From 83214d7c2357957762b0244952448041e614399de47b010357ee98f33cab55d1 Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Wed, 9 Oct 2024 11:11:30 +0000 Subject: [PATCH] =?UTF-8?q?-=20Update=20to=201.2.0=20=20=20*=20Ensure=20no?= =?UTF-8?q?=20data=20is=20sent=20after=20a=20stream=20reset.=20=20=20*=20M?= =?UTF-8?q?ake=20H3Connection=E2=80=99s=20send=5Fdatagram()=20and=20send?= =?UTF-8?q?=5Fpush=5Fpromise()=20methods=20=20=20=20=20raise=20an=20Invali?= =?UTF-8?q?dStreamTypeError=20exception=20if=20an=20invalid=20stream=20ID?= =?UTF-8?q?=20=20=20=20=20is=20specified.=20=20=20*=20Fix=20utcnow()=20dep?= =?UTF-8?q?recation=20warning=20on=20Python=203.12=20by=20using=20=20=20?= =?UTF-8?q?=20=20cryptography=2042.0=20and=20timezone-aware=20datetime=20i?= =?UTF-8?q?nstances=20when=20=20=20=20=20validating=20TLS=20certificates.?= =?UTF-8?q?=20=20=20*=20Perform=20more=20extensive=20HTTP/3=20header=20val?= =?UTF-8?q?idation=20in=20H3Connection.=20=20=20*=20Enable=20SHA-384=20bas?= =?UTF-8?q?ed=20signature=20algorithms=20and=20SECP384R1=20key=20exchange.?= =?UTF-8?q?=20=20=20*=20Add=20support=20for=20QUIC=20Version=202=20=20=20*?= =?UTF-8?q?=20Drop=20support=20for=20draft=20QUIC=20versions=20which=20wer?= =?UTF-8?q?e=20obsoleted=20by=20RFC=209000.=20=20=20*=20Allow=20asyncio=20?= =?UTF-8?q?clients=20to=20make=20efficient=20use=20of=200-RTT=20by=20passi?= =?UTF-8?q?ng=20=20=20=20=20wait=5Fconnected=3DFalse=20to=20connect().=20-?= =?UTF-8?q?=20Drop=20merged=20support-service-identity-24.patch?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-aioquic?expand=0&rev=16 --- .gitattributes | 23 ++++++ .gitignore | 1 + aioquic-0.9.25.tar.gz | 3 + aioquic-1.2.0.tar.gz | 3 + python-aioquic.changes | 114 ++++++++++++++++++++++++++++++ python-aioquic.spec | 75 ++++++++++++++++++++ support-service-identity-24.patch | 61 ++++++++++++++++ 7 files changed, 280 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 aioquic-0.9.25.tar.gz create mode 100644 aioquic-1.2.0.tar.gz create mode 100644 python-aioquic.changes create mode 100644 python-aioquic.spec create mode 100644 support-service-identity-24.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/aioquic-0.9.25.tar.gz b/aioquic-0.9.25.tar.gz new file mode 100644 index 0000000..e67b302 --- /dev/null +++ b/aioquic-0.9.25.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:70795c78905326d855c2ae524072234aae586c789b81292e272d021e9b0430a3 +size 165877 diff --git a/aioquic-1.2.0.tar.gz b/aioquic-1.2.0.tar.gz new file mode 100644 index 0000000..b64fc03 --- /dev/null +++ b/aioquic-1.2.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f91263bb3f71948c5c8915b4d50ee370004f20a416f67fab3dcc90556c7e7199 +size 179891 diff --git a/python-aioquic.changes b/python-aioquic.changes new file mode 100644 index 0000000..a6c4bdb --- /dev/null +++ b/python-aioquic.changes @@ -0,0 +1,114 @@ +------------------------------------------------------------------- +Wed Oct 9 08:43:08 UTC 2024 - Markéta Machová + +- Update to 1.2.0 + * Ensure no data is sent after a stream reset. + * Make H3Connection’s send_datagram() and send_push_promise() methods + raise an InvalidStreamTypeError exception if an invalid stream ID + is specified. + * Fix utcnow() deprecation warning on Python 3.12 by using + cryptography 42.0 and timezone-aware datetime instances when + validating TLS certificates. + * Perform more extensive HTTP/3 header validation in H3Connection. + * Enable SHA-384 based signature algorithms and SECP384R1 key exchange. + * Add support for QUIC Version 2 + * Drop support for draft QUIC versions which were obsoleted by RFC 9000. + * Allow asyncio clients to make efficient use of 0-RTT by passing + wait_connected=False to connect(). +- Drop merged support-service-identity-24.patch + +------------------------------------------------------------------- +Thu Jan 25 04:25:09 UTC 2024 - Steve Kowalik + +- Drop patch cryptography.patch: + * No longer required. +- Add patch support-service-identity-24.patch: + * Support service-identity >= 24 +- Switch to pyproject macros. + +------------------------------------------------------------------- +Sat Jan 20 14:01:39 UTC 2024 - Dirk Müller + +- update to 0.9.25: + * Add parsing and serialization for certificate requests + * Allow clients to authenticate with servers using a certificate + * Close connection if client's first INITIAL contains no CRYPTO + * Exclude binary packet captures from spelling check + * Added support for cubic congestion control (RFC9438) + * Drop httpbin from HTTP/3 server demo + * Raise a TLS alert if parsing a message causes a BufferReadError + +------------------------------------------------------------------- +Thu Dec 14 09:13:22 UTC 2023 - Petr Gajdos + +- update to 0.9.23 + * no upstream changelog found + +------------------------------------------------------------------- +Thu Sep 7 13:08:27 UTC 2023 - Dirk Müller + +- update to 0.9.21: + * http3_client: :path should not be empty + * Move project metadata to pyproject.toml + * Fix X509StoreContextError usage for pyOpenSSL >= 22 + * Test against Python 3.11 + * Use function parameters instead of global args in examples + +------------------------------------------------------------------- +Tue Jul 4 12:39:09 UTC 2023 - ecsos + +- Add %{?sle15_python_module_pythons} + +------------------------------------------------------------------- +Wed Jan 25 08:33:15 UTC 2023 - Daniel Garcia + +- Update to v0.9.20 + * free AEADObject's and HeaderProtectionObject's memory + * free BufferObject’s memory + * Enable IPv4/IPv6 dual stack support on Windows + * [docs] add a logo, stop mocking libraries + * [docs] test that documentation can be built without warnings + * [tests] clarify the various handshake loss test cases + * [connection] retransmit CRYPTO to speedup handshake completion + * [examples] update DoQ examples for more recent drafts (fixes: #224) + * [lint] run mypy on each CI run +- 0.9.19 + * [tls] use PyOpenSSL to validate certificate + * [qa] set better names for our C modules + * [package] drop dependency on "dataclasses" package + * [package] update cryptography requirement to >= 3.1 + * [qa] fix some type annotations + * [http3] advertise support for extended CONNECT + * [examples] make HTTP/3 client set content-length (fixes: #241) + * [package] fix macosx arm64 wheels +- 0.9.18 + * [examples] add sec-webtransport-http3-draft to server response + * [package] update OpenSSL to 1.1.1m + * [tests] rewrite asyncio tests as coroutines + * [qa] reformat code using updated `black` + * [qa] tell git to ignore virtual environments + * http3_client.py: correct error code for connection close + * [webtransport] make H3_DATAGRAM value uppercase + * [webtransport] update H3_DATAGRAM value + * [readme] update minimal Python version + * [examples] don't sent HTTP/3 DATA if there is no request body + +------------------------------------------------------------------- +Thu Jan 6 15:35:16 UTC 2022 - Ben Greiner + +- Update to v0.9.17 + * no release notes +- Unpin cryptography (who pins security software to old versions!?) + * Add cryptography.patch +- Skip python36: this is a python310 fix and could be needed before + the global drop + +------------------------------------------------------------------- +Tue Feb 23 14:39:20 UTC 2021 - John Vandenberg + +- Update to v0.9.7 + +------------------------------------------------------------------- +Tue Feb 18 07:00:02 PM UTC 2020 - John Vandenberg + +- Initial spec for v0.8.5 diff --git a/python-aioquic.spec b/python-aioquic.spec new file mode 100644 index 0000000..eaf81d4 --- /dev/null +++ b/python-aioquic.spec @@ -0,0 +1,75 @@ +# +# spec file for package python-aioquic +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%{?sle15_python_module_pythons} +Name: python-aioquic +Version: 1.2.0 +Release: 0 +Summary: Python implementation of QUIC and HTTP/3 +License: BSD-3-Clause +URL: https://github.com/aiortc/aioquic +Source: https://files.pythonhosted.org/packages/source/a/aioquic/aioquic-%{version}.tar.gz +BuildRequires: %{python_module devel >= 3.7} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: pkgconfig +BuildRequires: python-rpm-macros +BuildRequires: pkgconfig(openssl) +Requires: python-certifi +Requires: python-cryptography >= 3.1 +Requires: python-pyOpenSSL >= 22 +Requires: python-pylsqpack >= 0.3.3 +Requires: python-service_identity +# SECTION test requirements +BuildRequires: %{python_module service_identity} +BuildRequires: %{python_module certifi} +BuildRequires: %{python_module cryptography >= 2.5} +BuildRequires: %{python_module pyOpenSSL >= 20} +BuildRequires: %{python_module pylsqpack >= 0.3.3} +# /SECTION +%python_subpackages + +%description +A library for the QUIC network protocol in Python. It features a minimal TLS +1.3 implementation, a QUIC stack and an HTTP/3 stack. + +%prep +%autosetup -p1 -n aioquic-%{version} + +%build +export CFLAGS="%{optflags}" +%pyproject_wheel + +%install +%pyproject_install +%{python_expand rm %{buildroot}%{$python_sitearch}/aioquic/*.c +%fdupes %{buildroot}%{$python_sitearch} +} + +%check +%pyunittest_arch -v + +%files %{python_files} +%doc README.rst +%license LICENSE +%{python_sitearch}/aioquic +%{python_sitearch}/aioquic-%{version}.dist-info + +%changelog diff --git a/support-service-identity-24.patch b/support-service-identity-24.patch new file mode 100644 index 0000000..212a5c7 --- /dev/null +++ b/support-service-identity-24.patch @@ -0,0 +1,61 @@ +From 9dd2b961dac1c9192d2459b697925ffab26a8ed2 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Jeremy=20Lain=C3=A9?= +Date: Sun, 14 Jan 2024 11:49:14 +0100 +Subject: [PATCH] Adapt "no subjectaltname" test for service-identitity >= 24 + +When a certificate contains no subjectAltName extension, +`service-identity` now raises a `CertificateError` instead of a +`VerificationError`. +--- + pyproject.toml | 2 +- + src/aioquic/tls.py | 7 +++++-- + tests/test_tls.py | 3 +-- + 3 files changed, 7 insertions(+), 5 deletions(-) + +diff --git a/pyproject.toml b/pyproject.toml +index 562a2a72..927fa0d4 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -31,7 +31,7 @@ dependencies = [ + "cryptography", + "pylsqpack>=0.3.3,<0.4.0", + "pyopenssl>=22", +- "service-identity>=23.1.0", ++ "service-identity>=24.1.0", + ] + dynamic = ["version"] + +diff --git a/src/aioquic/tls.py b/src/aioquic/tls.py +index a8bcb2ce..35f92ce7 100644 +--- a/src/aioquic/tls.py ++++ b/src/aioquic/tls.py +@@ -244,10 +244,13 @@ def verify_certificate( + certificate, server_name + ) + +- except service_identity.VerificationError as exc: ++ except ( ++ service_identity.CertificateError, ++ service_identity.VerificationError, ++ ) as exc: + patterns = service_identity.cryptography.extract_patterns(certificate) + if len(patterns) == 0: +- errmsg = "subject alternative name not found in the certificate" ++ errmsg = str(exc) + elif len(patterns) == 1: + errmsg = f"hostname {server_name!r} doesn't match {patterns[0]!r}" + else: +diff --git a/tests/test_tls.py b/tests/test_tls.py +index 1de9cf35..cf28bf11 100644 +--- a/tests/test_tls.py ++++ b/tests/test_tls.py +@@ -1666,8 +1666,7 @@ def test_verify_subject_no_subjaltname(self): + cadata=cadata, certificate=certificate, server_name="example.com" + ) + self.assertEqual( +- str(cm.exception), +- "subject alternative name not found in the certificate", ++ str(cm.exception), "Certificate does not contain any `subjectAltName`s." + ) + + def test_verify_subject_with_subjaltname(self):