SLFO-pool/python-Twisted
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main python-Twisted revision 432a9f54ab8258f1914f11947a9a6f03

Browse Source
This commit is contained in:
Adrian Schröter 2024-12-13 11:04:54 +01:00
parent 85bf7cb3e7
commit 0356f476e0
9 changed files with 184 additions and 390 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
12313-fix-test_manhole.patch Normal file
View File

@ -0,0 +1,60 @@
From 185ff4b3f2e402e6a3c450d826223c79b53af333 Mon Sep 17 00:00:00 2001
From: Itamar Turner-Trauring <itamar@pythonspeed.com>
Date: Tue, 10 Sep 2024 14:04:21 -0400
Subject: [PATCH 1/3] Fix (or workaround?) bug that happens in 3.13 where last
frame of traceback is omitted.
---
src/twisted/conch/manhole.py | 6 +++++-
src/twisted/conch/newsfragments/12313.misc | 0
2 files changed, 5 insertions(+), 1 deletion(-)
create mode 100644 src/twisted/conch/newsfragments/12313.misc
diff --git a/src/twisted/conch/manhole.py b/src/twisted/conch/manhole.py
index f552af5bbdc..1fce66a8cd4 100644
--- a/src/twisted/conch/manhole.py
+++ b/src/twisted/conch/manhole.py
@@ -124,7 +124,11 @@ def excepthook(
"""
Format exception tracebacks and write them to the output handler.
"""
- lines = format_exception(excType, excValue, excTraceback.tb_next)
+ if sys.version_info[:2] < (3, 13):
+ traceback = excTraceback.tb_next
+ else:
+ traceback = excTraceback
+ lines = format_exception(excType, excValue, traceback)
self.write("".join(lines))
def displayhook(self, obj):
diff --git a/src/twisted/conch/newsfragments/12313.misc b/src/twisted/conch/newsfragments/12313.misc
new file mode 100644
index 00000000000..e69de29bb2d
From 2a73df859a8f9f61bc9de535eb39878ab10200e6 Mon Sep 17 00:00:00 2001
From: Itamar Turner-Trauring <itamar@pythonspeed.com>
Date: Mon, 16 Sep 2024 10:51:39 -0400
Subject: [PATCH 3/3] Check based on symptoms, rather than version.
---
src/twisted/conch/manhole.py | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/twisted/conch/manhole.py b/src/twisted/conch/manhole.py
index 1fce66a8cd4..670ac0480ec 100644
--- a/src/twisted/conch/manhole.py
+++ b/src/twisted/conch/manhole.py
@@ -124,9 +124,12 @@ def excepthook(
"""
Format exception tracebacks and write them to the output handler.
"""
- if sys.version_info[:2] < (3, 13):
+ code_obj = excTraceback.tb_frame.f_code
+ if code_obj.co_filename == code.__file__ and code_obj.co_name == "runcode":
traceback = excTraceback.tb_next
else:
+ # Workaround for https://github.com/python/cpython/issues/122478,
+ # present e.g. in Python 3.12.6:
traceback = excTraceback
lines = format_exception(excType, excValue, traceback)
self.write("".join(lines))

63
1521_delegate_parseqs_stdlib_bpo42967.patch
View File

@ -1,20 +1,19 @@
From df79d69adea5c819bb104861dccf1bbe25851644 Mon Sep 17 00:00:00 2001
From 7130df7ee21ebd93d7e15e7c4ef752b759f8e1c3 Mon Sep 17 00:00:00 2001
From: Thomas Grainger <tagrain@gmail.com>
Date: Sun, 21 Feb 2021 11:54:25 +0000
Subject: [PATCH 1/2] delegate to stdlib parse qs
Subject: [PATCH] delegate to stdlib parse qs
---
src/twisted/web/http.py | 26 +-------------------------
src/twisted/web/newsfragments/10096.bugfix | 1 +
src/twisted/web/server.py | 5 ++---
3 files changed, 4 insertions(+), 28 deletions(-)
src/twisted/web/http.py | 29 +---------------------
src/twisted/web/newsfragments/10096.bugfix | 1 +
2 files changed, 2 insertions(+), 28 deletions(-)
create mode 100644 src/twisted/web/newsfragments/10096.bugfix
Index: twisted-24.3.0/src/twisted/web/http.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/http.py
+++ twisted-24.3.0/src/twisted/web/http.py
@@ -115,6 +115,7 @@ from urllib.parse import (
diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py
index 18710f51dc..f0fea06b5d 100644
--- a/src/twisted/web/http.py
+++ b/src/twisted/web/http.py
@@ -125,6 +125,7 @@ from urllib.parse import (
ParseResultBytes,
unquote_to_bytes as unquote,
urlparse as _urlparse,
@ -22,7 +21,7 @@ Index: twisted-24.3.0/src/twisted/web/http.py
)
from zope.interface import Attribute, Interface, implementer, provider
@@ -288,34 +289,6 @@ def urlparse(url):
@@ -363,34 +364,6 @@ def urlparse(url):
return ParseResultBytes(scheme, netloc, path, params, query, fragment)
@ -57,39 +56,13 @@ Index: twisted-24.3.0/src/twisted/web/http.py
def datetimeToString(msSinceEpoch=None):
"""
Convert seconds since epoch to HTTP datetime string.
Index: twisted-24.3.0/src/twisted/web/newsfragments/10096.bugfix
===================================================================
diff --git a/src/twisted/web/newsfragments/10096.bugfix b/src/twisted/web/newsfragments/10096.bugfix
new file mode 100644
index 0000000000..8f5b4759cb
--- /dev/null
+++ twisted-24.3.0/src/twisted/web/newsfragments/10096.bugfix
+++ b/src/twisted/web/newsfragments/10096.bugfix
@@ -0,0 +1 @@
+delegate to urllib.parse:parse_qs in twisted.web.http:parse_qs to avoid CVE-2021-23336 and the associated CI failures
Index: twisted-24.3.0/src/twisted/web/server.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/server.py
+++ twisted-24.3.0/src/twisted/web/server.py
@@ -21,7 +21,7 @@ import zlib
from binascii import hexlify
from html import escape
from typing import List, Optional
-from urllib.parse import quote as _quote
+from urllib.parse import quote as _quote, unquote_to_bytes as _unquote_to_bytes
from zope.interface import implementer
@@ -37,7 +37,6 @@ from twisted.python.deprecate import dep
from twisted.spread.pb import Copyable, ViewPoint
from twisted.web import http, iweb, resource, util
from twisted.web.error import UnsupportedMethod
-from twisted.web.http import unquote
NOT_DONE_YET = 1
@@ -210,7 +209,7 @@ class Request(Copyable, http.Request, co
# Resource Identification
self.prepath = []
- self.postpath = list(map(unquote, self.path[1:].split(b"/")))
+ self.postpath = [_unquote_to_bytes(v) for v in self.path[1:].split(b"/")]
# Short-circuit for requests whose path is '*'.
if self.path == b"*":
--
2.46.0

242
CVE-2024-41671.patch
View File

@ -1,242 +0,0 @@
Index: twisted-24.3.0/src/twisted/web/http.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/http.py
+++ twisted-24.3.0/src/twisted/web/http.py
@@ -1973,16 +1973,21 @@ class _ChunkedTransferDecoder:
@returns: C{False}, as there is either insufficient data to continue,
or no data remains.
"""
- if (
- self._receivedTrailerHeadersSize + len(self._buffer)
- > self._maxTrailerHeadersSize
- ):
- raise _MalformedChunkedDataError("Trailer headers data is too long.")
-
eolIndex = self._buffer.find(b"\r\n", self._start)
if eolIndex == -1:
# Still no end of network line marker found.
+ #
+ # Check if we've run up against the trailer size limit: if the next
+ # read contains the terminating CRLF then we'll have this many bytes
+ # of trailers (including the CRLFs).
+ minTrailerSize = (
+ self._receivedTrailerHeadersSize
+ + len(self._buffer)
+ + (1 if self._buffer.endswith(b"\r") else 2)
+ )
+ if minTrailerSize > self._maxTrailerHeadersSize:
+ raise _MalformedChunkedDataError("Trailer headers data is too long.")
# Continue processing more data.
return False
@@ -1992,6 +1997,8 @@ class _ChunkedTransferDecoder:
del self._buffer[0 : eolIndex + 2]
self._start = 0
self._receivedTrailerHeadersSize += eolIndex + 2
+ if self._receivedTrailerHeadersSize > self._maxTrailerHeadersSize:
+ raise _MalformedChunkedDataError("Trailer headers data is too long.")
return True
# eolIndex in this part of code is equal to 0
@@ -2315,8 +2322,8 @@ class HTTPChannel(basic.LineReceiver, po
self.__header = line
def _finishRequestBody(self, data):
- self.allContentReceived()
self._dataBuffer.append(data)
+ self.allContentReceived()
def _maybeChooseTransferDecoder(self, header, data):
"""
Index: twisted-24.3.0/src/twisted/web/newsfragments/12248.bugfix
===================================================================
--- /dev/null
+++ twisted-24.3.0/src/twisted/web/newsfragments/12248.bugfix
@@ -0,0 +1 @@
+The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7)
Index: twisted-24.3.0/src/twisted/web/test/test_http.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/test/test_http.py
+++ twisted-24.3.0/src/twisted/web/test/test_http.py
@@ -135,7 +135,7 @@ class DummyHTTPHandler(http.Request):
data = self.content.read()
length = self.getHeader(b"content-length")
if length is None:
- length = networkString(str(length))
+ length = str(length).encode()
request = b"'''\n" + length + b"\n" + data + b"'''\n"
self.setResponseCode(200)
self.setHeader(b"Request", self.uri)
@@ -563,17 +563,23 @@ class HTTP0_9Tests(HTTP1_0Tests):
class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
"""
- Tests that multiple pipelined requests with bodies are correctly buffered.
+ Pipelined requests get buffered and executed in the order received,
+ not processed in parallel.
"""
requests = (
b"POST / HTTP/1.1\r\n"
b"Content-Length: 10\r\n"
b"\r\n"
- b"0123456789POST / HTTP/1.1\r\n"
- b"Content-Length: 10\r\n"
- b"\r\n"
b"0123456789"
+ # Chunk encoded request.
+ b"POST / HTTP/1.1\r\n"
+ b"Transfer-Encoding: chunked\r\n"
+ b"\r\n"
+ b"a\r\n"
+ b"0123456789\r\n"
+ b"0\r\n"
+ b"\r\n"
)
expectedResponses = [
@@ -590,14 +596,16 @@ class PipeliningBodyTests(unittest.TestC
b"Request: /",
b"Command: POST",
b"Version: HTTP/1.1",
- b"Content-Length: 21",
- b"'''\n10\n0123456789'''\n",
+ b"Content-Length: 23",
+ b"'''\nNone\n0123456789'''\n",
),
]
- def test_noPipelining(self):
+ def test_stepwiseTinyTube(self):
"""
- Test that pipelined requests get buffered, not processed in parallel.
+ Imitate a slow connection that delivers one byte at a time.
+ The request handler (L{DelayedHTTPHandler}) is puppeted to
+ step through the handling of each request.
"""
b = StringTransport()
a = http.HTTPChannel()
@@ -606,10 +614,9 @@ class PipeliningBodyTests(unittest.TestC
# one byte at a time, to stress it.
for byte in iterbytes(self.requests):
a.dataReceived(byte)
- value = b.value()
# So far only one request should have been dispatched.
- self.assertEqual(value, b"")
+ self.assertEqual(b.value(), b"")
self.assertEqual(1, len(a.requests))
# Now, process each request one at a time.
@@ -618,8 +625,95 @@ class PipeliningBodyTests(unittest.TestC
request = a.requests[0].original
request.delayedProcess()
- value = b.value()
- self.assertResponseEquals(value, self.expectedResponses)
+ self.assertResponseEquals(b.value(), self.expectedResponses)
+
+ def test_stepwiseDumpTruck(self):
+ """
+ Imitate a fast connection where several pipelined
+ requests arrive in a single read. The request handler
+ (L{DelayedHTTPHandler}) is puppeted to step through the
+ handling of each request.
+ """
+ b = StringTransport()
+ a = http.HTTPChannel()
+ a.requestFactory = DelayedHTTPHandlerProxy
+ a.makeConnection(b)
+
+ a.dataReceived(self.requests)
+
+ # So far only one request should have been dispatched.
+ self.assertEqual(b.value(), b"")
+ self.assertEqual(1, len(a.requests))
+
+ # Now, process each request one at a time.
+ while a.requests:
+ self.assertEqual(1, len(a.requests))
+ request = a.requests[0].original
+ request.delayedProcess()
+
+ self.assertResponseEquals(b.value(), self.expectedResponses)
+
+ def test_immediateTinyTube(self):
+ """
+ Imitate a slow connection that delivers one byte at a time.
+
+ (L{DummyHTTPHandler}) immediately responds, but no more
+ than one
+ """
+ b = StringTransport()
+ a = http.HTTPChannel()
+ a.requestFactory = DummyHTTPHandlerProxy # "sync"
+ a.makeConnection(b)
+
+ # one byte at a time, to stress it.
+ for byte in iterbytes(self.requests):
+ a.dataReceived(byte)
+ # There is never more than one request dispatched at a time:
+ self.assertLessEqual(len(a.requests), 1)
+
+ self.assertResponseEquals(b.value(), self.expectedResponses)
+
+ def test_immediateDumpTruck(self):
+ """
+ Imitate a fast connection where several pipelined
+ requests arrive in a single read. The request handler
+ (L{DummyHTTPHandler}) immediately responds.
+
+ This doesn't check the at-most-one pending request
+ invariant but exercises otherwise uncovered code paths.
+ See GHSA-c8m8-j448-xjx7.
+ """
+ b = StringTransport()
+ a = http.HTTPChannel()
+ a.requestFactory = DummyHTTPHandlerProxy
+ a.makeConnection(b)
+
+ # All bytes at once to ensure there's stuff to buffer.
+ a.dataReceived(self.requests)
+
+ self.assertResponseEquals(b.value(), self.expectedResponses)
+
+ def test_immediateABiggerTruck(self):
+ """
+ Imitate a fast connection where a so many pipelined
+ requests arrive in a single read that backpressure is indicated.
+ The request handler (L{DummyHTTPHandler}) immediately responds.
+
+ This doesn't check the at-most-one pending request
+ invariant but exercises otherwise uncovered code paths.
+ See GHSA-c8m8-j448-xjx7.
+
+ @see: L{http.HTTPChannel._optimisticEagerReadSize}
+ """
+ b = StringTransport()
+ a = http.HTTPChannel()
+ a.requestFactory = DummyHTTPHandlerProxy
+ a.makeConnection(b)
+
+ overLimitCount = a._optimisticEagerReadSize // len(self.requests) * 10
+ a.dataReceived(self.requests * overLimitCount)
+
+ self.assertResponseEquals(b.value(), self.expectedResponses * overLimitCount)
def test_pipeliningReadLimit(self):
"""
@@ -1522,7 +1616,11 @@ class ChunkedTransferEncodingTests(unitt
lambda b: None, # pragma: nocov
)
p._maxTrailerHeadersSize = 10
- p.dataReceived(b"3\r\nabc\r\n0\r\n0123456789")
+ # 9 bytes are received so far, in 2 packets.
+ # For now, all is ok.
+ p.dataReceived(b"3\r\nabc\r\n0\r\n01234567")
+ p.dataReceived(b"\r")
+ # Once the 10th byte is received, the processing fails.
self.assertRaises(
http._MalformedChunkedDataError,
p.dataReceived,

83
CVE-2024-41810.patch
View File

@ -1,83 +0,0 @@
Index: twisted-24.3.0/src/twisted/web/_template_util.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/_template_util.py
+++ twisted-24.3.0/src/twisted/web/_template_util.py
@@ -92,7 +92,7 @@ def redirectTo(URL: bytes, request: IReq
</body>
</html>
""" % {
- b"url": URL
+ b"url": escape(URL.decode("utf-8")).encode("utf-8")
}
return content
Index: twisted-24.3.0/src/twisted/web/newsfragments/12263.bugfix
===================================================================
--- /dev/null
+++ twisted-24.3.0/src/twisted/web/newsfragments/12263.bugfix
@@ -0,0 +1 @@
+twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being tracked with CVE-2024-41810.
\ No newline at end of file
Index: twisted-24.3.0/src/twisted/web/newsfragments/9839.bugfix
===================================================================
--- /dev/null
+++ twisted-24.3.0/src/twisted/web/newsfragments/9839.bugfix
@@ -0,0 +1 @@
+twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810).
Index: twisted-24.3.0/src/twisted/web/test/test_util.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/test/test_util.py
+++ twisted-24.3.0/src/twisted/web/test/test_util.py
@@ -5,7 +5,6 @@
Tests for L{twisted.web.util}.
"""
-
import gc
from twisted.internet import defer
@@ -64,6 +63,44 @@ class RedirectToTests(TestCase):
targetURL = "http://target.example.com/4321"
self.assertRaises(TypeError, redirectTo, targetURL, request)
+ def test_legitimateRedirect(self):
+ """
+ Legitimate URLs are fully interpolated in the `redirectTo` response body without transformation
+ """
+ request = DummyRequest([b""])
+ html = redirectTo(b"https://twisted.org/", request)
+ expected = b"""
+<html>
+ <head>
+ <meta http-equiv=\"refresh\" content=\"0;URL=https://twisted.org/\">
+ </head>
+ <body bgcolor=\"#FFFFFF\" text=\"#000000\">
+ <a href=\"https://twisted.org/\">click here</a>
+ </body>
+</html>
+"""
+ self.assertEqual(html, expected)
+
+ def test_maliciousRedirect(self):
+ """
+ Malicious URLs are HTML-escaped before interpolating them in the `redirectTo` response body
+ """
+ request = DummyRequest([b""])
+ html = redirectTo(
+ b'https://twisted.org/"><script>alert(document.location)</script>', request
+ )
+ expected = b"""
+<html>
+ <head>
+ <meta http-equiv=\"refresh\" content=\"0;URL=https://twisted.org/&quot;&gt;&lt;script&gt;alert(document.location)&lt;/script&gt;\">
+ </head>
+ <body bgcolor=\"#FFFFFF\" text=\"#000000\">
+ <a href=\"https://twisted.org/&quot;&gt;&lt;script&gt;alert(document.location)&lt;/script&gt;\">click here</a>
+ </body>
+</html>
+"""
+ self.assertEqual(html, expected)
+
class ParentRedirectTests(SynchronousTestCase):
"""

16
no-cython_test_exception_raiser.patch
View File

@ -1,13 +1,9 @@
---
src/twisted/test/test_failure.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: twisted-24.3.0/src/twisted/test/test_failure.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/test/test_failure.py
+++ twisted-24.3.0/src/twisted/test/test_failure.py
@@ -18,7 +18,8 @@ from types import TracebackType
from typing import Any, Generator
diff --git a/src/twisted/test/test_failure.py b/src/twisted/test/test_failure.py
index a9e920c10e..de9c499972 100644
--- a/src/twisted/test/test_failure.py
+++ b/src/twisted/test/test_failure.py
@@ -19,7 +19,8 @@ from types import TracebackType
from typing import Any, Generator, cast
from unittest import skipIf
-from cython_test_exception_raiser import raiser

92
python-Twisted.changes
View File

@ -1,3 +1,95 @@
-------------------------------------------------------------------
Wed Sep 25 06:38:11 UTC 2024 - Markéta Machová <mmachova@suse.com>
- Add upstream patch 12313-fix-test_manhole.patch to fix test failure
with latest python312
-------------------------------------------------------------------
Mon Sep 9 14:23:03 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 24.7.0
* 24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279)
* twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback
response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). (#9839)
* The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined
HTTP requests out-of-order, possibly resulting in information disclosure
(CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248)
* twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
* twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
* twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
* twisted.web.wsgi request environment now contains the peer port number as `REMOTE_PORT`. (#12096)
* twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks()
no longer use `assert` to check the type of the arguments. You should now use type checking
to validate your code. These changes were done to reduce the CPU usage. (#12122)
* Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.\
failureHandler, which allow for more concise and convenient handling of exceptions when
dispatching out to application code. The former can arbitrarily customize failure handling
at the call site, and the latter can be used for performance-sensitive cases where no
additional information needs to be logged. (#12188)
* twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
* twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)
* twisted.internet.ssl.Certificate.__repr__ can now handle certificates without
a common name (CN) in the certificate itself or the signing CA. (#5851)
* Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry
and its implementations, twisted.conch.client.knownhosts.PlainHost and
twisted.conch.client.knownhosts.HashedHost, correcting a variety of
type confusion issues throughout the conch client code. (#9713)
* twisted.python.failure.Failure once again utilizes the custom
pickling logic it used to in the past. (#12112)
* twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs
an exception when automatically adding an IP address host key, which means
the interactive `conch` command-line no longer will either. (#12141)
* The IRC server example found in the documentation was updated for readability. (#12097)
* Remove contextvars from list of optional dependencies. (#12128)
* The documentation for installing Twisted was moved into a single page. (#12145)
* The project's compatibility policy now clearly indicates that the GitHub Actions
test matrix defines the supported platforms. (#12167)
* Updated imap4client.py example, it no longer references Python 2. (#12252)
* twisted.internet.defer.returnValue has been deprecated. You can replace
it with the standard `return` statement. (#9930)
* The `twisted-iocpsupport` is no longer a hard dependency on Windows.
* The IOCP support is now installed together with the other Windows soft
* dependencies via `twisted[windows-platform]`. (#11893)
* twisted.python.deprecate helper function will now always strip whitespaces from the docstrings.
* This is done to have the same behaviour as with Python 3.13. (#12063)
* twisted.conch.manhole.ManholeInterpreter.write, twisted.conch.manhole.ManholeInterpreter.
addOutput, twisted.mail.imap4.IMAP4Server.sendUntaggedResponse `async` argument,
deprecated since 18.9.0, has been removed. (#12130)
* twisted.web.soap was removed.
* The SOAP support was already broken, for at least the last 4 years.
* The SOAP support in Twisted has no active maintainer. (#12146)
* Fix #11744, #11771, #12113, #12154, #12169, #12179, #12193, #12195,
#12197, #12215, #12221, #12243, #12249, #12254, #12259, #12669
* twisted.conch.insults.window.Widget.functionKeyReceived now dispatches
functional key events to corresponding `func_KEYNAME` methods, where `KEYNAME` can be `F1`, `F2`,
`HOME`, `UP_ARROW` etc. This is a regression introduced with #8214 in Twisted 16.5.0, where events
changed from `const` objects to bytestrings in square brackets like `[F1]`. (#12046)
* twisted.web.agent.Agent now allows duplicate Content-Length headers having the same value, per RFC
9110 section 8.6. It is otherwise more strict when parsing Content-Length header values. (#9064)
* twisted.web.client.HTTPConnectionPool used by HTTP clients now runs faster by using a little less CPU. (#12108)
* twisted.web.http_headers now uses less CPU, making a small HTTP client request 10% faster or so. (#12116)
* twisted.web's HTTP/1.1 server now runs a little faster, with about 10% lower CPU overhead. (#12133)
* twisted.web's HTTP 1.1 server is an additional 5% faster. (#12155)
* twisted.web.http.IM_A_TEAPOT was added and returns `I'm a teapot`
* as default message for the status code 418,
* as defined in RFC 2324 section 2.3.2. (#12104)
* The HTTP 1.0/1.1 server provided by twisted.web is now more picky about the first line of a request,
improving compliance with RFC 9112. (#12233)
* The HTTP 1.0/1.1 server provided by twisted.web now constraints the character set of HTTP header names,
improving compliance with RFC 9110. (#12235)
* Fix ReverseProxyResource example in developer guide. (#12152)
* twisted.web.util.ChildRedirector, which has never worked on Python 3, has been removed. (#9591)
* ``twisted.web.http.Request.setResponseCode()`` no longer validates the types of inputs;
we encourage you to use a type checker like mypy to catch these sort of errors. The
long-deprecated ``twisted.web.server.string_date_time()`` and ``twisted.web.server.date_time_string()``
APIs were removed altogether. (#12133)
* twisted.web.http.HTTPClient is now deprecated in favor of twisted.web.client.Agent (#12158)
* Fix #12098, #12194, #12200, #12241, #12257
- Drop CVE-2024-41671.patch, merged upstream
- Drop CVE-2024-41810.patch, merged upstream
- Refresh 1521_delegate_parseqs_stdlib_bpo42967.patch
- Refresh no-cython_test_exception_raiser.patch
-------------------------------------------------------------------
Wed Jul 31 06:07:19 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>

12
python-Twisted.spec
View File

@ -27,7 +27,7 @@
%{?sle15_python_module_pythons}
Name: python-Twisted%{psuffix}
Version: 24.3.0
Version: 24.7.0
Release: 0
Summary: An asynchronous networking framework written in Python
License: MIT
@ -45,13 +45,11 @@ Patch3: 1521_delegate_parseqs_stdlib_bpo42967.patch
Patch5: no-cython_test_exception_raiser.patch
# PATCH-FIX-OPENSUSE remove-dependency-version-upper-bounds.patch boo#1190036 -- run with h2 >= 4.0.0 and priority >= 2.0
Patch6: remove-dependency-version-upper-bounds.patch
# PATCH-FIX-UPSTREAM CVE-2024-41671.patch gh#twisted/twisted@4a930de12fb6
Patch7: CVE-2024-41671.patch
# PATCH-FIX-UPSTREAM CVE-2024-41810.patch gh#twisted/twisted@046a164f89a0
Patch8: CVE-2024-41810.patch
# PATCH-FIX-UPSTREAM https://github.com/twisted/twisted/pull/12314 12313 Fix test_manhole.py on Python 3.13rc2
Patch7: 12313-fix-test_manhole.patch
BuildRequires: %{python_module hatch-fancy-pypi-readme}
BuildRequires: %{python_module hatchling}
BuildRequires: %{python_module incremental >= 21.3.0}
BuildRequires: %{python_module incremental >= 24.7.0}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module wheel}
@ -65,7 +63,7 @@ Requires: python-Automat >= 0.8.0
Requires: python-attrs >= 19.2.0
Requires: python-constantly >= 15.1
Requires: python-hyperlink >= 17.1.1
Requires: python-incremental >= 21.3.0
Requires: python-incremental >= 24.7.0
Requires: python-typing_extensions >= 3.6.5
Requires: python-zope.interface >= 4.4.2
# /SECTION

BIN
twisted-24.3.0.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

BIN
twisted-24.7.0.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.