From 7f3830c2e896ca32e213e11da12ba98b78260250d69ac22acb77376d123eebc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= Date: Wed, 5 Mar 2025 08:41:37 +0000 Subject: [PATCH] - Update to version 5.8.1 * Fix incomplete fix for issue #159 - Update to version 5.8.0 * Support ra=, rp= and rr= tags from RFC 6652. * Do not use static answer positions when checking DNSSEC and TLSA. - Update patch: * skip-network-tests.patch OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-checkdmarc?expand=0&rev=11 --- .gitattributes | 23 ++++++ .gitignore | 1 + checkdmarc-5.3.1.tar.gz | 3 + checkdmarc-5.7.8.tar.gz | 3 + checkdmarc-5.8.1.tar.gz | 3 + python-checkdmarc.changes | 155 ++++++++++++++++++++++++++++++++++++++ python-checkdmarc.spec | 90 ++++++++++++++++++++++ skip-network-tests.patch | 12 +++ 8 files changed, 290 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 checkdmarc-5.3.1.tar.gz create mode 100644 checkdmarc-5.7.8.tar.gz create mode 100644 checkdmarc-5.8.1.tar.gz create mode 100644 python-checkdmarc.changes create mode 100644 python-checkdmarc.spec create mode 100644 skip-network-tests.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/checkdmarc-5.3.1.tar.gz b/checkdmarc-5.3.1.tar.gz new file mode 100644 index 0000000..7eb54d8 --- /dev/null +++ b/checkdmarc-5.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d71e7fa611fa8faa36fad09416b5e2c3265d026d3b5209c051f4e292565e332 +size 36307 diff --git a/checkdmarc-5.7.8.tar.gz b/checkdmarc-5.7.8.tar.gz new file mode 100644 index 0000000..d100282 --- /dev/null +++ b/checkdmarc-5.7.8.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1affa797ec976165932787ac8b46a291d5a5328e7412bf306011a1e60f6e873e +size 58464 diff --git a/checkdmarc-5.8.1.tar.gz b/checkdmarc-5.8.1.tar.gz new file mode 100644 index 0000000..0827fec --- /dev/null +++ b/checkdmarc-5.8.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7690b02808ff4c64e17068d848a3f5ff7ce8a8d2cec98a7446b9b82bde8a0ed9 +size 59507 diff --git a/python-checkdmarc.changes b/python-checkdmarc.changes new file mode 100644 index 0000000..421ce03 --- /dev/null +++ b/python-checkdmarc.changes @@ -0,0 +1,155 @@ +------------------------------------------------------------------- +Tue Mar 4 16:36:52 UTC 2025 - Martin Hauke + +- Update to version 5.8.1 + * Fix incomplete fix for issue #159 +- Update to version 5.8.0 + * Support ra=, rp= and rr= tags from RFC 6652. + * Do not use static answer positions when checking DNSSEC and + TLSA. +- Update patch: + * skip-network-tests.patch + +------------------------------------------------------------------- +Sun Nov 10 10:27:03 UTC 2024 - Martin Hauke + +- Update to version 5.7.8 + * Move SVG validation errors from ["bimi"]["warnings"] to + ["bimi"]["image"]["validation_errors"] (#150) +- Update to version 5.7.7 + * Fix VMC validation errors not appearing. +- Update to version 5.7.6 + * Fix crash when trying to output to CSV format +- Update to version 5.7.5 + * Fix BIMI lookup for subdomains that do not have a BIMI record. +- Update to version 5.7.4 + * Add additional checks for tiny-ps SVG requirements +- Update to version 5.7.3 + * BIMI images and mark certificates + + Better error handling + + Simplified warning messages + + sha256_hash output fields renamed to sha256 +- Update to version 5.7.2 + * Account for float SVG sizes +- Update to version 5.7.1 + * Properly parse a certificate SAN + * Certificate warnings fire properly + * Make the expires timestamp more readable +- Update to version 5.7.0 + * checkdmarc will now validate Verified Mark Certificates (VMCs) + and Common Mark Certificates (CMC), snd will verify that + SHA256 hash of the logo embedded in the certificate matches + the SHA256 hash logo at the URL at the BIMI l tag. + Additionally, SVG and certificate metadata is now included in + the checkdmarc.bimi.parse_bimi_record() API and JSON CLI + output. +- Update to version 5.6.2 + * Add a warning when BIMI records do not provide a mark + certificate. + * Use the correct dependency (xmltodict, not xml2dict). +- Update to version 5.6.1 + * Fix SVG base profile detection +- Update to version 5.6.0 + * Automatically check for a BIMI DNS record at the default + selector when using the CLI + * Fix parsing of BIMI record tags when they are separated by + a ";" without a space. + * Validate the file at the URL in the BIMI l tag value + + Must be an SVG file + + The SVG version must be 1.2 + + The SVG base profile must be tiny-ps + + The SVG dimensions must be square + + The file size must not exceed 32 KB +- Update to version 5.5.1 + * SPF record validation fixes (PR #147) + + Accept mechanisms with domains that start with all. + + Ignore multiple trailing mechanisms and random text with + spaces. +- Rebase skip-network-tests.patch +- Remove tests.py + * included in the now used source tarball from github + +------------------------------------------------------------------- +Thu Oct 10 15:49:23 UTC 2024 - Dirk Müller + +- update to 5.5.0: + * Support `redirect` in SPF + +------------------------------------------------------------------- +Thu Feb 29 01:43:19 UTC 2024 - Steve Kowalik + +- Update to 5.3.1: + * Ignore UnicodeDecodeError exceptions when querying for TXT records + * Check DNSSEC on MX hostnames + * USE DNSSEC when requesting DNSKEY records + * Do not require an RRSIG answer when querying for DNSKEY records + * Pass in nameservers and timeout when running get_dnskey recursively + * Properly cache DNSKEY answers + * Fix exception handling for query_mta_sts_record + * Check for TLSA records + * Add support for parsing SMTP TLS Reporting (RFC8460) DNS records + * Add missing import dns.dnssec + * Always use the actual subdomain or domain provided + * Include MTA-STS and BIMI results in CSV output + * Added the include_tag_descriptions parameter to + checkdmarc.bimi.check_bimi() + * Added the exception class MTASTSPolicyDownloadError + * Major refactoring: Change from a single module to a package of modules, + with each checked standard as its own package + * Add support for MTA-STS RFC 8461 + * Add support for BIMI + * Specify a BIMI selector using the --bimi-selector/-b option + * Fix SPF query error and warning messages + * Add support for null MX records - RFC 7505 + * Make DMARC retorting URI error messages more clear + * Fix compatibility with Python 3.8 + * SPFRecordNotFound exception now includes a domain argument + * The DMARC missing authorization error message now includes the full + expected DNS record + * Properly parse DMARC and BIMI records for domains that do not have an + identified base domain + * Add ignore_unrelated_records argument to query_dmarc_record() + * Replace publicsuffix2 with publicsuffixlist + * Maintain the original character case of the DMARC record + * Always treat tag names as lowercase + * Always treat the DMARC v tag value as if it was uppercase + * Always treat the DMARC p, and fo tag values as if they were lowercase + * Always treat URI schemes as lowercase, but maintain the case of the address + * Ignore case and whitespace when parsing DMARC and BIMI key=value pairs + * Handle missing PTR records more gracefully + * Redundant DMARC fo tag values now result in a warning + * Detect non-trivial loops + * Raise a SPFSyntaxError exception when an IP address and IP version do + not match + * Fix raising the DMARCRecordNotFound exception when a DMARC record does + not exist + * Add void lookup limit + * Add Support for User Defined DNS Resolver Object + * Fix DNS caching + * Fix CSV output + * Always parse RUA and RUF fields, even if other parts of the record are + invalid + * Migrate build from setuptools to hatch +- Stop shipping LICENSE, now included directly. +- Refresh tests.py from upstream. +- Switch to pyproject and patch macros. +- No more greedy globs in %files. +- Drop skip-broken-tests.patch, not required. +- Add patch skip-network-tests.patch, skip tests that require network access. + +------------------------------------------------------------------- +Wed Jul 21 10:20:44 UTC 2021 - Matej Cepl + +- Use %pyunittest macro instead of directly calling %python_exec + +------------------------------------------------------------------- +Tue Jul 20 17:00:06 UTC 2021 - Martin Hauke + +- Use tests.py from github +- Add patch: + * skip-broken-tests.patch + +------------------------------------------------------------------- +Sat Jul 17 10:14:54 UTC 2021 - Martin Hauke + +- Initial package, version 4.4.1 diff --git a/python-checkdmarc.spec b/python-checkdmarc.spec new file mode 100644 index 0000000..7445ead --- /dev/null +++ b/python-checkdmarc.spec @@ -0,0 +1,90 @@ +# +# spec file for package python-checkdmarc +# +# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2021-2025, Martin Hauke +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: python-checkdmarc +Version: 5.8.1 +Release: 0 +Summary: A Python module and command line parser for SPF and DMARC records +License: Apache-2.0 +URL: https://domainaware.github.io/checkdmarc +Source: https://github.com/domainaware/checkdmarc/archive/refs/tags/%{version}.tar.gz#/checkdmarc-%{version}.tar.gz +Patch0: skip-network-tests.patch +BuildRequires: %{python_module hatchling} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module wheel} +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: python-cryptography +Requires: python-dnspython >= 2.0.0 +Requires: python-expiringdict >= 1.1.4 +Requires: python-pem >= 23.1.0 +Requires: python-publicsuffixlist +Requires: python-pyOpenSSL >= 24.2.1 +Requires: python-pyleri >= 1.3.2 +Requires: python-requests >= 2.25.0 +Requires: python-timeout-decorator >= 0.4.1 +Requires: python-xmltodict +Requires(post): update-alternatives +Requires(postun): update-alternatives +BuildArch: noarch +# SECTION test requirements +BuildRequires: %{python_module dnspython >= 2.0.0} +BuildRequires: %{python_module expiringdict >= 1.1.4} +BuildRequires: %{python_module pem >= 23.1.0} +BuildRequires: %{python_module publicsuffixlist} +BuildRequires: %{python_module pyOpenSSL >= 24.2.1} +BuildRequires: %{python_module pyleri >= 1.3.2} +BuildRequires: %{python_module requests >= 2.25.0} +BuildRequires: %{python_module timeout-decorator >= 0.4.1} +BuildRequires: %{python_module xmltodict} +# /SECTION +%python_subpackages + +%description +A Python module and command line parser for SPF and DMARC records. + +%prep +%setup -q -n checkdmarc-%{version} +%autopatch -p1 + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_clone -a %{buildroot}%{_bindir}/checkdmarc +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%post +%python_install_alternative checkdmarc + +%postun +%python_uninstall_alternative checkdmarc + +%check +%pyunittest -v tests.py + +%files %{python_files} +%license LICENSE +%doc README.md +%python_alternative %{_bindir}/checkdmarc +%{python_sitelib}/checkdmarc +%{python_sitelib}/checkdmarc-*.dist-info + +%changelog diff --git a/skip-network-tests.patch b/skip-network-tests.patch new file mode 100644 index 0000000..b6f724d --- /dev/null +++ b/skip-network-tests.patch @@ -0,0 +1,12 @@ +diff --git a/tests.py b/tests.py +index fd22132..b684ecb 100755 +--- a/tests.py ++++ b/tests.py +@@ -291,6 +291,7 @@ class Test(unittest.TestCase): + "{0} does not have any MX records".format(domain), results["warnings"] + ) + ++ @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network") + def testSPFMissingARecord(self): + """A warning is issued if an SPF record contains a mx mechanism + pointing to a domain that has no A records"""