Hello community, here is the log from the commit of package python-ryu for openSUSE:Factory checked in at 2019-05-07 23:19:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-ryu (Old) and /work/SRC/openSUSE:Factory/.python-ryu.new.5148 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-ryu" Tue May 7 23:19:33 2019 rev:3 rq:701228 version:4.31 Changes: -------- --- /work/SRC/openSUSE:Factory/python-ryu/python-ryu.changes 2018-12-12 17:28:58.850839167 +0100 +++ /work/SRC/openSUSE:Factory/.python-ryu.new.5148/python-ryu.changes 2019-05-07 23:19:35.357000625 +0200 @@ -1,0 +2,7 @@ +Tue May 7 07:11:27 UTC 2019 - pgaj...@suse.com + +- version update to 4.31 + * Choose the highest TLS version +- run tests + +------------------------------------------------------------------- Old: ---- ryu-4.30.tar.gz New: ---- ryu-4.31.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-ryu.spec ++++++ --- /var/tmp/diff_new_pack.69lh9F/_old 2019-05-07 23:19:36.561003373 +0200 +++ /var/tmp/diff_new_pack.69lh9F/_new 2019-05-07 23:19:36.561003373 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-ryu # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-ryu -Version: 4.30 +Version: 4.31 Release: 0 Summary: Component-based Software-defined Networking Framework License: Apache-2.0 @@ -29,6 +29,20 @@ BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros +# SECTION test requirements +BuildRequires: %{python_module FormEncode} +BuildRequires: %{python_module Routes} +BuildRequires: %{python_module WebOb} +BuildRequires: %{python_module eventlet} +BuildRequires: %{python_module lxml} +BuildRequires: %{python_module mock} +BuildRequires: %{python_module msgpack} +BuildRequires: %{python_module netaddr} +BuildRequires: %{python_module nose} +BuildRequires: %{python_module oslo.config} +BuildRequires: %{python_module ovs} +BuildRequires: %{python_module tinyrpc} +# /SECTION Requires: python-Routes Requires: python-WebOb >= 1.2 Requires: python-eventlet >= 0.18.2 @@ -79,6 +93,11 @@ %python_expand %fdupes %{buildroot}%{$python_sitelib} +%check +# test_requirements.py: not applicable, test_controller.py: test_ssl fails +rm ryu/tests/unit/{test_requirements.py,controller/test_controller.py} +%{python_expand PYTHON=$python sh run_tests.sh -N -P} + %post %{python_install_alternative ryu ryu-manager} ++++++ ryu-4.30.tar.gz -> ryu-4.31.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/AUTHORS new/ryu-4.31/AUTHORS --- old/ryu-4.30/AUTHORS 2018-11-03 12:11:11.000000000 +0100 +++ new/ryu-4.31/AUTHORS 2019-04-01 14:48:45.000000000 +0200 @@ -25,6 +25,7 @@ EisukeTAKAHASHI <takahashi.eis...@po.ntts.co.jp> Eran <e...@gampel.net> Evan Gray <evanscottg...@gmail.com> +FUJITA Tomonori <fujita.tomon...@gmail.com> FUJITA Tomonori <fujita.tomon...@lab.ntt.co.jp> FUJITA Tomonori <to...@acm.org> Fadi Moukayed <smf...@gmail.com> @@ -116,6 +117,7 @@ Yury Kulazhenkov <kulazhen...@gmail.com> Yusuke Iwase <iwase.yusu...@gmail.com> Zhang Dongya <fortitude.zh...@gmail.com> +alex <atoptsog...@suse.com> blacksheeep <christopher.sch...@stud.unibas.ch> fortitude.zhang <fortitude.zh...@gmail.com> fumihiko kakuma <kak...@valinux.co.jp> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ChangeLog new/ryu-4.31/ChangeLog --- old/ryu-4.30/ChangeLog 2018-11-03 12:11:11.000000000 +0100 +++ new/ryu-4.31/ChangeLog 2019-04-01 14:48:45.000000000 +0200 @@ -1,6 +1,8 @@ CHANGES ======= +* Ryu 4.31 +* Choose the highest TLS version * Ryu 4.30 * Grammatical improvements to some of the documentation * Ryu 4.29 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/PKG-INFO new/ryu-4.31/PKG-INFO --- old/ryu-4.30/PKG-INFO 2018-11-03 12:11:13.000000000 +0100 +++ new/ryu-4.31/PKG-INFO 2019-04-01 14:48:47.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: ryu -Version: 4.30 +Version: 4.31 Summary: Component-based Software-defined Networking Framework Home-page: http://osrg.github.io/ryu/ Author: Ryu project team diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ryu/__init__.py new/ryu-4.31/ryu/__init__.py --- old/ryu-4.30/ryu/__init__.py 2018-11-03 11:36:54.000000000 +0100 +++ new/ryu-4.31/ryu/__init__.py 2019-04-01 14:41:06.000000000 +0200 @@ -14,5 +14,5 @@ # limitations under the License. -version_info = (4, 30) +version_info = (4, 31) version = '.'.join(map(str, version_info)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ryu/controller/controller.py new/ryu-4.31/ryu/controller/controller.py --- old/ryu-4.30/ryu/controller/controller.py 2018-03-26 15:11:32.000000000 +0200 +++ new/ryu-4.31/ryu/controller/controller.py 2019-03-28 03:41:01.000000000 +0100 @@ -165,6 +165,23 @@ def server_loop(self, ofp_tcp_listen_port, ofp_ssl_listen_port): if CONF.ctl_privkey is not None and CONF.ctl_cert is not None: + if not hasattr(ssl, 'SSLContext'): + # anything less than python 2.7.9 supports only TLSv1 + # or less, thus we choose TLSv1 + ssl_args = {'ssl_version': ssl.PROTOCOL_TLSv1} + else: + # from 2.7.9 and versions 3.4+ ssl context creation is + # supported. Protocol_TLS from 2.7.13 and from 3.5.3 + # replaced SSLv23. Functionality is similar. + if hasattr(ssl, 'PROTOCOL_TLS'): + p = 'PROTOCOL_TLS' + else: + p = 'PROTOCOL_SSLv23' + + ssl_args = {'ssl_ctx': ssl.SSLContext(getattr(ssl, p))} + # Restrict non-safe versions + ssl_args['ssl_ctx'].options |= ssl.OP_NO_SSLv3 | ssl.OP_NO_SSLv2 + if CONF.ca_certs is not None: server = StreamServer((CONF.ofp_listen_host, ofp_ssl_listen_port), @@ -172,15 +189,13 @@ keyfile=CONF.ctl_privkey, certfile=CONF.ctl_cert, cert_reqs=ssl.CERT_REQUIRED, - ca_certs=CONF.ca_certs, - ssl_version=ssl.PROTOCOL_TLSv1) + ca_certs=CONF.ca_certs, **ssl_args) else: server = StreamServer((CONF.ofp_listen_host, ofp_ssl_listen_port), datapath_connection_factory, keyfile=CONF.ctl_privkey, - certfile=CONF.ctl_cert, - ssl_version=ssl.PROTOCOL_TLSv1) + certfile=CONF.ctl_cert, **ssl_args) else: server = StreamServer((CONF.ofp_listen_host, ofp_tcp_listen_port), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ryu/lib/hub.py new/ryu-4.31/ryu/lib/hub.py --- old/ryu-4.30/ryu/lib/hub.py 2017-11-18 04:25:58.000000000 +0100 +++ new/ryu-4.31/ryu/lib/hub.py 2019-03-28 03:41:01.000000000 +0100 @@ -42,6 +42,7 @@ import ssl import socket import traceback + import sys getcurrent = eventlet.getcurrent patch = eventlet.monkey_patch @@ -128,7 +129,17 @@ if ssl_args: def wrap_and_handle(sock, addr): ssl_args.setdefault('server_side', True) - handle(ssl.wrap_socket(sock, **ssl_args), addr) + if 'ssl_ctx' in ssl_args: + ctx = ssl_args.pop('ssl_ctx') + ctx.load_cert_chain(ssl_args.pop('certfile'), + ssl_args.pop('keyfile')) + if 'cert_reqs' in ssl_args: + ctx.verify_mode = ssl_args.pop('cert_reqs') + if 'ca_certs' in ssl_args: + ctx.load_verify_locations(ssl_args.pop('ca_certs')) + handle(ctx.wrap_socket(sock, **ssl_args), addr) + else: + handle(ssl.wrap_socket(sock, **ssl_args), addr) self.handle = wrap_and_handle else: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ryu/tests/unit/controller/cert.crt new/ryu-4.31/ryu/tests/unit/controller/cert.crt --- old/ryu-4.30/ryu/tests/unit/controller/cert.crt 1970-01-01 01:00:00.000000000 +0100 +++ new/ryu-4.31/ryu/tests/unit/controller/cert.crt 2019-03-28 03:41:01.000000000 +0100 @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIJAKL09YuU92JPMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNV +BAYTAkpQMRMwEQYDVQQIDApTb21lLVN0YXRlMSQwIgYDVQQKDBtSeXUgU0ROIEZy +YW1ld29yayBDb21tdW5pdHkwIBcNMTkwMzI1MDE1NzQzWhgPMjI5MzAxMDYwMTU3 +NDNaMEgxCzAJBgNVBAYTAkpQMRMwEQYDVQQIDApTb21lLVN0YXRlMSQwIgYDVQQK +DBtSeXUgU0ROIEZyYW1ld29yayBDb21tdW5pdHkwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDLT29+6JwD75wH7gPVxU52hrysBfxE6WjyT/nT+aSIQmZu +SU6/5hECOnV4YdyB7rxFu2WO2SD5PgeoHPBpTqtxrdTWoVOWVljnNcqEwSCS7bl9 +nbgX8uxCacg9qbFNJJRBAS0XQ2bSsD0GoOnhj3Olrz1u0wRIUqrR3A5giMbYwQPr +S4cmkxfgp2uV+WCHk40WxZnGgWzIRhO11GK9CAGncncPYhj+23w+GFaHIf00TdV2 +JEvwLFuLf1EaewZ7rz8zf1sLHAxqx20A6VdledEpNAzt1L8goPhk1mHvRgUC7E2v +FnSt1ePCJsVrvccudMdPBXSMfgJC2gmfdQefdSXRAgMBAAGjUzBRMB0GA1UdDgQW +BBRjlXSQ2rVjwOr1io6iJyidmjCNfzAfBgNVHSMEGDAWgBRjlXSQ2rVjwOr1io6i +JyidmjCNfzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCC1Uvo +4PdC5YQSXkAhrxgVhexp87VVkoWwpno75hvfoCjtSkb7+cskvQbPM14zbjIUrsli +qmTkjXyTUe8q5U06OitMAyM6qUvS0nFDi5aPQYV6N0XmJ+rV18prfQORyHvEmEyv +nqHVPoQkmGPpJ8aOVrTlECyxG7wLI2UxBEB3Atk51QHzbGGLKW7g5tHY6J5cMe/9 +ydeClJk2/AXkoqWkbtJrbw46alH97CajuLn/4D9B/Rm+M1Kg48gze5zJ7+WrB0Jl +pAhRqMM3upaOlXdeYDdNDgE0j/ulZGY2UssFIoHylcrb4QKQXjwqRXYhuuucJQJ3 +vsY4y1D/qps9llRL +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ryu/tests/unit/controller/cert.key new/ryu-4.31/ryu/tests/unit/controller/cert.key --- old/ryu-4.30/ryu/tests/unit/controller/cert.key 1970-01-01 01:00:00.000000000 +0100 +++ new/ryu-4.31/ryu/tests/unit/controller/cert.key 2019-03-28 03:41:01.000000000 +0100 @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEuwIBADANBgkqhkiG9w0BAQEFAASCBKUwggShAgEAAoIBAQDLT29+6JwD75wH +7gPVxU52hrysBfxE6WjyT/nT+aSIQmZuSU6/5hECOnV4YdyB7rxFu2WO2SD5Pgeo +HPBpTqtxrdTWoVOWVljnNcqEwSCS7bl9nbgX8uxCacg9qbFNJJRBAS0XQ2bSsD0G +oOnhj3Olrz1u0wRIUqrR3A5giMbYwQPrS4cmkxfgp2uV+WCHk40WxZnGgWzIRhO1 +1GK9CAGncncPYhj+23w+GFaHIf00TdV2JEvwLFuLf1EaewZ7rz8zf1sLHAxqx20A +6VdledEpNAzt1L8goPhk1mHvRgUC7E2vFnSt1ePCJsVrvccudMdPBXSMfgJC2gmf +dQefdSXRAgMBAAECggEAcvPsB6Z/qB4Pa9Bg7LqNnaia/uy3cUND6lXb3MW3CK/6 +eHsMgqYTkd3502IJqpGQdCD70CPmZ+Zxr9UE/ZXUjAcMY3p952/U/o3EfwEvaMPu +8B6AG1Jn0Tk8VdkffY2kIYkHtLKQbanmJ1xOQRG6AsEti/7V2gqbuOKiYmSTgbPG +Upw9JNdtR6bZrGrrEXJbPCrSCej47MDyE+nt4zMIsqmY5IlbTMHcTKVDGeKbT9qT +7/Uyg+Tb62eber9iQhE0OteLt2GwrJR5yZ5QKNKM4SPqwYlOvQ9z289eZMVU3uwI +1NI1YRM5EMsdWrzFye7H/T/jsCaWrO0zmI/I4BMfEQKBgQDtUgPyY4PgVXVZ/hha +l5pi66GQ79+6LJP3SHb3I6p0iULq3oV+onG0Ezvx2vc21sbuLEazNlJoXzEzSIVM +/RjNJ9FsD/ENEuJedkspwtZZ4O4ZH6wKyHg/LCUly59ER37Ql/XwIX7adKCn7Z4d +9xN3aQmPtLna/aIZ8HyptRpT9QKBgQDbUB67YXiIFY+k5cwtK0m8T3rY4WNpEwzr +Y/1l+0EvXqCousU9MnLveyY8EcLDh5SnM0CvH4mFS8xL/r/kcUO9cHwuM+KZ77KN +Ukp9CRT9raxDZY/F0FVuET4LrJNnekCMsOnMxO51il/AHcul7886sEirkB1dsXND +nkh9h8g87QJ/cRikyN6j+kS/qCNvd7zH1lx0op2uAQs9eJsQFrbohKDlQwjIlZDU +nvyLlLbFGV1BcD+pcb5xh0vWJppo7EexihNvug/e0FwvhNTa/QvdGvgWf+KYGotu +wqxHB7wCKofn54CDs+xCh9kMtvqGX8FfhYiJBfMan0I//hydTEMCSQKBgEiv6E+g +gYtQ4hf8FczOsRSZnxSstv8HUlvd+wlG2hbyHPtvU5nx04gt38E+/bdCg3FbGlAw +eqrUMXTqjP0Q0SvDUVUa2zq76AjQwmFoli1x10tLKPieEQJ28oJ6Ayzjpus6Y3L7 +vjD02MFa3rkznxJLhPpfvGvmOVaq6km4rBQNAoGBALQGfaRiAtp6lSubi4Etdwtg +Tps2o1SBXfzENpq6s99k+UdCBLh90uzuA897GClsUYeuAYUyxQP3otIZUuSjq/Ht +JHYwT9QxOkSYrNCfQW/nF0CJjZ6TcvcFp8SdyUUbwCR2rkDK7LlMzxkfU3cCrwMP +q51oIVlKjIxg86JJXrRQ +-----END PRIVATE KEY----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ryu/tests/unit/controller/test_controller.py new/ryu-4.31/ryu/tests/unit/controller/test_controller.py --- old/ryu-4.30/ryu/tests/unit/controller/test_controller.py 2017-11-18 04:25:56.000000000 +0100 +++ new/ryu-4.31/ryu/tests/unit/controller/test_controller.py 2019-03-28 03:41:01.000000000 +0100 @@ -22,6 +22,7 @@ import json import os +import ssl import sys import warnings import logging @@ -33,9 +34,11 @@ from ryu.base import app_manager # To suppress cyclic import from ryu.controller import controller from ryu.controller import handler +from ryu.lib import hub from ryu.ofproto import ofproto_v1_3_parser from ryu.ofproto import ofproto_v1_2_parser from ryu.ofproto import ofproto_v1_0_parser +hub.patch() LOG = logging.getLogger('test_controller') @@ -177,3 +180,52 @@ self.assertEqual(state, handler.MAIN_DISPATCHER) self.assertEqual(kwargs, {}) self.assertEqual(expected_json, output_json) + + +class TestOpenFlowController(unittest.TestCase): + """ + Test cases for OpenFlowController + """ + @mock.patch("ryu.controller.controller.CONF") + def _test_ssl(self, this_dir, port, conf_mock): + conf_mock.ofp_ssl_listen_port = port + conf_mock.ofp_listen_host = "127.0.0.1" + conf_mock.ca_certs = None + conf_mock.ctl_cert = os.path.join(this_dir, 'cert.crt') + conf_mock.ctl_privkey = os.path.join(this_dir, 'cert.key') + c = controller.OpenFlowController() + c() + + def test_ssl(self): + """Tests SSL server functionality.""" + # TODO: TLS version enforcement is necessary to avoid + # vulnerable versions. Currently, this only tests TLS + # connectivity. + this_dir = os.path.dirname(sys.modules[__name__].__file__) + saved_exception = None + try: + ssl_version = ssl.PROTOCOL_TLS + except AttributeError: + # For compatibility with older pythons. + ssl_version = ssl.PROTOCOL_TLSv1 + for i in range(3): + try: + # Try a few times as this can fail with EADDRINUSE + port = random.randint(5000, 10000) + server = hub.spawn(self._test_ssl, this_dir, port) + hub.sleep(1) + client = hub.StreamClient(("127.0.0.1", port), + timeout=5, + ssl_version=ssl_version) + if client.connect() is not None: + break + except Exception as e: + saved_exception = e + continue + finally: + try: + hub.kill(server) + except Exception: + pass + else: + self.fail("Failed to connect: " + str(saved_exception)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ryu.egg-info/PKG-INFO new/ryu-4.31/ryu.egg-info/PKG-INFO --- old/ryu-4.30/ryu.egg-info/PKG-INFO 2018-11-03 12:11:12.000000000 +0100 +++ new/ryu-4.31/ryu.egg-info/PKG-INFO 2019-04-01 14:48:45.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: ryu -Version: 4.30 +Version: 4.31 Summary: Component-based Software-defined Networking Framework Home-page: http://osrg.github.io/ryu/ Author: Ryu project team diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ryu.egg-info/SOURCES.txt new/ryu-4.31/ryu.egg-info/SOURCES.txt --- old/ryu-4.30/ryu.egg-info/SOURCES.txt 2018-11-03 12:11:12.000000000 +0100 +++ new/ryu-4.31/ryu.egg-info/SOURCES.txt 2019-04-01 14:48:46.000000000 +0200 @@ -1189,6 +1189,8 @@ ryu/tests/unit/cmd/dummy_openflow_app.py ryu/tests/unit/cmd/test_manager.py ryu/tests/unit/controller/__init__.py +ryu/tests/unit/controller/cert.crt +ryu/tests/unit/controller/cert.key ryu/tests/unit/controller/test_controller.py ryu/tests/unit/lib/__init__.py ryu/tests/unit/lib/test_addrconv.py diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ryu-4.30/ryu.egg-info/pbr.json new/ryu-4.31/ryu.egg-info/pbr.json --- old/ryu-4.30/ryu.egg-info/pbr.json 2018-11-03 12:11:12.000000000 +0100 +++ new/ryu-4.31/ryu.egg-info/pbr.json 2019-04-01 14:48:45.000000000 +0200 @@ -1 +1 @@ -{"git_version": "56e8fb3", "is_release": false} \ No newline at end of file +{"git_version": "050bfbc", "is_release": false} \ No newline at end of file