From 76b4df06de764af5a33cd9cb78ff78fb3d65e07a6396efc3b6f688056b1d1752 Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Wed, 30 Oct 2024 19:54:55 +0000 Subject: [PATCH] - update to 24.2.0: * Python 3.13 is now officially supported. * pyOpenSSL's identity extraction has been reimplemented using *cryptography*'s primitives instead of deprecated pyOpenSSL APIs. * As a result, the oldest supported pyOpenSSL version is now 17.1.0. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-service_identity?expand=0&rev=36 --- .gitattributes | 23 ++++ .gitignore | 1 + 24.1.0.tar.gz | 3 + 24.2.0.tar.gz | 3 + python-service_identity.changes | 219 ++++++++++++++++++++++++++++++++ python-service_identity.spec | 83 ++++++++++++ 6 files changed, 332 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 24.1.0.tar.gz create mode 100644 24.2.0.tar.gz create mode 100644 python-service_identity.changes create mode 100644 python-service_identity.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/24.1.0.tar.gz b/24.1.0.tar.gz new file mode 100644 index 0000000..86fd625 --- /dev/null +++ b/24.1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0a4d5c1e489fe71d379d7c091068a6a6e8e836567bd936006d2ba435a7e14141 +size 39217 diff --git a/24.2.0.tar.gz b/24.2.0.tar.gz new file mode 100644 index 0000000..0c5b9c6 --- /dev/null +++ b/24.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:49fe780f8b15153f23aca32bca763926c1575e1fbabc241eed5634cd21a9202d +size 38118 diff --git a/python-service_identity.changes b/python-service_identity.changes new file mode 100644 index 0000000..05eb8a9 --- /dev/null +++ b/python-service_identity.changes @@ -0,0 +1,219 @@ +------------------------------------------------------------------- +Wed Oct 30 19:54:23 UTC 2024 - Dirk Müller + +- update to 24.2.0: + * Python 3.13 is now officially supported. + * pyOpenSSL's identity extraction has been reimplemented using + *cryptography*'s primitives instead of deprecated pyOpenSSL + APIs. + * As a result, the oldest supported pyOpenSSL version is now + 17.1.0. + +------------------------------------------------------------------- +Sat Jan 20 20:31:18 UTC 2024 - Dirk Müller + +- update to 24.1.0: + * If a certificate doesn't contain any `subjectAltName`s, we + now raise `service_identity.CertificateError` instead of + `service_identity.VerificationError` to make the problem + easier to debug. + +------------------------------------------------------------------- +Mon Sep 18 09:42:13 UTC 2023 - pgajdos@suse.com + +- python-six is not required + +------------------------------------------------------------------- +Wed Jun 21 13:47:12 UTC 2023 - ecsos + +- Update to 23.1.0 + * Removed + - All Python versions up to and including 3.7 have been dropped. + - Support for commonName in certificates has been dropped. + It has been deprecated since 2017 and isn't supported by any + major browser. + - The oldest supported pyOpenSSL version (when using the + pyopenssl backend) is now 17.0.0. + When using such an old pyOpenSSL version, you have to pin + cryptography yourself to ensure compatibility between them. + Please check out contraints/oldest-pyopenssl.txt to verify + what we are testing against. + * Deprecated + - If you've used service_identity.(cryptography|pyopenssl).extract_ids(), + please switch to the new names extract_patterns(). #56 + * Added + - service_identity.(cryptography|pyopenssl).extract_patterns() + are now public APIs (FKA extract_ids()). + You can use them to extract the patterns from a certificate + without verifying anything. #55 + - service-identity is now fully typed. #57 + +------------------------------------------------------------------- +Fri Apr 21 12:33:48 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Thu Apr 13 22:44:43 UTC 2023 - Matej Cepl + +- Make calling of %{sle15modernpython} optional. + +------------------------------------------------------------------- +Fri Feb 24 07:27:03 UTC 2023 - Matej Cepl + +- Clean up the SPEC file. + +------------------------------------------------------------------- +Mon Feb 7 14:27:56 UTC 2022 - Matej Cepl + +- Update to 21.1.0: + - Python 3.4 is not supported anymore. It has been unsupported + by the Python core team for a while now, its PyPI downloads + are negligible, and our CI provider removed it as a supported + option. + - It's very unlikely that service-identity will break under 3.4 + anytime soon, which is why we do not block its installation + on Python 3.4. But we don't test it anymore and will block it + once someone reports breakage. + - service_identity.exceptions.VerificationError can now be + pickled and is overall more well-behaved as an exception. + This raises the requirement of attrs to 19.1.0. +- This package actually truly requires six (it is expected to + work with Python 2.7 as well). + +------------------------------------------------------------------- +Thu Mar 12 07:32:33 UTC 2020 - Tomáš Chvátal + +- Fix build without python2 + +------------------------------------------------------------------- +Fri Jan 3 14:16:19 UTC 2020 - Tomáš Chvátal + +- Format with spec-cleaner +- Upstream seems to rebase the tarball, refetch it + +------------------------------------------------------------------- +Fri Mar 1 14:02:29 UTC 2019 - Ondřej Súkup + +- update to 18.1.0 +- drop fetch-intersphinx-inventories.sh +- drop local-intersphinx-inventories.patch +- cleanup spec + enable tests + * pyOpenSSL is optional now if you use service_identity.cryptography.* only. + * Added support for iPAddress subjectAltNames. + +------------------------------------------------------------------- +Mon Feb 25 19:48:17 UTC 2019 - Todd R + +- add fetch-intersphinx-inventories.sh to the sources + +------------------------------------------------------------------- +Mon Feb 4 19:49:08 UTC 2019 - Hans-Peter Jansen + +- add local-intersphinx-inventories.patch for generating the docs + correctly +- add fetch-intersphinx-inventories.sh to fetch the inventories + +------------------------------------------------------------------- +Tue Dec 4 12:54:12 UTC 2018 - Matej Cepl + +- Remove superfluous devel dependency for noarch package + +------------------------------------------------------------------- +Mon Oct 1 14:33:07 UTC 2018 - Bernhard Wiedemann + +- Reduce parallelism of sphinx-build + to ensure reproducible builds (boo#1102408) + +------------------------------------------------------------------- +Tue Sep 25 11:54:42 UTC 2018 - Tomáš Chvátal + +- Drop some SLE11 code that is quite useless today + +------------------------------------------------------------------- +Mon Sep 24 13:16:17 UTC 2018 - ecsos@opensuse.org + +- Update to 17.0.0: + * Deprecations: + - Since Chrome 58 and Firefox 48 both don’t accept certificates + that contain only a Common Name, its usage is hereby + deprecated in service_identity too. We have been raising + a warning since 16.0.0 and the support will be removed in + mid-2018 for good. + * Changes: + - When service_identity.SubjectAltNameWarning is raised, the + Common Name of the certificate is now included in the warning + message. #17 + - Added cryptography.x509 backend for verifying certificates. + #18 + - Wildcards (*) are now only allowed if they are the leftmost + label in a certificate. This is common practice by all major + browsers. #19 + +------------------------------------------------------------------- +Sat Jul 1 15:09:29 UTC 2017 - okurz@suse.com + +- Convert to singlespec + +------------------------------------------------------------------- +Thu Jun 2 16:30:29 UTC 2016 - jacobwinski@gmail.com + +- Update to 16.0.0: + * Changes: + + Officially support Python 3.5. + + service_identity.SubjectAltNameWarning is now raised if the server certicate lacks a proper SubjectAltName. [#9] + + Add a __str__ method to VerificationError. + + Port from characteristic to its spiritual successor attrs. + * Backward-incompatible changes: + + Python 3.3 and 2.6 aren't supported anymore. They may work by chance but any effort to keep them working has ceased. + + pyOpenSSL versions older than 0.14 are not tested anymore. They don't even build with recent OpenSSL versions. +- Update spec file with new upstream package requirements. + +------------------------------------------------------------------- +Tue Jul 21 12:30:36 UTC 2015 - nemysis@gmx.ch + +- Change URL +- Use %{oname} instead of service_identity +- Add BuildRequires for python-Sphinx for Documentation +- Change Description +- Change Documentation add index.html +- Add Man Page + +------------------------------------------------------------------- +Thu Jul 16 23:49:31 UTC 2015 - jacobwinski@gmail.com + +- update pkg description to reflect upstream +- rm warnings in description about this pkg being alpha / possibly broken + +------------------------------------------------------------------- +Thu Jul 16 23:38:30 UTC 2015 - jacobwinski@gmail.com + +- alphabetize BuildRequires & Requires +- remove no longer needed commented out test fail workaround + +------------------------------------------------------------------- +Thu Jul 16 23:24:49 UTC 2015 - jacobwinski@gmail.com + +- update to 14.0.0: + * update spec file with new requirements per instructions by upstream + * update spec file comment out no longer needed test fail workaround + * upstream changes: + + Switch to year-based version numbers. + + Port to characteristic 14.0 (get rid of deprecation warnings). + + Package docs with sdist. + +-update to 1.0.0: + * Backward-incompatible changes: + + Drop support for Python 3.2. There is no justification to add complexity and unnecessary function calls for a Python version that nobody uses. + * changes: + + Move into the Python Cryptography Authority’s GitHub account. + + Move exceptions into service_identity.exceptions so tracebacks don’t contain private module names. + + Promoting to stable since Twisted 14.0 is optionally depending on service_identity now. + + Use characteristic instead of a home-grown solution. + + idna 0.6 did some backward-incompatible fixes that broke Python 3 support. This has been fixed now therefore service_identity only works with idna 0.6 and later. Unfortunately since idna doesn’t offer version introspection, service_identity can’t warn about it. + +------------------------------------------------------------------- +Thu May 15 07:59:23 UTC 2014 - hpj@urpla.net + +- version 0.2: initial build + diff --git a/python-service_identity.spec b/python-service_identity.spec new file mode 100644 index 0000000..751e11a --- /dev/null +++ b/python-service_identity.spec @@ -0,0 +1,83 @@ +# +# spec file for package python-service_identity +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define oname service_identity +%{?sle15_python_module_pythons} +Name: python-service_identity +Version: 24.2.0 +Release: 0 +Summary: Service identity verification for pyOpenSSL +License: MIT +Group: Development/Languages/Python +URL: https://github.com/pyca/service_identity +# no tests in upstream tarball +Source: https://github.com/pyca/service_identity/archive/%{version}.tar.gz +BuildRequires: %{python_module attrs >= 19.1.0} +BuildRequires: %{python_module cryptography} +BuildRequires: %{python_module hatch-fancy-pypi-readme} +BuildRequires: %{python_module hatch_vcs} +BuildRequires: %{python_module hatchling >= 1.14.0} +BuildRequires: %{python_module idna} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module pyOpenSSL >= 17.1.0} +BuildRequires: %{python_module pyasn1-modules} +BuildRequires: %{python_module pyasn1} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python-attrs >= 19.1.0 +Requires: python-cryptography +Requires: python-pyasn1 +Requires: python-pyasn1-modules +Recommends: python-idna +Recommends: python-pyOpenSSL >= 17.1.0 +BuildArch: noarch +%ifpython2 +Requires: python-ipaddress +%endif +%python_subpackages + +%description +service_identity aspires to give you all the tools you need for +verifying whether a certificate is valid for the intended purposes. + +In the simplest case, this means host name verification. However, +service_identity implements RFC 6125 fully and plans to add other +relevant RFCs too. + +%prep +%setup -q -n service-identity-%{version} + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%check +%pytest + +%files %{python_files} +%license LICENSE +%doc README.md +%{python_sitelib}/%{oname} +%{python_sitelib}/%{oname}-%{version}*-info + +%changelog