Hello community, here is the log from the commit of package python-PyJWT for openSUSE:Factory checked in at 2017-11-08 15:10:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-PyJWT (Old) and /work/SRC/openSUSE:Factory/.python-PyJWT.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-PyJWT" Wed Nov 8 15:10:12 2017 rev:12 rq:538776 version:1.5.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-PyJWT/python-PyJWT.changes 2017-08-22 11:10:33.432529935 +0200 +++ /work/SRC/openSUSE:Factory/.python-PyJWT.new/python-PyJWT.changes 2017-11-08 15:10:35.349050297 +0100 @@ -1,0 +2,13 @@ +Thu Nov 2 02:05:49 UTC 2017 - [email protected] + +- update to version 1.5.3: + * Changed + + Increase required version of the cryptography package to + >=1.4.0. + * Fixed + + Remove uses of deprecated functions from the cryptography + package. + + Warn about missing algorithms param to decode() only when verify + param is True #281 + +------------------------------------------------------------------- Old: ---- PyJWT-1.5.2.tar.gz New: ---- PyJWT-1.5.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-PyJWT.spec ++++++ --- /var/tmp/diff_new_pack.t67Y0O/_old 2017-11-08 15:10:36.041025035 +0100 +++ /var/tmp/diff_new_pack.t67Y0O/_new 2017-11-08 15:10:36.045024889 +0100 @@ -18,7 +18,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-PyJWT -Version: 1.5.2 +Version: 1.5.3 Release: 0 Summary: JSON Web Token implementation in Python License: MIT ++++++ PyJWT-1.5.2.tar.gz -> PyJWT-1.5.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/CHANGELOG.md new/PyJWT-1.5.3/CHANGELOG.md --- old/PyJWT-1.5.2/CHANGELOG.md 2017-06-22 18:30:51.000000000 +0200 +++ new/PyJWT-1.5.3/CHANGELOG.md 2017-09-05 20:15:26.000000000 +0200 @@ -10,6 +10,17 @@ ### Fixed ### Added +[v1.5.3][1.5.3] +------------------------------------------------------------------------- +### Changed + +- Increase required version of the cryptography package to >=1.4.0. + +### Fixed + +- Remove uses of deprecated functions from the cryptography package. +- Warn about missing `algorithms` param to `decode()` only when `verify` param is `True` [#281][281] + [v1.5.2][1.5.2] ------------------------------------------------------------------------- ### Fixed @@ -151,6 +162,7 @@ [1.5.0]: https://github.com/jpadilla/pyjwt/compare/1.4.2...1.5.0 [1.5.1]: https://github.com/jpadilla/pyjwt/compare/1.5.0...1.5.1 [1.5.2]: https://github.com/jpadilla/pyjwt/compare/1.5.1...1.5.2 +[1.5.3]: https://github.com/jpadilla/pyjwt/compare/1.5.2...1.5.3 [109]: https://github.com/jpadilla/pyjwt/pull/109 [110]: https://github.com/jpadilla/pyjwt/pull/110 @@ -185,4 +197,5 @@ [270]: https://github.com/jpadilla/pyjwt/pull/270 [271]: https://github.com/jpadilla/pyjwt/pull/271 [277]: https://github.com/jpadilla/pyjwt/pull/277 +[281]: https://github.com/jpadilla/pyjwt/pull/281 [7c1e61d]: https://github.com/jpadilla/pyjwt/commit/7c1e61dde27bafe16e7d1bb6e35199e778962742 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/PKG-INFO new/PyJWT-1.5.3/PKG-INFO --- old/PyJWT-1.5.2/PKG-INFO 2017-06-22 18:31:23.000000000 +0200 +++ new/PyJWT-1.5.3/PKG-INFO 2017-09-05 20:21:32.000000000 +0200 @@ -1,11 +1,12 @@ Metadata-Version: 1.1 Name: PyJWT -Version: 1.5.2 +Version: 1.5.3 Summary: JSON Web Token implementation in Python Home-page: http://github.com/jpadilla/pyjwt Author: Jose Padilla Author-email: [email protected] License: MIT +Description-Content-Type: UNKNOWN Description: PyJWT ===== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/PyJWT.egg-info/PKG-INFO new/PyJWT-1.5.3/PyJWT.egg-info/PKG-INFO --- old/PyJWT-1.5.2/PyJWT.egg-info/PKG-INFO 2017-06-22 18:31:23.000000000 +0200 +++ new/PyJWT-1.5.3/PyJWT.egg-info/PKG-INFO 2017-09-05 20:21:32.000000000 +0200 @@ -1,11 +1,12 @@ Metadata-Version: 1.1 Name: PyJWT -Version: 1.5.2 +Version: 1.5.3 Summary: JSON Web Token implementation in Python Home-page: http://github.com/jpadilla/pyjwt Author: Jose Padilla Author-email: [email protected] License: MIT +Description-Content-Type: UNKNOWN Description: PyJWT ===== diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/PyJWT.egg-info/requires.txt new/PyJWT-1.5.3/PyJWT.egg-info/requires.txt --- old/PyJWT-1.5.2/PyJWT.egg-info/requires.txt 2017-06-22 18:31:23.000000000 +0200 +++ new/PyJWT-1.5.3/PyJWT.egg-info/requires.txt 2017-09-05 20:21:32.000000000 +0200 @@ -1,6 +1,6 @@ [crypto] -cryptography >= 1.0 +cryptography>=1.4 [flake8] flake8 @@ -8,6 +8,6 @@ pep8-naming [test] -pytest >3,<4 +pytest<4,>3 pytest-cov pytest-runner diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/jwt/__init__.py new/PyJWT-1.5.3/jwt/__init__.py --- old/PyJWT-1.5.2/jwt/__init__.py 2017-06-22 18:27:11.000000000 +0200 +++ new/PyJWT-1.5.3/jwt/__init__.py 2017-09-05 20:15:42.000000000 +0200 @@ -10,7 +10,7 @@ __title__ = 'pyjwt' -__version__ = '1.5.2' +__version__ = '1.5.3' __author__ = 'José Padilla' __license__ = 'MIT' __copyright__ = 'Copyright 2015 José Padilla' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/jwt/algorithms.py new/PyJWT-1.5.3/jwt/algorithms.py --- old/PyJWT-1.5.2/jwt/algorithms.py 2017-06-22 15:59:24.000000000 +0200 +++ new/PyJWT-1.5.3/jwt/algorithms.py 2017-09-05 20:14:00.000000000 +0200 @@ -231,7 +231,7 @@ 'qi': force_unicode(to_base64url_uint(numbers.iqmp)) } - elif getattr(key_obj, 'verifier', None): + elif getattr(key_obj, 'verify', None): # Public key numbers = key_obj.public_numbers() @@ -310,25 +310,11 @@ raise InvalidKeyError('Not a public or private key') def sign(self, msg, key): - signer = key.signer( - padding.PKCS1v15(), - self.hash_alg() - ) - - signer.update(msg) - return signer.finalize() + return key.sign(msg, padding.PKCS1v15(), self.hash_alg()) def verify(self, msg, key, sig): - verifier = key.verifier( - sig, - padding.PKCS1v15(), - self.hash_alg() - ) - - verifier.update(msg) - try: - verifier.verify() + key.verify(sig, msg, padding.PKCS1v15(), self.hash_alg()) return True except InvalidSignature: return False @@ -370,10 +356,7 @@ return key def sign(self, msg, key): - signer = key.signer(ec.ECDSA(self.hash_alg())) - - signer.update(msg) - der_sig = signer.finalize() + der_sig = key.sign(msg, ec.ECDSA(self.hash_alg())) return der_to_raw_signature(der_sig, key.curve) @@ -383,12 +366,8 @@ except ValueError: return False - verifier = key.verifier(der_sig, ec.ECDSA(self.hash_alg())) - - verifier.update(msg) - try: - verifier.verify() + key.verify(der_sig, msg, ec.ECDSA(self.hash_alg())) return True except InvalidSignature: return False @@ -399,7 +378,8 @@ """ def sign(self, msg, key): - signer = key.signer( + return key.sign( + msg, padding.PSS( mgf=padding.MGF1(self.hash_alg()), salt_length=self.hash_alg.digest_size @@ -407,23 +387,17 @@ self.hash_alg() ) - signer.update(msg) - return signer.finalize() - def verify(self, msg, key, sig): - verifier = key.verifier( - sig, - padding.PSS( - mgf=padding.MGF1(self.hash_alg()), - salt_length=self.hash_alg.digest_size - ), - self.hash_alg() - ) - - verifier.update(msg) - try: - verifier.verify() + key.verify( + sig, + msg, + padding.PSS( + mgf=padding.MGF1(self.hash_alg()), + salt_length=self.hash_alg.digest_size + ), + self.hash_alg() + ) return True except InvalidSignature: return False diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/jwt/api_jws.py new/PyJWT-1.5.3/jwt/api_jws.py --- old/PyJWT-1.5.2/jwt/api_jws.py 2017-06-22 15:59:24.000000000 +0200 +++ new/PyJWT-1.5.3/jwt/api_jws.py 2017-09-05 20:14:00.000000000 +0200 @@ -118,7 +118,10 @@ def decode(self, jws, key='', verify=True, algorithms=None, options=None, **kwargs): - if not algorithms: + merged_options = merge_dict(self.options, options) + verify_signature = merged_options['verify_signature'] + + if verify_signature and not algorithms: warnings.warn( 'It is strongly recommended that you pass in a ' + 'value for the "algorithms" argument when calling decode(). ' + @@ -128,15 +131,13 @@ payload, signing_input, header, signature = self._load(jws) - if verify: - merged_options = merge_dict(self.options, options) - if merged_options.get('verify_signature'): - self._verify_signature(payload, signing_input, header, signature, - key, algorithms) - else: + if not verify: warnings.warn('The verify parameter is deprecated. ' 'Please use verify_signature in options instead.', DeprecationWarning, stacklevel=2) + elif verify_signature: + self._verify_signature(payload, signing_input, header, signature, + key, algorithms) return payload diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/jwt/api_jwt.py new/PyJWT-1.5.3/jwt/api_jwt.py --- old/PyJWT-1.5.2/jwt/api_jwt.py 2017-06-22 18:27:22.000000000 +0200 +++ new/PyJWT-1.5.3/jwt/api_jwt.py 2017-09-05 20:14:00.000000000 +0200 @@ -59,7 +59,7 @@ def decode(self, jwt, key='', verify=True, algorithms=None, options=None, **kwargs): - if not algorithms: + if verify and not algorithms: warnings.warn( 'It is strongly recommended that you pass in a ' + 'value for the "algorithms" argument when calling decode(). ' + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/setup.cfg new/PyJWT-1.5.3/setup.cfg --- old/PyJWT-1.5.2/setup.cfg 2017-06-22 18:31:23.000000000 +0200 +++ new/PyJWT-1.5.3/setup.cfg 2017-09-05 20:21:32.000000000 +0200 @@ -16,5 +16,4 @@ [egg_info] tag_build = tag_date = 0 -tag_svn_revision = 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/setup.py new/PyJWT-1.5.3/setup.py --- old/PyJWT-1.5.2/setup.py 2017-05-18 04:08:12.000000000 +0200 +++ new/PyJWT-1.5.3/setup.py 2017-09-05 20:19:52.000000000 +0200 @@ -22,8 +22,11 @@ long_description = readme.read() if sys.argv[-1] == 'publish': - os.system('python setup.py sdist upload') - os.system('python setup.py bdist_wheel upload') + if os.system("pip freeze | grep twine"): + print("twine not installed.\nUse `pip install twine`.\nExiting.") + sys.exit() + os.system("python setup.py sdist bdist_wheel") + os.system("twine upload dist/*") print('You probably want to also tag the version now:') print(" git tag -a {0} -m 'version {0}'".format(version)) print(' git push --tags') @@ -70,7 +73,7 @@ tests_require=tests_require, extras_require=dict( test=tests_require, - crypto=['cryptography >= 1.0'], + crypto=['cryptography >= 1.4'], flake8=[ 'flake8', 'flake8-import-order', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/tests/test_api_jws.py new/PyJWT-1.5.3/tests/test_api_jws.py --- old/PyJWT-1.5.2/tests/test_api_jws.py 2017-06-22 15:59:24.000000000 +0200 +++ new/PyJWT-1.5.3/tests/test_api_jws.py 2017-09-05 20:14:00.000000000 +0200 @@ -275,6 +275,24 @@ pytest.deprecated_call(jws.decode, example_jws, key=example_secret) + def test_decode_no_algorithms_verify_signature_false(self, jws): + example_secret = 'secret' + example_jws = ( + b'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.' + b'aGVsbG8gd29ybGQ.' + b'SIr03zM64awWRdPrAM_61QWsZchAtgDV3pphfHPPWkI' + ) + + try: + pytest.deprecated_call( + jws.decode, example_jws, key=example_secret, + options={'verify_signature': False}, + ) + except AssertionError: + pass + else: + assert False, "Unexpected DeprecationWarning raised." + def test_load_no_verification(self, jws, payload): right_secret = 'foo' jws_message = jws.encode(payload, right_secret) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/PyJWT-1.5.2/tests/test_api_jwt.py new/PyJWT-1.5.3/tests/test_api_jwt.py --- old/PyJWT-1.5.2/tests/test_api_jwt.py 2017-06-22 15:59:24.000000000 +0200 +++ new/PyJWT-1.5.3/tests/test_api_jwt.py 2017-09-05 20:14:00.000000000 +0200 @@ -482,3 +482,16 @@ jwt_message, secret ) + + def test_decode_no_algorithms_verify_false(self, jwt, payload): + secret = 'secret' + jwt_message = jwt.encode(payload, secret) + + try: + pytest.deprecated_call( + jwt.decode, jwt_message, secret, verify=False, + ) + except AssertionError: + pass + else: + assert False, "Unexpected DeprecationWarning raised."
