Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-Flask-Security-Too for openSUSE:Factory checked in at 2024-06-03 17:41:31
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Flask-Security-Too (Old)
and /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.24587 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Flask-Security-Too"
Mon Jun 3 17:41:31 2024 rev:23 rq:1177933 version:5.4.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-Flask-Security-Too/python-Flask-Security-Too.changes 2024-02-13 22:42:25.864377645 +0100
+++ /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.24587/python-Flask-Security-Too.changes 2024-06-03 17:41:40.323052730 +0200
@@ -1,0 +2,75 @@
+Fri May 31 12:12:17 UTC 2024 - Antonio Larrosa
+
+- Update to 5.4.3:
+ + Fixes
+ * Regression - some templates no longer getting correct config
+ * CSRF not properly ignored for application forms using
+ :py SECURITY_CSRF_PROTECT_MECHANISMS.
+ * Improve jp translations
+ * Regression - datetime_factory should still be an attribute
+ * :py SECURITY_RETURN_GENERIC_RESPONSES hide email
+ validation/syntax errors.
+
+- Update to 5.4.2:
+ + Fixes
+ * OpenAPI spec missing.
+ * Doc fixes
+ * Update ES/IT translations
+
+- Update to 5.4.0 & 5.4.1:
+ + Features and improvements:
+ * Work with Flask[async]. view decorators and signals support
+ async handlers.
+ * CI support for python 3.12
+ * Work with py_webauthn 2.0 (and only 2.0+)
+ * Improve (and simplify) Two-Factor setup. See below for
+ backwards compatability issues and new functionality.
+ * Improve oauth debugging support. Handle next propagation in a
+ more general way.
+ * Make AnonymousUser (Flask-Login) optional and deprecated.
+ * Remove undocumented and untested looking in session for
+ possible 'next' redirect location.
+ * No longer rely on Flask-Login.unauthorized callback. See
+ below for implications.
+ * Changes to default unauthorized handler - remove use of
+ referrer header (see below) and document precise behavior.
+ * The authentication_token format has changed - adding
+ per-token expiry time and future session ID. Old tokens are
+ still accepted.
+ + Docs and Chores
+ * Improve method translations for unified signin and two
+ factor. Remove support for Flask-Babelex.
+ * Chore - stop setting all config as attributes.
+ init_app(**kwargs) can only set forms, flags, and utility
+ classes (see below for compatibility concerns).
+ * Update Spanish and Italian translations.
+ * Improve translations for two-factor method selection.
+ * Improve German translations.
+ * Remove deprecation of AUTO_LOGIN_AFTER_CONFIRM - it has a
+ reasonable use case.
+ * Update message extraction - note that the
+ CONFIRM_REGISTRATION message was changed to improve
+ readability.
+ + Fixes
+ * us-signin magic link should use fs_uniquifier (not email).
+ * Improve open-redirect vulnerability mitigation. (see below)
+ * user_datastore.create_user has side effects on mutable
+ inputs. (NoRePercussions)
+ * The long deprecated _unauthorized_callback/handler has been
+ removed.
+ * Oauth re-used POST_LOGIN_VIEW which caused confusion. See
+ below for the new configuration and implications.
+ * Improve CSRF documentation and testing. Fix bug where a CSRF
+ failure could return an HTML page even if the request was
+ JSON.
+ * Register with JSON and authentication token failed CSRF.
+ * Fix 2 issues with CSRF configuration.
+ * It was possible that if SECURITY_EMAIL_VALIDATOR_ARGS were
+ set that deliverability would be checked even for login.
+ + Backwards Compatibility Concerns
+ Please read the full changelog at
+ https://github.com/Flask-Middleware/flask-security/blob/master/CHANGES.rst#v...
+- Drop patch that's already included by upstream:
+ * support-python-312.patch
+
+-------------------------------------------------------------------
Old:
----
Flask-Security-Too-5.3.3.tar.gz
support-python-312.patch
New:
----
Flask-Security-Too-5.4.3.tar.gz
BETA DEBUG BEGIN:
Old:- Drop patch that's already included by upstream:
* support-python-312.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-Flask-Security-Too.spec ++++++
--- /var/tmp/diff_new_pack.umikXE/_old 2024-06-03 17:41:41.055080567 +0200
+++ /var/tmp/diff_new_pack.umikXE/_new 2024-06-03 17:41:41.055080567 +0200
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-Flask-Security-Too
-Version: 5.3.3
+Version: 5.4.3
Release: 0
Summary: Security for Flask apps
License: MIT
@@ -27,8 +27,6 @@
Patch0: no-mongodb.patch
# PATCH-FIX-OPENSUSE Use pyqrcodeng, we do not ship qrcode in OpenSUSE.
Patch1: use-pyqrcodeng.patch
-# PATCH-FIX-UPSTREAM Based on gh#Flask-Middleware/flask-security#900
-Patch2: support-python-312.patch
BuildRequires: %{python_module Authlib}
BuildRequires: %{python_module Babel >= 2.10.0}
BuildRequires: %{python_module Flask >= 2.3.2}
@@ -37,7 +35,7 @@
BuildRequires: %{python_module Flask-Mailman >= 0.3.0}
BuildRequires: %{python_module Flask-Principal >= 0.4.0}
BuildRequires: %{python_module Flask-SQLAlchemy >= 3.0.3}
-BuildRequires: %{python_module Flask-WTF >= 1.1.1}
+BuildRequires: %{python_module Flask-WTF >= 1.1.2}
BuildRequires: %{python_module MarkupSafe >= 2.1.0}
BuildRequires: %{python_module PyQRCode >= 1.2}
BuildRequires: %{python_module SQLAlchemy}
@@ -49,8 +47,8 @@
BuildRequires: %{python_module bleach >= 6.0.0}
BuildRequires: %{python_module cachetools >= 3.1.0}
BuildRequires: %{python_module cryptography >= 40.0.2}
-BuildRequires: %{python_module dateutil}
BuildRequires: %{python_module email-validator >= 2.0}
+BuildRequires: %{python_module freezegun}
BuildRequires: %{python_module importlib_resources >= 5.10.0}
BuildRequires: %{python_module itsdangerous >= 1.1.0}
BuildRequires: %{python_module passlib >= 1.7.4}
@@ -61,6 +59,7 @@
BuildRequires: %{python_module pytest >= 6.2.5}
BuildRequires: %{python_module requests}
BuildRequires: %{python_module setuptools}
+BuildRequires: %{python_module webauthn >= 2.0.0}
BuildRequires: %{python_module wheel}
BuildRequires: %{python_module zxcvbn >= 4.4.28}
BuildRequires: fdupes
@@ -69,7 +68,7 @@
Requires: python-Flask-Babel >= 3.1.0
Requires: python-Flask-Login >= 0.6.2
Requires: python-Flask-Principal >= 0.4.0
-Requires: python-Flask-WTF >= 1.1.1
+Requires: python-Flask-WTF >= 1.1.2
Requires: python-MarkupSafe >= 2.1.0
Requires: python-WTForms >= 3.0.0
Requires: python-Werkzeug >= 2.3.3
@@ -80,6 +79,7 @@
Requires: python-importlib_resources >= 5.10.0
Requires: python-itsdangerous >= 1.1.0
Requires: python-passlib >= 1.7.4
+Requires: python-webauthn >= 2.0.0
Recommends: python-PyQRCode >= 1.2
Recommends: python-SQLAlchemy
Recommends: python-zxcvbn >= 4.4.28
++++++ Flask-Security-Too-5.3.3.tar.gz -> Flask-Security-Too-5.4.3.tar.gz ++++++
++++ 34550 lines of diff (skipped)