Hello community, here is the log from the commit of package python-acme for openSUSE:Leap:15.2 checked in at 2020-03-15 07:13:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/python-acme (Old) and /work/SRC/openSUSE:Leap:15.2/.python-acme.new.3160 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-acme" Sun Mar 15 07:13:13 2020 rev:42 rq:784977 version:1.3.0 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/python-acme/python-acme.changes 2020-02-27 06:41:49.261649308 +0100 +++ /work/SRC/openSUSE:Leap:15.2/.python-acme.new.3160/python-acme.changes 2020-03-15 07:13:17.837032582 +0100 @@ -1,0 +2,8 @@ +Wed Mar 11 13:40:21 UTC 2020 - Marketa Calabkova <[email protected]> + +- update to version 1.3.0 + * Don't verify the existing certificate in HTTP01Response.simple_verify, for + compatibility with the real-world ACME challenge checks. + * Fix acme module warnings when response Content-Type includes params (e.g. charset). + +------------------------------------------------------------------- Old: ---- acme-1.2.0.tar.gz acme-1.2.0.tar.gz.asc New: ---- acme-1.3.0.tar.gz acme-1.3.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-acme.spec ++++++ --- /var/tmp/diff_new_pack.0lB1JK/_old 2020-03-15 07:13:18.241032794 +0100 +++ /var/tmp/diff_new_pack.0lB1JK/_new 2020-03-15 07:13:18.241032794 +0100 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %define libname acme Name: python-%{libname} -Version: 1.2.0 +Version: 1.3.0 Release: 0 Summary: Python library for the ACME protocol License: Apache-2.0 ++++++ acme-1.2.0.tar.gz -> acme-1.3.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/PKG-INFO new/acme-1.3.0/PKG-INFO --- old/acme-1.2.0/PKG-INFO 2020-02-04 22:47:04.000000000 +0100 +++ new/acme-1.3.0/PKG-INFO 2020-03-03 21:36:42.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: acme -Version: 1.2.0 +Version: 1.3.0 Summary: ACME protocol implementation in Python Home-page: https://github.com/letsencrypt/letsencrypt Author: Certbot Project diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/acme/challenges.py new/acme-1.3.0/acme/challenges.py --- old/acme-1.2.0/acme/challenges.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/acme/challenges.py 2020-03-03 21:36:35.000000000 +0100 @@ -303,7 +303,7 @@ uri = chall.uri(domain) logger.debug("Verifying %s at %s...", chall.typ, uri) try: - http_response = requests.get(uri) + http_response = requests.get(uri, verify=False) except requests.exceptions.RequestException as error: logger.error("Unable to reach %s: %s", uri, error) return False diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/acme/client.py new/acme-1.3.0/acme/client.py --- old/acme-1.2.0/acme/client.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/acme/client.py 2020-03-03 21:36:35.000000000 +0100 @@ -15,16 +15,16 @@ from requests.adapters import HTTPAdapter from requests_toolbelt.adapters.source import SourceAddressAdapter import six -from six.moves import http_client # pylint: disable=import-error +from six.moves import http_client from acme import crypto_util from acme import errors from acme import jws from acme import messages -from acme.magic_typing import Dict # pylint: disable=unused-import, no-name-in-module -from acme.magic_typing import List # pylint: disable=unused-import, no-name-in-module -from acme.magic_typing import Set # pylint: disable=unused-import, no-name-in-module -from acme.magic_typing import Text # pylint: disable=unused-import, no-name-in-module +from acme.magic_typing import Dict +from acme.magic_typing import List +from acme.magic_typing import Set +from acme.magic_typing import Text logger = logging.getLogger(__name__) @@ -36,7 +36,7 @@ try: requests.packages.urllib3.contrib.pyopenssl.inject_into_urllib3() # type: ignore except AttributeError: - import urllib3.contrib.pyopenssl # pylint: disable=import-error + import urllib3.contrib.pyopenssl urllib3.contrib.pyopenssl.inject_into_urllib3() DEFAULT_NETWORK_TIMEOUT = 45 @@ -666,7 +666,7 @@ response = self._post(self.directory['newOrder'], order) body = messages.Order.from_json(response.json()) authorizations = [] - for url in body.authorizations: # pylint: disable=not-an-iterable + for url in body.authorizations: authorizations.append(self._authzr_from_response(self._post_as_get(url), uri=url)) return messages.OrderResource( body=body, @@ -1022,6 +1022,9 @@ """ response_ct = response.headers.get('Content-Type') + # Strip parameters from the media-type (rfc2616#section-3.7) + if response_ct: + response_ct = response_ct.split(';')[0].strip() try: # TODO: response.json() is called twice, once here, and # once in _get and _post clients diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/acme/crypto_util.py new/acme-1.3.0/acme/crypto_util.py --- old/acme-1.2.0/acme/crypto_util.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/acme/crypto_util.py 2020-03-03 21:36:35.000000000 +0100 @@ -11,10 +11,9 @@ from OpenSSL import SSL # type: ignore # https://github.com/python/typeshed/issues/2052 from acme import errors -from acme.magic_typing import Callable # pylint: disable=unused-import, no-name-in-module -from acme.magic_typing import Optional # pylint: disable=unused-import, no-name-in-module -from acme.magic_typing import Tuple # pylint: disable=unused-import, no-name-in-module -from acme.magic_typing import Union # pylint: disable=unused-import, no-name-in-module +from acme.magic_typing import Callable +from acme.magic_typing import Tuple +from acme.magic_typing import Union logger = logging.getLogger(__name__) @@ -74,7 +73,7 @@ class FakeConnection(object): """Fake OpenSSL.SSL.Connection.""" - # pylint: disable=missing-docstring + # pylint: disable=missing-function-docstring def __init__(self, connection): self._wrapped = connection @@ -86,7 +85,7 @@ # OpenSSL.SSL.Connection.shutdown doesn't accept any args return self._wrapped.shutdown() - def accept(self): # pylint: disable=missing-docstring + def accept(self): # pylint: disable=missing-function-docstring sock, addr = self.sock.accept() context = SSL.Context(self.method) @@ -298,7 +297,6 @@ def _dump_cert(cert): if isinstance(cert, jose.ComparableX509): - # pylint: disable=protected-access cert = cert.wrapped return crypto.dump_certificate(filetype, cert) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/acme/jws.py new/acme-1.3.0/acme/jws.py --- old/acme-1.2.0/acme/jws.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/acme/jws.py 2020-03-03 21:36:35.000000000 +0100 @@ -15,7 +15,7 @@ url = jose.Field('url', omitempty=True) @nonce.decoder - def nonce(value): # pylint: disable=missing-docstring,no-self-argument + def nonce(value): # pylint: disable=no-self-argument,missing-function-docstring try: return jose.decode_b64jose(value) except jose.DeserializationError as error: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/acme/magic_typing.py new/acme-1.3.0/acme/magic_typing.py --- old/acme-1.2.0/acme/magic_typing.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/acme/magic_typing.py 2020-03-03 21:36:35.000000000 +0100 @@ -10,7 +10,6 @@ try: # mypy doesn't respect modifying sys.modules from typing import * # pylint: disable=wildcard-import, unused-wildcard-import - # pylint: disable=unused-import from typing import Collection, IO # type: ignore # pylint: enable=unused-import except ImportError: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/acme/messages.py new/acme-1.3.0/acme/messages.py --- old/acme-1.2.0/acme/messages.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/acme/messages.py 2020-03-03 21:36:35.000000000 +0100 @@ -11,7 +11,7 @@ from acme import util try: - from collections.abc import Hashable # pylint: disable=no-name-in-module + from collections.abc import Hashable except ImportError: # pragma: no cover from collections import Hashable @@ -460,7 +460,6 @@ @property def uri(self): """The URL of the challenge body.""" - # pylint: disable=function-redefined,no-member return self.body.uri @@ -488,7 +487,7 @@ wildcard = jose.Field('wildcard', omitempty=True) @challenges.decoder - def challenges(value): # pylint: disable=missing-docstring,no-self-argument + def challenges(value): # pylint: disable=no-self-argument,missing-function-docstring return tuple(ChallengeBody.from_json(chall) for chall in value) @property @@ -585,7 +584,7 @@ error = jose.Field('error', omitempty=True, decoder=Error.from_json) @identifiers.decoder - def identifiers(value): # pylint: disable=missing-docstring,no-self-argument + def identifiers(value): # pylint: disable=no-self-argument,missing-function-docstring return tuple(Identifier.from_json(identifier) for identifier in value) class OrderResource(ResourceWithURI): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/acme/standalone.py new/acme-1.3.0/acme/standalone.py --- old/acme-1.2.0/acme/standalone.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/acme/standalone.py 2020-03-03 21:36:35.000000000 +0100 @@ -5,19 +5,16 @@ import socket import threading -from six.moves import BaseHTTPServer # type: ignore # pylint: disable=import-error -from six.moves import http_client # pylint: disable=import-error -from six.moves import socketserver # type: ignore # pylint: disable=import-error +from six.moves import BaseHTTPServer # type: ignore +from six.moves import http_client +from six.moves import socketserver # type: ignore from acme import challenges from acme import crypto_util -from acme.magic_typing import List # pylint: disable=unused-import, no-name-in-module +from acme.magic_typing import List logger = logging.getLogger(__name__) -# six.moves.* | pylint: disable=no-member,attribute-defined-outside-init -# pylint: disable=no-init - class TLSServer(socketserver.TCPServer): """Generic TLS Server.""" @@ -30,7 +27,6 @@ self.address_family = socket.AF_INET self.certs = kwargs.pop("certs", {}) self.method = kwargs.pop( - # pylint: disable=protected-access "method", crypto_util._DEFAULT_SSL_METHOD) self.allow_reuse_address = kwargs.pop("allow_reuse_address", True) socketserver.TCPServer.__init__(self, *args, **kwargs) @@ -39,7 +35,7 @@ self.socket = crypto_util.SSLSocket( self.socket, certs=self.certs, method=self.method) - def server_bind(self): # pylint: disable=missing-docstring + def server_bind(self): self._wrap_sock() return socketserver.TCPServer.server_bind(self) @@ -178,7 +174,7 @@ self.log_message("Incoming request") BaseHTTPServer.BaseHTTPRequestHandler.handle(self) - def do_GET(self): # pylint: disable=invalid-name,missing-docstring + def do_GET(self): # pylint: disable=invalid-name,missing-function-docstring if self.path == "/": self.handle_index() elif self.path.startswith("/" + challenges.HTTP01.URI_ROOT_PATH): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/acme.egg-info/PKG-INFO new/acme-1.3.0/acme.egg-info/PKG-INFO --- old/acme-1.2.0/acme.egg-info/PKG-INFO 2020-02-04 22:47:04.000000000 +0100 +++ new/acme-1.3.0/acme.egg-info/PKG-INFO 2020-03-03 21:36:42.000000000 +0100 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: acme -Version: 1.2.0 +Version: 1.3.0 Summary: ACME protocol implementation in Python Home-page: https://github.com/letsencrypt/letsencrypt Author: Certbot Project diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/docs/conf.py new/acme-1.3.0/docs/conf.py --- old/acme-1.2.0/docs/conf.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/docs/conf.py 2020-03-03 21:36:35.000000000 +0100 @@ -113,7 +113,7 @@ #keep_warnings = False # If true, `todo` and `todoList` produce output, else they produce nothing. -todo_include_todos = True +todo_include_todos = False # -- Options for HTML output ---------------------------------------------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/setup.py new/acme-1.3.0/setup.py --- old/acme-1.2.0/setup.py 2020-02-04 22:46:58.000000000 +0100 +++ new/acme-1.3.0/setup.py 2020-03-03 21:36:38.000000000 +0100 @@ -4,7 +4,7 @@ from setuptools import setup from setuptools.command.test import test as TestCommand -version = '1.2.0' +version = '1.3.0' # Please update tox.ini when modifying dependency version requirements install_requires = [ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/tests/challenges_test.py new/acme-1.3.0/tests/challenges_test.py --- old/acme-1.2.0/tests/challenges_test.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/tests/challenges_test.py 2020-03-03 21:36:35.000000000 +0100 @@ -181,7 +181,7 @@ mock_get.return_value = mock.MagicMock(text=validation) self.assertTrue(self.response.simple_verify( self.chall, "local", KEY.public_key())) - mock_get.assert_called_once_with(self.chall.uri("local")) + mock_get.assert_called_once_with(self.chall.uri("local"), verify=False) @mock.patch("acme.challenges.requests.get") def test_simple_verify_bad_validation(self, mock_get): @@ -197,7 +197,7 @@ HTTP01Response.WHITESPACE_CUTSET)) self.assertTrue(self.response.simple_verify( self.chall, "local", KEY.public_key())) - mock_get.assert_called_once_with(self.chall.uri("local")) + mock_get.assert_called_once_with(self.chall.uri("local"), verify=False) @mock.patch("acme.challenges.requests.get") def test_simple_verify_connection_error(self, mock_get): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.2.0/tests/client_test.py new/acme-1.3.0/tests/client_test.py --- old/acme-1.2.0/tests/client_test.py 2020-02-04 22:46:57.000000000 +0100 +++ new/acme-1.3.0/tests/client_test.py 2020-03-03 21:36:35.000000000 +0100 @@ -980,6 +980,35 @@ self.assertEqual( self.response, self.net._check_response(self.response)) + @mock.patch('acme.client.logger') + def test_check_response_ok_ct_with_charset(self, mock_logger): + self.response.json.return_value = {} + self.response.headers['Content-Type'] = 'application/json; charset=utf-8' + # pylint: disable=protected-access + self.assertEqual(self.response, self.net._check_response( + self.response, content_type='application/json')) + try: + mock_logger.debug.assert_called_with( + 'Ignoring wrong Content-Type (%r) for JSON decodable response', + 'application/json; charset=utf-8' + ) + except AssertionError: + return + raise AssertionError('Expected Content-Type warning ' #pragma: no cover + 'to not have been logged') + + @mock.patch('acme.client.logger') + def test_check_response_ok_bad_ct(self, mock_logger): + self.response.json.return_value = {} + self.response.headers['Content-Type'] = 'text/plain' + # pylint: disable=protected-access + self.assertEqual(self.response, self.net._check_response( + self.response, content_type='application/json')) + mock_logger.debug.assert_called_with( + 'Ignoring wrong Content-Type (%r) for JSON decodable response', + 'text/plain' + ) + def test_check_response_conflict(self): self.response.ok = False self.response.status_code = 409
