- Update to version 2.7.0
* dns.query.https() and dns.asyncquery.https() now support
HTTP/3 and the http_version parameter may be used to specify
which version to use.
* If the cryptography module is installed, then dnspython will
now create deterministic ECDSA signatures by default.
* The RESINFO and WALLET RdataTypes are now supported.
* The COOKIE and Report-Channel EDNS0 options are now supported.
* All supported RdataTypes can now be imported at a single time
rather than lazily on first use by calling
dns.rdata.load_all_types().
* The SVCB and HTTPS records now support the ohttp parameter.
* xfr() and inbound_xfr() now share a common implementation.
* Tokens are now supported for QUIC and HTTP/3.
* dns.message.from_wire() now saves the input wire format in the
Message’s “wire” attribute. Likewise,
dns.message.Message.to_wire() now records the generated wire
format in that attribute.
* The dns.message.Message object now has a get_options() helper
to retrieve EDNS0 options of a specified type, and an
extended_errors() helper to retrieve the list of EDE options
in a message (if any).
* dns.message.make_response() now has a copy mode which controls
how sections are copied. By default, a copy mode appropriate
for the opcode is used.
This is currently dns.message.CopyMode.QUESTION for all opcodes
* If an IP address is used as the hostname in a URL, the https
query code now passes the sni_hostname to httpx as this is
required to get httpx to validate the certificate and check for
an IP subject alternative name.
OBS-URL: https://build.opensuse.org/request/show/1205876
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-dnspython?expand=0&rev=78
- Update to version 2.6.1
* The Tudoor fix ate legitimate Truncated exceptions, preventing
the resolver from failing over to TCP and causing the query to
timeout.
- Update to version 2.6.0
* As mentioned in the “TuDoor” paper and the associated
CVE-2023-29483, the dnspython stub resolver is vulnerable to a
potential DoS if a bad-in-some-way response from the right
address and port forged by an attacker arrives before a
legitimate one on the UDP port dnspython is using for that
query.
This release addresses the issue by adopting the recommended
mitigation, which is ignoring the bad packets and continuing to
listen for a legitimate response until the timeout for the
query has expired.
* Added support for the NSID EDNS option.
* Dnspython now looks for version metadata for optional packages
and will not use them if they are too old. This prevents
possible exceptions when a feature like DoH is not desired in
dnspython, but an old httpx is installed along with
dnspython for some other purpose.
* The DoHNameserver class now allows GET to be used instead of
the default POST, and also passes source and source_port
correctly to the underlying query methods.
- Update to version 2.5.0
* Dnspython now uses hatchling for builds.
* Cython is no longer supported due to various typing issues.
* Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses.
Previously it was possible for non-canonical IPv6 forms to be
stored in a AAAA address, which would work correctly but
OBS-URL: https://build.opensuse.org/request/show/1181919
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-dnspython?expand=0&rev=76
