Accepting request 1206395 from devel:languages:python

OBS-URL: https://build.opensuse.org/request/show/1206395
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-dnspython?expand=0&rev=40

python-dnspython.changes

@@ -1,3 +1,101 @@
+-------------------------------------------------------------------
+Tue Oct  8 20:19:23 UTC 2024 - Martin Hauke <mardnh@gmx.de>
+
+- Skip some tests
+  * that require a working resolver and external DNS resolution
+  * that require an openssl3 version with support for
+    ECDSA with deterministic signature (RFC 6979)"
+
+-------------------------------------------------------------------
+Sun Oct  6 07:03:50 UTC 2024 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 2.7.0
+  * dns.query.https() and dns.asyncquery.https() now support
+    HTTP/3 and the http_version parameter may be used to specify
+    which version to use.
+  * If the cryptography module is installed, then dnspython will
+    now create deterministic ECDSA signatures by default.
+  * The RESINFO and WALLET RdataTypes are now supported.
+  * The COOKIE and Report-Channel EDNS0 options are now supported.
+  * All supported RdataTypes can now be imported at a single time
+    rather than lazily on first use by calling
+    dns.rdata.load_all_types().
+  * The SVCB and HTTPS records now support the ohttp parameter.
+  * xfr() and inbound_xfr() now share a common implementation.
+  * Tokens are now supported for QUIC and HTTP/3.
+  * dns.message.from_wire() now saves the input wire format in the
+    Message’s “wire” attribute. Likewise,
+    dns.message.Message.to_wire() now records the generated wire
+    format in that attribute.
+  * The dns.message.Message object now has a get_options() helper
+    to retrieve EDNS0 options of a specified type, and an
+    extended_errors() helper to retrieve the list of EDE options
+    in a message (if any).
+  * dns.message.make_response() now has a copy mode which controls
+    how sections are copied. By default, a copy mode appropriate
+    for the opcode is used.
+    This is currently dns.message.CopyMode.QUESTION for all opcodes
+  * If an IP address is used as the hostname in a URL, the https
+    query code now passes the sni_hostname to httpx as this is
+    required to get httpx to validate the certificate and check for
+    an IP subject alternative name.
+  * The minimum supported aioquic version is now 1.0.0.
+  * The minimum supported Python version is now 3.9.
+
+-------------------------------------------------------------------
+Thu Jun 20 12:26:09 UTC 2024 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 2.6.1
+  * The Tudoor fix ate legitimate Truncated exceptions, preventing
+    the resolver from failing over to TCP and causing the query to
+    timeout.
+- Update to version 2.6.0
+  * As mentioned in the “TuDoor” paper and the associated
+    CVE-2023-29483, the dnspython stub resolver is vulnerable to a
+    potential DoS if a bad-in-some-way response from the right
+    address and port forged by an attacker arrives before a
+    legitimate one on the UDP port dnspython is using for that
+    query.
+    This release addresses the issue by adopting the recommended
+    mitigation, which is ignoring the bad packets and continuing to
+    listen for a legitimate response until the timeout for the
+    query has expired.
+  * Added support for the NSID EDNS option.
+  * Dnspython now looks for version metadata for optional packages
+    and will not use them if they are too old. This prevents
+    possible exceptions when a feature like DoH is not desired in
+    dnspython, but an old httpx is installed along with
+    dnspython for some other purpose.
+  * The DoHNameserver class now allows GET to be used instead of
+    the default POST, and also passes source and source_port
+    correctly to the underlying query methods.
+- Update to version 2.5.0
+  * Dnspython now uses hatchling for builds.
+  * Cython is no longer supported due to various typing issues.
+  * Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses.
+    Previously it was possible for non-canonical IPv6 forms to be
+    stored in a AAAA address, which would work correctly but
+    possibly cause problmes if the address were used as a key in a
+    dictionary.
+  * The number of messages in a section can be retrieved with
+    section_count().
+  * Truncation preferences for messages can be specified.
+  * The length of a message can be automatically prepended when
+    rendering.
+  * dns.message.create_response() automatically adds padding when
+    required by RFC 8467.
+  * The TLS verify parameter is now supported by dns.query.tls(),
+    and the DoH and DoT Nameserver subclasses.
+  * The MutableMapping used to store content in a zone may now be
+    specified by a factory when subclassing. Factories may also be
+    provided for writable verisons and immutable versions.
+  * dns.name.Name now has predecessor() and successor() methods
+    implementing RFC 4471.
+  * QUIC has had a number of bug fixes and also now supports
+    session tickets for faster session resumption.
+  * The NSEC3 class now has a next_name() method for retrieving the
+    next name as a dns.name.Name.
+
 -------------------------------------------------------------------
 Thu Oct  5 17:10:40 UTC 2023 - Matej Cepl <mcepl@suse.com>
 

python-dnspython.spec

@@ -1,7 +1,7 @@
 #
-# spec file
+# spec file for package python-dnspython
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,7 @@
 %define skip_python2 1
 %{?sle15_python_module_pythons}
 Name:           python-dnspython%{psuffix}
-Version:        2.4.2
+Version:        2.7.0
 Release:        0
 Summary:        A DNS toolkit for Python
 License:        ISC
@@ -35,17 +35,20 @@ Group:          Development/Languages/Python
 URL:            https://github.com/rthalley/dnspython
 Source:         https://files.pythonhosted.org/packages/source/d/dnspython/dnspython-%{version}.tar.gz
 BuildRequires:  %{python_module base >= 3.8}
+BuildRequires:  %{python_module hatchling}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module poetry-core}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 # dnssec
-Requires:       python-cryptography
+Requires:       python-cryptography >= 43.0
 Requires:       python-httpx
 # idna
 Requires:       python-idna >= 2.1
 # HTTP/2 support in httpx
 Recommends:     python-h2
+# quic
+Recommends:     python-aioquic
 # trio
 Suggests:       python-trio >= 0.14.0
 BuildArch:      noarch
@@ -54,8 +57,10 @@ BuildArch:      noarch
 BuildRequires:  %{python_module cryptography}
 # BuildRequires:  %%{python_module curio >= 1.2}
 BuildRequires:  %{python_module h2}
-# doh:
+# doh
 BuildRequires:  %{python_module httpx}
+# quic
+BuildRequires:  %{python_module aioquic}
 # idna
 BuildRequires:  %{python_module idna}
 BuildRequires:  %{python_module pytest}
@@ -110,6 +115,17 @@ chmod -x dns/win32util.py
 
 %if %{with test}
 %check
+# remove tests that require a working resolver and external DNS resolution
+rm tests/test_async.py
+rm tests/test_doh.py
+rm tests/test_resolver.py
+rm tests/test_resolver_override.py
+# remove dnssec related tests since those require an openssl version with
+# support for supports "ECDSA with deterministic signature (RFC 6979)"
+# https://github.com/pyca/cryptography/pull/10369
+# TODO: reenable once TW ships openssl >= 3.2.0
+rm tests/test_dnssec.py
+rm tests/test_dnssecalgs.py
 %pytest
 %endif