File python-python3-saml.changes of Package python-python3-saml
-------------------------------------------------------------------
Wed Jun 11 05:49:32 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
- Switch to pyproject macros.
-------------------------------------------------------------------
Sat Mar 22 17:47:32 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
- Update URL and Source tags to new URL.
-------------------------------------------------------------------
Tue Mar 18 14:11:13 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 1.16.0
* #364 Improve get_metadata method from Parser, allowing to set headers
* Fix WantAuthnRequestsSigned parser
* Fix expired payloads used on tests
* Updated content from docs folder
- Drop fix-payloads-tests-dates.patch, merged upstream
-------------------------------------------------------------------
Thu Nov 2 08:34:04 UTC 2023 - Andreas Schneider <asn@cryptomilk.org>
- Use sle15_python_module_pythons
-------------------------------------------------------------------
Sun May 14 20:32:35 UTC 2023 - Matej Cepl <mcepl@suse.com>
- Update to 1.15.0:
- #317 Handle unicode characters gracefully in python 2
- #338 Fix WantAuthnRequestsSigned parser
- #339 Add Poetry support
- Remove version restriction on lxml dependency
- Updated Django demo to 4.X (only py3 compatible)
- Updated Travis file. Forced lxml to be installed using
no-validate_binary
- Removed references to OneLogin from documentation
- Add fix-payloads-tests-dates.patch
(gh#SAML-Toolkits/python3-saml#271).
-------------------------------------------------------------------
Fri Dec 30 13:03:38 UTC 2022 - Matej Cepl <mcepl@suse.com>
- Clean up SPEC file
-------------------------------------------------------------------
Tue Oct 18 13:36:10 UTC 2022 - Markéta Machová <mmachova@suse.com>
- No need to skip Python 3.10 anymore
-------------------------------------------------------------------
Mon May 23 07:59:12 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.14.0:
* Add support for python 3.10 and cleanup the GHA
* Remove stats from coveralls removed as they are no longer maintained
* Add rejectDeprecatedAlgorithm settings in order to be able reject messages
signed with deprecated algorithms
* Support building a LogoutResponse with non-success status
* Replace double-underscored names with single underscores
* Deprecate server_port from request data dictionary
-------------------------------------------------------------------
Fri Jul 23 07:12:16 UTC 2021 - Matej Cepl <mcepl@suse.com>
- Update to 1.11.0:
- #261 Allow duplicate named attributes, controlled by a new
setting
- #268 Make the redirect scheme matcher case-insensitive
- #256 Improve signature validation process. Add an option to
use query string for validation
- #259 Add get metadata timeout
- #246 Add the ability to change the ProtocolBinding in the
authn request.
- #248 Move storing the response data into its own method in
the Auth class
- Remove the dependency on defusedxml
- #241 Improve AttributeConsumingService support
- Update expired dates from test responses
- The test suite is still ignored.
-------------------------------------------------------------------
Fri Jul 16 09:31:58 UTC 2021 - Matej Cepl <mcepl@suse.com>
- The test suite is a complete disaster right now, switching it
off (gh#onelogin/python3-saml#272).
-------------------------------------------------------------------
Thu Jul 8 09:57:53 UTC 2021 - Matej Cepl <mcepl@suse.com>
- Update to 1.10.1:
- Fix bug on LogoutRequest class, get_idp_slo_response_url was
used instead get_idp_slo_url
- Added custom lxml parser based on the one defined at
xmldefused. Parser will ignore comments and processing
instructions and by default have deactivated huge_tree, DTD
and access to external documents
- Destination URL Comparison is now case-insensitive for netloc
- Support single-label-domains as valid. New security parameter
allowSingleLabelDomains
- Added get_idp_sso_url, get_idp_slo_url and
get_idp_slo_response_url methods to the Settings class and
use it in the toolkit
- #212 Overridability enhancements. Made classes overridable by
subclassing. Use of classmethods instead staticmethods
- Add get_friendlyname_attributes support
- Remove external lib method get_ext_lib_path. Add
set_cert_path in order to allow set the cert path in a
different folder than the toolkit
- Add sha256 instead sha1 algorithm for sign/digest as
recommended value on documentation and settings
- #178 Support for adding idp.crt from filesystem
- Add samlUserdata to demo-flask session
- Fix autoreloading in demo-tornado
- Remove bug-testDecryptElement.patch, which has been included
upstream.
-------------------------------------------------------------------
Fri Mar 20 10:36:31 UTC 2020 - pgajdos@suse.com
- version update to 1.9.0
* Allow any number of decimal places for seconds on SAML datetimes
* Fix failOnAuthnContextMismatch code
* Improve signature validation when no reference uri
* Update demo versions. Improve them and add Tornado demo.
-------------------------------------------------------------------
Mon Jul 22 13:05:59 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.7.0:
* Adjusted acs endpoint to extract NameQualifier and SPNameQualifier from
SAMLResponse.
* Adjusted single logout service to provide NameQualifier and SPNameQualifier
to logout method.
* Add getNameIdNameQualifier to Auth and SamlResponse.
* Extend logout method from Auth and LogoutRequest constructor to support.
* Added get_in_response_to method to Response and LogoutResponse classes
* Update defusexml dependency
-------------------------------------------------------------------
Wed Apr 10 16:35:14 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
- Add explicit dependency on libxmlsec1-openssl1, recommended
by dependency python-xmlsec so this package may be used without
needing to select a libxmlsec backend
- Activate test suite, adding bug-testDecryptElement.patch to
workaround a test failure, and remove bcond test
- Build for Python 2, as support has been added upstream
- Remove unnecessary build dependency on python-devel
- Use %license
- Remove live dependency_links and remove == pins from setup.py,
so installed egg-info isnt broken
- Update to v1.6.0
* Add support for Subjects on AuthNRequests by the new
name_id_value_req parameter
* Fix for SLO when XML specifies encoding
* Fixed setting NameFormat attribute for AttributeValue tags
- from v1.5.0
* Security improvements. Use of tagid to prevent XPath injection
Disable DTD on fromstring defusedxml method
* Check that the response has all of the AuthnContexts provided
* Adapt renders from Django demo for Django 1.11 version
* If debug enable, print reason for the SAMLResponse invalidation
* Fix DSA constant
* Support NameID children inside of AttributeValue elements
- from v1.4.1
* Add ID to EntityDescriptor before sign it on add_sign method
* Update defusedxml dependencies
* Update copyright and license reference
- from 1.4.0
* Fix CVE-2017-11427. Process text of nodes properly, ignoring comments
* Improve how fingerprint is calcultated
* Fix issue with LogoutRequest rejected by ADFS due NameID with
unspecified format instead no format attribute
* Fix signature position in the SP metadata
* Preserve xmlns:xs namespace when signing and serializing responses
* Redefine NSMAP constant
* Updated Django demo (Django 1.11)
-------------------------------------------------------------------
Wed Oct 25 16:22:46 UTC 2017 - sean.marlow@suse.com
- Intial package. v1.3.0
