diff --git a/pkgs/development/python-modules/jwcrypto/default.nix b/pkgs/development/python-modules/jwcrypto/default.nix index 7bd3126b093e7bb..4122f77e1bb62fb 100644 --- a/pkgs/development/python-modules/jwcrypto/default.nix +++ b/pkgs/development/python-modules/jwcrypto/default.nix @@ -1,6 +1,7 @@ { lib , buildPythonPackage , fetchPypi +, fetchpatch , cryptography , deprecated , pythonOlder @@ -18,6 +19,14 @@ buildPythonPackage rec { hash = "sha256-SLub9DN3cTYlNXnlK3X/4PmkpyHRM9AfRaC5HtX08a4="; }; + patches = [ + (fetchpatch { + name = "CVE-2024-28102.patch"; + url = "https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f.patch"; + hash = "sha256-0+zjHEXEcL1ZqRaxFi3lo9nAg+Ny/ERpNCclF+0SrYI="; + }) + ]; + propagatedBuildInputs = [ cryptography deprecated