./security/py-itsdangerous, Helpers to pass trusted data to untrusted environments and back

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.1.0, Package name: py27-itsdangerous-1.1.0, Maintainer: kleink

It's Dangerous
... so better sign this

Various helpers to pass data to untrusted environments and to get it back
safe and sound.

This repository provides a module that is a port of the django signing
module. It's not directly copied but some changes were applied to
make it work better on its own.


Required to run:
[devel/py-setuptools] [lang/python27]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: b79fef5caacdd247f7def3fe59e6def34bc86905
RMD160: 3a1b71343357fd9cef28039753c78f0bf24d91ff
Filesize: 51.972 KB

Version history: (Expand)


CVS history: (Expand)


   2018-11-11 17:20:42 by Klaus Klein | Files touched by this commit (1)
Log message:
Sort PLIST; missed in previous.

No functional change.
   2018-11-10 18:27:36 by Klaus Klein | Files touched by this commit (3) | Package updated
Log message:
Update py-itsdangerous to 1.1.0.

Version 1.1.0
-------------

Released 2018-10-26

-   Change default signing algorithm back to SHA-1. (`#113`_)
-   Added a default SHA-512 fallback for users who used the yanked 1.0.0
    release which defaulted to SHA-512. (`#114`_)
-   Add support for fallback algorithms during deserialization to
    support changing the default in the future without breaking existing
    signatures. (`#113`_)
-   Changed capitalization of packages back to lowercase as the change
    in capitalization broke some tooling. (`#113`_)

.. _#113: https://github.com/pallets/itsdangerous/pull/113
.. _#114: https://github.com/pallets/itsdangerous/pull/114

Version 1.0.0
-------------

Released 2018-10-18

YANKED

*Note*: This release was yanked from PyPI because it changed the default
algorithm to SHA-512. This decision was reverted in 1.1.0 and it remains
at SHA1.

-   Drop support for Python 2.6 and 3.3.
-   Refactor code from a single module to a package. Any object in the
    API docs is still importable from the top-level ``itsdangerous``
    name, but other imports will need to be changed. A future release
    will remove many of these compatibility imports. (`#107`_)
-   Optimize how timestamps are serialized and deserialized. (`#13`_)
-   ``base64_decode`` raises ``BadData`` when it is passed invalid data.
    (`#27`_)
-   Ensure value is bytes when signing to avoid a ``TypeError`` on
    Python 3. (`#29`_)
-   Add a ``serializer_kwargs`` argument to ``Serializer``, which is
    passed to ``dumps`` during ``dump_payload``. (`#36`_)
-   More compact JSON dumps for unicode strings. (`#38`_)
-   Use the full timestamp rather than an offset, allowing dates before
    2011. (`#46`_)
-   Detect a ``sep`` character that may show up in the signature itself
    and raise a ``ValueError``. (`#62`_)
-   Use a consistent signature for keyword arguments for
    ``Serializer.load_payload`` in subclasses. (`#74`_, `#75`_)
-   Change default intermediate hash from SHA-1 to SHA-512. (`#80`_)
-   Convert JWS exp header to an int when loading. (`#99`_)

.. _#13: https://github.com/pallets/itsdangerous/pull/13
.. _#27: https://github.com/pallets/itsdangerous/pull/27
.. _#29: https://github.com/pallets/itsdangerous/issues/29
.. _#36: https://github.com/pallets/itsdangerous/pull/36
.. _#38: https://github.com/pallets/itsdangerous/issues/38
.. _#46: https://github.com/pallets/itsdangerous/issues/46
.. _#62: https://github.com/pallets/itsdangerous/issues/62
.. _#74: https://github.com/pallets/itsdangerous/issues/74
.. _#75: https://github.com/pallets/itsdangerous/pull/75
.. _#80: https://github.com/pallets/itsdangerous/pull/80
.. _#99: https://github.com/pallets/itsdangerous/pull/99
.. _#107: https://github.com/pallets/itsdangerous/pull/107
   2016-06-08 19:43:49 by Thomas Klausner | Files touched by this commit (356)
Log message:
Switch to MASTER_SITES_PYPI.
   2015-11-04 02:18:12 by Alistair G. Crooks | Files touched by this commit (434)
Log message:
Add SHA512 digests for distfiles for security category

Problems found locating distfiles:
	Package f-prot-antivirus6-fs-bin: missing distfile fp-NetBSD.x86.32-fs-6.2.3.tar.gz
	Package f-prot-antivirus6-ws-bin: missing distfile fp-NetBSD.x86.32-ws-6.2.3.tar.gz
	Package libidea: missing distfile libidea-0.8.2b.tar.gz
	Package openssh: missing distfile openssh-7.1p1-hpn-20150822.diff.bz2
	Package uvscan: missing distfile vlp4510e.tar.Z

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
   2014-04-03 10:40:28 by Klaus Klein | Files touched by this commit (2) | Package updated
Log message:
Update py-itsdangerous to 0.24.

Version 0.24
~~~~~~~~~~~~

- Added a `BadHeader` exception that is used for bad headers
  that replaces the old `BadPayload` exception that was reused
  in those cases.
   2014-01-25 11:30:32 by Thomas Klausner | Files touched by this commit (533) | Package updated
Log message:
Mark packages as not ready for python-3.x where applicable;
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE=  33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE=  33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.

Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.

Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.

Whitespace cleanups and other nits corrected, where necessary.
   2014-01-12 10:45:25 by Thomas Klausner | Files touched by this commit (12)
Log message:
PYTHON_VERSIONS_INCOMPATIBLE cleanup.
   2013-08-12 20:17:22 by Klaus Klein | Files touched by this commit (2) | Package updated
Log message:
Update py-itsdangerous to 0.23.

Version 0.23
~~~~~~~~~~~~

- Fixed a packaging mistake that caused the tests and license
  files to not be included.