Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-Flask-Security-Too for
openSUSE:Factory checked in at 2022-10-03 15:59:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Flask-Security-Too (Old)
and /work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.2275 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Flask-Security-Too"
Mon Oct 3 15:59:29 2022 rev:12 rq:1007165 version:5.0.2
Changes:
--------
---
/work/SRC/openSUSE:Factory/python-Flask-Security-Too/python-Flask-Security-Too.changes
2022-09-08 14:24:04.398726976 +0200
+++
/work/SRC/openSUSE:Factory/.python-Flask-Security-Too.new.2275/python-Flask-Security-Too.changes
2022-10-03 15:59:30.490972210 +0200
@@ -1,0 +2,25 @@
+Fri Sep 30 06:52:16 UTC 2022 - Steve Kowalik <steven.kowa...@suse.com>
+
+- Upate to 5.0.2:
+ * Role permissions backwards compatibility bug.
+ * Fix Change Password regression.
+ * Support for WebAuthn.
+ * Support Two-factor recovery codes.
+ * Provide option to prevent user enumeration (i.e. Generic Responses).
+ * Support for Python 3.10.
+ * Support for Flask >= 2.2.
+ * Add custom HTML attributes to improve user experience.
+ * Make the required zxcvbn complexity score configurable.
+ * Get rid of Flask-Mail. Flask-Mailman is now the default preferred email
+ package.
+ * A delete option has been added to us-setup (form and view).
+ * Improve username support - the LoginForm now has a separate field for
+ username.
+ * Fix test and other failures with newer Flask-Login/Werkzeug versions.
+ * Fix test failures with newer Flask versions.
+- Drop patch endswith-assert.patch:
+ * Included upstream.
+- Rebase patches no-mongodb.patch and use-pyqrcodeng.patch
+- Update {Build,}Requires versions.
+
+-------------------------------------------------------------------
Old:
----
Flask-Security-Too-4.1.3.tar.gz
endswith-assert.patch
New:
----
Flask-Security-Too-5.0.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-Flask-Security-Too.spec ++++++
--- /var/tmp/diff_new_pack.5SYDBX/_old 2022-10-03 15:59:31.614974461 +0200
+++ /var/tmp/diff_new_pack.5SYDBX/_new 2022-10-03 15:59:31.622974477 +0200
@@ -19,41 +19,39 @@
%define skip_python2 1
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-Flask-Security-Too
-Version: 4.1.3
+Version: 5.0.2
Release: 0
Summary: Security for Flask apps
License: MIT
-URL: https://github.com/jwag956/flask-security
+URL: https://github.com/Flask-Middleware/flask-security
Source:
https://files.pythonhosted.org/packages/source/F/Flask-Security-Too/Flask-Security-Too-%{version}.tar.gz
Patch0: no-mongodb.patch
Patch1: use-pyqrcodeng.patch
-# PATCH-FIX-UPSTREAM endswith-assert.patch
gh#Flask-Middleware/flask-security#605 mc...@suse.com
-# don't test for euqality of response.headers['Location'], just for .endswith
-Patch2: endswith-assert.patch
-BuildRequires: %{python_module Babel >= 1.3}
+BuildRequires: %{python_module Babel >= 2.9.1}
BuildRequires: %{python_module Flask >= 1.1.1}
-BuildRequires: %{python_module Flask-Babel}
+BuildRequires: %{python_module Flask-Babel >= 2.0.0}
BuildRequires: %{python_module Flask-Login >= 0.4.1}
-BuildRequires: %{python_module Flask-Mail >= 0.9.1}
+BuildRequires: %{python_module Flask-Mailman >= 0.3.0}
BuildRequires: %{python_module Flask-Principal >= 0.4.0}
-BuildRequires: %{python_module Flask-SQLAlchemy >= 2.3}
+BuildRequires: %{python_module Flask-SQLAlchemy >= 2.5.1}
BuildRequires: %{python_module Flask-WTF >= 0.14.3}
BuildRequires: %{python_module PyQRCode >= 1.2}
-BuildRequires: %{python_module SQLAlchemy >= 1.2.6}
+BuildRequires: %{python_module SQLAlchemy >= 1.3.24}
BuildRequires: %{python_module WTForms-lang}
BuildRequires: %{python_module WTForms}
BuildRequires: %{python_module Werkzeug >= 0.14.1}
BuildRequires: %{python_module argon2_cffi >= 19.1.0}
BuildRequires: %{python_module bcrypt >= 3.1.4}
-BuildRequires: %{python_module bleach}
+BuildRequires: %{python_module bleach >= 3.3.1}
BuildRequires: %{python_module blinker >= 1.4}
BuildRequires: %{python_module cachetools >= 3.1.0}
-BuildRequires: %{python_module cryptography >= 2.1.4}
+BuildRequires: %{python_module cryptography >= 3.4.8}
+BuildRequires: %{python_module dateutil}
BuildRequires: %{python_module email-validator >= 1.1.1}
BuildRequires: %{python_module itsdangerous >= 1.1.0}
BuildRequires: %{python_module passlib >= 1.7.2}
BuildRequires: %{python_module peewee >= 3.7.1}
-BuildRequires: %{python_module phonenumbers >= 8.11.1}
+BuildRequires: %{python_module phonenumbers >= 8.12.18}
BuildRequires: %{python_module pony}
BuildRequires: %{python_module pytest >= 6.2.5}
BuildRequires: %{python_module setuptools}
@@ -61,22 +59,23 @@
BuildRequires: fdupes
BuildRequires: python-rpm-macros
Requires: python-Flask >= 1.1.1
-Requires: python-Flask-Babel
+Requires: python-Flask-Babel >= 2.0.0
Requires: python-Flask-Login >= 0.4.1
Requires: python-Flask-Principal >= 0.4.0
Requires: python-Flask-WTF >= 0.14.3
Requires: python-Werkzeug >= 0.14.1
Requires: python-bcrypt >= 3.1.4
+Requires: python-bleach >= 3.3.1
Requires: python-blinker >= 1.4
-Requires: python-cryptography >= 2.1.4
+Requires: python-cryptography >= 3.4.8
Requires: python-email-validator >= 1.1.1
Requires: python-itsdangerous >= 1.1.0
Requires: python-passlib >= 1.7.2
Recommends: python-PyQRCode >= 1.2
-Recommends: python-SQLAlchemy >= 1.2.6
+Recommends: python-SQLAlchemy >= 1.3.24
Recommends: python-zxcvbn >= 4.4.28
Suggests: python-argon2_cffi >= 19.1.0
-Suggests: python-phonenumbers >= 8.11.1
+Suggests: python-phonenumbers >= 8.12.18
Conflicts: python-Flask-Security < 3.2.0
Obsoletes: python-Flask-Security < 3.2.0
Provides: python-Flask-Security = %{version}
++++++ Flask-Security-Too-4.1.3.tar.gz -> Flask-Security-Too-5.0.2.tar.gz ++++++
++++ 39914 lines of diff (skipped)
++++++ no-mongodb.patch ++++++
--- /var/tmp/diff_new_pack.5SYDBX/_old 2022-10-03 15:59:31.830974893 +0200
+++ /var/tmp/diff_new_pack.5SYDBX/_new 2022-10-03 15:59:31.834974902 +0200
@@ -1,23 +1,23 @@
-Index: Flask-Security-Too-4.1.2/tests/conftest.py
+Index: Flask-Security-Too-5.0.2/tests/conftest.py
===================================================================
---- Flask-Security-Too-4.1.2.orig/tests/conftest.py
-+++ Flask-Security-Too-4.1.2/tests/conftest.py
-@@ -683,7 +683,7 @@ def client_nc(request, sqlalchemy_app):
+--- Flask-Security-Too-5.0.2.orig/tests/conftest.py
++++ Flask-Security-Too-5.0.2/tests/conftest.py
+@@ -862,7 +862,7 @@ def client_nc(request, sqlalchemy_app):
return app.test_client(use_cookies=False)
-@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-mongo", "cl-peewee"])
+@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-peewee"])
- def clients(request, app, tmpdir, realdburl):
+ def clients(request, app, tmpdir, realdburl, realmongodburl):
if request.param == "cl-sqlalchemy":
ds = sqlalchemy_setup(request, app, tmpdir, realdburl)
-@@ -729,7 +729,7 @@ def get_message_local(app):
+@@ -908,7 +908,7 @@ def get_message_local(app):
@pytest.fixture(
- params=["sqlalchemy", "sqlalchemy-session", "mongoengine", "peewee",
"pony"]
+ params=["sqlalchemy", "sqlalchemy-session", "peewee", "pony"]
)
- def datastore(request, app, tmpdir, realdburl):
+ def datastore(request, app, tmpdir, realdburl, realmongodburl):
if request.param == "sqlalchemy":
++++++ use-pyqrcodeng.patch ++++++
--- /var/tmp/diff_new_pack.5SYDBX/_old 2022-10-03 15:59:31.846974925 +0200
+++ /var/tmp/diff_new_pack.5SYDBX/_new 2022-10-03 15:59:31.850974934 +0200
@@ -1,30 +1,37 @@
-Index: Flask-Security-Too-4.1.2/flask_security/core.py
+Index: Flask-Security-Too-5.0.2/flask_security/core.py
===================================================================
---- Flask-Security-Too-4.1.2.orig/flask_security/core.py
-+++ Flask-Security-Too-4.1.2/flask_security/core.py
-@@ -1411,7 +1411,7 @@ class Security:
+--- Flask-Security-Too-5.0.2.orig/flask_security/core.py
++++ Flask-Security-Too-5.0.2/flask_security/core.py
+@@ -1523,7 +1523,7 @@ class Security:
and "authenticator" in cv("TWO_FACTOR_ENABLED_METHODS",
app=app)
)
if need_qrcode:
-- self._check_modules("pyqrcode", "TWO_FACTOR or
UNIFIED_SIGNIN")
+- self._check_modules("qrcode", "TWO_FACTOR or UNIFIED_SIGNIN")
+ self._check_modules("pyqrcodeng", "TWO_FACTOR or
UNIFIED_SIGNIN")
need_sms = (
cv("UNIFIED_SIGNIN", app=app)
-Index: Flask-Security-Too-4.1.2/flask_security/totp.py
+Index: Flask-Security-Too-5.0.2/flask_security/totp.py
===================================================================
---- Flask-Security-Too-4.1.2.orig/flask_security/totp.py
-+++ Flask-Security-Too-4.1.2/flask_security/totp.py
-@@ -139,9 +139,9 @@ class Totp:
+--- Flask-Security-Too-5.0.2.orig/flask_security/totp.py
++++ Flask-Security-Too-5.0.2/flask_security/totp.py
+@@ -140,15 +140,11 @@ class Totp:
.. versionadded:: 4.0.0
"""
try:
-- import pyqrcode
+- import qrcode
+- import qrcode.image.svg
+ import pyqrcodeng
-- code = pyqrcode.create(self.get_totp_uri(username, totp))
-+ code = pyqrcodeng.create(self.get_totp_uri(username, totp))
+- image = qrcode.make(
+- self.get_totp_uri(username, totp),
+- image_factory=qrcode.image.svg.SvgImage,
+- )
++ image = pyqrcodeng.create(self.get_totp_uri(username, totp))
with io.BytesIO() as virtual_file:
- code.svg(file=virtual_file, scale=3)
+- image.save(virtual_file)
++ image.svg(virtual_file, scale=1)
image_as_str =
base64.b64encode(virtual_file.getvalue()).decode("ascii")
+
+ return f"data:image/svg+xml;base64,{image_as_str}"
