python-Flask-Security-Too
No description set
- Sources inherited from project SUSE:SLE-15-SP6:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout SUSE:SLE-15-SP6:Update/python-Flask-Security-Too && cd $_ - Create Badge
Refresh
Refresh
Source Files
| Filename | Size | Changed |
|---|---|---|
| Flask-Security-Too-5.3.3.tar.gz | 0000616595 602 KB | |
| no-mongodb.patch | 0000000875 875 Bytes | |
| python-Flask-Security-Too.changes | 0000016553 16.2 KB | |
| python-Flask-Security-Too.spec | 0000004776 4.66 KB | |
| use-pyqrcodeng.patch | 0000001368 1.34 KB |
Latest Revision
Ruediger Oertel (oertel)
committed
(revision 2)
Update package python-Flask-Security-Too from 3.4.2 to 5.3.3 (jsc#PED-7230)
Patches removed on purpose. They were never part of this timeline and
the fixes are already included:
* CVE-2021-21241-GET-reqs-auth-token.patch
* fix-open-redirect.patch
------------------------------------------------------------------------
Index: no-mongodb.patch
===================================================================
--- no-mongodb.patch (revision 2)
+++ no-mongodb.patch (revision f91a5b1929c505490644cee5f0373299)
@@ -1,13 +1,24 @@
-Index: Flask-Security-Too-3.4.0/tests/conftest.py
-===================================================================
---- Flask-Security-Too-3.4.0.orig/tests/conftest.py
-+++ Flask-Security-Too-3.4.0/tests/conftest.py
-@@ -617,7 +617,7 @@ def get_message(app):
+---
+ tests/conftest.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/tests/conftest.py
++++ b/tests/conftest.py
+@@ -891,7 +891,7 @@ def client_nc(request, sqlalchemy_app):
+ return app.test_client(use_cookies=False)
+
+
+-@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-mongo", "cl-peewee"])
++@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-peewee"])
+ def clients(request, app, tmpdir, realdburl, realmongodburl):
+ if request.param == "cl-sqlalchemy":
+ ds = sqlalchemy_setup(request, app, tmpdir, realdburl)
+@@ -937,7 +937,7 @@ def get_message_local(app):
@pytest.fixture(
- params=["sqlalchemy", "sqlalchemy-session", "mongoengine", "peewee", "pony"]
+ params=["sqlalchemy", "sqlalchemy-session", "peewee", "pony"]
)
- def datastore(request, app, tmpdir, realdburl):
+ def datastore(request, app, tmpdir, realdburl, realmongodburl):
if request.param == "sqlalchemy":
Index: python-Flask-Security-Too.changes
===================================================================
--- python-Flask-Security-Too.changes (revision 2)
+++ python-Flask-Security-Too.changes (revision f91a5b1929c505490644cee5f0373299)
@@ -1,17 +1,274 @@
-------------------------------------------------------------------
-Wed Sep 21 15:03:23 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>
+Sat Jan 6 20:55:19 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
-- Add fix-open-redirect.patch fixing bsc#1202105 (CVE-2021-23385) to avoid open
- redirect. This patch is based on the upstream pull request,
- gh#flask-middleware/flask-security#489, that fixes the upstream issue
- gh#flask-middleware/flask-security#486
+- Update to 5.3.3:
+ Fix for CVE-2023-49438 (bsc#1218412).
+- Refresh patches:
+ - no-mongodb.patch
+ - use-pyqrcodeng.patch
-------------------------------------------------------------------
-Sun Aug 21 16:58:33 UTC 2022 - Matej Cepl <mcepl@suse.com>
+Thu Nov 30 13:24:31 UTC 2023 - Antonio Larrosa <alarrosa@suse.com>
-- Add CVE-2021-21241-GET-reqs-auth-token.patch fixing bsc#1181058
- (CVE-2021-21241) avoiding leak of authentication token in GET
- request.
+- Add %{?sle15_python_module_pythons}
+
+-------------------------------------------------------------------
+Mon Nov 27 06:29:23 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 5.3.2:
+ * Update Quickstart to show how to properly handle SQLAlchemy connections.
+ * Auth Token not returned from /tf-validate.
+ * Fix for latest email_validator deprecation - bump minimum to 2.0.0
+ * Deprecate passing in the anonymous_user class
+ * Compatability with Flask 3.0
+ * Revert change in 5.3.0 that added a Referrer-Policy header.
+ * Fix 'next' propagation when passed as form.next
+- Drop patch filterwarnings-ignore-pkg_resources.patch, no longer needed
+
+
+-------------------------------------------------------------------
+Tue Oct 3 06:10:21 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add required python-requests build dependency to fix tests.
+
+-------------------------------------------------------------------
+Thu Aug 3 11:48:11 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 5.3.0:
+ * Improvements to recoverability and confirmation to align with
+ OWASP best practices and reduce pos
Comments 0