diff --git a/PyJWT-2.3.0.tar.gz b/PyJWT-2.3.0.tar.gz deleted file mode 100644 index aa14062..0000000 --- a/PyJWT-2.3.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b888b4d56f06f6dcd777210c334e69c737be74755d3e5e9ee3fe67dc18a0ee41 -size 62279 diff --git a/PyJWT-2.4.0.tar.gz b/PyJWT-2.4.0.tar.gz new file mode 100644 index 0000000..f69d9d2 --- /dev/null +++ b/PyJWT-2.4.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d42908208c699b3b973cbeb01a969ba6a96c821eefb1c5bfe4c390c01d67abba +size 66327 diff --git a/python-PyJWT.changes b/python-PyJWT.changes index 2165568..358c8cd 100644 --- a/python-PyJWT.changes +++ b/python-PyJWT.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Tue Jun 7 17:27:32 UTC 2022 - Marcus Rueckert + +- Update to 2.4.0 (CVE-2022-29217 boo#1199756) + - Security + - [CVE-2022-29217] Prevent key confusion through + non-blocklisted public key formats. GHSA-ffqj-6fqr-9h24 + - Other changes: + - Explicit check the key for ECAlgorithm by @estin in + https://github.com/jpadilla/pyjwt/pull/713 + - Raise DeprecationWarning for jwt.decode(verify=...) by @akx + in https://github.com/jpadilla/pyjwt/pull/742 + - Don't use implicit optionals by @rekyungmin in + https://github.com/jpadilla/pyjwt/pull/705 + - documentation fix: show correct scope for decode_complete() + by @sseering in https://github.com/jpadilla/pyjwt/pull/661 + - fix: Update copyright information by @kkirsche in + https://github.com/jpadilla/pyjwt/pull/729 + - Don't mutate options dictionary in .decode_complete() by @akx + in https://github.com/jpadilla/pyjwt/pull/743 + - Add support for Python 3.10 by @hugovk in + https://github.com/jpadilla/pyjwt/pull/699 + - api_jwk: Add PyJWKSet.__getitem__ by @woodruffw in + https://github.com/jpadilla/pyjwt/pull/725 + - Update usage.rst by @guneybilen in + https://github.com/jpadilla/pyjwt/pull/727 + - Docs: mention performance reasons for reusing RSAPrivateKey + when encoding by @dmahr1 in + https://github.com/jpadilla/pyjwt/pull/734 + - Fixed typo in usage.rst by @israelabraham in + https://github.com/jpadilla/pyjwt/pull/738 + - Add detached payload support for JWS encoding and decoding by + @fviard in https://github.com/jpadilla/pyjwt/pull/723 + - Replace various string interpolations with f-strings by @akx + in https://github.com/jpadilla/pyjwt/pull/744 + ------------------------------------------------------------------- Wed Nov 3 08:57:35 UTC 2021 - John Paul Adrian Glaubitz diff --git a/python-PyJWT.spec b/python-PyJWT.spec index 73f6b6c..a0184e5 100644 --- a/python-PyJWT.spec +++ b/python-PyJWT.spec @@ -1,7 +1,7 @@ # # spec file for package python-PyJWT # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %global skip_python2 1 Name: python-PyJWT -Version: 2.3.0 +Version: 2.4.0 Release: 0 Summary: JSON Web Token implementation in Python License: MIT