------------------------------------------------------------------- Wed Jan 20 20:12:26 UTC 2021 - Michael Ströder - Update to 6.5.0 - Security release * Fix processing of invalid SAML XML documents - CVE-2021-21238 * Fix unspecified xmlsec1 key-type preference - CVE-2021-21239 * Add more tests regarding XSW attacks * Add XML Schemas for SAML2 and common extensions * Fix the XML parser to not break on ePTID AttributeValues * Fix the initialization value of the return_addrs property of the StatusResponse object * Fix SWAMID entity-category policy regarding eduPersonTargetedID * data: use importlib to load package data (backwards compatibility through the importlib_resources package) * docs: improve the documentation for the signing_algorithm and digest_algorithm options * examples: fix the logging configuration of the example-IdP * tests: allow tests to pass on 32bit systems by properly choosing dates in test XML documents * tests: improvements on the generation of response and assertion objects * tests: expand tests on python-3.9 and python-3.10-dev - added new build dependencies: * python3-importlib-resources * python3-xmlschema * update-alternatives - removed obsolete avoid-too-large-dates.patch - replaced %python3_alternative by %python_alternative ------------------------------------------------------------------- Wed Jan 6 10:49:48 UTC 2021 - Matej Cepl - Add avoid-too-large-dates.patch to avoid test failures on i586 (Y38K bug; gh#IdentityPython/pysaml2#759) ------------------------------------------------------------------- Mon Jan 4 21:25:04 UTC 2021 - Matej Cepl - Skip test test_filter_ava_registration_authority_1 (gh#IdentityPython/pysaml2#759). ------------------------------------------------------------------- Sun Dec 20 10:04:41 UTC 2020 - Dirk Müller - update to 6.3.1: - Fix extraction of RegistrationInfo when no information is available - Fix http_info struct to include status-code - Allow to specify policy configurations based on the registration authority. - Add new configuration option `logout_responses_signed` to sign logout responses. - When available and appropriate return the ResponseLocation along with the Location attribute. - Always use base64.encodebytes; base64.encodestring has been dropped. - Examples: fix IdP example that was outputing debug statements on stdout that became part of its metadata. - CI/CD: Use Ubuntu bionic as the host to run the CI/CD process. - CI/CD: Pre-releases are now available on [test.pypi.org][pypi.test.pysaml2]. Each commit/merge on the master branch autotically creates a new pre-release. To install a prelease, run: - Fix the generated xsd:ID format for EncryptedData and EncryptedKey elements - Set the default value for the NameFormat attribute to unspecified when parsing - Support arbitrary entity attributes - Replace all asserts with proper checks - Allow request signing in artifact2message - Support logging configuration through the python logger - Fix wrong identifiers for ecdsa algos - Fix automatic inversion of attribute map files - Factor out common codepaths in attribute_converter - Remove uneeded exception logging - Docs: Update configuration options documentation - Examples: Support both str and bytes in SAML requests on the example idp - Examples: Update to key generation to 2048 bits ------------------------------------------------------------------- Sat Jul 11 18:07:25 UTC 2020 - Michael Ströder - update to 6.1.0: * Fix signed logout requests flag * Differentiate between metadata NameIDFormat and AuthnRequest NameIDPolicy Format - Users using `name_id_format` to set the `` attribute now need to use the new configuration option `name_id_policy_format`. * Fix documentation formatting * Fix generation of signed metadata * Add attribute mappings used by SwedenConnect (DIGG, INERA and PKIX specifications) * Update SWAMID entity category * Document the `additional_cert_files` configuration option ------------------------------------------------------------------- Fri Jul 10 12:29:12 UTC 2020 - Dirk Mueller - update to 5.3.0: - Fix check for nameid_format set to the string "None" in the configuration - Fix presence of empty eIDAS RequestedAttributes element on AuthnRequest - Refactor create_authn_request method to be easier to reason about - Fix NameIDPolicy checks for allowed Format and allowCreate values ------------------------------------------------------------------- Sun Jun 14 08:57:41 UTC 2020 - Dirk Mueller - update to 5.1.0: - support eIDAS RequestedAttributes per AuthnRequest - fix xmlsec1 --id-attr configuration option value - do not remove existing disco URL query params - load attribute maps in predictable order - better error message when AudienceRestriction does not validate - always use base64.encodebytes instead of base64.encodestring - update the eIDAS attribute mapping for legal person - fix py_compile warnings - fix pylint errors and warnings - various small fixes - add Python3.8 as supported - tests: fix validity dates - docs: document default value for 'want_response_signed' ------------------------------------------------------------------- Tue May 5 12:50:42 UTC 2020 - Matej Cepl - Don't use %python3_only command, but properly use alternatives. - Skip failing tests on i586 (gh#IdentityPython/pysaml2#682) ------------------------------------------------------------------- Sat Mar 14 15:57:25 UTC 2020 - Dirk Mueller - update to 5.0.0: - Fix XML Signature Wrapping (XSW) vulnerabilities - CVE-2020-5390 - Add freshness period feature for MetaDataMDX - Fix bug in duration calculation in time_util library - Fix ipv6 validation to accommodate for addresses with brackets - Fix xmlsec temporary files deletions - Add method to get supported algorithms from metadata - Add mdstore method to extract assurance certifications - Add mdstore method to extract contact_person data - Add attribute mappings from the Swiss eduPerson Schema - Make AESCipher and Fernet interfaces compatible - Remove deprecated saml2.aes module - Remove deprecated saml2.extensions.ui module - Replace deprecated mongodb operations - Rename ToOld error to TooOld - Fix pytest warnings - Mock tests that need a network connection - Start dropping python2 support - Add mdstore methods to extract mdui uiinfo elements - Add attribute mapping for umbrellaID attributes - Fix logic error in pick_binding method for Entity class - Validate the audience of assertions regardless of a response being unsolicited - Fix PKCS_9 saml_url prefix - docs: Fix warnings from docs generation - docs: Update release instructions regarding branch releases - docs: Fix list formatting on IdP example page - docs: Update pysaml2 options doc with `name_id_format_allow_create` - misc: fix various typos ------------------------------------------------------------------- Tue Jan 7 11:37:57 UTC 2020 - Tomáš Chvátal - Use python dbm dependency instead of legacy gdbm ------------------------------------------------------------------- Mon Jul 22 14:57:53 UTC 2019 - Tomáš Chvátal - Update to 4.8.0: * Refactor the way ForceAuthn is set: check for "true" and "1" * Allow to set NameQualifier and SPNameQualifier attributes for ePTID * Parse assertions with Holder-of-Key profile * Add created_at timestamps to all mongodb documents * Look for existing persistent id's before creating new ones * Do not add AllowCreate property for default transient NameID * Enable entity category import from module search path * Add SAML subject identifier attributes to saml2_uri attributemap * Fix deprecation warning regarding the cgi module - use the html module when available * Misc minor improvements * tests: Be compatible with latest pytest * tests: Make tests pass after 2024 * tests: Add py37 as a test target * docs: Correct instructions to run tests * docs: Fix misc typos ------------------------------------------------------------------- Wed Jun 5 09:39:57 UTC 2019 - Marketa Calabkova - Update to 4.7.0 * Add support for MDQ signature verification * Raise XmlsecError if xmlsec1 operations do not succeed * Handle non standard response error status codes correctly * Remove the python-future dependency and only use six ------------------------------------------------------------------- Fri Dec 7 10:43:13 UTC 2018 - Tomáš Chvátal - Update to 4.6.5: * Many many changes everywhere, see CHANGELOG.md for details - Use github tarball to include license/tests ------------------------------------------------------------------- Tue Dec 4 12:52:47 UTC 2018 - Matej Cepl - Remove superfluous devel dependency for noarch package ------------------------------------------------------------------- Wed Oct 10 06:08:56 UTC 2018 - Dirk Mueller - cleanup filelist ------------------------------------------------------------------- Tue Oct 9 15:50:52 UTC 2018 - Colleen Murphy - Replace python-pycryptodomex dep with python-cryptography - Dependency was swapped in afdf5b4 ------------------------------------------------------------------- Wed Nov 29 08:25:34 UTC 2017 - okurz@suse.com - Add missing runtime dependency on 'defusedxml' - Add obsolete suse_version special handling ------------------------------------------------------------------- Mon Oct 30 22:27:36 UTC 2017 - michael@stroeder.com - update to 4.5.0 ------------------------------------------------------------------- Mon Jun 19 08:57:42 UTC 2017 - okurz@suse.com - Convert to singlespec ------------------------------------------------------------------- Tue Nov 22 15:18:26 UTC 2016 - dmueller@suse.com - fix requires ------------------------------------------------------------------- Thu Nov 17 14:42:09 UTC 2016 - michael@stroeder.com - update to 4.4.0 - added LICENSE.txt to docs ------------------------------------------------------------------- Fri Feb 26 13:14:29 UTC 2016 - tbechtold@suse.com - Require python-python-dateutil. package was renamed ------------------------------------------------------------------- Tue Oct 13 21:31:03 UTC 2015 - dmueller@suse.com - add pycrypto/pyOpenSSL dependency ------------------------------------------------------------------- Tue Sep 1 07:17:52 UTC 2015 - tbechtold@suse.com - Move python-repoze.who from Recommends to Requires. It's needed. ------------------------------------------------------------------- Thu Jul 30 19:30:53 UTC 2015 - tbechtold@suse.com - Add missing Requires ------------------------------------------------------------------- Thu Jul 16 15:40:39 UTC 2015 - seife+obs@b1-systems.com - fix build on non-SUSE distributions whose rpm does not know "Recommends" ------------------------------------------------------------------- Wed Jun 10 08:48:46 UTC 2015 - dmueller@suse.com - update to 2.4.0: * A couple of security fixes plus maintenance updates. ------------------------------------------------------------------- Tue Oct 15 07:41:04 UTC 2013 - speilicke@suse.com - Initial version