openSUSE Recommended Update: Recommended update for Certbot Python modules ______________________________________________________________________________ Announcement ID: openSUSE-RU-2019:0172-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for various CertBot modules fixes the following issues: python-acme was updated to 0.30.2: * Remove josepy helpers that are no longer needed * WIP External Account Binding (#6059) * Implement POST-as-GET requests (#6522) * ignore erroneously no-member lint error * Revert acme/acme/client.py * Bump version to 0.29.0 * remove unused six imports * Remove module-level ignore::ResourceWarnings * bring requests back down to 2.4.1 in setup and oldest constraints * Requests no longer vendorizes urllib3 * Use a newer version of requests because of the upcoming Callable import Deprecation in Python 3.8 that warns in Python 3.7 * Cover is run on 2.7, so mark 3-only lines as no cover * Ignore ResourceWarnings in various modules in a 2-compatible way. * ignore ResourceWarnings in acme tests * s/assertEquals/assertEqual * Use the ACMEv2 newNonce endpoint when a new nonce is needed, and newNonce is available in the directory. * Warn when using deprecated acme.challenges.TLSSNI01 * acme client now raises an error when you try to create an ACME account with a key that has already been used * you can now call query_registration without having to first call new_account python-certbot was updated to 0.30.2: * Update the version of setuptools pinned in certbot-auto to 40.6.3 to solve installation problems on newer OSes. * Always download the pinned version of pip in pipstrap to address breakages * Rename old,default.conf to old-and-default.conf to address commas in filenames breaking recent versions of pip. * Add VIRTUALENV_NO_DOWNLOAD=1 to all calls to virtualenv to address breakages from venv downloading the latest pip * Added the `update_account` subcommand for account management commands. * The default work and log directories have been changed back to /var/lib/letsencrypt and /var/log/letsencrypt respectively. * Noninteractive renewals with `certbot renew` (those not started from a terminal) now randomly sleep 1-480 seconds before beginning work in order to spread out load spikes on the server side. * Added External Account Binding support in cli and acme library. Command line arguments --eab-kid and --eab-hmac-key added. * Private key permissioning changes: Renewal preserves existing group mode & gid of previous private key material. Private keys for new lineages (i.e. new certs, not renewed) default to 0o600. * Update code and dependencies to clean up Resource and Deprecation Warnings. * Only depend on imgconverter extension for Sphinx >= 1.6 * revoke accepts --cert-name, and doesn't accept both --cert-name and --cert-path * Do not conflict with Certbot as now we provide/obsolete it * Provide and obsolete certbot main package too to ensure we can migrate to the new split setup directly * Conflict with certbot package to allow easy migration * the documentation can be built using Sphinx 1.6+ python-certbot-apache was updated to 0.30.2: * Various small fixes * Stop preferring TLS-SNI. * The grammar used by Augeas parser in Apache plugin was updated to fix various parsing errors. * parameter name in OpenSUSE overrides for default parameters * several other fixes python-certbot-dns-cloudflare was updated to 0.30.2. python-certbot-dns-cloudxns was updated to 0.30.2: * Lockstep with main certbot package * The CloudXNS plugin is now compatible with Lexicon 3.0+. * Add runtime requirements. python-certbot-dns-digitalocean was updated to 0.30.2: * lockstep with main certbot pkg python-certbot-dns-dnsimple was updated to 0.30.2: * lockstep with main certbot package * The DNSimple plugin is now compatible with Lexicon 3.0+. python-certbot-dns-dnsmadeeasy was updated to 0.30.2: * The DNS Made Easy plugin is now compatible with Lexicon 3.0+. python-certbot-dns-google was updated to 0.30.2: * Minor logging fixes python-certbot-dns-luadns was updated to 0.30.2: * The LuaDNS plugin is now compatible with Lexicon 3.0+. python-certbot-dns-nsone was updated to 0.30.2: * The NS1 plugin is now compatible with Lexicon 3.0+. python-certbot-dns-rfc2136 was updated to 0.30.2. python-certbot-dns-route53 was updated to 0.30.2: * Test fix for Route53 plugin to prevent boto3 making outgoing connections. python-cloudflare: * Add the package cloudflare needed by python-certbot subpackage python-digitalocean: * Added python-digitalocean version 1.13.2 needed by python-certbot-dns-digitalocean python-certbot-nginx was updated to version 0.30.2: * Stop preferring TLS-SNI. * Match Nginx parser update in allowing variable names to start with ${. * Fix ranking of vhosts in Nginx so that all port-matching vhosts come first. python-jsonlines was added as version 1.2.0. python-jsonpickle was added as version 0.9.6. This update was imported from the openSUSE:Leap:15.0:Update update project. Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-172=1 Package List: - openSUSE Backports SLE-15 (noarch): python2-acme-0.30.2-bp150.2.3.1 python3-acme-0.30.2-bp150.2.3.1 References: