Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-aioquic for openSUSE:Factory checked in at 2024-01-25 18:41:26 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-aioquic (Old) and /work/SRC/openSUSE:Factory/.python-aioquic.new.1815 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-aioquic" Thu Jan 25 18:41:26 2024 rev:8 rq:1141367 version:0.9.25 Changes: -------- --- /work/SRC/openSUSE:Factory/python-aioquic/python-aioquic.changes 2024-01-21 23:09:17.931566959 +0100 +++ /work/SRC/openSUSE:Factory/.python-aioquic.new.1815/python-aioquic.changes 2024-01-25 18:41:30.059290119 +0100 @@ -1,0 +2,9 @@ +Thu Jan 25 04:25:09 UTC 2024 - Steve Kowalik <steven.kowa...@suse.com> + +- Drop patch cryptography.patch: + * No longer required. +- Add patch support-service-identity-24.patch: + * Support service-identity >= 24 +- Switch to pyproject macros. + +------------------------------------------------------------------- Old: ---- cryptography.patch New: ---- support-service-identity-24.patch BETA DEBUG BEGIN: Old: - Drop patch cryptography.patch: * No longer required. BETA DEBUG END: BETA DEBUG BEGIN: New: * No longer required. - Add patch support-service-identity-24.patch: * Support service-identity >= 24 BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-aioquic.spec ++++++ --- /var/tmp/diff_new_pack.T90FGN/_old 2024-01-25 18:41:30.999323657 +0100 +++ /var/tmp/diff_new_pack.T90FGN/_new 2024-01-25 18:41:30.999323657 +0100 @@ -22,12 +22,12 @@ Release: 0 Summary: Python implementation of QUIC and HTTP/3 License: BSD-3-Clause -Group: Development/Languages/Python URL: https://github.com/aiortc/aioquic Source: https://files.pythonhosted.org/packages/source/a/aioquic/aioquic-%{version}.tar.gz -# PATCH-FIX-OPENSUSE cryptography.patch -- we can't pin to old cryptography and thus don't get expected test exceptions, c...@bnavigator.de -Patch1: cryptography.patch +# PATCH-FIX-UPSTREAM gh#aiortc/aioquic#452 +Patch0: support-service-identity-24.patch BuildRequires: %{python_module devel >= 3.7} +BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} BuildRequires: fdupes @@ -57,10 +57,10 @@ %build export CFLAGS="%{optflags}" -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install %{python_expand rm %{buildroot}%{$python_sitearch}/aioquic/*.c %fdupes %{buildroot}%{$python_sitearch} } @@ -72,5 +72,5 @@ %doc README.rst %license LICENSE %{python_sitearch}/aioquic -%{python_sitearch}/aioquic-%{version}*-info +%{python_sitearch}/aioquic-%{version}.dist-info ++++++ support-service-identity-24.patch ++++++ >From 9dd2b961dac1c9192d2459b697925ffab26a8ed2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jeremy=20Lain=C3=A9?= <jeremy.la...@m4x.org> Date: Sun, 14 Jan 2024 11:49:14 +0100 Subject: [PATCH] Adapt "no subjectaltname" test for service-identitity >= 24 When a certificate contains no subjectAltName extension, `service-identity` now raises a `CertificateError` instead of a `VerificationError`. --- pyproject.toml | 2 +- src/aioquic/tls.py | 7 +++++-- tests/test_tls.py | 3 +-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/pyproject.toml b/pyproject.toml index 562a2a72..927fa0d4 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -31,7 +31,7 @@ dependencies = [ "cryptography", "pylsqpack>=0.3.3,<0.4.0", "pyopenssl>=22", - "service-identity>=23.1.0", + "service-identity>=24.1.0", ] dynamic = ["version"] diff --git a/src/aioquic/tls.py b/src/aioquic/tls.py index a8bcb2ce..35f92ce7 100644 --- a/src/aioquic/tls.py +++ b/src/aioquic/tls.py @@ -244,10 +244,13 @@ def verify_certificate( certificate, server_name ) - except service_identity.VerificationError as exc: + except ( + service_identity.CertificateError, + service_identity.VerificationError, + ) as exc: patterns = service_identity.cryptography.extract_patterns(certificate) if len(patterns) == 0: - errmsg = "subject alternative name not found in the certificate" + errmsg = str(exc) elif len(patterns) == 1: errmsg = f"hostname {server_name!r} doesn't match {patterns[0]!r}" else: diff --git a/tests/test_tls.py b/tests/test_tls.py index 1de9cf35..cf28bf11 100644 --- a/tests/test_tls.py +++ b/tests/test_tls.py @@ -1666,8 +1666,7 @@ def test_verify_subject_no_subjaltname(self): cadata=cadata, certificate=certificate, server_name="example.com" ) self.assertEqual( - str(cm.exception), - "subject alternative name not found in the certificate", + str(cm.exception), "Certificate does not contain any `subjectAltName`s." ) def test_verify_subject_with_subjaltname(self):