kpriv/pkgsrc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
297255 commits 166 branches 0 tags 1.5 GiB
Commit graph

6 commits

Author SHA1 Message Date
kleink
dbeb4a5c96 Update py-itsdangerous to 1.1.0. 
Version 1.1.0
-------------

Released 2018-10-26

-   Change default signing algorithm back to SHA-1. (`#113`_)
-   Added a default SHA-512 fallback for users who used the yanked 1.0.0
    release which defaulted to SHA-512. (`#114`_)
-   Add support for fallback algorithms during deserialization to
    support changing the default in the future without breaking existing
    signatures. (`#113`_)
-   Changed capitalization of packages back to lowercase as the change
    in capitalization broke some tooling. (`#113`_)

.. _#113: https://github.com/pallets/itsdangerous/pull/113
.. _#114: https://github.com/pallets/itsdangerous/pull/114


Version 1.0.0
-------------

Released 2018-10-18

YANKED

*Note*: This release was yanked from PyPI because it changed the default
algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains
at SHA1.

-   Drop support for Python 2.6 and 3.3.
-   Refactor code from a single module to a package. Any object in the
    API docs is still importable from the top-level ``itsdangerous``
    name, but other imports will need to be changed. A future release
    will remove many of these compatibility imports. (`#107`_)
-   Optimize how timestamps are serialized and deserialized. (`#13`_)
-   ``base64_decode`` raises ``BadData`` when it is passed invalid data.
    (`#27`_)
-   Ensure value is bytes when signing to avoid a ``TypeError`` on
    Python 3. (`#29`_)
-   Add a ``serializer_kwargs`` argument to ``Serializer``, which is
    passed to ``dumps`` during ``dump_payload``. (`#36`_)
-   More compact JSON dumps for unicode strings. (`#38`_)
-   Use the full timestamp rather than an offset, allowing dates before
    2011. (`#46`_)
-   Detect a ``sep`` character that may show up in the signature itself
    and raise a ``ValueError``. (`#62`_)
-   Use a consistent signature for keyword arguments for
    ``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_)
-   Change default intermediate hash from SHA-1 to SHA-512. (`#80`_)
-   Convert JWS exp header to an int when loading. (`#99`_)

.. _#13: https://github.com/pallets/itsdangerous/pull/13
.. _#27: https://github.com/pallets/itsdangerous/pull/27
.. _#29: https://github.com/pallets/itsdangerous/issues/29
.. _#36: https://github.com/pallets/itsdangerous/pull/36
.. _#38: https://github.com/pallets/itsdangerous/issues/38
.. _#46: https://github.com/pallets/itsdangerous/issues/46
.. _#62: https://github.com/pallets/itsdangerous/issues/62
.. _#74: https://github.com/pallets/itsdangerous/issues/74
.. _#75: https://github.com/pallets/itsdangerous/pull/75
.. _#80: https://github.com/pallets/itsdangerous/pull/80
.. _#99: https://github.com/pallets/itsdangerous/pull/99
.. _#107: https://github.com/pallets/itsdangerous/pull/107
 2018-11-10 17:27:36 +00:00
agc
5293710fb4 Add SHA512 digests for distfiles for security category 
Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
 2015-11-04 01:17:40 +00:00
kleink
244dad50ac Update py-itsdangerous to 0.24. 
Version 0.24
~~~~~~~~~~~~

- Added a `BadHeader` exception that is used for bad headers
  that replaces the old `BadPayload` exception that was reused
  in those cases.
 2014-04-03 08:40:28 +00:00
kleink
ec7d71e709 Update py-itsdangerous to 0.23. 
Version 0.23
~~~~~~~~~~~~

- Fixed a packaging mistake that caused the tests and license
  files to not be included.
 2013-08-12 18:17:22 +00:00
kleink
193c45e3cd Update py-itsdangerous to 0.22. 
Version 0.22
~~~~~~~~~~~~

- Added support for `TimedJSONWebSignatureSerializer`.
- made it possible to override the signature verification function
  to allow implementing asymmetrical algorithms.
 2013-07-09 16:49:16 +00:00
kleink
bd50a6f122 Import itsdangerous-0.21 as security/py-itsdangerous. 
It's Dangerous
   ... so better sign this

Various helpers to pass data to untrusted environments and to get it back
safe and sound.

This repository provides a module that is a port of the django signing
module.  It's not directly copied but some changes were applied to
make it work better on its own.
 2013-06-14 09:41:01 +00:00