CVS commit: pkgsrc/security

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/security
From: "Kimmo Suominen" <kim%netbsd.org@localhost>
Date: Sun, 4 Aug 2024 09:42:36 +0000

Module Name:    pkgsrc
Committed By:   kim
Date:           Sun Aug  4 09:42:36 UTC 2024

Modified Files:
        pkgsrc/security/py-certbot: Makefile distinfo
        pkgsrc/security/py-cryptography: dependency.mk
Added Files:
        pkgsrc/security/py-certbot/patches:
            patch-certbot__internal_test_ocsp_test.py patch-certbot_ocsp.py

Log Message:
Patch py-certbot to avoid deprecation warnings

Bump py-cryptography minimum version of the rust variety due to API change.


To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 pkgsrc/security/py-certbot/Makefile
cvs rdiff -u -r1.88 -r1.89 pkgsrc/security/py-certbot/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/py-certbot/patches/patch-certbot__internal_test_ocsp_test.py \
    pkgsrc/security/py-certbot/patches/patch-certbot_ocsp.py
cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/py-cryptography/dependency.mk

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/py-certbot/Makefile
diff -u pkgsrc/security/py-certbot/Makefile:1.42 pkgsrc/security/py-certbot/Makefile:1.43
--- pkgsrc/security/py-certbot/Makefile:1.42    Sat Feb 10 07:15:22 2024
+++ pkgsrc/security/py-certbot/Makefile Sun Aug  4 09:42:35 2024
@@ -1,8 +1,9 @@
-# $NetBSD: Makefile,v 1.42 2024/02/10 07:15:22 adam Exp $
+# $NetBSD: Makefile,v 1.43 2024/08/04 09:42:35 kim Exp $
 
 .include "../../security/py-certbot/Makefile.common"
 
 DISTNAME=      certbot-${CERTBOT_VERSION}
+PKGREVISION=   1
 MASTER_SITES=  ${MASTER_SITE_PYPI:=c/certbot/}
 
 COMMENT=       Client for the Let's Encrypt CA

Index: pkgsrc/security/py-certbot/distinfo
diff -u pkgsrc/security/py-certbot/distinfo:1.88 pkgsrc/security/py-certbot/distinfo:1.89
--- pkgsrc/security/py-certbot/distinfo:1.88    Thu Jun  6 12:05:45 2024
+++ pkgsrc/security/py-certbot/distinfo Sun Aug  4 09:42:35 2024
@@ -1,5 +1,7 @@
-$NetBSD: distinfo,v 1.88 2024/06/06 12:05:45 adam Exp $
+$NetBSD: distinfo,v 1.89 2024/08/04 09:42:35 kim Exp $
 
 BLAKE2s (certbot-2.11.0.tar.gz) = 0da1b56df6ad6cba0ca62fe7f7fbce25ddae98a2bc1c2d0c5919e812f8057690
 SHA512 (certbot-2.11.0.tar.gz) = ddc4d92d5b9df8917cf073a0478d85e4dc739160b7f3f6f667df0a119fef8423f0d36e93fcd7972d6e961e44e11eabcf4889c499f9d10388cd6e89eee019bc34
 Size (certbot-2.11.0.tar.gz) = 438415 bytes
+SHA1 (patch-certbot__internal_test_ocsp_test.py) = 0989e284346c1697ebcf4ea0a1177b647eeb483e
+SHA1 (patch-certbot_ocsp.py) = d24e8afc7b328f10fd1918fefa747043702573a9

Index: pkgsrc/security/py-cryptography/dependency.mk
diff -u pkgsrc/security/py-cryptography/dependency.mk:1.5 pkgsrc/security/py-cryptography/dependency.mk:1.6
--- pkgsrc/security/py-cryptography/dependency.mk:1.5   Fri May 10 11:48:13 2024
+++ pkgsrc/security/py-cryptography/dependency.mk       Sun Aug  4 09:42:36 2024
@@ -1,4 +1,4 @@
-# $NetBSD: dependency.mk,v 1.5 2024/05/10 11:48:13 wiz Exp $
+# $NetBSD: dependency.mk,v 1.6 2024/08/04 09:42:36 kim Exp $
 #
 # Not for public use - use through versioned_dependencies.mk.
 #
@@ -22,7 +22,7 @@ PYCRYPTOGRAPHY_TYPE?= c
 
 .include "../../lang/python/pyversion.mk"
 .if ${PYCRYPTOGRAPHY_TYPE:tl} == "rust"
-PYCRYPTOGRAPHY_VERSION?=       cryptography>=0
+PYCRYPTOGRAPHY_VERSION?=       cryptography>=43
 PYCRYPTOGRAPHY_DIR?=           security/py-cryptography
 .else
 PYCRYPTOGRAPHY_VERSION?=       cryptography>=0<3.4

Added files:

Index: pkgsrc/security/py-certbot/patches/patch-certbot__internal_test_ocsp_test.py
diff -u /dev/null pkgsrc/security/py-certbot/patches/patch-certbot__internal_test_ocsp_test.py:1.1
--- /dev/null   Sun Aug  4 09:42:36 2024
+++ pkgsrc/security/py-certbot/patches/patch-certbot__internal_test_ocsp_test.py        Sun Aug  4 09:42:35 2024
@@ -0,0 +1,21 @@
+$NetBSD: patch-certbot__internal_test_ocsp_test.py,v 1.1 2024/08/04 09:42:35 kim Exp $
+
+Patch tests for py-cryptography 43 and later (#9968).
+This is unlikely to be the official patch (#9667).
+
+Source: https://github.com/certbot/certbot/pull/9968
+See also: https://github.com/certbot/certbot/issues/9967
+
+--- certbot/_internal/tests/ocsp_test.py
++++ certbot/_internal/tests/ocsp_test.py
+@@ -324,8 +324,8 @@ def _construct_mock_ocsp_response(certificate_status, response_status):
+         responder_name=responder.subject,
+         certificates=[responder],
+         hash_algorithm=hashes.SHA1(),
+-        next_update=datetime.now(pytz.UTC).replace(tzinfo=None) + timedelta(days=1),
+-        this_update=datetime.now(pytz.UTC).replace(tzinfo=None) - timedelta(days=1),
++        next_update_utc=datetime.now(pytz.UTC).replace(tzinfo=None) + timedelta(days=1),
++        this_update_utc=datetime.now(pytz.UTC).replace(tzinfo=None) - timedelta(days=1),
+         signature_algorithm_oid=x509.oid.SignatureAlgorithmOID.RSA_WITH_SHA1,
+     )
+ 
Index: pkgsrc/security/py-certbot/patches/patch-certbot_ocsp.py
diff -u /dev/null pkgsrc/security/py-certbot/patches/patch-certbot_ocsp.py:1.1
--- /dev/null   Sun Aug  4 09:42:36 2024
+++ pkgsrc/security/py-certbot/patches/patch-certbot_ocsp.py    Sun Aug  4 09:42:35 2024
@@ -0,0 +1,26 @@
+$NetBSD: patch-certbot_ocsp.py,v 1.1 2024/08/04 09:42:35 kim Exp $
+
+Patch certbot/ocsp.py for py-cryptography 43 and later (#9968).
+This is unlikely to be the official patch (#9667).
+
+Source: https://github.com/certbot/certbot/pull/9968
+See also: https://github.com/certbot/certbot/issues/9967
+
+--- certbot/ocsp.py
++++ certbot/ocsp.py
+@@ -235,11 +235,11 @@ def _check_ocsp_response(response_ocsp: 'ocsp.OCSPResponse', request_ocsp: 'ocsp
+     # https://github.com/openssl/openssl/blob/ef45aa14c5af024fcb8bef1c9007f3d1c115bd85/crypto/ocsp/ocsp_cl.c#L338-L391
+     # thisUpdate/nextUpdate are expressed in UTC/GMT time zone
+     now = datetime.now(pytz.UTC).replace(tzinfo=None)
+-    if not response_ocsp.this_update:
++    if not response_ocsp.this_update_utc:
+         raise AssertionError('param thisUpdate is not set.')
+-    if response_ocsp.this_update > now + timedelta(minutes=5):
++    if response_ocsp.this_update_utc > now + timedelta(minutes=5):
+         raise AssertionError('param thisUpdate is in the future.')
+-    if response_ocsp.next_update and response_ocsp.next_update < now - timedelta(minutes=5):
++    if response_ocsp.next_update_utc and response_ocsp.next_update_utc < now - timedelta(minutes=5):
+         raise AssertionError('param nextUpdate is in the past.')
+ 
+ 
+

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/textproc/csvlens
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/textproc/csvlens
Indexes:

Home | Main Index | Thread Index | Old Index