From c47e59337b382123a5419aff3c85d15418b12c67 Mon Sep 17 00:00:00 2001
From: Robert Scott <code@humanleg.org.uk>
Date: Sat, 13 Apr 2024 21:08:09 +0100
Subject: [PATCH] python311Packages.jwcrypto: add patch for CVE-2024-28102

---
 pkgs/development/python-modules/jwcrypto/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/pkgs/development/python-modules/jwcrypto/default.nix b/pkgs/development/python-modules/jwcrypto/default.nix
index 7bd3126b093e7b..4122f77e1bb62f 100644
--- a/pkgs/development/python-modules/jwcrypto/default.nix
+++ b/pkgs/development/python-modules/jwcrypto/default.nix
@@ -1,6 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchPypi
+, fetchpatch
 , cryptography
 , deprecated
 , pythonOlder
@@ -18,6 +19,14 @@ buildPythonPackage rec {
     hash = "sha256-SLub9DN3cTYlNXnlK3X/4PmkpyHRM9AfRaC5HtX08a4=";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2024-28102.patch";
+      url = "https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f.patch";
+      hash = "sha256-0+zjHEXEcL1ZqRaxFi3lo9nAg+Ny/ERpNCclF+0SrYI=";
+    })
+  ];
+
   propagatedBuildInputs = [
     cryptography
     deprecated