diff --git a/srcpkgs/python-dnspython/INSTALL.msg b/srcpkgs/python-dnspython/INSTALL.msg index 06fe4151e08..cee7c25b931 100644 --- a/srcpkgs/python-dnspython/INSTALL.msg +++ b/srcpkgs/python-dnspython/INSTALL.msg @@ -1 +1,2 @@ In order to perform DNSSEC validation install python-pycryptodome. +To do elliptic curves install also python-ecdsa. diff --git a/srcpkgs/python-dnspython/patches/gh-345.patch b/srcpkgs/python-dnspython/patches/gh-345.patch new file mode 100644 index 00000000000..272c9a7ca5d --- /dev/null +++ b/srcpkgs/python-dnspython/patches/gh-345.patch @@ -0,0 +1,166 @@ +Backport of https://github.com/rthalley/dnspython/pull/345. + +--- dns/dnssec.py.orig 2018-12-01 07:25:26.000000000 +0100 ++++ dns/dnssec.py 2018-12-29 19:49:57.505384082 +0100 +@@ -18,6 +18,7 @@ + """Common DNSSEC-related functions and constants.""" + + from io import BytesIO ++import hashlib + import struct + import time + +@@ -39,6 +40,57 @@ + """The DNSSEC signature is invalid.""" + + ++class Hash: ++ """ ++ Compatibilty Hash method ++ Has the same inteface as the stdlib hashlib.hash, with the added `oid` ++ attribute used by the crypto module ++ """ ++ _oid_map = { ++ 'MD5': '1.2.840.113549.2.5', ++ 'SHA1': '1.3.14.3.2.26', ++ 'SHA256': '2.16.840.1.101.3.4.2.1', ++ 'SHA384': '2.16.840.1.101.3.4.2.2', ++ 'SHA512': '2.16.840.1.101.3.4.2.3', ++ } ++ ++ def __init__(self): ++ self._hash = None ++ ++ @classmethod ++ def new(cls, name, data=b''): ++ self = cls() ++ self._hash = hashlib.new(name, data) ++ ++ return self ++ ++ def update(self, data): ++ self._hash.update(data) ++ ++ def digest(self): ++ return self._hash.digest() ++ ++ def hexdigest(self): ++ return self._hash.hexdigest() ++ ++ def copy(self): ++ copy = Hash() ++ copy._hash = self._hash.copy() ++ ++ return copy ++ ++ @property ++ def name(self): ++ return self._hash.name ++ ++ @property ++ def oid(self): ++ try: ++ return self._oid_map[self.name] ++ except KeyError: ++ raise RuntimeError('OID for algorithm %s is unknown' % self.name) ++ ++ + #: RSAMD5 + RSAMD5 = 1 + #: DH +@@ -165,10 +217,10 @@ + + if algorithm.upper() == 'SHA1': + dsalg = 1 +- hash = SHA1.new() ++ hash = Hash.new('SHA1') + elif algorithm.upper() == 'SHA256': + dsalg = 2 +- hash = SHA256.new() ++ hash = Hash.new('SHA256') + else: + raise UnsupportedAlgorithm('unsupported algorithm "%s"' % algorithm) + +@@ -240,15 +292,15 @@ + + def _make_hash(algorithm): + if _is_md5(algorithm): +- return MD5.new() ++ return Hash.new('MD5') + if _is_sha1(algorithm): +- return SHA1.new() ++ return Hash.new('SHA1') + if _is_sha256(algorithm): +- return SHA256.new() ++ return Hash.new('sha256') + if _is_sha384(algorithm): +- return SHA384.new() ++ return Hash.new('sha384') + if _is_sha512(algorithm): +- return SHA512.new() ++ return Hash.new('sha512') + raise ValidationFailure('unknown hash for algorithm %u' % algorithm) + + +@@ -479,12 +531,10 @@ + try: + try: + # test we're using pycryptodome, not pycrypto (which misses SHA1 for example) +- from Crypto.Hash import MD5, SHA1, SHA256, SHA384, SHA512 + from Crypto.PublicKey import RSA as CryptoRSA, DSA as CryptoDSA + from Crypto.Signature import pkcs1_15, DSS + from Crypto.Util import number + except ImportError: +- from Cryptodome.Hash import MD5, SHA1, SHA256, SHA384, SHA512 + from Cryptodome.PublicKey import RSA as CryptoRSA, DSA as CryptoDSA + from Cryptodome.Signature import pkcs1_15, DSS + from Cryptodome.Util import number +--- tests/test_dnssec.py.orig 2018-12-01 07:25:26.000000000 +0100 ++++ tests/test_dnssec.py 2018-12-29 19:51:46.799389525 +0100 +@@ -177,10 +177,6 @@ + abs_dnspython_org, when) + self.failUnlessRaises(dns.dnssec.ValidationFailure, bad) + +- def testMakeSHA256DS(self): # type: () -> None +- ds = dns.dnssec.make_ds(abs_dnspython_org, sep_key, 'SHA256') +- self.failUnless(ds == good_ds) +- + def testAbsoluteDSAGood(self): # type: () -> None + dns.dnssec.validate(abs_dsa_soa, abs_dsa_soa_rrsig, abs_dsa_keys, None, + when2) +@@ -191,14 +187,6 @@ + abs_dsa_keys, None, when2) + self.failUnlessRaises(dns.dnssec.ValidationFailure, bad) + +- def testMakeExampleSHA1DS(self): # type: () -> None +- ds = dns.dnssec.make_ds(abs_example, example_sep_key, 'SHA1') +- self.failUnless(ds == example_ds_sha1) +- +- def testMakeExampleSHA256DS(self): # type: () -> None +- ds = dns.dnssec.make_ds(abs_example, example_sep_key, 'SHA256') +- self.failUnless(ds == example_ds_sha256) +- + @unittest.skipUnless(dns.dnssec._have_ecdsa, + "python ECDSA cannot be imported") + def testAbsoluteECDSA256Good(self): # type: () -> None +@@ -228,5 +216,20 @@ + self.failUnlessRaises(dns.dnssec.ValidationFailure, bad) + + ++class DNSSECMakeDSTestCase(unittest.TestCase): ++ ++ def testMakeSHA256DS(self): # type: () -> None ++ ds = dns.dnssec.make_ds(abs_dnspython_org, sep_key, 'SHA256') ++ self.failUnless(ds == good_ds) ++ ++ def testMakeExampleSHA1DS(self): # type: () -> None ++ ds = dns.dnssec.make_ds(abs_example, example_sep_key, 'SHA1') ++ self.failUnless(ds == example_ds_sha1) ++ ++ def testMakeExampleSHA256DS(self): # type: () -> None ++ ds = dns.dnssec.make_ds(abs_example, example_sep_key, 'SHA256') ++ self.failUnless(ds == example_ds_sha256) ++ ++ + if __name__ == '__main__': + unittest.main() diff --git a/srcpkgs/python-dnspython/patches/pycryptodome.patch b/srcpkgs/python-dnspython/patches/pycryptodome.patch deleted file mode 100644 index c4b905483ff..00000000000 --- a/srcpkgs/python-dnspython/patches/pycryptodome.patch +++ /dev/null @@ -1,423 +0,0 @@ -Backport of https://github.com/rthalley/dnspython/pull/290. - ---- dns/__init__.py -+++ dns/__init__.py -@@ -22,7 +22,6 @@ __all__ = [ - 'entropy', - 'exception', - 'flags', -- 'hash', - 'inet', - 'ipv4', - 'ipv6', ---- dns/dnssec.py -+++ dns/dnssec.py -@@ -20,7 +20,6 @@ import struct - import time - - import dns.exception --import dns.hash - import dns.name - import dns.node - import dns.rdataset -@@ -28,7 +27,8 @@ import dns.rdata - import dns.rdatatype - import dns.rdataclass - from ._compat import string_types -- -+from Crypto.Hash import MD5, SHA1, SHA256, SHA384, SHA512 -+from Crypto.Signature import pkcs1_15, DSS - - class UnsupportedAlgorithm(dns.exception.DNSException): - -@@ -39,34 +39,34 @@ class ValidationFailure(dns.exception.DN - - """The DNSSEC signature is invalid.""" - --RSAMD5 = 1 --DH = 2 --DSA = 3 --ECC = 4 --RSASHA1 = 5 --DSANSEC3SHA1 = 6 --RSASHA1NSEC3SHA1 = 7 --RSASHA256 = 8 --RSASHA512 = 10 --ECDSAP256SHA256 = 13 --ECDSAP384SHA384 = 14 -+ALGO_RSAMD5 = 1 -+ALGO_DH = 2 -+ALGO_DSA = 3 -+ALGO_ECC = 4 -+ALGO_RSASHA1 = 5 -+ALGO_DSANSEC3SHA1 = 6 -+ALGO_RSASHA1NSEC3SHA1 = 7 -+ALGO_RSASHA256 = 8 -+ALGO_RSASHA512 = 10 -+ALGO_ECDSAP256SHA256 = 13 -+ALGO_ECDSAP384SHA384 = 14 - INDIRECT = 252 - PRIVATEDNS = 253 - PRIVATEOID = 254 - - _algorithm_by_text = { -- 'RSAMD5': RSAMD5, -- 'DH': DH, -- 'DSA': DSA, -- 'ECC': ECC, -- 'RSASHA1': RSASHA1, -- 'DSANSEC3SHA1': DSANSEC3SHA1, -- 'RSASHA1NSEC3SHA1': RSASHA1NSEC3SHA1, -- 'RSASHA256': RSASHA256, -- 'RSASHA512': RSASHA512, -+ 'RSAMD5': ALGO_RSAMD5, -+ 'DH': ALGO_DH, -+ 'DSA': ALGO_DSA, -+ 'ECC': ALGO_ECC, -+ 'RSASHA1': ALGO_RSASHA1, -+ 'DSANSEC3SHA1': ALGO_DSANSEC3SHA1, -+ 'RSASHA1NSEC3SHA1': ALGO_RSASHA1NSEC3SHA1, -+ 'RSASHA256': ALGO_RSASHA256, -+ 'RSASHA512': ALGO_RSASHA512, - 'INDIRECT': INDIRECT, -- 'ECDSAP256SHA256': ECDSAP256SHA256, -- 'ECDSAP384SHA384': ECDSAP384SHA384, -+ 'ECDSAP256SHA256': ALGO_ECDSAP256SHA256, -+ 'ECDSAP384SHA384': ALGO_ECDSAP384SHA384, - 'PRIVATEDNS': PRIVATEDNS, - 'PRIVATEOID': PRIVATEOID, - } -@@ -107,7 +107,7 @@ def _to_rdata(record, origin): - def key_id(key, origin=None): - rdata = _to_rdata(key, origin) - rdata = bytearray(rdata) -- if key.algorithm == RSAMD5: -+ if key.algorithm == ALGO_RSAMD5: - return (rdata[-3] << 8) + rdata[-2] - else: - total = 0 -@@ -123,10 +123,10 @@ def key_id(key, origin=None): - def make_ds(name, key, algorithm, origin=None): - if algorithm.upper() == 'SHA1': - dsalg = 1 -- hash = dns.hash.hashes['SHA1']() -+ hash = SHA1.new() - elif algorithm.upper() == 'SHA256': - dsalg = 2 -- hash = dns.hash.hashes['SHA256']() -+ hash = SHA256.new() - else: - raise UnsupportedAlgorithm('unsupported algorithm "%s"' % algorithm) - -@@ -162,51 +162,51 @@ def _find_candidate_keys(keys, rrsig): - - - def _is_rsa(algorithm): -- return algorithm in (RSAMD5, RSASHA1, -- RSASHA1NSEC3SHA1, RSASHA256, -- RSASHA512) -+ return algorithm in (ALGO_RSAMD5, ALGO_RSASHA1, -+ ALGO_RSASHA1NSEC3SHA1, ALGO_RSASHA256, -+ ALGO_RSASHA512) - - - def _is_dsa(algorithm): -- return algorithm in (DSA, DSANSEC3SHA1) -+ return algorithm in (ALGO_DSA, ALGO_DSANSEC3SHA1) - - - def _is_ecdsa(algorithm): -- return _have_ecdsa and (algorithm in (ECDSAP256SHA256, ECDSAP384SHA384)) -+ return _have_ecdsa and (algorithm in (ALGO_ECDSAP256SHA256, ALGO_ECDSAP384SHA384)) - - - def _is_md5(algorithm): -- return algorithm == RSAMD5 -+ return algorithm == ALGO_RSAMD5 - - - def _is_sha1(algorithm): -- return algorithm in (DSA, RSASHA1, -- DSANSEC3SHA1, RSASHA1NSEC3SHA1) -+ return algorithm in (ALGO_DSA, ALGO_RSASHA1, -+ ALGO_DSANSEC3SHA1, ALGO_RSASHA1NSEC3SHA1) - - - def _is_sha256(algorithm): -- return algorithm in (RSASHA256, ECDSAP256SHA256) -+ return algorithm in (ALGO_RSASHA256, ALGO_ECDSAP256SHA256) - - - def _is_sha384(algorithm): -- return algorithm == ECDSAP384SHA384 -+ return algorithm == ALGO_ECDSAP384SHA384 - - - def _is_sha512(algorithm): -- return algorithm == RSASHA512 -+ return algorithm == ALGO_RSASHA512 - - - def _make_hash(algorithm): - if _is_md5(algorithm): -- return dns.hash.hashes['MD5']() -+ return MD5.new() - if _is_sha1(algorithm): -- return dns.hash.hashes['SHA1']() -+ return SHA1.new() - if _is_sha256(algorithm): -- return dns.hash.hashes['SHA256']() -+ return SHA256.new() - if _is_sha384(algorithm): -- return dns.hash.hashes['SHA384']() -+ return SHA384.new() - if _is_sha512(algorithm): -- return dns.hash.hashes['SHA512']() -+ return SHA512.new() - raise ValidationFailure('unknown hash for algorithm %u' % algorithm) - - -@@ -284,11 +284,13 @@ def _validate_rrsig(rrset, rrsig, keys, - keyptr = keyptr[2:] - rsa_e = keyptr[0:bytes_] - rsa_n = keyptr[bytes_:] -- keylen = len(rsa_n) * 8 -- pubkey = Crypto.PublicKey.RSA.construct( -- (Crypto.Util.number.bytes_to_long(rsa_n), -- Crypto.Util.number.bytes_to_long(rsa_e))) -- sig = (Crypto.Util.number.bytes_to_long(rrsig.signature),) -+ try: -+ pubkey = Crypto.PublicKey.RSA.construct( -+ (Crypto.Util.number.bytes_to_long(rsa_n), -+ Crypto.Util.number.bytes_to_long(rsa_e))) -+ except ValueError: -+ raise ValidationFailure('invalid public key') -+ sig = rrsig.signature - elif _is_dsa(rrsig.algorithm): - keyptr = candidate_key.key - (t,) = struct.unpack('!B', keyptr[0:1]) -@@ -306,20 +308,19 @@ def _validate_rrsig(rrset, rrsig, keys, - Crypto.Util.number.bytes_to_long(dsa_g), - Crypto.Util.number.bytes_to_long(dsa_p), - Crypto.Util.number.bytes_to_long(dsa_q))) -- (dsa_r, dsa_s) = struct.unpack('!20s20s', rrsig.signature[1:]) -- sig = (Crypto.Util.number.bytes_to_long(dsa_r), -- Crypto.Util.number.bytes_to_long(dsa_s)) -+ sig = rrsig.signature[1:] - elif _is_ecdsa(rrsig.algorithm): -- if rrsig.algorithm == ECDSAP256SHA256: -+ # use ecdsa for NIST-384p -- not currently supported by pycryptodome -+ -+ keyptr = candidate_key.key -+ -+ if rrsig.algorithm == ALGO_ECDSAP256SHA256: - curve = ecdsa.curves.NIST256p - key_len = 32 -- elif rrsig.algorithm == ECDSAP384SHA384: -+ elif rrsig.algorithm == ALGO_ECDSAP384SHA384: - curve = ecdsa.curves.NIST384p - key_len = 48 -- else: -- # shouldn't happen -- raise ValidationFailure('unknown ECDSA curve') -- keyptr = candidate_key.key -+ - x = Crypto.Util.number.bytes_to_long(keyptr[0:key_len]) - y = Crypto.Util.number.bytes_to_long(keyptr[key_len:key_len * 2]) - assert ecdsa.ecdsa.point_is_valid(curve.generator, x, y) -@@ -331,6 +332,7 @@ def _validate_rrsig(rrset, rrsig, keys, - s = rrsig.signature[key_len:] - sig = ecdsa.ecdsa.Signature(Crypto.Util.number.bytes_to_long(r), - Crypto.Util.number.bytes_to_long(s)) -+ - else: - raise ValidationFailure('unknown algorithm %u' % rrsig.algorithm) - -@@ -352,24 +354,31 @@ def _validate_rrsig(rrset, rrsig, keys, - hash.update(rrlen) - hash.update(rrdata) - -- digest = hash.digest() -- -- if _is_rsa(rrsig.algorithm): -- # PKCS1 algorithm identifier goop -- digest = _make_algorithm_id(rrsig.algorithm) + digest -- padlen = keylen // 8 - len(digest) - 3 -- digest = struct.pack('!%dB' % (2 + padlen + 1), -- *([0, 1] + [0xFF] * padlen + [0])) + digest -- elif _is_dsa(rrsig.algorithm) or _is_ecdsa(rrsig.algorithm): -- pass -- else: -- # Raise here for code clarity; this won't actually ever happen -- # since if the algorithm is really unknown we'd already have -- # raised an exception above -- raise ValidationFailure('unknown algorithm %u' % rrsig.algorithm) -- -- if pubkey.verify(digest, sig): -+ try: -+ if _is_rsa(rrsig.algorithm): -+ verifier = pkcs1_15.new(pubkey) -+ # will raise ValueError if verify fails: -+ verifier.verify(hash, sig) -+ elif _is_dsa(rrsig.algorithm): -+ verifier = DSS.new(pubkey, 'fips-186-3') -+ verifier.verify(hash, sig) -+ elif _is_ecdsa(rrsig.algorithm): -+ digest = hash.digest() -+ if pubkey.verify(digest, sig): -+ return -+ else: -+ raise ValueError -+ else: -+ # Raise here for code clarity; this won't actually ever happen -+ # since if the algorithm is really unknown we'd already have -+ # raised an exception above -+ raise ValidationFailure('unknown algorithm %u' % rrsig.algorithm) -+ # If we got here, we successfully verified so we can return without error - return -+ except ValueError: -+ # this happens on an individual validation failure -+ continue -+ # nothing verified -- raise failure: - raise ValidationFailure('verify failure') - - -@@ -401,10 +410,8 @@ def _validate(rrset, rrsigset, keys, ori - rrname = rrset.name - - if isinstance(rrsigset, tuple): -- rrsigname = rrsigset[0] - rrsigrdataset = rrsigset[1] - else: -- rrsigname = rrsigset.name - rrsigrdataset = rrsigset - - rrname = rrname.choose_relativity(origin) -@@ -422,7 +429,7 @@ def _validate(rrset, rrsigset, keys, ori - - - def _need_pycrypto(*args, **kwargs): -- raise NotImplementedError("DNSSEC validation requires pycrypto") -+ raise NotImplementedError("DNSSEC validation requires pycryptodome") - - try: - import Crypto.PublicKey.RSA ---- dns/hash.py -+++ /dev/null -@@ -1,31 +0,0 @@ --# Copyright (C) 2011 Nominum, Inc. --# --# Permission to use, copy, modify, and distribute this software and its --# documentation for any purpose with or without fee is hereby granted, --# provided that the above copyright notice and this permission notice --# appear in all copies. --# --# THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES --# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF --# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR --# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES --# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN --# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT --# OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -- --"""Hashing backwards compatibility wrapper""" -- --import hashlib -- -- --hashes = {} --hashes['MD5'] = hashlib.md5 --hashes['SHA1'] = hashlib.sha1 --hashes['SHA224'] = hashlib.sha224 --hashes['SHA256'] = hashlib.sha256 --hashes['SHA384'] = hashlib.sha384 --hashes['SHA512'] = hashlib.sha512 -- -- --def get(algorithm): -- return hashes[algorithm.upper()] -Index: dns/tsig.py -=================================================================== ---- dns/tsig.py -+++ dns/tsig.py -@@ -19,9 +19,9 @@ import hmac - import struct - - import dns.exception --import dns.hash - import dns.rdataclass - import dns.name -+import dns.dnssec - from ._compat import long, string_types, text_type - - class BadTime(dns.exception.DNSException): -@@ -211,7 +211,7 @@ def get_algorithm(algorithm): - algorithm = dns.name.from_text(algorithm) - - try: -- return (algorithm.to_digestable(), dns.hash.hashes[_hashes[algorithm]]) -+ return (algorithm.to_digestable(), dns.dnssec._make_hash(algorithm)) - except KeyError: - raise NotImplementedError("TSIG algorithm " + str(algorithm) + - " is not supported") ---- tests/test_dnssec.py -+++ tests/test_dnssec.py -@@ -156,22 +156,22 @@ abs_other_ecdsa384_soa = dns.rrset.from_ - abs_ecdsa384_soa_rrsig = dns.rrset.from_text('example.', 86400, 'IN', 'RRSIG', - "SOA 14 1 86400 20130929021229 20130921230729 63571 example. CrnCu34EeeRz0fEhL9PLlwjpBKGYW8QjBjFQTwd+ViVLRAS8tNkcDwQE NhSV89NEjj7ze1a/JcCfcJ+/mZgnvH4NHLNg3Tf6KuLZsgs2I4kKQXEk 37oIHravPEOlGYNI") - --@unittest.skipUnless(import_ok, "skipping DNSSEC tests because pycrypto is not" -+@unittest.skipUnless(import_ok, "skipping DNSSEC tests because pycryptodome is not" - " installed") - class DNSSECValidatorTestCase(unittest.TestCase): - - @unittest.skipUnless(dns.dnssec._have_pycrypto, -- "PyCrypto cannot be imported") -+ "Pycryptodome cannot be imported") - def testAbsoluteRSAGood(self): - dns.dnssec.validate(abs_soa, abs_soa_rrsig, abs_keys, None, when) - - @unittest.skipUnless(dns.dnssec._have_pycrypto, -- "PyCrypto cannot be imported") -+ "Pycryptodome cannot be imported") - def testDuplicateKeytag(self): - dns.dnssec.validate(abs_soa, abs_soa_rrsig, abs_keys_duplicate_keytag, None, when) - - @unittest.skipUnless(dns.dnssec._have_pycrypto, -- "PyCrypto cannot be imported") -+ "Pycryptodome cannot be imported") - def testAbsoluteRSABad(self): - def bad(): - dns.dnssec.validate(abs_other_soa, abs_soa_rrsig, abs_keys, None, -@@ -179,13 +179,13 @@ class DNSSECValidatorTestCase(unittest.T - self.failUnlessRaises(dns.dnssec.ValidationFailure, bad) - - @unittest.skipUnless(dns.dnssec._have_pycrypto, -- "PyCrypto cannot be imported") -+ "Pycryptodome cannot be imported") - def testRelativeRSAGood(self): - dns.dnssec.validate(rel_soa, rel_soa_rrsig, rel_keys, - abs_dnspython_org, when) - - @unittest.skipUnless(dns.dnssec._have_pycrypto, -- "PyCrypto cannot be imported") -+ "Pycryptodome cannot be imported") - def testRelativeRSABad(self): - def bad(): - dns.dnssec.validate(rel_other_soa, rel_soa_rrsig, rel_keys, -@@ -197,13 +197,13 @@ class DNSSECValidatorTestCase(unittest.T - self.failUnless(ds == good_ds) - - @unittest.skipUnless(dns.dnssec._have_pycrypto, -- "PyCrypto cannot be imported") -+ "Pycryptodome cannot be imported") - def testAbsoluteDSAGood(self): - dns.dnssec.validate(abs_dsa_soa, abs_dsa_soa_rrsig, abs_dsa_keys, None, - when2) - - @unittest.skipUnless(dns.dnssec._have_pycrypto, -- "PyCrypto cannot be imported") -+ "Pycryptodome cannot be imported") - def testAbsoluteDSABad(self): - def bad(): - dns.dnssec.validate(abs_other_dsa_soa, abs_dsa_soa_rrsig, diff --git a/srcpkgs/python-dnspython/python3-dnspython.INSTALL.msg b/srcpkgs/python-dnspython/python3-dnspython.INSTALL.msg index bfebe283394..1af511dc841 100644 --- a/srcpkgs/python-dnspython/python3-dnspython.INSTALL.msg +++ b/srcpkgs/python-dnspython/python3-dnspython.INSTALL.msg @@ -1 +1,2 @@ In order to perform DNSSEC validation install python3-pycryptodome. +To do elliptic curves install also python3-ecdsa. diff --git a/srcpkgs/python-dnspython/template b/srcpkgs/python-dnspython/template index 424413dc731..b5f5e68e370 100644 --- a/srcpkgs/python-dnspython/template +++ b/srcpkgs/python-dnspython/template @@ -1,19 +1,19 @@ # Template file for 'python-dnspython' pkgname=python-dnspython -version=1.15.0 -revision=5 +version=1.16.0 +revision=1 noarch=yes wrksrc="dnspython-${version}" build_style=python-module pycompile_module="dns" hostmakedepends="python-setuptools python3-setuptools unzip" depends="python" -short_desc="A DNS toolkit for Python2" +short_desc="DNS toolkit for Python2" maintainer="Alessio Sergi " license="ISC" homepage="http://www.dnspython.org/" distfiles="${PYPI_SITE}/d/dnspython/dnspython-${version}.zip" -checksum=40f563e1f7a7b80dc5a4e76ad75c23da53d62f1e15e6e517293b04e1f84ead7c +checksum=36c5e8e38d4369a08b6780b7f27d790a292b2b08eea01607865bf0936c558e01 post_install() { vlicense LICENSE