diff --git a/12313-fix-test_manhole.patch b/12313-fix-test_manhole.patch new file mode 100644 index 0000000..6bb4e1a --- /dev/null +++ b/12313-fix-test_manhole.patch @@ -0,0 +1,60 @@ +From 185ff4b3f2e402e6a3c450d826223c79b53af333 Mon Sep 17 00:00:00 2001 +From: Itamar Turner-Trauring +Date: Tue, 10 Sep 2024 14:04:21 -0400 +Subject: [PATCH 1/3] Fix (or workaround?) bug that happens in 3.13 where last + frame of traceback is omitted. + +--- + src/twisted/conch/manhole.py | 6 +++++- + src/twisted/conch/newsfragments/12313.misc | 0 + 2 files changed, 5 insertions(+), 1 deletion(-) + create mode 100644 src/twisted/conch/newsfragments/12313.misc + +diff --git a/src/twisted/conch/manhole.py b/src/twisted/conch/manhole.py +index f552af5bbdc..1fce66a8cd4 100644 +--- a/src/twisted/conch/manhole.py ++++ b/src/twisted/conch/manhole.py +@@ -124,7 +124,11 @@ def excepthook( + """ + Format exception tracebacks and write them to the output handler. + """ +- lines = format_exception(excType, excValue, excTraceback.tb_next) ++ if sys.version_info[:2] < (3, 13): ++ traceback = excTraceback.tb_next ++ else: ++ traceback = excTraceback ++ lines = format_exception(excType, excValue, traceback) + self.write("".join(lines)) + + def displayhook(self, obj): +diff --git a/src/twisted/conch/newsfragments/12313.misc b/src/twisted/conch/newsfragments/12313.misc +new file mode 100644 +index 00000000000..e69de29bb2d + +From 2a73df859a8f9f61bc9de535eb39878ab10200e6 Mon Sep 17 00:00:00 2001 +From: Itamar Turner-Trauring +Date: Mon, 16 Sep 2024 10:51:39 -0400 +Subject: [PATCH 3/3] Check based on symptoms, rather than version. + +--- + src/twisted/conch/manhole.py | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/twisted/conch/manhole.py b/src/twisted/conch/manhole.py +index 1fce66a8cd4..670ac0480ec 100644 +--- a/src/twisted/conch/manhole.py ++++ b/src/twisted/conch/manhole.py +@@ -124,9 +124,12 @@ def excepthook( + """ + Format exception tracebacks and write them to the output handler. + """ +- if sys.version_info[:2] < (3, 13): ++ code_obj = excTraceback.tb_frame.f_code ++ if code_obj.co_filename == code.__file__ and code_obj.co_name == "runcode": + traceback = excTraceback.tb_next + else: ++ # Workaround for https://github.com/python/cpython/issues/122478, ++ # present e.g. in Python 3.12.6: + traceback = excTraceback + lines = format_exception(excType, excValue, traceback) + self.write("".join(lines)) diff --git a/1521_delegate_parseqs_stdlib_bpo42967.patch b/1521_delegate_parseqs_stdlib_bpo42967.patch index 4c7cbcf..a60da40 100644 --- a/1521_delegate_parseqs_stdlib_bpo42967.patch +++ b/1521_delegate_parseqs_stdlib_bpo42967.patch @@ -1,20 +1,19 @@ -From df79d69adea5c819bb104861dccf1bbe25851644 Mon Sep 17 00:00:00 2001 +From 7130df7ee21ebd93d7e15e7c4ef752b759f8e1c3 Mon Sep 17 00:00:00 2001 From: Thomas Grainger Date: Sun, 21 Feb 2021 11:54:25 +0000 -Subject: [PATCH 1/2] delegate to stdlib parse qs +Subject: [PATCH] delegate to stdlib parse qs --- - src/twisted/web/http.py | 26 +------------------------- - src/twisted/web/newsfragments/10096.bugfix | 1 + - src/twisted/web/server.py | 5 ++--- - 3 files changed, 4 insertions(+), 28 deletions(-) + src/twisted/web/http.py | 29 +--------------------- + src/twisted/web/newsfragments/10096.bugfix | 1 + + 2 files changed, 2 insertions(+), 28 deletions(-) create mode 100644 src/twisted/web/newsfragments/10096.bugfix -Index: twisted-24.3.0/src/twisted/web/http.py -=================================================================== ---- twisted-24.3.0.orig/src/twisted/web/http.py -+++ twisted-24.3.0/src/twisted/web/http.py -@@ -115,6 +115,7 @@ from urllib.parse import ( +diff --git a/src/twisted/web/http.py b/src/twisted/web/http.py +index 18710f51dc..f0fea06b5d 100644 +--- a/src/twisted/web/http.py ++++ b/src/twisted/web/http.py +@@ -125,6 +125,7 @@ from urllib.parse import ( ParseResultBytes, unquote_to_bytes as unquote, urlparse as _urlparse, @@ -22,7 +21,7 @@ Index: twisted-24.3.0/src/twisted/web/http.py ) from zope.interface import Attribute, Interface, implementer, provider -@@ -288,34 +289,6 @@ def urlparse(url): +@@ -363,34 +364,6 @@ def urlparse(url): return ParseResultBytes(scheme, netloc, path, params, query, fragment) @@ -57,39 +56,13 @@ Index: twisted-24.3.0/src/twisted/web/http.py def datetimeToString(msSinceEpoch=None): """ Convert seconds since epoch to HTTP datetime string. -Index: twisted-24.3.0/src/twisted/web/newsfragments/10096.bugfix -=================================================================== +diff --git a/src/twisted/web/newsfragments/10096.bugfix b/src/twisted/web/newsfragments/10096.bugfix +new file mode 100644 +index 0000000000..8f5b4759cb --- /dev/null -+++ twisted-24.3.0/src/twisted/web/newsfragments/10096.bugfix ++++ b/src/twisted/web/newsfragments/10096.bugfix @@ -0,0 +1 @@ +delegate to urllib.parse:parse_qs in twisted.web.http:parse_qs to avoid CVE-2021-23336 and the associated CI failures -Index: twisted-24.3.0/src/twisted/web/server.py -=================================================================== ---- twisted-24.3.0.orig/src/twisted/web/server.py -+++ twisted-24.3.0/src/twisted/web/server.py -@@ -21,7 +21,7 @@ import zlib - from binascii import hexlify - from html import escape - from typing import List, Optional --from urllib.parse import quote as _quote -+from urllib.parse import quote as _quote, unquote_to_bytes as _unquote_to_bytes - - from zope.interface import implementer - -@@ -37,7 +37,6 @@ from twisted.python.deprecate import dep - from twisted.spread.pb import Copyable, ViewPoint - from twisted.web import http, iweb, resource, util - from twisted.web.error import UnsupportedMethod --from twisted.web.http import unquote - - NOT_DONE_YET = 1 - -@@ -210,7 +209,7 @@ class Request(Copyable, http.Request, co - - # Resource Identification - self.prepath = [] -- self.postpath = list(map(unquote, self.path[1:].split(b"/"))) -+ self.postpath = [_unquote_to_bytes(v) for v in self.path[1:].split(b"/")] - - # Short-circuit for requests whose path is '*'. - if self.path == b"*": +-- +2.46.0 + diff --git a/CVE-2024-41671.patch b/CVE-2024-41671.patch deleted file mode 100644 index 5dc8a5f..0000000 --- a/CVE-2024-41671.patch +++ /dev/null @@ -1,242 +0,0 @@ -Index: twisted-24.3.0/src/twisted/web/http.py -=================================================================== ---- twisted-24.3.0.orig/src/twisted/web/http.py -+++ twisted-24.3.0/src/twisted/web/http.py -@@ -1973,16 +1973,21 @@ class _ChunkedTransferDecoder: - @returns: C{False}, as there is either insufficient data to continue, - or no data remains. - """ -- if ( -- self._receivedTrailerHeadersSize + len(self._buffer) -- > self._maxTrailerHeadersSize -- ): -- raise _MalformedChunkedDataError("Trailer headers data is too long.") -- - eolIndex = self._buffer.find(b"\r\n", self._start) - - if eolIndex == -1: - # Still no end of network line marker found. -+ # -+ # Check if we've run up against the trailer size limit: if the next -+ # read contains the terminating CRLF then we'll have this many bytes -+ # of trailers (including the CRLFs). -+ minTrailerSize = ( -+ self._receivedTrailerHeadersSize -+ + len(self._buffer) -+ + (1 if self._buffer.endswith(b"\r") else 2) -+ ) -+ if minTrailerSize > self._maxTrailerHeadersSize: -+ raise _MalformedChunkedDataError("Trailer headers data is too long.") - # Continue processing more data. - return False - -@@ -1992,6 +1997,8 @@ class _ChunkedTransferDecoder: - del self._buffer[0 : eolIndex + 2] - self._start = 0 - self._receivedTrailerHeadersSize += eolIndex + 2 -+ if self._receivedTrailerHeadersSize > self._maxTrailerHeadersSize: -+ raise _MalformedChunkedDataError("Trailer headers data is too long.") - return True - - # eolIndex in this part of code is equal to 0 -@@ -2315,8 +2322,8 @@ class HTTPChannel(basic.LineReceiver, po - self.__header = line - - def _finishRequestBody(self, data): -- self.allContentReceived() - self._dataBuffer.append(data) -+ self.allContentReceived() - - def _maybeChooseTransferDecoder(self, header, data): - """ -Index: twisted-24.3.0/src/twisted/web/newsfragments/12248.bugfix -=================================================================== ---- /dev/null -+++ twisted-24.3.0/src/twisted/web/newsfragments/12248.bugfix -@@ -0,0 +1 @@ -+The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7) -Index: twisted-24.3.0/src/twisted/web/test/test_http.py -=================================================================== ---- twisted-24.3.0.orig/src/twisted/web/test/test_http.py -+++ twisted-24.3.0/src/twisted/web/test/test_http.py -@@ -135,7 +135,7 @@ class DummyHTTPHandler(http.Request): - data = self.content.read() - length = self.getHeader(b"content-length") - if length is None: -- length = networkString(str(length)) -+ length = str(length).encode() - request = b"'''\n" + length + b"\n" + data + b"'''\n" - self.setResponseCode(200) - self.setHeader(b"Request", self.uri) -@@ -563,17 +563,23 @@ class HTTP0_9Tests(HTTP1_0Tests): - - class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin): - """ -- Tests that multiple pipelined requests with bodies are correctly buffered. -+ Pipelined requests get buffered and executed in the order received, -+ not processed in parallel. - """ - - requests = ( - b"POST / HTTP/1.1\r\n" - b"Content-Length: 10\r\n" - b"\r\n" -- b"0123456789POST / HTTP/1.1\r\n" -- b"Content-Length: 10\r\n" -- b"\r\n" - b"0123456789" -+ # Chunk encoded request. -+ b"POST / HTTP/1.1\r\n" -+ b"Transfer-Encoding: chunked\r\n" -+ b"\r\n" -+ b"a\r\n" -+ b"0123456789\r\n" -+ b"0\r\n" -+ b"\r\n" - ) - - expectedResponses = [ -@@ -590,14 +596,16 @@ class PipeliningBodyTests(unittest.TestC - b"Request: /", - b"Command: POST", - b"Version: HTTP/1.1", -- b"Content-Length: 21", -- b"'''\n10\n0123456789'''\n", -+ b"Content-Length: 23", -+ b"'''\nNone\n0123456789'''\n", - ), - ] - -- def test_noPipelining(self): -+ def test_stepwiseTinyTube(self): - """ -- Test that pipelined requests get buffered, not processed in parallel. -+ Imitate a slow connection that delivers one byte at a time. -+ The request handler (L{DelayedHTTPHandler}) is puppeted to -+ step through the handling of each request. - """ - b = StringTransport() - a = http.HTTPChannel() -@@ -606,10 +614,9 @@ class PipeliningBodyTests(unittest.TestC - # one byte at a time, to stress it. - for byte in iterbytes(self.requests): - a.dataReceived(byte) -- value = b.value() - - # So far only one request should have been dispatched. -- self.assertEqual(value, b"") -+ self.assertEqual(b.value(), b"") - self.assertEqual(1, len(a.requests)) - - # Now, process each request one at a time. -@@ -618,8 +625,95 @@ class PipeliningBodyTests(unittest.TestC - request = a.requests[0].original - request.delayedProcess() - -- value = b.value() -- self.assertResponseEquals(value, self.expectedResponses) -+ self.assertResponseEquals(b.value(), self.expectedResponses) -+ -+ def test_stepwiseDumpTruck(self): -+ """ -+ Imitate a fast connection where several pipelined -+ requests arrive in a single read. The request handler -+ (L{DelayedHTTPHandler}) is puppeted to step through the -+ handling of each request. -+ """ -+ b = StringTransport() -+ a = http.HTTPChannel() -+ a.requestFactory = DelayedHTTPHandlerProxy -+ a.makeConnection(b) -+ -+ a.dataReceived(self.requests) -+ -+ # So far only one request should have been dispatched. -+ self.assertEqual(b.value(), b"") -+ self.assertEqual(1, len(a.requests)) -+ -+ # Now, process each request one at a time. -+ while a.requests: -+ self.assertEqual(1, len(a.requests)) -+ request = a.requests[0].original -+ request.delayedProcess() -+ -+ self.assertResponseEquals(b.value(), self.expectedResponses) -+ -+ def test_immediateTinyTube(self): -+ """ -+ Imitate a slow connection that delivers one byte at a time. -+ -+ (L{DummyHTTPHandler}) immediately responds, but no more -+ than one -+ """ -+ b = StringTransport() -+ a = http.HTTPChannel() -+ a.requestFactory = DummyHTTPHandlerProxy # "sync" -+ a.makeConnection(b) -+ -+ # one byte at a time, to stress it. -+ for byte in iterbytes(self.requests): -+ a.dataReceived(byte) -+ # There is never more than one request dispatched at a time: -+ self.assertLessEqual(len(a.requests), 1) -+ -+ self.assertResponseEquals(b.value(), self.expectedResponses) -+ -+ def test_immediateDumpTruck(self): -+ """ -+ Imitate a fast connection where several pipelined -+ requests arrive in a single read. The request handler -+ (L{DummyHTTPHandler}) immediately responds. -+ -+ This doesn't check the at-most-one pending request -+ invariant but exercises otherwise uncovered code paths. -+ See GHSA-c8m8-j448-xjx7. -+ """ -+ b = StringTransport() -+ a = http.HTTPChannel() -+ a.requestFactory = DummyHTTPHandlerProxy -+ a.makeConnection(b) -+ -+ # All bytes at once to ensure there's stuff to buffer. -+ a.dataReceived(self.requests) -+ -+ self.assertResponseEquals(b.value(), self.expectedResponses) -+ -+ def test_immediateABiggerTruck(self): -+ """ -+ Imitate a fast connection where a so many pipelined -+ requests arrive in a single read that backpressure is indicated. -+ The request handler (L{DummyHTTPHandler}) immediately responds. -+ -+ This doesn't check the at-most-one pending request -+ invariant but exercises otherwise uncovered code paths. -+ See GHSA-c8m8-j448-xjx7. -+ -+ @see: L{http.HTTPChannel._optimisticEagerReadSize} -+ """ -+ b = StringTransport() -+ a = http.HTTPChannel() -+ a.requestFactory = DummyHTTPHandlerProxy -+ a.makeConnection(b) -+ -+ overLimitCount = a._optimisticEagerReadSize // len(self.requests) * 10 -+ a.dataReceived(self.requests * overLimitCount) -+ -+ self.assertResponseEquals(b.value(), self.expectedResponses * overLimitCount) - - def test_pipeliningReadLimit(self): - """ -@@ -1522,7 +1616,11 @@ class ChunkedTransferEncodingTests(unitt - lambda b: None, # pragma: nocov - ) - p._maxTrailerHeadersSize = 10 -- p.dataReceived(b"3\r\nabc\r\n0\r\n0123456789") -+ # 9 bytes are received so far, in 2 packets. -+ # For now, all is ok. -+ p.dataReceived(b"3\r\nabc\r\n0\r\n01234567") -+ p.dataReceived(b"\r") -+ # Once the 10th byte is received, the processing fails. - self.assertRaises( - http._MalformedChunkedDataError, - p.dataReceived, diff --git a/CVE-2024-41810.patch b/CVE-2024-41810.patch deleted file mode 100644 index 80634a8..0000000 --- a/CVE-2024-41810.patch +++ /dev/null @@ -1,83 +0,0 @@ -Index: twisted-24.3.0/src/twisted/web/_template_util.py -=================================================================== ---- twisted-24.3.0.orig/src/twisted/web/_template_util.py -+++ twisted-24.3.0/src/twisted/web/_template_util.py -@@ -92,7 +92,7 @@ def redirectTo(URL: bytes, request: IReq - - - """ % { -- b"url": URL -+ b"url": escape(URL.decode("utf-8")).encode("utf-8") - } - return content - -Index: twisted-24.3.0/src/twisted/web/newsfragments/12263.bugfix -=================================================================== ---- /dev/null -+++ twisted-24.3.0/src/twisted/web/newsfragments/12263.bugfix -@@ -0,0 +1 @@ -+twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being tracked with CVE-2024-41810. -\ No newline at end of file -Index: twisted-24.3.0/src/twisted/web/newsfragments/9839.bugfix -=================================================================== ---- /dev/null -+++ twisted-24.3.0/src/twisted/web/newsfragments/9839.bugfix -@@ -0,0 +1 @@ -+twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). -Index: twisted-24.3.0/src/twisted/web/test/test_util.py -=================================================================== ---- twisted-24.3.0.orig/src/twisted/web/test/test_util.py -+++ twisted-24.3.0/src/twisted/web/test/test_util.py -@@ -5,7 +5,6 @@ - Tests for L{twisted.web.util}. - """ - -- - import gc - - from twisted.internet import defer -@@ -64,6 +63,44 @@ class RedirectToTests(TestCase): - targetURL = "http://target.example.com/4321" - self.assertRaises(TypeError, redirectTo, targetURL, request) - -+ def test_legitimateRedirect(self): -+ """ -+ Legitimate URLs are fully interpolated in the `redirectTo` response body without transformation -+ """ -+ request = DummyRequest([b""]) -+ html = redirectTo(b"https://twisted.org/", request) -+ expected = b""" -+ -+ -+ -+ -+ -+ click here -+ -+ -+""" -+ self.assertEqual(html, expected) -+ -+ def test_maliciousRedirect(self): -+ """ -+ Malicious URLs are HTML-escaped before interpolating them in the `redirectTo` response body -+ """ -+ request = DummyRequest([b""]) -+ html = redirectTo( -+ b'https://twisted.org/">', request -+ ) -+ expected = b""" -+ -+ -+ -+ -+ -+ click here -+ -+ -+""" -+ self.assertEqual(html, expected) -+ - - class ParentRedirectTests(SynchronousTestCase): - """ diff --git a/no-cython_test_exception_raiser.patch b/no-cython_test_exception_raiser.patch index 9fa4ff6..8a0ce4f 100644 --- a/no-cython_test_exception_raiser.patch +++ b/no-cython_test_exception_raiser.patch @@ -1,13 +1,9 @@ ---- - src/twisted/test/test_failure.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -Index: twisted-24.3.0/src/twisted/test/test_failure.py -=================================================================== ---- twisted-24.3.0.orig/src/twisted/test/test_failure.py -+++ twisted-24.3.0/src/twisted/test/test_failure.py -@@ -18,7 +18,8 @@ from types import TracebackType - from typing import Any, Generator +diff --git a/src/twisted/test/test_failure.py b/src/twisted/test/test_failure.py +index a9e920c10e..de9c499972 100644 +--- a/src/twisted/test/test_failure.py ++++ b/src/twisted/test/test_failure.py +@@ -19,7 +19,8 @@ from types import TracebackType + from typing import Any, Generator, cast from unittest import skipIf -from cython_test_exception_raiser import raiser diff --git a/python-Twisted.changes b/python-Twisted.changes index 446c274..86dad4e 100644 --- a/python-Twisted.changes +++ b/python-Twisted.changes @@ -1,3 +1,95 @@ +------------------------------------------------------------------- +Wed Sep 25 06:38:11 UTC 2024 - Markéta Machová + +- Add upstream patch 12313-fix-test_manhole.patch to fix test failure + with latest python312 + +------------------------------------------------------------------- +Mon Sep 9 14:23:03 UTC 2024 - John Paul Adrian Glaubitz + +- Update to 24.7.0 + * 24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279) + * twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback + response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). (#9839) + * The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined + HTTP requests out-of-order, possibly resulting in information disclosure + (CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248) + * twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645) + * twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972) + * twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065) + * twisted.web.wsgi request environment now contains the peer port number as `REMOTE_PORT`. (#12096) + * twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks() + no longer use `assert` to check the type of the arguments. You should now use type checking + to validate your code. These changes were done to reduce the CPU usage. (#12122) + * Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.\ + failureHandler, which allow for more concise and convenient handling of exceptions when + dispatching out to application code. The former can arbitrarily customize failure handling + at the call site, and the latter can be used for performance-sensitive cases where no + additional information needs to be logged. (#12188) + * twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223) + * twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227) + * twisted.internet.ssl.Certificate.__repr__ can now handle certificates without + a common name (CN) in the certificate itself or the signing CA. (#5851) + * Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry + and its implementations, twisted.conch.client.knownhosts.PlainHost and + twisted.conch.client.knownhosts.HashedHost, correcting a variety of + type confusion issues throughout the conch client code. (#9713) + * twisted.python.failure.Failure once again utilizes the custom + pickling logic it used to in the past. (#12112) + * twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs + an exception when automatically adding an IP address host key, which means + the interactive `conch` command-line no longer will either. (#12141) + * The IRC server example found in the documentation was updated for readability. (#12097) + * Remove contextvars from list of optional dependencies. (#12128) + * The documentation for installing Twisted was moved into a single page. (#12145) + * The project's compatibility policy now clearly indicates that the GitHub Actions + test matrix defines the supported platforms. (#12167) + * Updated imap4client.py example, it no longer references Python 2. (#12252) + * twisted.internet.defer.returnValue has been deprecated. You can replace + it with the standard `return` statement. (#9930) + * The `twisted-iocpsupport` is no longer a hard dependency on Windows. + * The IOCP support is now installed together with the other Windows soft + * dependencies via `twisted[windows-platform]`. (#11893) + * twisted.python.deprecate helper function will now always strip whitespaces from the docstrings. + * This is done to have the same behaviour as with Python 3.13. (#12063) + * twisted.conch.manhole.ManholeInterpreter.write, twisted.conch.manhole.ManholeInterpreter. + addOutput, twisted.mail.imap4.IMAP4Server.sendUntaggedResponse `async` argument, + deprecated since 18.9.0, has been removed. (#12130) + * twisted.web.soap was removed. + * The SOAP support was already broken, for at least the last 4 years. + * The SOAP support in Twisted has no active maintainer. (#12146) + * Fix #11744, #11771, #12113, #12154, #12169, #12179, #12193, #12195, + #12197, #12215, #12221, #12243, #12249, #12254, #12259, #12669 + * twisted.conch.insults.window.Widget.functionKeyReceived now dispatches + functional key events to corresponding `func_KEYNAME` methods, where `KEYNAME` can be `F1`, `F2`, + `HOME`, `UP_ARROW` etc. This is a regression introduced with #8214 in Twisted 16.5.0, where events + changed from `const` objects to bytestrings in square brackets like `[F1]`. (#12046) + * twisted.web.agent.Agent now allows duplicate Content-Length headers having the same value, per RFC + 9110 section 8.6. It is otherwise more strict when parsing Content-Length header values. (#9064) + * twisted.web.client.HTTPConnectionPool used by HTTP clients now runs faster by using a little less CPU. (#12108) + * twisted.web.http_headers now uses less CPU, making a small HTTP client request 10% faster or so. (#12116) + * twisted.web's HTTP/1.1 server now runs a little faster, with about 10% lower CPU overhead. (#12133) + * twisted.web's HTTP 1.1 server is an additional 5% faster. (#12155) + * twisted.web.http.IM_A_TEAPOT was added and returns `I'm a teapot` + * as default message for the status code 418, + * as defined in RFC 2324 section 2.3.2. (#12104) + * The HTTP 1.0/1.1 server provided by twisted.web is now more picky about the first line of a request, + improving compliance with RFC 9112. (#12233) + * The HTTP 1.0/1.1 server provided by twisted.web now constraints the character set of HTTP header names, + improving compliance with RFC 9110. (#12235) + * Fix ReverseProxyResource example in developer guide. (#12152) + * twisted.web.util.ChildRedirector, which has never worked on Python 3, has been removed. (#9591) + * ``twisted.web.http.Request.setResponseCode()`` no longer validates the types of inputs; + we encourage you to use a type checker like mypy to catch these sort of errors. The + long-deprecated ``twisted.web.server.string_date_time()`` and ``twisted.web.server.date_time_string()`` + APIs were removed altogether. (#12133) + * twisted.web.http.HTTPClient is now deprecated in favor of twisted.web.client.Agent (#12158) + * Fix #12098, #12194, #12200, #12241, #12257 +- Drop CVE-2024-41671.patch, merged upstream +- Drop CVE-2024-41810.patch, merged upstream +- Refresh 1521_delegate_parseqs_stdlib_bpo42967.patch +- Refresh no-cython_test_exception_raiser.patch + ------------------------------------------------------------------- Wed Jul 31 06:07:19 UTC 2024 - Daniel Garcia diff --git a/python-Twisted.spec b/python-Twisted.spec index f1a4d8d..8aa8850 100644 --- a/python-Twisted.spec +++ b/python-Twisted.spec @@ -27,7 +27,7 @@ %{?sle15_python_module_pythons} Name: python-Twisted%{psuffix} -Version: 24.3.0 +Version: 24.7.0 Release: 0 Summary: An asynchronous networking framework written in Python License: MIT @@ -45,13 +45,11 @@ Patch3: 1521_delegate_parseqs_stdlib_bpo42967.patch Patch5: no-cython_test_exception_raiser.patch # PATCH-FIX-OPENSUSE remove-dependency-version-upper-bounds.patch boo#1190036 -- run with h2 >= 4.0.0 and priority >= 2.0 Patch6: remove-dependency-version-upper-bounds.patch -# PATCH-FIX-UPSTREAM CVE-2024-41671.patch gh#twisted/twisted@4a930de12fb6 -Patch7: CVE-2024-41671.patch -# PATCH-FIX-UPSTREAM CVE-2024-41810.patch gh#twisted/twisted@046a164f89a0 -Patch8: CVE-2024-41810.patch +# PATCH-FIX-UPSTREAM https://github.com/twisted/twisted/pull/12314 12313 Fix test_manhole.py on Python 3.13rc2 +Patch7: 12313-fix-test_manhole.patch BuildRequires: %{python_module hatch-fancy-pypi-readme} BuildRequires: %{python_module hatchling} -BuildRequires: %{python_module incremental >= 21.3.0} +BuildRequires: %{python_module incremental >= 24.7.0} BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} @@ -65,7 +63,7 @@ Requires: python-Automat >= 0.8.0 Requires: python-attrs >= 19.2.0 Requires: python-constantly >= 15.1 Requires: python-hyperlink >= 17.1.1 -Requires: python-incremental >= 21.3.0 +Requires: python-incremental >= 24.7.0 Requires: python-typing_extensions >= 3.6.5 Requires: python-zope.interface >= 4.4.2 # /SECTION diff --git a/twisted-24.3.0.tar.gz b/twisted-24.3.0.tar.gz deleted file mode 100644 index a01c617..0000000 --- a/twisted-24.3.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6b38b6ece7296b5e122c9eb17da2eeab3d98a198f50ca9efd00fb03e5b4fd4ae -size 3500456 diff --git a/twisted-24.7.0.tar.gz b/twisted-24.7.0.tar.gz new file mode 100644 index 0000000..0529fcb --- /dev/null +++ b/twisted-24.7.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5a60147f044187a127ec7da96d170d49bcce50c6fd36f594e60f4587eff4d394 +size 3516844