Sync from SUSE:SLFO:Main python-jwcrypto revision 22e6425b966fdabe84cfeeeec98bb92c

.gitattributes

@@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text

python-jwcrypto.changes

@@ -0,0 +1,174 @@
+-------------------------------------------------------------------
+Tue Mar 19 07:14:44 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.5.6 (bsc#1221230, CVE-2024-28102):
+  * Address potential DoS with high compression ratio
+    (CVE-2024-28102)
+- update to 1.5.4:
+  * One more release bump to address issues with
+    typing_extensions minimum required version
+- update to 1.5.3:
+  * Drop python 3.6 and 3.7 and add 3.11 support
+  * replace deprecated package with typing_extensions
+
+-------------------------------------------------------------------
+Tue Jan  2 21:07:17 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.5.1:
+  * Fix X22519 import/export from PEM
+  * Read the Docs now requires a config file
+  * chore: refactor for removing pdb symbols
+  * Fix potential DoS issue with p2c header
+
+-------------------------------------------------------------------
+Thu Dec  7 22:03:04 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
+- update to 1.5.0:
+  * Minor bugfixes and the addition of Brainpool curves.
+  * Raising the bar for minimum pyca/cryptography
+  * Fix typos with codespell
+  * Add codespell checks in CI
+  * Add Brainpool EC-curves support
+  * Fix error message
+  * Fix  assorted CI issue
+  * Better support for algorithms that have different input
+    keysize requirement
+
+-------------------------------------------------------------------
+Fri Nov 18 14:57:01 UTC 2022 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.4.2 which also fixes CVE-2022-3102
+  too many other changes to be listed here
+
+-------------------------------------------------------------------
+Wed Dec  8 14:25:36 UTC 2021 - pgajdos@suse.com
+
+- do not require pytest-runner for build, not required
+
+-------------------------------------------------------------------
+Thu Aug  5 19:05:35 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- update to 1.0
+  * Create SECURITY.md
+  * Allow empty payloads in JWS tokens
+  * Add tests to check empty payload support
+  * Drop python2 compatibility
+  * Fix python3 pylint issues
+  * Add explicit support to check 'typ' in JWT
+  * Drop support for importing old MutableMapping
+  * Disable annoying pep8 naming checks
+
+-------------------------------------------------------------------
+Sat Jun 12 16:31:12 UTC 2021 - Michael Ströder <michael@stroeder.com>
+
+- added Requires: python-Deprecated
+- update to upstream release 0.9.1
+  * Create codeql-analysis.yml
+  * Add back ppc64le CI
+  * Actually add the split out ppc64le action
+  * Silence a test warning
+  * Remove the _params abstraction and simplify JWK
+  * Fix crash in exception handler
+  * Add test for Issue 209
+  * Fix keyset import with similar keys
+  * Test fix for Issue 208
+  * Add __repr__() to mask keys
+  * Adding Power support(ppc64le) with ci and testing to the project for architecture independent
+  * Added six as a dependency to avoid import error
+  * Make sure an empty dict is a valid JWT payload
+  * Turn JWK into a dict-like object
+  * Go one step further and provide access as attrs
+  * Drop support for py34 as it stopped working on F33
+  * Deprecate RSA1_5 and remove from defaults
+  * Make PBES2 behave like all other algorithms
+  * Enforce protected header in compact serilization
+  * Fix importing Public EC keys from PEM files
+  * Installation instructions + extra badges
+  * RFC 8812 - Add Default allowed algorithms
+
+-------------------------------------------------------------------
+Sun Sep  6 19:25:26 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
+
+- Use constraints on the cryptography dependency
+
+-------------------------------------------------------------------
+Sun Sep  6 14:51:40 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- update to upstream release 0.8
+  * Fix some documentation typos
+  * Rename ambiguous variable
+  * Remove cap on sphinx version
+  * Fix okp key type import
+  * Add method to export Keys ans Sets as dictionaries
+  * Typo rectified
+  * Add secp256k1 curve
+
+-------------------------------------------------------------------
+Mon Mar 30 08:15:59 UTC 2020 - Michael Ströder <michael@stroeder.com>
+
+- update to upstream release 0.7.0
+  * Allow to use JWKSet on a JWT with no KID
+  * Fixed JWE jose_header
+  * Added JWE/JWS custom registry header implementation
+  * RFC 8037 - Support for Ed25519, Ed448
+  * Stricter OKP key generation parms check
+  * Add X25519/X448 support
+  * Simplify internal code curve selection
+  * Fix encoding length of EC keys Coordinates
+  * Add the ability to verify 'none' signatures
+  * Import ABC from collections.abc instead of collections for Python 3.9 compatibility
+
+-------------------------------------------------------------------
+Fri Mar 22 18:45:19 UTC 2019 - Michael Ströder <michael@stroeder.com>
+
+- update to upstream release 0.6.0
+  * Use python-cryptography's AES key wrapping
+  * Add tests for key wrapping where CEK < KEK
+  * Fix ECDH-ES key exchange for CEK greater than KEK
+  * Add support for RFC7797
+  * Fix JWK.from_json
+
+-------------------------------------------------------------------
+Tue Dec  4 12:49:42 UTC 2018 - Matej Cepl <mcepl@suse.com>
+
+- Remove superfluous devel dependency for noarch package
+
+-------------------------------------------------------------------
+Wed Jun 27 20:45:14 UTC 2018 - michael@stroeder.com
+
+- update to upstream release 0.5.0:
+  * Better validation of JWE
+  * Avoid deprecation warnings
+  * Tested to work with python 3.7
+
+-------------------------------------------------------------------
+Mon Jun 25 14:05:59 UTC 2018 - mcepl@suse.com
+
+- Clean SPEC file
+
+-------------------------------------------------------------------
+Thu Aug 24 13:43:12 UTC 2017 - jmatejek@suse.com
+
+- singlespec auto-conversion
+
+-------------------------------------------------------------------
+Thu Aug  3 15:12:08 UTC 2017 - michael@stroeder.com
+
+- update to upstream release 0.4.2
+
+-------------------------------------------------------------------
+Mon Jul 24 19:54:55 UTC 2017 - michael@stroeder.com
+
+- update to upstream release 0.4.1
+
+-------------------------------------------------------------------
+Sat Dec  3 15:34:39 UTC 2016 - michael@stroeder.com
+
+- update to upstream release 0.4.0
+
+-------------------------------------------------------------------
+Fri Nov 11 17:51:23 UTC 2016 - michael@stroeder.com
+
+- initial package of upstream release 0.3.1
+
+

python-jwcrypto.spec

@@ -0,0 +1,70 @@
+#
+# spec file for package python-jwcrypto
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+%{?sle15_python_module_pythons}
+Name:           python-jwcrypto
+Version:        1.5.6
+Release:        0
+Summary:        Python module package implementing JOSE Web standards
+License:        LGPL-3.0-only
+URL:            https://github.com/latchset/jwcrypto
+Source:         https://files.pythonhosted.org/packages/source/j/jwcrypto/jwcrypto-%{version}.tar.gz
+BuildRequires:  %{python_module base >= 3.8}
+BuildRequires:  %{python_module cryptography >= 3.4}
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module typing-extensions >= 4.5.0}
+BuildRequires:  %{python_module wheel}
+BuildRequires:  fdupes
+BuildRequires:  python-rpm-macros
+Requires:       python-cryptography >= 3.4
+Requires:       python-typing-extensions >= 4.5.0
+BuildArch:      noarch
+%python_subpackages
+
+%description
+A Python implementation of the JOSE Working Group documents:
+RFC 7515 - JSON Web Signature (JWS)
+RFC 7516 - JSON Web Encryption (JWE)
+RFC 7517 - JSON Web Key (JWK)
+RFC 7518 - JSON Web Algorithms (JWA)
+RFC 7519 - JSON Web Token (JWT)
+RFC 7520 - Examples of Protecting Content Using JSON Object Signing and Encryption (JOSE)
+
+%prep
+%setup -q -n jwcrypto-%{version}
+
+%build
+%pyproject_wheel
+
+%install
+%pyproject_install
+rm -rv %{buildroot}%{_datadir}/doc/jwcrypto
+%python_expand %fdupes %{buildroot}%{$python_sitelib}
+
+%check
+%pytest jwcrypto
+
+%files %{python_files}
+%{python_sitelib}/jwcrypto
+%{python_sitelib}/jwcrypto-%{version}.dist-info
+%license LICENSE
+%doc README.md
+
+%changelog