rpm/python-certifi
SHA256
1
0
Fork 0
forked from pool/python-certifi
Code Pull Requests Activity

Accepting request 1186314 from devel:languages:python

Browse Source 
- Refresh patches python-certifi-shipped-requests-cabundle.patch and
  two-basic-unit-tests.patch
- Remove executable bit from core.py file
- Update to 2024.7.4 (CVE-2024-39689, bsc#1227519):
  Removed certs:
  * Subject: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH
- 2024.06.02
  Added certs:
  * Subject: CN=FIRMAPROFESIONAL CA ROOT-A WEB O=Firmaprofesional SA
- 2024.02.02
  Added certs:
  * Subject: CN=Telekom Security TLS ECC Root 2020 O=Deutsche Telekom Security GmbH
  * Subject: CN=Telekom Security TLS RSA Root 2023 O=Deutsche Telekom Security GmbH
  Removed certs:
  * Subject: O=SECOM Trust.net OU=Security Communication RootCA1
  * Fix leaking certificate issue

OBS-URL: https://build.opensuse.org/request/show/1186314
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-certifi?expand=0&rev=35
This commit is contained in:
Ana Guerrero 2024-07-09 18:02:55 +00:00 committed by Git OBS Bridge
commit fcdfc2a685
6 changed files with 72 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
certifi-2023.11.17.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9b469f3a900bf28dc19b8cfbf8019bf47f7fdd1a65a1d4ffb98fc14166beb4d1
size 163637

3
certifi-2024.7.4.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5a1e7645bc0ec61a09e26c36f6106dd4cf40c6db3a1fb6352b0244e7fb057c7b
size 164065

40
python-certifi-shipped-requests-cabundle.patch
View File

@ -1,21 +1,28 @@
diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.py
--- certifi-2022.9.24.orig/certifi/core.py 2022-09-13 22:15:32.000000000 +0200
+++ certifi-2022.9.24/certifi/core.py 2022-11-15 12:56:32.415823730 +0100
@@ -3,106 +3,18 @@
Index: certifi-2024.7.4/certifi/core.py
===================================================================
--- certifi-2024.7.4.orig/certifi/core.py
+++ certifi-2024.7.4/certifi/core.py
@@ -3,112 +3,19 @@ certifi.py
~~~~~~~~~~
This module returns the installation location of cacert.pem or its contents.
-"""
-import sys
-
-if sys.version_info >= (3, 11):
+Patched by openSUSE: return the system bundle
+"""
- from importlib.resources import as_file, files
"""
-import sys
-import atexit
+import io
-def exit_cacert_ctx() -> None:
- _CACERT_CTX.__exit__(None, None, None) # type: ignore[union-attr]
+def read_text(_module=None, _path=None, encoding="ascii"):
+ with io.open(where(), "r", encoding=encoding) as data:
+ return data.read()
-if sys.version_info >= (3, 11):
- from importlib.resources import as_file, files
-
- _CACERT_CTX = None
- _CACERT_PATH = None
-
@ -40,6 +47,7 @@ diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.
- # we will also store that at the global level as well.
- _CACERT_CTX = as_file(files("certifi").joinpath("cacert.pem"))
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
- atexit.register(exit_cacert_ctx)
-
- return _CACERT_PATH
-
@ -75,6 +83,7 @@ diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.
- # we will also store that at the global level as well.
- _CACERT_CTX = get_path("certifi", "cacert.pem")
- _CACERT_PATH = str(_CACERT_CTX.__enter__())
- atexit.register(exit_cacert_ctx)
-
- return _CACERT_PATH
-
@ -106,14 +115,11 @@ diff -Nru certifi-2022.9.24.orig/certifi/core.py certifi-2022.9.24/certifi/core.
- # of assuming we're on the filesystem and munge the path directly.
- def where() -> str:
- f = os.path.dirname(__file__)
+def read_text(_module=None, _path=None, encoding="ascii"):
+ with io.open(where(), "r", encoding=encoding) as data:
+ return data.read()
- return os.path.join(f, "cacert.pem")
+def where():
+ return "/etc/ssl/ca-bundle.pem"
- return os.path.join(f, "cacert.pem")
- def contents() -> str:
- return read_text("certifi", "cacert.pem", encoding="ascii")
+def contents() -> str:

23
python-certifi.changes
View File

@ -1,3 +1,26 @@
-------------------------------------------------------------------
Tue Jul 9 06:36:13 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Refresh patches python-certifi-shipped-requests-cabundle.patch and
two-basic-unit-tests.patch
- Remove executable bit from core.py file
- Update to 2024.7.4 (CVE-2024-39689, bsc#1227519):
Removed certs:
* Subject: CN=GLOBALTRUST 2020 O=e-commerce monitoring GmbH
- 2024.06.02
Added certs:
* Subject: CN=FIRMAPROFESIONAL CA ROOT-A WEB O=Firmaprofesional SA
- 2024.02.02
Added certs:
* Subject: CN=Telekom Security TLS ECC Root 2020 O=Deutsche Telekom Security GmbH
* Subject: CN=Telekom Security TLS RSA Root 2023 O=Deutsche Telekom Security GmbH
Removed certs:
* Subject: O=SECOM Trust.net OU=Security Communication RootCA1
* Fix leaking certificate issue
-------------------------------------------------------------------
Tue Nov 28 09:10:25 UTC 2023 - Dirk Müller <dmueller@suse.com>

8
python-certifi.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package python-certifi
#
# Copyright (c) 2023 SUSE LLC
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -16,10 +16,9 @@
#
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%{?sle15_python_module_pythons}
Name: python-certifi
Version: 2023.11.17
Version: 2024.7.4
Release: 0
Summary: Python package for providing Mozilla's CA Bundle
License: MPL-2.0
@ -57,8 +56,7 @@ Note that on SUSE packages the used CA bundle is actually the system bundle
%install
%python_install
%{python_expand chmod +x %{buildroot}%{$python_sitelib}/certifi/core.py
sed -i "s|#!%{_bindir}/env python|#!%__$python|" %{buildroot}/%{$python_sitelib}/certifi/core.py
%{python_expand #
rm %{buildroot}%{$python_sitelib}/certifi/cacert.pem
}

30
two-basic-unit-tests.patch
View File

@ -11,14 +11,18 @@ Subject: [PATCH 1/2] add 2 basic unit tests
create mode 100644 certifi/tests/__init__.py
create mode 100755 certifi/tests/test_certifi.py
Index: certifi-2024.7.4/certifi/tests/__init__.py
===================================================================
--- /dev/null
+++ b/certifi/tests/__init__.py
+++ certifi-2024.7.4/certifi/tests/__init__.py
@@ -0,0 +1,2 @@
+# certifi.tests module
+
Index: certifi-2024.7.4/certifi/tests/test_certifi.py
===================================================================
--- /dev/null
+++ b/certifi/tests/test_certifi.py
@@ -0,0 +1,19 @@
+++ certifi-2024.7.4/certifi/tests/test_certifi.py
@@ -0,0 +1,23 @@
+# -*- coding: utf-8 -*-
+"""
+unit tests to make sure everything behaves as expected
@ -31,15 +35,21 @@ Subject: [PATCH 1/2] add 2 basic unit tests
+
+
+class TestCertifi(unittest.TestCase):
+ def test_cabundle_exists(self):
+ """Check that the reported bundle exists"""
+ self.assertTrue(os.path.exists(certifi.where()))
+ def test_cabundle_exists(self) -> None:
+ assert os.path.exists(certifi.where())
+
+ def test_read_contents(self):
+ """Check that the returned contents contain a certificate"""
+ self.assertIn("-----BEGIN CERTIFICATE-----", certifi.contents())
+ def test_read_contents(self) -> None:
+ content = certifi.contents()
+ assert "-----BEGIN CERTIFICATE-----" in content
+
+ def test_py_typed_exists(self) -> None:
+ assert os.path.exists(
+ os.path.join(os.path.dirname(certifi.__file__), 'py.typed')
+ )
Index: certifi-2024.7.4/.github/workflows/python-package.yml
===================================================================
--- /dev/null
+++ b/.github/workflows/python-package.yml
+++ certifi-2024.7.4/.github/workflows/python-package.yml
@@ -0,0 +1,40 @@
+# This workflow will install Python dependencies, run tests and lint with a variety of Python versions
+# For more information see: https://help.github.com/actions/language-and-framework-guides/using-python-with-github-actions