Accepting request 1311065 from devel:languages:python

- Update to 1.6.5 (fixes CVE-2025-61920, bsc#1251921)
  * RFC7591 generate_client_info and generate_client_secret take a request
    parameter.
  * Add size limitation when decode JWS/JWE to prevent DoS.
  * Add size limitation for DEF JWE zip algorithm.
- Update to 1.6.4
  * fix(jose): prevent public/unprotected header overwriting protected header
    by @lepture in #809
  * Fix InsecureTransportError raising by @azmeuk in #810
  * Add conventional-commits pre-commit hook by @azmeuk in #811
  * Fix response_mode=form_post with Starlette client by @azmeuk in #812
  * Specify README.md as project long description by @EpicWink in #817
  * Migrate tests to pytest paradigm by @azmeuk in #813
  * jose/jws: Reject unprotected ‘crit’ and enforce type; add tests
    by @AL-Cybision in #823
  * Use explicit *.test urls in unit tests by @azmeuk in #824
- Update to 1.6.3
  * Add diff-cover check in GHA by @azmeuk in #803
  * Run GHA unit tests with uv by @azmeuk in #805
  * Move from pre-commit to prek by @azmeuk in #804
  * Sign OIDC id_token according to id_token_signed_response_alg client
    metadata by @azmeuk in #802
- Update to 1.6.2
  * Allow insecure transport for 127.0.0.1 for debugging
    by @geigerzaehler in #788
  * Raise a MissingCodeError when code parameter is missing by @lepture in #786
  * Temporarily restore OAuth2Request body parameter by @azmeuk in #791
  * Raise MissingCodeException when code parameter is missing
    by @lepture in #794
  * Fix id_token generation with EdDSA alg by @azmeuk in #800
- Update test requirements (forwarded request 1311035 from nkrapp)

OBS-URL: https://build.opensuse.org/request/show/1311065
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Authlib?expand=0&rev=26

767-skip-xc20p-tests.patch

@@ -1,39 +0,0 @@
-From 8f823db3fe552b8337cce1eb4ec4207411c63d0b Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?=C3=89loi=20Rivard?= <eloi@yaal.coop>
-Date: Thu, 1 May 2025 10:04:21 +0200
-Subject: [PATCH] fix: skip xc20p unit tests when unavailable in cryptodome
-
----
- tests/jose/test_chacha20.py |    6 ++++++
- 1 file changed, 6 insertions(+)
-
-Index: authlib-1.5.2/tests/jose/test_chacha20.py
-===================================================================
---- authlib-1.5.2.orig/tests/jose/test_chacha20.py	2025-04-02 12:30:25.000000000 +0200
-+++ authlib-1.5.2/tests/jose/test_chacha20.py	2025-05-02 18:21:41.958090585 +0200
-@@ -1,5 +1,7 @@
- import unittest
- 
-+import pytest
-+
- from authlib.jose import JsonWebEncryption
- from authlib.jose import OctKey
- from authlib.jose.drafts import register_jwe_draft
-@@ -22,6 +24,8 @@
-         self.assertRaises(ValueError, jwe.serialize_compact, protected, b"hello", key2)
- 
-     def test_dir_alg_xc20p(self):
-+        pytest.importorskip("Cryptodome.Cipher.ChaCha20_Poly1305")
-+
-         jwe = JsonWebEncryption()
-         key = OctKey.generate_key(256, is_private=True)
-         protected = {"alg": "dir", "enc": "XC20P"}
-@@ -35,6 +39,8 @@
-         self.assertRaises(ValueError, jwe.serialize_compact, protected, b"hello", key2)
- 
-     def test_xc20p_content_encryption_decryption(self):
-+        pytest.importorskip("Cryptodome.Cipher.ChaCha20_Poly1305")
-+
-         # https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha-03#appendix-A.3.1
-         enc = JsonWebEncryption.ENC_REGISTRY["XC20P"]
- 

authlib-1.5.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6f94a1259f69645d6d6c4ecf9a8f32a9c3e2b2d2e6b8163cc90bc0e4a7245939
-size 331162

authlib-1.6.5.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:488ea98a032cb803e3af502cef6db616d76735b631097bc661b2a9dd10db73cc
+size 328496

python-Authlib.changes

@@ -1,3 +1,63 @@
+-------------------------------------------------------------------
+Mon Oct 13 08:51:01 UTC 2025 - Nico Krapp <nico.krapp@suse.com>
+
+- Update to 1.6.5 (fixes CVE-2025-61920, bsc#1251921)
+  * RFC7591 generate_client_info and generate_client_secret take a request
+    parameter.
+  * Add size limitation when decode JWS/JWE to prevent DoS.
+  * Add size limitation for DEF JWE zip algorithm.
+- Update to 1.6.4
+  * fix(jose): prevent public/unprotected header overwriting protected header
+    by @lepture in #809
+  * Fix InsecureTransportError raising by @azmeuk in #810
+  * Add conventional-commits pre-commit hook by @azmeuk in #811
+  * Fix response_mode=form_post with Starlette client by @azmeuk in #812
+  * Specify README.md as project long description by @EpicWink in #817
+  * Migrate tests to pytest paradigm by @azmeuk in #813
+  * jose/jws: Reject unprotected ‘crit’ and enforce type; add tests
+    by @AL-Cybision in #823
+  * Use explicit *.test urls in unit tests by @azmeuk in #824
+- Update to 1.6.3
+  * Add diff-cover check in GHA by @azmeuk in #803
+  * Run GHA unit tests with uv by @azmeuk in #805
+  * Move from pre-commit to prek by @azmeuk in #804
+  * Sign OIDC id_token according to id_token_signed_response_alg client
+    metadata by @azmeuk in #802
+- Update to 1.6.2
+  * Allow insecure transport for 127.0.0.1 for debugging
+    by @geigerzaehler in #788
+  * Raise a MissingCodeError when code parameter is missing by @lepture in #786
+  * Temporarily restore OAuth2Request body parameter by @azmeuk in #791
+  * Raise MissingCodeException when code parameter is missing
+    by @lepture in #794
+  * Fix id_token generation with EdDSA alg by @azmeuk in #800
+- Update test requirements
+
+-------------------------------------------------------------------
+Tue Aug  5 07:34:40 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.6.1
+  * Filter key set with additional "alg" and "use" parameters.
+- Fix bogus version number in previous changelog entry
+- Rename README.rst to README.md in %files section
+
+-------------------------------------------------------------------
+Tue Jun  3 06:26:39 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 1.6.0
+  * Fix issue when RFC9207 is enabled and the authorization endpoint
+    response is not a redirection. pull request #733
+  * Fix missing state parameter in authorization error responses.
+    issue #525
+  * Support for acr and amr claims in id_token. issue #734
+  * Support for the none JWS algorithm.
+  * Fix response_types strict order during dynamic client
+    registration. issue #760
+  * Implement RFC9101 The OAuth 2.0 Authorization Framework:
+    JWT-Secured Authorization Request (JAR). issue #723
+  * OIDC UserInfo endpoint support. issue #459
+- Drop 767-skip-xc20p-tests.patch, merged upstream
+
 -------------------------------------------------------------------
 Fri May  2 21:29:54 UTC 2025 - Matej Cepl <mcepl@cepl.eu>
 

python-Authlib.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-Authlib
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,15 +19,12 @@
 %define modname authlib
 %{?sle15_python_module_pythons}
 Name:           python-Authlib
-Version:        1.5.2
+Version:        1.6.5
 Release:        0
 Summary:        Python library for building OAuth and OpenID Connect servers
 License:        BSD-3-Clause
 URL:            https://authlib.org/
 Source:         https://github.com/lepture/%{modname}/archive/refs/tags/v%{version}.tar.gz#/%{modname}-%{version}.tar.gz
-# PATCH-FIX-UPSTREAM 767-skip-xc20p-tests.patch bsc#[0-9]+ mcepl@suse.com
-# skip unavailable tests
-Patch0:         767-skip-xc20p-tests.patch
 BuildRequires:  %{python_module base >= 3.9}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
@@ -44,7 +41,9 @@ BuildRequires:  %{python_module cachelib}
 BuildRequires:  %{python_module cryptography}
 BuildRequires:  %{python_module httpx}
 BuildRequires:  %{python_module pytest-asyncio}
+BuildRequires:  %{python_module pytest-django}
 BuildRequires:  %{python_module pytest}
+BuildRequires:  %{python_module python-multipart}
 BuildRequires:  %{python_module requests}
 BuildRequires:  %{python_module starlette}
 BuildRequires:  %{python_module typing_extensions}
@@ -78,14 +77,13 @@ $python -mpytest tests/flask
 # gh#lepture/authlib#456
 # $python -mpytest tests/jose -k 'not (test_dir_alg_xc20p or test_xc20p_content_encryption_decryption)'
 $python -mpytest tests/jose
-export DJANGO_SETTINGS_MODULE=tests.clients.test_django.settings
+export DJANGO_SETTINGS_MODULE=tests.django_settings
 $python -mpytest tests/clients
-# export DJANGO_SETTINGS_MODULE=tests.django.settings
+$python -mpytest tests/django
-# $python -mpytest tests/django
 }
 
 %files %{python_files}
-%doc README.rst
+%doc README.md
 %license LICENSE
 %{python_sitelib}/%{modname}
 %{python_sitelib}/[Aa]uthlib-%{version}.dist-info