Accepting request 1324406 from network

Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1324406
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/Radicale?expand=0&rev=28

Radicale.changes

@@ -1,3 +1,206 @@
+-------------------------------------------------------------------
+Thu Dec 18 19:30:57 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Update to 3.5.10
+  * Add: [logging] option to log response header on debug loglevel
+  * Add: logging of broken contact items during PUT
+  * Add: [server] max_resource_size option
+  * Add: support PROPFIND/max-resource-size by max_resource_size (capped to 80% of max_content_length)
+  * Extend: [auth] imap: add fallback support for LOGIN towards remote IMAP server (replaced in 3.5.0)
+  * Extend: [logging] with profiling log per reqest or regular per request method
+  * (see also https://github.com/Kozea/Radicale/wiki/Performance-Tuning)
+  * Extend: add selected XML query properties to request result log line for improved timing analysis incl. logwatch support
+  * (see also https://github.com/Kozea/Radicale/wiki/Server-Statistics)
+  * Improve: logging of broken calendar items during PUT
+  * Improve: remove unnecessary open+read for mtime+size cache
+  * Fix: improper detection of HTTP_X_FORWARDED_PORT on MOVE
+  * Adjust: [logging] header/content debug log indended by space to be skipped by logwatch 
+
+-------------------------------------------------------------------
+Mon Dec  1 08:40:59 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Update to 3.5.9
+  * Extend: [auth] add support for type http_remote_user
+  * Extend: logging of invalid sync-token with user, path, remote host and useragent
+  * Fix: typo related to collection delete hook (can cause OOM error) 
+
+-------------------------------------------------------------------
+Sun Nov  9 11:44:40 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Enable Argon2 support for testing and as a recommendation
+- Update to 3.5.8
+  * Extend [auth]: re-factor & overhaul LDAP authentication, especially for Python's ldap module
+  * Fix: out-of-range timestamp on 32-bit systems
+  * Fix: format_ut problem on 32-bit systems
+  * Feature: extend logging with response size in bytes and flag served as plain or gzip
+  * Feature: [storage] strict_preconditions: new config option to enforce strict preconditions check on PUT in case item already exists [RFC6352#9.2]
+  * Doc: Telugu translation
+
+-------------------------------------------------------------------
+Sun Sep 28 09:11:54 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Update to 3.5.7
+  * Extend: [auth] dovecot: add support for version >= 2.4
+  * Fix: report/getetag with enabled expand
+  * Adjust: use of option [auth] ldap_ignore_attribute_create_modify_timestamp for support of Authentik LDAP server
+
+-------------------------------------------------------------------
+Wed Sep 17 15:02:38 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Use the provided "rights" example file as the base config file (instead of an empty one)
+- Update to 3.5.6
+  * Fix: broken start when UID does not exist (potential container startup case)
+  * Improve: user/group retrievement for running service and directories
+  * Extend/Improve: [auth] ldap: group membership lookup
+  * Add: [auth] remote_ip_source: set the remote IP source for auth algorithms
+
+-------------------------------------------------------------------
+Fri Aug 22 07:57:21 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Set "radicale" as the syslog identifier (replacing the generic "python3") when started via systemd
+- Update to 3.5.5
+  * Improve: [auth] ldap: do not read server info by bind to avoid needless network traffic
+  * Improve: add details about platform and effective user on startup
+  * Improve: display owner+permissions on directories on startup, extend error message in case of missing permissions
+  * Improve: add options [logging] trace_on_debug and trace_filter for supporting trace logging
+  * Improve: catch items having tzinfo only on dtstart or dtend set for whatever reason, overtake tzinfo from the other one
+  * Improve: conditional log level for base_prefix strip action depending on auth and web type
+  * Fix: [storage] broken support of 'folder_umask'
+  * Fix: logging ignores not retrievable get_native_id if not supported by OS
+  * Fix: report with enabled expand honors now provided filter proper
+  * Fix: catch case where getpwuid is not returning a username
+  * Fix: add support for query without comp-type
+  * Fix: expanded event with dates are missing VALUE=DATE
+  * Fix: storage hook path now added to DELETE, MKCOL, MKCALENDAR, MOVE, and PROPPATCH
+  * Feature: add hook for server-side e-mail notification
+  * Add: [hook] dryrun: option to disable real hook action for testing, add tests for email+rabbitmq
+  * Add: storage hook placeholder now supports "request" and "to_path" (MOVE only)
+
+-------------------------------------------------------------------
+Wed May 28 20:02:32 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Update to 3.5.4
+  * item filter enhanced for 3rd level supporting VALARM and honoring TRIGGER (offset or absolute)
+  * add Caddy config file example (see contrib directory)
+
+-------------------------------------------------------------------
+Wed May 21 06:40:59 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Update to 3.5.3
+  * Add: [auth] htpasswd: support for Argon2 hashes
+  * Add: [auth] urldecode_username: optional decode provided username (e.g. encoded email address)
+  * Improve: catch error on calendar collection upload and display problematic item content on debug level
+
+-------------------------------------------------------------------
+Thu May  1 06:31:41 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Update to 3.5.2
+  * Adjust: [auth] ldap: use ldap_user_attr either first element of list or directly
+  * Fix: use value of property for time range filter
+  * Fix: return 204 instead of 201 in case PUT updates an item
+  * Add: [auth] ldap: option ldap_security (none, startls, tls) for additional support of STARTTLS, deprecate ldap_use_ssl
+  * Extend: log PYTHONPATH on startup if found in environment
+
+-------------------------------------------------------------------
+Wed Apr 16 05:51:57 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Update to 3.5.1
+  * Add: option [auth] ldap_ignore_attribute_create_modify_timestamp for support of Authentik LDAP server
+  * Extend: [storage] hook supports now placeholder for "cwd" and "path" (and catches unsupported placeholders)
+  * Extend: log and create base folders if not existing during startup
+  * Fix: auth/htpasswd related to detection and use of bcrypt
+  * Fix: location of lock file for in case of dedicated cache folder is activated
+- Restored Radicale.rpmlintrc, still needed
+
+-------------------------------------------------------------------
+Sat Mar 22 23:36:45 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
+
+- Update to 3.5.0:
+  * Default type for authentication changed from "none" to "denyall" to prevent unexpected access after initial installation (secure-by-default)
+  * Reverse proxy base prefix stripping was adjusted/fixed, in case of issues check new option and your reverse proxy configuration
+  * InfCloud WebUI can be now be served "bundled", see https://github.com/Kozea/Radicale/wiki/Client-InfCloud
+  * Add: option [auth] type oauth2 by code migration from https://gitlab.mim-libre.fr/alphabet/radicale_oauth/-/blob/dev/oauth2/
+  * Add: option [auth] type pam by code migration from v1, add new option pam_serivce
+  * Add: option [server] script_name for reverse proxy base_prefix handling
+  * Add: on-the-fly link activation and default content adjustment in case of bundled InfCloud (tested with 0.13.1)
+  * Add: warning in case of started standalone and not listen on loopback interface but trusting external authentication
+  * Adjust: [auth] imap: use AUTHENTICATE PLAIN instead of LOGIN towards remote IMAP server
+  * Adjust: Change default [auth] type from "none" to "denyall" for secure-by-default
+  * Improve: relax mtime check on storage filesystem, change test file location to "collection-root" directory
+  * Improve: WebUI
+  * Improve: log client IP on SSL error and SSL protocol+cipher if successful
+  * Improve: catch htpasswd hash verification errors
+  * Improve: add support for more bcrypt algos on autodetection, extend logging for autodetection fallback to PLAIN in case of hash length is not matching
+  * Fix: catch OS errors on PUT MKCOL MKCALENDAR MOVE PROPPATCH (insufficient storage, access denied, internal server error)
+  * Test: skip bcrypt related tests if module is missing
+  * Fix: proper base_prefix stripping if running behind reverse proxy
+  * Cosmetics: extend list of used modules with their version on startup
+  * Review: Apache reverse proxy config example
+- Enable upstream tests
+- Remove Radicale.rpmlintrc, as that is not needed anymore
+
+-------------------------------------------------------------------
+Mon Jan 13 21:00:07 UTC 2025 - Ákos Szőts <szotsaki@gmail.com>
+
+- Update to 3.4.0
+  * Add: option [auth] cache_logins/cache_successful_logins_expiry/cache_failed_logins for caching logins
+  * Improve: [auth] log used hash method and result on debug for htpasswd authentication
+  * Improve: [auth] htpasswd file now read and verified on start
+  * Add: option [auth] htpasswd_cache to automatic re-read triggered on change (mtime or size) instead reading on each request
+  * Improve: [auth] htpasswd: module 'bcrypt' is no longer mandatory in case digest method not used in file
+  * Improve: [auth] successful/failed login logs now type and whether result was taken from cache
+  * Improve: [auth] constant execution time for failed logins independent of external backend or by htpasswd used digest method
+  * Drop: support for Python 3.8
+  * Add: option [auth] ldap_user_attribute
+  * Add: option [auth] ldap_groups_attribute as a more flexible replacement of removed ldap_load_groups
+
+- Update to 3.3.3
+  * Add: display mtime_ns precision of storage folder with condition warning if too less
+  * Improve: disable fsync during storage verification
+  * Improve: suppress duplicate log lines on startup
+  * Contrib: logwatch config and script
+  * Improve: log precondition result on PUT request
+
+- Update to 3.3.2
+  * Fix: debug logging in rights/from_file
+  * Fix: ignore empty RRULESET in item
+  * Fix: also remove 'item' from cache on delete
+  * Fix: set PRODID on collection upload (instead of vobject is inserting default one)
+  * Fix: buggy cache file content creation on collection upload
+  * Add: option [storage] use_cache_subfolder_for_item for storing 'item' cache outside collection-root
+  * Add: option [storage] filesystem_cache_folder for defining location of cache outside collection-root
+  * Add: option [storage] use_cache_subfolder_for_history for storing 'history' cache outside collection-root
+  * Add: option [storage] use_cache_subfolder_for_synctoken for storing 'sync-token' cache outside collection-root
+  * Add: option [storage] folder_umask for configuration of umask (overwrite system-default)
+  * Add: option [storage] use_mtime_and_size_for_item_cache for changing cache lookup from SHA256 to mtime_ns + size
+  * Add: option [auth] uc_username for uppercase conversion (similar to existing lc_username)
+  * Add: option [logging] storage_cache_action_on_debug for conditional logging
+  * Improve: avoid automatically invalid cache on upgrade in case no change on cache structure
+  * Improve: log important module versions on startup
+  * Improve: auth.ldap config shown on startup, terminate in case no password is supplied for bind user
+
+-------------------------------------------------------------------
+Wed Nov 27 14:00:09 UTC 2024 - Ákos Szőts <szotsaki@gmail.com>
+
+- Update to 3.3.1
+  * Add: option [auth] type=dovecot
+  * Add: option [server] protocol + ciphersuite for optional restrictions on SSL socket
+  * Enhancement: log content in case of multiple main components error
+  * Enhancement: [storage] hook documentation, logging, error behavior (no longer throwing an exception)
+  * Fix: expand does not take timezones into account
+  * Fix: expand does not support overridden recurring events
+  * Fix: expand does not honor start and end times
+
+- Update to 3.3.0
+  * Adjustment: option [auth] htpasswd_encryption change default from "md5" to "autodetect"
+  * Adjustment: switch from setup.py to pyproject.toml (but keep files for legacy packaging)
+  * Adjustment: 'rights' file is now read only during startup
+  * Add: option [auth] type=ldap with (group) rights management via LDAP/LDAPS
+  * Add: option [rights] permit_overwrite_collection (default=True) which can be also controlled per collection by rights 'O' or 'o'
+  * Enhancement: permit_delete_collection can be now controlled also per collection by rights 'D' or 'd'
+  * Fix: only expand VEVENT on REPORT request containing 'expand'
+  * Cleanup: Python 3.7 leftovers
+
 -------------------------------------------------------------------
 Fri Aug 30 04:42:28 UTC 2024 - Ákos Szőts <szotsaki@gmail.com>
 
@@ -37,7 +240,7 @@ Fri Jun  7 07:20:17 UTC 2024 - Ákos Szőts <szotsaki@gmail.com>
   * Enhancement: extend logging with step where bad PUT request failed
   * Fix: support for recurrence "full day"
   * Fix: list of web_files related to HTML pages
-  * Test: update/adjustments for workflows (pytest>=7, typeguard<4.3) 
+  * Test: update/adjustments for workflows (pytest>=7, typeguard<4.3)
 
 -------------------------------------------------------------------
 Sun May  5 10:21:51 UTC 2024 - Ákos Szőts <szotsaki@gmail.com>
@@ -141,7 +344,7 @@ Sat Jan 22 07:29:12 UTC 2022 - Ákos Szőts <szotsaki@gmail.com>
 - Update to 3.1.2
   * Verify that base prefix starts with '/' but doesn't end with '/'
   * Improve base prefix log message
-  * Never send body for HEAD requests (again) 
+  * Never send body for HEAD requests (again)
 
 -------------------------------------------------------------------
 Wed Jan 19 17:01:23 UTC 2022 - Ákos Szőts <szotsaki@gmail.com>

Radicale.rpmlintrc

@@ -1 +1,2 @@
 addFilter("explicit-lib-dependency python3-passlib")
+

Radicale.spec

@@ -1,8 +1,8 @@
 #
 # spec file for package Radicale
 #
-# Copyright (c) 2024 SUSE LLC
-# Copyright (c) 2012-2024 Ákos Szőts <szotsaki@gmail.com>
+# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2012-2025 Ákos Szőts <szotsaki@gmail.com>
 # Copyright (c) 2011 Marcus Rueckert <darix@opensu.se>
 #
 # All modifications and additions to the file contributed by third parties
@@ -22,12 +22,12 @@
 %define pkg_config     %{_sysconfdir}/%{pkg_name}
 %define pkg_home       %{_localstatedir}/lib/%{pkg_name}
 %define pkg_user_group %{pkg_name}
-%define py_min_ver 3.8
+%define py_min_ver 3.9
 %define vo_min_ver 0.9.6
-%define du_min_ver 2.7.3
 %define pk_min_ver 1.1.0
+%define pt_min_ver 7
 Name:           Radicale
-Version:        3.2.3
+Version:        3.5.10
 Release:        0
 Summary:        A CalDAV calendar and CardDav contact server
 License:        GPL-3.0-or-later
@@ -42,7 +42,15 @@ BuildRequires:  fdupes
 BuildRequires:  firewall-macros
 BuildRequires:  pkgconfig
 BuildRequires:  python-rpm-macros
+BuildRequires:  python3-argon2-cffi
+BuildRequires:  python3-bcrypt
+BuildRequires:  python3-defusedxml
+BuildRequires:  python3-passlib
+BuildRequires:  python3-pika
+BuildRequires:  python3-pytest >= %{pt_min_ver}
 BuildRequires:  python3-setuptools
+BuildRequires:  python3-vobject >= %{vo_min_ver}
+BuildRequires:  python3-waitress
 BuildRequires:  systemd-rpm-macros
 BuildRequires:  sysuser-tools
 BuildRequires:  pkgconfig(python3) >= %{py_min_ver}
@@ -50,11 +58,12 @@ Requires:       python3 >= %{py_min_ver}
 Requires:       python3-defusedxml
 Requires:       python3-passlib
 Requires:       python3-pika >= %{pk_min_ver}
-Requires:       python3-python-dateutil >= %{du_min_ver}
+Requires:       python3-requests
 Requires:       python3-vobject >= %{vo_min_ver}
 Recommends:     apache2-utils
+Recommends:     python3-argon2-cffi
 Recommends:     python3-bcrypt
-Recommends:     python3-systemd
+Recommends:     python3-ldap3
 BuildArch:      noarch
 %sysusers_requires
 
@@ -72,6 +81,7 @@ Radicale is a server for CalDAV (calendars, to-do lists) and CardDAV (contacts).
 
 %prep
 %autosetup
+test -f setup.py || echo 'import setuptools; setuptools.setup()' > setup.py
 
 %build
 %python3_build
@@ -81,6 +91,7 @@ Radicale is a server for CalDAV (calendars, to-do lists) and CardDAV (contacts).
 %python3_install
 install -m 0750 -d %{buildroot}%{pkg_config}/ %{buildroot}%{pkg_home}/
 install -m 0640 config %{buildroot}%{pkg_config}/config
+install -m 0640 rights %{buildroot}%{pkg_config}/rights
 install -m 0755 -d %{buildroot}%{_sbindir}/
 install -D -m 444 %{SOURCE1} %{buildroot}%{_unitdir}/%{pkg_name}.service
 install -D -m 644 %{SOURCE3} %{buildroot}%{_prefix}/lib/firewalld/services/%{pkg_name}.xml
@@ -93,11 +104,13 @@ mkdir %{buildroot}%{pkg_home}/collections
 mkdir -p %{buildroot}%{_sysusersdir}
 install -m 0644 %{SOURCE2} %{buildroot}%{_sysusersdir}/
 
+%check
+pytest
+
 %pre -f %{pkg_user_group}.pre
 %service_add_pre %{pkg_name}.service
 
 %post
-test -e %{pkg_config}/rights || touch %{pkg_config}/rights
 test -e %{pkg_config}/users  || touch %{pkg_config}/users
 %service_add_post %{pkg_name}.service
 %firewalld_reload
@@ -120,8 +133,7 @@ test -e %{pkg_config}/users  || touch %{pkg_config}/users
 %dir %attr(-,%{pkg_user_group},%{pkg_user_group}) %{pkg_home}/
 %dir %attr(-,%{pkg_user_group},%{pkg_user_group}) %{pkg_home}/collections
 
-# Register configuration files
-%ghost %config(noreplace) %attr(660,%{pkg_user_group},%{pkg_user_group}) %{pkg_config}/rights
+# Register users config file (no "users" example, contrary to "rights")
 %ghost %config(noreplace) %attr(660,%{pkg_user_group},%{pkg_user_group}) %{pkg_config}/users
 
 # User/group creation with sysusers.d(5)

radicale.service

@@ -14,6 +14,8 @@ Restart=on-failure
 RestartSec=2
 # Deny other users access to the calendar data
 UMask=0027
+# To have a unique entry in syslog (instead of python3)
+SyslogIdentifier=radicale
 
 # Additional security settings
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE

v3.2.3.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:6754ca419e8cbe77f4895391a3746df64614e217ff230f59cbb4ec30aa60c675
-size 157923

v3.5.10.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:059568498b06ff39e64030b9f3a56fead04bd8e0389420c1e4f292ffb95b0ae8
+size 235636