commit de55aab1de5f080d2abd1f86b575c1f9a17845aea8f3c81b97c475c5ce494038 Author: Adrian Schröter Date: Fri May 3 20:18:25 2024 +0200 Sync from SUSE:SLFO:Main python-certifi revision f9411ca30d047dca8f6452073e9ea59d diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/certifi-2023.7.22.tar.gz b/certifi-2023.7.22.tar.gz new file mode 100644 index 0000000..3be42de --- /dev/null +++ b/certifi-2023.7.22.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:539cc1d13202e33ca466e88b2807e29f4c13049d6d87031a3c110744495cb082 +size 159517 diff --git a/python-certifi-shipped-requests-cabundle.patch b/python-certifi-shipped-requests-cabundle.patch new file mode 100644 index 0000000..e4f0800 --- /dev/null +++ b/python-certifi-shipped-requests-cabundle.patch @@ -0,0 +1,120 @@ +diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.py +--- certifi-2022.9.24.orig/certifi/core.py 2022-09-13 22:15:32.000000000 +0200 ++++ certifi-2022.9.24/certifi/core.py 2022-11-15 12:56:32.415823730 +0100 +@@ -3,106 +3,18 @@ + ~~~~~~~~~~ + + This module returns the installation location of cacert.pem or its contents. +-""" +-import sys +- + +-if sys.version_info >= (3, 11): ++Patched by openSUSE: return the system bundle ++""" + +- from importlib.resources import as_file, files ++import io + +- _CACERT_CTX = None +- _CACERT_PATH = None +- +- def where() -> str: +- # This is slightly terrible, but we want to delay extracting the file +- # in cases where we're inside of a zipimport situation until someone +- # actually calls where(), but we don't want to re-extract the file +- # on every call of where(), so we'll do it once then store it in a +- # global variable. +- global _CACERT_CTX +- global _CACERT_PATH +- if _CACERT_PATH is None: +- # This is slightly janky, the importlib.resources API wants you to +- # manage the cleanup of this file, so it doesn't actually return a +- # path, it returns a context manager that will give you the path +- # when you enter it and will do any cleanup when you leave it. In +- # the common case of not needing a temporary file, it will just +- # return the file system location and the __exit__() is a no-op. +- # +- # We also have to hold onto the actual context manager, because +- # it will do the cleanup whenever it gets garbage collected, so +- # we will also store that at the global level as well. +- _CACERT_CTX = as_file(files("certifi").joinpath("cacert.pem")) +- _CACERT_PATH = str(_CACERT_CTX.__enter__()) +- +- return _CACERT_PATH +- +- def contents() -> str: +- return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii") +- +-elif sys.version_info >= (3, 7): +- +- from importlib.resources import path as get_path, read_text +- +- _CACERT_CTX = None +- _CACERT_PATH = None +- +- def where() -> str: +- # This is slightly terrible, but we want to delay extracting the +- # file in cases where we're inside of a zipimport situation until +- # someone actually calls where(), but we don't want to re-extract +- # the file on every call of where(), so we'll do it once then store +- # it in a global variable. +- global _CACERT_CTX +- global _CACERT_PATH +- if _CACERT_PATH is None: +- # This is slightly janky, the importlib.resources API wants you +- # to manage the cleanup of this file, so it doesn't actually +- # return a path, it returns a context manager that will give +- # you the path when you enter it and will do any cleanup when +- # you leave it. In the common case of not needing a temporary +- # file, it will just return the file system location and the +- # __exit__() is a no-op. +- # +- # We also have to hold onto the actual context manager, because +- # it will do the cleanup whenever it gets garbage collected, so +- # we will also store that at the global level as well. +- _CACERT_CTX = get_path("certifi", "cacert.pem") +- _CACERT_PATH = str(_CACERT_CTX.__enter__()) +- +- return _CACERT_PATH +- +- def contents() -> str: +- return read_text("certifi", "cacert.pem", encoding="ascii") +- +-else: +- import os +- import types +- from typing import Union +- +- Package = Union[types.ModuleType, str] +- Resource = Union[str, "os.PathLike"] +- +- # This fallback will work for Python versions prior to 3.7 that lack the +- # importlib.resources module but relies on the existing `where` function +- # so won't address issues with environments like PyOxidizer that don't set +- # __file__ on modules. +- def read_text( +- package: Package, +- resource: Resource, +- encoding: str = 'utf-8', +- errors: str = 'strict' +- ) -> str: +- with open(where(), encoding=encoding) as data: +- return data.read() +- +- # If we don't have importlib.resources, then we will just do the old logic +- # of assuming we're on the filesystem and munge the path directly. +- def where() -> str: +- f = os.path.dirname(__file__) ++def read_text(_module=None, _path=None, encoding="ascii"): ++ with io.open(where(), "r", encoding=encoding) as data: ++ return data.read() + +- return os.path.join(f, "cacert.pem") ++def where(): ++ return "/etc/ssl/ca-bundle.pem" + +- def contents() -> str: +- return read_text("certifi", "cacert.pem", encoding="ascii") ++def contents() -> str: ++ return read_text(encoding="ascii") diff --git a/python-certifi.changes b/python-certifi.changes new file mode 100644 index 0000000..4f75eca --- /dev/null +++ b/python-certifi.changes @@ -0,0 +1,305 @@ +------------------------------------------------------------------- +Wed Aug 9 07:54:58 UTC 2023 - Dirk Müller + +- update to 2023.7.22: + Added certs: + # CN=Sectigo Public Server Authentication Root E46 O=Sectigo Limited + # CN=Sectigo Public Server Authentication Root R46 O=Sectigo Limited + # CN=SSL.com TLS RSA Root CA 2022 O=SSL Corporation + # CN=SSL.com TLS ECC Root CA 2022 O=SSL Corporation + # CN=Atos TrustedRoot Root CA ECC TLS 2021 O=Atos + # CN=Atos TrustedRoot Root CA RSA TLS 2021 O=Atos + Removed certs: + # CN=Hongkong Post Root CA 1 O=Hongkong Post + # CN=E-Tugra Certification Authority O=E-Tu\u011fra EBG Bili\u015fim + Teknolojileri ve Hizmetleri A.\u015e. OU=E-Tugra Sertifikasyon Merkezi + # CN=E-Tugra Global Root CA RSA v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center + # CN=E-Tugra Global Root CA ECC v3 O=E-Tugra EBG A.S. OU=E-Tugra Trust Center + +------------------------------------------------------------------- +Mon May 8 18:01:26 UTC 2023 - Dirk Müller + +- update to 2023.5.7: + Added certs: + * CN=BJCA Global Root CA1 O=BEIJING CERTIFICATE AUTHORITY + +------------------------------------------------------------------- +Wed May 3 15:36:56 UTC 2023 - Dirk Müller + +- update to 2022.12.7 (bsc#1206212 CVE-2022-23491): + * obsoletes removeTrustCor.patch in older dists + Removed certs: + * CN=Network Solutions Certificate Authority O=Network Solutions L.L.C. + * CN=Staat der Nederlanden EV Root CA O=Staat der Nederlanden + * CN=TrustCor RootCert CA-1 O=TrustCor Systems S. de R.L. OU=TrustCor Certificate Authority + * CN=TrustCor RootCert CA-2 O=TrustCor Systems S. de R.L. OU=TrustCor Certificate Authority + * CN=TrustCor ECA-1 O=TrustCor Systems S. de R.L. OU=TrustCor Certificate Authority + +------------------------------------------------------------------- +Fri Apr 21 12:23:08 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Thu Apr 13 22:40:27 UTC 2023 - Matej Cepl + +- Make calling of %{sle15modernpython} optional. + +------------------------------------------------------------------- +Thu Nov 17 09:31:30 UTC 2022 - John Paul Adrian Glaubitz + +- Update to 2022.9.24: + * (no changes) +- from version 2022.09.24: + * (no changes) +- from version 2022.09.14: + * (no changes) +- from version 2022.06.15.2: + * Only use importlib.resources's new files() / + Traversable API on Python ≥3.11 (#204) +- from version 2022.06.15.1: + * Fix deprecation warning on Python 3.11 (#199) + * fixes #198 -- update link in license +- from version 2022.06.15: + * Add py.typed to MANIFEST.in to package in sdist (#196) +- from version 2022.05.18.1: + * Add support for Python 3.10 and drop EOL 3.5 (#167) +- from version 2022.05.18: + * Automatically lock github issues after + they've been closed for 90 days (#189) + * Remove universal wheel, python 2 is unsupported (#187) + * Add type annotations to package + * Added Required Python Version (#152) + * Fix homepage link (#145) +- Refresh patches for new version + * python-certifi-shipped-requests-cabundle.patch + +------------------------------------------------------------------- +Sat Jan 15 17:54:53 UTC 2022 - Dirk Müller + +- update to 2021.10.8: + added certs: + * CN=TunTrust Root CA O=Agence Nationale de Certification Electronique + * CN=HARICA TLS ECC Root CA 2021 O=Hellenic Academic and Research Institutions CA + +------------------------------------------------------------------- +Thu Jun 17 20:53:23 UTC 2021 - Dirk Müller + +- update to 2021.5.30: + Added certs: + * CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS O=FNMT-RCM OU=Ceres + * CN=GlobalSign Root R46 O=GlobalSign nv-sa + * CN=GlobalSign Root E46 O=GlobalSign nv-sa + * CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH + * CN=ANF Secure Server Root CA O=ANF Autoridad de Certificacion OU=ANF CA Raiz + * CN=Certum EC-384 CA O=Asseco Data Systems S.A. OU=Certum Certification Authority + * CN=Certum Trusted Root CA O=Asseco Data Systems S.A. OU=Certum Certification Authority + +------------------------------------------------------------------- +Sat Dec 19 10:43:30 UTC 2020 - Dirk Müller + +- update to 2020.12.5 + +------------------------------------------------------------------- +Thu Nov 26 09:21:35 UTC 2020 - Dirk Mueller + +- update to 2020.11.8: + * Python 3.8+ support + +------------------------------------------------------------------- +Wed Nov 25 11:41:29 UTC 2020 - Matej Cepl + +- Add two-basic-unit-tests.patch which includes two at least simple test + patches (gh#certifi/python-certifi#137). + +------------------------------------------------------------------- +Sun Aug 16 17:45:09 UTC 2020 - Benjamin Greiner + +- Update package description +- Fix the butchered python-certifi-shipped-requests-cabundle.patch + broken by last update. +- Add comment about missing tests gh#certifi/python-certifi#136 + +------------------------------------------------------------------- +Sat Aug 15 17:09:57 UTC 2020 - Arun Persaud + +- specfile: + * update line numbers and whitespace in patch + +- update to version 2020.6.20: + * Updates in enabled CAs + +- changes from version 2020.04.05.2: + * Document policy for cert addition (#127) + * Clarify trust origin is Mozilla (#126) + * Fix where() so that it works with importlib.resources when + available + * Goodbye python 2 + +------------------------------------------------------------------- +Wed Jun 3 11:12:41 UTC 2020 - Dirk Mueller + +- update to 2020.4.5.1: + adds Agencia Catalana de Certificacio (NIF Q-0801176-I) OU=Serveis + Publics de Certificacio/Vegeu + +------------------------------------------------------------------- +Fri Jan 24 15:06:39 UTC 2020 - Marketa Calabkova + +- update to 2019.11.28 + * Updates in enabled CAs + +------------------------------------------------------------------- +Fri Sep 20 12:43:15 UTC 2019 - Tomáš Chvátal + +- Sync to the latest 2019.9.11: + * Updates in enabled CAs + +------------------------------------------------------------------- +Wed Jul 24 09:12:13 UTC 2019 - pgajdos@suse.com + +- version update to 2019.6.16 + * remove Certinomis Root CA + +------------------------------------------------------------------- +Mon Mar 11 09:58:08 UTC 2019 - Tomáš Chvátal + +- Update to 2019.3.9: + * Add emSign Root CA - G1 + * Add emSign ECC Root CA - G3 + * Add Hongkong Post Root CA 3 +- Rebase python-certifi-shipped-requests-cabundle.patch + +------------------------------------------------------------------- +Mon Feb 11 22:29:47 UTC 2019 - John Vandenberg + +- Update to 2018.11.29 + * Deprecated old_where() has been removed + * Removed certificates + + Visa eCommerce Root + + Certplus Root CA G1 + + Certplus Root CA G2 + + OpenTrust Root CA G1 + + OpenTrust Root CA G2 + + OpenTrust Root CA G3 + +------------------------------------------------------------------- +Tue Jan 8 23:55:51 UTC 2019 - Jonathan Brownell + +- Limit SUSE certificate patch to exclude Red Hat platforms since + the relevant /etc/ssl/ca-bundle.pem does not exist there + +- %py_compile and %py3_compile macros do not exist on Red Hat; + substitute them with equivalent %python_exec invocations + +------------------------------------------------------------------- +Tue Dec 4 12:46:35 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +------------------------------------------------------------------- +Tue Apr 17 10:53:35 UTC 2018 - michael@stroeder.com + +- update to 2018.4.16 + * Remove Elektronik Sertifika Hizket from cacert.pem +- This is noop as we use our cacert list from /etc/ssl/ca-bundle.pem + +------------------------------------------------------------------- +Sun Feb 4 00:36:29 UTC 2018 - arun@gmx.de + +- specfile: + * update copyright year + +- update to version 2018.1.18: + * Remove 1024-bit root certificates + * Include license in the list of trove classifiers + * Include license file in the generated wheel package + +------------------------------------------------------------------- +Tue Nov 14 23:19:14 UTC 2017 - dmueller@suse.com + +- update to 2017.11.5: + * Sync with bundle mozilla release +- remove python-certifi-fix-version-string.patch: obsolete + +------------------------------------------------------------------- +Wed Oct 18 17:23:39 UTC 2017 - jmatejek@suse.com + +- fix macros to support not having python2 + +------------------------------------------------------------------- +Thu Oct 12 08:52:57 UTC 2017 - adrian.glaubitz@suse.com + +- add patch to fix version string from 2017.07.27.1 to + 2017.7.27.1 to fix the build on SLE12_SP3 and earlier + + python-certifi-fix-version-string.patch + +------------------------------------------------------------------- +Tue Oct 3 05:42:11 UTC 2017 - arun@gmx.de + +- updated patch + +- update to version 2017.7.27.1: + * Use a more expressive API for getting the dir a path is in + * set zip_safe=False to help out setuptools (#63) + * Change license from ISC to MPL-2.0 in setup.py + * Add trove classifiers for missing supported Python versions + * Rename [wheel] section to [bdist_wheel] as the former is legacy + +------------------------------------------------------------------- +Mon Jul 10 18:42:12 UTC 2017 - toddrme2178@gmail.com + +- Fix wrong-script-interpreter rpmlint error. +- Fix script-without-shebang rpmlint warning. + +------------------------------------------------------------------- +Sun Jun 11 20:37:21 UTC 2017 - dmueller@suse.com + +- require ca-certificates-mozilla, otherwise certifi does not + provide any ca bundle (the bundled one that openSUSE patches + out is the mozilla bundle as well) + +------------------------------------------------------------------- +Sat Jun 10 08:46:52 UTC 2017 - dmueller@suse.com + +- update to 2017.4.17 + +------------------------------------------------------------------- +Sat Apr 8 17:51:03 UTC 2017 - aloisio@gmx.com + +- Updated to version 2017.1.23 +- Converted to single-spec +- Updated source URL + +------------------------------------------------------------------- +Fri Jun 3 23:00:13 UTC 2016 - jacobwinski@gmail.com + +- Update to version 2016.2.28 +- Update copyright year in spec file +- Fix executable warning (fix taken from python3-certifi) + +------------------------------------------------------------------- +Fri Jan 22 12:22:53 UTC 2016 - michael@stroeder.com + +- Update to version 2015.11.20.1 + +------------------------------------------------------------------- +Sat Sep 26 10:27:12 UTC 2015 - toddrme2178@gmail.com + +- Update to version 2015.9.6.2: + * Actually ship weak cert bundle. + * Provide old cert bundle. + * Use secure roots by default. + * Update scripts to use mkcert.org + * Concatenate the two roots + * Add the needed 1024-bit roots + * Move mkcert output to non-core file +- Fix dependencies on SLES 11 +- Certifi is released under MPL-2.0; fix the license tag +- Rebase python-certifi-shipped-requests-cabundle.patch + +------------------------------------------------------------------- +Wed Apr 22 13:31:54 UTC 2015 - mcihar@suse.cz + +- Initial packaging + diff --git a/python-certifi.spec b/python-certifi.spec new file mode 100644 index 0000000..d33370c --- /dev/null +++ b/python-certifi.spec @@ -0,0 +1,79 @@ +# +# spec file for package python-certifi +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?!python_module:%define python_module() python-%{**} python3-%{**}} +%{?sle15_python_module_pythons} +Name: python-certifi +Version: 2023.7.22 +Release: 0 +Summary: Python package for providing Mozilla's CA Bundle +License: MPL-2.0 +Group: Development/Languages/Python +URL: https://github.com/certifi/python-certifi +Source: https://files.pythonhosted.org/packages/source/c/certifi/certifi-%{version}.tar.gz +# PATCH-FIX-SUSE -- prefer SUSE certificates +Patch0: python-certifi-shipped-requests-cabundle.patch +# PATCH-FEATURE-UPSTREAM two-basic-unit-tests.patch gh#certifi/python-certifi#137 mcepl@suse.com +# Add at least primitive test suite (by bnavigator) +Patch1: two-basic-unit-tests.patch +BuildRequires: %{python_module setuptools} +BuildRequires: ca-certificates +BuildRequires: ca-certificates-mozilla +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: ca-certificates +Requires: ca-certificates-mozilla +BuildArch: noarch +%python_subpackages + +%description +Certifi provides Mozilla's carefully curated collection of Root Certificates +for validating the trustworthiness of SSL certificates while verifying the +identity of TLS hosts. It has been extracted from the Requests project. + +Note that on SUSE packages the used CA bundle is actually the system bundle + +%prep +%autosetup -p1 -n certifi-%{version} + +%build +%python_build + +%install +%python_install + +%{python_expand chmod +x %{buildroot}%{$python_sitelib}/certifi/core.py + sed -i "s|#!%{_bindir}/env python|#!%__$python|" %{buildroot}/%{$python_sitelib}/certifi/core.py + rm %{buildroot}%{$python_sitelib}/certifi/cacert.pem +} + +%python_expand $python -m compileall %{buildroot}%{$python_sitelib}/certifi/ +%python_expand $python -O -m compileall %{buildroot}%{$python_sitelib}/certifi/ + +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +%pyunittest -v certifi.tests.test_certifi + +%files %{python_files} +%license LICENSE +%doc README.rst +%{python_sitelib}/certifi/ +%{python_sitelib}/certifi-%{version}-py*.egg-info + +%changelog diff --git a/two-basic-unit-tests.patch b/two-basic-unit-tests.patch new file mode 100644 index 0000000..b39bc06 --- /dev/null +++ b/two-basic-unit-tests.patch @@ -0,0 +1,83 @@ +From 7d617ff9dddee73bde86b79c9aa2f1c98f19e339 Mon Sep 17 00:00:00 2001 +From: Benjamin Greiner +Date: Sun, 16 Aug 2020 20:17:39 +0200 +Subject: [PATCH 1/2] add 2 basic unit tests + +--- + .github/workflows/python-package.yml | 40 +++++++++++++++++++++++++++++++++++ + certifi/tests/__init__.py | 2 + + certifi/tests/test_certifi.py | 19 ++++++++++++++++ + 3 files changed, 61 insertions(+) + create mode 100644 certifi/tests/__init__.py + create mode 100755 certifi/tests/test_certifi.py + +--- /dev/null ++++ b/certifi/tests/__init__.py +@@ -0,0 +1,2 @@ ++# certifi.tests module ++ +--- /dev/null ++++ b/certifi/tests/test_certifi.py +@@ -0,0 +1,19 @@ ++# -*- coding: utf-8 -*- ++""" ++unit tests to make sure everything behaves as expected ++""" ++ ++import os ++import unittest ++ ++import certifi ++ ++ ++class TestCertifi(unittest.TestCase): ++ def test_cabundle_exists(self): ++ """Check that the reported bundle exists""" ++ self.assertTrue(os.path.exists(certifi.where())) ++ ++ def test_read_contents(self): ++ """Check that the returned contents contain a certificate""" ++ self.assertIn("-----BEGIN CERTIFICATE-----", certifi.contents()) +--- /dev/null ++++ b/.github/workflows/python-package.yml +@@ -0,0 +1,40 @@ ++# This workflow will install Python dependencies, run tests and lint with a variety of Python versions ++# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions ++ ++name: Python package ++ ++on: ++ push: ++ branches: [ master ] ++ pull_request: ++ branches: [ master ] ++ ++jobs: ++ build: ++ ++ runs-on: ubuntu-latest ++ strategy: ++ matrix: ++ python-version: [3.5, 3.6, 3.7, 3.8] ++ ++ steps: ++ - uses: actions/checkout@v2 ++ - name: Set up Python ${{ matrix.python-version }} ++ uses: actions/setup-python@v2 ++ with: ++ python-version: ${{ matrix.python-version }} ++ - name: Install test dependencies ++ run: | ++ python -m pip install --upgrade pip ++ pip install pytest ++ # pip install flake8 pytest ++ # if [ -f requirements.txt ]; then pip install -r requirements.txt; fi ++ #- name: Lint with flake8 ++ # run: | ++ # # stop the build if there are Python syntax errors or undefined names ++ # flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics ++ # # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide ++ # flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics ++ - name: Test with pytest ++ run: | ++ pytest