From 40fda6a8defb059d049456cd65bfd1e600f32c1717f97b01f35ba2dd3eb645db Mon Sep 17 00:00:00 2001 From: Matej Cepl Date: Fri, 12 Sep 2025 21:39:25 +0000 Subject: [PATCH] - Update to version 5.10.6 * Fix BIMI certificate validation error generation. * Add support for the avp bimi tag. - Update to version 5.10.5 * Switch from DNS over UDP to DNS over TCP for DNSSEC and TLSA queries. - Update to version 5.9.3 * Clarify warnings for DMARC p=none and sp=none. * Use a different warning if DMARC pct is set to 0. * Add location to the JSON output for BIMI. - Update to version 5.9.1 * Fix BIMI record parsing error introduced in 5.9.0. - Update to version 5.9.0 Bug fixes: * Remove zero-width characters from domain inputs. * Add a warning when the DMARC record p or sp value is none. * Evaluate DMARC when checking BIMI. * Do lot show a BIMI certificate warning when the l tag is set to "". * Include warnings if a domain is using BIMI, but does not have an enforced DMARC policy. New features: * Parsed SPF record details are now provided even if it uses too many DNS lookups. API changes: * Require keyword arguments to be passed as keyword=value pairs instead of positional arguments. * Add the option ignore_too_many_lookups to checkdmarc.spf.parse_spf_record() + This option will stop checkdmarc.spf.parse_spf_record() from OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-checkdmarc?expand=0&rev=19 --- .gitattributes | 23 ++++ .gitignore | 1 + checkdmarc-5.10.6.tar.gz | 3 + python-checkdmarc.changes | 228 ++++++++++++++++++++++++++++++++++++++ python-checkdmarc.spec | 89 +++++++++++++++ skip-network-tests.patch | 12 ++ 6 files changed, 356 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 checkdmarc-5.10.6.tar.gz create mode 100644 python-checkdmarc.changes create mode 100644 python-checkdmarc.spec create mode 100644 skip-network-tests.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/checkdmarc-5.10.6.tar.gz b/checkdmarc-5.10.6.tar.gz new file mode 100644 index 0000000..b139e9e --- /dev/null +++ b/checkdmarc-5.10.6.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:966af363d336593650f114d6a12827962d3cb3306da236b0f3746fdd4af99812 +size 69587 diff --git a/python-checkdmarc.changes b/python-checkdmarc.changes new file mode 100644 index 0000000..bc52dad --- /dev/null +++ b/python-checkdmarc.changes @@ -0,0 +1,228 @@ +------------------------------------------------------------------- +Fri Sep 12 18:38:37 UTC 2025 - Martin Hauke + +- Update to version 5.10.6 + * Fix BIMI certificate validation error generation. + * Add support for the avp bimi tag. +- Update to version 5.10.5 + * Switch from DNS over UDP to DNS over TCP for DNSSEC and TLSA + queries. +- Update to version 5.9.3 + * Clarify warnings for DMARC p=none and sp=none. + * Use a different warning if DMARC pct is set to 0. + * Add location to the JSON output for BIMI. +- Update to version 5.9.1 + * Fix BIMI record parsing error introduced in 5.9.0. +- Update to version 5.9.0 + Bug fixes: + * Remove zero-width characters from domain inputs. + * Add a warning when the DMARC record p or sp value is none. + * Evaluate DMARC when checking BIMI. + * Do lot show a BIMI certificate warning when the l tag is set + to "". + * Include warnings if a domain is using BIMI, but does not have + an enforced DMARC policy. + New features: + * Parsed SPF record details are now provided even if it uses + too many DNS lookups. + API changes: + * Require keyword arguments to be passed as keyword=value pairs + instead of positional arguments. + * Add the option ignore_too_many_lookups to + checkdmarc.spf.parse_spf_record() + + This option will stop checkdmarc.spf.parse_spf_record() from + rasing exceptions related to too many DNS lookups, in + support of the new feature. + + False by default to maintain backwards compatibility. + + checkdmarc.spf.check_spf() uses this functionality to + support the new feature. +- Update to version 5.8.8 + * Provide an easier to understand error message when a mark + certificate is not is not issued by a recognized Mark + Verifying Authority (MVA). + * Bug fix: failure to download a BIMI image is noted in the + certificate section instead of the image section. +- Update to version 5.8.7 + * fix discrepencies on http_timeout usage. + * Fixing a bug in policy/subdomain policy check for parked + domains. +- Update patch: + * skip-network-tests.patch + +------------------------------------------------------------------- +Fri Jun 27 15:07:33 UTC 2025 - Markéta Machová + +- Convert to libalternatives + +------------------------------------------------------------------- +Wed Jun 18 11:26:03 UTC 2025 - Martin Hauke + +- Update to version 5.8.6 + * Ignore unhandled critical extensions for mark certificates. + +------------------------------------------------------------------- +Mon May 19 07:44:56 UTC 2025 - John Paul Adrian Glaubitz + +- Update to version 5.8.2 + * Add SSL.com root VMC CA certificates to `MVCCAs.pem` + * Replace deprecated `importlib.resources.path` call + with `importlib.resources.file` + * Use `importlib-resources` to support older versions of Python +- Update BuildRequires from pyproject.toml +- Use Python 3.11 on SLE-15 by default + +------------------------------------------------------------------- +Tue Mar 4 16:36:52 UTC 2025 - Martin Hauke + +- Update to version 5.8.1 + * Fix incomplete fix for issue #159 +- Update to version 5.8.0 + * Support ra=, rp= and rr= tags from RFC 6652. + * Do not use static answer positions when checking DNSSEC and + TLSA. +- Update patch: + * skip-network-tests.patch + +------------------------------------------------------------------- +Sun Nov 10 10:27:03 UTC 2024 - Martin Hauke + +- Update to version 5.7.8 + * Move SVG validation errors from ["bimi"]["warnings"] to + ["bimi"]["image"]["validation_errors"] (#150) +- Update to version 5.7.7 + * Fix VMC validation errors not appearing. +- Update to version 5.7.6 + * Fix crash when trying to output to CSV format +- Update to version 5.7.5 + * Fix BIMI lookup for subdomains that do not have a BIMI record. +- Update to version 5.7.4 + * Add additional checks for tiny-ps SVG requirements +- Update to version 5.7.3 + * BIMI images and mark certificates + + Better error handling + + Simplified warning messages + + sha256_hash output fields renamed to sha256 +- Update to version 5.7.2 + * Account for float SVG sizes +- Update to version 5.7.1 + * Properly parse a certificate SAN + * Certificate warnings fire properly + * Make the expires timestamp more readable +- Update to version 5.7.0 + * checkdmarc will now validate Verified Mark Certificates (VMCs) + and Common Mark Certificates (CMC), snd will verify that + SHA256 hash of the logo embedded in the certificate matches + the SHA256 hash logo at the URL at the BIMI l tag. + Additionally, SVG and certificate metadata is now included in + the checkdmarc.bimi.parse_bimi_record() API and JSON CLI + output. +- Update to version 5.6.2 + * Add a warning when BIMI records do not provide a mark + certificate. + * Use the correct dependency (xmltodict, not xml2dict). +- Update to version 5.6.1 + * Fix SVG base profile detection +- Update to version 5.6.0 + * Automatically check for a BIMI DNS record at the default + selector when using the CLI + * Fix parsing of BIMI record tags when they are separated by + a ";" without a space. + * Validate the file at the URL in the BIMI l tag value + + Must be an SVG file + + The SVG version must be 1.2 + + The SVG base profile must be tiny-ps + + The SVG dimensions must be square + + The file size must not exceed 32 KB +- Update to version 5.5.1 + * SPF record validation fixes (PR #147) + + Accept mechanisms with domains that start with all. + + Ignore multiple trailing mechanisms and random text with + spaces. +- Rebase skip-network-tests.patch +- Remove tests.py + * included in the now used source tarball from github + +------------------------------------------------------------------- +Thu Oct 10 15:49:23 UTC 2024 - Dirk Müller + +- update to 5.5.0: + * Support `redirect` in SPF + +------------------------------------------------------------------- +Thu Feb 29 01:43:19 UTC 2024 - Steve Kowalik + +- Update to 5.3.1: + * Ignore UnicodeDecodeError exceptions when querying for TXT records + * Check DNSSEC on MX hostnames + * USE DNSSEC when requesting DNSKEY records + * Do not require an RRSIG answer when querying for DNSKEY records + * Pass in nameservers and timeout when running get_dnskey recursively + * Properly cache DNSKEY answers + * Fix exception handling for query_mta_sts_record + * Check for TLSA records + * Add support for parsing SMTP TLS Reporting (RFC8460) DNS records + * Add missing import dns.dnssec + * Always use the actual subdomain or domain provided + * Include MTA-STS and BIMI results in CSV output + * Added the include_tag_descriptions parameter to + checkdmarc.bimi.check_bimi() + * Added the exception class MTASTSPolicyDownloadError + * Major refactoring: Change from a single module to a package of modules, + with each checked standard as its own package + * Add support for MTA-STS RFC 8461 + * Add support for BIMI + * Specify a BIMI selector using the --bimi-selector/-b option + * Fix SPF query error and warning messages + * Add support for null MX records - RFC 7505 + * Make DMARC retorting URI error messages more clear + * Fix compatibility with Python 3.8 + * SPFRecordNotFound exception now includes a domain argument + * The DMARC missing authorization error message now includes the full + expected DNS record + * Properly parse DMARC and BIMI records for domains that do not have an + identified base domain + * Add ignore_unrelated_records argument to query_dmarc_record() + * Replace publicsuffix2 with publicsuffixlist + * Maintain the original character case of the DMARC record + * Always treat tag names as lowercase + * Always treat the DMARC v tag value as if it was uppercase + * Always treat the DMARC p, and fo tag values as if they were lowercase + * Always treat URI schemes as lowercase, but maintain the case of the address + * Ignore case and whitespace when parsing DMARC and BIMI key=value pairs + * Handle missing PTR records more gracefully + * Redundant DMARC fo tag values now result in a warning + * Detect non-trivial loops + * Raise a SPFSyntaxError exception when an IP address and IP version do + not match + * Fix raising the DMARCRecordNotFound exception when a DMARC record does + not exist + * Add void lookup limit + * Add Support for User Defined DNS Resolver Object + * Fix DNS caching + * Fix CSV output + * Always parse RUA and RUF fields, even if other parts of the record are + invalid + * Migrate build from setuptools to hatch +- Stop shipping LICENSE, now included directly. +- Refresh tests.py from upstream. +- Switch to pyproject and patch macros. +- No more greedy globs in %files. +- Drop skip-broken-tests.patch, not required. +- Add patch skip-network-tests.patch, skip tests that require network access. + +------------------------------------------------------------------- +Wed Jul 21 10:20:44 UTC 2021 - Matej Cepl + +- Use %pyunittest macro instead of directly calling %python_exec + +------------------------------------------------------------------- +Tue Jul 20 17:00:06 UTC 2021 - Martin Hauke + +- Use tests.py from github +- Add patch: + * skip-broken-tests.patch + +------------------------------------------------------------------- +Sat Jul 17 10:14:54 UTC 2021 - Martin Hauke + +- Initial package, version 4.4.1 diff --git a/python-checkdmarc.spec b/python-checkdmarc.spec new file mode 100644 index 0000000..65cae78 --- /dev/null +++ b/python-checkdmarc.spec @@ -0,0 +1,89 @@ +# +# spec file for package python-checkdmarc +# +# Copyright (c) 2025 SUSE LLC and contributors +# Copyright (c) 2021-2025, Martin Hauke +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%bcond_without libalternatives +%{?sle15_python_module_pythons} +Name: python-checkdmarc +Version: 5.10.6 +Release: 0 +Summary: A Python module and command line parser for SPF and DMARC records +License: Apache-2.0 +URL: https://domainaware.github.io/checkdmarc +Source: https://github.com/domainaware/checkdmarc/archive/refs/tags/%{version}.tar.gz#/checkdmarc-%{version}.tar.gz +Patch0: skip-network-tests.patch +BuildRequires: %{python_module hatchling} +BuildRequires: %{python_module importlib_resources >= 6.0} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module wheel} +BuildRequires: alts +BuildRequires: fdupes +BuildRequires: python-rpm-macros +Requires: alts +Requires: python-cryptography +Requires: python-dnspython >= 2.0.0 +Requires: python-expiringdict >= 1.1.4 +Requires: python-pem >= 23.1.0 +Requires: python-publicsuffixlist +Requires: python-pyOpenSSL >= 24.2.1 +Requires: python-pyleri >= 1.3.2 +Requires: python-requests >= 2.25.0 +Requires: python-timeout-decorator >= 0.4.1 +Requires: python-xmltodict +BuildArch: noarch +# SECTION test requirements +BuildRequires: %{python_module dnspython >= 2.0.0} +BuildRequires: %{python_module expiringdict >= 1.1.4} +BuildRequires: %{python_module pem >= 23.1.0} +BuildRequires: %{python_module publicsuffixlist} +BuildRequires: %{python_module pyOpenSSL >= 24.2.1} +BuildRequires: %{python_module pyleri >= 1.3.2} +BuildRequires: %{python_module requests >= 2.25.0} +BuildRequires: %{python_module timeout-decorator >= 0.4.1} +BuildRequires: %{python_module xmltodict} +# /SECTION +%python_subpackages + +%description +A Python module and command line parser for SPF and DMARC records. + +%prep +%autosetup -p1 -n checkdmarc-%{version} + +%build +%pyproject_wheel + +%install +%pyproject_install +%python_clone -a %{buildroot}%{_bindir}/checkdmarc +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +%pre +%python_libalternatives_reset_alternative checkdmarc + +%check +%pyunittest -v tests.py + +%files %{python_files} +%license LICENSE +%doc README.md +%python_alternative %{_bindir}/checkdmarc +%{python_sitelib}/checkdmarc +%{python_sitelib}/checkdmarc-*.dist-info + +%changelog diff --git a/skip-network-tests.patch b/skip-network-tests.patch new file mode 100644 index 0000000..f04318e --- /dev/null +++ b/skip-network-tests.patch @@ -0,0 +1,12 @@ +diff --git a/tests.py b/tests.py +index 9cfda48..cdaf4fe 100755 +--- a/tests.py ++++ b/tests.py +@@ -296,6 +296,7 @@ class Test(unittest.TestCase): + results["warnings"], + ) + ++ @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network") + def testSPFMissingARecord(self): + """A warning is issued if an SPF record contains a mx mechanism + pointing to a domain that has no A records"""