From 5a055e723c95d4e1fcaff28382997de8d72c2a15cfe2666a7f7b2d8aab0088b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 11 Apr 2019 08:04:25 +0000 Subject: [PATCH] Accepting request 693026 from home:jayvdb:django - Add explicit dependency on libxmlsec1-openssl1, recommended by dependency python-xmlsec so this package may be used without needing to select a libxmlsec backend - Activate test suite, adding bug-testDecryptElement.patch to workaround a test failure, and remove bcond test - Build for Python 2, as support has been added upstream - Remove unnecessary build dependency on python-devel - Use %license - Remove live dependency_links and remove == pins from setup.py, so installed egg-info isnt broken - Update to v1.6.0 * Add support for Subjects on AuthNRequests by the new name_id_value_req parameter * Fix for SLO when XML specifies encoding * Fixed setting NameFormat attribute for AttributeValue tags - from v1.5.0 * Security improvements. Use of tagid to prevent XPath injection Disable DTD on fromstring defusedxml method * Check that the response has all of the AuthnContexts provided * Adapt renders from Django demo for Django 1.11 version * If debug enable, print reason for the SAMLResponse invalidation * Fix DSA constant * Support NameID children inside of AttributeValue elements - from v1.4.1 * Add ID to EntityDescriptor before sign it on add_sign method * Update defusedxml dependencies * Update copyright and license reference - from 1.4.0 * Fix CVE-2017-11427. Process text of nodes properly, ignoring comments * Improve how fingerprint is calcultated * Fix issue with LogoutRequest rejected by ADFS due NameID with unspecified format instead no format attribute * Fix signature position in the SP metadata * Preserve xmlns:xs namespace when signing and serializing responses * Redefine NSMAP constant * Updated Django demo (Django 1.11) OBS-URL: https://build.opensuse.org/request/show/693026 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-python3-saml?expand=0&rev=1 --- .gitattributes | 23 +++++++++++ .gitignore | 1 + bug-testDecryptElement.patch | 13 +++++++ python-python3-saml.changes | 45 ++++++++++++++++++++++ python-python3-saml.spec | 75 ++++++++++++++++++++++++++++++++++++ python3-saml-1.6.0.tar.gz | 3 ++ 6 files changed, 160 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 bug-testDecryptElement.patch create mode 100644 python-python3-saml.changes create mode 100644 python-python3-saml.spec create mode 100644 python3-saml-1.6.0.tar.gz diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/bug-testDecryptElement.patch b/bug-testDecryptElement.patch new file mode 100644 index 0000000..4b87da2 --- /dev/null +++ b/bug-testDecryptElement.patch @@ -0,0 +1,13 @@ +Index: python3-saml-1.6.0/tests/src/OneLogin/saml2_tests/utils_test.py +=================================================================== +--- python3-saml-1.6.0.orig/tests/src/OneLogin/saml2_tests/utils_test.py ++++ python3-saml-1.6.0/tests/src/OneLogin/saml2_tests/utils_test.py +@@ -625,7 +625,7 @@ class OneLogin_Saml2_Utils_Test(unittest + encrypted_nameid_nodes = dom_nameid_enc.find('.//saml:EncryptedID', namespaces=OneLogin_Saml2_Constants.NSMAP) + encrypted_data = encrypted_nameid_nodes[0] + decrypted_nameid = OneLogin_Saml2_Utils.decrypt_element(encrypted_data, key) +- self.assertEqual('saml:NameID', decrypted_nameid.tag) ++ self.assertEqual('NameID', decrypted_nameid.tag) + self.assertEqual('2de11defd199f8d5bb63f9b7deb265ba5c675c10', decrypted_nameid.text) + + xml_assertion_enc = b64decode(self.file_contents(join(self.data_path, 'responses', 'valid_encrypted_assertion_encrypted_nameid.xml.base64'))) diff --git a/python-python3-saml.changes b/python-python3-saml.changes new file mode 100644 index 0000000..95c3a65 --- /dev/null +++ b/python-python3-saml.changes @@ -0,0 +1,45 @@ +------------------------------------------------------------------- +Wed Apr 10 16:35:14 UTC 2019 - John Vandenberg + +- Add explicit dependency on libxmlsec1-openssl1, recommended + by dependency python-xmlsec so this package may be used without + needing to select a libxmlsec backend +- Activate test suite, adding bug-testDecryptElement.patch to + workaround a test failure, and remove bcond test +- Build for Python 2, as support has been added upstream +- Remove unnecessary build dependency on python-devel +- Use %license +- Remove live dependency_links and remove == pins from setup.py, + so installed egg-info isnt broken +- Update to v1.6.0 + * Add support for Subjects on AuthNRequests by the new + name_id_value_req parameter + * Fix for SLO when XML specifies encoding + * Fixed setting NameFormat attribute for AttributeValue tags +- from v1.5.0 + * Security improvements. Use of tagid to prevent XPath injection + Disable DTD on fromstring defusedxml method + * Check that the response has all of the AuthnContexts provided + * Adapt renders from Django demo for Django 1.11 version + * If debug enable, print reason for the SAMLResponse invalidation + * Fix DSA constant + * Support NameID children inside of AttributeValue elements +- from v1.4.1 + * Add ID to EntityDescriptor before sign it on add_sign method + * Update defusedxml dependencies + * Update copyright and license reference +- from 1.4.0 + * Fix CVE-2017-11427. Process text of nodes properly, ignoring comments + * Improve how fingerprint is calcultated + * Fix issue with LogoutRequest rejected by ADFS due NameID with + unspecified format instead no format attribute + * Fix signature position in the SP metadata + * Preserve xmlns:xs namespace when signing and serializing responses + * Redefine NSMAP constant + * Updated Django demo (Django 1.11) + +------------------------------------------------------------------- +Wed Oct 25 16:22:46 UTC 2017 - sean.marlow@suse.com + +- Intial package. v1.3.0 + diff --git a/python-python3-saml.spec b/python-python3-saml.spec new file mode 100644 index 0000000..088d853 --- /dev/null +++ b/python-python3-saml.spec @@ -0,0 +1,75 @@ +# +# spec file for package python-python3-saml +# +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +Name: python-python3-saml +Version: 1.6.0 +Release: 0 +Summary: Python SAML support +License: MIT +Group: Development/Languages/Python +Url: https://github.com/onelogin/python3-saml +Source: https://github.com/onelogin/python3-saml/archive/v%{version}.tar.gz#/python3-saml-%{version}.tar.gz +# Minor bug, very likely because libxmlsec in openSUSE +# is v1.2.20, which is over four years, and is unsupported. +Patch0: bug-testDecryptElement.patch +BuildRequires: %{python_module freezegun >= 0.3.11} +BuildRequires: %{python_module defusedxml >= 0.5.0} +BuildRequires: %{python_module isodate >= 0.5.0} +BuildRequires: %{python_module xmlsec >= 0.6.0} +BuildRequires: %{python_module setuptools} +BuildRequires: fdupes +BuildRequires: libxmlsec1-openssl1 +BuildRequires: python-rpm-macros +# Select the libxmlsec backend known to work +# pkgconfig doesnt auto-require it. +Requires: libxmlsec1-openssl1 +Requires: python-defusedxml >= 0.5.0 +Requires: python-isodate >= 0.5.0 +Requires: python-xmlsec >= 0.6.0 +BuildArch: noarch + +%python_subpackages + +%description +Python SAML support for your Python 2 or 3 software. + +SAML is an XML-based standard for web browser single sign-on and is +defined by the OASIS Security Services Technical Committee. + +%prep +%setup -q -n python3-saml-%{version} +%patch0 -p1 +sed -i 's/==/>=/;/dependency_links/d' setup.py + +%build +%python_build + +%install +%python_install +%python_expand %fdupes %{buildroot}%{$python_sitelib}/onelogin + +%check +%python_exec setup.py test + +%files %{python_files} +%license LICENSE +%doc README.md +%{python_sitelib}/* + +%changelog diff --git a/python3-saml-1.6.0.tar.gz b/python3-saml-1.6.0.tar.gz new file mode 100644 index 0000000..5b0ec29 --- /dev/null +++ b/python3-saml-1.6.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:292dc4c537fab8317d5ca8bf2ec0190b498abf8e302a310a0948aadea2f8297b +size 493556