openSUSE Commits
Threads by month
- ----- 2024 -----
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
August 2024
- 2 participants
- 1399 discussions
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package tree-sitter-query for openSUSE:Factory checked in at 2024-08-01 22:04:24
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tree-sitter-query (Old)
and /work/SRC/openSUSE:Factory/.tree-sitter-query.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tree-sitter-query"
Thu Aug 1 22:04:24 2024 rev:2 rq:1190668 version:0.4.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/tree-sitter-query/tree-sitter-query.changes 2024-06-25 23:08:34.440704025 +0200
+++ /work/SRC/openSUSE:Factory/.tree-sitter-query.new.7232/tree-sitter-query.changes 2024-08-01 22:04:50.109470739 +0200
@@ -1,0 +2,5 @@
+Wed Jul 24 12:51:50 UTC 2024 - Richard Rahl <rrahl0(a)opensuse.org>
+
+- fix set_version service, as it was set to buildtime
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tree-sitter-query.spec ++++++
--- /var/tmp/diff_new_pack.Os3qKr/_old 2024-08-01 22:04:50.489486412 +0200
+++ /var/tmp/diff_new_pack.Os3qKr/_new 2024-08-01 22:04:50.493486577 +0200
@@ -26,6 +26,7 @@
Source: %{name}-%{version}.tar.xz
BuildRequires: tree-sitter
%treesitter_grammars %{_name}
+
%description
A tree-sitter parser for tree-sitter query files (scheme-like).
++++++ _service ++++++
--- /var/tmp/diff_new_pack.Os3qKr/_old 2024-08-01 22:04:50.525487897 +0200
+++ /var/tmp/diff_new_pack.Os3qKr/_new 2024-08-01 22:04:50.525487897 +0200
@@ -11,6 +11,6 @@
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
- <service name="set_version" mode="buildtime" />
+ <service name="set_version" mode="manual" />
</services>
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-msal for openSUSE:Factory checked in at 2024-08-01 22:04:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-msal (Old)
and /work/SRC/openSUSE:Factory/.python-msal.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-msal"
Thu Aug 1 22:04:21 2024 rev:23 rq:1190666 version:1.30.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-msal/python-msal.changes 2024-07-09 20:06:26.246047802 +0200
+++ /work/SRC/openSUSE:Factory/.python-msal.new.7232/python-msal.changes 2024-08-01 22:04:46.329314831 +0200
@@ -1,0 +2,15 @@
+Wed Jul 31 12:50:17 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz(a)suse.com>
+
+- Update to version 1.30.0
+ * New feature: Support Subject Name/Issuer authentication when using
+ .pfx certificate file. Documentation available in one of the recent
+ purple boxes here. (#718)
+ * New feature: Automatically use SHA256 and PSS padding when using
+ .pfx certificate on non-ADFS, non-OIDC authorities. (#722)
+ * New feature: Expose refresh_on (if any) to fresh or cached response,
+ so that caller may choose to proactively call acquire_token_silent()
+ early. (#723)
+ * Bugfix for token cache search. MSAL 1.27+ customers please upgrade
+ to MSAL 1.30+. (#717)
+
+-------------------------------------------------------------------
Old:
----
msal-1.29.0.tar.gz
New:
----
msal-1.30.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-msal.spec ++++++
--- /var/tmp/diff_new_pack.7UdU9n/_old 2024-08-01 22:04:47.069345353 +0200
+++ /var/tmp/diff_new_pack.7UdU9n/_new 2024-08-01 22:04:47.073345518 +0200
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-msal
-Version: 1.29.0
+Version: 1.30.0
Release: 0
Summary: Microsoft Authentication Library (MSAL) for Python
License: MIT
++++++ msal-1.29.0.tar.gz -> msal-1.30.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/PKG-INFO new/msal-1.30.0/PKG-INFO
--- old/msal-1.29.0/PKG-INFO 2024-06-22 04:14:01.844720100 +0200
+++ new/msal-1.30.0/PKG-INFO 2024-07-17 06:01:39.363946200 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: msal
-Version: 1.29.0
+Version: 1.30.0
Summary: The Microsoft Authentication Library (MSAL) for Python library enables your app to access the Microsoft Cloud by supporting authentication of users with Microsoft Azure Active Directory accounts (AAD) and Microsoft Accounts (MSA) using industry standard OAuth2 and OpenID Connect.
Home-page: https://github.com/AzureAD/microsoft-authentication-library-for-python
Author: Microsoft Corporation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/msal/application.py new/msal-1.30.0/msal/application.py
--- old/msal-1.29.0/msal/application.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/msal/application.py 2024-07-17 06:01:34.000000000 +0200
@@ -21,7 +21,7 @@
# The __init__.py will import this. Not the other way around.
-__version__ = "1.29.0" # When releasing, also check and bump our dependencies's versions if needed
+__version__ = "1.30.0" # When releasing, also check and bump our dependencies's versions if needed
logger = logging.getLogger(__name__)
_AUTHORITY_TYPE_CLOUDSHELL = "CLOUDSHELL"
@@ -61,17 +61,24 @@
return raw
-def _load_private_key_from_pfx_path(pfx_path, passphrase_bytes):
+def _parse_pfx(pfx_path, passphrase_bytes):
# Cert concepts https://security.stackexchange.com/a/226758/125264
- from cryptography.hazmat.primitives import hashes
+ from cryptography.hazmat.primitives import hashes, serialization
from cryptography.hazmat.primitives.serialization import pkcs12
with open(pfx_path, 'rb') as f:
private_key, cert, _ = pkcs12.load_key_and_certificates( # cryptography 2.5+
# https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serializatio…
f.read(), passphrase_bytes)
+ if not (private_key and cert):
+ raise ValueError("Your PFX file shall contain both private key and cert")
+ cert_pem = cert.public_bytes(encoding=serialization.Encoding.PEM).decode() # cryptography 1.0+
+ x5c = [
+ '\n'.join(cert_pem.splitlines()[1:-1]) # Strip the "--- header ---" and "--- footer ---"
+ ]
+ sha256_thumbprint = cert.fingerprint(hashes.SHA256()).hex() # cryptography 0.7+
sha1_thumbprint = cert.fingerprint(hashes.SHA1()).hex() # cryptography 0.7+
# https://cryptography.io/en/latest/x509/reference/#x-509-certificate-object
- return private_key, sha1_thumbprint
+ return private_key, sha256_thumbprint, sha1_thumbprint, x5c
def _load_private_key_from_pem_str(private_key_pem_str, passphrase_bytes):
@@ -97,11 +104,14 @@
"msalruntime_telemetry": result.get("_msalruntime_telemetry"),
"msal_python_telemetry": result.get("_msal_python_telemetry"),
}, separators=(",", ":"))
- return {
+ return_value = {
k: result[k] for k in result
if k != "refresh_in" # MSAL handled refresh_in, customers need not
and not k.startswith('_') # Skim internal properties
}
+ if "refresh_in" in result: # To encourage proactive refresh
+ return_value["refresh_on"] = int(time.time() + result["refresh_in"])
+ return return_value
return result # It could be None
@@ -231,47 +241,71 @@
:param client_credential:
For :class:`PublicClientApplication`, you use `None` here.
+
For :class:`ConfidentialClientApplication`,
- it can be a string containing client secret,
- or an X509 certificate container in this form::
+ it supports many different input formats for different scenarios.
- {
- "private_key": "...-----BEGIN PRIVATE KEY-----... in PEM format",
- "thumbprint": "A1B2C3D4E5F6...",
- "public_certificate": "...-----BEGIN CERTIFICATE-----... (Optional. See below.)",
- "passphrase": "Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)",
- }
+ .. admonition:: Support using a client secret.
- MSAL Python requires a "private_key" in PEM format.
- If your cert is in a PKCS12 (.pfx) format, you can also
- `convert it to PEM and get the thumbprint <https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74…>`_.
+ Just feed in a string, such as ``"your client secret"``.
- The thumbprint is available in your app's registration in Azure Portal.
- Alternatively, you can `calculate the thumbprint <https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74…>`_.
+ .. admonition:: Support using a certificate in X.509 (.pem) format
- *Added in version 0.5.0*:
- public_certificate (optional) is public key certificate
- which will be sent through 'x5c' JWT header only for
- subject name and issuer authentication to support cert auto rolls.
-
- Per `specs <https://tools.ietf.org/html/rfc7515#section-4.1.6>`_,
- "the certificate containing
- the public key corresponding to the key used to digitally sign the
- JWS MUST be the first certificate. This MAY be followed by
- additional certificates, with each subsequent certificate being the
- one used to certify the previous one."
- However, your certificate's issuer may use a different order.
- So, if your attempt ends up with an error AADSTS700027 -
- "The provided signature value did not match the expected signature value",
- you may try use only the leaf cert (in PEM/str format) instead.
-
- *Added in version 1.13.0*:
- It can also be a completely pre-signed assertion that you've assembled yourself.
- Simply pass a container containing only the key "client_assertion", like this::
+ Feed in a dict in this form::
- {
- "client_assertion": "...a JWT with claims aud, exp, iss, jti, nbf, and sub..."
- }
+ {
+ "private_key": "...-----BEGIN PRIVATE KEY-----... in PEM format",
+ "thumbprint": "A1B2C3D4E5F6...",
+ "passphrase": "Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)",
+ }
+
+ MSAL Python requires a "private_key" in PEM format.
+ If your cert is in PKCS12 (.pfx) format,
+ you can convert it to X.509 (.pem) format,
+ by ``openssl pkcs12 -in file.pfx -out file.pem -nodes``.
+
+ The thumbprint is available in your app's registration in Azure Portal.
+ Alternatively, you can `calculate the thumbprint <https://github.com/Azure/azure-sdk-for-python/blob/07d10639d7e47f4852eaeb74…>`_.
+
+ .. admonition:: Support Subject Name/Issuer Auth with a cert in .pem
+
+ `Subject Name/Issuer Auth
+ <https://github.com/AzureAD/microsoft-authentication-library-for-python/issu…>`_
+ is an approach to allow easier certificate rotation.
+
+ *Added in version 0.5.0*::
+
+ {
+ "private_key": "...-----BEGIN PRIVATE KEY-----... in PEM format",
+ "thumbprint": "A1B2C3D4E5F6...",
+ "public_certificate": "...-----BEGIN CERTIFICATE-----...",
+ "passphrase": "Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)",
+ }
+
+ ``public_certificate`` (optional) is public key certificate
+ which will be sent through 'x5c' JWT header only for
+ subject name and issuer authentication to support cert auto rolls.
+
+ Per `specs <https://tools.ietf.org/html/rfc7515#section-4.1.6>`_,
+ "the certificate containing
+ the public key corresponding to the key used to digitally sign the
+ JWS MUST be the first certificate. This MAY be followed by
+ additional certificates, with each subsequent certificate being the
+ one used to certify the previous one."
+ However, your certificate's issuer may use a different order.
+ So, if your attempt ends up with an error AADSTS700027 -
+ "The provided signature value did not match the expected signature value",
+ you may try use only the leaf cert (in PEM/str format) instead.
+
+ .. admonition:: Supporting raw assertion obtained from elsewhere
+
+ *Added in version 1.13.0*:
+ It can also be a completely pre-signed assertion that you've assembled yourself.
+ Simply pass a container containing only the key "client_assertion", like this::
+
+ {
+ "client_assertion": "...a JWT with claims aud, exp, iss, jti, nbf, and sub..."
+ }
.. admonition:: Supporting reading client cerficates from PFX files
@@ -280,14 +314,26 @@
{
"private_key_pfx_path": "/path/to/your.pfx",
- "passphrase": "Passphrase if the private_key is encrypted (Optional. Added in version 1.6.0)",
+ "passphrase": "Passphrase if the private_key is encrypted (Optional)",
}
The following command will generate a .pfx file from your .key and .pem file::
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.pem
- :type client_credential: Union[dict, str]
+ .. admonition:: Support Subject Name/Issuer Auth with a cert in .pfx
+
+ *Added in version 1.30.0*:
+ If your .pfx file contains both the private key and public cert,
+ you can opt in for Subject Name/Issuer Auth like this::
+
+ {
+ "private_key_pfx_path": "/path/to/your.pfx",
+ "public_certificate": True,
+ "passphrase": "Passphrase if the private_key is encrypted (Optional)",
+ }
+
+ :type client_credential: Union[dict, str, None]
:param dict client_claims:
*Added in version 0.5.0*:
@@ -699,14 +745,16 @@
client_assertion = client_credential['client_assertion']
else:
headers = {}
- if client_credential.get('public_certificate'):
- headers["x5c"] = extract_certs(client_credential['public_certificate'])
+ sha1_thumbprint = sha256_thumbprint = None
passphrase_bytes = _str2bytes(
client_credential["passphrase"]
) if client_credential.get("passphrase") else None
if client_credential.get("private_key_pfx_path"):
- private_key, sha1_thumbprint = _load_private_key_from_pfx_path(
- client_credential["private_key_pfx_path"], passphrase_bytes)
+ private_key, sha256_thumbprint, sha1_thumbprint, x5c = _parse_pfx(
+ client_credential["private_key_pfx_path"],
+ passphrase_bytes)
+ if client_credential.get("public_certificate") is True and x5c:
+ headers["x5c"] = x5c
elif (
client_credential.get("private_key") # PEM blob
and client_credential.get("thumbprint")):
@@ -720,9 +768,22 @@
raise ValueError(
"client_credential needs to follow this format "
"https://msal-python.readthedocs.io/en/latest/#msal.ClientApplication.params…")
+ if ("x5c" not in headers # So the .pfx file contains no certificate
+ and isinstance(client_credential.get('public_certificate'), str)
+ ): # Then we treat the public_certificate value as PEM content
+ headers["x5c"] = extract_certs(client_credential['public_certificate'])
+ if sha256_thumbprint and not authority.is_adfs:
+ assertion_params = {
+ "algorithm": "PS256", "sha256_thumbprint": sha256_thumbprint,
+ }
+ else: # Fall back
+ if not sha1_thumbprint:
+ raise ValueError("You shall provide a thumbprint in SHA1.")
+ assertion_params = {
+ "algorithm": "RS256", "sha1_thumbprint": sha1_thumbprint,
+ }
assertion = JwtAssertionCreator(
- private_key, algorithm="RS256",
- sha1_thumbprint=sha1_thumbprint, headers=headers)
+ private_key, headers=headers, **assertion_params)
client_assertion = assertion.create_regenerative_assertion(
audience=authority.token_endpoint, issuer=self.client_id,
additional_claims=self.client_claims or {})
@@ -1449,9 +1510,11 @@
"expires_in": int(expires_in), # OAuth2 specs defines it as int
self._TOKEN_SOURCE: self._TOKEN_SOURCE_CACHE,
}
- if "refresh_on" in entry and int(entry["refresh_on"]) < now: # aging
- refresh_reason = msal.telemetry.AT_AGING
- break # With a fallback in hand, we break here to go refresh
+ if "refresh_on" in entry:
+ access_token_from_cache["refresh_on"] = int(entry["refresh_on"])
+ if int(entry["refresh_on"]) < now: # aging
+ refresh_reason = msal.telemetry.AT_AGING
+ break # With a fallback in hand, we break here to go refresh
self._build_telemetry_context(-1).hit_an_access_token()
return access_token_from_cache # It is still good as new
else:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/msal/authority.py new/msal-1.30.0/msal/authority.py
--- old/msal-1.29.0/msal/authority.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/msal/authority.py 2024-07-17 06:01:34.000000000 +0200
@@ -68,11 +68,11 @@
"""
self._http_client = http_client
if oidc_authority_url:
- logger.info("Initializing with OIDC authority: %s", oidc_authority_url)
+ logger.debug("Initializing with OIDC authority: %s", oidc_authority_url)
tenant_discovery_endpoint = self._initialize_oidc_authority(
oidc_authority_url)
else:
- logger.info("Initializing with Entra authority: %s", authority_url)
+ logger.debug("Initializing with Entra authority: %s", authority_url)
tenant_discovery_endpoint = self._initialize_entra_authority(
authority_url, validate_authority, instance_discovery)
try:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/msal/managed_identity.py new/msal-1.30.0/msal/managed_identity.py
--- old/msal-1.29.0/msal/managed_identity.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/msal/managed_identity.py 2024-07-17 06:01:34.000000000 +0200
@@ -273,8 +273,10 @@
"token_type": entry.get("token_type", "Bearer"),
"expires_in": int(expires_in), # OAuth2 specs defines it as int
}
- if "refresh_on" in entry and int(entry["refresh_on"]) < now: # aging
- break # With a fallback in hand, we break here to go refresh
+ if "refresh_on" in entry:
+ access_token_from_cache["refresh_on"] = int(entry["refresh_on"])
+ if int(entry["refresh_on"]) < now: # aging
+ break # With a fallback in hand, we break here to go refresh
return access_token_from_cache # It is still good as new
try:
result = _obtain_token(self._http_client, self._managed_identity, resource)
@@ -290,6 +292,8 @@
params={},
data={},
))
+ if "refresh_in" in result:
+ result["refresh_on"] = int(now + result["refresh_in"])
if (result and "error" not in result) or (not access_token_from_cache):
return result
except: # The exact HTTP exception is transportation-layer dependent
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/msal/oauth2cli/assertion.py new/msal-1.30.0/msal/oauth2cli/assertion.py
--- old/msal-1.29.0/msal/oauth2cli/assertion.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/msal/oauth2cli/assertion.py 2024-07-17 06:01:34.000000000 +0200
@@ -15,6 +15,8 @@
except: # Otherwise we treat it as bytes and return it as-is
return raw
+def _encode_thumbprint(thumbprint):
+ return base64.urlsafe_b64encode(binascii.a2b_hex(thumbprint)).decode()
class AssertionCreator(object):
def create_normal_assertion(
@@ -65,7 +67,11 @@
class JwtAssertionCreator(AssertionCreator):
- def __init__(self, key, algorithm, sha1_thumbprint=None, headers=None):
+ def __init__(
+ self, key, algorithm, sha1_thumbprint=None, headers=None,
+ *,
+ sha256_thumbprint=None,
+ ):
"""Construct a Jwt assertion creator.
Args:
@@ -80,13 +86,15 @@
RSA and ECDSA algorithms require "pip install cryptography".
sha1_thumbprint (str): The x5t aka X.509 certificate SHA-1 thumbprint.
headers (dict): Additional headers, e.g. "kid" or "x5c" etc.
+ sha256_thumbprint (str): The x5t#S256 aka X.509 certificate SHA-256 thumbprint.
"""
self.key = key
self.algorithm = algorithm
self.headers = headers or {}
+ if sha256_thumbprint: # https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.8
+ self.headers["x5t#S256"] = _encode_thumbprint(sha256_thumbprint)
if sha1_thumbprint: # https://tools.ietf.org/html/rfc7515#section-4.1.7
- self.headers["x5t"] = base64.urlsafe_b64encode(
- binascii.a2b_hex(sha1_thumbprint)).decode()
+ self.headers["x5t"] = _encode_thumbprint(sha1_thumbprint)
def create_normal_assertion(
self, audience, issuer, subject=None, expires_at=None, expires_in=600,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/msal/token_cache.py new/msal-1.30.0/msal/token_cache.py
--- old/msal-1.29.0/msal/token_cache.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/msal/token_cache.py 2024-07-17 06:01:34.000000000 +0200
@@ -118,6 +118,12 @@
with self._lock:
return self._cache.get(credential_type, {}).get(key, default)
+ @staticmethod
+ def _is_matching(entry: dict, query: dict, target_set: set = None) -> bool:
+ return is_subdict_of(query or {}, entry) and (
+ target_set <= set(entry.get("target", "").split())
+ if target_set else True)
+
def search(self, credential_type, target=None, query=None): # O(n) generator
"""Returns a generator of matching entries.
@@ -136,7 +142,10 @@
preferred_result = self._get_access_token(
query["home_account_id"], query["environment"],
query["client_id"], query["realm"], target)
- if preferred_result:
+ if preferred_result and self._is_matching(
+ preferred_result, query,
+ # Needs no target_set here because it is satisfied by dict key
+ ):
yield preferred_result
target_set = set(target)
@@ -145,11 +154,10 @@
# there is no point to attempt an O(1) key-value search here.
# So we always do an O(n) in-memory search.
for entry in self._cache.get(credential_type, {}).values():
- if is_subdict_of(query or {}, entry) and (
- target_set <= set(entry.get("target", "").split())
- if target else True):
- if entry != preferred_result: # Avoid yielding the same entry twice
- yield entry
+ if (entry != preferred_result # Avoid yielding the same entry twice
+ and self._is_matching(entry, query, target_set=target_set)
+ ):
+ yield entry
def find(self, credential_type, target=None, query=None):
"""Equivalent to list(search(...))."""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/msal.egg-info/PKG-INFO new/msal-1.30.0/msal.egg-info/PKG-INFO
--- old/msal-1.29.0/msal.egg-info/PKG-INFO 2024-06-22 04:14:01.000000000 +0200
+++ new/msal-1.30.0/msal.egg-info/PKG-INFO 2024-07-17 06:01:39.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: msal
-Version: 1.29.0
+Version: 1.30.0
Summary: The Microsoft Authentication Library (MSAL) for Python library enables your app to access the Microsoft Cloud by supporting authentication of users with Microsoft Azure Active Directory accounts (AAD) and Microsoft Accounts (MSA) using industry standard OAuth2 and OpenID Connect.
Home-page: https://github.com/AzureAD/microsoft-authentication-library-for-python
Author: Microsoft Corporation
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/tests/test_account_source.py new/msal-1.30.0/tests/test_account_source.py
--- old/msal-1.29.0/tests/test_account_source.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/tests/test_account_source.py 2024-07-17 06:01:34.000000000 +0200
@@ -46,20 +46,19 @@
mocked_broker_ats.assert_not_called()
self.assertEqual(result["token_source"], "identity_provider")
- def test_ropc_flow_and_its_silent_call_should_bypass_broker(self, _, mocked_broker_ats):
+ def test_ropc_flow_and_its_silent_call_should_invoke_broker(self, _, mocked_broker_ats):
app = msal.PublicClientApplication("client_id", enable_broker_on_windows=True)
- with patch.object(app.authority, "user_realm_discovery", return_value={}):
+ with patch("msal.broker._signin_silently", return_value=dict(TOKEN_RESPONSE, _account_id="placeholder")):
result = app.acquire_token_by_username_password(
"username", "placeholder", [SCOPE], post=_mock_post)
- self.assertEqual(result["token_source"], "identity_provider")
+ self.assertEqual(result["token_source"], "broker")
account = app.get_accounts()[0]
- self.assertEqual(account["account_source"], "password")
+ self.assertEqual(account["account_source"], "broker")
result = app.acquire_token_silent_with_error(
[SCOPE], account, force_refresh=True, post=_mock_post)
- mocked_broker_ats.assert_not_called()
- self.assertEqual(result["token_source"], "identity_provider")
+ self.assertEqual(result["token_source"], "broker")
def test_interactive_flow_and_its_silent_call_should_invoke_broker(self, _, mocked_broker_ats):
app = msal.PublicClientApplication("client_id", enable_broker_on_windows=True)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/tests/test_application.py new/msal-1.30.0/tests/test_application.py
--- old/msal-1.29.0/tests/test_application.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/tests/test_application.py 2024-07-17 06:01:34.000000000 +0200
@@ -1,6 +1,7 @@
# Note: Since Aug 2019 we move all e2e tests into test_e2e.py,
# so this test_application file contains only unit tests without dependency.
import sys
+import time
from msal.application import *
from msal.application import _str2bytes
import msal
@@ -353,10 +354,18 @@
uid=self.uid, utid=self.utid, refresh_token=self.rt),
})
+ def assertRefreshOn(self, result, refresh_in):
+ refresh_on = int(time.time() + refresh_in)
+ self.assertTrue(
+ refresh_on - 1 < result.get("refresh_on", 0) < refresh_on + 1,
+ "refresh_on should be set properly")
+
def test_fresh_token_should_be_returned_from_cache(self):
# a.k.a. Return unexpired token that is not above token refresh expiration threshold
+ refresh_in = 450
access_token = "An access token prepopulated into cache"
- self.populate_cache(access_token=access_token, expires_in=900, refresh_in=450)
+ self.populate_cache(
+ access_token=access_token, expires_in=900, refresh_in=refresh_in)
result = self.app.acquire_token_silent(
['s1'], self.account,
post=lambda url, *args, **kwargs: # Utilize the undocumented test feature
@@ -365,32 +374,38 @@
self.assertEqual(result[self.app._TOKEN_SOURCE], self.app._TOKEN_SOURCE_CACHE)
self.assertEqual(access_token, result.get("access_token"))
self.assertNotIn("refresh_in", result, "Customers need not know refresh_in")
+ self.assertRefreshOn(result, refresh_in)
def test_aging_token_and_available_aad_should_return_new_token(self):
# a.k.a. Attempt to refresh unexpired token when AAD available
self.populate_cache(access_token="old AT", expires_in=3599, refresh_in=-1)
new_access_token = "new AT"
+ new_refresh_in = 123
def mock_post(url, headers=None, *args, **kwargs):
self.assertEqual("4|84,4|", (headers or {}).get(CLIENT_CURRENT_TELEMETRY))
return MinimalResponse(status_code=200, text=json.dumps({
"access_token": new_access_token,
- "refresh_in": 123,
+ "refresh_in": new_refresh_in,
}))
result = self.app.acquire_token_silent(['s1'], self.account, post=mock_post)
self.assertEqual(result[self.app._TOKEN_SOURCE], self.app._TOKEN_SOURCE_IDP)
self.assertEqual(new_access_token, result.get("access_token"))
self.assertNotIn("refresh_in", result, "Customers need not know refresh_in")
+ self.assertRefreshOn(result, new_refresh_in)
def test_aging_token_and_unavailable_aad_should_return_old_token(self):
# a.k.a. Attempt refresh unexpired token when AAD unavailable
+ refresh_in = -1
old_at = "old AT"
- self.populate_cache(access_token=old_at, expires_in=3599, refresh_in=-1)
+ self.populate_cache(
+ access_token=old_at, expires_in=3599, refresh_in=refresh_in)
def mock_post(url, headers=None, *args, **kwargs):
self.assertEqual("4|84,4|", (headers or {}).get(CLIENT_CURRENT_TELEMETRY))
return MinimalResponse(status_code=400, text=json.dumps({"error": "foo"}))
result = self.app.acquire_token_silent(['s1'], self.account, post=mock_post)
self.assertEqual(result[self.app._TOKEN_SOURCE], self.app._TOKEN_SOURCE_CACHE)
self.assertEqual(old_at, result.get("access_token"))
+ self.assertRefreshOn(result, refresh_in)
def test_expired_token_and_unavailable_aad_should_return_error(self):
# a.k.a. Attempt refresh expired token when AAD unavailable
@@ -407,16 +422,18 @@
# a.k.a. Attempt refresh expired token when AAD available
self.populate_cache(access_token="expired at", expires_in=-1, refresh_in=-900)
new_access_token = "new AT"
+ new_refresh_in = 123
def mock_post(url, headers=None, *args, **kwargs):
self.assertEqual("4|84,3|", (headers or {}).get(CLIENT_CURRENT_TELEMETRY))
return MinimalResponse(status_code=200, text=json.dumps({
"access_token": new_access_token,
- "refresh_in": 123,
+ "refresh_in": new_refresh_in,
}))
result = self.app.acquire_token_silent(['s1'], self.account, post=mock_post)
self.assertEqual(result[self.app._TOKEN_SOURCE], self.app._TOKEN_SOURCE_IDP)
self.assertEqual(new_access_token, result.get("access_token"))
self.assertNotIn("refresh_in", result, "Customers need not know refresh_in")
+ self.assertRefreshOn(result, new_refresh_in)
class TestTelemetryMaintainingOfflineState(unittest.TestCase):
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/tests/test_broker.py new/msal-1.30.0/tests/test_broker.py
--- old/msal-1.29.0/tests/test_broker.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/tests/test_broker.py 2024-07-17 06:01:34.000000000 +0200
@@ -41,10 +41,15 @@
self.assertIn("Status_AccountUnusable", result.get("error_description", ""))
def test_unconfigured_app_should_raise_exception(self):
- app_without_needed_redirect_uri = "289a413d-284b-4303-9c79-94380abe5d22"
+ self.skipTest(
+ "After PyMsalRuntime 0.13.2, "
+ "AADSTS error codes were removed from error_context; "
+ "it is not in telemetry either.")
+ app_without_needed_redirect_uri = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9" # This is the lab app. We repurpose it to be used here
with self.assertRaises(RedirectUriError):
- _signin_interactively(
+ result = _signin_interactively(
self._authority, app_without_needed_redirect_uri, self._scopes, None)
+ print(result)
# Note: _acquire_token_silently() would raise same exception,
# we skip its test here due to the lack of a valid account_id
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/tests/test_cryptography.py new/msal-1.30.0/tests/test_cryptography.py
--- old/msal-1.29.0/tests/test_cryptography.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/tests/test_cryptography.py 2024-07-17 06:01:34.000000000 +0200
@@ -8,7 +8,7 @@
import requests
from msal.application import (
- _str2bytes, _load_private_key_from_pem_str, _load_private_key_from_pfx_path)
+ _str2bytes, _load_private_key_from_pem_str, _parse_pfx)
latest_cryptography_version = ET.fromstring(
@@ -48,7 +48,7 @@
_load_private_key_from_pem_str(f.read(), passphrase_bytes)
pfx = sibling("certificate-with-password.pfx") # Created by:
# openssl pkcs12 -export -inkey test/certificate-with-password.pem -in tests/certificate-with-password.pem -out tests/certificate-with-password.pfx
- _load_private_key_from_pfx_path(pfx, passphrase_bytes)
+ _parse_pfx(pfx, passphrase_bytes)
self.assertEqual(0, len(encountered_warnings),
"Did cryptography deprecate the functions that we used?")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/tests/test_e2e.py new/msal-1.30.0/tests/test_e2e.py
--- old/msal-1.29.0/tests/test_e2e.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/tests/test_e2e.py 2024-07-17 06:01:34.000000000 +0200
@@ -80,7 +80,7 @@
else "the upn from {}".format(_render(
username_uri, description="here" if html_mode else None)),
lab=_render(
- "https://aka.ms/GetLabUserSecret?Secret=" + (lab_name or "msidlabXYZ"),
+ "https://aka.ms/GetLabSecret?Secret=" + (lab_name or "msidlabXYZ"),
description="this password api" if html_mode else None,
),
)
@@ -463,7 +463,10 @@
# id came from https://docs.msidlab.com/accounts/confidentialclient.html
client_id = os.getenv(env_client_id)
# Cert came from https://ms.portal.azure.com/#@microsoft.onmicrosoft.com/asset/Microsoft_Azu…
- client_credential = {"private_key_pfx_path": os.getenv(env_client_cert_path)}
+ client_credential = {
+ "private_key_pfx_path": os.getenv(env_client_cert_path),
+ "public_certificate": True, # Opt in for SNI
+ }
elif os.getenv(env_client_id) and os.getenv(env_name2):
# Data came from here
# https://docs.msidlab.com/accounts/confidentialclient.html
@@ -529,7 +532,7 @@
lab_name = lab_name.lower()
if lab_name not in cls._secrets:
logger.info("Querying lab user password for %s", lab_name)
- url = "https://msidlab.com/api/LabUserSecret?secret=%s" % lab_name
+ url = "https://msidlab.com/api/LabSecret?secret=%s" % lab_name
resp = cls.session.get(url)
cls._secrets[lab_name] = resp.json()["value"]
return cls._secrets[lab_name]
@@ -689,11 +692,28 @@
class PopWithExternalKeyTestCase(LabBasedTestCase):
def _test_service_principal(self):
- # Any SP can obtain an ssh-cert. Here we use the lab app.
- result = get_lab_app().acquire_token_for_client(self.SCOPE, data=self.DATA1)
+ app = get_lab_app() # Any SP can obtain an ssh-cert. Here we use the lab app.
+ result = app.acquire_token_for_client(self.SCOPE, data=self.DATA1)
self.assertIsNotNone(result.get("access_token"), "Encountered {}: {}".format(
result.get("error"), result.get("error_description")))
self.assertEqual(self.EXPECTED_TOKEN_TYPE, result["token_type"])
+ self.assertEqual(result["token_source"], "identity_provider")
+
+ # Test cache hit
+ cached_result = app.acquire_token_for_client(self.SCOPE, data=self.DATA1)
+ self.assertIsNotNone(
+ cached_result.get("access_token"), "Encountered {}: {}".format(
+ cached_result.get("error"), cached_result.get("error_description")))
+ self.assertEqual(self.EXPECTED_TOKEN_TYPE, cached_result["token_type"])
+ self.assertEqual(cached_result["token_source"], "cache")
+
+ # refresh_token grant can fetch an ssh-cert bound to a different key
+ refreshed_result = app.acquire_token_for_client(self.SCOPE, data=self.DATA2)
+ self.assertIsNotNone(
+ refreshed_result.get("access_token"), "Encountered {}: {}".format(
+ refreshed_result.get("error"), refreshed_result.get("error_description")))
+ self.assertEqual(self.EXPECTED_TOKEN_TYPE, refreshed_result["token_type"])
+ self.assertEqual(refreshed_result["token_source"], "identity_provider")
def _test_user_account(self):
lab_user = self.get_lab_user(usertype="cloud")
@@ -711,16 +731,30 @@
self.assertIsNotNone(result.get("access_token"), "Encountered {}: {}".format(
result.get("error"), result.get("error_description")))
self.assertEqual(self.EXPECTED_TOKEN_TYPE, result["token_type"])
+ self.assertEqual(result["token_source"], "identity_provider")
logger.debug("%s.cache = %s",
self.id(), json.dumps(self.app.token_cache._cache, indent=4))
+ # refresh_token grant can hit an ssh-cert bound to the same key
+ account = self.app.get_accounts()[0]
+ cached_result = self.app.acquire_token_silent(
+ self.SCOPE, account=account, data=self.DATA1)
+ self.assertIsNotNone(cached_result)
+ self.assertEqual(self.EXPECTED_TOKEN_TYPE, cached_result["token_type"])
+ ## Actually, the self._test_acquire_token_interactive() already contained
+ ## a built-in refresh test, so the token in cache has been refreshed already.
+ ## Therefore, the following line won't pass, which is expected.
+ #self.assertEqual(result["access_token"], cached_result['access_token'])
+ self.assertEqual(cached_result["token_source"], "cache")
+
# refresh_token grant can fetch an ssh-cert bound to a different key
account = self.app.get_accounts()[0]
- refreshed_ssh_cert = self.app.acquire_token_silent(
+ refreshed_result = self.app.acquire_token_silent(
self.SCOPE, account=account, data=self.DATA2)
- self.assertIsNotNone(refreshed_ssh_cert)
- self.assertEqual(self.EXPECTED_TOKEN_TYPE, refreshed_ssh_cert["token_type"])
- self.assertNotEqual(result["access_token"], refreshed_ssh_cert['access_token'])
+ self.assertIsNotNone(refreshed_result)
+ self.assertEqual(self.EXPECTED_TOKEN_TYPE, refreshed_result["token_type"])
+ self.assertNotEqual(result["access_token"], refreshed_result['access_token'])
+ self.assertEqual(refreshed_result["token_source"], "identity_provider")
class SshCertTestCase(PopWithExternalKeyTestCase):
@@ -829,7 +863,7 @@
# https://msidlab.com/api/user?usertype=onprem&federationprovider=ADFSv2019
username = "..." # The upn from the link above
- password="***" # From https://aka.ms/GetLabUserSecret?Secret=msidlabXYZ
+ password="***" # From https://aka.ms/GetLabSecret?Secret=msidlabXYZ
"""
config = self.get_lab_user(usertype="onprem", federationProvider="ADFSv2019")
config["authority"] = "https://fs.%s.com/adfs" % config["lab_name"]
@@ -922,7 +956,7 @@
username="b2clocal(a)msidlabb2c.onmicrosoft.com"
# This won't work https://msidlab.com/api/user?usertype=b2c
- password="***" # From https://aka.ms/GetLabUserSecret?Secret=msidlabb2c
+ password="***" # From https://aka.ms/GetLabSecret?Secret=msidlabb2c
"""
config = self.get_lab_app_object(azureenvironment="azureb2ccloud")
self._test_acquire_token_by_auth_code(
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/msal-1.29.0/tests/test_mi.py new/msal-1.30.0/tests/test_mi.py
--- old/msal-1.29.0/tests/test_mi.py 2024-06-22 04:13:56.000000000 +0200
+++ new/msal-1.30.0/tests/test_mi.py 2024-07-17 06:01:34.000000000 +0200
@@ -26,6 +26,7 @@
SERVICE_FABRIC,
DEFAULT_TO_VM,
)
+from msal.token_cache import is_subdict_of
class ManagedIdentityTestCase(unittest.TestCase):
@@ -60,7 +61,7 @@
http_client=requests.Session(),
)
- def _test_token_cache(self, app):
+ def assertCacheStatus(self, app):
cache = app._token_cache._cache
self.assertEqual(1, len(cache.get("AccessToken", [])), "Should have 1 AT")
at = list(cache["AccessToken"].values())[0]
@@ -70,30 +71,55 @@
"Should have expected client_id")
self.assertEqual("managed_identity", at["realm"], "Should have expected realm")
- def _test_happy_path(self, app, mocked_http):
- result = app.acquire_token_for_client(resource="R")
+ def _test_happy_path(self, app, mocked_http, expires_in, resource="R"):
+ result = app.acquire_token_for_client(resource=resource)
mocked_http.assert_called()
- self.assertEqual({
+ call_count = mocked_http.call_count
+ expected_result = {
"access_token": "AT",
- "expires_in": 1234,
- "resource": "R",
"token_type": "Bearer",
- }, result, "Should obtain a token response")
+ }
+ self.assertTrue(
+ is_subdict_of(expected_result, result), # We will test refresh_on later
+ "Should obtain a token response")
+ self.assertEqual(expires_in, result["expires_in"], "Should have expected expires_in")
+ if expires_in >= 7200:
+ expected_refresh_on = int(time.time() + expires_in / 2)
+ self.assertTrue(
+ expected_refresh_on - 1 <= result["refresh_on"] <= expected_refresh_on + 1,
+ "Should have a refresh_on time around the middle of the token's life")
self.assertEqual(
result["access_token"],
- app.acquire_token_for_client(resource="R").get("access_token"),
+ app.acquire_token_for_client(resource=resource).get("access_token"),
"Should hit the same token from cache")
- self._test_token_cache(app)
+
+ self.assertCacheStatus(app)
+
+ result = app.acquire_token_for_client(resource=resource)
+ self.assertEqual(
+ call_count, mocked_http.call_count,
+ "No new call to the mocked http should be made for a cache hit")
+ self.assertTrue(
+ is_subdict_of(expected_result, result), # We will test refresh_on later
+ "Should obtain a token response")
+ self.assertTrue(
+ expires_in - 5 < result["expires_in"] <= expires_in,
+ "Should have similar expires_in")
+ if expires_in >= 7200:
+ self.assertTrue(
+ expected_refresh_on - 5 < result["refresh_on"] <= expected_refresh_on,
+ "Should have a refresh_on time around the middle of the token's life")
class VmTestCase(ClientTestCase):
def test_happy_path(self):
+ expires_in = 7890 # We test a bigger than 7200 value here
with patch.object(self.app._http_client, "get", return_value=MinimalResponse(
status_code=200,
- text='{"access_token": "AT", "expires_in": "1234", "resource": "R"}',
+ text='{"access_token": "AT", "expires_in": "%s", "resource": "R"}' % expires_in,
)) as mocked_method:
- self._test_happy_path(self.app, mocked_method)
+ self._test_happy_path(self.app, mocked_method, expires_in)
def test_vm_error_should_be_returned_as_is(self):
raw_error = '{"raw": "error format is undefined"}'
@@ -110,12 +136,13 @@
class AppServiceTestCase(ClientTestCase):
def test_happy_path(self):
+ expires_in = 1234
with patch.object(self.app._http_client, "get", return_value=MinimalResponse(
status_code=200,
text='{"access_token": "AT", "expires_on": "%s", "resource": "R"}' % (
- int(time.time()) + 1234),
+ int(time.time()) + expires_in),
)) as mocked_method:
- self._test_happy_path(self.app, mocked_method)
+ self._test_happy_path(self.app, mocked_method, expires_in)
def test_app_service_error_should_be_normalized(self):
raw_error = '{"statusCode": 500, "message": "error content is undefined"}'
@@ -134,12 +161,13 @@
class MachineLearningTestCase(ClientTestCase):
def test_happy_path(self):
+ expires_in = 1234
with patch.object(self.app._http_client, "get", return_value=MinimalResponse(
status_code=200,
text='{"access_token": "AT", "expires_on": "%s", "resource": "R"}' % (
- int(time.time()) + 1234),
+ int(time.time()) + expires_in),
)) as mocked_method:
- self._test_happy_path(self.app, mocked_method)
+ self._test_happy_path(self.app, mocked_method, expires_in)
def test_machine_learning_error_should_be_normalized(self):
raw_error = '{"error": "placeholder", "message": "placeholder"}'
@@ -162,12 +190,14 @@
class ServiceFabricTestCase(ClientTestCase):
def _test_happy_path(self, app):
+ expires_in = 1234
with patch.object(app._http_client, "get", return_value=MinimalResponse(
status_code=200,
text='{"access_token": "AT", "expires_on": %s, "resource": "R", "token_type": "Bearer"}' % (
- int(time.time()) + 1234),
+ int(time.time()) + expires_in),
)) as mocked_method:
- super(ServiceFabricTestCase, self)._test_happy_path(app, mocked_method)
+ super(ServiceFabricTestCase, self)._test_happy_path(
+ app, mocked_method, expires_in)
def test_happy_path(self):
self._test_happy_path(self.app)
@@ -212,15 +242,16 @@
})
def test_happy_path(self, mocked_stat):
+ expires_in = 1234
with patch.object(self.app._http_client, "get", side_effect=[
self.challenge,
MinimalResponse(
status_code=200,
- text='{"access_token": "AT", "expires_in": "1234", "resource": "R"}',
+ text='{"access_token": "AT", "expires_in": "%s", "resource": "R"}' % expires_in,
),
]) as mocked_method:
try:
- super(ArcTestCase, self)._test_happy_path(self.app, mocked_method)
+ self._test_happy_path(self.app, mocked_method, expires_in)
mocked_stat.assert_called_with(os.path.join(
_supported_arc_platforms_and_their_prefixes[sys.platform],
"foo.key"))
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-google-api-python-client for openSUSE:Factory checked in at 2024-08-01 22:04:20
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-google-api-python-client (Old)
and /work/SRC/openSUSE:Factory/.python-google-api-python-client.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-google-api-python-client"
Thu Aug 1 22:04:20 2024 rev:50 rq:1190660 version:2.139.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-google-api-python-client/python-google-api-python-client.changes 2024-07-15 19:50:40.810782377 +0200
+++ /work/SRC/openSUSE:Factory/.python-google-api-python-client.new.7232/python-google-api-python-client.changes 2024-08-01 22:04:45.145265996 +0200
@@ -1,0 +2,117 @@
+Wed Jul 31 10:12:45 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz(a)suse.com>
+
+- Update to 2.139.0
+ * **appengine:** Update the api
+ * **bigquery:** Update the api
+ * **bigtableadmin:** Update the api
+ * **cloudbuild:** Update the api
+ * **contactcenterinsights:** Update the api
+ * **contentwarehouse:** Update the api
+ * **datamigration:** Update the api
+ * **dataplex:** Update the api
+ * **dialogflow:** Update the api
+ * **discovery:** Update the api
+ * **dlp:** Update the api
+ * **dns:** Update the api
+ * **file:** Update the api
+ * **firebaseappdistribution:** Update the api
+ * **firebaseml:** Update the api
+ * **merchantapi:** Update the api
+ * **monitoring:** Update the api
+ * **networkmanagement:** Update the api
+ * **networksecurity:** Update the api
+ * **playintegrity:** Update the api
+ * **recaptchaenterprise:** Update the api
+ * **walletobjects:** Update the api
+ * **workloadmanager:** Update the api
+- from version 2.138.0
+ * Add support for reading apiVersion in discovery artifacts (#2380)
+ * **aiplatform:** Update the api
+ * **aiplatform:** Update the api
+ * **analyticsadmin:** Update the api
+ * **analyticsadmin:** Update the api
+ * **androidpublisher:** Update the api
+ * **androidpublisher:** Update the api
+ * **apim:** Update the api
+ * **artifactregistry:** Update the api
+ * **artifactregistry:** Update the api
+ * **artifactregistry:** Update the api
+ * **backupdr:** Update the api
+ * **cloudbuild:** Update the api
+ * **cloudbuild:** Update the api
+ * **cloudcontrolspartner:** Update the api
+ * **cloudsearch:** Update the api
+ * **composer:** Update the api
+ * **compute:** Update the api
+ * **compute:** Update the api
+ * **compute:** Update the api
+ * **connectors:** Update the api
+ * **connectors:** Update the api
+ * **connectors:** Update the api
+ * **container:** Update the api
+ * **content:** Update the api
+ * **dialogflow:** Update the api
+ * **dialogflow:** Update the api
+ * **discoveryengine:** Update the api
+ * **discoveryengine:** Update the api
+ * **discoveryengine:** Update the api
+ * **discovery:** Update the api
+ * **displayvideo:** Update the api
+ * **docs:** Update the api
+ * **documentai:** Update the api
+ * **essentialcontacts:** Update the api
+ * **essentialcontacts:** Update the api
+ * **file:** Update the api
+ * **file:** Update the api
+ * **firebaseappdistribution:** Update the api
+ * **firebaseappdistribution:** Update the api
+ * **firebaseml:** Update the api
+ * **firestore:** Update the api
+ * **gkehub:** Update the api
+ * **gkehub:** Update the api
+ * **healthcare:** Update the api
+ * **iam:** Update the api
+ * **iam:** Update the api
+ * **integrations:** Update the api
+ * **integrations:** Update the api
+ * **logging:** Update the api
+ * **logging:** Update the api
+ * **manufacturers:** Update the api
+ * **merchantapi:** Update the api
+ * **merchantapi:** Update the api
+ * **merchantapi:** Update the api
+ * **metastore:** Update the api
+ * **metastore:** Update the api
+ * **migrationcenter:** Update the api
+ * **networkservices:** Update the api
+ * **networkservices:** Update the api
+ * **ondemandscanning:** Update the api
+ * **ondemandscanning:** Update the api
+ * **playintegrity:** Update the api
+ * **playintegrity:** Update the api
+ * **recaptchaenterprise:** Update the api
+ * **retail:** Update the api
+ * **retail:** Update the api
+ * **retail:** Update the api
+ * **sheets:** Update the api
+ * **spanner:** Update the api
+ * **spanner:** Update the api
+ * **spanner:** Update the api
+ * **sqladmin:** Update the api
+ * **sqladmin:** Update the api
+ * **sts:** Update the api
+ * **sts:** Update the api
+ * **translate:** Update the api
+ * **vmmigration:** Update the api
+ * **walletobjects:** Update the api
+ * **workflowexecutions:** Update the api
+ * **workloadmanager:** Update the api
+ * **workloadmanager:** Update the api
+ * **workstations:** Update the api
+ * **workstations:** Update the api
+ * **workstations:** Update the api
+ * **dataflow:** Update the api
+ * **dlp:** Update the api
+ * **dlp:** Update the api
+
+-------------------------------------------------------------------
Old:
----
google_api_python_client-2.137.0.tar.gz
New:
----
google_api_python_client-2.139.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-google-api-python-client.spec ++++++
--- /var/tmp/diff_new_pack.oRcwTB/_old 2024-08-01 22:04:46.205309717 +0200
+++ /var/tmp/diff_new_pack.oRcwTB/_new 2024-08-01 22:04:46.205309717 +0200
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-google-api-python-client
-Version: 2.137.0
+Version: 2.139.0
Release: 0
Summary: Google APIs Python Client
License: Apache-2.0
++++++ google_api_python_client-2.137.0.tar.gz -> google_api_python_client-2.139.0.tar.gz ++++++
/work/SRC/openSUSE:Factory/python-google-api-python-client/google_api_python_client-2.137.0.tar.gz /work/SRC/openSUSE:Factory/.python-google-api-python-client.new.7232/google_api_python_client-2.139.0.tar.gz differ: char 5, line 1
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libuninameslist for openSUSE:Factory checked in at 2024-08-01 22:04:19
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libuninameslist (Old)
and /work/SRC/openSUSE:Factory/.libuninameslist.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libuninameslist"
Thu Aug 1 22:04:19 2024 rev:14 rq:1190762 version:20240524
Changes:
--------
--- /work/SRC/openSUSE:Factory/libuninameslist/libuninameslist.changes 2023-09-20 13:31:25.847462919 +0200
+++ /work/SRC/openSUSE:Factory/.libuninameslist.new.7232/libuninameslist.changes 2024-08-01 22:04:43.889214192 +0200
@@ -1,0 +2,6 @@
+Tue Jul 30 10:34:53 UTC 2024 - pgajdos(a)suse.com
+
+- version update to 20240524
+ * Version 1.14, Unicode 15.1 and French version 1.7 now is at 15.1.
+
+-------------------------------------------------------------------
Old:
----
20230916.tar.gz
New:
----
20240524.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libuninameslist.spec ++++++
--- /var/tmp/diff_new_pack.6Qw9a9/_old 2024-08-01 22:04:44.429236465 +0200
+++ /var/tmp/diff_new_pack.6Qw9a9/_new 2024-08-01 22:04:44.429236465 +0200
@@ -1,7 +1,7 @@
#
# spec file for package libuninameslist
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%define somajor 1
Name: libuninameslist
-Version: 20230916
+Version: 20240524
Release: 0
Summary: A library providing Unicode character names and annotations
License: BSD-3-Clause
++++++ 20230916.tar.gz -> 20240524.tar.gz ++++++
++++ 3558 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package aws-efs-utils for openSUSE:Factory checked in at 2024-08-01 22:04:18
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/aws-efs-utils (Old)
and /work/SRC/openSUSE:Factory/.aws-efs-utils.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "aws-efs-utils"
Thu Aug 1 22:04:18 2024 rev:18 rq:1190670 version:2.0.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/aws-efs-utils/aws-efs-utils.changes 2024-02-21 17:56:04.890576784 +0100
+++ /work/SRC/openSUSE:Factory/.aws-efs-utils.new.7232/aws-efs-utils.changes 2024-08-01 22:04:40.821087651 +0200
@@ -1,0 +2,25 @@
+Wed Jul 31 11:04:49 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz(a)suse.com>
+
+- Update to version 2.0.3
+ * Upgrade py version
+ * Replace deprecated usage of datetime
+- from version 2.0.2
+ * Check for efs-proxy PIDs when cleaning tunnel state files
+ * Add PID to log entries
+- from version 2.0.1
+ * Disable Nagle's algorithm for efs-proxy TLS mounts to improve latencies
+- from version 2.0.0
+ * Replace stunnel, which provides TLS encryptions for mounts, with efs-proxy,
+ a component built in-house at AWS. Efs-proxy lays the foundation for upcoming
+ feature launches at EFS.
+- from version 1.36.0
+ * Support new mount option: crossaccount, conduct cross account mounts via ip address.
+ Use client AZ-ID to choose mount target.
+- from version 1.35.2
+ * Revert "Add warning if using older Version"
+ * Support MacOS Sonoma
+- Switch package to modern Python Stack on SLE-15
+ * Use Python 3.11 on SLE-15 by default
+ * Use primary Python version on Tumbleweed
+
+-------------------------------------------------------------------
Old:
----
efs-utils-1.35.1.tar.gz
New:
----
efs-utils-2.0.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ aws-efs-utils.spec ++++++
--- /var/tmp/diff_new_pack.8oyhiW/_old 2024-08-01 22:04:43.645204128 +0200
+++ /var/tmp/diff_new_pack.8oyhiW/_new 2024-08-01 22:04:43.649204293 +0200
@@ -16,8 +16,14 @@
#
+%if 0%{?suse_version} >= 1600
+%define pythons %{primary_python}
+%else
+%define pythons python311
+%endif
+%global _sitelibdir %{%{pythons}_sitelib}
Name: aws-efs-utils
-Version: 1.35.1
+Version: 2.0.3
Release: 0
Summary: Utilities for using the EFS file systems
License: MIT
@@ -28,23 +34,23 @@
Patch1: harden_amazon-efs-mount-watchdog.service.patch
Patch2: skip-styletest.patch
Patch3: use_mock_from_unittest.patch
+BuildRequires: %{pythons}-attrs >= 17.4.0
+BuildRequires: %{pythons}-botocore >= 1.17.53
+BuildRequires: %{pythons}-coverage >= 4.5.4
BuildRequires: openssl
-BuildRequires: python3-attrs >= 17.4.0
-BuildRequires: python3-botocore >= 1.17.53
-BuildRequires: python3-coverage >= 4.5.4
-#BuildRequires: python3-flake8 >= 3.7.9
-BuildRequires: python3-flake8
-BuildRequires: python3-mccabe >= 0.6.1
-BuildRequires: python3-pbr >= 3.1.1
-BuildRequires: python3-pluggy >= 0.13.0
-BuildRequires: python3-py >= 1.10.0
-BuildRequires: python3-pycodestyle >= 2.5.0
-BuildRequires: python3-pyflakes >= 2.1.1
-BuildRequires: python3-pytest >= 4.6.7
-BuildRequires: python3-pytest-cov >= 2.8.1
-BuildRequires: python3-pytest-html >= 1.19.0
-BuildRequires: python3-pytest-metadata >= 1.7.0
-BuildRequires: python3-pytest-mock >= 1.11.2
+#BuildRequires: %{pythons}-flake8 >= 3.7.9
+BuildRequires: %{pythons}-flake8
+BuildRequires: %{pythons}-mccabe >= 0.6.1
+BuildRequires: %{pythons}-pbr >= 3.1.1
+BuildRequires: %{pythons}-pluggy >= 0.13.0
+BuildRequires: %{pythons}-py >= 1.11.0
+BuildRequires: %{pythons}-pycodestyle >= 2.5.0
+BuildRequires: %{pythons}-pyflakes >= 2.1.1
+BuildRequires: %{pythons}-pytest >= 4.6.7
+BuildRequires: %{pythons}-pytest-cov >= 2.8.1
+BuildRequires: %{pythons}-pytest-html >= 1.19.0
+BuildRequires: %{pythons}-pytest-metadata >= 1.7.0
+BuildRequires: %{pythons}-pytest-mock >= 1.11.2
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(systemd)
Requires: nfs-utils
++++++ efs-utils-1.35.1.tar.gz -> efs-utils-2.0.3.tar.gz ++++++
++++ 10045 lines of diff (skipped)
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package dracut-sshd for openSUSE:Factory checked in at 2024-08-01 22:04:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/dracut-sshd (Old)
and /work/SRC/openSUSE:Factory/.dracut-sshd.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "dracut-sshd"
Thu Aug 1 22:04:17 2024 rev:4 rq:1190662 version:0.6.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/dracut-sshd/dracut-sshd.changes 2020-11-17 21:23:20.361261982 +0100
+++ /work/SRC/openSUSE:Factory/.dracut-sshd.new.7232/dracut-sshd.changes 2024-08-01 22:04:39.621038156 +0200
@@ -1,0 +2,7 @@
+Wed Jul 31 07:00:49 UTC 2024 - Antonio Feijoo <antonio.feijoo(a)suse.com>
+
+- Support OpenSSH 9.8
+ * Adds 0002-Support-OpenSSH-9.8.patch
+ * Adds 0003-Support-OpenSSH-9.8-for-openSUSE.patch
+
+-------------------------------------------------------------------
New:
----
0002-Support-OpenSSH-9.8.patch
0003-Support-OpenSSH-9.8-for-openSUSE.patch
BETA DEBUG BEGIN:
New:- Support OpenSSH 9.8
* Adds 0002-Support-OpenSSH-9.8.patch
* Adds 0003-Support-OpenSSH-9.8-for-openSUSE.patch
New: * Adds 0002-Support-OpenSSH-9.8.patch
* Adds 0003-Support-OpenSSH-9.8-for-openSUSE.patch
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ dracut-sshd.spec ++++++
--- /var/tmp/diff_new_pack.ghT4Kd/_old 2024-08-01 22:04:40.653080722 +0200
+++ /var/tmp/diff_new_pack.ghT4Kd/_new 2024-08-01 22:04:40.657080887 +0200
@@ -1,7 +1,7 @@
#
# spec file for package dracut-sshd
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,6 +26,8 @@
URL: https://github.com/gsauthof/dracut-sshd
Source: https://github.com/gsauthof/dracut-sshd/archive/%{version}%{pkg_rel}/%{name…
Patch1: 0001-Give-some-guidance-through-motd-prompt.patch
+Patch2: 0002-Support-OpenSSH-9.8.patch
+Patch3: 0003-Support-OpenSSH-9.8-for-openSUSE.patch
BuildRequires: dracut
Requires: dracut
BuildRoot: %{_tmppath}/%{name}-%{version}-build
++++++ 0002-Support-OpenSSH-9.8.patch ++++++
From 70e5062427a5da3732721ea6d3064d5936d0f0e9 Mon Sep 17 00:00:00 2001
From: Ellison Patterson <3533001+ellisonpatterson(a)users.noreply.github.com>
Date: Mon, 1 Jul 2024 11:39:29 -0400
Subject: [PATCH 2/3] Support OpenSSH 9.8
Reason for why we need these executables:
https://www.openssh.com/releasenotes.html#9.8p1
* sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.
fixes #80
---
46sshd/module-setup.sh | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/46sshd/module-setup.sh b/46sshd/module-setup.sh
index eb9da8d..7f26087 100755
--- a/46sshd/module-setup.sh
+++ b/46sshd/module-setup.sh
@@ -58,6 +58,18 @@ install() {
inst_multiple -o /etc/sysconfig/sshd /etc/sysconfig/ssh \
/etc/sysconfig/dracut-sshd
+ # Copy ssh helper executables for OpenSSH 9.8+
+ # /usr/lib/ssh -> Arch
+ # /usr/lib(64)/misc -> Gentoo
+ # /usr/libexec/openssh -> Fedora (possibly)
+ local d
+ for d in /usr/lib/ssh /usr/lib64/misc /usr/lib/misc /usr/libexec/openssh ; do
+ if [ -f "$d"/sshd-session ]; then
+ inst_multiple "$d"/{sshd-session,sftp-server}
+ break
+ fi
+ done
+
# First entry for Fedora 28, second for Fedora 27
inst_multiple -o /etc/crypto-policies/back-ends/opensshserver.config \
/etc/crypto-policies/back-ends/openssh-server.config
--
2.35.3
++++++ 0003-Support-OpenSSH-9.8-for-openSUSE.patch ++++++
From 6377dc91b655cc1027bbfcf5ff092cc64b8cf013 Mon Sep 17 00:00:00 2001
From: Antonio Alvarez Feijoo <antonio.feijoo(a)suse.com>
Date: Tue, 30 Jul 2024 09:42:59 +0200
Subject: [PATCH 3/3] Support OpenSSH 9.8 for openSUSE
Follow-up for 70e5062427a5da3732721ea6d3064d5936d0f0e9
---
46sshd/module-setup.sh | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/46sshd/module-setup.sh b/46sshd/module-setup.sh
index 7f26087..3eee79c 100755
--- a/46sshd/module-setup.sh
+++ b/46sshd/module-setup.sh
@@ -61,9 +61,10 @@ install() {
# Copy ssh helper executables for OpenSSH 9.8+
# /usr/lib/ssh -> Arch
# /usr/lib(64)/misc -> Gentoo
- # /usr/libexec/openssh -> Fedora (possibly)
+ # /usr/libexec/openssh -> Fedora
+ # /usr/libexec/ssh -> openSUSE
local d
- for d in /usr/lib/ssh /usr/lib64/misc /usr/lib/misc /usr/libexec/openssh ; do
+ for d in /usr/lib/ssh /usr/lib64/misc /usr/lib/misc /usr/libexec/openssh /usr/libexec/ssh ; do
if [ -f "$d"/sshd-session ]; then
inst_multiple "$d"/{sshd-session,sftp-server}
break
--
2.35.3
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package qgis for openSUSE:Factory checked in at 2024-08-01 22:04:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/qgis (Old)
and /work/SRC/openSUSE:Factory/.qgis.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "qgis"
Thu Aug 1 22:04:12 2024 rev:55 rq:1190783 version:3.38.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/qgis/qgis.changes 2024-07-18 19:16:19.447075780 +0200
+++ /work/SRC/openSUSE:Factory/.qgis.new.7232/qgis.changes 2024-08-01 22:04:35.688875979 +0200
@@ -1,0 +2,7 @@
+Tue Jul 30 12:50:56 UTC 2024 - Enno Tensing <tenno+suse(a)suij.in>
+
+- update to 3.38.1; Upstream does not provide a detailed changelog
+ See https://github.com/qgis/QGIS/compare/final-3_38_0%5E...final-3_38_1
+ for commits between 3.38.0 and 3.38.1
+
+-------------------------------------------------------------------
Old:
----
qgis-3.38.0.tar.bz2
qgis-3.38.0.tar.bz2.sha256
New:
----
qgis-3.38.1.tar.bz2
qgis-3.38.1.tar.bz2.sha256
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ qgis.spec ++++++
--- /var/tmp/diff_new_pack.lm2IKO/_old 2024-08-01 22:04:39.209021163 +0200
+++ /var/tmp/diff_new_pack.lm2IKO/_new 2024-08-01 22:04:39.221021658 +0200
@@ -24,7 +24,7 @@
%else
Name: qgis
%endif
-Version: 3.38.0
+Version: 3.38.1
Release: 0
Summary: A Geographic Information System (GIS)
License: GPL-2.0-only
++++++ qgis-3.38.0.tar.bz2 -> qgis-3.38.1.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/qgis/qgis-3.38.0.tar.bz2 /work/SRC/openSUSE:Factory/.qgis.new.7232/qgis-3.38.1.tar.bz2 differ: char 11, line 1
++++++ qgis-3.38.0.tar.bz2.sha256 -> qgis-3.38.1.tar.bz2.sha256 ++++++
--- /work/SRC/openSUSE:Factory/qgis/qgis-3.38.0.tar.bz2.sha256 2024-07-18 19:16:19.315070496 +0200
+++ /work/SRC/openSUSE:Factory/.qgis.new.7232/qgis-3.38.1.tar.bz2.sha256 2024-08-01 22:04:35.684875814 +0200
@@ -1 +1 @@
-f9cf5ab241b9d6b3f5d40d4d7a6759a5f806148a7c9a11ba85670a03f2344be7 qgis-3.38.0.tar.bz2
+c670f90e3929e7f76abe4a19f0dbf8c1b1f24f1b54c15a91839a8d0cedd05137 qgis-3.38.1.tar.bz2
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libvmime for openSUSE:Factory checked in at 2024-08-01 22:04:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libvmime (Old)
and /work/SRC/openSUSE:Factory/.libvmime.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvmime"
Thu Aug 1 22:04:11 2024 rev:34 rq:1190650 version:0.9.2+g203
Changes:
--------
--- /work/SRC/openSUSE:Factory/libvmime/libvmime.changes 2024-06-20 16:48:28.988338253 +0200
+++ /work/SRC/openSUSE:Factory/.libvmime.new.7232/libvmime.changes 2024-08-01 22:04:30.828675526 +0200
@@ -1,0 +2,5 @@
+Wed Jul 24 11:58:38 UTC 2024 - Jan Engelhardt <jengelh(a)inai.de>
+
+- Update libvmime-soname.diff to support out-of-tree cmake builds
+
+-------------------------------------------------------------------
New:
----
_scmsync.obsinfo
build.specials.obscpio
debian.libvmime-suse6.install
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ _scmsync.obsinfo ++++++
mtime: 1721822337
commit: e68844707f6935fa176d44c9ca68207db27f4615e66f42558c214b4605772087
url: https://src.opensuse.org/jengelh/libvmime
revision: master
++++++ _service ++++++
--- /var/tmp/diff_new_pack.9fGSdL/_old 2024-08-01 22:04:32.820757686 +0200
+++ /var/tmp/diff_new_pack.9fGSdL/_new 2024-08-01 22:04:32.820757686 +0200
@@ -2,7 +2,7 @@
<service name="tar_scm" mode="manual">
<param name="scm">git</param>
<param name="url">https://github.com/kisli/vmime</param>
- <param name="revision">master</param>
+ <param name="revision">d03ad5f0f6d3b2d54009ccdc7d1f7670218b263c</param>
<param name="parent-tag">v0.9.2</param>
<param name="versionformat">0.9.2+g@TAG_OFFSET@</param>
</service>
++++++ debian.libvmime-suse6.install ++++++
usr/lib/*/libvmime*.so.*
++++++ libvmime-soname.diff ++++++
--- /var/tmp/diff_new_pack.9fGSdL/_old 2024-08-01 22:04:32.920761811 +0200
+++ /var/tmp/diff_new_pack.9fGSdL/_new 2024-08-01 22:04:32.924761976 +0200
@@ -33,8 +33,8 @@
COMPILE_FLAGS -DVMIME_SHARED
)
-+ execute_process(COMMAND ln -s libvmime-suse.so.${VMIME_API_VERSION_CURRENT} libvmime.so)
-+ install(FILES ${CMAKE_CURRENT_BINARY_DIR}/libvmime.so DESTINATION ${CMAKE_INSTALL_LIBDIR}/ COMPONENT libraries)
++ execute_process(COMMAND ln -s libvmime-suse.so.${VMIME_API_VERSION_CURRENT} ${CMAKE_BINARY_DIR}/libvmime.so)
++ install(FILES ${CMAKE_BINARY_DIR}/libvmime.so DESTINATION ${CMAKE_INSTALL_LIBDIR}/ COMPONENT libraries)
+
ENDIF()
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package tik for openSUSE:Factory checked in at 2024-08-01 22:04:11
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/tik (Old)
and /work/SRC/openSUSE:Factory/.tik.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "tik"
Thu Aug 1 22:04:11 2024 rev:16 rq:1190654 version:1.2.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/tik/tik.changes 2024-07-25 16:03:17.985321664 +0200
+++ /work/SRC/openSUSE:Factory/.tik.new.7232/tik.changes 2024-08-01 22:04:29.968640054 +0200
@@ -1,0 +2,19 @@
+Wed Jul 31 12:30:38 UTC 2024 - rbrown(a)suse.com
+
+- Update to version 1.2.3:
+ * encrypt: recoverykey is now always slot #2
+
+-------------------------------------------------------------------
+Wed Jul 31 12:27:03 UTC 2024 - rbrown(a)suse.com
+
+- Update to version 1.2.2:
+ * encrypt: create passphrase before recoverykey to keep key slot alignment with Default Mode
+
+-------------------------------------------------------------------
+Wed Jul 31 12:05:50 UTC 2024 - rbrown(a)suse.com
+
+- Update to version 1.2.1:
+ * mig: Actually check if /@/home mount fails (boo#1227714)
+ * encrypt: Fix boo#1228416 by doing enrolment in correct order
+
+-------------------------------------------------------------------
Old:
----
tik-1.2.obscpio
New:
----
tik-1.2.3.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tik.spec ++++++
--- /var/tmp/diff_new_pack.7EHZ9A/_old 2024-08-01 22:04:30.552664142 +0200
+++ /var/tmp/diff_new_pack.7EHZ9A/_new 2024-08-01 22:04:30.556664307 +0200
@@ -17,7 +17,7 @@
Name: tik
-Version: 1.2
+Version: 1.2.3
Release: 0
Summary: Transactional Installation Kit
License: MIT
++++++ _service ++++++
--- /var/tmp/diff_new_pack.7EHZ9A/_old 2024-08-01 22:04:30.580665296 +0200
+++ /var/tmp/diff_new_pack.7EHZ9A/_new 2024-08-01 22:04:30.580665296 +0200
@@ -3,7 +3,7 @@
<service name="obs_scm" mode="manual">
<param name="url">https://github.com/sysrich/tik.git</param>
<param name="scm">git</param>
- <param name="revision">v1.2</param>
+ <param name="revision">v1.2.3</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.7EHZ9A/_old 2024-08-01 22:04:30.600666121 +0200
+++ /var/tmp/diff_new_pack.7EHZ9A/_new 2024-08-01 22:04:30.604666286 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/sysrich/tik.git</param>
- <param name="changesrevision">a17b5aa348938da12eeb79a0dbc1f7b257bd0da0</param></service></servicedata>
+ <param name="changesrevision">d013149dc0fe0b7acb3a894f73547a846c237d2a</param></service></servicedata>
(No newline at EOF)
++++++ tik-1.2.obscpio -> tik-1.2.3.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tik-1.2/usr/lib/tik/modules/post/15-encrypt new/tik-1.2.3/usr/lib/tik/modules/post/15-encrypt
--- old/tik-1.2/usr/lib/tik/modules/post/15-encrypt 2024-07-24 14:32:45.000000000 +0200
+++ new/tik-1.2.3/usr/lib/tik/modules/post/15-encrypt 2024-07-31 14:29:58.000000000 +0200
@@ -64,7 +64,7 @@
prun /usr/sbin/cryptsetup luksOpen --key-file=${tik_keyfile} ${cryptpart} aeon_root
echo "35" > ${encrypt_pipe}
prun /usr/bin/mount -o compress=zstd:1 /dev/mapper/aeon_root ${encrypt_dir}/mnt
- for i in proc dev sys 'sys/firmware/efi/efivars' 'sys/fs/cgroup'; do
+ for i in proc dev sys tmp 'sys/firmware/efi/efivars' 'sys/fs/cgroup'; do
prun /usr/bin/mount --bind "/$i" "${encrypt_dir}/mnt/$i"
done
prun /usr/bin/mount -o compress=zstd:1,subvol=/@/.snapshots /dev/mapper/aeon_root ${encrypt_dir}/mnt/.snapshots
@@ -73,7 +73,6 @@
eval prun "$etcmountcmd"
prun /usr/bin/mount ${esppart} ${encrypt_dir}/mnt/boot/efi
prun /usr/bin/mount -t tmpfs tmpfs "${encrypt_dir}/mnt/run"
- prun /usr/bin/mount -t tmpfs tmpfs "${encrypt_dir}/mnt/tmp"
prun /usr/bin/mount -t securityfs securityfs "${encrypt_dir}/mnt/sys/kernel/security"
echo "42" > ${encrypt_pipe}
}
@@ -133,6 +132,14 @@
WantedBy=default.target
EOF
prun /usr/bin/ln -s ${encrypt_dir}/mnt/etc/systemd/system/firstboot-update-predictions.service ${encrypt_dir}/mnt/etc/systemd/system/default.target.wants/firstboot-update-predictions.service
+ log "[configure_encryption] Generating Predictions"
+ echo "# Generating TPM Predictions" > ${encrypt_pipe}
+ prun /usr/bin/chroot ${encrypt_dir}/mnt sdbootutil -vv update-predictions
+ echo "73" > ${encrypt_pipe}
+ log "[configure_encryption] Default Mode - Enrolling ${cryptpart} to TPM 2.0"
+ echo "# Enrolling to TPM" > ${encrypt_pipe}
+ prun /usr/bin/chroot ${encrypt_dir}/mnt systemd-cryptenroll --unlock-key-file=${tik_keyfile} --tpm2-device=auto ${cryptpart}
+ echo "76" > ${encrypt_pipe}
fi
}
@@ -143,7 +150,6 @@
prun /usr/bin/umount "${encrypt_dir}/mnt/$i"
done
prun /usr/bin/umount ${encrypt_dir}/mnt
- prun /usr/bin/rmdir ${encrypt_dir}/mnt
prun /usr/sbin/cryptsetup luksClose aeon_root
echo "77" > ${encrypt_pipe}
}
@@ -167,23 +173,24 @@
echo "# Adding recovery key to ${cryptpart}" > ${encrypt_pipe}
log "[add_recoveryKey] adding recovery key to ${cryptpart}"
prun /usr/sbin/cryptsetup luksAddKey --key-file=${tik_keyfile} --batch-mode --force-password "${cryptpart}" <<<"${key}"
- echo '{"type":"systemd-recovery","keyslots":["1"]}' | prun /usr/sbin/cryptsetup token import "${cryptpart}"
+ echo '{"type":"systemd-recovery","keyslots":["2"]}' | prun /usr/sbin/cryptsetup token import "${cryptpart}"
echo "100" > ${encrypt_pipe}
}
display_recoveryKey() {
local defaultmsg="This ${TIK_OS_NAME} system is encrypted and checks its own integrity on every boot\nIn the event of these integrity checks failing, you will need to use the Recovery Key provided below to enter this system\n\nLikely reasons for integrity checks failing include:\n\n• UEFI System Firmware updated\n• Secure Boot changed from enabled or disabled\n• Boot drive was moved to a different computer\n• Disk partitions were changed\n• Boot loader or initrd were altered unexpectedly\n\nIf you are unaware as to why the system is requesting the recovery key, this systems security may have been compromised\nThe best course of action may be to not unlock the disk until you can determine what changed to require the Recovery Key\n\nThis systems Recovery Key is:\n\n <b><big>${key}</big></b>\n\nPlease save this secret Recovery Key in a secure location\n\n"
- local fallbackmsg="This ${TIK_OS_NAME} system is encrypted and will require a Passphrase on every boot\n\nYou will be prompted to set the Passphrase on the next screen\n\nIn addition a Recovery Key has been generated:\n\n <b><big>${key}</big></b>\n\nPlease save this secret Recovery Key in a secure location\nIt may be used to regain access to this system if the other Passphrase becomes lost or forgotten\n\n"
+ local fallbackmsg="In addition to your Passphrase a Recovery Key has been generated:\n\n <b><big>${key}</big></b>\n\nPlease save this secret Recovery Key in a secure location\nIt may be used to regain access to this system if the other Passphrase becomes lost or forgotten\n\n"
local message
[ "${tik_encrypt_mode}" == 0 ] && message=${defaultmsg}
[ "${tik_encrypt_mode}" == 1 ] && message=${fallbackmsg}
log "[display_recoveryKey] displaying recovery key"
- zenity --width=500 --height=500 --no-wrap --warning --title="Encryption Recovery Key" --text="${message}You may optionally scan the recovery key off screen:\n<span face='monospace'>$(qrencode ${key} -t UTF8i)</span>\nFor more information please visit <tt>https://aeondesktop.org/encrypt</tt>"
+ zenity --width=500 --height=500 --no-wrap --warning --icon=security-high-symbolic --title="Encryption Recovery Key" --text="${message}You may optionally scan the recovery key off screen:\n<span face='monospace'>$(qrencode ${key} -t UTF8i)</span>\nFor more information please visit <tt>https://aeondesktop.org/encrypt</tt>"
log "[display_recoveryKey] recovery key dialogue dismissed"
}
add_key() {
if [ "${tik_encrypt_mode}" == 1 ]; then
+ d --width=500 --height=300 --no-wrap --warning --icon=security-high-symbolic --title="Set Encryption Passphrase" --text="This ${TIK_OS_NAME} system is encrypted and will require a Passphrase on every boot\n\nYou will be prompted to set the Passphrase on the next screen\n\nFor more information please visit <tt>https://aeondesktop.org/encrypt</tt>"
log "[add_key] Fallback Mode - Prompting user for passphrase for ${cryptpart}"
# Not using 'd' function to avoid logging the password
while true
@@ -200,9 +207,6 @@
;;
esac
done
- else
- log "[add_key] Default Mode - Enrolling ${cryptpart} to TPM 2.0"
- prun /usr/bin/systemd-cryptenroll --unlock-key-file=${tik_keyfile} --tpm2-device=auto ${cryptpart} > >(d --progress --title="Finalising Encryption" --text="Enrolling to TPM 2.0" --pulsate --auto-close --no-cancel --width=400)
fi
}
@@ -212,7 +216,7 @@
open_partition
configure_encryption
close_partition
+add_key
generate_recoveryKey
add_recoveryKey
-display_recoveryKey
-add_key
\ No newline at end of file
+display_recoveryKey
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/tik-1.2/usr/lib/tik/modules/pre/20-mig new/tik-1.2.3/usr/lib/tik/modules/pre/20-mig
--- old/tik-1.2/usr/lib/tik/modules/pre/20-mig 2024-07-24 14:32:45.000000000 +0200
+++ new/tik-1.2.3/usr/lib/tik/modules/pre/20-mig 2024-07-31 14:29:58.000000000 +0200
@@ -81,7 +81,8 @@
if [ -n "${probedpart}" ]; then
prun /usr/bin/mkdir ${mig_dir}/mnt
- if prun-opt /usr/bin/mount -o compress=zstd:1,subvol=/@/home ${probedpart} ${mig_dir}/mnt; then
+ prun-opt /usr/bin/mount -o compress=zstd:1,subvol=/@/home ${probedpart} ${mig_dir}/mnt
+ if [ ${retval} -eq 0 ]; then
prun /usr/sbin/btrfs quota rescan -w ${mig_dir}/mnt | d --progress --title="Detected existing /home subvolume.." --pulsate --auto-close --no-cancel --width=400
home_size=$(prun /usr/sbin/btrfs qgroup show --raw -f ${mig_dir}/mnt | grep @/home$ | awk '{print $2}')
tik_stick_size=$(prun /usr/sbin/btrfs fi usage --raw ${mig_dir} | grep estimated | awk '{print $3}')
++++++ tik.obsinfo ++++++
--- /var/tmp/diff_new_pack.7EHZ9A/_old 2024-08-01 22:04:30.700670246 +0200
+++ /var/tmp/diff_new_pack.7EHZ9A/_new 2024-08-01 22:04:30.700670246 +0200
@@ -1,5 +1,5 @@
name: tik
-version: 1.2
-mtime: 1721824365
-commit: a17b5aa348938da12eeb79a0dbc1f7b257bd0da0
+version: 1.2.3
+mtime: 1722428998
+commit: d013149dc0fe0b7acb3a894f73547a846c237d2a
1
0
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package mame for openSUSE:Factory checked in at 2024-08-01 22:04:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/mame (Old)
and /work/SRC/openSUSE:Factory/.mame.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mame"
Thu Aug 1 22:04:05 2024 rev:18 rq:1190626 version:0.268
Changes:
--------
--- /work/SRC/openSUSE:Factory/mame/mame.changes 2024-07-01 11:21:54.222412109 +0200
+++ /work/SRC/openSUSE:Factory/.mame.new.7232/mame.changes 2024-08-01 22:04:26.340490415 +0200
@@ -1,0 +2,6 @@
+Wed Jul 31 08:11:50 UTC 2024 - Илья Индиго <ilya(a)ilya.top>
+
+- Updated to 0.268
+ * /usr/share/doc/packages/mame/whatsnew-0.268.txt
+
+-------------------------------------------------------------------
Old:
----
mame-mame0267.tar.gz
whatsnew_0267.txt
New:
----
mame-mame0268.tar.gz
whatsnew_0268.txt
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ mame.spec ++++++
--- /var/tmp/diff_new_pack.TUHVCG/_old 2024-08-01 22:04:28.496579341 +0200
+++ /var/tmp/diff_new_pack.TUHVCG/_new 2024-08-01 22:04:28.500579506 +0200
@@ -16,7 +16,7 @@
#
-%define ver 267
+%define ver 268
Name: mame
Version: 0.%{ver}
Release: 0
++++++ mame-mame0267.tar.gz -> mame-mame0268.tar.gz ++++++
/work/SRC/openSUSE:Factory/mame/mame-mame0267.tar.gz /work/SRC/openSUSE:Factory/.mame.new.7232/mame-mame0268.tar.gz differ: char 31, line 1
++++++ whatsnew_0267.txt -> whatsnew_0268.txt ++++++
++++ 2277 lines (skipped)
++++ between /work/SRC/openSUSE:Factory/mame/whatsnew_0267.txt
++++ and /work/SRC/openSUSE:Factory/.mame.new.7232/whatsnew_0268.txt
1
0