File python-PyJWT.changes of Package python-PyJWT.26294
-------------------------------------------------------------------
Mon Jun 20 23:05:09 UTC 2022 - Matej Cepl <mcepl@suse.com>
- Add CVE-2022-29217-non-blocked-pubkeys.patch fixing
CVE-2022-29217 (bsc#1199756), which disallows use of blocked
pubkeys (heavily modified from upstream).
-------------------------------------------------------------------
Thu Nov 2 02:05:49 UTC 2017 - arun@gmx.de
- update to version 1.5.3:
* Changed
+ Increase required version of the cryptography package to
>=1.4.0.
* Fixed
+ Remove uses of deprecated functions from the cryptography
package.
+ Warn about missing algorithms param to decode() only when verify
param is True #281
-------------------------------------------------------------------
Mon Aug 21 15:51:40 UTC 2017 - tbechtold@suse.com
- update to 1.5.2:
- Ensure correct arguments order in decode super call [7c1e61d][7c1e61d]
- Change optparse for argparse. [#238][238]
- Guard against PKCS1 PEM encododed public keys [#277][277]
- Add deprecation warning when decoding without specifying `algorithms` [#277][277]
- Improve deprecation messages [#270][270]
- PyJWT.decode: move verify param into options [#271][271]
- Support for Python 3.6 [#262][262]
- Expose jwt.InvalidAlgorithmError [#264][264]
- Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [#244][244]
- Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances. [#187][187]
- Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230]
- Tokens with future 'iat' values are no longer rejected [#190][190]
- Non-numeric 'iat' values now raise InvalidIssuedAtError instead of DecodeError
- Remove rejection of future 'iat' claims [#252][252]
- Add back 'ES512' for backward compatibility (for now) [#225][225]
- Fix incorrectly named ECDSA algorithm [#219][219]
- Fix rpm build [#196][196]
- Add JWK support for HMAC and RSA keys [#202][202]
-------------------------------------------------------------------
Fri Apr 28 12:25:53 UTC 2017 - pousaduarte@gmail.com
- Restore runtime dependency python-ecdsa
-------------------------------------------------------------------
Wed Apr 26 18:03:53 UTC 2017 - pousaduarte@gmail.com
- Convert to singlespec
- Remove unneeded dependency python-ecdsa
- Use "download_files" in _service file to automate source fetching
-------------------------------------------------------------------
Fri Mar 17 18:58:52 UTC 2017 - rjschwei@suse.com
- Drop pycrypto as dependency, we only need cryptography
-------------------------------------------------------------------
Fri Mar 10 08:52:47 UTC 2017 - alarrosa@suse.com
- Use update-alternatives so it can be co-installable with python3-PyJWT
- Use dos2unix on jwt/__init__.py
- updated source url to files.pythonhosted.org
- Run the spec file through spec-cleaner
- Drop PyJWT-1.1.0.diff which was only used on rhel (?)
-------------------------------------------------------------------
Thu Sep 15 13:52:58 UTC 2016 - rjschwei@suse.com
- Include in SLES 12 (FATE#321371, bsc#998103)
-------------------------------------------------------------------
Thu Sep 1 12:36:06 UTC 2016 - tbechtold@suse.com
- Use https for Source url
-------------------------------------------------------------------
Thu Sep 1 05:41:26 UTC 2016 - tbechtold@suse.com
- update to 1.4.2:
- A PEM-formatted key encoded as bytes could cause a `TypeError` to be raised [#213][213]
- Newer versions of Pytest could not detect warnings properly [#182][182]
- Non-string 'kid' value now raises `InvalidTokenError` [#174][174]
- `jwt.decode(None)` now gracefully fails with `InvalidTokenError` [#183][183]
-------------------------------------------------------------------
Tue Jan 5 09:38:01 UTC 2016 - bwiedemann@suse.com
- BuildRequire python-pytest-cov >= 1.7
-------------------------------------------------------------------
Thu Nov 5 10:38:45 UTC 2015 - toddrme2178@gmail.com
- Update to 1.4.0
+ Fixed
* Exclude Python cache files from PyPI releases.
+ Added
* Added new options to require certain claims
(require_nbf, require_iat, require_exp) and raise `MissingRequiredClaimError`
if they are not present.
* If `audience=` or `issuer=` is specified but the claim is not present,
`MissingRequiredClaimError` is now raised instead of `InvalidAudienceError`
and `InvalidIssuerError`
- Update to 1.3.0
+ Fixed
* ECDSA (ES256, ES384, ES512) signatures are now being properly serialized [#158][158]
* RSA-PSS (PS256, PS384, PS512) signatures now use the proper salt length for PSS padding. [#163][163]
+ Added
* Added a new `jwt.get_unverified_header()` to parse and return the header portion of a token prior to signature verification.
+ Removed
* Python 3.2 is no longer a supported platform. This version of Python is
rarely used. Users affected by this should upgrade to 3.3+.
- Update to 1.2.0
+ Fixed
* Added back `verify_expiration=` argument to `jwt.decode()` that was erroneously removed in [v1.1.0][1.1.0].
+ Changed
* Refactored JWS-specific logic out of PyJWT and into PyJWS superclass. [#141][141]
+ Deprecated
* `verify_expiration=` argument to `jwt.decode()` is now deprecated and will be removed in a future version. Use the `option=` argument instead.
- Rebase PyJWT-1.1.0.diff
-------------------------------------------------------------------
Mon Aug 10 09:20:26 UTC 2015 - seife+obs@b1-systems.com
- apply PyJWT-1.1.0.diff only on RHEL/CentOS
-------------------------------------------------------------------
Thu Jul 9 16:43:37 UTC 2015 - seife+obs@b1-systems.com
- fix build on RHEL7, add PyJWT-1.1.0.diff
-------------------------------------------------------------------
Wed Apr 22 14:01:31 UTC 2015 - mcihar@suse.cz
- Include pycrypto and ecdsa in BuildRequires for complete test coverage
- Use setup.py test to execute testsuite
-------------------------------------------------------------------
Wed Apr 22 11:14:42 UTC 2015 - mcihar@suse.cz
- Simplify dependencies (only python-cryptography is needed, pycrypto and ecdsa
are just fallbacks whet is is not)
-------------------------------------------------------------------
Mon Apr 20 11:56:59 UTC 2015 - mcihar@suse.cz
- Enable testsuite during build
-------------------------------------------------------------------
Mon Apr 20 11:55:52 UTC 2015 - mcihar@suse.cz
- Update to 1.1.0
-------------------------------------------------------------------
Thu Nov 6 09:08:37 UTC 2014 - mcihar@suse.cz
- Update to 0.3.0
-------------------------------------------------------------------
Wed Jul 23 13:28:19 UTC 2014 - mcihar@suse.cz
- initial packaging