- Add patch support-python-312.patch:
  * Support Python 3.12 changes.

• Files Changed
• Browse Source

- Update to 5.3.3:
  Fix for CVE-2023-49438 (bsc#1218412).
- Refresh patches:
  - no-mongodb.patch
  - use-pyqrcodeng.patch

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to 5.3.2:
  * Update Quickstart to show how to properly handle SQLAlchemy connections.
  * Auth Token not returned from /tf-validate.
  * Fix for latest email_validator deprecation - bump minimum to 2.0.0
  * Deprecate passing in the anonymous_user class
  * Compatability with Flask 3.0
  * Revert change in 5.3.0 that added a Referrer-Policy header.
  * Fix 'next' propagation when passed as form.next
- Drop patch filterwarnings-ignore-pkg_resources.patch, no longer needed

• Files Changed
• Browse Source

- Add required python-requests build dependency to fix tests.

• Files Changed
• Browse Source

- Update to 5.3.0:
  * Improvements to recoverability and confirmation to align with
    OWASP best practices and reduce possible exploitation.
  * Webauthn Updates to handling of transport.
  * Fix MongoDB support by eliminating dependency on flask-mongoengine. Improve MongoDB quickstart.
  * Fix Quickstart for SQLAlchemy with scoped session.
  * Login no longer, by default, checks for email deliverability.
  * Token authentication is no longer accepted on endpoints which only allow 'session' as authentication-method. (N247S)
  * /reset and /confirm and GENERIC_RESPONSES and additional form args don't mix.
  * Reset password can be exploited and other OWASP improvements.
  * Confirmation can be exploited and other OWASP improvements.
  * Convert to pyproject.toml, build, remove setup.py/.cfg.
  * the tf_validity feature now ONLY sets a cookie - and the token is no longer returned as part of a JSON response.
  * Fix login/unified signin templates to properly send CSRF token. Add more tests.
  * Improve Social Oauth example code.
- 5.2.0:
  * Small updates to work with latest Flask/Werkzeug.
  * Drop support for Python 3.7
  * Drop support for older versions of dependent packages (such as Flask).
  * Remove old Werkzeug compatibility check.
  * Compatibility with Quart.
  * Remove dependence on pkg_resources / setuptools (use importlib_resources package)
  * Fix tests to work with latest Werkzeug/Flask. Update requirements_low to match current releases.
  * Drop support for Python 3.7
- 5.1.2:
  * Hungarian translations not working.
  * Fix documentation for send_mail. (gg)
  * Fix for latest mongoengine and mongomock.
  * Fix inappropriate use of &thinsp& in French translations. (maxdup)
  * Improve documentation around subclassing forms.

• Files Changed
• Browse Source

- Add patch filterwarnings-ignore-pkg_resources.patch:
  * Filter out DeprecationWarning for pkg_resources.
- Add Authlib to BuildRequires.

• Files Changed
• Browse Source

- Update to 5.1.1:
  * Fix 2 Flask apps in same thread with USERNAME_ENABLE set. There was a
    too aggressive config check.
  * Fix json/flask backwards compatibility hack.
  * Fix unified signup when two-factor not enabled. (sebdroid)
  * Add dependency on setuptools (pkg_resources). (hroncok)
  * Option to encrypt recovery codes.
  * Support for authentication via 'social' oauth.
  * Support for Python 3.11
  * Fixes for Flask-SQLAlchemy 3.0.0. (jrast)
  * Fixes for sqlalchemy 2.0.0 (jrast)
  * Webauthn and Unified signin features now properly take into account
    blueprint prefixes.
  * Properly propagate ?next=/xx - the verify, webauthn, and unified signin
    endpoints, that had multiple redirects, needed fixes.
  * Two factor redirects ignored url_prefix. Added a
    SECURITY_TWO_FACTOR_ERROR_VIEW configuration option.
  * Add configurations for static folder/URL and make sure templates
    reference blueprint relative static folder.
  * Send entire context to MailUtil::send_mail (patrickyan)
  * Support for Flask-Babel 3.0.0
  * Add configuration option SECURITY_TWO_FACTOR_POST_SETUP_VIEW which is
    redirected to upon successful change of a two factor method.
  * The ability to pass in a LoginManager instance which was deprecated in
    5.0 has been removed.
- Drop patch support-Flask-SQLAlchemy-3.0.patch, now included upstream.
- Refresh all other patches.

• Files Changed
• Browse Source

- Add patch support-Flask-SQLAlchemy-3.0.patch:
  * Support Flask-SQLAlchemy >= 3.0

• Files Changed
• Browse Source

- Upate to 5.0.2:
  * Role permissions backwards compatibility bug.
  * Fix Change Password regression.
  * Support for WebAuthn.
  * Support Two-factor recovery codes.
  * Provide option to prevent user enumeration (i.e. Generic Responses).
  * Support for Python 3.10.
  * Support for Flask >= 2.2.
  * Add custom HTML attributes to improve user experience.
  * Make the required zxcvbn complexity score configurable.
  * Get rid of Flask-Mail. Flask-Mailman is now the default preferred email
    package.
  * A delete option has been added to us-setup (form and view).
  * Improve username support - the LoginForm now has a separate field for
    username.
  * Fix test and other failures with newer Flask-Login/Werkzeug versions.
  * Fix test failures with newer Flask versions.
- Drop patch endswith-assert.patch:
  * Included upstream.
- Rebase patches no-mongodb.patch and use-pyqrcodeng.patch
- Update {Build,}Requires versions.

• Files Changed
• Browse Source

- Use email-validator, not email_validator package name.

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

- Update to 4.1.2:
  * default_reauthn_handler doesn't honor SECURITY_URL_PREFIX
  * Add public API and CLI command to change a user's password.
  * Add type hints. Please note that many of the packages that flask-security
  * Add first-class support for using username for signing in.
  * Possible open redirect vulnerability.
  * Improve cookie handling and default ``samesite`` to ``Strict``.
  * Email validation confusion - added documentation.
  * Add documentation on how to override specific error messages.
  * Don't install global-scope tests.
  * Add Blinker as explicit dependency, improve/fix celery usage docs,
    don't require pyqrcode unless authenticator configured, improve SMS
    configuration variables documentation.
  * Your UserModel must contain ``fs_uniquifier``
  * Removal of python 2.7 and <3.6 support
  * Remove two-factor `/tf-confirm` endpoint and use generic `freshness`
    mechanism.
  * Remove ``SECURITY_BACKWARDS_COMPAT_AUTH_TOKEN_INVALID(ATE)``. In
    addition to not making sense - the documentation has never been correct.
  * Add 2FA Validity Window so an application can configure how often the
    second factor has to be entered.
  * Add HTML5 Email input types to email fields.
- Refresh no-mongodb.patch
- Drop patches:
  * no-setup-dependencies.patch
  * fix-dependencies.patch
  * 0001-Do-not-raise-a-TypeError-exception-if-phone.data-is-.patch
- Add patch use-pyqrcodeng.patch:
  * Use pyqrcodeng rather than pyqrcode.

• Files Changed
• Browse Source

Automatic submission by obs-autosubmit

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source

• Files Changed
• Browse Source