diff --git a/authlib-1.6.1.tar.gz b/authlib-1.6.1.tar.gz deleted file mode 100644 index 8a1afc9..0000000 --- a/authlib-1.6.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d714698f818fd478161666c319e275f9ffedee3259b9a259360462734c24b5a2 -size 341053 diff --git a/authlib-1.6.5.tar.gz b/authlib-1.6.5.tar.gz new file mode 100644 index 0000000..643b1b1 --- /dev/null +++ b/authlib-1.6.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:488ea98a032cb803e3af502cef6db616d76735b631097bc661b2a9dd10db73cc +size 328496 diff --git a/python-Authlib.changes b/python-Authlib.changes index 23d9c81..c40fa06 100644 --- a/python-Authlib.changes +++ b/python-Authlib.changes @@ -1,3 +1,38 @@ +------------------------------------------------------------------- +Mon Oct 13 08:51:01 UTC 2025 - Nico Krapp + +- Update to 1.6.5 (fixes CVE-2025-61920, bsc#1251921) + * RFC7591 generate_client_info and generate_client_secret take a request + parameter. + * Add size limitation when decode JWS/JWE to prevent DoS. + * Add size limitation for DEF JWE zip algorithm. +- Update to 1.6.4 + * fix(jose): prevent public/unprotected header overwriting protected header + by @lepture in #809 + * Fix InsecureTransportError raising by @azmeuk in #810 + * Add conventional-commits pre-commit hook by @azmeuk in #811 + * Fix response_mode=form_post with Starlette client by @azmeuk in #812 + * Specify README.md as project long description by @EpicWink in #817 + * Migrate tests to pytest paradigm by @azmeuk in #813 + * jose/jws: Reject unprotected ‘crit’ and enforce type; add tests + by @AL-Cybision in #823 + * Use explicit *.test urls in unit tests by @azmeuk in #824 +- Update to 1.6.3 + * Add diff-cover check in GHA by @azmeuk in #803 + * Run GHA unit tests with uv by @azmeuk in #805 + * Move from pre-commit to prek by @azmeuk in #804 + * Sign OIDC id_token according to id_token_signed_response_alg client + metadata by @azmeuk in #802 +- Update to 1.6.2 + * Allow insecure transport for 127.0.0.1 for debugging + by @geigerzaehler in #788 + * Raise a MissingCodeError when code parameter is missing by @lepture in #786 + * Temporarily restore OAuth2Request body parameter by @azmeuk in #791 + * Raise MissingCodeException when code parameter is missing + by @lepture in #794 + * Fix id_token generation with EdDSA alg by @azmeuk in #800 +- Update test requirements + ------------------------------------------------------------------- Tue Aug 5 07:34:40 UTC 2025 - John Paul Adrian Glaubitz diff --git a/python-Authlib.spec b/python-Authlib.spec index af83ed4..70bfa0c 100644 --- a/python-Authlib.spec +++ b/python-Authlib.spec @@ -19,7 +19,7 @@ %define modname authlib %{?sle15_python_module_pythons} Name: python-Authlib -Version: 1.6.1 +Version: 1.6.5 Release: 0 Summary: Python library for building OAuth and OpenID Connect servers License: BSD-3-Clause @@ -41,7 +41,9 @@ BuildRequires: %{python_module cachelib} BuildRequires: %{python_module cryptography} BuildRequires: %{python_module httpx} BuildRequires: %{python_module pytest-asyncio} +BuildRequires: %{python_module pytest-django} BuildRequires: %{python_module pytest} +BuildRequires: %{python_module python-multipart} BuildRequires: %{python_module requests} BuildRequires: %{python_module starlette} BuildRequires: %{python_module typing_extensions} @@ -75,10 +77,9 @@ $python -mpytest tests/flask # gh#lepture/authlib#456 # $python -mpytest tests/jose -k 'not (test_dir_alg_xc20p or test_xc20p_content_encryption_decryption)' $python -mpytest tests/jose -export DJANGO_SETTINGS_MODULE=tests.clients.test_django.settings +export DJANGO_SETTINGS_MODULE=tests.django_settings $python -mpytest tests/clients -# export DJANGO_SETTINGS_MODULE=tests.django.settings -# $python -mpytest tests/django +$python -mpytest tests/django } %files %{python_files}