From 97a892a280c0aff9c2cb828da62fb073a65c6c85ef21794442c6fc7c807699be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mark=C3=A9ta=20Machov=C3=A1?= <mmachova@suse.com>
Date: Thu, 20 Jun 2024 13:23:40 +0000
Subject: [PATCH] Accepting request 1181919 from home:mnhauke:network
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Update to version 2.6.1
  * The Tudoor fix ate legitimate Truncated exceptions, preventing
    the resolver from failing over to TCP and causing the query to
    timeout.
- Update to version 2.6.0
  * As mentioned in the “TuDoor” paper and the associated
    CVE-2023-29483, the dnspython stub resolver is vulnerable to a
    potential DoS if a bad-in-some-way response from the right
    address and port forged by an attacker arrives before a
    legitimate one on the UDP port dnspython is using for that
    query.
    This release addresses the issue by adopting the recommended
    mitigation, which is ignoring the bad packets and continuing to
    listen for a legitimate response until the timeout for the
    query has expired.
  * Added support for the NSID EDNS option.
  * Dnspython now looks for version metadata for optional packages
    and will not use them if they are too old. This prevents
    possible exceptions when a feature like DoH is not desired in
    dnspython, but an old httpx is installed along with
    dnspython for some other purpose.
  * The DoHNameserver class now allows GET to be used instead of
    the default POST, and also passes source and source_port
    correctly to the underlying query methods.
- Update to version 2.5.0
  * Dnspython now uses hatchling for builds.
  * Cython is no longer supported due to various typing issues.
  * Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses.
    Previously it was possible for non-canonical IPv6 forms to be
    stored in a AAAA address, which would work correctly but

OBS-URL: https://build.opensuse.org/request/show/1181919
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-dnspython?expand=0&rev=76
---
 dnspython-2.4.2.tar.gz   |  3 ---
 dnspython-2.6.1.tar.gz   |  3 +++
 python-dnspython.changes | 54 ++++++++++++++++++++++++++++++++++++++++
 python-dnspython.spec    |  7 +++---
 4 files changed, 61 insertions(+), 6 deletions(-)
 delete mode 100644 dnspython-2.4.2.tar.gz
 create mode 100644 dnspython-2.6.1.tar.gz

diff --git a/dnspython-2.4.2.tar.gz b/dnspython-2.4.2.tar.gz
deleted file mode 100644
index b9529d6..0000000
--- a/dnspython-2.4.2.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8dcfae8c7460a2f84b4072e26f1c9f4101ca20c071649cb7c34e8b6a93d58984
-size 328126
diff --git a/dnspython-2.6.1.tar.gz b/dnspython-2.6.1.tar.gz
new file mode 100644
index 0000000..0f8199e
--- /dev/null
+++ b/dnspython-2.6.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e8f0f9c23a7b7cb99ded64e6c3a6f3e701d78f50c55e002b839dea7225cff7cc
+size 332727
diff --git a/python-dnspython.changes b/python-dnspython.changes
index c608dcd..8159e5a 100644
--- a/python-dnspython.changes
+++ b/python-dnspython.changes
@@ -1,3 +1,57 @@
+-------------------------------------------------------------------
+Thu Jun 20 12:26:09 UTC 2024 - Martin Hauke <mardnh@gmx.de>
+
+- Update to version 2.6.1
+  * The Tudoor fix ate legitimate Truncated exceptions, preventing
+    the resolver from failing over to TCP and causing the query to
+    timeout.
+- Update to version 2.6.0
+  * As mentioned in the “TuDoor” paper and the associated
+    CVE-2023-29483, the dnspython stub resolver is vulnerable to a
+    potential DoS if a bad-in-some-way response from the right
+    address and port forged by an attacker arrives before a
+    legitimate one on the UDP port dnspython is using for that
+    query.
+    This release addresses the issue by adopting the recommended
+    mitigation, which is ignoring the bad packets and continuing to
+    listen for a legitimate response until the timeout for the
+    query has expired.
+  * Added support for the NSID EDNS option.
+  * Dnspython now looks for version metadata for optional packages
+    and will not use them if they are too old. This prevents
+    possible exceptions when a feature like DoH is not desired in
+    dnspython, but an old httpx is installed along with
+    dnspython for some other purpose.
+  * The DoHNameserver class now allows GET to be used instead of
+    the default POST, and also passes source and source_port
+    correctly to the underlying query methods.
+- Update to version 2.5.0
+  * Dnspython now uses hatchling for builds.
+  * Cython is no longer supported due to various typing issues.
+  * Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses.
+    Previously it was possible for non-canonical IPv6 forms to be
+    stored in a AAAA address, which would work correctly but
+    possibly cause problmes if the address were used as a key in a
+    dictionary.
+  * The number of messages in a section can be retrieved with
+    section_count().
+  * Truncation preferences for messages can be specified.
+  * The length of a message can be automatically prepended when
+    rendering.
+  * dns.message.create_response() automatically adds padding when
+    required by RFC 8467.
+  * The TLS verify parameter is now supported by dns.query.tls(),
+    and the DoH and DoT Nameserver subclasses.
+  * The MutableMapping used to store content in a zone may now be
+    specified by a factory when subclassing. Factories may also be
+    provided for writable verisons and immutable versions.
+  * dns.name.Name now has predecessor() and successor() methods
+    implementing RFC 4471.
+  * QUIC has had a number of bug fixes and also now supports
+    session tickets for faster session resumption.
+  * The NSEC3 class now has a next_name() method for retrieving the
+    next name as a dns.name.Name.
+
 -------------------------------------------------------------------
 Thu Oct  5 17:10:40 UTC 2023 - Matej Cepl <mcepl@suse.com>
 
diff --git a/python-dnspython.spec b/python-dnspython.spec
index 43941f8..0b0021e 100644
--- a/python-dnspython.spec
+++ b/python-dnspython.spec
@@ -1,7 +1,7 @@
 #
-# spec file
+# spec file for package python-dnspython
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -27,7 +27,7 @@
 %define skip_python2 1
 %{?sle15_python_module_pythons}
 Name:           python-dnspython%{psuffix}
-Version:        2.4.2
+Version:        2.6.1
 Release:        0
 Summary:        A DNS toolkit for Python
 License:        ISC
@@ -35,6 +35,7 @@ Group:          Development/Languages/Python
 URL:            https://github.com/rthalley/dnspython
 Source:         https://files.pythonhosted.org/packages/source/d/dnspython/dnspython-%{version}.tar.gz
 BuildRequires:  %{python_module base >= 3.8}
+BuildRequires:  %{python_module hatchling}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module poetry-core}
 BuildRequires:  fdupes