CVS commit: pkgsrc/chat/py-xmpppy

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/chat/py-xmpppy
From: "Greg Troxel" <gdt%netbsd.org@localhost>
Date: Fri, 22 Nov 2024 14:20:02 +0000

Module Name:    pkgsrc
Committed By:   gdt
Date:           Fri Nov 22 14:20:02 UTC 2024

Modified Files:
        pkgsrc/chat/py-xmpppy: Makefile distinfo
        pkgsrc/chat/py-xmpppy/patches: patch-xmpp_transports.py

Log Message:
chat/py-xmpppy: Enable certificate validation

Tested on NetBSD 10.  This is really addressing an upstream issue, but
upstream does not appear likely to do so soon.


To generate a diff of this commit:
cvs rdiff -u -r1.32 -r1.33 pkgsrc/chat/py-xmpppy/Makefile
cvs rdiff -u -r1.10 -r1.11 pkgsrc/chat/py-xmpppy/distinfo
cvs rdiff -u -r1.3 -r1.4 \
    pkgsrc/chat/py-xmpppy/patches/patch-xmpp_transports.py

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/chat/py-xmpppy/Makefile
diff -u pkgsrc/chat/py-xmpppy/Makefile:1.32 pkgsrc/chat/py-xmpppy/Makefile:1.33
--- pkgsrc/chat/py-xmpppy/Makefile:1.32 Fri Nov 22 13:45:36 2024
+++ pkgsrc/chat/py-xmpppy/Makefile      Fri Nov 22 14:20:02 2024
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.32 2024/11/22 13:45:36 gdt Exp $
+# $NetBSD: Makefile,v 1.33 2024/11/22 14:20:02 gdt Exp $
 
 DISTNAME=      xmpppy-0.7.1
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
-PKGREVISION=   3
+PKGREVISION=   5
 CATEGORIES=    chat python
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=xmpppy/}
 GITHUB_PROJECT=        xmpppy

Index: pkgsrc/chat/py-xmpppy/distinfo
diff -u pkgsrc/chat/py-xmpppy/distinfo:1.10 pkgsrc/chat/py-xmpppy/distinfo:1.11
--- pkgsrc/chat/py-xmpppy/distinfo:1.10 Fri Nov 22 13:45:36 2024
+++ pkgsrc/chat/py-xmpppy/distinfo      Fri Nov 22 14:20:02 2024
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.10 2024/11/22 13:45:36 gdt Exp $
+$NetBSD: distinfo,v 1.11 2024/11/22 14:20:02 gdt Exp $
 
 BLAKE2s (xmpppy-0.7.1.tar.gz) = e394d2554c38736ed35eb93823e11b02a87f719ab6e980d88327326b65660286
 SHA512 (xmpppy-0.7.1.tar.gz) = d7dc536282c5214007037bacc0c2d24bc64d1ea10441472a5ab23b14fe076b65f945e966a6255519e8ddca41c6d4c343ebe99b50bf1764f6775e58a3ab1b2266
 Size (xmpppy-0.7.1.tar.gz) = 191428 bytes
 SHA1 (patch-xmpp_debug.py) = a410b7abd534f37bba583ca9f15bf05252bc55a0
-SHA1 (patch-xmpp_transports.py) = 67884d31f7929a8a5db29169025985b31e73aa53
+SHA1 (patch-xmpp_transports.py) = d8cb097d8f239dd275a9f7595ebeb49bb800f0e0

Index: pkgsrc/chat/py-xmpppy/patches/patch-xmpp_transports.py
diff -u pkgsrc/chat/py-xmpppy/patches/patch-xmpp_transports.py:1.3 pkgsrc/chat/py-xmpppy/patches/patch-xmpp_transports.py:1.4
--- pkgsrc/chat/py-xmpppy/patches/patch-xmpp_transports.py:1.3  Fri Nov 22 13:45:36 2024
+++ pkgsrc/chat/py-xmpppy/patches/patch-xmpp_transports.py      Fri Nov 22 14:20:02 2024
@@ -1,31 +1,28 @@
-$NetBSD: patch-xmpp_transports.py,v 1.3 2024/11/22 13:45:36 gdt Exp $
+$NetBSD: patch-xmpp_transports.py,v 1.4 2024/11/22 14:20:02 gdt Exp $
 
 Adapt to ssl usage in python 3.12 and up.
 
 Taken from:
   https://github.com/xmpppy/xmpppy/pull/70/
 
-NB: This patch disables validation entirely, matching the previous
-behavior.  This is a bug and it is \todo to to enable validation.
+This patch asks python to load the system's configured trust anchors.
+Validation and hostname matching are in theory enabled by default.
+This is a behavior change from upstream, but it is a bugfix.
+See
   https://github.com/xmpppy/xmpppy/issues/71
 
-Comment for after validation is enabled:
-
-This patch enables check_hostname, and in theory that should result in
-certificate validation using the system's configured trust anchors,
-and also hostname matching.  Perhaps this is a behavior change from
-before, but if so it is a bugfix.
 
 --- xmpp/transports.py.orig    2022-04-10 18:25:44.000000000 +0000
 +++ xmpp/transports.py
-@@ -383,8 +383,13 @@ class TLS(PlugIn):
+@@ -383,8 +383,14 @@ class TLS(PlugIn):
      def _startSSL(self):
          """ Immidiatedly switch socket to TLS mode. Used internally."""
          """ Here we should switch pending_data to hint mode."""
 +        context=ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-+        # \todo Fix this after understanding validation a bit better
-+        context.check_hostname = False
-+        context.verify_mode = ssl.CERT_NONE
++        context.set_default_verify_paths()
++        # Uncomment if you need to work around trust anchor configuration.
++        #context.check_hostname = False
++        #context.verify_mode = ssl.CERT_NONE
 +
          tcpsock=self._owner.Connection
 -        tcpsock._sslObj    = ssl.wrap_socket(tcpsock._sock, None, None)

Prev by Date: CVS commit: pkgsrc/chat/py-xmpppy
Next by Date: CVS commit: pkgsrc/www/firefox
Previous by Thread: CVS commit: pkgsrc/chat/py-xmpppy
Next by Thread: CVS commit: pkgsrc/www/firefox
Indexes:

Home | Main Index | Thread Index | Old Index