Merge pull request #426 from rohe/release.0.12.0

Release 0.12.0
CZ-NIC · Sep 26, 2017 · 49ea5e8 · 49ea5e8
2 parents d840b0b + 01af7a4
commit 49ea5e8
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,15 @@ The format is based on the [KeepAChangeLog] project.
 
 [KeepAChangeLog]: http://keepachangelog.com/
 
+## 0.12.0 [2017-09-25]
+
+### Fixed
+- [#419]: Inconsistent release numbers/tags
+- [#420]: Distributed claims
+
+[#419]: https://github.com/OpenIDC/pyoidc/issues/419
+[#420]: https://github.com/OpenIDC/pyoidc/pull/420
+
 ## 0.11.1.0 [2017-08-26]
 
 ### Fixed

diff --git a/src/oic/__init__.py b/src/oic/__init__.py
@@ -8,7 +8,7 @@
     import random as rnd
 
 __author__ = 'Roland Hedberg'
-__version__ = '0.11.0.1'
+__version__ = '0.12.0'
 
 
 OIDCONF_PATTERN = "%s/.well-known/openid-configuration"

diff --git a/src/oic/utils/http_util.py b/src/oic/utils/http_util.py
@@ -10,6 +10,7 @@
 import time
 
 from jwkest import as_unicode
+from jwkest import safe_str_cmp
 from six import PY2
 from six import binary_type
 from six import text_type
@@ -297,7 +298,7 @@ def verify_cookie_signature(sig, key, *parts):
        :raises: `InvalidCookieSign` when the signature is wrong
     """
     assert isinstance(sig, text_type)
-    return hmac.compare_digest(sig, cookie_signature(key, *parts))
+    return safe_str_cmp(sig, cookie_signature(key, *parts))
 
 
 def _make_hashed_key(parts, hashfunc='sha256'):