Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-acme for openSUSE:Factory checked in at 2022-07-11 19:10:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-acme (Old) and /work/SRC/openSUSE:Factory/.python-acme.new.1523 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-acme" Mon Jul 11 19:10:17 2022 rev:60 rq:988382 version:1.29.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-acme/python-acme.changes 2022-06-25 10:25:02.518740550 +0200 +++ /work/SRC/openSUSE:Factory/.python-acme.new.1523/python-acme.changes 2022-07-11 19:11:28.887790168 +0200 @@ -1,0 +2,15 @@ +Mon Jul 11 13:07:42 UTC 2022 - Dirk M??ller <dmuel...@suse.com> + +- update to 1.29.0: + * --allow-subset-of-names will now additionally retry in cases where domains + are rejected while creating or finalizing orders. This requires subproblem + support from the ACME server + * The show_account subcommand now uses the "newAccount" ACME endpoint to + fetch the account data, so it doesn't rely on the locally stored account URL. + This fixes situations where Certbot + would use old ACMEv1 registration info with non-functional account URLs. + * The generated Certificate Signing Requests are now generated as version 1 + instead of version 3. This resolves situations in where strict enforcement + of PKCS#10 meant that CSRs that were generated as version 3 were rejected + +------------------------------------------------------------------- Old: ---- acme-1.28.0.tar.gz acme-1.28.0.tar.gz.asc New: ---- acme-1.29.0.tar.gz acme-1.29.0.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-acme.spec ++++++ --- /var/tmp/diff_new_pack.wWJAcP/_old 2022-07-11 19:11:29.223790656 +0200 +++ /var/tmp/diff_new_pack.wWJAcP/_new 2022-07-11 19:11:29.227790662 +0200 @@ -20,7 +20,7 @@ %define skip_python2 1 %define libname acme Name: python-%{libname} -Version: 1.28.0 +Version: 1.29.0 Release: 0 Summary: Python library for the ACME protocol License: Apache-2.0 @@ -30,7 +30,7 @@ Source2: %{name}.keyring BuildRequires: %{python_module cryptography >= 2.5.0} BuildRequires: %{python_module josepy >= 1.13.0} -BuildRequires: %{python_module pyOpenSSL >= 17.3.0} +BuildRequires: %{python_module pyOpenSSL >= 17.5.0} BuildRequires: %{python_module pyRFC3339} BuildRequires: %{python_module pytest} BuildRequires: %{python_module pytz >= 2019.3} @@ -41,7 +41,7 @@ BuildRequires: python-rpm-macros Requires: python-cryptography >= 2.5.0 Requires: python-josepy >= 1.13.0 -Requires: python-pyOpenSSL >= 17.3.0 +Requires: python-pyOpenSSL >= 17.5.0 Requires: python-pyRFC3339 Requires: python-pytz >= 2019.3 Requires: python-requests >= 2.20.0 ++++++ acme-1.28.0.tar.gz -> acme-1.29.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.28.0/PKG-INFO new/acme-1.29.0/PKG-INFO --- old/acme-1.28.0/PKG-INFO 2022-06-07 21:41:21.792955600 +0200 +++ new/acme-1.29.0/PKG-INFO 2022-07-05 20:15:52.407889100 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: acme -Version: 1.28.0 +Version: 1.29.0 Summary: ACME protocol implementation in Python Home-page: https://github.com/letsencrypt/letsencrypt Author: Certbot Project diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.28.0/acme/client.py new/acme-1.29.0/acme/client.py --- old/acme-1.28.0/acme/client.py 2022-06-07 21:41:07.000000000 +0200 +++ new/acme-1.29.0/acme/client.py 2022-07-05 20:15:47.000000000 +0200 @@ -646,12 +646,8 @@ Resource. """ - self.net.account = regr # See certbot/certbot#6258 - # ACME v2 requires to use a POST-as-GET request (POST an empty JWS) here. - # This is done by passing None instead of an empty UpdateRegistration to _post(). - response = self._post(regr.uri, None) - self.net.account = self._regr_from_response(response, uri=regr.uri, - terms_of_service=regr.terms_of_service) + self.net.account = self._get_v2_account(regr, True) + return self.net.account def update_registration(self, regr: messages.RegistrationResource, @@ -671,12 +667,15 @@ new_regr = self._get_v2_account(regr) return super().update_registration(new_regr, update) - def _get_v2_account(self, regr: messages.RegistrationResource) -> messages.RegistrationResource: + def _get_v2_account(self, regr: messages.RegistrationResource, update_body: bool = False + ) -> messages.RegistrationResource: self.net.account = None only_existing_reg = regr.body.update(only_return_existing=True) response = self._post(self.directory['newAccount'], only_existing_reg) updated_uri = response.headers['Location'] - new_regr = regr.update(uri=updated_uri) + new_regr = regr.update(body=messages.Registration.from_json(response.json()) + if update_body else regr.body, + uri=updated_uri) self.net.account = new_regr return new_regr diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.28.0/acme/crypto_util.py new/acme-1.29.0/acme/crypto_util.py --- old/acme-1.28.0/acme/crypto_util.py 2022-06-07 21:41:07.000000000 +0200 +++ new/acme-1.29.0/acme/crypto_util.py 2022-07-05 20:15:47.000000000 +0200 @@ -258,7 +258,8 @@ value=b"DER:30:03:02:01:05")) csr.add_extensions(extensions) csr.set_pubkey(private_key) - csr.set_version(2) + # RFC 2986 Section 4.1 only defines version 0 + csr.set_version(0) csr.sign(private_key, 'sha256') return crypto.dump_certificate_request( crypto.FILETYPE_PEM, csr) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.28.0/acme.egg-info/PKG-INFO new/acme-1.29.0/acme.egg-info/PKG-INFO --- old/acme-1.28.0/acme.egg-info/PKG-INFO 2022-06-07 21:41:21.000000000 +0200 +++ new/acme-1.29.0/acme.egg-info/PKG-INFO 2022-07-05 20:15:52.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 2.1 Name: acme -Version: 1.28.0 +Version: 1.29.0 Summary: ACME protocol implementation in Python Home-page: https://github.com/letsencrypt/letsencrypt Author: Certbot Project diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.28.0/acme.egg-info/requires.txt new/acme-1.29.0/acme.egg-info/requires.txt --- old/acme-1.28.0/acme.egg-info/requires.txt 2022-06-07 21:41:21.000000000 +0200 +++ new/acme-1.29.0/acme.egg-info/requires.txt 2022-07-05 20:15:52.000000000 +0200 @@ -1,6 +1,6 @@ cryptography>=2.5.0 josepy>=1.13.0 -PyOpenSSL>=17.3.0 +PyOpenSSL>=17.5.0 pyrfc3339 pytz>=2019.3 requests>=2.20.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.28.0/setup.py new/acme-1.29.0/setup.py --- old/acme-1.28.0/setup.py 2022-06-07 21:41:08.000000000 +0200 +++ new/acme-1.29.0/setup.py 2022-07-05 20:15:48.000000000 +0200 @@ -3,12 +3,12 @@ from setuptools import find_packages from setuptools import setup -version = '1.28.0' +version = '1.29.0' install_requires = [ 'cryptography>=2.5.0', 'josepy>=1.13.0', - 'PyOpenSSL>=17.3.0', + 'PyOpenSSL>=17.5.0', 'pyrfc3339', 'pytz>=2019.3', 'requests>=2.20.0', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.28.0/tests/client_test.py new/acme-1.29.0/tests/client_test.py --- old/acme-1.28.0/tests/client_test.py 2022-06-07 21:41:07.000000000 +0200 +++ new/acme-1.29.0/tests/client_test.py 2022-07-05 20:15:47.000000000 +0200 @@ -140,6 +140,7 @@ self.response.json.return_value = DIRECTORY_V2.to_json() client = self._init() self.response.json.return_value = self.regr.body.to_json() + self.response.headers = {'Location': 'https://www.letsencrypt-demo.org/acme/reg/1'} self.assertEqual(self.regr, client.query_registration(self.regr)) def test_forwarding(self): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/acme-1.28.0/tests/crypto_util_test.py new/acme-1.29.0/tests/crypto_util_test.py --- old/acme-1.28.0/tests/crypto_util_test.py 2022-06-07 21:41:07.000000000 +0200 +++ new/acme-1.29.0/tests/crypto_util_test.py 2022-07-05 20:15:47.000000000 +0200 @@ -314,6 +314,14 @@ def test_make_csr_without_hostname(self): self.assertRaises(ValueError, self._call_with_key) + def test_make_csr_correct_version(self): + csr_pem = self._call_with_key(["a.example"]) + csr = OpenSSL.crypto.load_certificate_request( + OpenSSL.crypto.FILETYPE_PEM, csr_pem) + + self.assertEqual(csr.get_version(), 0, + "Expected CSR version to be v1 (encoded as 0), per RFC 2986, section 4") + class DumpPyopensslChainTest(unittest.TestCase): """Test for dump_pyopenssl_chain."""