File python-pysaml2.changes of Package python-pysaml2

-------------------------------------------------------------------
Thu Jun 17 16:46:44 UTC 2021 - Johannes Grassler <johannes.grassler@suse.com>

- Add %dir declaration for %{_licensedir}

-------------------------------------------------------------------
Tue Apr 27 11:47:07 UTC 2021 - Jan Zerebecki <jzerebecki@suse.com>

- Fix CVE-2021-21238, bsc#1181277 with
  0004-Strengthen-XSW-tests.patch ,
  0005-Fix-the-parser-to-not-break-on-ePTID-AttributeValues.patch ,
  0006-Add-xsd-schemas.patch ,
  0007-Fix-CVE-2021-21238-SAML-XML-Signature-wrapping.patch .
  This adds a dependency on python-xmlschema, which depends on
  python-elementpath and build depends python-pathlib2, which depends on
  python-scandir, thus all these need to be added for this to work.
  The used python-xmlschema needs to support the sandbox argument
  which was added in 1.2.0 and refined in 1.2.1, but that version
  doesn't support python2, so a patched version that does both is
  needed.
  0009-Make-previous-commits-python2-compatible.patch to
  not add a dependency on reportlib_resources and make other
  changes python2 compatible.
- Fix CVE-2021-21239, bsc#1181278 with
  0008-Fix-CVE-2021-21239-Restrict-the-key-data-that-xmlsec.patch

-------------------------------------------------------------------
Tue Jun  9 21:41:55 UTC 2020 - Guang Yee <gyee@suse.com>

- Add 0001-Always-generate-a-random-IV-for-AES-operations.patch
  (CVE-2017-1000246, bsc#1068612)

-------------------------------------------------------------------
Tue Jun  2 23:38:17 UTC 2020 - Guang Yee <gyee@suse.com>

- Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch
  (CVE-2020-5390, bsc#1160851)

-------------------------------------------------------------------
Tue Sep 17 16:56:20 UTC 2019 - kwu@suse.com

- Added fix-xxe-in-xml-parsing.patch (CVE-2016-10127, bsc#1019074)

-------------------------------------------------------------------
Thu Mar 29 12:38:58 CEST 2018 - jsuchome@suse.com

- Added
  quick-fix-for-the-authentication-bypass-due-to-optimizations.patch
  (CVE-2017-1000433, bsc#1074662)

-------------------------------------------------------------------
Wed Mar 22 14:49:53 UTC 2017 - tbechtold@suse.com

- Add missing Requires for python-pycrypto

-------------------------------------------------------------------
Thu Jan 12 21:39:13 UTC 2017 - dmueller@suse.com

- update to 4.0.2

-------------------------------------------------------------------
Tue Nov 22 15:18:26 UTC 2016 - dmueller@suse.com

- fix requires

-------------------------------------------------------------------
Fri Feb 26 13:14:29 UTC 2016 - tbechtold@suse.com

- Require python-python-dateutil. package was renamed

-------------------------------------------------------------------
Tue Oct 13 21:31:03 UTC 2015 - dmueller@suse.com

- add pycrypto/pyOpenSSL dependency 

-------------------------------------------------------------------
Tue Sep  1 07:17:52 UTC 2015 - tbechtold@suse.com

- Move python-repoze.who from Recommends to Requires. It's needed.

-------------------------------------------------------------------
Thu Jul 30 19:30:53 UTC 2015 - tbechtold@suse.com

- Add missing Requires

-------------------------------------------------------------------
Thu Jul 16 15:40:39 UTC 2015 - seife+obs@b1-systems.com

- fix build on non-SUSE distributions whose rpm does not know
  "Recommends"

-------------------------------------------------------------------
Wed Jun 10 08:48:46 UTC 2015 - dmueller@suse.com

- update to 2.4.0:
  * A couple of security fixes plus maintenance updates.

-------------------------------------------------------------------
Tue Oct 15 07:41:04 UTC 2013 - speilicke@suse.com

- Initial version