From 902f069dbc5889975b018bf6a0055f8fce4ad03525500e351e3a27a0f6d5ee92 Mon Sep 17 00:00:00 2001 From: Daniel Garcia Date: Wed, 10 Sep 2025 12:34:11 +0000 Subject: [PATCH] - Update to 3.5.0 * Remove support for Python 3.8 * Added support for Python 3.12 & 3.13 * Upgrade to pyasn1 0.5.1+ * Upgrade to pytest and other dependencies * Add RTD config file to silence emailed deprecation warnings * Remove get_random_bytes from cryptography backend * Do not use utc_now on module level * Remove key data (sensitive information) from JWKError exceptions * Added possibility to call jwk.construct() with a private RSA key OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python-jose?expand=0&rev=23 --- .gitattributes | 23 +++++++ .gitignore | 1 + _multibuild | 4 ++ python-python-jose.changes | 121 ++++++++++++++++++++++++++++++++++++ python-python-jose.spec | 124 +++++++++++++++++++++++++++++++++++++ python_jose-3.5.0.tar.gz | 3 + 6 files changed, 276 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _multibuild create mode 100644 python-python-jose.changes create mode 100644 python-python-jose.spec create mode 100644 python_jose-3.5.0.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..94ac94f --- /dev/null +++ b/_multibuild @@ -0,0 +1,4 @@ + + test-backend-cryptography + test-backend-native + diff --git a/python-python-jose.changes b/python-python-jose.changes new file mode 100644 index 0000000..e106c7a --- /dev/null +++ b/python-python-jose.changes @@ -0,0 +1,121 @@ +------------------------------------------------------------------- +Wed Sep 10 12:29:34 UTC 2025 - Daniel Garcia + +- Update to 3.5.0 + * Remove support for Python 3.8 + * Added support for Python 3.12 & 3.13 + * Upgrade to pyasn1 0.5.1+ + * Upgrade to pytest and other dependencies + * Add RTD config file to silence emailed deprecation warnings + * Remove get_random_bytes from cryptography backend + * Do not use utc_now on module level + * Remove key data (sensitive information) from JWKError exceptions + * Added possibility to call jwk.construct() with a private RSA key + +------------------------------------------------------------------- +Wed Jun 11 05:49:33 UTC 2025 - Steve Kowalik + +- Switch to pyproject macros. + +------------------------------------------------------------------- +Tue May 6 17:27:12 UTC 2025 - Guang Yee + +- Update to 3.4.0 + * Remove support for Python 3.6 and 3.7 + * Added support for Python 3.10 and 3.11 + * Updating CryptographyAESKey::encrypt to generate 96 bit IVs for + GCM block cipher mode + * Fix for PEM key comparisons caused by line lengths and new lines + * Fix for CVE-2024-33664 - JWE limited to 250KiB + * Fix for CVE-2024-33663 - signing JWT with public key is now forbidden + * Replace usage of deprecated datetime.utcnow() with datetime.now(UTC) +- Removed patches CVE-2024-33663.patch, CVE-2024-33664.patch, + fix-tests-ecdsa-019.patch, and unpin-deps.patch as they have been + incorporated into release 3.4.0 + +------------------------------------------------------------------- +Mon Jun 3 07:38:00 UTC 2024 - Daniel Garcia + +- Update CVE-2024-33664.patch with upstream + https://github.com/mpdavis/python-jose/pull/352 + bsc#1223422 + +------------------------------------------------------------------- +Tue May 7 09:58:08 UTC 2024 - Daniel Garcia + +- Make python-pycryptodome dependency only required for Factory. + +------------------------------------------------------------------- +Mon May 6 07:11:18 UTC 2024 - Daniel Garcia + +- Add upstream patches: + * CVE-2024-33663.patch, bsc#1223417, gh#mpdavis/python-jose#349 + * CVE-2024-33664.patch, bsc#1223422, gh#mpdavis/python-jose#345 + * fix-tests-ecdsa-019.patch, gh#mpdavis/python-jose#350 + +------------------------------------------------------------------- +Tue Jun 13 12:18:28 UTC 2023 - ecsos + +- Add %{?sle15_python_module_pythons} + +------------------------------------------------------------------- +Sun May 29 19:45:02 UTC 2022 - Ben Greiner + +- Update to 3.3.0 + * Remove support for python 2.7 & 3.5 + * Add support for Python 3.9 + * Remove PyCrypto backend + * Fix deprecation warning from cryptography backend +- Add rpm subpackages for the extra backend selection. The missing + requires were only discovered because other packages started to + fail. + * setup.py and README still mention pycrypto and pycryptodome, but + it was removed from the code. + * Test in flavors +- Refresh unpin-deps.patch + +------------------------------------------------------------------- +Wed Aug 5 12:58:25 UTC 2020 - Marketa Calabkova + +- Update to 3.2.0 + * This will be the last release supporting Python 2.7, 3.5, and the PyCrypto + backend. + * Use hmac.compare_digest instead of our own constant_time_string_compare #163 + * Fix `to_dict` output, which should always be JSON encodeable. #139 and #165 + (fixes #127 and #137) + * Require setuptools >= 39.2.0 #167 (fixes #161) + * Emit a warning when verifying with a private key #168 (fixes #53 and #142) + * Avoid loading python-ecdsa when using the cryptography backend, and pinned + python-ecdsa dependency to <0.15 #178 +- Rebase patch unpin-deps.patch + +------------------------------------------------------------------- +Tue Mar 10 09:47:42 UTC 2020 - Tomáš Chvátal + +- Update to 3.1.0: + * Improve JWT.decode() #76 (fixes #75) + * ort headers when serializing to allow for headless JWT #136 (fixes #80) + * djust dependency handling + * se PyCryptodome instead of PyCrypto #83 + * pdate package dependencies #124 (fixes #158) + * void using deprecated methods #85 + * upport X509 certificates #107 + * solate and flesh out cryptographic backends to enable independent operation #129 (fixes #114) + * emove pyca/cryptography backend's dependency on python-ecdsa #117 + * Remove pycrypto/dome backends' dependency on python-rsa #121 + * Make pyca/cryptography backend the preferred backend if multiple backends are present #122 +- Rebase patch unpin-deps.patch + +------------------------------------------------------------------- +Thu Apr 11 05:11:28 UTC 2019 - John Vandenberg + +- Activate test suite, using GitHub archive +- Add unpin-deps.patch to fix broken installed egg-info, + and remove unused dependency on python-future +- Remove undesirable < comparator in build and runtime dependencies, + and remove duplicated dependencies + +------------------------------------------------------------------- +Thu Nov 15 00:12:07 UTC 2018 - Todd R + +- Initial version diff --git a/python-python-jose.spec b/python-python-jose.spec new file mode 100644 index 0000000..8d4756e --- /dev/null +++ b/python-python-jose.spec @@ -0,0 +1,124 @@ +# +# spec file for package python-python-jose +# +# Copyright (c) 2025 SUSE LLC and contributors +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "test-backend-cryptography" +%define psuffix -%{flavor} +%bcond_without test +%bcond_without testcryptography +%bcond_with testnative +%endif +%if "%{flavor}" == "test-backend-native" +%define psuffix -%{flavor} +%bcond_without test +%bcond_with testcryptography +%bcond_without testnative +%endif +%if "%{flavor}" == "" +%define psuffix %{nil} +%bcond_with test +%bcond_with testcryptography +%bcond_with testnative +%endif + +%{?sle15_python_module_pythons} +Name: python-python-jose%{psuffix} +Version: 3.5.0 +Release: 0 +Summary: JOSE implementation in Python +License: MIT +URL: https://github.com/mpdavis/python-jose +Source: https://files.pythonhosted.org/packages/source/p/python-jose/python_jose-%{version}.tar.gz +BuildRequires: %{python_module pip} +BuildRequires: %{python_module setuptools >= 39.2.0} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python-ecdsa >= 0.16 +Requires: python-pyasn1 +Requires: python-rsa +BuildArch: noarch +%if %{with test} +# pycryptodome is needed just for one test added in CVE-2024-33663. +# This package is not in Leap, so do not require for other versions. +%if 0%{?suse_version} > 1600 +BuildRequires: %{python_module pycryptodome} +%endif +BuildRequires: %{python_module pytest} +%if %{with testcryptography} +BuildRequires: %{python_module python-jose-cryptography = %{version}} +%endif +%if %{with testnative} +BuildRequires: %{python_module python-jose = %{version}} +%endif +%endif +# /SECTION +%python_subpackages + +%description +A JavaScript Object Signing and Encryption (JOSE) technologies +implementation in Python. + +python-jose implements different cryptographic backends. +Consuming python packages must select the backend as an extra +when installing python-jose. RPM packages must select the +corresponding rpm subpackage. If no backend is selected, the +main package uses the native-python backend. + +%package cryptography +Summary: JOSE implementation in Python, cryptography extra +Requires: %{name} = %{version}-%{release} +Requires: python-cryptography >= 3.4.0 + +%description cryptography +A JavaScript Object Signing and Encryption (JOSE) technologies +implementation in Python. + +python-jose implements three different cryptographic backends. +This package provides the python-jose[cryptography] extra. + +%prep +%autosetup -p1 -n python_jose-%{version} + +%if ! %{with test} +%build +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} +%endif + +%if %{with test} +%check +%pytest -rsEf +%endif + +%if ! %{with test} +%files %{python_files} +%doc README.rst +%license LICENSE +%{python_sitelib}/python_jose-%{version}.dist-info +%{python_sitelib}/jose + +%files %{python_files cryptography} +%doc README.rst +%license LICENSE +%endif + +%changelog diff --git a/python_jose-3.5.0.tar.gz b/python_jose-3.5.0.tar.gz new file mode 100644 index 0000000..454900d --- /dev/null +++ b/python_jose-3.5.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fb4eaa44dbeb1c26dcc69e4bd7ec54a1cb8dd64d3b4d81ef08d90ff453f2b01b +size 92726