Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-ldap for openSUSE:Factory checked in at 2022-07-26 19:45:12 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-ldap (Old) and /work/SRC/openSUSE:Factory/.python-ldap.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-ldap" Tue Jul 26 19:45:12 2022 rev:57 rq:991064 version:3.4.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-ldap/python-ldap.changes 2022-03-18 16:42:30.997197663 +0100 +++ /work/SRC/openSUSE:Factory/.python-ldap.new.1533/python-ldap.changes 2022-07-26 19:45:14.580215476 +0200 @@ -1,0 +2,7 @@ +Sun Jul 24 17:36:21 UTC 2022 - Michael Str??der <[email protected]> + +- update to upstream release 3.4.2 + minor release to provide out-of-the-box compatibility with the merge + of libldap and libldap_r that happened with OpenLDAP's 2.5 release. + +------------------------------------------------------------------- Old: ---- python-ldap-3.4.0.tar.gz New: ---- python-ldap-3.4.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-ldap.spec ++++++ --- /var/tmp/diff_new_pack.3qFpNf/_old 2022-07-26 19:45:15.168124629 +0200 +++ /var/tmp/diff_new_pack.3qFpNf/_new 2022-07-26 19:45:15.172124011 +0200 @@ -21,7 +21,7 @@ %define skip_python2 1 Name: python-ldap -Version: 3.4.0 +Version: 3.4.2 Release: 0 Summary: Python LDAP interface License: Python-2.0 ++++++ python-ldap-3.4.0.tar.gz -> python-ldap-3.4.2.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/CHANGES new/python-ldap-3.4.2/CHANGES --- old/python-ldap-3.4.0/CHANGES 2021-11-26 15:42:10.000000000 +0100 +++ new/python-ldap-3.4.2/CHANGES 2022-07-06 21:10:41.000000000 +0200 @@ -1,3 +1,43 @@ +Released 3.4.2 2022-07-06 + +This is a minor release to provide out-of-the-box compatibility with the merge +of libldap and libldap_r that happened with OpenLDAP's 2.5 release. + +The following undocumented functions are deprecated and scheduled for removal: +- ``ldap.cidict.strlist_intersection`` +- ``ldap.cidict.strlist_minus`` +- ``ldap.cidict.strlist_union`` + +The following deprecated option has been removed: +- ``OPT_X_TLS`` + +Doc/ +* SASL option usage has been clarified + +Lib/ +* ppolicy control definition has been updated to match Behera draft 11 + +Modules/ +* By default, compile against libldap, checking whether it provides a + threadsafe implementation at runtime +* When decoding controls, the module can now distinguish between no value + (now exposed as ``None``) and an empty value (exposed as ``b''``) +* Several new OpenLDAP options are now supported: + * ``OPT_SOCKET_BIND_ADDRESSES`` + * ``OPT_TCP_USER_TIMEOUT`` + * ``OPT_X_SASL_MAXBUFSIZE`` + * ``OPT_X_SASL_SECPROPS`` + * ``OPT_X_TLS_ECNAME`` + * ``OPT_X_TLS_PEERCERT`` + * ``OPT_X_TLS_PROTOCOL``-related options and constants + +Fixes: +* Encoding/decoding of boolean controls has been corrected +* ldap.schema.models.Entry is now usable +* ``method`` keyword to ReconnectLDAPObject.bind_s is now usable + + +---------------------------------------------------------------- Released 3.4.0 2021-11-26 This release requires Python 3.6 or above, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Doc/contributing.rst new/python-ldap-3.4.2/Doc/contributing.rst --- old/python-ldap-3.4.0/Doc/contributing.rst 2021-09-17 10:44:13.000000000 +0200 +++ new/python-ldap-3.4.2/Doc/contributing.rst 2022-07-06 21:10:41.000000000 +0200 @@ -218,6 +218,8 @@ * Go through all changes since last version, and add them to ``CHANGES``. * Run :ref:`additional tests` as appropriate, fix any regressions. * Change the release date in ``CHANGES``. +* Update ``__version__`` tags where appropriate (each module ``ldap``, + ``ldif``, ``ldapurl``, ``slapdtest`` has its own copy). * Merge all that (using pull requests). * Run ``python setup.py sdist``, and smoke-test the resulting package (install in a clean virtual environment, import ``ldap``). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Doc/faq.rst new/python-ldap-3.4.2/Doc/faq.rst --- old/python-ldap-3.4.0/Doc/faq.rst 2021-09-17 10:44:13.000000000 +0200 +++ new/python-ldap-3.4.2/Doc/faq.rst 2022-04-27 17:49:25.000000000 +0200 @@ -84,6 +84,11 @@ `LDAPv2 is considered historic <https://tools.ietf.org/html/rfc3494>`_ since many years. +**Q**: My TLS settings are ignored/TLS isn't working? + + **A**: Make sure you call `set_option( ldap.OPT_X_TLS_NEWCTX, 0 )` + after changing any of the `OPT_X_TLS_*` options. + Installing diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Doc/reference/ldap.rst new/python-ldap-3.4.2/Doc/reference/ldap.rst --- old/python-ldap-3.4.0/Doc/reference/ldap.rst 2021-11-26 14:55:34.000000000 +0100 +++ new/python-ldap-3.4.2/Doc/reference/ldap.rst 2022-07-06 21:10:21.000000000 +0200 @@ -226,6 +226,9 @@ SASL options :::::::::::: +Unlike most other options, SASL options must be set on an +:py:class:`LDAPObject` instance. + .. py:data:: OPT_X_SASL_AUTHCID .. py:data:: OPT_X_SASL_AUTHZID @@ -234,7 +237,7 @@ .. py:data:: OPT_X_SASL_NOCANON - If set to zero SASL host name canonicalization is disabled. + If set to zero, SASL host name canonicalization is disabled. .. py:data:: OPT_X_SASL_REALM @@ -349,7 +352,7 @@ .. py:data:: OPT_X_TLS_REQUIRE_SAN get/set how OpenLDAP validates subject alternative name extension, - available in OpenSSL 2.4.52 and newer. + available in OpenLDAP 2.4.52 and newer. :py:const:`OPT_X_TLS_NEVER` Don't check SAN @@ -372,21 +375,27 @@ .. py:data:: OPT_X_TLS_ALLOW Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` + and :py:const:`OPT_X_TLS_REQUIRE_SAN` .. py:data:: OPT_X_TLS_DEMAND Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` + and :py:const:`OPT_X_TLS_REQUIRE_SAN` .. py:data:: OPT_X_TLS_HARD Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` + and :py:const:`OPT_X_TLS_REQUIRE_SAN` .. py:data:: OPT_X_TLS_NEVER Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` + and :py:const:`OPT_X_TLS_REQUIRE_SAN` .. py:data:: OPT_X_TLS_TRY + Value for :py:const:`OPT_X_TLS_REQUIRE_CERT` + .. deprecated:: 3.3.0 This value is only used by slapd server internally. It will be removed in the future. @@ -400,20 +409,60 @@ get/set allowed cipher suites -.. py:data:: OPT_X_TLS_CTX +.. py:data:: OPT_X_TLS_PEERCERT - get address of internal memory address of TLS context (**DO NOT USE**) + Get peer's certificate as binary ASN.1 data structure (DER) -.. py:data:: OPT_X_TLS_PEERCERT + .. versionadded:: 3.4.1 - Get peer's certificate as binary ASN.1 data structure (not supported) + .. note:: + The option leaks memory with OpenLDAP < 2.5.8. .. py:data:: OPT_X_TLS_PROTOCOL_MIN get/set minimum protocol version (wire protocol version as int) - * ``0x303`` for TLS 1.2 - * ``0x304`` for TLS 1.3 +.. py:data:: OPT_X_TLS_PROTOCOL_MAX + + get/set maximum protocol version (wire protocol version as int), + available in OpenLDAP 2.5 and newer. + + .. versionadded:: 3.4.1 + +.. py:data:: OPT_X_TLS_PROTOCOL_SSL3 + + Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and + :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents SSL 3 + + .. versionadded:: 3.4.1 + +.. py:data:: OPT_X_TLS_PROTOCOL_TLS1_0 + + Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and + :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents TLS 1.0 + + .. versionadded:: 3.4.1 + +.. py:data:: OPT_X_TLS_PROTOCOL_TLS1_1 + + Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and + :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents TLS 1.1 + + .. versionadded:: 3.4.1 + +.. py:data:: OPT_X_TLS_PROTOCOL_TLS1_2 + + Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and + :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents TLS 1.2 + + .. versionadded:: 3.4.1 + +.. py:data:: OPT_X_TLS_PROTOCOL_TLS1_3 + + Value for :py:const:`OPT_X_TLS_PROTOCOL_MIN` and + :py:const:`OPT_X_TLS_PROTOCOL_MAX`, represents TLS 1.3 + + .. versionadded:: 3.4.1 .. py:data:: OPT_X_TLS_VERSION @@ -423,12 +472,6 @@ get/set path to /dev/urandom (**DO NOT USE**) -.. py:data:: OPT_X_TLS - - .. deprecated:: 3.3.0 - The option is deprecated in OpenLDAP and should no longer be used. It - will be removed in the future. - .. note:: OpenLDAP supports several TLS/SSL libraries. OpenSSL is the most common @@ -918,11 +961,6 @@ The *dn* and *attr* arguments are text strings; see :ref:`bytes_mode`. - .. note:: - - A design fault in the LDAP API prevents *value* - from containing *NULL* characters. - .. py:method:: LDAPObject.delete(dn) -> int diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Doc/spelling_wordlist.txt new/python-ldap-3.4.2/Doc/spelling_wordlist.txt --- old/python-ldap-3.4.0/Doc/spelling_wordlist.txt 2021-09-17 10:44:13.000000000 +0200 +++ new/python-ldap-3.4.2/Doc/spelling_wordlist.txt 2022-05-30 11:25:11.000000000 +0200 @@ -144,6 +144,7 @@ syncrepl syntaxes timelimit +TLS tracebacks tuple tuples diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/ldap/constants.py new/python-ldap-3.4.2/Lib/ldap/constants.py --- old/python-ldap-3.4.0/Lib/ldap/constants.py 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/ldap/constants.py 2022-05-30 13:36:51.000000000 +0200 @@ -244,6 +244,7 @@ Int('OPT_SIZELIMIT'), Int('OPT_TIMELIMIT'), Int('OPT_REFERRALS', optional=True), + Int('OPT_RESULT_CODE'), Int('OPT_ERROR_NUMBER'), Int('OPT_RESTART'), Int('OPT_PROTOCOL_VERSION'), @@ -261,12 +262,11 @@ Int('OPT_TIMEOUT'), Int('OPT_REFHOPLIMIT'), Int('OPT_NETWORK_TIMEOUT'), + Int('OPT_TCP_USER_TIMEOUT', optional=True), Int('OPT_URI'), Int('OPT_DEFBASE', optional=True), - TLSInt('OPT_X_TLS', optional=True), - TLSInt('OPT_X_TLS_CTX'), TLSInt('OPT_X_TLS_CACERTFILE'), TLSInt('OPT_X_TLS_CACERTDIR'), TLSInt('OPT_X_TLS_CERTFILE'), @@ -299,8 +299,19 @@ TLSInt('OPT_X_TLS_PACKAGE', optional=True), # Added in OpenLDAP 2.4.52 + TLSInt('OPT_X_TLS_ECNAME', optional=True), TLSInt('OPT_X_TLS_REQUIRE_SAN', optional=True), + # Added in OpenLDAP 2.5 + TLSInt('OPT_X_TLS_PEERCERT', optional=True), + TLSInt('OPT_X_TLS_PROTOCOL_MAX', optional=True), + + TLSInt('OPT_X_TLS_PROTOCOL_SSL3', optional=True), + TLSInt('OPT_X_TLS_PROTOCOL_TLS1_0', optional=True), + TLSInt('OPT_X_TLS_PROTOCOL_TLS1_1', optional=True), + TLSInt('OPT_X_TLS_PROTOCOL_TLS1_2', optional=True), + TLSInt('OPT_X_TLS_PROTOCOL_TLS1_3', optional=True), + Int('OPT_X_SASL_MECH'), Int('OPT_X_SASL_REALM'), Int('OPT_X_SASL_AUTHCID'), @@ -341,9 +352,7 @@ # XXX - these should be errors Int('URL_ERR_BADSCOPE'), Int('URL_ERR_MEM'), - # Int('LIBLDAP_R'), - Feature('LIBLDAP_R', 'HAVE_LIBLDAP_R'), Feature('SASL_AVAIL', 'HAVE_SASL'), Feature('TLS_AVAIL', 'HAVE_TLS'), Feature('INIT_FD_AVAIL', 'HAVE_LDAP_INIT_FD'), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/ldap/controls/ppolicy.py new/python-ldap-3.4.2/Lib/ldap/controls/ppolicy.py --- old/python-ldap-3.4.0/Lib/ldap/controls/ppolicy.py 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/ldap/controls/ppolicy.py 2022-07-06 21:10:21.000000000 +0200 @@ -40,9 +40,10 @@ ('insufficientPasswordQuality',5), ('passwordTooShort',6), ('passwordTooYoung',7), - ('passwordInHistory',8) + ('passwordInHistory',8), + ('passwordTooLong',9), ) - subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(0,1,2,3,4,5,6,7,8) + subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(0,1,2,3,4,5,6,7,8,9) class PasswordPolicyResponseValue(univ.Sequence): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/ldap/controls/simple.py new/python-ldap-3.4.2/Lib/ldap/controls/simple.py --- old/python-ldap-3.4.0/Lib/ldap/controls/simple.py 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/ldap/controls/simple.py 2022-05-30 13:36:51.000000000 +0200 @@ -7,6 +7,9 @@ import struct,ldap from ldap.controls import RequestControl,ResponseControl,LDAPControl,KNOWN_RESPONSE_CONTROLS +from pyasn1.type import univ +from pyasn1.codec.ber import encoder,decoder + class ValueLessRequestControl(RequestControl): """ @@ -57,8 +60,6 @@ booleanValue Boolean (True/False or 1/0) which is the boolean controlValue. """ - boolean2ber = { 1:'\x01\x01\xFF', 0:'\x01\x01\x00' } - ber2boolean = { '\x01\x01\xFF':1, '\x01\x01\x00':0 } def __init__(self,controlType=None,criticality=False,booleanValue=False): self.controlType = controlType @@ -66,10 +67,11 @@ self.booleanValue = booleanValue def encodeControlValue(self): - return self.boolean2ber[int(self.booleanValue)] + return encoder.encode(self.booleanValue,asn1Spec=univ.Boolean()) def decodeControlValue(self,encodedControlValue): - self.booleanValue = self.ber2boolean[encodedControlValue] + decodedValue,_ = decoder.decode(encodedControlValue,asn1Spec=univ.Boolean()) + self.booleanValue = bool(int(decodedValue)) class ManageDSAITControl(ValueLessRequestControl): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/ldap/extop/disconnection.py new/python-ldap-3.4.2/Lib/ldap/extop/disconnection.py --- old/python-ldap-3.4.0/Lib/ldap/extop/disconnection.py 1970-01-01 01:00:00.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/ldap/extop/disconnection.py 2022-05-30 12:05:42.000000000 +0200 @@ -0,0 +1,12 @@ +""" +ldap.extop.disconnection - Class for Notice of Disconnection +Unsolicited Notification (see RFC4511) + +See https://www.python-ldap.org/ for details. +""" + +from ldap.response import UnsolicitedNotification + + +class NoticeOfDisconnection(UnsolicitedNotification): + responseName = "1.3.6.1.4.1.1466.20036" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/ldap/ldapobject.py new/python-ldap-3.4.2/Lib/ldap/ldapobject.py --- old/python-ldap-3.4.0/Lib/ldap/ldapobject.py 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/ldap/ldapobject.py 2022-07-06 21:10:21.000000000 +0200 @@ -895,8 +895,8 @@ self._trace_file = ldap._trace_file self.reconnect(self._uri) - def _store_last_bind(self,method,*args,**kwargs): - self._last_bind = (method,args,kwargs) + def _store_last_bind(self,_method,*args,**kwargs): + self._last_bind = (_method,args,kwargs) def _apply_last_bind(self): if self._last_bind!=None: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/ldap/pkginfo.py new/python-ldap-3.4.2/Lib/ldap/pkginfo.py --- old/python-ldap-3.4.0/Lib/ldap/pkginfo.py 2021-11-26 15:41:47.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/ldap/pkginfo.py 2022-07-06 21:10:41.000000000 +0200 @@ -1,6 +1,6 @@ """ meta attributes for packaging which does not import any dependencies """ -__version__ = '3.4.0' +__version__ = '3.4.2' __author__ = 'python-ldap project' __license__ = 'Python style' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/ldap/schema/models.py new/python-ldap-3.4.2/Lib/ldap/schema/models.py --- old/python-ldap-3.4.0/Lib/ldap/schema/models.py 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/ldap/schema/models.py 2022-05-30 13:36:51.000000000 +0200 @@ -7,7 +7,7 @@ import sys import ldap.cidict -from collections import UserDict as IterableUserDict +from collections import UserDict from ldap.schema.tokenizer import split_tokens,extract_tokens @@ -640,7 +640,7 @@ return '( %s )' % ''.join(result) -class Entry(IterableUserDict): +class Entry(UserDict): """ Schema-aware implementation of an LDAP entry class. @@ -653,7 +653,7 @@ self._attrtype2keytuple = {} self._s = schema self.dn = dn - IterableUserDict.IterableUserDict.__init__(self,{}) + super().__init__() self.update(entry) def _at2key(self,nameoroid): @@ -674,7 +674,7 @@ return t def update(self,dict): - for key, value in dict.values(): + for key, value in dict.items(): self[key] = value def __contains__(self,nameoroid): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/ldapurl.py new/python-ldap-3.4.2/Lib/ldapurl.py --- old/python-ldap-3.4.0/Lib/ldapurl.py 2021-11-26 15:41:47.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/ldapurl.py 2022-07-06 21:10:41.000000000 +0200 @@ -4,7 +4,7 @@ See https://www.python-ldap.org/ for details. """ -__version__ = '3.4.0' +__version__ = '3.4.2' __all__ = [ # constants diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/ldif.py new/python-ldap-3.4.2/Lib/ldif.py --- old/python-ldap-3.4.0/Lib/ldif.py 2021-11-26 15:41:47.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/ldif.py 2022-07-06 21:10:41.000000000 +0200 @@ -3,7 +3,7 @@ See https://www.python-ldap.org/ for details. """ -__version__ = '3.4.0' +__version__ = '3.4.2' __all__ = [ # constants diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/python_ldap.egg-info/PKG-INFO new/python-ldap-3.4.2/Lib/python_ldap.egg-info/PKG-INFO --- old/python-ldap-3.4.0/Lib/python_ldap.egg-info/PKG-INFO 2021-11-26 16:09:46.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/python_ldap.egg-info/PKG-INFO 2022-07-06 21:11:22.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: python-ldap -Version: 3.4.0 +Version: 3.4.2 Summary: Python modules for implementing LDAP clients Home-page: https://www.python-ldap.org/ Author: python-ldap project diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/python_ldap.egg-info/SOURCES.txt new/python-ldap-3.4.2/Lib/python_ldap.egg-info/SOURCES.txt --- old/python-ldap-3.4.0/Lib/python_ldap.egg-info/SOURCES.txt 2021-11-26 16:09:46.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/python_ldap.egg-info/SOURCES.txt 2022-07-06 21:11:22.000000000 +0200 @@ -104,6 +104,7 @@ Lib/ldap/controls/vlv.py Lib/ldap/extop/__init__.py Lib/ldap/extop/dds.py +Lib/ldap/extop/disconnection.py Lib/ldap/extop/passwd.py Lib/ldap/schema/__init__.py Lib/ldap/schema/models.py diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Lib/slapdtest/__init__.py new/python-ldap-3.4.2/Lib/slapdtest/__init__.py --- old/python-ldap-3.4.0/Lib/slapdtest/__init__.py 2021-11-26 15:41:47.000000000 +0100 +++ new/python-ldap-3.4.2/Lib/slapdtest/__init__.py 2022-07-06 21:10:41.000000000 +0200 @@ -4,7 +4,7 @@ See https://www.python-ldap.org/ for details. """ -__version__ = '3.4.0' +__version__ = '3.4.2' from slapdtest._slapdtest import SlapdObject, SlapdTestCase, SysLogHandler from slapdtest._slapdtest import requires_ldapi, requires_sasl, requires_tls diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Modules/berval.c new/python-ldap-3.4.2/Modules/berval.c --- old/python-ldap-3.4.0/Modules/berval.c 2021-11-26 15:06:35.000000000 +0100 +++ new/python-ldap-3.4.2/Modules/berval.c 2022-05-30 12:05:41.000000000 +0200 @@ -17,7 +17,7 @@ { PyObject *ret = NULL; - if (!bv) { + if (!bv || !bv->bv_val) { ret = Py_None; Py_INCREF(ret); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Modules/common.h new/python-ldap-3.4.2/Modules/common.h --- old/python-ldap-3.4.0/Modules/common.h 2021-11-26 15:06:35.000000000 +0100 +++ new/python-ldap-3.4.2/Modules/common.h 2022-05-30 12:05:41.000000000 +0200 @@ -16,7 +16,7 @@ #include <ldap.h> #include <ldap_features.h> -#if LDAP_API_VERSION < 2040 +#if LDAP_VENDOR_VERSION < 20400 #error Current python-ldap requires OpenLDAP 2.4.x #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Modules/constants.c new/python-ldap-3.4.2/Modules/constants.c --- old/python-ldap-3.4.0/Modules/constants.c 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Modules/constants.c 2022-05-30 13:36:51.000000000 +0200 @@ -197,6 +197,8 @@ LDAPinit_constants(PyObject *m) { PyObject *exc, *nobj; + struct ldap_apifeature_info info = { 1, "X_OPENLDAP_THREAD_SAFE", 0 }; + int thread_safe = 0; /* simple constants */ @@ -221,6 +223,14 @@ return -1; Py_INCREF(LDAPexception_class); +#ifdef LDAP_API_FEATURE_X_OPENLDAP_THREAD_SAFE + if (ldap_get_option(NULL, LDAP_OPT_API_FEATURE_INFO, &info) == LDAP_SUCCESS) { + thread_safe = (info.ldapaif_version == 1); + } +#endif + if (PyModule_AddIntConstant(m, "LIBLDAP_R", thread_safe) != 0) + return -1; + /* Generated constants -- see Lib/ldap/constants.py */ #define add_err(n) do { \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Modules/constants_generated.h new/python-ldap-3.4.2/Modules/constants_generated.h --- old/python-ldap-3.4.0/Modules/constants_generated.h 2021-11-26 15:06:35.000000000 +0100 +++ new/python-ldap-3.4.2/Modules/constants_generated.h 2022-05-30 13:36:51.000000000 +0200 @@ -76,10 +76,12 @@ add_err(CANNOT_CANCEL); #endif + #if defined(LDAP_ASSERTION_FAILED) add_err(ASSERTION_FAILED); #endif + #if defined(LDAP_PROXIED_AUTHORIZATION_DENIED) add_err(PROXIED_AUTHORIZATION_DENIED); #endif @@ -171,6 +173,7 @@ add_int(OPT_REFERRALS); #endif +add_int(OPT_RESULT_CODE); add_int(OPT_ERROR_NUMBER); add_int(OPT_RESTART); add_int(OPT_PROTOCOL_VERSION); @@ -186,19 +189,19 @@ add_int(OPT_TIMEOUT); add_int(OPT_REFHOPLIMIT); add_int(OPT_NETWORK_TIMEOUT); + +#if defined(LDAP_OPT_TCP_USER_TIMEOUT) +add_int(OPT_TCP_USER_TIMEOUT); +#endif + add_int(OPT_URI); #if defined(LDAP_OPT_DEFBASE) add_int(OPT_DEFBASE); #endif -#if HAVE_TLS -#if defined(LDAP_OPT_X_TLS) -add_int(OPT_X_TLS); -#endif - -add_int(OPT_X_TLS_CTX); +#if HAVE_TLS add_int(OPT_X_TLS_CACERTFILE); add_int(OPT_X_TLS_CACERTDIR); add_int(OPT_X_TLS_CERTFILE); @@ -217,18 +220,22 @@ add_int(OPT_X_TLS_VERSION); #endif + #if defined(LDAP_OPT_X_TLS_CIPHER) add_int(OPT_X_TLS_CIPHER); #endif + #if defined(LDAP_OPT_X_TLS_PEERCERT) add_int(OPT_X_TLS_PEERCERT); #endif + #if defined(LDAP_OPT_X_TLS_CRLCHECK) add_int(OPT_X_TLS_CRLCHECK); #endif + #if defined(LDAP_OPT_X_TLS_CRLFILE) add_int(OPT_X_TLS_CRLFILE); #endif @@ -241,18 +248,61 @@ add_int(OPT_X_TLS_NEWCTX); #endif + #if defined(LDAP_OPT_X_TLS_PROTOCOL_MIN) add_int(OPT_X_TLS_PROTOCOL_MIN); #endif + #if defined(LDAP_OPT_X_TLS_PACKAGE) add_int(OPT_X_TLS_PACKAGE); #endif + +#if defined(LDAP_OPT_X_TLS_ECNAME) +add_int(OPT_X_TLS_ECNAME); +#endif + + #if defined(LDAP_OPT_X_TLS_REQUIRE_SAN) add_int(OPT_X_TLS_REQUIRE_SAN); #endif + +#if defined(LDAP_OPT_X_TLS_PEERCERT) +add_int(OPT_X_TLS_PEERCERT); +#endif + + +#if defined(LDAP_OPT_X_TLS_PROTOCOL_MAX) +add_int(OPT_X_TLS_PROTOCOL_MAX); +#endif + + +#if defined(LDAP_OPT_X_TLS_PROTOCOL_SSL3) +add_int(OPT_X_TLS_PROTOCOL_SSL3); +#endif + + +#if defined(LDAP_OPT_X_TLS_PROTOCOL_TLS1_0) +add_int(OPT_X_TLS_PROTOCOL_TLS1_0); +#endif + + +#if defined(LDAP_OPT_X_TLS_PROTOCOL_TLS1_1) +add_int(OPT_X_TLS_PROTOCOL_TLS1_1); +#endif + + +#if defined(LDAP_OPT_X_TLS_PROTOCOL_TLS1_2) +add_int(OPT_X_TLS_PROTOCOL_TLS1_2); +#endif + + +#if defined(LDAP_OPT_X_TLS_PROTOCOL_TLS1_3) +add_int(OPT_X_TLS_PROTOCOL_TLS1_3); +#endif + #endif add_int(OPT_X_SASL_MECH); @@ -269,22 +319,27 @@ add_int(OPT_X_SASL_NOCANON); #endif + #if defined(LDAP_OPT_X_SASL_USERNAME) add_int(OPT_X_SASL_USERNAME); #endif + #if defined(LDAP_OPT_CONNECT_ASYNC) add_int(OPT_CONNECT_ASYNC); #endif + #if defined(LDAP_OPT_X_KEEPALIVE_IDLE) add_int(OPT_X_KEEPALIVE_IDLE); #endif + #if defined(LDAP_OPT_X_KEEPALIVE_PROBES) add_int(OPT_X_KEEPALIVE_PROBES); #endif + #if defined(LDAP_OPT_X_KEEPALIVE_INTERVAL) add_int(OPT_X_KEEPALIVE_INTERVAL); #endif @@ -309,36 +364,24 @@ add_int(URL_ERR_BADSCOPE); add_int(URL_ERR_MEM); -#ifdef HAVE_LIBLDAP_R -if (PyModule_AddIntConstant(m, "LIBLDAP_R", 1) != 0) - return -1; -#else -if (PyModule_AddIntConstant(m, "LIBLDAP_R", 0) != 0) - return -1; -#endif - #ifdef HAVE_SASL -if (PyModule_AddIntConstant(m, "SASL_AVAIL", 1) != 0) - return -1; +if (PyModule_AddIntConstant(m, "SASL_AVAIL", 1) != 0) return -1; #else -if (PyModule_AddIntConstant(m, "SASL_AVAIL", 0) != 0) - return -1; +if (PyModule_AddIntConstant(m, "SASL_AVAIL", 0) != 0) return -1; #endif + #ifdef HAVE_TLS -if (PyModule_AddIntConstant(m, "TLS_AVAIL", 1) != 0) - return -1; +if (PyModule_AddIntConstant(m, "TLS_AVAIL", 1) != 0) return -1; #else -if (PyModule_AddIntConstant(m, "TLS_AVAIL", 0) != 0) - return -1; +if (PyModule_AddIntConstant(m, "TLS_AVAIL", 0) != 0) return -1; #endif + #ifdef HAVE_LDAP_INIT_FD -if (PyModule_AddIntConstant(m, "INIT_FD_AVAIL", 1) != 0) - return -1; +if (PyModule_AddIntConstant(m, "INIT_FD_AVAIL", 1) != 0) return -1; #else -if (PyModule_AddIntConstant(m, "INIT_FD_AVAIL", 0) != 0) - return -1; +if (PyModule_AddIntConstant(m, "INIT_FD_AVAIL", 0) != 0) return -1; #endif add_string(CONTROL_MANAGEDSAIT); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Modules/options.c new/python-ldap-3.4.2/Modules/options.c --- old/python-ldap-3.4.0/Modules/options.c 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Modules/options.c 2022-05-30 13:36:51.000000000 +0200 @@ -5,6 +5,7 @@ #include "LDAPObject.h" #include "ldapcontrol.h" #include "options.h" +#include "berval.h" void set_timeval_from_double(struct timeval *tv, double d) @@ -40,6 +41,7 @@ { int res; int intval; + unsigned int uintval; double doubleval; char *strval; struct timeval tv; @@ -56,9 +58,13 @@ switch (option) { case LDAP_OPT_API_INFO: case LDAP_OPT_API_FEATURE_INFO: + case LDAP_OPT_DESC: #ifdef HAVE_SASL case LDAP_OPT_X_SASL_SSF: #endif +#ifdef LDAP_OPT_X_TLS_PEERCERT + case LDAP_OPT_X_TLS_PEERCERT: +#endif /* Read-only options */ PyErr_SetString(PyExc_ValueError, "read-only option"); return 0; @@ -92,6 +98,9 @@ #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN case LDAP_OPT_X_TLS_PROTOCOL_MIN: #endif +#ifdef LDAP_OPT_X_TLS_PROTOCOL_MAX + case LDAP_OPT_X_TLS_PROTOCOL_MAX: +#endif #ifdef LDAP_OPT_X_TLS_REQUIRE_SAN case LDAP_OPT_X_TLS_REQUIRE_SAN: #endif @@ -112,10 +121,19 @@ ptr = &intval; break; +#ifdef LDAP_OPT_TCP_USER_TIMEOUT + case LDAP_OPT_TCP_USER_TIMEOUT: +#endif + if (!PyArg_Parse(value, "I:set_option", &uintval)) + return 0; + ptr = &uintval; + break; + #ifdef HAVE_SASL case LDAP_OPT_X_SASL_SSF_MIN: case LDAP_OPT_X_SASL_SSF_MAX: case LDAP_OPT_X_SASL_SSF_EXTERNAL: + case LDAP_OPT_X_SASL_MAXBUFSIZE: if (!PyArg_Parse(value, "k:set_option", &blen)) return 0; ptr = &blen; @@ -140,10 +158,16 @@ #ifdef LDAP_OPT_X_TLS_CRLFILE case LDAP_OPT_X_TLS_CRLFILE: #endif +#ifdef LDAP_OPT_X_TLS_ECNAME + case LDAP_OPT_X_TLS_ECNAME: +#endif #endif #ifdef HAVE_SASL case LDAP_OPT_X_SASL_SECPROPS: #endif +#ifdef LDAP_OPT_SOCKET_BIND_ADDRESSES + case LDAP_OPT_SOCKET_BIND_ADDRESSES: +#endif /* String valued options */ if (!PyArg_Parse(value, "s:set_option", &strval)) return 0; @@ -183,8 +207,8 @@ } else { PyErr_Format(PyExc_ValueError, - "timeout must be >= 0 or -1/None for infinity, got %d", - option); + "timeout must be >= 0 or -1/None for infinity, got %f", + doubleval); return 0; } break; @@ -250,10 +274,12 @@ { int res; int intval; + unsigned int uintval; struct timeval *tv; LDAPAPIInfo apiinfo; LDAPControl **lcs; char *strval; + struct berval berbytes; #if HAVE_SASL /* unsigned long */ ber_len_t blen; @@ -263,6 +289,7 @@ switch (option) { #ifdef HAVE_SASL + case LDAP_OPT_X_SASL_SECPROPS: case LDAP_OPT_X_SASL_SSF_EXTERNAL: /* Write-only options */ PyErr_SetString(PyExc_ValueError, "write-only option"); @@ -320,6 +347,9 @@ #ifdef LDAP_OPT_X_TLS_PROTOCOL_MIN case LDAP_OPT_X_TLS_PROTOCOL_MIN: #endif +#ifdef LDAP_OPT_X_TLS_PROTOCOL_MAX + case LDAP_OPT_X_TLS_PROTOCOL_MAX: +#endif #ifdef LDAP_OPT_X_TLS_REQUIRE_SAN case LDAP_OPT_X_TLS_REQUIRE_SAN: #endif @@ -345,10 +375,20 @@ return option_error(res, "ldap_get_option"); return PyInt_FromLong(intval); +#ifdef LDAP_OPT_TCP_USER_TIMEOUT + case LDAP_OPT_TCP_USER_TIMEOUT: +#endif + /* unsigned int options */ + res = LDAP_int_get_option(self, option, &uintval); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + return PyLong_FromUnsignedLong(uintval); + #ifdef HAVE_SASL case LDAP_OPT_X_SASL_SSF: case LDAP_OPT_X_SASL_SSF_MIN: case LDAP_OPT_X_SASL_SSF_MAX: + case LDAP_OPT_X_SASL_MAXBUFSIZE: /* ber_len_t options (unsigned long)*/ res = LDAP_int_get_option(self, option, &blen); if (res != LDAP_OPT_SUCCESS) @@ -383,9 +423,11 @@ #ifdef LDAP_OPT_X_TLS_PACKAGE case LDAP_OPT_X_TLS_PACKAGE: #endif +#ifdef LDAP_OPT_X_TLS_ECNAME + case LDAP_OPT_X_TLS_ECNAME: +#endif #endif #ifdef HAVE_SASL - case LDAP_OPT_X_SASL_SECPROPS: case LDAP_OPT_X_SASL_MECH: case LDAP_OPT_X_SASL_REALM: case LDAP_OPT_X_SASL_AUTHCID: @@ -394,6 +436,9 @@ case LDAP_OPT_X_SASL_USERNAME: #endif #endif +#ifdef LDAP_OPT_SOCKET_BIND_ADDRESSES + case LDAP_OPT_SOCKET_BIND_ADDRESSES: +#endif /* String-valued options */ res = LDAP_int_get_option(self, option, &strval); if (res != LDAP_OPT_SUCCESS) @@ -406,6 +451,19 @@ ldap_memfree(strval); return v; +#ifdef HAVE_TLS +#ifdef LDAP_OPT_X_TLS_PEERCERT + case LDAP_OPT_X_TLS_PEERCERT: +#endif +#endif + /* Options dealing with raw data */ + res = LDAP_int_get_option(self, option, &berbytes); + if (res != LDAP_OPT_SUCCESS) + return option_error(res, "ldap_get_option"); + v = LDAPberval_to_object(&berbytes); + ldap_memfree(berbytes.bv_val); + return v; + case LDAP_OPT_TIMEOUT: case LDAP_OPT_NETWORK_TIMEOUT: /* Double-valued timeval options */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/PKG-INFO new/python-ldap-3.4.2/PKG-INFO --- old/python-ldap-3.4.0/PKG-INFO 2021-11-26 16:09:46.211048000 +0100 +++ new/python-ldap-3.4.2/PKG-INFO 2022-07-06 21:11:22.791514900 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: python-ldap -Version: 3.4.0 +Version: 3.4.2 Summary: Python modules for implementing LDAP clients Home-page: https://www.python-ldap.org/ Author: python-ldap project diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Tests/t_cext.py new/python-ldap-3.4.2/Tests/t_cext.py --- old/python-ldap-3.4.0/Tests/t_cext.py 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Tests/t_cext.py 2022-05-30 13:36:51.000000000 +0200 @@ -234,11 +234,11 @@ if 'TLS' in disabled: self.assertFalse(_ldap.TLS_AVAIL) else: - self.assertFalse(_ldap.TLS_AVAIL) + self.assertTrue(_ldap.TLS_AVAIL) if 'SASL' in disabled: self.assertFalse(_ldap.SASL_AVAIL) else: - self.assertFalse(_ldap.SASL_AVAIL) + self.assertTrue(_ldap.SASL_AVAIL) def test_simple_bind(self): l = self._open_conn() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Tests/t_ldap_options.py new/python-ldap-3.4.2/Tests/t_ldap_options.py --- old/python-ldap-3.4.0/Tests/t_ldap_options.py 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Tests/t_ldap_options.py 2022-05-30 13:36:51.000000000 +0200 @@ -23,8 +23,8 @@ ]) TEST_CTRL_EXPECTED = [ TEST_CTRL[0], - # get_option returns empty bytes - (TEST_CTRL[1][0], TEST_CTRL[1][1], b''), + # Noop has no value + (TEST_CTRL[1][0], TEST_CTRL[1][1], None), ] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/Tests/t_ldapobject.py new/python-ldap-3.4.2/Tests/t_ldapobject.py --- old/python-ldap-3.4.0/Tests/t_ldapobject.py 2021-11-26 15:07:01.000000000 +0100 +++ new/python-ldap-3.4.2/Tests/t_ldapobject.py 2022-07-06 21:10:21.000000000 +0200 @@ -3,9 +3,11 @@ See https://www.python-ldap.org/ for details. """ +import base64 import errno import linecache import os +import re import socket import unittest import pickle @@ -20,6 +22,11 @@ from slapdtest import requires_ldapi, requires_sasl, requires_tls from slapdtest import requires_init_fd +PEM_CERT_RE = re.compile( + b'-----BEGIN CERTIFICATE-----(.*?)-----END CERTIFICATE-----', + re.DOTALL +) + LDIF_TEMPLATE = """dn: %(suffix)s objectClass: dcObject @@ -421,6 +428,33 @@ l.simple_bind_s(self.server.root_dn, self.server.root_pw) self.assertEqual(l.whoami_s(), 'dn:' + self.server.root_dn) + @requires_tls() + @unittest.skipUnless( + hasattr(ldap, "OPT_X_TLS_PEERCERT"), + reason="Requires OPT_X_TLS_PEERCERT" + ) + def test_get_tls_peercert(self): + l = self.ldap_object_class(self.server.ldap_uri) + peercert = l.get_option(ldap.OPT_X_TLS_PEERCERT) + self.assertEqual(peercert, None) + with self.assertRaises(ValueError): + l.set_option(ldap.OPT_X_TLS_PEERCERT, b"") + + l.set_option(ldap.OPT_X_TLS_CACERTFILE, self.server.cafile) + l.set_option(ldap.OPT_X_TLS_NEWCTX, 0) + l.start_tls_s() + + peercert = l.get_option(ldap.OPT_X_TLS_PEERCERT) + self.assertTrue(peercert) + self.assertIsInstance(peercert, bytes) + + with open(self.server.servercert, "rb") as f: + server_cert = f.read() + pem_body = PEM_CERT_RE.search(server_cert).group(1) + server_der = base64.b64decode(pem_body) + + self.assertEqual(server_der, peercert) + def test_dse(self): dse = self._ldap_conn.read_rootdse_s() self.assertIsInstance(dse, dict) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/setup.cfg new/python-ldap-3.4.2/setup.cfg --- old/python-ldap-3.4.0/setup.cfg 2021-11-26 16:09:46.211048000 +0100 +++ new/python-ldap-3.4.2/setup.cfg 2022-07-06 21:11:22.795515000 +0200 @@ -2,10 +2,9 @@ license_file = LICENCE [_ldap] -defines = HAVE_SASL HAVE_TLS HAVE_LIBLDAP_R +defines = HAVE_SASL HAVE_TLS extra_compile_args = extra_objects = -libs = ldap_r lber [install] compile = 1 @@ -13,7 +12,7 @@ [bdist_rpm] provides = python-ldap -requires = python libldap-2_4 +requires = python libldap-2 vendor = python-ldap project packager = python-ldap team distribution_name = openSUSE 11.x diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/python-ldap-3.4.0/setup.py new/python-ldap-3.4.2/setup.py --- old/python-ldap-3.4.0/setup.py 2021-11-26 15:35:31.000000000 +0100 +++ new/python-ldap-3.4.2/setup.py 2022-05-30 13:36:51.000000000 +0200 @@ -132,7 +132,6 @@ extra_objects = LDAP_CLASS.extra_objects, runtime_library_dirs = (not sys.platform.startswith("win"))*LDAP_CLASS.library_dirs, define_macros = LDAP_CLASS.defines + \ - ('ldap_r' in LDAP_CLASS.libs or 'oldap_r' in LDAP_CLASS.libs)*[('HAVE_LIBLDAP_R',None)] + \ ('sasl' in LDAP_CLASS.libs or 'sasl2' in LDAP_CLASS.libs or 'libsasl' in LDAP_CLASS.libs)*[('HAVE_SASL',None)] + \ ('ssl' in LDAP_CLASS.libs and 'crypto' in LDAP_CLASS.libs)*[('HAVE_TLS',None)] + \ [
