Accepting request 320145 from home:frispete:python

rephrased changelog OBS-URL: https://build.opensuse.org/request/show/320145 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-pyramid?expand=0&rev=20
2015-08-03 12:34:16 +00:00
parent 3e484e8ebb
commit b7f3f45b80
5 changed files with 51 additions and 44 deletions
--- a/python-pyramid.changes
+++ b/python-pyramid.changes
@@ -1,3 +1,47 @@
+-------------------------------------------------------------------
+Thu Jul 30 14:16:47 UTC 2015 - hpj@urpla.net
+
+- 1.5.7 (2015-04-28)
+  * Further fix the JSONP renderer by prefixing the returned content with a comment.
+    This should mitigate attacks from Flash (See CVE-2014-4671). 
+    See https://github.com/Pylons/pyramid/pull/1648
+  * Allow periods and brackets ([]) in the JSONP callback. The original fix was
+    overly-restrictive and broke Angular. See https://github.com/Pylons/pyramid/pull/1648
+
+- 1.5.6 (2015-04-14)
+  * 1.5.5 was a brown-bag release which was missing files.
+
+- 1.5.5 (2015-04-14)
+  * The JSONP renderer created JavaScript code in such a way that a callback variable
+    could be used to arbitrarily inject javascript into the response object.
+    https://github.com/Pylons/pyramid/pull/1626
+
+- 1.5.4 (2015-02-24)
+  * Fix regression where pserve --reload would not work when running as a daemon. 
+    Backported from https://github.com/Pylons/pyramid/pull/1592
+
+- 1.5.3 (2015-02-22)
+  * Work around an issue where pserve --reload would leave terminal echo disabled if it
+    reloaded during a pdb session. Backported from https://github.com/Pylons/pyramid/pull/1577
+  * Fixed a failing unittest caused by differing mimetypes on various OS platforms.
+    See https://github.com/Pylons/pyramid/issues/1405
+  * Overall improvments for the proutes command. Added --format and --glob arguments to the
+    command, introduced the method column for displaying available request methods, and 
+    improved the view output by showing the module instead of just __repr__. 
+    See: https://github.com/Pylons/pyramid/pull/1542
+  * The pyramid.renderers.JSONP renderer would raise an exception if used without a request
+    object. It will now fallback to behave like the pyramid.renderers.JSON renderer if
+    there is no request object to derive a callback from.
+    See https://github.com/Pylons/pyramid/pull/1562
+  * Prevent “parameters to load are deprecated” DeprecationWarning from setuptools>=11.3.
+    See https://github.com/Pylons/pyramid/pull/1541
+  * Avoiding timing attacks against CSRF tokens. Backported from
+    https://github.com/Pylons/pyramid/pull/1574
+  * pserve can now take a -b or --browser option to open the server URL in a web browser.
+    See https://github.com/Pylons/pyramid/pull/1533
+
+- remove mimetype test patch, applied upstream
+
 -------------------------------------------------------------------
 Fri Feb  6 16:31:11 UTC 2015 - hpj@urpla.net