Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Flask-Security-Too for openSUSE:Factory checked in at 2022-02-28 19:43:29 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Flask-Security-Too (Old) and /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.1958 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Flask-Security-Too" Mon Feb 28 19:43:29 2022 rev:7 rq:957960 version:4.1.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Flask-Security-Too/python-Flask-Security-Too.changes 2021-07-08 22:49:35.347927275 +0200 +++ /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.1958/python-Flask-Security-Too.changes 2022-02-28 19:43:53.049948385 +0100 @@ -1,0 +2,33 @@ +Mon Feb 28 06:16:49 UTC 2022 - Steve Kowalik <steven.kowa...@suse.com> + +- Update to 4.1.2: + * default_reauthn_handler doesn't honor SECURITY_URL_PREFIX + * Add public API and CLI command to change a user's password. + * Add type hints. Please note that many of the packages that flask-security + * Add first-class support for using username for signing in. + * Possible open redirect vulnerability. + * Improve cookie handling and default ``samesite`` to ``Strict``. + * Email validation confusion - added documentation. + * Add documentation on how to override specific error messages. + * Don't install global-scope tests. + * Add Blinker as explicit dependency, improve/fix celery usage docs, + don't require pyqrcode unless authenticator configured, improve SMS + configuration variables documentation. + * Your UserModel must contain ``fs_uniquifier`` + * Removal of python 2.7 and <3.6 support + * Remove two-factor `/tf-confirm` endpoint and use generic `freshness` + mechanism. + * Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In + addition to not making sense - the documentation has never been correct. + * Add 2FA Validity Window so an application can configure how often the + second factor has to be entered. + * Add HTML5 Email input types to email fields. +- Refresh no-mongodb.patch +- Drop patches: + * no-setup-dependencies.patch + * fix-dependencies.patch + * 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch +- Add patch use-pyqrcodeng.patch: + * Use pyqrcodeng rather than pyqrcode. + +------------------------------------------------------------------- Old: ---- 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch Flask-Security-Too-3.4.5.tar.gz fix-dependencies.patch no-setup-dependencies.patch New: ---- Flask-Security-Too-4.1.2.tar.gz use-pyqrcodeng.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Flask-Security-Too.spec ++++++ --- /var/tmp/diff_new_pack.CsiKKI/_old 2022-02-28 19:43:54.041948757 +0100 +++ /var/tmp/diff_new_pack.CsiKKI/_new 2022-02-28 19:43:54.061948764 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-Flask-Security-Too # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,19 +19,17 @@ %define skip_python2 1 %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-Flask-Security-Too -Version: 3.4.5 +Version: 4.1.2 Release: 0 Summary: Security for Flask apps License: MIT URL: https://github.com/jwag956/flask-security Source: https://files.pythonhosted.org/packages/source/F/Flask-Security-Too/Flask-Security-Too-%{version}.tar.gz Patch0: no-mongodb.patch -Patch1: no-setup-dependencies.patch -Patch2: fix-dependencies.patch -Patch3: 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch +Patch1: use-pyqrcodeng.patch BuildRequires: %{python_module Babel >= 1.3} BuildRequires: %{python_module Flask >= 1.0.2} -BuildRequires: %{python_module Flask-BabelEx >= 0.9.3} +BuildRequires: %{python_module Flask-Babel} BuildRequires: %{python_module Flask-Login >= 0.4.1} BuildRequires: %{python_module Flask-Mail >= 0.9.1} BuildRequires: %{python_module Flask-Principal >= 0.4.0} @@ -42,6 +40,8 @@ BuildRequires: %{python_module Werkzeug >= 0.14.1} BuildRequires: %{python_module argon2_cffi >= 19.1.0} BuildRequires: %{python_module bcrypt >= 3.1.4} +BuildRequires: %{python_module bleach} +BuildRequires: %{python_module blinker >= 1.4} BuildRequires: %{python_module cachetools >= 3.1.0} BuildRequires: %{python_module cryptography >= 2.1.4} BuildRequires: %{python_module email_validator >= 1.0.5} @@ -56,13 +56,13 @@ BuildRequires: fdupes BuildRequires: python-rpm-macros Requires: python-Flask >= 1.0.2 -Requires: python-Flask-BabelEx >= 0.9.3 +Requires: python-Flask-Babel Requires: python-Flask-Login >= 0.4.1 -Requires: python-Flask-Mail >= 0.9.1 Requires: python-Flask-Principal >= 0.4.0 Requires: python-Flask-WTF >= 0.14.2 Requires: python-Werkzeug >= 0.14.1 Requires: python-bcrypt >= 3.1.4 +Requires: python-blinker >= 1.4 Requires: python-cryptography >= 2.1.4 Requires: python-email_validator >= 1.0.5 Requires: python-itsdangerous >= 1.1.0 @@ -84,9 +84,7 @@ based on the 3.0.0 version of the original. %prep -%setup -q -n Flask-Security-Too-%{version} -%autopatch -p1 -rm pytest.ini +%autosetup -p1 -n Flask-Security-Too-%{version} %if 0%{?suse_version} <= 1500 # test_trackable.py needs werkzeug.middleware.proxy_fix which is only available @@ -102,7 +100,7 @@ %python_expand %fdupes %{buildroot}%{$python_sitelib} %check -%pytest +%pytest -k 'not test_wtform_xlation' %files %{python_files} %doc AUTHORS CHANGES.rst README.rst ++++++ Flask-Security-Too-3.4.5.tar.gz -> Flask-Security-Too-4.1.2.tar.gz ++++++ ++++ 35048 lines of diff (skipped) ++++++ no-mongodb.patch ++++++ --- /var/tmp/diff_new_pack.CsiKKI/_old 2022-02-28 19:43:54.289948850 +0100 +++ /var/tmp/diff_new_pack.CsiKKI/_new 2022-02-28 19:43:54.301948854 +0100 @@ -1,8 +1,8 @@ -Index: Flask-Security-Too-3.4.5/tests/conftest.py +Index: Flask-Security-Too-4.1.2/tests/conftest.py =================================================================== ---- Flask-Security-Too-3.4.5.orig/tests/conftest.py -+++ Flask-Security-Too-3.4.5/tests/conftest.py -@@ -607,7 +607,7 @@ def client_nc(request, sqlalchemy_app): +--- Flask-Security-Too-4.1.2.orig/tests/conftest.py ++++ Flask-Security-Too-4.1.2/tests/conftest.py +@@ -683,7 +683,7 @@ def client_nc(request, sqlalchemy_app): return app.test_client(use_cookies=False) @@ -11,7 +11,7 @@ def clients(request, app, tmpdir, realdburl): if request.param == "cl-sqlalchemy": ds = sqlalchemy_setup(request, app, tmpdir, realdburl) -@@ -645,7 +645,7 @@ def get_message(app): +@@ -729,7 +729,7 @@ def get_message_local(app): @pytest.fixture( ++++++ use-pyqrcodeng.patch ++++++ Index: Flask-Security-Too-4.1.2/flask_security/core.py =================================================================== --- Flask-Security-Too-4.1.2.orig/flask_security/core.py +++ Flask-Security-Too-4.1.2/flask_security/core.py @@ -1411,7 +1411,7 @@ class Security: and "authenticator" in cv("TWO_FACTOR_ENABLED_METHODS", app=app) ) if need_qrcode: - self._check_modules("pyqrcode", "TWO_FACTOR or UNIFIED_SIGNIN") + self._check_modules("pyqrcodeng", "TWO_FACTOR or UNIFIED_SIGNIN") need_sms = ( cv("UNIFIED_SIGNIN", app=app) Index: Flask-Security-Too-4.1.2/flask_security/totp.py =================================================================== --- Flask-Security-Too-4.1.2.orig/flask_security/totp.py +++ Flask-Security-Too-4.1.2/flask_security/totp.py @@ -139,9 +139,9 @@ class Totp: .. versionadded:: 4.0.0 """ try: - import pyqrcode + import pyqrcodeng - code = pyqrcode.create(self.get_totp_uri(username, totp)) + code = pyqrcodeng.create(self.get_totp_uri(username, totp)) with io.BytesIO() as virtual_file: code.svg(file=virtual_file, scale=3) image_as_str = base64.b64encode(virtual_file.getvalue()).decode("ascii")