Bump dnspython from 2.6.1 to 2.7.0 (#2440)

* Bump dnspython from 2.6.1 to 2.7.0 Bumps [dnspython](https://github.com/rthalley/dnspython) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/rthalley/dnspython/releases) - [Changelog](https://github.com/rthalley/dnspython/blob/main/doc/whatsnew.rst) - [Commits](https://github.com/rthalley/dnspython/compare/v2.6.1...v2.7.0) --- updated-dependencies: - dependency-name: dnspython dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Update dnspython==2.7.0 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: JonnyWong16 <9099342+JonnyWong16@users.noreply.github.com> [skip ci]
2025-08-20 05:13:21 -07:00 · 2024-11-19 10:00:50 -08:00 · 2024-11-19 10:00:50 -08:00 · feca713b76
commit feca713b76
parent 0836fb902c
56 changed files with 1382 additions and 665 deletions
--- a/lib/dns/dnssecalgs/init.py
+++ b/lib/dns/dnssecalgs/init.py
@ -26,6 +26,7 @@ AlgorithmPrefix = Optional[Union[bytes, dns.name.Name]]

 algorithms: Dict[Tuple[Algorithm, AlgorithmPrefix], Type[GenericPrivateKey]] = {}
 if _have_cryptography:
+    # pylint: disable=possibly-used-before-assignment
    algorithms.update(
        {
            (Algorithm.RSAMD5, None): PrivateRSAMD5,
@ -59,7 +60,7 @@ def get_algorithm_cls(
    if cls:
        return cls
    raise UnsupportedAlgorithm(
-        'algorithm "%s" not supported by dnspython' % Algorithm.to_text(algorithm)
+        f'algorithm "{Algorithm.to_text(algorithm)}" not supported by dnspython'
    )


--- a/lib/dns/dnssecalgs/base.py
+++ b/lib/dns/dnssecalgs/base.py
@ -65,7 +65,12 @@ class GenericPrivateKey(ABC):
        pass

    @abstractmethod
-    def sign(self, data: bytes, verify: bool = False) -> bytes:
+    def sign(
+        self,
+        data: bytes,
+        verify: bool = False,
+        deterministic: bool = True,
+    ) -> bytes:
        """Sign DNSSEC data"""

    @abstractmethod
--- a/lib/dns/dnssecalgs/dsa.py
+++ b/lib/dns/dnssecalgs/dsa.py
@ -68,7 +68,12 @@ class PrivateDSA(CryptographyPrivateKey):
    key_cls = dsa.DSAPrivateKey
    public_cls = PublicDSA

-    def sign(self, data: bytes, verify: bool = False) -> bytes:
+    def sign(
+        self,
+        data: bytes,
+        verify: bool = False,
+        deterministic: bool = True,
+    ) -> bytes:
        """Sign using a private key per RFC 2536, section 3."""
        public_dsa_key = self.key.public_key()
        if public_dsa_key.key_size > 1024:
--- a/lib/dns/dnssecalgs/ecdsa.py
+++ b/lib/dns/dnssecalgs/ecdsa.py
@ -47,9 +47,17 @@ class PrivateECDSA(CryptographyPrivateKey):
    key_cls = ec.EllipticCurvePrivateKey
    public_cls = PublicECDSA

-    def sign(self, data: bytes, verify: bool = False) -> bytes:
+    def sign(
+        self,
+        data: bytes,
+        verify: bool = False,
+        deterministic: bool = True,
+    ) -> bytes:
        """Sign using a private key per RFC 6605, section 4."""
-        der_signature = self.key.sign(data, ec.ECDSA(self.public_cls.chosen_hash))
+        algorithm = ec.ECDSA(
+            self.public_cls.chosen_hash, deterministic_signing=deterministic
+        )
+        der_signature = self.key.sign(data, algorithm)
        dsa_r, dsa_s = utils.decode_dss_signature(der_signature)
        signature = int.to_bytes(
            dsa_r, length=self.public_cls.octets, byteorder="big"
--- a/lib/dns/dnssecalgs/eddsa.py
+++ b/lib/dns/dnssecalgs/eddsa.py
@ -29,7 +29,12 @@ class PublicEDDSA(CryptographyPublicKey):
 class PrivateEDDSA(CryptographyPrivateKey):
    public_cls: Type[PublicEDDSA]

-    def sign(self, data: bytes, verify: bool = False) -> bytes:
+    def sign(
+        self,
+        data: bytes,
+        verify: bool = False,
+        deterministic: bool = True,
+    ) -> bytes:
        """Sign using a private key per RFC 8080, section 4."""
        signature = self.key.sign(data)
        if verify:
--- a/lib/dns/dnssecalgs/rsa.py
+++ b/lib/dns/dnssecalgs/rsa.py
@ -56,7 +56,12 @@ class PrivateRSA(CryptographyPrivateKey):
    public_cls = PublicRSA
    default_public_exponent = 65537

-    def sign(self, data: bytes, verify: bool = False) -> bytes:
+    def sign(
+        self,
+        data: bytes,
+        verify: bool = False,
+        deterministic: bool = True,
+    ) -> bytes:
        """Sign using a private key per RFC 3110, section 3."""
        signature = self.key.sign(data, padding.PKCS1v15(), self.public_cls.chosen_hash)
        if verify: