python-pyspnego/python-pyspnego.changes

-------------------------------------------------------------------
Mon Nov 11 20:27:41 UTC 2024 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.11.2
  * Fix CredSSP acceptor with LibreSSL.
  * Bump dev deps and add 3.13 support.
  * Update integration tests for 3.13.

-------------------------------------------------------------------
Mon Aug  5 19:04:53 UTC 2024 - Dirk Müller <dmueller@suse.com>

- update to 0.11.1:
  * Import `ARC4` cipher from the new `decrepits` module sub-
    package, this removes the warning issued in newer versions of
    the `cryptography` library

-------------------------------------------------------------------
Thu Jun 20 07:36:41 UTC 2024 - Dirk Müller <dmueller@suse.com>

- update to 0.11.0:
  * Support input password string encoded with the
    `surrogatepass` error option
  * This allows the caller to provide a password for a gMSA or
    machine account that could contain invalid surrogate pairs
    for both NTLM and Kerberos auth.
  * Stop using deprecated `datetime.dateime.utcnow()` for CredSSP
    acceptor context

-------------------------------------------------------------------
Sat Jun  8 22:35:51 UTC 2024 - Dirk Müller <dmueller@suse.com>

- update to 0.10.2:
  * Another rename of the `sspi` package dependency to `sspilib`
  * Rename `sspi` package dependency to `sspic` to avoid
    conflicts with pywin32
  * Drop support for Python 3.7 - new minimum is 3.8+
  * Moved SSPI bindings out into a separate package called `sspi`
    This simplifies this project as it doesn't have to worry
    about SSPI correctness.  The `sspi` package improves
    performance and memory allocation with a more robust API
  * Fixes an issue with Cython 3 allowing it to align with more
    modern versions going forward

-------------------------------------------------------------------
Mon Sep  4 18:26:17 UTC 2023 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.9.2
  * Only CI related changes
- Update to version 0.9.1
  * Always set the NTLMSSP_REQUEST_VERSION flag on the
    NTLM Negotiate message.  This aligns the behaviour with how
    SSPI generates this message.

-------------------------------------------------------------------
Wed May 10 07:03:54 UTC 2023 - Dirk Müller <dmueller@suse.com>

- update to 0.9.0:
  * Added the `spnego.ContextReq.dce_style` flag to enable DCE
    authentication mode
  * The value for `spnego.iov.BufferType.sign_only` on SSPI has
    changed from representing `SECBUFFER_MECHLIST` to
    `SECBUFFER_READONLY_WITH_CHECKSUM`
  * Added the IOV buffer type
    `spnego.iov.BufferType.data_readonly`
  * Added limited support for `wrap_iov` and `unwrap_iov` in the
    Python NTLM context provider.
  * Added the `query_message_sizes()` function on a context to
    retrieve the important message sizes
    Currently this only contains the size of the message
    `header`, also known as the signature or security trailer
  * Added the `spnego.ContextReq.no_integrity` flag to disable
    integrity/confidentiality on Kerberos/Negotiate contexts
  * Added optional kwargs to `step()` on a security context
    `channel_bindings`
  * Added support for decoding the following TLS payloads with
    `python -m spnego --token ...`
          * Client Hello
          * Server Hello
          * Certificate
          * Server Key Exchange
          * Client Key Exchange
          * Certificate Request
  * Added the `new_context()` method on the context proxies to
    provide an easy and efficient way to re-use the context
    credentials and options for a new context
  * Removed use of `gssntlmssp` to simplify codebase and ensure a
    consistent experience across OS versions
  * Using NTLM on a non-Windows system will use the Python NTLM
    implementation instead

-------------------------------------------------------------------
Tue May  9 13:49:10 UTC 2023 - Johannes Kastl <kastl@b1-systems.de>

- add sle15_python_module_pythons

-------------------------------------------------------------------
Wed Nov  9 18:35:52 UTC 2022 - Yogalakshmi Arunachalam <yarunachalam@suse.com>

- Update to 0.6.3
  * Ignore GSS_S_NO_CONTEXT errors on GSSAPI after stepping through the token exchange before the context is complete
    This is raised by MIT krb5 before 1.14.x and can be ignored

- Update to 0.6.2
  * Fix up sdist and wheels to include py.typed type annotation marker

- Update to 0.6.1
  * Added Python 3.11 wheel

-------------------------------------------------------------------
Fri Oct 28 20:23:03 UTC 2022 - Yogalakshmi Arunachalam <yarunachalam@suse.com>

- Update to 0.6.0
  * Drop support for Python 3.6 - new minimum is 3.7+
  * Moved setuptools config into pyproject.toml and made Cython a build requirement for Windows
     For most users this is a hidden change
     If a tool follows the PEP 517 standard, like pip, this build dependency will work automatically
     The pre cythonised files are no longer included in the sdist going forward

- Update to 0.5.4
  * Fix str of enum values when running in Python 3.11 to be consistent with older versions
  * Support gssapi on 1.5.x which comes with RHEL 8.

- Update to 0.5.3
  * Fix heap allocation errors when running with heap allocation monitoring on Windows

- Update to 0.5.2
  * Added custom MD4 hashing code for NTLM to use.
     Newer Linux distributions ship with OpenSSL 3.x which typically disables MD4 breaking the use of hashlib.new('md4', b"")
     Using this custom code allows NTLM to continue to work
     While it's bad to continue to use older hashing mechanisms in this case there is no valid alternative available

- Update to 0.5.1
  * Call gss_inquire_sec_context_by_oid(ctx, spnego_req_mechlistMIC_oid) when using pure NTLM over GSSAPI to ensure the token contains a MIC

-------------------------------------------------------------------
Sat Oct  1 12:14:25 UTC 2022 - Dirk Müller <dmueller@suse.com>

- update to 0.5.0:
  * Added the `auth_stage` extra_info for a CredSSP context to give a human
    friendly indication of what sub auth stage it is up to.
  * Added the `protocol_version` extra_info for a CredSSP context to return the
    negotiated CredSSP protocol version.
  * Added the `credssp_min_protocol` keyword argument for a CredSSP context to
    set a minimum version the caller will accept of the peer.
    * This can be set to `5+` to ensure the peer supports and applies the mitigations for CVE-2018-0886.
  * Added safeguards when trying to retrieve the completed context attributes
    of `NegotiateProxy` before any contexts have been set up

-------------------------------------------------------------------
Tue Feb 22 09:26:20 UTC 2022 - Dirk Müller <dmueller@suse.com>

- update to 0.4.0:
  * Add `usage` argument for `tls.default_tls_context` to control whether the
    context is for a initiator or acceptor
  * Add type annotations and include `py.typed` in the package for downstream
    library use
  * Expose the `ContextProxy` class for type annotation use
  * Added `get_extra_info` to `ContextProxy` to expose a common way to retrieve
    context specific information, this is currently used by CredSSP to retrieve
    * `client_credential`: The delegated client credential for acceptors
      once the context is complete
    * `sslcontext`: The SSL context used to create the TLS object
    * `ssl_object`: The TLS object used during the CredSSP exchange
  * The `client_credential` property on `CredSSP` has been removed in
    favour of `context.get_extra_info('client_credential')
  * Added support for custom credential types
    * Can be used to for things like NTLM authentication with NT/LM hashes,
      Kerberos with a keytab or from an explicit CCache, etc
  * Support calling SSPI through `pyspnego`'s Negotiate proxy context
    * This allows users on Windows to still use Negotiate auth but with a
       complex set of credentials
    * Also opens up the ability to use Negotiate but only with Kerberos auth
  * The `username` and `password` property on the auth context object are
    deprecated and will return `None` until it is removed in a future release

-------------------------------------------------------------------
Sat Nov  6 11:10:17 UTC 2021 - Ben Greiner <code@bnavigator.de>

- Reactivate python36 build

-------------------------------------------------------------------
Fri Oct 29 18:44:17 UTC 2021 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.3.1
  * Do not convert GSSAPI service to lowercase for GSSAPI and
    uppercase for SSPI
    * SPNs are case insensitive on Windows but case sensitive on
      Linux
    * Convering the service portion to upper or lower case could
      cause problems finding the target server on non-Windows
      GSSAPI implementations

-------------------------------------------------------------------
Mon Oct 25 19:41:06 UTC 2021 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.3.0
  Packaging Changes
  * Changed project structure to a src layout
  * Include both Cython pyx/pyd and C files for SSPI in the
    sdist generated
  * Added Python 3.10 wheel
  Bugfixes
  * Ensure bad SPNEGO token inputs are raised as InvalidTokenError
    rather than struct.error
- Update to version 0.2.0
  Breaking Changes
  * Drop support for Python 2.7 and 3.5 - new minimum is 3.6+
  * Made the gss, negotiate, ntlm, sspi exports private, use the
    spnego.client and spnego.server functions instead
    + A deprecation warning is raised when importing from these
      package directly and this will be removed in the next major
      release
  Features
  * Added support for CredSSP authentication using
    protocol='credssp'
  * Allow optional keyword arguments to be used with spnego.client
    and spnego.server to control authentication specific options
  Bugfixes
  * Use Kerberos API to acquire Kerberos credential to get a
    forwardable token in a thread safe manner
  * Fix default credential logic when no username is provided
    based on GSSAPI rules rather than just the default principal
  * Ignore SPNEGO mechListMIC if it contains the same value as
    the responseToken due to an old Windows SPNEGO logic bug.
  * Do not use SSPI when auth='ntlm' and the password is in the
    form {lm_hash}:{nt_hash}

-------------------------------------------------------------------
Thu May 13 16:27:28 UTC 2021 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.1.6
  * Change enum type of iov.BufferType to IntEnum to fix load on
    Python 3.10 - #10
  * Make pyspnego-parse and entry point which uses __main__.py in
    the spnego package. This allows users to use the parser script
    by running python -m spnego --token ...

-------------------------------------------------------------------
Tue Jan 12 09:47:29 UTC 2021 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.1.5
  * Respect NETBIOS_COMPUTER_NAME when getting the workstation
    name for NTLM tokens. This matches the behaviour of gss-ntlmssp
    to ensure a consistent approach.

-------------------------------------------------------------------
Fri Dec  4 08:13:16 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.1.4
  * Only send negState: request-mic for the first reply from an
    acceptor for Negotiate auth.
  * Strict interpretations of SPNEGO will fail if the initiator
    sends this state as it is against the RFC.

-------------------------------------------------------------------
Thu Oct 29 16:47:02 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.1.3
  * Added Python 3.9 to CI

-------------------------------------------------------------------
Sun Oct 25 15:53:36 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Update to version 0.1.2
  * Fix up WinRM wrapping on SSPI
- Update to version 0.1.1
  * Include the cython files in the built sdist

-------------------------------------------------------------------
Sat Aug 22 14:27:14 UTC 2020 - Martin Hauke <mardnh@gmx.de>

- Initial package, version 0.1.0