Update Changelog for v1.8.0

Bump to v1.8.0
Create py.typed to silence mypy (PEP561) (#43 )
2025-04-29 22:24:36 +02:00 · 2023-12-22 11:12:09 +00:00 · 2023-12-22 11:08:57 +00:00 · 2023-12-22 10:58:12 +00:00 · 2023-12-22 10:43:35 +00:00 · 2023-12-06 16:00:52 +00:00
11 changed files with 530 additions and 623 deletions
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@ -14,7 +14,7 @@ jobs:
    - name: Set up Python
      uses: actions/setup-python@v4
      with:
-        python-version: "3.11.x"
+        python-version: "3.12"
    - name: Install Poetry
      uses: abatilo/actions-poetry@v2
      with:
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -14,7 +14,7 @@ jobs:
      - name: Set up Python
        uses: actions/setup-python@v4
        with:
-          python-version: "3.11"
+          python-version: "3.12"
      - name: Install poetry
        uses: abatilo/actions-poetry@v2
        with:
@ -27,7 +27,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
+        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]
    steps:
    - uses: actions/checkout@v4
    - name: Set up Python ${{ matrix.python-version }}
@ -37,7 +37,7 @@ jobs:
    - name: Install poetry
      uses: abatilo/actions-poetry@v2
      with:
-        poetry-version: 1.5.1  # 1.6.x+ requires Python 3.8+
+        poetry-version: 1.6.1
    - name: Install project
      run: poetry install --all-extras --only main
    - name: Build project
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,27 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [1.8.0] - 2023-12-22
+
+### Added
+
+- Added `py.typed` file to support PEP561 and silence Mypy.
+
+### Changed
+
+- Dropped support for Python 3.7.
+- Recompiled protobuffers for version 4.25.
+
+### Fixed
+
+- Missing `yaml` dependency as it was only installed alongside the `serve` extras group.
+- Duplicate Concatenated SignedMessages no longer throw a verification failure in `Cdm.set_service_certificate()`.
+  To ensure security of the messages, verification will still fail if any of the SignedMessages do not match each other.
+
+### New Contributors
+
+- [sr0lle](https://github.com/sr0lle)
+
 ## [1.7.0] - 2023-11-21

 - Supported Serve API: `v1.4.3` or newer
@ -473,6 +494,8 @@ Initial Release.

 - Service Certificate Signatures are unverified as the signing public key is Unknown.

+[1.8.0]: https://github.com/devine-dl/pywidevine/releases/tag/v1.8.0
+[1.7.0]: https://github.com/devine-dl/pywidevine/releases/tag/v1.7.0
 [1.6.0]: https://github.com/devine-dl/pywidevine/releases/tag/v1.6.0
 [1.5.3]: https://github.com/devine-dl/pywidevine/releases/tag/v1.5.3
 [1.5.2]: https://github.com/devine-dl/pywidevine/releases/tag/v1.5.2
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,7 +1,7 @@
 # Development

 This project is managed using [Poetry](https://python-poetry.org), a fantastic Python packaging and dependency manager.
-Install the latest version of Poetry before continuing. Development currently requires Python 3.7+.
+Install the latest version of Poetry before continuing. Development currently requires Python 3.8+.

 ## Set up

--- a/README.md
+++ b/README.md
@ -9,7 +9,7 @@
        <img src="https://github.com/devine-dl/pywidevine/actions/workflows/ci.yml/badge.svg" alt="Build status">
    </a>
    <a href="https://pypi.org/project/pywidevine">
-        <img src="https://img.shields.io/badge/python-3.7%2B-informational" alt="Python version">
+        <img src="https://img.shields.io/badge/python-3.8%2B-informational" alt="Python version">
    </a>
    <a href="https://deepsource.io/gh/devine-dl/pywidevine">
        <img src="https://deepsource.io/gh/devine-dl/pywidevine.svg/?label=active+issues" alt="DeepSource">
@ -151,6 +151,7 @@ making a CDM in C++ has immediate security benefits and a lot of methods to obsc

 <a href="https://github.com/rlaphoenix"><img src="https://images.weserv.nl/?url=avatars.githubusercontent.com/u/17136956?v=4&h=25&w=25&fit=cover&mask=circle&maxage=7d" alt=""/></a>
 <a href="https://github.com/mediaminister"><img src="https://images.weserv.nl/?url=avatars.githubusercontent.com/u/45148099?v=4&h=25&w=25&fit=cover&mask=circle&maxage=7d" alt=""/></a>
+<a href="https://github.com/sr0lle"><img src="https://images.weserv.nl/?url=avatars.githubusercontent.com/u/111277375?v=4&h=25&w=25&fit=cover&mask=circle&maxage=7d" alt=""/></a>

 ## Licensing

--- a/poetry.lock
+++ b/poetry.lock
--- a/pyproject.toml
+++ b/pyproject.toml
@ -4,7 +4,7 @@ build-backend = "poetry.core.masonry.api"

 [tool.poetry]
 name = "pywidevine"
-version = "1.7.0"
+version = "1.8.0"
 description = "Widevine CDM (Content Decryption Module) implementation in Python."
 license = "GPL-3.0-only"
 authors = ["rlaphoenix <rlaphoenix@pm.me>"]
@ -33,28 +33,28 @@ include = [
 "Changelog" = "https://github.com/devine-dl/pywidevine/blob/master/CHANGELOG.md"

 [tool.poetry.dependencies]
-python = ">=3.7,<4.0"
-protobuf = "^4.24.4"
+python = ">=3.8,<4.0"
+protobuf = "^4.25.1"
 pymp4 = "^1.4.0"
 pycryptodome = "^3.19.0"
 click = "^8.1.7"
 requests = "^2.31.0"
 Unidecode = "^1.3.7"
 PyYAML = "^6.0.1"
-aiohttp = {version = "^3.8.6", optional = true}
+aiohttp = {version = "^3.9.1", optional = true}

 [tool.poetry.group.dev.dependencies]
-pre-commit = "^2.2.1"
-mypy = "^1.4.1"
-mypy-protobuf = "^3.4.0"
+pre-commit = "^3.5.0"
+mypy = "^1.7.1"
+mypy-protobuf = "^3.5.0"
 types-protobuf = "^4.24.0.4"
 types-requests = "^2.31.0.10"
 types-PyYAML = "^6.0.12.12"
-isort = "^5.11.5"
-ruff = "~0.1.4"
+isort = "^5.12.0"
+ruff = "~0.1.7"

 [tool.poetry.extras]
-serve = ["aiohttp", "PyYAML"]
+serve = ["aiohttp"]

 [tool.poetry.scripts]
 pywidevine = "pywidevine.main:main"
--- a/pywidevine/init.py
+++ b/pywidevine/init.py
@ -5,4 +5,4 @@ from .pssh import *
 from .remotecdm import *
 from .session import *

-__version__ = "1.7.0"
+__version__ = "1.8.0"
--- a/pywidevine/cdm.py
+++ b/pywidevine/cdm.py
@ -222,7 +222,11 @@ class Cdm:

        try:
            signed_message.ParseFromString(certificate)
-            if signed_message.SerializeToString() == certificate:
+            if all(
+                # See https://github.com/devine-dl/pywidevine/issues/41
+                bytes(chunk) == signed_message.SerializeToString()
+                for chunk in zip(*[iter(certificate)] * len(signed_message.SerializeToString()))
+            ):
                signed_drm_certificate.ParseFromString(signed_message.msg)
            else:
                signed_drm_certificate.ParseFromString(certificate)
--- a/pywidevine/license_protocol_pb2.py
+++ b/pywidevine/license_protocol_pb2.py
--- a/pywidevine/py.typed
+++ b/pywidevine/py.typed
Author	SHA1	Message	Date
rlaphoenix	7ea2a72a8c	Update Changelog for v1.8.0	2023-12-22 11:12:09 +00:00
rlaphoenix	84d30a69a9	Bump to v1.8.0	2023-12-22 11:08:57 +00:00
sr0lle	c39dd6df5d	Create py.typed to silence mypy (PEP561) (#43 )	2023-12-22 10:58:12 +00:00
rlaphoenix	94f8eba960	Remove PyYAML from the "serve" extras group Fixes #44	2023-12-22 10:43:35 +00:00
rlaphoenix	25e03529f6	Simplify verification of parsing in Cdm.set_service_certificate	2023-12-06 16:00:52 +00:00
rlaphoenix	a04e751aa1	Support duplicated SignedMessages in Cdm.set_service_certificate Fixes #41 Seems some services like TF1 (France) returns a SignedMessage twice in one response body by mistake, resulting in a partial parse decoding error as pywidevine doesn't expect the parsed-then-serialized data to differ from the received data. This workaround checks if the parsed-then-serialized data is in the received data multiple times without any leftover data. If there's no leftover data it considers it safe to continue.	2023-12-06 15:36:27 +00:00
rlaphoenix	17cefbf1d8	Recompile protobuffers for v4.25	2023-12-06 15:31:53 +00:00
rlaphoenix	bcb2185f75	Add Python 3.12 to CI/CD workflows	2023-12-06 15:29:59 +00:00
rlaphoenix	532e68aba9	Drop Support for Python 3.7, update Dependencies	2023-12-06 15:29:06 +00:00