Accepting request 1286936 from devel:languages:python

OBS-URL: https://build.opensuse.org/request/show/1286936
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-certifi?expand=0&rev=40

certifi-2023.11.17.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9b469f3a900bf28dc19b8cfbf8019bf47f7fdd1a65a1d4ffb98fc14166beb4d1
-size 163637

certifi-2025.6.15.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d747aa5a8b9bbbb1bb8c22bb13e22bd1f18e9796defa16bab421f7f7a317323b
+size 158753

python-certifi-shipped-requests-cabundle.patch

@@ -1,21 +1,28 @@
-diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.py
---- certifi-2022.9.24.orig/certifi/core.py	2022-09-13 22:15:32.000000000 +0200
-+++ certifi-2022.9.24/certifi/core.py	2022-11-15 12:56:32.415823730 +0100
-@@ -3,106 +3,18 @@
+Index: certifi-2025.6.15/certifi/core.py
+===================================================================
+--- certifi-2025.6.15.orig/certifi/core.py
++++ certifi-2025.6.15/certifi/core.py
+@@ -3,81 +3,19 @@ certifi.py
  ~~~~~~~~~~
  
  This module returns the installation location of cacert.pem or its contents.
--"""
--import sys
--
- 
--if sys.version_info >= (3, 11):
 +Patched by openSUSE: return the system bundle
-+"""
- 
--    from importlib.resources import as_file, files
+ """
+-import sys
+-import atexit
 +import io
  
+-def exit_cacert_ctx() -> None:
+-    _CACERT_CTX.__exit__(None, None, None)  # type: ignore[union-attr]
+ 
++def read_text(_module=None, _path=None, encoding="ascii"):
++    with io.open(where(), "r", encoding=encoding) as data:
++        return data.read()
+ 
+-if sys.version_info >= (3, 11):
+ 
+-    from importlib.resources import as_file, files
+-
 -    _CACERT_CTX = None
 -    _CACERT_PATH = None
 -
@@ -40,13 +47,14 @@ diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.
 -            # we will also store that at the global level as well.
 -            _CACERT_CTX = as_file(files("certifi").joinpath("cacert.pem"))
 -            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-            atexit.register(exit_cacert_ctx)
 -
 -        return _CACERT_PATH
 -
 -    def contents() -> str:
 -        return files("certifi").joinpath("cacert.pem").read_text(encoding="ascii")
 -
--elif sys.version_info >= (3, 7):
+-else:
 -
 -    from importlib.resources import path as get_path, read_text
 -
@@ -75,45 +83,12 @@ diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.
 -            # we will also store that at the global level as well.
 -            _CACERT_CTX = get_path("certifi", "cacert.pem")
 -            _CACERT_PATH = str(_CACERT_CTX.__enter__())
--
--        return _CACERT_PATH
--
--    def contents() -> str:
--        return read_text("certifi", "cacert.pem", encoding="ascii")
--
--else:
--    import os
--    import types
--    from typing import Union
--
--    Package = Union[types.ModuleType, str]
--    Resource = Union[str, "os.PathLike"]
--
--    # This fallback will work for Python versions prior to 3.7 that lack the
--    # importlib.resources module but relies on the existing `where` function
--    # so won't address issues with environments like PyOxidizer that don't set
--    # __file__ on modules.
--    def read_text(
--        package: Package,
--        resource: Resource,
--        encoding: str = 'utf-8',
--        errors: str = 'strict'
--    ) -> str:
--        with open(where(), encoding=encoding) as data:
--            return data.read()
--
--    # If we don't have importlib.resources, then we will just do the old logic
--    # of assuming we're on the filesystem and munge the path directly.
--    def where() -> str:
--        f = os.path.dirname(__file__)
-+def read_text(_module=None, _path=None, encoding="ascii"):
-+    with io.open(where(), "r", encoding=encoding) as data:
-+        return data.read()
- 
--        return os.path.join(f, "cacert.pem")
+-            atexit.register(exit_cacert_ctx)
 +def where():
 +    return "/etc/ssl/ca-bundle.pem"
  
+-        return _CACERT_PATH
+ 
 -    def contents() -> str:
 -        return read_text("certifi", "cacert.pem", encoding="ascii")
 +def contents() -> str:

python-certifi.changes

@@ -1,3 +1,76 @@
+-------------------------------------------------------------------
+Tue Jun 17 12:54:57 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- Update to 2024.6.15
+  * Declare setuptools as the build backend in pyproject.toml
+  * remove code that's no longer required that 3.7 is our minimum
+- Rebase python-certifi-shipped-requests-cabundle.patch
+
+-------------------------------------------------------------------
+Mon Jun 16 06:12:17 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Switch to pyroject macros.
+
+-------------------------------------------------------------------
+Tue Apr  8 13:14:58 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Update to 2025.1.31
+  * Added certs
+    - Subject: CN=D-TRUST BR Root CA 2 2023 O=D-Trust GmbH
+    - Subject: CN=D-TRUST EV Root CA 2 2023 O=D-Trust GmbH
+  * Removed certs
+    - Subject: CN=SwissSign Silver CA - G2 O=SwissSign AG
+- from version 2024.12.14
+  * Upload attestations to PyPI
+  * Added 3.13 classifier (#322)
+  * Test against 3.13 final
+  * Added certs
+    - Subject: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH
+  * Removed certs
+    - Subject: CN=SecureSign RootCA11 O=Japan Certification Services, Inc.
+    - Subject: CN=Entrust Root Certification Authority - G4 O=Entrust, Inc.
+      OU=See www.entrust.net/legal-terms/(c) 2015 Entrust, Inc. - for
+      authorized use only
+    - Subject: CN=Security Communication RootCA3 O=SECOM Trust Systems CO.,LTD.
+
+-------------------------------------------------------------------
+Thu Nov  7 09:18:40 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
+
+- Make the test suite working just with the standard library.
+
+-------------------------------------------------------------------
+Wed Oct  9 06:43:31 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 2024.8.30:
+  added certs:
+  * TWCA CYBER Root CA O=TAIWAN-CA OU=Root CA
+  * SecureSign Root CA12 O=Cybertrust Japan Co., Ltd.
+  * SecureSign Root CA14 O=Cybertrust Japan Co., Ltd.
+  * SecureSign Root CA15 O=Cybertrust Japan Co., Ltd.
+
+-------------------------------------------------------------------
+Tue Jul  9 06:36:13 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Refresh patches python-certifi-shipped-requests-cabundle.patch and
+  two-basic-unit-tests.patch
+- Remove executable bit from core.py file
+- Update to 2024.7.4 (CVE-2024-39689, bsc#1227519):
+  Removed certs:
+  * Subject: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH
+
+- 2024.06.02
+  Added certs:
+  * Subject: CN=FIRMAPROFESIONAL CA ROOT-A WEB O=Firmaprofesional SA
+
+- 2024.02.02
+  Added certs:
+  * Subject: CN=Telekom Security TLS ECC Root 2020 O=Deutsche Telekom Security GmbH
+  * Subject: CN=Telekom Security TLS RSA Root 2023 O=Deutsche Telekom Security GmbH
+  Removed certs:
+  * Subject: O=SECOM Trust.net OU=Security Communication RootCA1
+
+  * Fix leaking certificate issue
+
 -------------------------------------------------------------------
 Tue Nov 28 09:10:25 UTC 2023 - Dirk Müller <dmueller@suse.com>
 

python-certifi.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-certifi
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,14 +16,12 @@
 #
 
 
-%{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %{?sle15_python_module_pythons}
 Name:           python-certifi
-Version:        2023.11.17
+Version:        2025.6.15
 Release:        0
 Summary:        Python package for providing Mozilla's CA Bundle
 License:        MPL-2.0
-Group:          Development/Languages/Python
 URL:            https://github.com/certifi/python-certifi
 Source:         https://files.pythonhosted.org/packages/source/c/certifi/certifi-%{version}.tar.gz
 # PATCH-FIX-SUSE -- prefer SUSE certificates
@@ -31,7 +29,9 @@ Patch0:         python-certifi-shipped-requests-cabundle.patch
 # PATCH-FEATURE-UPSTREAM two-basic-unit-tests.patch gh#certifi/python-certifi#137 mcepl@suse.com
 # Add at least primitive test suite (by bnavigator)
 Patch1:         two-basic-unit-tests.patch
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  ca-certificates
 BuildRequires:  ca-certificates-mozilla
 BuildRequires:  fdupes
@@ -52,13 +52,12 @@ Note that on SUSE packages the used CA bundle is actually the system bundle
 %autosetup -p1 -n certifi-%{version}
 
 %build
-%python_build
+%pyproject_wheel
 
 %install
-%python_install
+%pyproject_install
 
-%{python_expand chmod +x %{buildroot}%{$python_sitelib}/certifi/core.py
- sed -i "s|#!%{_bindir}/env python|#!%__$python|" %{buildroot}/%{$python_sitelib}/certifi/core.py
+%{python_expand #
  rm %{buildroot}%{$python_sitelib}/certifi/cacert.pem
 }
 
@@ -74,6 +73,6 @@ Note that on SUSE packages the used CA bundle is actually the system bundle
 %license LICENSE
 %doc README.rst
 %{python_sitelib}/certifi/
-%{python_sitelib}/certifi-%{version}-py*.egg-info
+%{python_sitelib}/certifi-%{version}.dist-info
 
 %changelog