Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-acme for openSUSE:Factory
checked in at 2022-07-11 19:10:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-acme (Old)
and /work/SRC/openSUSE:Factory/.python-acme.new.1523 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-acme"
Mon Jul 11 19:10:17 2022 rev:60 rq:988382 version:1.29.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-acme/python-acme.changes 2022-06-25
10:25:02.518740550 +0200
+++ /work/SRC/openSUSE:Factory/.python-acme.new.1523/python-acme.changes
2022-07-11 19:11:28.887790168 +0200
@@ -1,0 +2,15 @@
+Mon Jul 11 13:07:42 UTC 2022 - Dirk M??ller <dmuel...@suse.com>
+
+- update to 1.29.0:
+ * --allow-subset-of-names will now additionally retry in cases where domains
+ are rejected while creating or finalizing orders. This requires subproblem
+ support from the ACME server
+ * The show_account subcommand now uses the "newAccount" ACME endpoint to
+ fetch the account data, so it doesn't rely on the locally stored account
URL.
+ This fixes situations where Certbot
+ would use old ACMEv1 registration info with non-functional account URLs.
+ * The generated Certificate Signing Requests are now generated as version 1
+ instead of version 3. This resolves situations in where strict enforcement
+ of PKCS#10 meant that CSRs that were generated as version 3 were rejected
+
+-------------------------------------------------------------------
Old:
----
acme-1.28.0.tar.gz
acme-1.28.0.tar.gz.asc
New:
----
acme-1.29.0.tar.gz
acme-1.29.0.tar.gz.asc
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-acme.spec ++++++
--- /var/tmp/diff_new_pack.wWJAcP/_old 2022-07-11 19:11:29.223790656 +0200
+++ /var/tmp/diff_new_pack.wWJAcP/_new 2022-07-11 19:11:29.227790662 +0200
@@ -20,7 +20,7 @@
%define skip_python2 1
%define libname acme
Name: python-%{libname}
-Version: 1.28.0
+Version: 1.29.0
Release: 0
Summary: Python library for the ACME protocol
License: Apache-2.0
@@ -30,7 +30,7 @@
Source2: %{name}.keyring
BuildRequires: %{python_module cryptography >= 2.5.0}
BuildRequires: %{python_module josepy >= 1.13.0}
-BuildRequires: %{python_module pyOpenSSL >= 17.3.0}
+BuildRequires: %{python_module pyOpenSSL >= 17.5.0}
BuildRequires: %{python_module pyRFC3339}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module pytz >= 2019.3}
@@ -41,7 +41,7 @@
BuildRequires: python-rpm-macros
Requires: python-cryptography >= 2.5.0
Requires: python-josepy >= 1.13.0
-Requires: python-pyOpenSSL >= 17.3.0
+Requires: python-pyOpenSSL >= 17.5.0
Requires: python-pyRFC3339
Requires: python-pytz >= 2019.3
Requires: python-requests >= 2.20.0
++++++ acme-1.28.0.tar.gz -> acme-1.29.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/acme-1.28.0/PKG-INFO new/acme-1.29.0/PKG-INFO
--- old/acme-1.28.0/PKG-INFO 2022-06-07 21:41:21.792955600 +0200
+++ new/acme-1.29.0/PKG-INFO 2022-07-05 20:15:52.407889100 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: acme
-Version: 1.28.0
+Version: 1.29.0
Summary: ACME protocol implementation in Python
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/acme-1.28.0/acme/client.py
new/acme-1.29.0/acme/client.py
--- old/acme-1.28.0/acme/client.py 2022-06-07 21:41:07.000000000 +0200
+++ new/acme-1.29.0/acme/client.py 2022-07-05 20:15:47.000000000 +0200
@@ -646,12 +646,8 @@
Resource.
"""
- self.net.account = regr # See certbot/certbot#6258
- # ACME v2 requires to use a POST-as-GET request (POST an empty JWS)
here.
- # This is done by passing None instead of an empty UpdateRegistration
to _post().
- response = self._post(regr.uri, None)
- self.net.account = self._regr_from_response(response, uri=regr.uri,
-
terms_of_service=regr.terms_of_service)
+ self.net.account = self._get_v2_account(regr, True)
+
return self.net.account
def update_registration(self, regr: messages.RegistrationResource,
@@ -671,12 +667,15 @@
new_regr = self._get_v2_account(regr)
return super().update_registration(new_regr, update)
- def _get_v2_account(self, regr: messages.RegistrationResource) ->
messages.RegistrationResource:
+ def _get_v2_account(self, regr: messages.RegistrationResource,
update_body: bool = False
+ ) -> messages.RegistrationResource:
self.net.account = None
only_existing_reg = regr.body.update(only_return_existing=True)
response = self._post(self.directory['newAccount'], only_existing_reg)
updated_uri = response.headers['Location']
- new_regr = regr.update(uri=updated_uri)
+ new_regr =
regr.update(body=messages.Registration.from_json(response.json())
+ if update_body else regr.body,
+ uri=updated_uri)
self.net.account = new_regr
return new_regr
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/acme-1.28.0/acme/crypto_util.py
new/acme-1.29.0/acme/crypto_util.py
--- old/acme-1.28.0/acme/crypto_util.py 2022-06-07 21:41:07.000000000 +0200
+++ new/acme-1.29.0/acme/crypto_util.py 2022-07-05 20:15:47.000000000 +0200
@@ -258,7 +258,8 @@
value=b"DER:30:03:02:01:05"))
csr.add_extensions(extensions)
csr.set_pubkey(private_key)
- csr.set_version(2)
+ # RFC 2986 Section 4.1 only defines version 0
+ csr.set_version(0)
csr.sign(private_key, 'sha256')
return crypto.dump_certificate_request(
crypto.FILETYPE_PEM, csr)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/acme-1.28.0/acme.egg-info/PKG-INFO
new/acme-1.29.0/acme.egg-info/PKG-INFO
--- old/acme-1.28.0/acme.egg-info/PKG-INFO 2022-06-07 21:41:21.000000000
+0200
+++ new/acme-1.29.0/acme.egg-info/PKG-INFO 2022-07-05 20:15:52.000000000
+0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: acme
-Version: 1.28.0
+Version: 1.29.0
Summary: ACME protocol implementation in Python
Home-page: https://github.com/letsencrypt/letsencrypt
Author: Certbot Project
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/acme-1.28.0/acme.egg-info/requires.txt
new/acme-1.29.0/acme.egg-info/requires.txt
--- old/acme-1.28.0/acme.egg-info/requires.txt 2022-06-07 21:41:21.000000000
+0200
+++ new/acme-1.29.0/acme.egg-info/requires.txt 2022-07-05 20:15:52.000000000
+0200
@@ -1,6 +1,6 @@
cryptography>=2.5.0
josepy>=1.13.0
-PyOpenSSL>=17.3.0
+PyOpenSSL>=17.5.0
pyrfc3339
pytz>=2019.3
requests>=2.20.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/acme-1.28.0/setup.py new/acme-1.29.0/setup.py
--- old/acme-1.28.0/setup.py 2022-06-07 21:41:08.000000000 +0200
+++ new/acme-1.29.0/setup.py 2022-07-05 20:15:48.000000000 +0200
@@ -3,12 +3,12 @@
from setuptools import find_packages
from setuptools import setup
-version = '1.28.0'
+version = '1.29.0'
install_requires = [
'cryptography>=2.5.0',
'josepy>=1.13.0',
- 'PyOpenSSL>=17.3.0',
+ 'PyOpenSSL>=17.5.0',
'pyrfc3339',
'pytz>=2019.3',
'requests>=2.20.0',
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/acme-1.28.0/tests/client_test.py
new/acme-1.29.0/tests/client_test.py
--- old/acme-1.28.0/tests/client_test.py 2022-06-07 21:41:07.000000000
+0200
+++ new/acme-1.29.0/tests/client_test.py 2022-07-05 20:15:47.000000000
+0200
@@ -140,6 +140,7 @@
self.response.json.return_value = DIRECTORY_V2.to_json()
client = self._init()
self.response.json.return_value = self.regr.body.to_json()
+ self.response.headers = {'Location':
'https://www.letsencrypt-demo.org/acme/reg/1'}
self.assertEqual(self.regr, client.query_registration(self.regr))
def test_forwarding(self):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/acme-1.28.0/tests/crypto_util_test.py
new/acme-1.29.0/tests/crypto_util_test.py
--- old/acme-1.28.0/tests/crypto_util_test.py 2022-06-07 21:41:07.000000000
+0200
+++ new/acme-1.29.0/tests/crypto_util_test.py 2022-07-05 20:15:47.000000000
+0200
@@ -314,6 +314,14 @@
def test_make_csr_without_hostname(self):
self.assertRaises(ValueError, self._call_with_key)
+ def test_make_csr_correct_version(self):
+ csr_pem = self._call_with_key(["a.example"])
+ csr = OpenSSL.crypto.load_certificate_request(
+ OpenSSL.crypto.FILETYPE_PEM, csr_pem)
+
+ self.assertEqual(csr.get_version(), 0,
+ "Expected CSR version to be v1 (encoded as 0), per RFC 2986,
section 4")
+
class DumpPyopensslChainTest(unittest.TestCase):
"""Test for dump_pyopenssl_chain."""
