python-Flask-Security-Too
No description set
- Sources inherited from project SUSE:SLE-15-SP6:GA
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout SUSE:SLE-15-SP6:Update/python-Flask-Security-Too && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
Flask-Security-Too-5.3.3.tar.gz | 0000616595 602 KB | |
no-mongodb.patch | 0000000875 875 Bytes | |
python-Flask-Security-Too.changes | 0000016553 16.2 KB | |
python-Flask-Security-Too.spec | 0000004776 4.66 KB | |
use-pyqrcodeng.patch | 0000001368 1.34 KB |
Latest Revision
Ruediger Oertel (oertel)
committed
(revision 2)
Update package python-Flask-Security-Too from 3.4.2 to 5.3.3 (jsc#PED-7230) Patches removed on purpose. They were never part of this timeline and the fixes are already included: * CVE-2021-21241-GET-reqs-auth-token.patch * fix-open-redirect.patch ------------------------------------------------------------------------ Index: no-mongodb.patch =================================================================== --- no-mongodb.patch (revision 2) +++ no-mongodb.patch (revision f91a5b1929c505490644cee5f0373299) @@ -1,13 +1,24 @@ -Index: Flask-Security-Too-3.4.0/tests/conftest.py -=================================================================== ---- Flask-Security-Too-3.4.0.orig/tests/conftest.py -+++ Flask-Security-Too-3.4.0/tests/conftest.py -@@ -617,7 +617,7 @@ def get_message(app): +--- + tests/conftest.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +--- a/tests/conftest.py ++++ b/tests/conftest.py +@@ -891,7 +891,7 @@ def client_nc(request, sqlalchemy_app): + return app.test_client(use_cookies=False) + + +-@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-mongo", "cl-peewee"]) ++@pytest.fixture(params=["cl-sqlalchemy", "c2", "cl-peewee"]) + def clients(request, app, tmpdir, realdburl, realmongodburl): + if request.param == "cl-sqlalchemy": + ds = sqlalchemy_setup(request, app, tmpdir, realdburl) +@@ -937,7 +937,7 @@ def get_message_local(app): @pytest.fixture( - params=["sqlalchemy", "sqlalchemy-session", "mongoengine", "peewee", "pony"] + params=["sqlalchemy", "sqlalchemy-session", "peewee", "pony"] ) - def datastore(request, app, tmpdir, realdburl): + def datastore(request, app, tmpdir, realdburl, realmongodburl): if request.param == "sqlalchemy": Index: python-Flask-Security-Too.changes =================================================================== --- python-Flask-Security-Too.changes (revision 2) +++ python-Flask-Security-Too.changes (revision f91a5b1929c505490644cee5f0373299) @@ -1,17 +1,274 @@ ------------------------------------------------------------------- -Wed Sep 21 15:03:23 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com> +Sat Jan 6 20:55:19 UTC 2024 - Matej Cepl <mcepl@cepl.eu> -- Add fix-open-redirect.patch fixing bsc#1202105 (CVE-2021-23385) to avoid open - redirect. This patch is based on the upstream pull request, - gh#flask-middleware/flask-security#489, that fixes the upstream issue - gh#flask-middleware/flask-security#486 +- Update to 5.3.3: + Fix for CVE-2023-49438 (bsc#1218412). +- Refresh patches: + - no-mongodb.patch + - use-pyqrcodeng.patch ------------------------------------------------------------------- -Sun Aug 21 16:58:33 UTC 2022 - Matej Cepl <mcepl@suse.com> +Thu Nov 30 13:24:31 UTC 2023 - Antonio Larrosa <alarrosa@suse.com> -- Add CVE-2021-21241-GET-reqs-auth-token.patch fixing bsc#1181058 - (CVE-2021-21241) avoiding leak of authentication token in GET - request. +- Add %{?sle15_python_module_pythons} + +------------------------------------------------------------------- +Mon Nov 27 06:29:23 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com> + +- Update to 5.3.2: + * Update Quickstart to show how to properly handle SQLAlchemy connections. + * Auth Token not returned from /tf-validate. + * Fix for latest email_validator deprecation - bump minimum to 2.0.0 + * Deprecate passing in the anonymous_user class + * Compatability with Flask 3.0 + * Revert change in 5.3.0 that added a Referrer-Policy header. + * Fix 'next' propagation when passed as form.next +- Drop patch filterwarnings-ignore-pkg_resources.patch, no longer needed + + +------------------------------------------------------------------- +Tue Oct 3 06:10:21 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com> + +- Add required python-requests build dependency to fix tests. + +------------------------------------------------------------------- +Thu Aug 3 11:48:11 UTC 2023 - Daniel Garcia <daniel.garcia@suse.com> + +- Update to 5.3.0: + * Improvements to recoverability and confirmation to align with + OWASP best practices and reduce pos
Comments 0