From 640556a67d1deae019ff9574f54154bb66a8d92e Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland@catalogix.se>
Date: Mon, 25 Sep 2017 14:37:17 +0200
Subject: [PATCH 1/3] Release 0.12.0

---
 CHANGELOG.md        | 9 +++++++++
 src/oic/__init__.py | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 272439180..fbd897d99 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,15 @@ The format is based on the [KeepAChangeLog] project.
 
 [KeepAChangeLog]: http://keepachangelog.com/
 
+## 0.12.0 [2017-09-25]
+
+### Fixed
+- [#419]: Inconsistent release numbers/tags
+- [#420]: Distributed claims
+
+[#419]: https://github.com/OpenIDC/pyoidc/issues/419
+[#420]: https://github.com/OpenIDC/pyoidc/pull/420
+
 ## 0.11.1.0 [2017-08-26]
 
 ### Fixed
diff --git a/src/oic/__init__.py b/src/oic/__init__.py
index 37c06a5ca..31488391b 100644
--- a/src/oic/__init__.py
+++ b/src/oic/__init__.py
@@ -8,7 +8,7 @@
     import random as rnd
 
 __author__ = 'Roland Hedberg'
-__version__ = '0.11.0.1'
+__version__ = '0.12.0'
 
 
 OIDCONF_PATTERN = "%s/.well-known/openid-configuration"

From b3e5f81546d7e7e73dbb6e39cf20694f039ae989 Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland@catalogix.se>
Date: Tue, 26 Sep 2017 15:32:37 +0200
Subject: [PATCH 2/3] hmac.compare_digest does not exist before 2.7.7 .

---
 src/oic/utils/http_util.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/oic/utils/http_util.py b/src/oic/utils/http_util.py
index 2b6aaf75e..cc87d190b 100644
--- a/src/oic/utils/http_util.py
+++ b/src/oic/utils/http_util.py
@@ -10,6 +10,7 @@
 import time
 
 from jwkest import as_unicode
+from jwkest import constant_time_compare
 from six import PY2
 from six import binary_type
 from six import text_type
@@ -297,7 +298,7 @@ def verify_cookie_signature(sig, key, *parts):
        :raises: `InvalidCookieSign` when the signature is wrong
     """
     assert isinstance(sig, text_type)
-    return hmac.compare_digest(sig, cookie_signature(key, *parts))
+    return constant_time_compare(sig, cookie_signature(key, *parts))
 
 
 def _make_hashed_key(parts, hashfunc='sha256'):

From 01af7a422a582465164adc8deb4e4ab06be2f6e4 Mon Sep 17 00:00:00 2001
From: Roland Hedberg <roland@catalogix.se>
Date: Tue, 26 Sep 2017 15:46:06 +0200
Subject: [PATCH 3/3] OK, should use this instead.

---
 src/oic/utils/http_util.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/oic/utils/http_util.py b/src/oic/utils/http_util.py
index cc87d190b..038ca045d 100644
--- a/src/oic/utils/http_util.py
+++ b/src/oic/utils/http_util.py
@@ -10,7 +10,7 @@
 import time
 
 from jwkest import as_unicode
-from jwkest import constant_time_compare
+from jwkest import safe_str_cmp
 from six import PY2
 from six import binary_type
 from six import text_type
@@ -298,7 +298,7 @@ def verify_cookie_signature(sig, key, *parts):
        :raises: `InvalidCookieSign` when the signature is wrong
     """
     assert isinstance(sig, text_type)
-    return constant_time_compare(sig, cookie_signature(key, *parts))
+    return safe_str_cmp(sig, cookie_signature(key, *parts))
 
 
 def _make_hashed_key(parts, hashfunc='sha256'):