From e649388e4d26abf95eb07e7474b251e4bce9b7690e098c1d771a396fc3acb101 Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Fri, 28 Feb 2025 05:09:56 +0000 Subject: [PATCH] =?UTF-8?q?-=20Update=20to=202.25.1:=20=20=20*=20Security?= =?UTF-8?q?=20=20=20=20=20+=20CVE-2025-27154=20=E2=80=93=20Cache=20file=20?= =?UTF-8?q?permissions=20tightened:=20now=20600=20(user=20=20=20=20=20=20?= =?UTF-8?q?=20read/write=20only)=20instead=20of=20644,=20preventing=20unau?= =?UTF-8?q?thorized=20local=20access=20=20=20=20=20=20=20to=20auth=20token?= =?UTF-8?q?s=20(bsc#1238059)=20=20=20*=20Added=20=20=20=20=20+=20Added=20e?= =?UTF-8?q?xamples=20for=20audiobooks,=20shows=20and=20episodes=20methods?= =?UTF-8?q?=20to=20examples=20=20=20=20=20=20=20directory=20=20=20*=20Fixe?= =?UTF-8?q?d=20=20=20=20=20+=20Fixed=20scripts=20in=20examples=20directory?= =?UTF-8?q?=20that=20didn't=20run=20correctly=20=20=20=20=20+=20Updated=20?= =?UTF-8?q?documentation=20for=20Client.current=5Fuser=5Ftop=5Fartists=20t?= =?UTF-8?q?o=20indicate=20=20=20=20=20=20=20maximum=20number=20of=20artist?= =?UTF-8?q?s=20limit=20=20=20*=20Changed=20=20=20=20=20+=20Updated=20get?= =?UTF-8?q?=5Fcached=5Ftoken=20and=20save=5Ftoken=5Fto=5Fcache=20methods?= =?UTF-8?q?=20to=20utilize=20=20=20=20=20=20=20Python's=20Context=20Manage?= =?UTF-8?q?ment=20Protocol=20=20=20=20=20+=20Added=20except=20clause=20to?= =?UTF-8?q?=20get=5Fcached=5Ftoken=20method=20to=20handle=20json=20decode?= =?UTF-8?q?=20=20=20=20=20=20=20errors=20=20=20=20=20+=20Added=20warnings?= =?UTF-8?q?=20and=20updated=20docs=20due=20to=20Spotify's=20deprecation=20?= =?UTF-8?q?of=20HTTP=20=20=20=20=20=20=20and=20"localhost"=20redirect=20UR?= =?UTF-8?q?Is=20=20=20=20=20+=20Use=20newer=20string=20formatters=20(https?= =?UTF-8?q?://pyformat.info)=20=20=20=20=20+=20Marked=20recommendation=5Fg?= =?UTF-8?q?enre=5Fseeds=20as=20deprecated?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-spotipy?expand=0&rev=32 --- 2.25.0.tar.gz | 3 --- 2.25.1.tar.gz | 3 +++ python-spotipy.changes | 25 +++++++++++++++++++++++++ python-spotipy.spec | 4 ++-- 4 files changed, 30 insertions(+), 5 deletions(-) delete mode 100644 2.25.0.tar.gz create mode 100644 2.25.1.tar.gz diff --git a/2.25.0.tar.gz b/2.25.0.tar.gz deleted file mode 100644 index 052c84d..0000000 --- a/2.25.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c0d10b7e46a491d49970bddde36dcdd3d60c4fa0232e3a6f9366d8682678d464 -size 117172 diff --git a/2.25.1.tar.gz b/2.25.1.tar.gz new file mode 100644 index 0000000..0856ed3 --- /dev/null +++ b/2.25.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d525c070567a3aa36efda82dbde59e0a2ac7f395e5a88ea4f31da47fda07ff9 +size 107750 diff --git a/python-spotipy.changes b/python-spotipy.changes index 0dcad36..b6721ec 100644 --- a/python-spotipy.changes +++ b/python-spotipy.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Fri Feb 28 05:07:51 UTC 2025 - Steve Kowalik + +- Update to 2.25.1: + * Security + + CVE-2025-27154 – Cache file permissions tightened: now 600 (user + read/write only) instead of 644, preventing unauthorized local access + to auth tokens (bsc#1238059) + * Added + + Added examples for audiobooks, shows and episodes methods to examples + directory + * Fixed + + Fixed scripts in examples directory that didn't run correctly + + Updated documentation for Client.current_user_top_artists to indicate + maximum number of artists limit + * Changed + + Updated get_cached_token and save_token_to_cache methods to utilize + Python's Context Management Protocol + + Added except clause to get_cached_token method to handle json decode + errors + + Added warnings and updated docs due to Spotify's deprecation of HTTP + and "localhost" redirect URIs + + Use newer string formatters (https://pyformat.info) + + Marked recommendation_genre_seeds as deprecated + ------------------------------------------------------------------- Tue Jan 7 14:28:06 UTC 2025 - John Paul Adrian Glaubitz diff --git a/python-spotipy.spec b/python-spotipy.spec index 5e98540..9d63083 100644 --- a/python-spotipy.spec +++ b/python-spotipy.spec @@ -18,7 +18,7 @@ %{?sle15_python_module_pythons} Name: python-spotipy -Version: 2.25.0 +Version: 2.25.1 Release: 0 Summary: Client for the Spotify Web API License: MIT @@ -67,6 +67,6 @@ https://spotipy.readthedocs.io/ %license LICENSE.md %doc CHANGELOG.md %{python_sitelib}/spotipy -%{python_sitelib}/spotipy-*-info +%{python_sitelib}/spotipy-%{version}.dist-info %changelog