Hello community,
here is the log from the commit of package python-itsdangerous for
openSUSE:Factory checked in at 2014-07-19 08:16:30
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-itsdangerous (Old)
and /work/SRC/openSUSE:Factory/.python-itsdangerous.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-itsdangerous"
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-itsdangerous/python-itsdangerous.changes
2013-09-25 14:37:49.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.python-itsdangerous.new/python-itsdangerous.changes
2014-07-19 08:16:34.000000000 +0200
@@ -1,0 +2,8 @@
+Fri Jul 18 15:08:08 UTC 2014 - [email protected]
+
+- Update to 0.24
+ - Added a `BadHeader` exception that is used for bad headers
+ that replaces the old `BadPayload` exception that was reused
+ in those cases.
+
+-------------------------------------------------------------------
Old:
----
itsdangerous-0.23.tar.gz
New:
----
itsdangerous-0.24.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-itsdangerous.spec ++++++
--- /var/tmp/diff_new_pack.x5LWgA/_old 2014-07-19 08:16:35.000000000 +0200
+++ /var/tmp/diff_new_pack.x5LWgA/_new 2014-07-19 08:16:35.000000000 +0200
@@ -1,7 +1,7 @@
#
# spec file for package python-itsdangerous
#
-# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,7 +16,7 @@
Name: python-itsdangerous
-Version: 0.23
+Version: 0.24
Release: 0
License: BSD-3-Clause
Summary: Various helpers to pass trusted data to untrusted environments
and back
++++++ itsdangerous-0.23.tar.gz -> itsdangerous-0.24.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-0.23/CHANGES
new/itsdangerous-0.24/CHANGES
--- old/itsdangerous-0.23/CHANGES 2013-08-08 19:09:23.000000000 +0200
+++ new/itsdangerous-0.24/CHANGES 2013-08-09 13:58:26.000000000 +0200
@@ -1,6 +1,13 @@
It's Dangerous Changelog
------------------------
+Version 0.24
+~~~~~~~~~~~~
+
+- Added a `BadHeader` exception that is used for bad headers
+ that replaces the old `BadPayload` exception that was reused
+ in those cases.
+
Version 0.23
~~~~~~~~~~~~
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-0.23/PKG-INFO
new/itsdangerous-0.24/PKG-INFO
--- old/itsdangerous-0.23/PKG-INFO 2013-08-08 19:10:19.000000000 +0200
+++ new/itsdangerous-0.24/PKG-INFO 2014-03-28 12:09:25.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.0
Name: itsdangerous
-Version: 0.23
+Version: 0.24
Summary: Various helpers to pass trusted data to untrusted environments and
back.
Home-page: http://github.com/mitsuhiko/itsdangerous
Author: Armin Ronacher
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-0.23/docs/index.rst
new/itsdangerous-0.24/docs/index.rst
--- old/itsdangerous-0.23/docs/index.rst 2013-06-02 23:17:26.000000000
+0200
+++ new/itsdangerous-0.24/docs/index.rst 2013-08-09 13:48:28.000000000
+0200
@@ -296,6 +296,9 @@
.. autoexception:: SignatureExpired
:members:
+.. autoexception:: BadHeader
+ :members:
+
.. autoexception:: BadPayload
:members:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-0.23/itsdangerous.egg-info/PKG-INFO
new/itsdangerous-0.24/itsdangerous.egg-info/PKG-INFO
--- old/itsdangerous-0.23/itsdangerous.egg-info/PKG-INFO 2013-08-08
19:10:19.000000000 +0200
+++ new/itsdangerous-0.24/itsdangerous.egg-info/PKG-INFO 2014-03-28
12:09:24.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 1.0
Name: itsdangerous
-Version: 0.23
+Version: 0.24
Summary: Various helpers to pass trusted data to untrusted environments and
back.
Home-page: http://github.com/mitsuhiko/itsdangerous
Author: Armin Ronacher
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-0.23/itsdangerous.py
new/itsdangerous-0.24/itsdangerous.py
--- old/itsdangerous-0.23/itsdangerous.py 2013-07-03 12:02:39.000000000
+0200
+++ new/itsdangerous-0.24/itsdangerous.py 2014-03-28 12:08:46.000000000
+0100
@@ -6,7 +6,7 @@
A module that implements various functions to deal with untrusted
sources. Mainly useful for web applications.
- :copyright: (c) 2011 by Armin Ronacher and the Django Software Foundation.
+ :copyright: (c) 2014 by Armin Ronacher and the Django Software Foundation.
:license: BSD, see LICENSE for more details.
"""
@@ -124,6 +124,10 @@
that. The original exception that caused that will be stored on the
exception as :attr:`original_error`.
+ This can also happen with a :class:`JSONWebSignatureSerializer` that
+ is subclassed and uses a different serializer for the payload than
+ the expected one.
+
.. versionadded:: 0.15
"""
@@ -166,6 +170,27 @@
self.date_signed = date_signed
+class BadHeader(BadSignature):
+ """Raised if a signed header is invalid in some form. This only
+ happens for serializers that have a header that goes with the
+ signature.
+
+ .. versionadded:: 0.24
+ """
+
+ def __init__(self, message, payload=None, header=None,
+ original_error=None):
+ BadSignature.__init__(self, message, payload)
+
+ #: If the header is actually available but just malformed it
+ #: might be stored here.
+ self.header = header
+
+ #: If available, the error that indicates why the payload
+ #: was not valid. This might be `None`.
+ self.original_error = original_error
+
+
class SignatureExpired(BadTimeSignature):
"""Signature timestamp is older than required max_age. This is a
subclass of :exc:`BadTimeSignature` so you can use the baseclass for
@@ -330,7 +355,10 @@
def verify_signature(self, value, sig):
"""Verifies the signature for the given value."""
key = self.derive_key()
- sig = base64_decode(sig)
+ try:
+ sig = base64_decode(sig)
+ except Exception:
+ return False
return self.algorithm.verify_signature(key, value, sig)
def unsign(self, signed_value):
@@ -511,7 +539,7 @@
return serializer.loads(payload)
except Exception as e:
raise BadPayload('Could not load the payload because an '
- 'exception ocurred on unserializing the data',
+ 'exception occurred on unserializing the data',
original_error=e)
def dump_payload(self, obj):
@@ -657,14 +685,23 @@
base64d_header, base64d_payload = payload.split(b'.', 1)
try:
json_header = base64_decode(base64d_header)
+ except Exception as e:
+ raise BadHeader('Could not base64 decode the header because of '
+ 'an exception', original_error=e)
+ try:
json_payload = base64_decode(base64d_payload)
except Exception as e:
raise BadPayload('Could not base64 decode the payload because of '
'an exception', original_error=e)
- header = Serializer.load_payload(self, json_header,
- serializer=json)
+ try:
+ header = Serializer.load_payload(self, json_header,
+ serializer=json)
+ except BadData as e:
+ raise BadHeader('Could not unserialize header because it was '
+ 'malformed', original_error=e)
if not isinstance(header, dict):
- raise BadPayload('Header payload is not a JSON object')
+ raise BadHeader('Header payload is not a JSON object',
+ header=header)
payload = Serializer.load_payload(self, json_payload)
if return_header:
return payload, header
@@ -712,7 +749,8 @@
self.make_signer(salt, self.algorithm).unsign(want_bytes(s)),
return_header=True)
if header.get('alg') != self.algorithm_name:
- raise BadSignature('Algorithm mismatch')
+ raise BadHeader('Algorithm mismatch', header=header,
+ payload=payload)
if return_header:
return payload, header
return payload
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/itsdangerous-0.23/setup.py
new/itsdangerous-0.24/setup.py
--- old/itsdangerous-0.23/setup.py 2013-08-08 19:07:45.000000000 +0200
+++ new/itsdangerous-0.24/setup.py 2014-03-28 12:09:09.000000000 +0100
@@ -8,7 +8,7 @@
name='itsdangerous',
author='Armin Ronacher',
author_email='[email protected]',
- version='0.23',
+ version='0.24',
url='http://github.com/mitsuhiko/itsdangerous',
py_modules=['itsdangerous'],
description='Various helpers to pass trusted data to '
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
