|
|
|
|
Changelog for python311-dnspython-2.7.0-lp160.2.1.noarch.rpm :
* Tue Oct 08 2024 Martin Hauke - Skip some tests * that require a working resolver and external DNS resolution * that require an openssl3 version with support for ECDSA with deterministic signature (RFC 6979)\" * Sun Oct 06 2024 Martin Hauke - Update to version 2.7.0 * dns.query.https() and dns.asyncquery.https() now support HTTP/3 and the http_version parameter may be used to specify which version to use. * If the cryptography module is installed, then dnspython will now create deterministic ECDSA signatures by default. * The RESINFO and WALLET RdataTypes are now supported. * The COOKIE and Report-Channel EDNS0 options are now supported. * All supported RdataTypes can now be imported at a single time rather than lazily on first use by calling dns.rdata.load_all_types(). * The SVCB and HTTPS records now support the ohttp parameter. * xfr() and inbound_xfr() now share a common implementation. * Tokens are now supported for QUIC and HTTP/3. * dns.message.from_wire() now saves the input wire format in the Message’s “wire” attribute. Likewise, dns.message.Message.to_wire() now records the generated wire format in that attribute. * The dns.message.Message object now has a get_options() helper to retrieve EDNS0 options of a specified type, and an extended_errors() helper to retrieve the list of EDE options in a message (if any). * dns.message.make_response() now has a copy mode which controls how sections are copied. By default, a copy mode appropriate for the opcode is used. This is currently dns.message.CopyMode.QUESTION for all opcodes * If an IP address is used as the hostname in a URL, the https query code now passes the sni_hostname to httpx as this is required to get httpx to validate the certificate and check for an IP subject alternative name. * The minimum supported aioquic version is now 1.0.0. * The minimum supported Python version is now 3.9. * Thu Jun 20 2024 Martin Hauke - Update to version 2.6.1 * The Tudoor fix ate legitimate Truncated exceptions, preventing the resolver from failing over to TCP and causing the query to timeout.- Update to version 2.6.0 * As mentioned in the “TuDoor” paper and the associated CVE-2023-29483, the dnspython stub resolver is vulnerable to a potential DoS if a bad-in-some-way response from the right address and port forged by an attacker arrives before a legitimate one on the UDP port dnspython is using for that query. This release addresses the issue by adopting the recommended mitigation, which is ignoring the bad packets and continuing to listen for a legitimate response until the timeout for the query has expired. * Added support for the NSID EDNS option. * Dnspython now looks for version metadata for optional packages and will not use them if they are too old. This prevents possible exceptions when a feature like DoH is not desired in dnspython, but an old httpx is installed along with dnspython for some other purpose. * The DoHNameserver class now allows GET to be used instead of the default POST, and also passes source and source_port correctly to the underlying query methods.- Update to version 2.5.0 * Dnspython now uses hatchling for builds. * Cython is no longer supported due to various typing issues. * Dnspython now explicitly canonicalizes IPv4 and IPv6 addresses. Previously it was possible for non-canonical IPv6 forms to be stored in a AAAA address, which would work correctly but possibly cause problmes if the address were used as a key in a dictionary. * The number of messages in a section can be retrieved with section_count(). * Truncation preferences for messages can be specified. * The length of a message can be automatically prepended when rendering. * dns.message.create_response() automatically adds padding when required by RFC 8467. * The TLS verify parameter is now supported by dns.query.tls(), and the DoH and DoT Nameserver subclasses. * The MutableMapping used to store content in a zone may now be specified by a factory when subclassing. Factories may also be provided for writable verisons and immutable versions. * dns.name.Name now has predecessor() and successor() methods implementing RFC 4471. * QUIC has had a number of bug fixes and also now supports session tickets for faster session resumption. * The NSEC3 class now has a next_name() method for retrieving the next name as a dns.name.Name. * Thu Oct 05 2023 Matej Cepl - Don\'t use curio. * Tue Aug 22 2023 Sebastian Wagner - update to version 2.4.2: * Async queries could wait forever instead of respecting the timeout if the timeout was 0 and a packet was lost. The timeout is now respected. * Restore HTTP/2 support which was accidentally broken during the https refactoring done as part of 2.4.0. * When an inception time and lifetime are specified, the signer now sets the expiration to the inception time plus lifetime, instead of the current time plus the lifetime.- update to version 2.4.1: * Importing dns.dnssecalgs without the cryptography module installed no longer causes an ImportError. * A number of timeout bugs with the asyncio backend have been fixed. * DNS-over-QUIC for the asyncio backend now works for IPv6. * Dnspython now enforces that the candidate DNSKEYs for DNSSEC signatures have protocol 3 and have the ZONE flag set. This is a standards compliance issue more than a security issue as the legitimate authority would have to have published the non-compliant keys as well as updated their DS record in order for the records to validate (the DS digest includes both flags and protocol). Dnspython will not make invalid keys by default, but does allow them to be created and used for testing purposes. * Dependency specifications for optional features in the package metadata have been improved.- update to version 2.4.0: * Python 3.8 or newer is required. * The stub resolver now uses instances of ``dns.nameserver.Nameserver`` to represent remote recursive resolvers, and can communicate using DNS over UDP/TCP, HTTPS, TLS, and QUIC. In additional to being able to specify an IPv4, IPv6, or HTTPS URL as a nameserver, instances of ``dns.nameserver.Nameserver`` are now permitted. * The DNS-over-HTTPS bootstrap address no longer causes URL rewriting. * DNS-over-HTTPS now only uses httpx; support for requests has been dropped. A source port may now be supplied when using httpx. * DNSSEC zone signing with NSEC records is now supported. Thank you very much (again!) Jakob Schlyter! * The resolver and async resolver now have the ``try_ddr()`` method, which will try to use Discovery of Designated Resolvers (DDR) to upgrade the connection from the stub resolver to the recursive server so that it uses DNS-over-HTTPS, DNS-over-TLS, or DNS-over-QUIC. This feature is currently experimental as the standard is still in draft stage. * The resolver and async resolver now have the ``make_resolver_at()`` and ``resolve_at()`` functions, as a convenience for making queries to specific recursive servers. * Curio support has been removed. * Fri Apr 21 2023 Dirk Müller - add sle15_python_module_pythons (jsc#PED-68) * Fri Apr 21 2023 Dirk Müller - add sle15_python_module_pythons (jsc#PED-68) * Sat Feb 04 2023 Martin Hauke - Update to version 2.3.0 * The get_soa() method has been added to dns.zone.Zone. * The minimum TLS version is now 1.2. * EDNS padding is now supported. Messages with EDNS enabled and with a non-zero pad option will be automatically padded appropriately when converted to wire format. * dns.zone.from_text() and dns.zone.from_file() now have an allow_directives parameter to allow finer control over how directives in zonefiles are processed. * A preliminary implementation of DNS-over-QUIC has been added, and will be available if the aioquic library is present. See dns.query.quic(), dns.asyncquery.quic(), and examples/doq.py for more info. This API is subject to change in future releases For asynchronous I/O, both asyncio and Trio are supported, but Curio is not. * DNSSEC signing support has been added to the dns.dnssec module, along with a number of functions to help generate DS, CDS, and CDNSKEY RRsets. * Curio asynchronous I/O support is deprecated as of this release and will be removed in a future release. * The resolver object’s nameserver field is planned to become a property in dnspython 2.4. Writing to this field other than by direct assignment is deprecated, and so is depending on the mutability and form of the iterable returned when it is read. * Mon Oct 10 2022 Matej Cepl - Include in filelist directories with their content. * Mon Mar 14 2022 Sebastian Wagner - Update to version 2.2.1: * dns.zone.from_text failed if relativize was False and an origin was specified in the parameters. * A number of types permitted an empty \"rest of the rdata\". * L32, L64, LP, and NID were missing from dns/rdtypes/ANY/__init__.py * The type definition for dns.resolver.resolve_address() was incorrect. * dns/win32util.py erroneously had the executable bit set. * The type definition for a number of asynchronous query routines was missing the default of None for the backend parameter. * dns/tsigkeyring.py didn\'t import dns.tsig. * A number of rdata types that have a \"rest of the line\" behavior for the last field of the rdata erroneously permitted an empty string. * Timeout intervals are no longer reported with absurd precision in exception text. * Fri Feb 11 2022 Michael Ströder - Only recommend and not require the installation of python-h2 because it is seriously broken and prevents any other Python software to run correctly with -bb. (See also: https://github.com/python-hyper/h2/issues/1236) This also matches upstream\'s setup.py which lists h2 as optional dependency in extra_requires. * Wed Feb 02 2022 Ben Greiner - Break build dependency cycle through :test multibuild- PEP517 style: poetry-core is enough to build the package- Clean up old python36 requirements: no longer in Tumbleweed * Wed Jan 19 2022 Sebastian Wagner - Update dependencies to cover all optional features and dependencies in a more structured way and describe it in the package description. * Tue Jan 18 2022 Sebastian Wagner - update to version 2.2.0: - SVCB and HTTPS records have been updated to track the evolving draft standard. - The ZONEMD type has been added. - The resolver now returns a LifetimeTimeout exception which includes an error trace like the NoNameservers exception. This class is a subclass of dns.exception.Timeout for backwards compatibility. - DNS-over-HTTPS will try to use HTTP/2 if the httpx and h2 packages are installed. - DNS-over-HTTPS is now supported for asynchronous queries and resolutions. - dns.zonefile.read_rrsets() has been added, which allows rrsets in zonefile format, or a restrition of it, to be read. This function is useful for applications that want to read DNS data in text format, but do not want to use a Zone. - On Windows systems, if the WMI module is available, the resolver will retrieve the nameserver from WMI instead of trying to figure it out by reading the registry. This may lead to more accurate results in some cases. - The CERT rdatatype now supports certificate types IPKIX, ISPKI, IPGP, ACPKIX, and IACPKIX. - The CDS rdatatype now allows digest type 0. - Dnspython zones now enforces that a node is either a CNAME node or an “other data” node. A CNAME node contains only CNAME, RRSIG(CNAME), NSEC, RRSIG(NSEC), NSEC3, or RRSIG(NSEC3) rdatasets. An “other data” node contains any rdataset other than a CNAME or RRSIG(CNAME) rdataset. The enforcement is “last update wins”. For example, if you have a node which contains a CNAME rdataset, and then add an MX rdataset to it, then the CNAME rdataset will be deleted. Likewise if you have a node containing an MX rdataset and add a CNAME rdataset, the MX rdataset will be deleted. - Extended DNS Errors, as specified in RFC 8914, are now supported. * Fri Jan 08 2021 Sebastian Wagner - update to version 2.1.0: * End-of-line comments are now associated with rdata when read from text. For backwards compatibility with prior versions of dnspython, they are only emitted in to_text() when requested. * Synchronous I/O is a bit more efficient, as we now try the I/O and only use poll() or select() if the I/O would block. * The resolver cache classes now offer basic hit and miss statistics, and the LRUCache can also provide hits for every cache key. * The resolver has a canonical_name() method. * There is now a registration mechanism for EDNS option types. * The default EDNS payload size has changed from 1280 to 1232. * The SVCB, HTTPS, and SMIMEA RR types are now supported. * TSIG has been enhanced with TKEY and GSS-TSIG support. Thanks to Nick Hall for writing this. * Zones now can be updated via transactions. * A new zone subclass, dns.versioned.Zone is available which has a thread-safe transaction implementation and support for keeping many versions of a zone. * The zone file reading code has been adapted to use transactions, and is now a public API. * Inbound zone transfer support has been rewritten and is available as dns.query.inbound_xfr() and dns.asyncquery.inbound_xfr(). It uses the transaction mechanism, and fully supports IXFR and AXFR. * Fri Dec 11 2020 Matej Cepl - Remove skipping tests which are acutally passing. * Fri Dec 11 2020 Matej Cepl - Python < 3.7 requires external contextvars * Thu Aug 06 2020 John Vandenberg - Disable four tests which fail on openssl 1.1.0i and lower- Add missing dependency requests-toolkit, and recommend cryptography * Sat Jul 18 2020 Sebastian Wagner - remove test depending on trio, which depends on Python 3.7 if python >= 3.7 is not available. * Sat Jul 18 2020 Sebastian Wagner - update to 2.0.0: - Python 3.6 or newer is required. - The license is now the ISC license. - Rdata is now immutable. Use dns.rdata.Rdata.replace() to make a new Rdata based on an existing one. - dns.resolver.resolve() has been added, allowing control of whether search lists are used. dns.resolver.query() is retained for backwards compatibility, but deprecated. The default for search list behavior can be set at in the resolver object with the use_search_by_default parameter. The default is False. - DNS-over-TLS is supported with dns.query.tls(). - DNS-over-HTTPS is supported with dns.query.https(), and the resolver will use DNS-over-HTTPS for a nameserver which is an HTTPS URL. - Basic query and resolver support for the Trio, Curio, and asyncio asynchronous I/O libraries has been added in dns.asyncquery and dns.asyncresolver. This API should be viewed as experimental as asynchronous I/O support in dnspython is still evolving. - TSIG now defaults to using SHA-256. - Basic type info has been added to some functions. Future releases will have comprehensive type info. - from_text() functions now have a relativize_to parameter. - python-cryptography is now used for DNSSEC. - Ed25519 and Ed448 signatures are now supported. - A helper for NSEC3 generating hashes has been added. - SHA384 DS records are supported. - Rdatasets and RRsets are much faster. - dns.resolver.resolve_address() has been added, allowing easy address-to-name lookups. - dns.reversename functions now allow an alternate origin to be specified. - The repr form of Rdatasets and RRsets now includes the rdata. - A number of standard resolv.conf options are now parsed. - The nameserver and port used to get a response are now part of the resolver’s Answer object. - The NINFO record is supported. - The dns.hash module has been removed; just use Python’s native hashlib module. - Rounding is done in the standard python 3 fashion; dnspython 1.x rounded in the python 2 style on both python 2 and 3. - The resolver will now do negative caching if a cache has been configured. - TSIG and OPT now have rdata types. - The class for query messages is now QueryMessage. Class Message is now a base class, and is also used for messages for which we don’t have a better class. Update messages are now class UpdateMessage, though class Update is retained for compatibility. - Support for Windows 95, 98, and ME has been removed. * Fri Mar 08 2019 Tomáš Chvátal - Update to 1.16.0: * various fixes for wheel/cryptodome/etc- Remove all patches, merged upstream: * 210.patch * pycryptodome.patch * readme.patch * Tue Dec 04 2018 Matej Cepl - Remove superfluous devel dependency for noarch package * Tue May 15 2018 sebix+novell.comAATTsebix.at- require python-pycryptodome instead of recommending it * Wed May 09 2018 tchvatalAATTsuse.com- Add patch pycryptodome.patch to work with pycryptodome: * pycryptodome.patch * Tue May 02 2017 sor.alexeiAATTmeowr.ru- Update for the multipython build.- Rename python-dnspython.asc to python-dnspython.keyring.- Spec cleanup. * Sun Oct 09 2016 sebix+novell.comAATTsebix.at- use and recommend python-ecdsa and python-pycrypto for dnssec support * Sat Oct 08 2016 sebix+novell.comAATTsebix.at- New upstream release 1.15.0 * IDNA 2008 support is now available if the \"idna\" module has been installed and IDNA 2008 is requested. The default IDNA behavior is still IDNA 2003. The new IDNA codec mechanism is currently only useful for direct calls to dns.name.from_text() or dns.name.from_unicode(), but in future releases it will be deployed throughout dnspython, e.g. so that you can read a masterfile with an IDNA 2008 codec in force. * By default, dns.name.to_unicode() is not strict about which version of IDNA the input complies with. Strictness can be requested by using one of the strict IDNA codecs. * Add AVC RR support. * Some problems with newlines in various output modes have been addressed. * dns.name.to_text() now returns text and not bytes on Python 3.x * More miscellaneous fixes for the Python 2/3 codeline merge.- Include readme with readme.patch as not included in upstream tarball- Fix a bug in the tests code with 210.patch with upstream pull request #210 * Tue Jun 14 2016 sebix+novell.comAATTsebix.at- New upstream release 1.14.0 * Mon May 16 2016 sebix+novell.comAATTsebix.at- New upstream release 1.13.0 * Tue Nov 25 2014 dmuellerAATTsuse.com- fix build on SLE11 * Fri Oct 17 2014 larsAATTlinux-schulserver.de- update to 1.12.0: * The test system can now run the tests without requiring dnspython to be installed. * When reading from a masterfile, if the first content line started with leading whitespace, we raised an ugly exception instead of doing the right thing, namely using the zone origin as the name. [#73] Thanks to Tassatux for reporting the issue. * Added dns.zone.to_text() convenience method. Thanks to Brandon Whaley for the patch. * The /etc/resolv.conf setting \"options rotate\" is now understood by the resolver. If present, the resolver will shuffle the nameserver list each time dns.resolver.query() is called. Thanks to underrun for the patch. Note that you don\'t want to add \"options rotate\" to your /etc/resolv.conf if your system\'s resolver library does not understand it. In this case, just set resolver.rotate = True by hand. * Escaping of Unicode has been corrected. Previously we escaped and then converted to Unicode, but the right thing to do is convert to Unicode, then escape. Also, characters > 0x7f should NOT be escaped in Unicode mode. Thanks to Martin Basti for the patch. * dns.rdtypes.ANY.DNSKEY now has helpers functions to convert between the numeric form of the flags and a set of human-friendly strings. Thanks to Petr Spacek for the patch. * RRSIGs did not respect relativization settings in to_text(). Thanks to Brian Smith for reporting the bug and submitting a (slightly different) patch. * dns/rdtypes/IN/APL.py: The APL from_wire() method did not accept an rdata length of 0 as valid. Thanks to salzmdan for reporting the problem. * dns/ipv6.py: Add is_mapped() * dns/reversename.py: Lookup IPv6 mapped IPv4 addresses in the v4 reverse namespace. Thanks to Devin Bayer. Yes, I finally fixed this one :) * dns/zone.py: Do not put back an unescaped token. This was causing escape processing for domain names to break. Thanks to connormclaud for reporting the problem. * dns/message.py: Making a response didn\'t work correctly if the query was signed with TSIG and we knew the key. Thanks to Jeffrey Stiles for reporting the problem. * dns/query.py: Fix problems with the IXFR state machine which caused long diffs to fail. Thanks to James Raftery for the fix and the repeated prodding to get it applied :)- enable some tests- add python-dnspython-rpmlintrc file- add python-ecdsa and python-pycrypto to BuildRequires for the DNSSec tests- use /usr/bin/python instead of /usr/bin/env python for the example scripts to avoid additional dependencies * Wed Sep 11 2013 dmuellerAATTsuse.com- update to 1.11.1: * fix syntax error exception on dns server failure * various fixlets for DNSSEC support * Mon Jul 15 2013 speilickeAATTsuse.com- Package LICENSE, use proper upstream URL- Run testsuite- Cleanup macro usage * Thu Jul 11 2013 dmuellerAATTsuse.com- update to 1.11.0: * TLSA RR support * Added set_flags() method to dns.resolver.Resolver * Names with offsets >= 2^14 are no longer added to the compression table. * The \"::\" syntax is not used to shorten a single 16-bit section of the text form an IPv6 address. * Empty rdatasets are not printed. * DNSKEY key tags are no longer assumed to be unique. * Thu May 31 2012 cfarrellAATTsuse.com- license update: ISC See LICENSE (and compare http://www.spdx.org/licenses/MIT with http://www.spdx.org/licenses/ISC) * Thu May 31 2012 jengelhAATTinai.de- Update to new upstream release 1.10.0 * Added dns.resolver.LRUCache. * dns.resolver.query() will try TCP if a UDP response is truncated. * The python socket module\'s DNS methods can be now be overriden with implementations that use dnspython\'s resolver.- Remove redundant tags/sections from specfile- Correct license field * Mon Mar 28 2011 alexandreAATTexatati.com.br- Update to 1.9.4: - There is no new functionality in this release; just a few bug fixes in RRSIG and SIG code. - Legacy code will be eliminated for earlier versions of DNSSEC in a future release of dnspython. * Thu Mar 24 2011 alexandreAATTexatati.com.br- Fix SLE_10 build. * Thu Mar 24 2011 alexandreAATTexatati.com.br- Update to 1.9.3: Bugs fixed since 1.9.2: - Dnspython was erroneously doing case-insensitive comparisons of the names in NSEC and RRSIG RRs. - We now use \"is\" and not \"==\" when testing what section an RR is in. - The resolver now disallows metaqueries. New since 1.9.2: - A boolean parameter, \'raise_on_no_answer\', has been added to the query() methods. In no-error, no-data situations, this parameter determines whether NoAnswer should be raised or not. If True, NoAnswer is raised. If False, then an Answer() object with a None rrset will be returned. - Resolver Answer() objects now have a canonical_name field. - Rdata now have a __hash__ method.- Regenerated spec file with py2pack;- Removed LICENSE PKG-INFO and TODO files from documentation. * Tue Nov 23 2010 alexandreAATTexatati.com.br- Update to 1.9.2: - The fix for the import problems was actually bad, but didn\'t show up in testing because the test suite\'s conditional importing code hid the problem. * Mon Nov 22 2010 alexandreAATTexatati.com.br- Update to 1.9.1: Bugs fixed since 1.9.0: - The dns.dnssec module didn\'t work with DSA due to namespace contamination from a \"from\"-style import. * Mon Nov 22 2010 alexandreAATTexatati.com.br- Update to 1.9.0: New since 1.8.0: - dnspython now uses poll() instead of select() when available. - Basic DNSSEC validation can be done using dns.dnsec.validate() and dns.dnssec.validate_rrsig() if you have PyCrypto 2.3 or later installed. Complete secure resolution is not yet available. - Added key_id() to the DNSSEC module, which computes the DNSSEC key id of a DNSKEY rdata. - Added make_ds() to the DNSSEC module, which returns the DS RR for a given DNSKEY rdata. - dnspython now raises an exception if HMAC-SHA284 or HMAC-SHA512 are used with a Python older than 2.5.2. (Older Pythons do not compute the correct value.) - Symbolic constants are now available for TSIG algorithm names. Bugs fixed since 1.8.0: - dns.resolver.zone_for_name() didn\'t handle a query response with a CNAME or DNAME correctly in some cases. - When specifying rdata types and classes as text, Unicode strings may now be used. - Hashlib compatibility issues have been fixed. - dns.message now imports dns.edns. - The TSIG algorithm value was passed incorrectly to use_tsig() in some cases. * Wed Jan 27 2010 alexandreAATTexatati.com.br- Update to 1.8.0;- Building as noarch for openSUSE >= 11.2. * Fri Jan 19 2007 judas_iscarioteAATTshorewall.net- update to version 1.5.0 * Tue Feb 28 2006 jmatejekAATTsuse.cz- updated to reflect python changes due to #149809 * Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires * Tue May 31 2005 poemlAATTsuse.de- package created (1.3.3)
|
|
|