python312Packages.quantities: prevent arbitrary code eval (#339916)

2024-11-17 19:21:04 +00:00 · 2024-09-08 18:02:19 -07:00 · 2024-09-08 18:02:19 -07:00 · ab2f43cc62
parent 4774510ea7 131d5e4858
commit ab2f43cc62
1 changed files with 18 additions and 7 deletions
--- a/pkgs/development/python-modules/quantities/default.nix
+++ b/pkgs/development/python-modules/quantities/default.nix
@ -1,7 +1,8 @@
 {
  lib,
  buildPythonPackage,
-  fetchPypi,
+  fetchFromGitHub,
+  fetchpatch2,
  numpy,
  pytestCheckHook,
  pythonOlder,
@ -12,21 +13,31 @@
 buildPythonPackage rec {
  pname = "quantities";
  version = "0.15.0";
-  format = "setuptools";
+  pyproject = true;

  disabled = pythonOlder "3.8";

-  src = fetchPypi {
-    inherit pname version;
-    hash = "sha256-nqMeKg11F88k1UaxQUbe+SkmOZk6YWzKYbh173lrSys=";
+  src = fetchFromGitHub {
+    owner = "python-quantities";
+    repo = "python-quantities";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-N20xfzGtM0VnfkJtzMytNLySTkgVz2xf1nEJxlwBSCI=";
  };

-  nativeBuildInputs = [
+  patches = [
+    (fetchpatch2 {
+      name = "prevent-arbitrary-code-eval.patch";
+      url = "https://github.com/python-quantities/python-quantities/pull/236.patch";
+      hash = "sha256-H1tOfXqNMIKY01m6o2PsfZG0CvnWNxW2qIWA5ce1lRk=";
+    })
+  ];
+
+  build-system = [
    setuptools
    setuptools-scm
  ];

-  propagatedBuildInputs = [ numpy ];
+  dependencies = [ numpy ];

  nativeCheckInputs = [ pytestCheckHook ];