOURCES/jwcrypto-0.8.tar.gz

.python-jwcrypto.metadata

@@ -1 +1 @@
-8eccc6fbeeee2fedc602998a7c7a97b8bd550e59 SOURCES/jwcrypto-0.5.0.tar.gz
+038ee5faf896548477c0b57c3cacb92add36e550 SOURCES/jwcrypto-0.8.tar.gz

SOURCES/0001-Address-potential-DoS-with-high-compression-ratio_rhel#28698.patch

@@ -15,7 +15,7 @@ diff --git a/jwcrypto/jwe.py b/jwcrypto/jwe.py
 index 9412881..5df500b 100644
 --- a/jwcrypto/jwe.py
 +++ b/jwcrypto/jwe.py
-@@ -9,5 +10,8 @@
+@@ -10,5 +10,8 @@
  from jwcrypto.jwa import JWA
  
 +# Limit the amount of data we are willing to decompress by default.
@@ -24,7 +24,7 @@ index 9412881..5df500b 100644
  
  # RFC 7516 - 4.1
  # name: (description, supported?)
-@@ -374,6 +374,10 @@ def _decrypt(self, key, ppe):
+@@ -387,6 +387,10 @@ def _decrypt(self, key, ppe):
  
          compress = jh.get('zip', None)
          if compress == 'DEF':
@@ -39,9 +39,9 @@ diff --git a/jwcrypto/tests.py b/jwcrypto/tests.py
 index bb2ff10..59049f8 100644
 --- a/jwcrypto/tests.py
 +++ b/jwcrypto/tests.py
-@@ -1196,6 +1196,32 @@ def test_pbes2_hs256_aeskw_custom_params(self):
+@@ -1526,6 +1526,32 @@ def test_pbes2_hs256_aeskw_custom_params(self):
-         check.deserialize(enc, key)
+             token.deserialize(jwt=e)
-         self.assertEqual(b'plain', check.payload)
+             json_decode(token.claims)
  
 +    def test_jwe_decompression_max(self):
 +        key = jwk.JWK(kty='oct', k=base64url_encode(b'A' * (128 // 8)))

SOURCES/0002-Limit-number-of-iterations-for-PBES_rhel#23038.patch

@@ -1,44 +0,0 @@
-From d2655d370586cb830e49acfb450f87598da60be8 Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Thu, 7 Dec 2023 12:49:07 -0500
-Subject: [PATCH] Fix potential DoS issue with p2c header
-
-Unbounded p2c headers may be used to cause an application that accept
-PBES algorithms to spend alot of resources running PBKDF2 with a very
-high number of iterations.
-
-Clamp the default maximum to 16384 (double the default of 8192).
-An application that wants to use more iterations will have to chenge the
-jwa default max.
-
-Fixes CVE-2023-6681
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
----
- jwcrypto/jwa.py   |  5 +++++
- jwcrypto/tests.py | 12 ++++++++++++
- 2 files changed, 17 insertions(+)
-
-diff --git a/jwcrypto/jwa.py b/jwcrypto/jwa.py
-index de7a79f..ca4568e 100644
---- a/jwcrypto/jwa.py
-+++ b/jwcrypto/jwa.py
-@@ -29,6 +29,8 @@
- 
- # Implements RFC 7518 - JSON Web Algorithms (JWA)
- 
-+default_max_pbkdf2_iterations = 16384
-+
-
- @six.add_metaclass(abc.ABCMeta)
- class JWAAlgorithm(object):
-@@ -588,6 +590,9 @@ def __init__(self):
-         self.aeskwmap = {128: _A128KW, 192: _A192KW, 256: _A256KW}
- 
-     def _get_key(self, alg, key, p2s, p2c):
-+        if p2c > default_max_pbkdf2_iterations:
-+            raise ValueError('Invalid p2c value, too large')
-+
-         if isinstance(key, bytes):
-             plain = key
-         else:

SPECS/python-jwcrypto.spec

@@ -5,7 +5,7 @@
 %bcond_with python3
 %endif
 
-%if 0%{?rhel} > 7
+%if 0%{?fedora} > 31 || 0%{?rhel} > 7
 # Disable python2 build by default
 %bcond_with python2
 %else
@@ -15,25 +15,25 @@
 %global srcname jwcrypto
 
 Name:           python-%{srcname}
-Version:        0.5.0
+Version:        0.8
-Release:        2%{?dist}
+Release:        5%{?dist}
 Summary:        Implements JWK, JWS, JWE specifications using python-cryptography
 
 License:        LGPLv3+
 URL:            https://github.com/latchset/%{srcname}
 Source0:        https://github.com/latchset/%{srcname}/releases/download/v%{version}/%{srcname}-%{version}.tar.gz
 
-Patch1:         0001-Address-potential-DoS-with-high-compression-ratio_rhel#28697.patch
+Patch1:         0001-Address-potential-DoS-with-high-compression-ratio_rhel#28698.patch
-Patch2:         0002-Limit-number-of-iterations-for-PBES_rhel#23038.patch
 
 BuildArch:      noarch
-%if %{with python2}
+%if 0%{?with_python2}
 BuildRequires:  python2-devel
 BuildRequires:  python2-setuptools
 BuildRequires:  python2-cryptography >= 1.5
 BuildRequires:  python2-pytest
 %endif
-%if %{with python3}
+
+%if 0%{?with_python3}
 BuildRequires:  python%{python3_pkgversion}-devel
 BuildRequires:  python%{python3_pkgversion}-setuptools
 BuildRequires:  python%{python3_pkgversion}-cryptography >= 1.5
@@ -43,7 +43,8 @@ BuildRequires:  python%{python3_pkgversion}-pytest
 %description
 Implements JWK, JWS, JWE specifications using python-cryptography
 
-%if %{with python2}
+
+%if 0%{?with_python2}
 %package -n python2-%{srcname}
 Summary:        Implements JWK,JWS,JWE specifications using python-cryptography
 Requires:       python2-cryptography >= 1.5
@@ -53,7 +54,8 @@ Requires:       python2-cryptography >= 1.5
 Implements JWK, JWS, JWE specifications using python-cryptography
 %endif
 
-%if %{with python3}
+
+%if 0%{?with_python3}
 %package -n python%{python3_pkgversion}-%{srcname}
 Summary:        Implements JWK, JWS, JWE specifications using python-cryptography
 Requires:       python%{python3_pkgversion}-cryptography >= 1.5
@@ -70,37 +72,42 @@ Implements JWK, JWS, JWE specifications using python-cryptography
 %autopatch -p 1
 
 %build
-%if %{with python2}
+%if 0%{?with_python2}
 %py2_build
 %endif
-%if %{with python3}
+%if 0%{?with_python3}
 %py3_build
 %endif
 
 
 %check
-%if %{with python2}
+%if 0%{?with_python2}
 %{__python2} -bb -m pytest %{srcname}/test*.py
 %endif
-%if %{with python3}
+%if 0%{?with_python3}
 %{__python3} -bb -m pytest %{srcname}/test*.py
 %endif
 
 
 %install
-%if %{with python2}
+%if 0%{?with_python2}
 %py2_install
+%endif
+%if 0%{?with_python3}
+%py3_install
+%endif
+
 rm -rf %{buildroot}%{_docdir}/%{srcname}
+%if 0%{?with_python2}
 rm -rf %{buildroot}%{python2_sitelib}/%{srcname}/tests{,-cookbook}.py*
 %endif
-%if %{with python3}
+%if 0%{?with_python3}
-%py3_install
 rm -rf %{buildroot}%{python3_sitelib}/%{srcname}/tests{,-cookbook}.py*
 rm -rf %{buildroot}%{python3_sitelib}/%{srcname}/__pycache__/tests{,-cookbook}.*.py*
 %endif
-rm -rf %{buildroot}/usr/share/doc/jwcrypto
 
-%if %{with python2}
+
+%if 0%{?with_python2}
 %files -n python2-%{srcname}
 %doc README.md
 %license LICENSE
@@ -108,7 +115,7 @@ rm -rf %{buildroot}/usr/share/doc/jwcrypto
 %{python2_sitelib}/%{srcname}-%{version}-py%{python2_version}.egg-info
 %endif
 
-%if %{with python3}
+%if 0%{?with_python3}
 %files -n python%{python3_pkgversion}-%{srcname}
 %doc README.md
 %license LICENSE
@@ -118,24 +125,65 @@ rm -rf %{buildroot}/usr/share/doc/jwcrypto
 
 
 %changelog
-* Mon Apr 15 2024 Rafael Jeffman <rjeffman@redhat.com> - 0.5.0-2
+* Thu Apr 04 2024 Rafael Jeffman <rjeffman@redhat.com> - 0.8-5
 - Address potential DoS with high compression ratio
-  Resolves: RHEL-28697
+  Resolves: RHEL-28698
-- Limit number of iterations for PBES
+
-  Resolves: RHEL-23036 RHEL-23037
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 0.8-4
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 0.8-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Tue Dec 01 2020 Simo Sorce <simo@redhat.com> - 0.8-1
+- Sync with upstream release 0.8
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.6.0-8
+- Rebuilt for Python 3.9
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.6.0-6
+- Rebuilt for Python 3.8.0rc1 (#1748018)
+
+* Thu Aug 29 2019 Christian Heimes <cheimes@redhat.com> - 0.6.0-5
+- Remove Python 2 subpackages from F32+
+- Resolves: RHBZ #1746760
+
+* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.6.0-4
+- Rebuilt for Python 3.8
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.6.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Mon Nov 05 2018 Christian Heimes <cheimes@redhat.com> - 0.6.0-1
+- New upstream release 0.6.0
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.5.0-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 
-* Fri Jun 17 2022 Christian Heimes <cheimes@redhat.com> - 0.5.0-1.1
+* Mon Jul 02 2018 Miro Hrončok <mhroncok@redhat.com> - 0.5.0-2
-- Bump dist to solve version sorting issue, fixes RHBZ#2097800
+- Rebuilt for Python 3.7
 
-* Thu Jun 28 2018 Christian Heimes <cheimes@redhat.com> - 0.5.0-1
+* Wed Jun 27 2018 Christian Heimes <cheimes@redhat.com> - 0.5.0-1
 - New upstream release 0.5.0
-- Fixes Coverity scan issue
 
-* Mon Apr 16 2018 Christian Heimes <cheimes@redhat.com> - 0.4.2-5
+* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 0.4.2-5
-- Drop Python 2 subpackages from RHEL 8, fixes RHBZ#1567152
+- Rebuilt for Python 3.7
 
-* Thu Nov 23 2017 Christian Heimes <cheimes@redhat.com> - 0.4.2-4
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4.2-4
-- Build Python 3 package on RHEL > 7, fixes RHBZ#1516813
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
 
 * Wed Aug 02 2017 Christian Heimes <cheimes@redhat.com> - 0.4.2-3
 - Run tests with bytes warning