From 7350ac444858caa957efd5f14178309ea2bdc97e9c95d57b1dbeca9ff3f1cdea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 3 May 2024 19:58:25 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main python-Twisted revision 177e11e657250072c4246369fdf6003c --- .gitattributes | 23 + 1521_delegate_parseqs_stdlib_bpo42967.patch | 92 ++ CVE-2023-46137-HTTP-pipeline-response.patch | 174 ++ Twisted-22.10.0.tar.gz | 3 + _multibuild | 3 + no-cython_test_exception_raiser.patch | 18 + no-pygtkcompat.patch | 36 + ...ccessResultOfWithFailureHasTraceback.patch | 25 + py311-tests-compat.patch | 117 ++ python-Twisted.changes | 1448 +++++++++++++++++ python-Twisted.rpmlintrc | 1 + python-Twisted.spec | 306 ++++ ...to-work-with-latest-service-identity.patch | 413 +++++ remove-dependency-version-upper-bounds.patch | 18 + remove-pynacl-optional-dependency.patch | 360 ++++ skip_MultiCast.patch | 25 + support-new-glibc.patch | 116 ++ 17 files changed, 3178 insertions(+) create mode 100644 .gitattributes create mode 100644 1521_delegate_parseqs_stdlib_bpo42967.patch create mode 100644 CVE-2023-46137-HTTP-pipeline-response.patch create mode 100644 Twisted-22.10.0.tar.gz create mode 100644 _multibuild create mode 100644 no-cython_test_exception_raiser.patch create mode 100644 no-pygtkcompat.patch create mode 100644 no-test_successResultOfWithFailureHasTraceback.patch create mode 100644 py311-tests-compat.patch create mode 100644 python-Twisted.changes create mode 100644 python-Twisted.rpmlintrc create mode 100644 python-Twisted.spec create mode 100644 regenerate-cert-to-work-with-latest-service-identity.patch create mode 100644 remove-dependency-version-upper-bounds.patch create mode 100644 remove-pynacl-optional-dependency.patch create mode 100644 skip_MultiCast.patch create mode 100644 support-new-glibc.patch diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/1521_delegate_parseqs_stdlib_bpo42967.patch b/1521_delegate_parseqs_stdlib_bpo42967.patch new file mode 100644 index 0000000..01f873e --- /dev/null +++ b/1521_delegate_parseqs_stdlib_bpo42967.patch @@ -0,0 +1,92 @@ +From df79d69adea5c819bb104861dccf1bbe25851644 Mon Sep 17 00:00:00 2001 +From: Thomas Grainger +Date: Sun, 21 Feb 2021 11:54:25 +0000 +Subject: [PATCH 1/2] delegate to stdlib parse qs + +--- + src/twisted/web/http.py | 26 +------------------------- + src/twisted/web/newsfragments/10096.bugfix | 1 + + src/twisted/web/server.py | 5 ++--- + 3 files changed, 4 insertions(+), 28 deletions(-) + create mode 100644 src/twisted/web/newsfragments/10096.bugfix + +Index: Twisted-22.1.0/src/twisted/web/http.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/web/http.py ++++ Twisted-22.1.0/src/twisted/web/http.py +@@ -113,6 +113,7 @@ from urllib.parse import ( + ParseResultBytes, + unquote_to_bytes as unquote, + urlparse as _urlparse, ++ parse_qs, + ) + + from zope.interface import Attribute, Interface, implementer, provider +@@ -263,31 +264,6 @@ def urlparse(url): + return ParseResultBytes(scheme, netloc, path, params, query, fragment) + + +-def parse_qs(qs, keep_blank_values=0, strict_parsing=0): +- """ +- Like C{cgi.parse_qs}, but with support for parsing byte strings on Python 3. +- +- @type qs: C{bytes} +- """ +- d = {} +- items = [s2 for s1 in qs.split(b"&") for s2 in s1.split(b";")] +- for item in items: +- try: +- k, v = item.split(b"=", 1) +- except ValueError: +- if strict_parsing: +- raise +- continue +- if v or keep_blank_values: +- k = unquote(k.replace(b"+", b" ")) +- v = unquote(v.replace(b"+", b" ")) +- if k in d: +- d[k].append(v) +- else: +- d[k] = [v] +- return d +- +- + def datetimeToString(msSinceEpoch=None): + """ + Convert seconds since epoch to HTTP datetime string. +Index: Twisted-22.1.0/src/twisted/web/newsfragments/10096.bugfix +=================================================================== +--- /dev/null ++++ Twisted-22.1.0/src/twisted/web/newsfragments/10096.bugfix +@@ -0,0 +1 @@ ++delegate to urllib.parse:parse_qs in twisted.web.http:parse_qs to avoid CVE-2021-23336 and the associated CI failures +Index: Twisted-22.1.0/src/twisted/web/server.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/web/server.py ++++ Twisted-22.1.0/src/twisted/web/server.py +@@ -21,7 +21,7 @@ import zlib + from binascii import hexlify + from html import escape + from typing import List, Optional +-from urllib.parse import quote as _quote ++from urllib.parse import quote as _quote, unquote_to_bytes as _unquote_to_bytes + + from zope.interface import implementer + +@@ -37,7 +37,6 @@ from twisted.python.deprecate import dep + from twisted.spread.pb import Copyable, ViewPoint + from twisted.web import http, iweb, resource, util + from twisted.web.error import UnsupportedMethod +-from twisted.web.http import unquote + + NOT_DONE_YET = 1 + +@@ -211,7 +210,7 @@ class Request(Copyable, http.Request, co + + # Resource Identification + self.prepath = [] +- self.postpath = list(map(unquote, self.path[1:].split(b"/"))) ++ self.postpath = [_unquote_to_bytes(v) for v in self.path[1:].split(b"/")] + + # Short-circuit for requests whose path is '*'. + if self.path == b"*": diff --git a/CVE-2023-46137-HTTP-pipeline-response.patch b/CVE-2023-46137-HTTP-pipeline-response.patch new file mode 100644 index 0000000..8bda6ff --- /dev/null +++ b/CVE-2023-46137-HTTP-pipeline-response.patch @@ -0,0 +1,174 @@ +--- + src/twisted/web/http.py | 32 +++++++++-- + src/twisted/web/newsfragments/11976.bugfix | 7 ++ + src/twisted/web/test/test_web.py | 81 ++++++++++++++++++++++++++++- + 3 files changed, 114 insertions(+), 6 deletions(-) + +--- a/src/twisted/web/http.py ++++ b/src/twisted/web/http.py +@@ -2419,14 +2419,38 @@ class HTTPChannel(basic.LineReceiver, po + + self._handlingRequest = True + ++ # We go into raw mode here even though we will be receiving lines next ++ # in the protocol; however, this data will be buffered and then passed ++ # back to line mode in the setLineMode call in requestDone. ++ self.setRawMode() ++ + req = self.requests[-1] + req.requestReceived(command, path, version) + +- def dataReceived(self, data): ++ def rawDataReceived(self, data: bytes) -> None: + """ +- Data was received from the network. Process it. ++ This is called when this HTTP/1.1 parser is in raw mode rather than ++ line mode. ++ ++ It may be in raw mode for one of two reasons: ++ ++ 1. All the headers of a request have been received and this ++ L{HTTPChannel} is currently receiving its body. ++ ++ 2. The full content of a request has been received and is currently ++ being processed asynchronously, and this L{HTTPChannel} is ++ buffering the data of all subsequent requests to be parsed ++ later. ++ ++ In the second state, the data will be played back later. ++ ++ @note: This isn't really a public API, and should be invoked only by ++ L{LineReceiver}'s line parsing logic. If you wish to drive an ++ L{HTTPChannel} from a custom data source, call C{dataReceived} on ++ it directly. ++ ++ @see: L{LineReceive.rawDataReceived} + """ +- # If we're currently handling a request, buffer this data. + if self._handlingRequest: + self._dataBuffer.append(data) + if ( +@@ -2438,9 +2462,7 @@ class HTTPChannel(basic.LineReceiver, po + # ready. See docstring for _optimisticEagerReadSize above. + self._networkProducer.pauseProducing() + return +- return basic.LineReceiver.dataReceived(self, data) + +- def rawDataReceived(self, data): + self.resetTimeout() + + try: +--- /dev/null ++++ b/src/twisted/web/newsfragments/11976.bugfix +@@ -0,0 +1,7 @@ ++In Twisted 16.3.0, we changed twisted.web to stop dispatching HTTP/1.1 ++pipelined requests to application code. There was a bug in this change which ++still allowed clients which could send multiple full HTTP requests in a single ++TCP segment to trigger asynchronous processing of later requests, which could ++lead to out-of-order responses. This has now been corrected and twisted.web ++should never process a pipelined request over HTTP/1.1 until the previous ++request has fully completed. +--- a/src/twisted/web/test/test_web.py ++++ b/src/twisted/web/test/test_web.py +@@ -8,6 +8,7 @@ Tests for various parts of L{twisted.web + import os + import zlib + from io import BytesIO ++from typing import List + + from zope.interface import implementer + from zope.interface.verify import verifyObject +@@ -17,10 +18,13 @@ from twisted.internet.address import IPv + from twisted.internet.task import Clock + from twisted.logger import LogLevel, globalLogPublisher + from twisted.python import failure, reflect ++from twisted.python.compat import iterbytes + from twisted.python.filepath import FilePath +-from twisted.test.proto_helpers import EventLoggingObserver ++from twisted.test.proto_helpers import EventLoggingObserver, StringTransport + from twisted.trial import unittest + from twisted.web import error, http, iweb, resource, server ++from twisted.web.resource import Resource ++from twisted.web.server import NOT_DONE_YET, Request, Site + from twisted.web.static import Data + from twisted.web.test.requesthelper import DummyChannel, DummyRequest + from ._util import assertIsFilesystemTemporary +@@ -1849,3 +1853,78 @@ class ExplicitHTTPFactoryReactor(unittes + + factory = http.HTTPFactory() + self.assertIs(factory.reactor, reactor) ++ ++ ++class QueueResource(Resource): ++ """ ++ Add all requests to an internal queue, ++ without responding to the requests. ++ You can access the requests from the queue and handle their response. ++ """ ++ ++ isLeaf = True ++ ++ def __init__(self) -> None: ++ super().__init__() ++ self.dispatchedRequests: List[Request] = [] ++ ++ def render_GET(self, request: Request) -> int: ++ self.dispatchedRequests.append(request) ++ return NOT_DONE_YET ++ ++ ++class TestRFC9112Section932(unittest.TestCase): ++ """ ++ Verify that HTTP/1.1 request ordering is preserved. ++ """ ++ ++ def test_multipleRequestsInOneSegment(self) -> None: ++ """ ++ Twisted MUST NOT respond to a second HTTP/1.1 request while the first ++ is still pending. ++ """ ++ qr = QueueResource() ++ site = Site(qr) ++ proto = site.buildProtocol(None) ++ serverTransport = StringTransport() ++ proto.makeConnection(serverTransport) ++ proto.dataReceived( ++ b"GET /first HTTP/1.1\r\nHost: a\r\n\r\n" ++ b"GET /second HTTP/1.1\r\nHost: a\r\n\r\n" ++ ) ++ # The TCP data contains 2 requests, ++ # but only 1 request was dispatched, ++ # as the first request was not yet finalized. ++ self.assertEqual(len(qr.dispatchedRequests), 1) ++ # The first request is finalized and the ++ # second request is dispatched right away. ++ qr.dispatchedRequests[0].finish() ++ self.assertEqual(len(qr.dispatchedRequests), 2) ++ ++ def test_multipleRequestsInDifferentSegments(self) -> None: ++ """ ++ Twisted MUST NOT respond to a second HTTP/1.1 request while the first ++ is still pending, even if the second request is received in a separate ++ TCP package. ++ """ ++ qr = QueueResource() ++ site = Site(qr) ++ proto = site.buildProtocol(None) ++ serverTransport = StringTransport() ++ proto.makeConnection(serverTransport) ++ raw_data = ( ++ b"GET /first HTTP/1.1\r\nHost: a\r\n\r\n" ++ b"GET /second HTTP/1.1\r\nHost: a\r\n\r\n" ++ ) ++ # Just go byte by byte for the extreme case in which each byte is ++ # received in a separate TCP package. ++ for chunk in iterbytes(raw_data): ++ proto.dataReceived(chunk) ++ # The TCP data contains 2 requests, ++ # but only 1 request was dispatched, ++ # as the first request was not yet finalized. ++ self.assertEqual(len(qr.dispatchedRequests), 1) ++ # The first request is finalized and the ++ # second request is dispatched right away. ++ qr.dispatchedRequests[0].finish() ++ self.assertEqual(len(qr.dispatchedRequests), 2) diff --git a/Twisted-22.10.0.tar.gz b/Twisted-22.10.0.tar.gz new file mode 100644 index 0000000..4f00d86 --- /dev/null +++ b/Twisted-22.10.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:32acbd40a94f5f46e7b42c109bfae2b302250945561783a8b7a059048f2d4d31 +size 3524935 diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..fcc7b97 --- /dev/null +++ b/_multibuild @@ -0,0 +1,3 @@ + + test + diff --git a/no-cython_test_exception_raiser.patch b/no-cython_test_exception_raiser.patch new file mode 100644 index 0000000..0fd842e --- /dev/null +++ b/no-cython_test_exception_raiser.patch @@ -0,0 +1,18 @@ +--- + src/twisted/test/test_failure.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Twisted-22.10.0/src/twisted/test/test_failure.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/test/test_failure.py ++++ Twisted-22.10.0/src/twisted/test/test_failure.py +@@ -16,7 +16,8 @@ from io import StringIO + from traceback import FrameSummary + from unittest import skipIf + +-from cython_test_exception_raiser import raiser # type: ignore[import] ++# from cython_test_exception_raiser import raiser # type: ignore[import] ++raiser = None + + from twisted.python import failure, reflect + from twisted.trial.unittest import SynchronousTestCase diff --git a/no-pygtkcompat.patch b/no-pygtkcompat.patch new file mode 100644 index 0000000..3b2ea0a --- /dev/null +++ b/no-pygtkcompat.patch @@ -0,0 +1,36 @@ +Index: Twisted-22.10.0/src/twisted/internet/gireactor.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/internet/gireactor.py ++++ Twisted-22.10.0/src/twisted/internet/gireactor.py +@@ -21,20 +21,24 @@ On Python 3, pygobject v3.4 or later is + """ + + +-import gi.pygtkcompat # type: ignore[import] + from gi.repository import GLib # type: ignore[import] + + from twisted.internet import _glibbase + from twisted.internet.error import ReactorAlreadyRunning + from twisted.python import runtime + +-# We require a sufficiently new version of pygobject, so always exists: +-_pygtkcompatPresent = True ++try: ++ import gi.pygtkcompat # type: ignore[import] ++except ImportError: ++ pass # This is probably Python 3, with pygtkcompat removed ++else: ++ # We require a sufficiently new version of pygobject, so always exists: ++ _pygtkcompatPresent = True + +-# Newer version of gi, so we can try to initialize compatibility layer; if +-# real pygtk was already imported we'll get ImportError at this point +-# rather than segfault, so unconditional import is fine. +-gi.pygtkcompat.enable() ++ # Newer version of gi, so we can try to initialize compatibility layer; if ++ # real pygtk was already imported we'll get ImportError at this point ++ # rather than segfault, so unconditional import is fine. ++ gi.pygtkcompat.enable() + # At this point importing gobject will get you gi version, and importing + # e.g. gtk will either fail in non-segfaulty way or use gi version if user + # does gi.pygtkcompat.enable_gtk(). So, no need to prevent imports of diff --git a/no-test_successResultOfWithFailureHasTraceback.patch b/no-test_successResultOfWithFailureHasTraceback.patch new file mode 100644 index 0000000..edfda5d --- /dev/null +++ b/no-test_successResultOfWithFailureHasTraceback.patch @@ -0,0 +1,25 @@ +--- + src/twisted/conch/test/test_keys.py | 3 +++ + 1 file changed, 3 insertions(+) + +Index: Twisted-22.10.0/src/twisted/conch/test/test_keys.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/conch/test/test_keys.py ++++ Twisted-22.10.0/src/twisted/conch/test/test_keys.py +@@ -15,6 +15,7 @@ from twisted.python import randbytes + from twisted.python.filepath import FilePath + from twisted.python.reflect import requireModule + from twisted.trial import unittest ++import unittest as pyunit + + cryptography = requireModule("cryptography") + if cryptography is None: +@@ -259,6 +260,8 @@ class KeyTests(unittest.TestCase): + for k, v in data.items(): + self.assertEqual(privateKey.data()[k], v) + ++ @pyunit.skip('Upstream ticket https://twistedmatrix.com/trac/ticket/9665' + ++ ' has still not been resolved.') + def test_fromOpenSSH(self): + """ + Test that keys are correctly generated from OpenSSH strings. diff --git a/py311-tests-compat.patch b/py311-tests-compat.patch new file mode 100644 index 0000000..90157c8 --- /dev/null +++ b/py311-tests-compat.patch @@ -0,0 +1,117 @@ +Index: Twisted-22.10.0/src/twisted/newsfragments/10343.feature +=================================================================== +--- /dev/null ++++ Twisted-22.10.0/src/twisted/newsfragments/10343.feature +@@ -0,0 +1 @@ ++Twisted now officially supports Python 3.11. +Index: Twisted-22.10.0/src/twisted/persisted/aot.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/persisted/aot.py ++++ Twisted-22.10.0/src/twisted/persisted/aot.py +@@ -399,8 +399,10 @@ class AOTUnjellier: + inst = klass.__new__(klass) + if hasattr(klass, "__setstate__"): + self.callAfter(inst.__setstate__, state) +- else: ++ elif isinstance(state, dict): + inst.__dict__ = state ++ else: ++ inst.__dict__ = state.__getstate__() + return inst + + elif c is Ref: +Index: Twisted-22.10.0/src/twisted/spread/flavors.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/spread/flavors.py ++++ Twisted-22.10.0/src/twisted/spread/flavors.py +@@ -398,6 +398,8 @@ class RemoteCopy(Unjellyable): + object's dictionary (or a filtered approximation of it depending + on my peer's perspective). + """ ++ if not state: ++ state = {} + state = { + x.decode("utf8") if isinstance(x, bytes) else x: y for x, y in state.items() + } +Index: Twisted-22.10.0/src/twisted/spread/jelly.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/spread/jelly.py ++++ Twisted-22.10.0/src/twisted/spread/jelly.py +@@ -154,7 +154,8 @@ def _newInstance(cls, state): + instance = _createBlank(cls) + + def defaultSetter(state): +- instance.__dict__ = state ++ if isinstance(state, dict): ++ instance.__dict__ = state or {} + + setter = getattr(instance, "__setstate__", defaultSetter) + setter(state) +Index: Twisted-22.10.0/src/twisted/test/test_persisted.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/test/test_persisted.py ++++ Twisted-22.10.0/src/twisted/test/test_persisted.py +@@ -378,6 +378,10 @@ class AOTTests(TestCase): + def __dict__(self): + raise AttributeError() + ++ @property ++ def __getstate__(self): ++ raise AttributeError() ++ + self.assertRaises(TypeError, aot.jellyToSource, UnknownType()) + + def test_basicIdentity(self): +Index: Twisted-22.10.0/src/twisted/trial/test/test_pyunitcompat.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/trial/test/test_pyunitcompat.py ++++ Twisted-22.10.0/src/twisted/trial/test/test_pyunitcompat.py +@@ -218,8 +218,10 @@ class PyUnitResultTests(SynchronousTestC + pyresult = pyunit.TestResult() + result = PyUnitResultAdapter(pyresult) + result.addError(self, f) ++ tback = "".join(traceback.format_exception(*exc_info)) + self.assertEqual( +- pyresult.errors[0][1], "".join(traceback.format_exception(*exc_info)) ++ pyresult.errors[0][1].endswith("ZeroDivisionError: division by zero\n"), ++ tback.endswith("ZeroDivisionError: division by zero\n"), + ) + + def test_trialSkip(self): +Index: Twisted-22.10.0/src/twisted/web/test/test_flatten.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/web/test/test_flatten.py ++++ Twisted-22.10.0/src/twisted/web/test/test_flatten.py +@@ -706,15 +706,15 @@ class FlattenerErrorTests(SynchronousTes + Exception while flattening: + \\[\\] + +- .* ++ > + File ".*", line \\d*, in _flattenTree +- element = await element +- RuntimeError: example ++ element = await element.* + """ + ), + flags=re.MULTILINE, + ), + ) ++ self.assertIn("RuntimeError: example", str(failure.value)) + # The original exception is unmodified and will be logged separately if + # unhandled. + self.failureResultOf(failing, RuntimeError) +Index: Twisted-22.10.0/src/twisted/mail/test/test_smtp.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/mail/test/test_smtp.py ++++ Twisted-22.10.0/src/twisted/mail/test/test_smtp.py +@@ -1771,7 +1771,8 @@ class SendmailTests(TestCase): + The default C{reactor} parameter of L{twisted.mail.smtp.sendmail} is + L{twisted.internet.reactor}. + """ +- args, varArgs, keywords, defaults = inspect.getargspec(smtp.sendmail) ++ fullSpec = inspect.getfullargspec(smtp.sendmail) ++ defaults = fullSpec[3] + self.assertEqual(reactor, defaults[2]) + + def _honorsESMTPArguments(self, username, password): diff --git a/python-Twisted.changes b/python-Twisted.changes new file mode 100644 index 0000000..0d58874 --- /dev/null +++ b/python-Twisted.changes @@ -0,0 +1,1448 @@ +------------------------------------------------------------------- +Wed Nov 15 13:48:33 UTC 2023 - Matej Cepl + +- Add CVE-2023-46137-HTTP-pipeline-response.patch (bsc#1216588, + CVE-2023-46137) serializing pipelined HTTP requests. + +------------------------------------------------------------------- +Mon Jun 26 20:21:58 UTC 2023 - Dirk Müller + +- add regenerate-cert-to-work-with-latest-service-identity.patch + remove-pynacl-optional-dependency.patch: backports from main + git to fix tests with newer dependency versions + +------------------------------------------------------------------- +Sun Apr 23 23:34:51 UTC 2023 - Matej Cepl + +- Switch documentation to be within the main package. + +------------------------------------------------------------------- +Fri Apr 21 12:21:25 UTC 2023 - Dirk Müller + +- add sle15_python_module_pythons (jsc#PED-68) + +------------------------------------------------------------------- +Thu Apr 13 22:45:37 UTC 2023 - Matej Cepl + +- Make calling of %{sle15modernpython} optional. + +------------------------------------------------------------------- +Wed Feb 8 08:19:43 UTC 2023 - Steve Kowalik + +- Add patch support-new-glibc.patch: + * Support new glibc changes. + +------------------------------------------------------------------- +Tue Jan 10 17:43:37 UTC 2023 - Daniel Garcia + +- Add py311-tests-compat.patch to fix tests with python 3.11 + gh#twisted/twisted#11734 + gh#twisted/twisted#11733 + +------------------------------------------------------------------- +Mon Nov 21 13:24:47 UTC 2022 - Matej Cepl + +- Skip rpmlint error python-tests-in-package. + +------------------------------------------------------------------- +Tue Nov 1 05:46:14 UTC 2022 - Steve Kowalik + +- Update to 22.10.0: + * Features + + twisted.internet.defer.maybeDeferred will now schedule a coroutine + result as asynchronous operation and return a Deferred that fires with + the result of the coroutine. + + Twisted now works with Cryptography versions 37 and above, and as a + result, its minimum TLS protocol version has been upgraded to TLSv1.2. + + The systemd: endpoint parser now supports "named" file descriptors. This + is a more reliable mechanism for choosing among several inherited + descriptors. + * Bugfixes + + twisted.internet.base.DelayedCall.__repr__ will no longer raise + AttributeError if the DelayedCall was created before debug mode was + enabled. As a side-effect, twisted.internet.base.DelayedCall.creator is + now defined as None in cases where previously it was undefined. + + twisted.internet.iocpreactor.udp now properly re-queues its listener + when there is a failure condition on the read from the socket. + + twisted.internet.defer.inlineCallbacks no longer causes confusing + StopIteration tracebacks to be added to the top of tracebacks + originating in triggered callbacks. + + The typing of twisted.internet.task.react no longer constrains the + type of argv. + + ContextVar.reset() now works correctly inside inlineCallbacks functions + and coroutines. + + Implement twisted.python.failure._Code.co_positions for compatibility + with Python 3.11. + + twisted.pair.tuntap._TUNSETIFF and ._TUNGETIFF values are now correct + parisc, powerpc and sparc architectures. + + twisted.web.vhost.NameVirtualHost will no longerreturn a NoResource + error. (bsc#1204781, CVE-2022-39348) + + drops CVE-2022-39348-do-not-echo-host-header.patch in older dists + * Deprecations and Removals + + Python 3.6 is no longer supported. + + Twisted 22.4.0 was the last version with support for Python 3.6. + + twisted.protocols.dict, which was deprecated in 17.9, has been removed. +- Remove Python 3.6 Requires. +- Drop patch skip-namespacewithwhitespace.patch, no longer required. +- Refresh all patches. + +------------------------------------------------------------------- +Tue Jun 21 18:08:20 UTC 2022 - Ben Greiner + +- Update to 22.4.0 + * twisted.python.failure.Failure tracebacks now capture module + information, improving compatibility with the Raven Sentry + client. (#7796) + * twisted.python.failure.Failure objects are now compatible with + dis.distb, improving compatibility with post-mortem debuggers. + (#9599) + * twisted.internet.interfaces.IReactorSSL.listenSSL now has + correct type annotations. (#10274) + * twisted.internet.test.test_glibbase.GlibReactorBaseTests now + passes. (#10317) + * Conch + - twisted.conch.ssh now supports using RSA keys with SHA-2 + signatures (RFC 8332) when acting as a server. The + rsa-sha2-512 and rsa-sha2-256 public key signature algorithms + are automatically preferred over ssh-rsa if the client + advertises support for them; the actual public keys do not + need to change. (#9765) + - twisted.conch.ssh now has an alternative Ed25519 + implementation using PyNaCl, in order to support platforms + that lack OpenSSL >= 1.1.1b. The new "conch_nacl" extra has + the necessary dependency. (#10208) + * Web + - Twisted is now compatible with h2 4.x.x. (#10182) + - twisted.web.http had several several defects in HTTP request + parsing that could permit HTTP request smuggling. It now + disallows signed Content-Length headers, forbids illegal + characters in chunked extensions, forbids a ``0x`` prefix to + chunk lengths, and only strips spaces and horizontal tab + characters from header values. These changes address + CVE-2022-24801 and GHSA-c2jg-hw38-jrqq. (#10323) + * Mail + - twisted.mail.pop3.APOPCredentials is now correctly marked as + implementing twisted.cred.credentials.IUsernamHashedPassword, + rather than IUsernamePassword. (#10305) + * Trial + - `trial --until-failure --jobs=N` now reports the number of + each test pass as it begins. (#10312) + - twisted.trial.unittest.TestCase now discards cleanup + functions after running them. Notably, this prevents them + from being run an ever growing number of times with trial -u + .... (#10320) +- Drop CVE-2022-24801-http-1.1-leniency.patch fixed upstream +- Refresh remove-dependency-version-upper-bounds.patch +- Move extra_requires optional dependencies to meta sub packages +- Create :test multibuild flavor + +------------------------------------------------------------------- +Wed May 4 06:39:10 UTC 2022 - Steve Kowalik + +- Stop removing test directories, it also removes a public module. + (bsc#1198852, bsc#1198854, bsc#1198855) + +------------------------------------------------------------------- +Thu Apr 7 02:31:24 UTC 2022 - Steve Kowalik + +- Update to 22.2.0: + * Bugfixes + + twisted.internet.gireactor.PortableGIReactor.simulate and + twisted.internet.gtk2reactor.PortableGtkReactor.simulate no longer + raises TypeError when there are no delayed called. This was a + regression introduced with the migration to Python 3 in which the + builtin min function no longer accepts None as an argument. (#9660) + + twisted.conch.ssh.transport.SSHTransportBase now disconnects the + remote peer if the SSH version string is not sent in the first + 4096 bytes. (#10284, CVE-2022-21716, GHSA-rv6r-3f5q-9rgx) + * Improved Documentation + + Add type annotations for twisted.web.http.Request.getHeader. (#10270) + * Deprecations and Removals + + Support for Python 3.6, which is EoL as of 2021-09-04, has been + deprecated. (#10303) +- Add patch CVE-2022-24801-http-1.1-leniency.patch: + * Do not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP + request smuggling. (CVE-2022-24801, bsc#1198086) + +------------------------------------------------------------------- +Thu Mar 24 12:40:28 UTC 2022 - Matej Cepl + +- Add patch skip-namespacewithwhitespace.patch: + * Skip a failing test with Expat 2.4.5. + +------------------------------------------------------------------- +Wed Feb 23 00:30:47 UTC 2022 - Steve Kowalik + +- Remove 9580-test_fails_cryptography_25.patch which is not + necessary with changes in OpenSSL + +------------------------------------------------------------------- +Wed Feb 9 23:38:50 UTC 2022 - Marcus Rueckert + +- Add 9580-test_fails_cryptography_25.patch to overcome test failures on + SLE-15 with older version of OpenSSL. +- refreshed patches + - 1521_delegate_parseqs_stdlib_bpo42967.patch + - currentThread-deprecated.patch + - no-cython_test_exception_raiser.patch + - no-pygtkcompat.patch + - no-test_successResultOfWithFailureHasTraceback.patch + - remove-dependency-version-upper-bounds.patch + - skip_MultiCast.patch +- remove upstreamed patches + currentThread-deprecated.patch +- remove tests from the package + +------------------------------------------------------------------- +Wed Feb 9 23:29:53 UTC 2022 - Marcus Rueckert + +- Update to 22.1.0: (boo#1195667) + - CVE-2022-21712 / GHSA-92x2-jw7w-xvvx + twisted.web.client.RedirectAgent and + twisted.web.client.BrowserLikeRedirectAgent now properly remove + sensitive headers when redirecting to a different origin. + (#10294) + - Python 3.10 is now a supported platform (#10224) + - Type annotations have been added to the twisted.python.fakepwd + module. (#10287) + - twisted.internet.defer.inlineCallbacks has an improved type + annotation, to avoid typing errors when it is used on a + function which returns a non-None result. (#10231) + - twisted.internet.base.DelayedCall.__repr__ and + twisted.internet.task.LoopingCall.__repr__ had the changes from + #10155 reverted to accept non-function callables. (#10235) + - Revert the removal of .whl building that was done as part of + #10177. (#10236) + - The type annotation of the host parameter to + twisted.internet.interfaces.IReactorTCP.connectTCP has been + corrected from bytes to str. (#10251) + - Deprecated twisted.python.threading.ThreadPool.currentThread() + in favor of threading.current_thread(). + - Switched twisted.python.threading.ThreadPool.currentThread() + and twisted.python.threadable.getThreadID() to use + `threading.current_thread()to avoid the deprecation warnings + introduced forthreading.currentThread()`` in Python 3.10. + (#10273) + - twisted.internet.utils.runWithWarningsSupressed behavior of + waiting on deferreds has been documented. (#10238) + - Sync API docs templates with pydoctor 21.9.0 release, using new + theming capabilities. (#10267) + - #1681, #9944, #10198, #10218, #10219, #10228, #10229, #10234, + #10239, #10240, #10245, #10246, #10248, #10250, #10255, #10277, + #10288, #10292 + - twisted.conch.ssh now supports SSH extension negotiation (RFC + 8308). (#10266) + - twisted.conch now uses constant-time comparisons for MACs. + (#8199) + - twisted.conch.ssh.filetransfer.FileTransferServer will now + return an ENOENT error status if an SFTP client tries to close + an unrecognized file handle. (#10293) + - SSHTransportBase.ssh_KEXINIT now uses the remote peer preferred + MAC list for negotiation. In previous versions it was only + using the local preferred MAC list. (#10241) + - twisted.web.client.RedirectAgent and + twisted.web.client.BrowserLikeRedirectAgent now properly remove + sensitive headers when redirecting to a different origin. + (#10294) + - Add type annotations for twisted.web.client.readBody. (#10269) + - twisted.web.client.getPage, twisted.web.client.downladPage, and + the associated implementation classes (HTTPPageGetter, + HTTPPageDownloader, HTTPClientFactory, HTTPDownloader) have + been removed because they do not segregate cookies by domain. + They were deprecated in Twisted 16.7.0 in favor of + twisted.web.client.Agent. GHSA-92x2-jw7w-xvvx. (#10295) + - trial.runner.filenameToModule now sets the correct + module.__name__ and sys.modules key (#10230) + +------------------------------------------------------------------- +Thu Jan 6 04:48:46 UTC 2022 - Steve Kowalik + +- Add patch currentThread-deprecated.patch: + * Do not call a deprecated method which causes reactor startup to abort. + +------------------------------------------------------------------- +Fri Dec 10 17:04:31 UTC 2021 - Ben Greiner + +- Fix Source tags + +------------------------------------------------------------------- +Thu Dec 9 20:08:51 UTC 2021 - Ben Greiner + +- Drop true-binary.patch which is not compatible with python310 +- Some rpmlint cleanup: + * Deduplicate docs + * Remove she-bangs in test files + * Remove empty doc files + * Filter test certificate warning + +------------------------------------------------------------------- +Wed Sep 1 05:35:01 UTC 2021 - Fusion Future + +- Remove h2 < 4.0 and priority < 2.0 version restriction. (boo#1190036) + * remove-dependency-version-upper-bounds.patch + +------------------------------------------------------------------- +Sat Aug 13 11:50:00 UTC 2021 - Michael Gumsley + +- Restore no-pygtkcompat.patch due to boo#1110669 + +------------------------------------------------------------------- +Mon Aug 2 06:41:10 UTC 2021 - Markéta Machová + +- typing_extensions is now required + +------------------------------------------------------------------- +Sat Jul 31 04:27:55 UTC 2021 - Matej Cepl + +- Update to 21.7.0: + - Python 3.10 beta is now a supported platform and should be ready for + the final 3.10 release. + - twisted.web.template.renderElement() now accepts any IRequest + implementer instead of only twisted.web.server.Request. Add type + hints to twisted.web.template. (#10184) + - Type hinting was added to twisted.internet.defer, making this the + first release of Twisted where you might reasonably be able to use + mypy without your own custom stub files. (#10017) +- Patch incremental-21.patch removed, because included in the + upstream tarball. + +------------------------------------------------------------------- +Mon May 17 10:15:13 UTC 2021 - Dirk Müller + +- add incremental-21.patch: support newer incremental versions + +------------------------------------------------------------------- +Wed Mar 10 06:11:42 UTC 2021 - Steve Kowalik + +- Update to 21.2.0: + * Features + - The enableSessions argument to + twisted.internet.ssl.CertificateOptions now + - actually enables/disables OpenSSL's session cache. Also, due to + - session-related bugs, it defaults to False. (#9583) + - twisted.internet.defer.inlineCallbacks and ensureDeferred will now + associate a contextvars.Context with the coroutines they run, + meaning that ContextVar objects will maintain their value within + the same coroutine, similarly to asyncio Tasks. This functionality + requires Python 3.7+, or the contextvars PyPI backport to be + installed for Python 3.5-3.6. (#9719, #9826) + - twisted.internet.defer.Deferred.fromCoroutine has been added. This + is similar to the existing ensureDeferred function, but is named + more consistently inside Twisted and does not pass through + Deferreds. (#9825) + - trial now allows the @unittest.skipIf decorator to specify that an + entire test class should be skipped. (#9829) + - The twisted.python.deprecate.deprecatedKeywordParameter decorator + can be used to mark a keyword paramater of a function or method as + deprecated. (#9844) + - Projects using Twisted can now perform type checking against + a Twisted + - installation, for example using mypy. (#9908) + - twisted.python.util.InsensitiveDict now fully implements + MutableMapping. (#9919) + - Python 3.8 is now tested and supported. (#9955) + - Support a coroutine function in twisted.internet.task.react + (#9974) + - PyPy 3.7 is now tested and supported. (#10093) + * Bugfixes + - twisted.web.twcgi.CGIProcessProtocol.processEnded(...) now handles + an already-finished request, for example when + request.connectionLost(...) was called previously. (#9468) + - Twisted's dependency on PyHamcrest has been moved from the base + package to the new "test" extra. Consequently the test extra must + be installed for Twisted's test suite to pass. (#9509) + - Fixed serialization of timedelta, date, and time objects in + twisted.spread. (#9716) + - twisted.internet.asyncioreactor.AsyncioSelectorReactor now raises + an exception if instantiated with an event loop which is not + compatible with asyncio.SelectorEventLoop. This fixes the + AsyncioSelectorReactor in Python 3.8+ on Windows, where in + bp-34687 the default Windows asyncio event loop was changed to + ProactorEventLoop. Applications that use AsyncioSelectorReactor on + Windows with Python 3.8+ must call + asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy()) + before instantiating and running AsyncioSelectorReactor. (#9766) + - twisted.internet.process.registerReapProcessHandler and + ._BaseProcess.reapProcess will no longer raise a TypeError when + processing a None PID (#9775) + - INotify will close its file descriptor if a directory is + automatically removed by twisted from the watchlist because it's + deleted, avoiding orphaned filedescriptors. (#9777) + - DelayedCall.reset() is now working properly with asyncioreactor + (#9780) + - AsyncioSelectorReactor.seconds() now correctly returns an epoch + time. (#9787) + - The _connDone parameter has been removed from + twisted.internet.abstract.FileDescriptor.loseConnection()'s + signature in order to match the signature in the base class + twisted.internet._newtls.ConnectionMixin loseConnection(). (#9849) + - The Gtk3 reactor now runs on Wayland-only sessions (#9904) + - Descriptive error messages from twisted.internet.error are now + present when running with 'python -OO'. (#9918) + - Comparator methods such as eq() now always return NotImplemented + for uncomparable types. (#9919) + - When installing Twisted it now requires a minimum Python 3.5.4 + version to match the version used with automated testing. This is + the minimum Python version that we know that Twisted works with. + (#10098) +- Drop patches no-pygtkcompat.patch, python-38-hmac-digestmod.patch, + python-38-no-cgi-parseqs.patch, twisted-pr1369-remove-pyopenssl-npn.patch, + twisted-pr1487-increase-ffdh-keysize.patch and + test-mktime-invalid-tm_isdst.patch as they have been merged. +- Refresh other patches. +- Add no-cython_test_exception_raiser.patch to avoid another dependency. +- Update URL and make use of sitelib, not sitearch macros + +------------------------------------------------------------------- +Tue Feb 23 18:17:29 UTC 2021 - Matej Cepl + +- Add 1521_delegate_parseqs_stdlib_bpo42967.patch to overcome + effects of bpo#42967, which forbade mixing amps and semicolons + in query strings as separators + (https://twistedmatrix.com/trac/ticket/10096). + +------------------------------------------------------------------- +Thu Feb 11 15:49:07 UTC 2021 - Pedro Monreal + +- Relax the crypto policies for the test-suite + +------------------------------------------------------------------- +Fri Dec 11 00:02:02 UTC 2020 - Benjamin Greiner + +- Add twisted-pr1369-remove-pyopenssl-npn.patch to support + pyOpenSSL 20 +- Add twisted-pr1487-increase-ffdh-keysize.patch to support + crpytography 3.3 +- Fix the update-alternatives setup + * manpages were cloned but never registerd with u-a + * install alternatives as master and slave links now + +------------------------------------------------------------------- +Mon Oct 12 21:14:33 UTC 2020 - Matej Cepl + +- Add no-test_successResultOfWithFailureHasTraceback.patch to + skip sted.conch.test.test_keys.KeyTests.test_fromOpenSSH, + which fails. Upstream suggests + https://twistedmatrix.com/trac/ticket/9665, but it has never + been confirmed, even less fixed. + +------------------------------------------------------------------- +Thu May 28 12:43:51 UTC 2020 - Marketa Calabkova + +- Update to 20.3.0 + * drop Python 2 + * twisted.news is deprecated. + * twisted.conch.ssh now supports the curve25519-sha256 key exchange + algorithm (requires OpenSSL >= 1.1.0). + * many bugfixes and other miscelaneous fixes +- Fixed update-alternatives mechanism +- Added true-binary.patch +- Dropped python-38-xml-namespace.patch +- Reapplied python-38-hmac-digestmod.patch + +------------------------------------------------------------------- +Mon May 18 13:15:58 UTC 2020 - Petr Gajdos + +- %python3_only -> %python_alternative + +------------------------------------------------------------------- +Wed Dec 4 05:01:47 UTC 2019 - Steve Kowalik + +- Update to 19.10.0 bsc#1162424: + * twisted.trial.successResultOf, twisted.trial.failureResultOf, and twisted.trial.assertNoResult accept coroutines as well as Deferreds. (#9006) + * Fixed circular import in twisted.trial.reporter, introduced in Twisted 16.0.0. (#8267) + * The POP3 server implemented by twisted.mail.pop3 now accepts passwords that contain spaces. (#9100) + * Incoming HTTP/2 connections will now not time out if they persist for longer than one minute. (#9653) + * twisted.conch.ssh.keys now correctly writes the "iqmp" parameter in serialized RSA private keys as q^-1 mod p rather than p^-1 mod q. (#9681) + * twisted.web.server.Request will now use twisted.web.server.Site.getContentFile, if it exists, to get a file into which to write request content. If getContentFile is not provided by the site, it will fall back to the previous behavior of using io.BytesIO for small requests and tempfile.TemporaryFile for large ones. (#9655) + * twisted.web.client.FileBodyProducer will now stop producing when the Deferred returned by FileBodyProducer.startProducing is cancelled. (#9547) + * The HTTP/2 server implementation now enforces TCP flow control on control frame messages and times out clients that send invalid data without reading responses. This closes CVE-2019-9512 (Ping Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood). Thanks to Jonathan Looney and Piotr Sikora. (#9694) +- Add python-38-xml-namespace.patch to fix dictionary mutation under Python 3.8 +- Add python-38-hmac-digestmod.patch to add digestmod parameter where required +- Add python-38-no-cgi-parseqs.patch to no longer import parse_qs from cgi + +------------------------------------------------------------------- +Sat Sep 14 15:29:06 UTC 2019 - John Vandenberg + +- Remove mailmail when only building Python 3 flavour + +------------------------------------------------------------------- +Fri Sep 13 13:09:16 UTC 2019 - Tomáš Chvátal + +- Update to 19.7.0: + * The callable argument to twisted.internet.task.deferLater() is no longer required. (#9577) + * twisted.internet.utils.getProcessOutputAndValue now accepts stdinBytes to write to the child process's standard input. (#9607) + * Add new twisted.logger.capturedLogs context manager for capturing observed log events in tests. (#9617) + * twisted.internet.base.PluggableResolverMixin, which implements the pluggable resolver interfaces for easier re-use in other reactors, has been factored out of ReactorBase. (#9632) + * The PyPI page for Twisted has been enhanced to include more information and useful links. (#9648) +- Refresh patch: + * skip_MultiCast.patch +- Remove merged patch hyperlink.patch +- Remove patch 0001-Prevent-CRLF-injections-described-in-CVE-2019-12387.patch +- Remove patch PR-1147.patch + +------------------------------------------------------------------- +Wed Aug 14 12:15:19 UTC 2019 - Thomas Bechtold + +- Add PR-1147.patch (bsc#1138461, CVE-2019-12855) + In words.protocols.jabber.xmlstream in Twisted through 19.2.1, + XMPP support did not verify certificates when used with TLS, + allowing an attacker to MITM connections. + +------------------------------------------------------------------- +Wed Jun 12 06:39:41 UTC 2019 - Thomas Bechtold + +- Add 0001-Prevent-CRLF-injections-described-in-CVE-2019-12387.patch + (bsc#1137825, CVE-2019-12387) + Prevent CRLF injections + +------------------------------------------------------------------- +Wed Jun 12 05:55:44 UTC 2019 - Thomas Bechtold + +- update to 19.2.1 (bsc#1137825, CVE-2019-12387): + * Prevent CRLF injections described in CVE-2019-12387 + +------------------------------------------------------------------- +Wed May 22 09:59:19 UTC 2019 - Tomáš Chvátal + +- Update to 19.2.0: + * twisted.internet.ssl.CertificateOptions now uses 32 random bytes instead of an MD5 hash for the ssl session identifier context. (#9463) + * DeferredLock and DeferredSemaphore can be used as asynchronous context managers on Python 3.5+. (#9546) + * t.i.b.BaseConnector has custom __repr__ (#9548) + * twisted.internet.ssl.optionsForClientTLS now supports validating IP addresses from the certificate subjectAltName (#9585) + * Twisted's minimum Cryptography requirement is now 2.5. (#9592) + * twisted.conch.ssh.keys can now read private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. (#9515) + * twisted.web.client.HostnameCachingHTTPSPolicy was added as a new contextFactory option. The policy caches a specified number of twisted.internet.interfaces.IOpenSSLClientConnectionCreator instances to to avoid the cost of instantiating a connection creator for multiple requests to the same host. (#9138) +- Remove merged patches: + * openssl-errormsg.aptch + * openssl111.patch +- Add patch to tests for new hyperlink: + * hyperlink.patch + +------------------------------------------------------------------- +Mon Feb 18 11:24:53 UTC 2019 - Tomáš Chvátal + +- Add another patch for openssl 1.1.1 (from upstream git): + * openssl-errormsg.aptch + +------------------------------------------------------------------- +Thu Jan 24 16:09:14 UTC 2019 - schwab@suse.de + +- test-mktime-invalid-tm_isdst.patch: don't pass invalid tm_isdst value to + mktime (see also bpo-15750) + +------------------------------------------------------------------- +Thu Nov 8 10:28:09 CET 2018 - mcepl@suse.com + +- Add no-pygtkcompat.patch to avoid dependency on Gtk (boo#1110669) + +------------------------------------------------------------------- +Thu Nov 1 09:21:03 UTC 2018 - Tomáš Chvátal + +- Version update to 18.9.0: + * Fixes for the 3.7 python +- Remove merged python37.patch +- Add patch openssl111.patch which fixes tests with new pyOpenssl + * Asserts changed behaviour + +------------------------------------------------------------------- +Mon Oct 22 08:48:37 UTC 2018 - Tomáš Chvátal + +- Do not write bytecode stuff when running the tests + +------------------------------------------------------------------- +Fri Oct 19 13:27:25 UTC 2018 - Matěj Cepl + +- Add BuildRequires python-tz, which seems to be required to test suite + to pass. +- Also, add skip_MultiCast.patch to skip tests requiring full + netrworking stack. + +------------------------------------------------------------------- +Fri Oct 12 09:06:36 UTC 2018 - ecsos@opensuse.org + +- Add missing Requires. + +------------------------------------------------------------------- +Thu Oct 11 08:32:44 UTC 2018 - Tomáš Chvátal + +- Fix the dependencies to match up upstream setup.py +- Run the tests +- Add patch to build with python3.7: + * python37.patch +- Add missing dependency on pyamcrest +- Remove unused patch lp1102685.diff + +------------------------------------------------------------------- +Tue Jul 17 19:42:41 UTC 2018 - dmueller@suse.com + +- update to 18.7.0: + for full list of changes please see + https://github.com/twisted/twisted/blob/twisted-18.7.0/NEWS.rst + +------------------------------------------------------------------- +Tue May 29 19:22:32 UTC 2018 - bjorn.lie@gmail.com + +- Add python-service_identity Recommends. + +------------------------------------------------------------------- +Fri May 18 16:59:15 UTC 2018 - termim@gmail.com + +- update to 18.4.0 + For full list of changes please see: + https://github.com/twisted/twisted/blob/twisted-18.4.0/NEWS.rst + +------------------------------------------------------------------- +Fri Nov 10 10:18:42 UTC 2017 - mimi.vx@gmail.com + +- update to 17.9.0 + For full list of changes please see: + https://github.com/twisted/twisted/blob/twisted-17.9.0/NEWS.rst +* mailman is only in python2 package + +------------------------------------------------------------------- +Tue Jul 4 05:39:24 UTC 2017 - tbechtold@suse.com + +- Adjust Requires and BuildRequires +- Fix rpmlint warnings + +------------------------------------------------------------------- +Wed Jun 21 13:34:06 UTC 2017 - jmatejek@suse.com + +- remove alternatives altogether in favor of versioned executables +- clean up spec file +- update to 17.5.0 + * too many changes to list, see full changelog in NEWS.rst + +------------------------------------------------------------------- +Sat Jun 17 18:22:52 UTC 2017 - okurz@suse.com + +- Simplify alternatives handling +- Fix RPM warnings + +------------------------------------------------------------------- +Tue Mar 7 21:34:15 UTC 2017 - okurz@suse.com + +- Change to singlespec approach + +------------------------------------------------------------------- +Wed Sep 28 04:10:24 UTC 2016 - arun@gmx.de + +- specfile: + * make twistd the update-alternative master, same as in the python3 + version (bnc #1001523) + +------------------------------------------------------------------- +Fri Sep 2 19:01:19 UTC 2016 - termim@gmail.com + +- Update to version 16.4.0 + For the complete list of changes plese see + https://github.com/twisted/twisted/blob/twisted-16.4.0/NEWS + +- Update to version 16.3.0 + For the complete list of changes plese see + https://github.com/twisted/twisted/blob/twisted-16.3.0/NEWS + +- Update to version 16.2.0 + For the complete list of changes plese see + https://github.com/twisted/twisted/blob/twisted-16.2.0/NEWS + +- Update to version 16.1.1 + For the complete list of changes plese see + https://github.com/twisted/twisted/blob/twisted-16.1.1/NEWS + +- Update to version 16.1.0 + For the complete list of changes plese see + https://github.com/twisted/twisted/blob/twisted-16.1.0/NEWS + +- Update to version 16.0.0 + For the complete list of changes plese see + https://github.com/twisted/twisted/blob/twisted-16.0.0/NEWS + +------------------------------------------------------------------- +Wed Dec 2 02:35:45 UTC 2015 - termim@gmail.com + +- Update to version 15.5.0 + + * This is the last Twisted release where Python 2.6 is supported, on + any platform. Python 3.5 (on POSIX) support has been added. + * This release introduces changes that are required for Conch's SSH + implementation to work with OpenSSH 6.9+ servers. + * twisted.python.url is a new abstraction for URLs, supporting RFC + 3987 IRIs. (#5388) + * twisted.python.logfile is now ported to Python 3. (#6749) + * twisted.python.zippath has been ported to Python 3. (#6917) + * twisted.internet.ssl.CertificateOptions and + twisted.internet.ssl.optionsForClientTLS now take a + acceptableProtocols parameter that enables negotiation of the next + protocol to speak after the TLS handshake has completed. This field + advertises protocols over both NPN and ALPN. Also added new + INegotiated interface for TLS interfaces that support protocol + negotiation. This interface adds a negotiatedProtocol property that + reports what protocol, if any, was negotiated in the TLS handshake. + (#7860) + * twisted.python.urlpath.URLPath now operates correctly on Python 3, + using bytes instead of strings, and introduces the fromBytes + constructor to assist with creating them cross-version. (#7994) + * twisted.application.strports is now ported to Python 3. (#8011) + * twistd (the Twisted Daemon) is now ported to Python 3. (#8012) + * Python 3.5 is now supported on POSIX platforms. (#8042) + * twisted.internet.serialport is now ported on Python 3. (#8099) + * twisted.logger.formatEvent now can format an event if it was + flattened (twisted.logger.eventAsJSON does this) and has text after + the last replacement field. (#8003) + * twisted.cred.checkers.FilePasswordDB now logs an error if the + credentials db file does not exist, no longer raises an unhandled + error. (#8028) + * twisted.python.threadpool.ThreadPool now properly starts enough + threads to do any work scheduled before ThreadPool.start() is + called, such as when work is scheduled in the reactor via + reactor.callInThread() before reactor.run(). (#8090) + * Twisted Development test standard documentation now contain + information about avoiding test data files. (#6535) + * The documentation for twisted.internet.defer.DeferredSemaphore now + describes the actual usage for limit and tokens instance + attributes. (#8024) + * twisted.python._initgroups, a C extension, has been removed and + stdlib support is now always used instead. (#5861) + * Python 2.6 is no longer supported. (#8017) + * twisted.python.util.OrderedDict is now deprecated, and uses of it + in Twisted are replaced with collections.OrderedDict. (#8051) + * twisted.persisted.sob.load, twisted.persisted.sob.loadValueFromFile + and twisted.persisted.sob.Persistent.save() are now deprecated when + used with a passphrase. The encyption used by these methods are + weak. (#8081) + * twisted.internet.interfaces.IStreamClientEndpointStringParser has + been removed and Twisted will no longer use parsers implementing + this interface. (#8094) + * #5976, #6628, #6894, #6980, #7228, #7693, #7731, #7997, #8046, + #8054, #8056, #8060, #8063, #8064, #8068, #8072, #8091, #8095, + #8096, #8098, #8106 + +------------------------------------------------------------------- +Mon Oct 12 11:57:51 UTC 2015 - toddrme2178@gmail.com + +- Make "trial" the master file for update-alternatives, since it + is the only one that supports python 3 so far. + +------------------------------------------------------------------- +Mon Oct 12 10:19:03 UTC 2015 - toddrme2178@gmail.com + +- Implement update-alternatives in preparation for python 3 version. + +------------------------------------------------------------------- +Sat Sep 12 21:51:40 UTC 2015 - termim@gmail.com + +- Update to version 15.4.0 + * add dependency on setuptools + * lore removed + * please see the NEWS file + +------------------------------------------------------------------- +Tue Aug 11 08:52:37 UTC 2015 - seife+obs@b1-systems.com + +- change dep from python-asn1 to python-pyasn1 (renamed long ago) + +------------------------------------------------------------------- +Fri Jun 04 11:36:06 UTC 2015 - termim@gmail.com + +- Wrong dependency rpm name, should be python-pycrypto + +------------------------------------------------------------------- +Fri May 29 01:16:06 UTC 2015 - termim@gmail.com + +- Add missing dependencies on python-asn1 and python-Crypto +- Update to version 15.2.1: + * twisted.logger now marks the `isError` key correctly on legacy + events generated by writes to stderr. (#7903) + * twisted.logger's documentation is now correctly listed in the table + of contents. (#7904) +- Changes from version 15.2.0: + * twisted.internet.process has now been ported to Python 3. (#5987) + * twisted.cred.credentials is now ported to Python 3. (#6176) + * twisted.trial.unittest.TestCase's assertEqual, assertTrue, and + assertFalse methods now pass through the standard library's more + informative failure messages. (#6306) + * The new package twisted.logger provides a new, fully tested, and + feature-rich logging framework. The old module twisted.python.log + is now implemented using the new framework. The new logger HOWTO + documents the new framework. (#6750) + * twisted.python.modules is now ported to Python 3. (#7804) + * twisted.python.filepath.FilePath now supports Unicode (text) paths. + Like the os module, instantiating it with a Unicode path will + return a Unicode-mode FilePath, instantiating with a bytes path + will return a bytes-mode FilePath. (#7805) + * twisted.internet.kqreactor is now ported to Python 3 (#7823) + * twisted.internet.endpoints.ProcessEndpoint is now ported to Python + 3. (#7824) + * twisted.python.filepath.FilePath now has asBytesMode and asTextMode + methods which return a FilePath in the requested mode. (#7830) + * twisted.python.components.proxyForInterface now creates method + proxies that can be used with functools.wraps. (#7832) + * The tls optional dependency will now also install the idna package + to validate idna2008 names. (#7853) + * Don't raise an exception if `DefaultLogObserver.emit()` gets an + event with a message that raises when `repr()` is called on it. + Specifically: use `textFromEventDict()` instead of a separate (and + inferior) message rendering implementation. (#6569) + * twisted.cred.credentials.DigestedCredentials incorrectly handled + md5-sess hashing according to the RFC, which has now been fixed. + (#7835) + * Fixed an issue with twisted.internet.task.LoopingCall.withCount + where sometimes the passed callable would be invoked with "0" when + we got close to tricky floating point boundary conditions. (#7836) + * twisted.internet.defer now properly works with the new logging + system. (#7851) + * Change `messages` key to `log_io` for events generated by + `LoggingFile`. (#7852) + * twisted.logger had literal characters in docstrings that are now + quoted. (#7854) + * twisted.logger now correctly formats a log event with a key named + `message` when passed to a legacy log observer. (#7855) + * twisted.internet.endpoints.HostnameEndpoint now uses getaddrinfo + properly on Python 3.4 and above. (#7886) + * Fix a typo in narrative documentation for logger (#7875) + * tkunzip and tapconvert in twisted.scripts were deprecated in 11.0 + and 12.1 respectively, and are now removed. (#6747) + * twisted.protocols.gps is deprecated in preference to + twisted.positioning. (#6810) + * twisted.scripts.tap2deb and twisted.scripts.tap2rpm are now + deprecated. (#7682) + * twisted.trial.reporter.TestResult and + twisted.trial.reporter.Reporter contained deprecated methods (since + 8.0) which have now been removed. (#7815) + * #6027, #7287, #7701, #7727, #7758, #7776, #7786, #7812, #7819, + #7831, #7838, #7865, #7866, #7869, #7872, #7877, #7878, #7885 + * twisted.conch.ssh.forwarding now supports local->remote forwarding + of IPv6 (#7751) + * twisted.mail.smtp.sendmail now uses ESMTP. It will + opportunistically enable encryption and allow the use of + authentication. (#7257) + * twisted.web.static is now ported to Python 3. (#6177) + * twisted.web.server.Site accepts requestFactory as constructor + argument. (#7016) + * twisted.web.util had some HTML generation functions deprecated + since 12.1 that have now been removed. (#7828) + * #6927, #7797, #7802, #7846 + * The resumeOffset argument to + twisted.words.protocol.irc.DccFileReceive now works as it is + documented. (#7775) + +------------------------------------------------------------------- +Thu May 7 14:51:46 UTC 2015 - jmatejek@suse.cz + +- Version 15.1.0: + * deprecated MSN protocol support + * improved docs for Trial + * removed deprecated UDPClient + * twisted.web.static.File allows defining a custom resource for + rendering forbidden pages. + * minor bugfixes + +------------------------------------------------------------------- +Sat Mar 14 11:57:46 UTC 2015 - matwey.kornilov@gmail.com + +- Version 15.0.0: + + please, see NEWS file +- Update lp1102685.diff + +------------------------------------------------------------------- +Thu Oct 2 18:38:09 UTC 2014 - p.drouand@gmail.com + +- Remove unprovided python-service_identity; it's not required in any + way + +------------------------------------------------------------------- +Thu Sep 18 23:52:33 UTC 2014 - termim@gmail.com + +- Update to version 14.0.2: + + No significant changes have been made for this release. + +- Update to version 14.0.1: + + BrowserLikePolicyForHTTPS would always ignore the specified + trustRoot and use the system trust root instead, which has been + rectified. (#7647) + +------------------------------------------------------------------- +Thu May 15 18:59:33 UTC 2014 - hpj@urpla.net + +- add dependency python-service_identity for testing purposes + +------------------------------------------------------------------- +Wed May 14 09:30:55 UTC 2014 - hpj@urpla.net + +- Update to version 14.0.0: + + too many changes to list here: check NEWS file + +------------------------------------------------------------------- +Fri Dec 6 15:22:17 UTC 2013 - speilicke@suse.com + +- Add lp1102685.diff (bnc#853545): pygobject compatibility +- Update to version 13.2.0: + + Twisted now includes a HostnameEndpoint implementation which uses IPv4 and + IPv6 in parallel, speeding up the connection by using whichever connects first + (the 'Happy Eyeballs'/RFC 6555 algorithm). (#4859) + + Improved support for Cancellable Deferreds by kaizhang, our GSoC student. + (#4320, #6532, #6572, #6639) + + Improved Twisted.Mail documentation by shira, our Outreach Program for + Women intern. (#6649, #6652) + + twistd now waits for the application to start successfully before exiting + after daemonization. (#823) + + SSL server endpoint string descriptions now support the specification of + chain certificates. (#6499) + + Over 70 closed tickets since 13.1.0. + +------------------------------------------------------------------- +Wed Sep 25 16:27:59 UTC 2013 - p.drouand@gmail.com + +- Update to version 13.1.0 + + Please read usr/share/doc/packages/python-Twisted/NEWS for more + infos + +------------------------------------------------------------------- +Sun Apr 14 15:04:02 UTC 2013 - p.drouand@gmail.com + +- Update to version 3.0.0 + + Features + - The twisted.protocols.ftp.FTP server now treats "LIST -La", "LIST + -al", and all other combinations of ordering and case of the "-l" + and "-a" flags the same: by ignoring them rather than treating them + as a pathname. (#1333) + - twisted.python.log.FileLogObserver now uses `datetime.strftime` to + format timestamps, adding support for microseconds and timezone + offsets to the `timeFormat` string. (#3513) + - trial now deterministically runs tests in the order in which they + were specified on the command line, instead of quasi-randomly + according to dictionary key ordering. (#5520) + - Cooperator.running can be used to determine the current cooperator + status. (#5937) + - twisted.python.modules.PythonPath now implements `__contains__` to + allow checking, by name, whether a particular module exists within + it. (#6198) + - twisted.application.internet.TimerService.stopService now waits for + any currently running call to finish before firing its deferred. + (#6290) + + Bugfixes + - twisted.protocols.ftp.FTP now recognizes all glob expressions + supported by fnmatch. (#4181) + - Constant values defined using twisted.python.constants can now be + set as attributes of other classes without triggering an unhandled + AttributeError from the constants implementation. (#5797) + - Fixed problem where twisted.names.client.Resolver was not closing + open file handles which can lead to an out of file descriptor error + on PyPy. (#6216) + - All reactors included in Twisted itself now gracefully handle a + rare case involving delayed calls scheduled very far in the future. + (#6259) + - twisted.trial.reporter.Reporter._trimFrames correctly removes + frames from twisted.internet.utils.runWithWarningsSuppressed again, + after being broke in #6009. (#6282) + + Improved Documentation + - A new "Deploying Twisted with systemd" howto document which + demonstrates how to start a Twisted service using systemd socket + activation. (#5601) + - New "Introduction to Deferreds" howto. Old howto rebranded as + reference documentation. (#6180) + - "Components: Interfaces and Adapters" howto now uses + zope.interface's decorator-based API. (#6269) + + Deprecations and Removals + - twisted.python.util.unsignedID and setIDFunction are deprecated + now. (#5544) + - twisted.python.zshcomp deprecated since 11.1.0 has now been + removed. Shell tab-completion is now handled by + twisted.python.usage. (#5767) + - python.runtime.Platform.isWinNT is deprecated now. Use + Platform.isWindows instead. (#5925) + - twisted.trial.util.findObject, deprecated since Twisted 10.1.0, has + been removed. (#6260) + +------------------------------------------------------------------- +Fri Jan 11 20:57:43 UTC 2013 - p.drouand@gmail.com + +- Update to 12.3.0 version: + * Features + - The new -j flag to trial provides a trial runner supporting + multiple worker processes on the local machine, for parallel + testing. (#1784) + - twisted.internet.task.react, a new function, provides a simple API + for running the reactor until a single asynchronous function + completes. (#3270) + - twisted.protocols.ftp.FTP now handles FEAT and OPTS commands. + (#4515) + - trial now supports specifying a debugger other than pdb with the + --debugger command line flag. (#5794) + - twisted.python.util.runWithWarningsSuppressed has been added; it + runs a function with specified warning filters. (#5950) + - trial's skipping feature is now implemented in a way compatible with the + standard library unittest's runner. (#6006) + - The setup3.py script is now provided to provisionally support + building and installing an experimental, incomplete version of + Twisted in a Python 3 environment. (#6040) + - twisted.python.util.FancyStrMixin now supports arbitrary callables + to format attribute values. (#6063) + - Several new methods of twisted.trial.unittest.SynchronousTestCase + - `successResultOf`, `failureResultOf`, and `assertNoResult` - + have been added to make testing `Deferred`-using code easier. + (#6105) + * Bugfixes + - twisted.protocols.basic.LineReceiver now does not hit the maximum + stack recursion depth when the line and data mode is switched many + times. (#3050) + - twisted.protocols.ftp.FTPFileListProtocol fixed to support files + with space characters in their name. (#4986) + - gireactor and gtk3reactor no longer prevent gi.pygtkcompat from + working, and likewise can load if gi.pygtkcompat has previously + been enabled. (#5676) + - gtk2reactor now works again on FreeBSD, and perhaps other platforms + that were broken by gi interactions. (#5737) + - gireactor now works with certain older versions of gi that are + missing the threads_init() function. (#5790) + - Fixed a bug where twisted.python.sendmsg would sometimes fail with + obscure errors including "Message too long" or "Invalid argument" + on some 64-bit platforms. (#5867) + - twisted.internet.endpoints.TCP6ClientEndpoint now provides + twisted.internet.interfaces.IStreamClientEndpoint (#5876) + - twisted.internet.endpoints.AdoptedStreamServerEndpoint now provides + twisted.internet.interfaces.IStreamServerEndpoint. (#5878) + - Spawning subprocesses with PTYs now works on OS X 10.8. (#5880) + - twisted.internet.test.test_sigchld no longer incorrectly fails when + run after certain other tests. (#6161) + - twisted.internet.test.test_gireactor no longer fails when using + pygobject 3.4 and gtk 3.6 when X11 is unavailable. (#6170) + - twisted/python/sendmsg.c no longer fails to build on OpenBSD. + (#5907) + + *Deprecations and Removals + - The minimum required version of zope.interface is now 3.6.0. + (#5683) + - twisted.internet.interfaces.IReactorArbitrary and + twisted.application.internet.GenericServer and GenericClient, + deprecated since Twisted 10.1, have been removed. (#5943) + - twisted.internet.interfaces.IFinishableConsumer, deprecated since + Twisted 11.1, has been removed. (#5944) + - twisted.python.failure has removed all support for string + exceptions. (#5948) + - assertTrue, assertEqual, and the other free-functions in + twisted.trial.unittest for writing assertions, deprecated since + prior to Twisted 2.3, have been removed. (#5963) + - Ports, connectors, wakers and other reactor-related types no longer + log a nice warning when they are erroneously pickled. Pickling of + such objects continues to be unsupported. (#5979) + - twisted.python.components.Componentized no longer inherits from + Versioned. (#5983) + - twisted.protocols.basic.NetstringReceiver.sendString no longer + accepts objects other than bytes; the removed behavior was + deprecated in Twisted 10.0. (#6025) + - The lookupRecord method of twisted.internet.interfaces.IResolver, + never implemented or called by Twisted, has been removed. (#6091) + +------------------------------------------------------------------- +Tue Sep 25 18:07:05 PDT 2012 - msuman@gnome.org + +- Update to version 12.2.0 + * Starting with the release after 12.2, Twisted will begin requiring + zope.interface 3.6 (as part of Python 3 support). + * Features + - twisted.protocols.sip.MessageParser now handles multiline headers. + - twisted.internet.endpoints now provides StandardIOEndpoint, a + Standard I/O endpoint. + - If a FTPCmdError occurs during twisted.protocols.ftp.FTP.ftp_RETR + sending the file (i.e. it is raised by the IReadFile.send method it + invokes), then it will use that to return an error to the client + rather than necessarily sending a 426 CNX_CLOSED_TXFR_ABORTED error. + - twisted.internet.interfaces.IReactorSocket.adoptStreamConnection is + implemented by some reactors as a way to add an existing + established connection to them. + - twisted.internet.endpoints now provides TCP6ServerEndpoint, an IPv6 + TCP server endpoint. + - twisted.internet.endpoints now provides TCP6ClientEndpoint, an IPv6 + TCP client endpoint. + - twisted.internet.endpoints.serverFromString, the endpoint string + description feature, can now be used to create IPv6 TCP servers. + - twisted.internet.endpoints.serverFromString, the endpoint string + description feature, can now be used to create servers that run on + Standard I/O. + - twisted.trial.unittest now offers SynchronousTestCase, a test case + base class that provides usability improvements but not reactor- + based testing features. + * Bugfixes + - twisted.internet.Process.signalProcess now catches ESRCH raised by + os.kill call and raises ProcessExitedAlready instead. + - TLSMemoryBIOProtocol (and therefore all SSL transports if pyOpenSSL + >= 0.10) now provides the interfaces already provided by the + underlying transport. + * Deprecations and Removals + - Python 2.5 is no longer supported. + - The --extra option of trial, deprecated since 11.0, is removed now. + - addPluginDir and getPluginDirs in twisted.python.util are + deprecated now. + - twisted.trial.runner.DocTestCase, deprecated in Twisted 8.0, has + been removed. + - startKeepingErrors, flushErrors, ignoreErrors, and clearIgnores in + twisted.python.log (deprecated since Twisted 2.5) are removed now. + - unzip, unzipIter, and countZipFileEntries in + twisted.python.zipstream (deprecated in Twisted 11.0) are removed + now. + - twisted.test.time_helpers, deprecated since Twisted 10.0, has been + removed. + - twisted.web.static.FileTransfer, deprecated since 9.0, is removed + now. Use a subclass of StaticProducer instead. + - ErrorPage, NoResource and ForbiddenResource in twisted.web.error + were deprecated since 9.0 and are removed now. + - twisted.web.google, deprecated since Twisted 11.1, is removed now. + +------------------------------------------------------------------- +Tue Sep 25 17:50:17 PDT 2012 - msuman@gnome.org + +- Update to version 12.1.0 + * Features + - The kqueue reactor has been revived. + - twisted.python.filepath now provides IFilePath, an interface for + file path objects. + - New gtk3 and gobject-introspection reactors have been added. + - gtk and glib reactors now run I/O and scheduled events with lower + priority, to ensure the UI stays responsive. + - IReactorTCP.connectTCP() can now accept IPv6 address literals + (although not hostnames) in order to support connecting to IPv6 + hosts. + - twisted.internet.interfaces.IReactorSocket, a new interface, is now + supported by some reactors to listen on sockets set up by external + software (eg systemd or launchd). + - twisted.internet.endpoints.clientFromString now also supports + strings in the form of tcp:example.com:80 and ssl:example.com:4321 + - twisted.python.constants.Flags now provides a way to define + collections of flags for bitvector-type uses. + - The epoll(7)-based reactor is now the default reactor on Linux. + - twisted.python.runtime.platform.isLinux can be used to check if + Twisted is running on Linux. + - twisted.internet.endpoints.serverFromString now recognizes a + "systemd" endpoint type, for listening on a server port inherited + from systemd. + - Connections created using twisted.internet.interfaces.IReactorUNIX + now support sending and receiving file descriptors between + different processes. + - twisted.internet.endpoints.clientFromString now supports UNIX + client endpoint strings with the path argument specified like + "unix:/foo/bar" in addition to the old style, "unix:path=/foo/bar". + - twisted.protocols.amp.Descriptor is a new AMP argument type which + supports passing file descriptors as AMP command arguments over + UNIX connections. + - twisted.web.client.Agent and ProxyAgent now support persistent + connections. + - Added twisted.web.template.renderElement, a function which renders + an Element to a response. + - twisted.web.client.HTTPConnectionPool now ensures that failed + queries on persistent connections are retried, when possible. + - twisted.web.template.XMLFile now supports FilePath objects. + - twisted.web.template.renderElement takes a doctype keyword + argument, which will be written as the first line of the response, + defaulting to the HTML5 doctype. + * Bugfixes + - twisted.internet.abstract.FileDescriptor implements + twisted.internet.interfaces.IPushProducer instead of + twisted.internet.interfaces.IProducer. + twisted.internet.iocpreactor.abstract.FileHandle implements + twisted.internet.interfaces.IPushProducer instead of + twisted.internet.interfaces.IProducer. + - The epoll reactor now supports reading/writing to regular files on + stdin/stdout. + - Calling .cancel() on any Twisted-provided client endpoint + (TCP4ClientEndpoint, UNIXClientEndpoint, SSL4ClientEndpoint) now + works as documented, rather than logging an AlreadyCalledError. + - A leak of OVERLAPPED structures in some IOCP error cases has been + fixed. + - twisted.internet._pollingfile._PollableWritePipe now checks for + outgoing unicode data in write() and writeSequence() instead of + checkWork(). + - twisted.web.util.formatFailure now quotes all data in its output to + avoid it being mistakenly interpreted as markup. + - twisted.web.distrib now lets distributed servers set the response + message. + * Improved Documentation + - "Working from Twisted's Subversion repository" links to UQDS and + Combinator are now updated. + - Added tkinterdemo.py, an example of Tkinter integration. + * Deprecations and Removals + - The 'unsigned' flag to twisted.scripts.tap2rpm.MyOptions is now + deprecated. + - Removed the unreachable _fileUrandom method from + twisted.python.randbytes.RandomFactory. + - twisted.persisted.journal is removed, deprecated since Twisted + 11.0. + - Support for pyOpenSSL 0.9 and older is now deprecated. pyOpenSSL + 0.10 or newer will soon be required in order to use Twisted's SSL + features. + - backwardsCompatImplements and fixClassImplements are removed from + twisted.python.components, deprecated in 2006. + - twisted.python.reflect.macro was removed, deprecated since Twisted + 8.2. + - twisted.python.text.docstringLStrip, deprecated since Twisted + 10.2.0, has been removed + - Removed the deprecated dispatch and dispatchWithCallback methods + from twisted.python.threadpool.ThreadPool (deprecated since 8.0) + - twisted.scripts.tapconvert is now deprecated. + - twisted.python.reflect's Settable, AccessorType, PropertyAccessor, + Accessor, OriginalAccessor and Summer are now deprecated. + - twisted.python.threadpool.ThreadSafeList (deprecated in 10.1) is + removed. + - twisted.application.app.initialLog, deprecated since Twisted 8.2.0, + has been removed. + - twisted.spread.refpath was deleted, deprecated since Twisted 9.0. + - twisted.python.otp, deprecated since 9.0, is removed. + - Removed `dsu`, `moduleMovedForSplit`, and `dict` from + twisted.python.util (deprecated since 10.2) + - PHP3Script and PHPScript were removed from twisted.web.twcgi, + deprecated since 10.1. Use twcgi.FilteredScript instead. + - twisted.web.template.XMLFile's support for file objects and + filenames is now deprecated. Use the new support for FilePath + objects. + - twisted.web.server.date_time_string and + twisted.web.server.string_date_time are now deprecated in favor of + twisted.web.http.datetimeToString and twisted.web. + http.stringToDatetime + +------------------------------------------------------------------- +Mon Feb 20 11:22:00 UTC 2012 - saschpe@suse.de + +- Changes file cleanup + +------------------------------------------------------------------- +Sun Feb 19 19:48:13 UTC 2012 - termim@gmail.com + +- Update to version 0.12 + * Features + - The interface argument to IReactorTCP.listenTCP may now be an IPv6 + address literal, allowing the creation of IPv6 TCP servers. + - twisted.python.constants.Names now provides a way to define + collections of named constants, similar to the "enum type" feature + of C or Java. + - twisted.python.constants.Values now provides a way to define + collections of named constants with arbitrary values. + * Bugfixes + - Fixed an obscure case where connectionLost wasn't called on the + protocol when using half-close. + - UDP ports handle socket errors better on Windows. + - When idle, the gtk2 and glib2 reactors no longer wake up 10 times a + second. + - Prevent a rare situation involving TLS transports, where a producer + may be erroneously left unpaused. + - twisted.internet.iocpreactor.iocpsupport now has fewer 64-bit + compile warnings. + - The GTK2 reactor is now more responsive on Windows. + - TLS transports now correctly handle producer registration after the + connection has been lost. + - twisted.protocols.htb.Bucket now empties properly with a non-zero + drip rate. + - IReactorSSL and ITCPTransport.startTLS now synchronously propagate + errors from the getContext method of context factories, instead of + being capturing them and logging them as unhandled. + * Improved Documentation + - The multicast documentation has been expanded. + - twisted.internet.defer.Deferred now documents more return values. + - Show a better starting page at + http://twistedmatrix.com/documents/current + * Deprecations and Removals + - Remove the deprecated module twisted.enterprise.reflector. + - Removed the deprecated module twisted.enterprise.row. + - Remove the deprecated module twisted.enterprise.sqlreflector. + - Removed the deprecated module twisted.enterprise.util, as well as + twisted.enterprise.adbapi.safe. + - Python 2.4 is no longer supported on any platform. + - Removed printTraceback and noOperation from twisted.spread.pb, + deprecated since Twisted 8.2. + +------------------------------------------------------------------- +Tue Sep 20 14:35:44 UTC 2011 - saschpe@suse.de + +- Changed BuildRequires python-zopeinterface to python-zope.interface, + it got renamed + +------------------------------------------------------------------- +Tue Sep 6 15:28:44 UTC 2011 - saschpe@suse.de + +- Changed Buildrequires 'python-serial' to 'python-pyserial' + +------------------------------------------------------------------- +Fri Sep 2 13:07:50 UTC 2011 - saschpe@suse.de + +- Update to version 0.11: + * Features: + - The twistd man page now has a SIGNALS section. + - reactor.spawnProcess now will not emit a PotentialZombieWarning when called + before reactor.run, and there will be no potential for zombie processes in this case. + - High-throughput applications based on Perspective Broker should now run + noticably faster thanks to the use of a more efficient decoding function + in Twisted Spread. + - Documentation for trac-post-commit-hook functionality in svn-dev policy. + - twisted.protocols.socks.SOCKSv4 now supports the SOCKSv4a protocol. + - Trial can now output test results according to the subunit protocol, as + long as Subunit is installed. + - twisted.protocols.amp now provides a ListOf argument type which can be + composed with some other argument types to create a zero or more element + sequence of that type. + - If returnValue is invoked outside of a function decorated with + @inlineCallbacks, but causes a function thusly decorated to exit, a + DeprecationWarning will be emitted explaining this potentially confusing + behavior. In a future release, this will cause an exception. + - twisted.python.logfile.BaseLogFile now has a reopen method allowing to + use an external logrotate mechanism. + * Bugfixes: + - FTP.ftp_NLST now handles requests on invalid paths in a way consistent + with RFC 959. + - twisted.python.util.initgroups now calls the low-level C initgroups by + default if available: the python version can create lots of I/O with certain + authentication setup to retrieve all the necessary information. + - startLogging now does nothing on subsequent invocations, thus fixing a + terrible infinite recursion bug that's only on edge case. + - Stringify non-string data to NetstringReceiver.sendString before + calculating the length so that the calculated length is equal to the actual + length of the transported data. + - twisted.python.win32.cmdLineQuote now correctly quotes empty strings arguments. + - Change the behavior of the Gtk2Reactor to register only one source watch for + each file descriptor, instead of one for reading and one for writing. In + particular, it fixes a bug with Glib under Windows where we failed to notify + when a client is connected. + - Twisted Trial no longer crashes if it can't remove an old _trial_temp directory. + - The optional _c_urlarg extension now handles unquote("") correctly on + platforms where malloc(0) returns NULL, such as AIX. It also compiles with less warnings. + - On POSIX, child processes created with reactor.spawnProcess will no longer + automatically ignore the signals which the parent process has set to be ignored. + - All SOCKSv4a tests now use a dummy reactor with a deterministic resolve method. + - Prevent extraneous server, date and content-type headers in proxy responses. + * Deprecations and Removals: + - twisted.internet.error.PotentialZombieWarning is now deprecated. + - twisted.test.time_helpers is now deprecated. + - The deprecated connectUDP method of IReactorUDP has now been removed. + - twisted.trial.unittest.TestCase now ignores the previously deprecated + setUpClass and tearDownClass methods. +- Renamed to python-Twisted from python-twisted + +------------------------------------------------------------------- +Wed Aug 31 12:49:36 UTC 2011 - coolo@suse.com + +- remove unreferenced patch + +------------------------------------------------------------------- +Wed Aug 31 12:49:00 UTC 2011 - coolo@suse.com + +- do not package executable docs + +------------------------------------------------------------------- +Tue Aug 30 18:48:16 UTC 2011 - andrea.turrini@gmail.com + +- Standardized "Authors:" format in descriptions of python-twisted.spec + +------------------------------------------------------------------- +Tue Nov 30 21:48:29 UTC 2010 - alexandre@exatati.com.br + +- Update to 10.2.0: + - Huge ChangeLog, please check NEWS file or + http://twistedmatrix.com/trac/browser/tags/releases/twisted-10.2.0/NEWS?format=raw. + +------------------------------------------------------------------- +Mon Jul 5 16:45:38 UTC 2010 - alexandre@exatati.com.br + +- Update to 10.1.0: + - Huge ChangeLog, please check NEWS file. + +------------------------------------------------------------------- +Fri Apr 30 01:20:06 UTC 2010 - alexandre@exatati.com.br + +- Update to 10.0.0; +- Spec file cleaned with spec-cleaner. + +------------------------------------------------------------------- +Mon Feb 23 18:24:59 CET 2009 - matejcik@suse.cz + +- merged a patch that was not included in 8.2.0 and contains + more python 2.6 compatibility fixes + +------------------------------------------------------------------- +Fri Feb 13 19:22:18 CET 2009 - matejcik@suse.cz + +- update to 8.2.0 + * python 2.6 compatible changes + * many bugfixes and minor features in all submodules +- remerged all individual subpackages into one single package + * reasons: easier maintenance, upstream releases the whole thing + in sync, no additional dependencies for main package, negligible + impact on package size + +------------------------------------------------------------------- +Mon Apr 7 19:43:15 CEST 2008 - matejcik@suse.cz + +- update to 8.0.1 (2.6.0 actually) + * new versioning scheme, 8.0.1 is second release in 2008 + * massively improved IOCP reactor + * improvements to Trial + * huge number of minor features and bugfixes + +------------------------------------------------------------------- +Thu Aug 2 17:00:04 CEST 2007 - jmatejek@suse.cz + +- update to 2.5.0 + * support for Asynchronous Messaging Protocol + * epoll-based reactor + * twistd now accepts subcommands instead of 'mktap' + * support for python2.5 + * support for inline callbacks (via 'yield') + * many bugfixes and minor features + +------------------------------------------------------------------- +Thu Nov 9 18:57:08 CET 2006 - jmatejek@suse.cz + +- fixed ComponentDeprecationWarnings in twisted's class Credentials + +------------------------------------------------------------------- +Mon Oct 23 16:10:05 CEST 2006 - jmatejek@suse.cz + +- update to 2.4.0 + - no longer works with py 2.2 + - many improvements on Trial + - backwards compatibility layers disabled by default + - improved and extended API documentation + - new protocols + - many bugfixes +- fixed some 64bit problems from PEP353 change +- removed nonsensical "???" from one of the testfiles + +------------------------------------------------------------------- +Tue Feb 28 16:46:03 CET 2006 - jmatejek@suse.cz + +- updated to reflect python changes due to #149809 + +------------------------------------------------------------------- +Wed Jan 25 21:40:52 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Thu Jan 5 16:01:29 CET 2006 - jmatejek@suse.cz + +- update to 2.1.0 + +------------------------------------------------------------------- +Thu Oct 6 16:01:20 CEST 2005 - matejcik@suse.cz + +- update to 2.0.1 + +------------------------------------------------------------------- +Thu Apr 14 11:58:23 CEST 2005 - mcihar@suse.cz + +- update to 2.0.0 + +------------------------------------------------------------------- +Tue Feb 8 18:02:00 CET 2005 - mcihar@suse.cz + +- fix permissions + +------------------------------------------------------------------- +Tue Nov 30 11:57:08 CET 2004 - mcihar@suse.cz + +- spec file cleanup + +------------------------------------------------------------------- +Thu Aug 26 01:40:31 CEST 2004 - garloff@suse.de + +- Initial creation of package python-twisted. + diff --git a/python-Twisted.rpmlintrc b/python-Twisted.rpmlintrc new file mode 100644 index 0000000..5417623 --- /dev/null +++ b/python-Twisted.rpmlintrc @@ -0,0 +1 @@ +addFilter("E: python-tests-in-package.*/usr/lib/.*/site-packages/twisted.*/test") diff --git a/python-Twisted.spec b/python-Twisted.spec new file mode 100644 index 0000000..1e303e6 --- /dev/null +++ b/python-Twisted.spec @@ -0,0 +1,306 @@ +# +# spec file +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global flavor @BUILD_FLAVOR@%{nil} +%if "%{flavor}" == "test" +%bcond_without test +%define psuffix -test +%else +%bcond_with test +%define psuffix %{nil} +%endif + +%define skip_python2 1 +%{?sle15_python_module_pythons} +Name: python-Twisted%{psuffix} +Version: 22.10.0 +Release: 0 +Summary: An asynchronous networking framework written in Python +License: MIT +URL: https://twistedmatrix.com/ +Source0: https://files.pythonhosted.org/packages/source/T/Twisted/Twisted-%{version}.tar.gz +Source99: python-Twisted.rpmlintrc +Patch0: skip_MultiCast.patch +# PATCH-FIX-UPSTREAM no-test_successResultOfWithFailureHasTraceback.patch https://twistedmatrix.com/trac/ticket/9665 mcepl@suse.com +# skip over the test test_successResultOfWithFailureHasTraceback +Patch2: no-test_successResultOfWithFailureHasTraceback.patch +# PATCH-FIX-UPSTREAM 1521_delegate_parseqs_stdlib_bpo42967.patch https://twistedmatrix.com/trac/ticket/10096 mcepl@suse.com +# overcome incompatibility with the solution for bpo#42967. +Patch3: 1521_delegate_parseqs_stdlib_bpo42967.patch +# We don't want to package yet another module, and it is easily skippable +Patch4: no-cython_test_exception_raiser.patch +# boo#1110669 Our variant of PyGObject has pygtkcompat stripped which Twisted does not handle +Patch5: no-pygtkcompat.patch +# PATCH-FIX-OPENSUSE remove-dependency-version-upper-bounds.patch boo#1190036 -- run with h2 >= 4.0.0 and priority >= 2.0 +Patch6: remove-dependency-version-upper-bounds.patch +# PATCH-FIX-UPSTREAM py311-tests-compat.patch gh#twisted/twisted#11734 gh#twisted/twisted#11733 +Patch7: py311-tests-compat.patch +# PATCH-FIX-UPSTREAM gh#twisted/twisted#11787 +Patch8: support-new-glibc.patch +# PATCH-FIX-UPSTREAM gh#twisted/twisted#11878 +Patch9: regenerate-cert-to-work-with-latest-service-identity.patch +# PATCH-FIX-UPSTREAM gh#twisted/twisted#11873 +Patch10: remove-pynacl-optional-dependency.patch +# PATCH-FIX-UPSTREAM CVE-2023-46137-HTTP-pipeline-response.patch bsc#1216588 mcepl@suse.com +# disordered HTTP pipeline response in twisted.web +Patch11: CVE-2023-46137-HTTP-pipeline-response.patch +BuildRequires: %{python_module incremental >= 21.3.0} +BuildRequires: %{python_module setuptools} +BuildRequires: fdupes +BuildRequires: git-core +BuildRequires: python-rpm-macros +Requires(post): update-alternatives +Requires(postun):update-alternatives +# SECTION install requires +Requires: python-Automat >= 0.8.0 +Requires: python-attrs >= 19.2.0 +Requires: python-constantly >= 15.1 +Requires: python-hyperlink >= 17.1.1 +Requires: python-incremental >= 21.3.0 +Requires: python-typing_extensions >= 3.6.5 +Requires: python-zope.interface >= 4.4.2 +# /SECTION +# twisted[tls] is so common, let's keep it tied to the main package for the time being. +Requires: python-Twisted-tls = %{version} +%if %{with test} +BuildRequires: %{python_module Twisted-all_non_platform = %{version}} +BuildRequires: %{python_module Twisted-conch_nacl = %{version}} +# declared nowhere but required to pass 8 tests with timezone checks +BuildRequires: %{python_module pytz} +BuildRequires: %{python_module hypothesis} +%endif +BuildArch: noarch +%python_subpackages + +%description +An extensible framework for Python programming, with special focus +on event-based network programming and multiprotocol integration. + +%if 0%{?suse_version} > 1500 +%package -n %{name}-doc +Summary: An asynchronous networking framework written in Python - Documentation + +%description -n %{name}-doc +An extensible framework for Python programming, with special focus +on event-based network programming and multiprotocol integration. + +This package contains the documentation for python-Twisted +%endif + +%package tls +Summary: TLS support for Twisted +Requires: python-Twisted = %{version} +Requires: python-idna >= 2.4 +Requires: python-pyOpenSSL >= 16.0.0 +Requires: python-service_identity >= 18.1.0 + +%description tls +Twisted is an extensible framework for Python programming, with special focus +on event-based network programming and multiprotocol integration. + +This metapackage is for the optional feature tls + +%package conch +Summary: Conch for Twisted +Requires: python-Twisted = %{version} +Requires: python-appdirs >= 1.4.0 +Requires: python-bcrypt >= 3.0.0 +Requires: python-cryptography >= 2.6 +Requires: python-pyasn1 + +%description conch +Twisted is an extensible framework for Python programming, with special focus +on event-based network programming and multiprotocol integration. + +Twisted Conch: The Twisted Shell. Terminal emulation, SSHv2 and telnet. + +%package conch_nacl +Summary: Conch w/ NaCl for Twisted +Requires: python-Twisted-conch = %{version} + +%description conch_nacl +Twisted is an extensible framework for Python programming, with special focus +on event-based network programming and multiprotocol integration. + +%package serial +Summary: Serial support for Twisted +Requires: python-Twisted = %{version} +Requires: python-pyserial >= 3.0 + +%description serial +Twisted is an extensible framework for Python programming, with special focus +on event-based network programming and multiprotocol integration. + +This metapackage is for the optional feature serial + +%package http2 +Summary: HTTP/2 support for Twisted +Requires: python-Twisted = %{version} +Requires: python-h2 >= 3.0 +Requires: python-priority >= 1.1.0 + +%description http2 +Twisted is an extensible framework for Python programming, with special focus +on event-based network programming and multiprotocol integration. + +This metapackage is for the optional feature http2 + +%package contextvars +Summary: Contextvars extra for Twisted +Requires: python-Twisted = %{version} + +%description contextvars +Twisted is an extensible framework for Python programming, with special focus +on event-based network programming and multiprotocol integration. + +This metapackage is for the optional dependency contextvars + +%package all_non_platform +Summary: The all_non_platform dependency extra for Twisted +Requires: python-PyHamcrest >= 1.9.0 +Requires: python-Twisted-conch = %{version} +Requires: python-Twisted-contextvars = %{version} +Requires: python-Twisted-http2 = %{version} +Requires: python-Twisted-serial = %{version} +Requires: python-Twisted-tls = %{version} + +%description all_non_platform +Twisted is an extensible framework for Python programming, with special focus +on event-based network programming and multiprotocol integration. + +This metapackage is for the optional dependency all_non_platform + +%prep +%autosetup -p1 -n Twisted-%{version} +sed -i '1{/env python/d}' src/twisted/mail/test/pop3testserver.py src/twisted/trial/test/scripttest.py + +%if ! %{with test} +%build +%python_build + +# empty files +rm docs/{fun/Twisted.Quotes,_static/.placeholder,_templates/.placeholder} +%fdupes docs +%endif + +%if ! %{with test} +%install +%python_install +find %{buildroot} -regex '.*\.[ch]' -exec rm {} ";" # Remove leftover C sources +install -dm0755 %{buildroot}%{_mandir}/man1/ +install -m0644 docs/*/man/*.1 %{buildroot}%{_mandir}/man1/ # Install man pages +find docs -type f -print0 | xargs -0 chmod a-x # Fix doc-file dependency by removing x flags +#sed -i "s/\r//" docs/core/howto/listings/udp/{MulticastClient,MulticastServer}.py +%python_expand %fdupes %{buildroot}%{$python_sitelib} + +# Prepare for update-alternatives usage +for p in twistd cftp ckeygen conch pyhtmlizer tkconch trial ; do + %python_clone -a %{buildroot}%{_bindir}/$p + %python_clone -a %{buildroot}%{_mandir}/man1/$p.1 +done + +# mailmail is useful only on Python 2 +rm %{buildroot}%{_bindir}/mailmail %{buildroot}%{_mandir}/man1/mailmail.1 + +# no manpage for twist yet: +%python_clone -a %{buildroot}%{_bindir}/twist +%endif + +%if %{with test} +%check +export LANG=en_US.UTF-8 +export PYTHONDONTWRITEBYTECODE=1 + +%{python_expand # provide flavored commands for testing +# (= python_flavored_alternatives from gh#openSUSE/python-rpm-macros#120, but sadly not available for non-TW) +mkdir -p build/bin/ +for f in %{buildroot}%{_bindir}/*-%{$python_bin_suffix}; do + ln -s $f build/bin/$(basename ${f%%%%-%{$python_bin_suffix}}) +done +} +export PATH=$PWD/build/bin/:$PATH + +# Relax the crypto policies for the test-suite +export OPENSSL_SYSTEM_CIPHERS_OVERRIDE=xyz_nonexistent_file +export OPENSSL_CONF='' + +%python_expand PYTHONPATH=%{buildroot}%{$python_sitelib} $python -m twisted.trial twisted +%endif + +%post +# these were master alternatives until Dec 2020. Remove before the install as slave links +for f in cftp ckeygen conch pyhtmlizer tkconch trial twist; do + (update-alternatives --quiet --list $f 2>&1 >/dev/null) && update-alternatives --quiet --remove-all $f +done +%{python_install_alternative twistd cftp ckeygen conch pyhtmlizer tkconch trial twist + twistd.1 cftp.1 ckeygen.1 conch.1 pyhtmlizer.1 tkconch.1 trial.1} + +%postun +%python_uninstall_alternative twistd + +%if ! %{with test} +%files %{python_files tls} +%license LICENSE + +%files %{python_files conch} +%license LICENSE + +%files %{python_files conch_nacl} +%license LICENSE + +%files %{python_files serial} +%license LICENSE + +%files %{python_files http2} +%license LICENSE + +%files %{python_files contextvars} +%license LICENSE + +%files %{python_files all_non_platform} +%license LICENSE + +%files %{python_files} +%license LICENSE +%doc NEWS.rst README.rst +%python_alternative %{_bindir}/conch +%python_alternative %{_bindir}/tkconch +%python_alternative %{_mandir}/man1/conch.1%{?ext_man} +%python_alternative %{_mandir}/man1/tkconch.1%{?ext_man} +%python_alternative %{_bindir}/twistd +%python_alternative %{_bindir}/cftp +%python_alternative %{_bindir}/ckeygen +%python_alternative %{_bindir}/pyhtmlizer +%python_alternative %{_bindir}/trial +%python_alternative %{_bindir}/twist +%python_alternative %{_mandir}/man1/twistd.1%{?ext_man} +%python_alternative %{_mandir}/man1/cftp.1%{?ext_man} +%python_alternative %{_mandir}/man1/ckeygen.1%{?ext_man} +%python_alternative %{_mandir}/man1/pyhtmlizer.1%{?ext_man} +%python_alternative %{_mandir}/man1/trial.1%{?ext_man} +%{python_sitelib}/twisted +%{python_sitelib}/Twisted-%{version}*-info + +%if 0%{?suse_version} > 1500 +%files -n %{name}-doc +%endif +%doc docs/ + +%endif + +%changelog diff --git a/regenerate-cert-to-work-with-latest-service-identity.patch b/regenerate-cert-to-work-with-latest-service-identity.patch new file mode 100644 index 0000000..a466937 --- /dev/null +++ b/regenerate-cert-to-work-with-latest-service-identity.patch @@ -0,0 +1,413 @@ +From 001fd99f209dce1ee853df87fc4e0627db3bc930 Mon Sep 17 00:00:00 2001 +From: Glyph +Date: Wed, 14 Jun 2023 13:41:33 -0700 +Subject: [PATCH 1/4] regenerate certificate to work with latest + service_identity + +also rewrite all the logic using cryptography rather than pyopenssl +--- + src/twisted/newsfragments/11877.misc | 0 + src/twisted/test/cert.pem.no_trailing_newline | 40 ++-- + src/twisted/test/key.pem.no_trailing_newline | 55 +++--- + src/twisted/test/server.pem | 178 ++++++++++-------- + 4 files changed, 150 insertions(+), 123 deletions(-) + create mode 100644 src/twisted/newsfragments/11877.misc + +diff --git a/src/twisted/newsfragments/11877.misc b/src/twisted/newsfragments/11877.misc +new file mode 100644 +index 00000000000..e69de29bb2d +diff --git a/src/twisted/test/cert.pem.no_trailing_newline b/src/twisted/test/cert.pem.no_trailing_newline +index 59f1bae563e..11eb4db8119 100644 +--- a/src/twisted/test/cert.pem.no_trailing_newline ++++ b/src/twisted/test/cert.pem.no_trailing_newline +@@ -1,23 +1,25 @@ + -----BEGIN CERTIFICATE----- +-MIID6DCCAtACAwtEVjANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMCVFIxDzAN +-BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExEjAQBgNVBAMMCWxv +-Y2FsaG9zdDEcMBoGA1UECgwTVHdpc3RlZCBNYXRyaXggTGFiczEkMCIGA1UECwwb +-QXV0b21hdGVkIFRlc3RpbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzZWN1 +-cml0eUB0d2lzdGVkbWF0cml4LmNvbTAgFw0yMjA4MjMyMzUyNTJaGA8yMTIyMDcz +-MDIzNTI1MlowgbcxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0xFDASBgNV +-BAcMC0JhxZ9tYWvDp8SxMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgNVBAoME1R3 ++MIIEJDCCAwygAwIBAgIUKaSXgzt5gDMt9GbUzLz/A9HEyFEwDQYJKoZIhvcNAQEL ++BQAwgb0xGDAWBgNVBAMMD0EgSG9zdCwgTG9jYWxseTELMAkGA1UEBhMCVFIxDzAN ++BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExHDAaBgNVBAoME1R3 + aXN0ZWQgTWF0cml4IExhYnMxJDAiBgNVBAsMG0F1dG9tYXRlZCBUZXN0aW5nIEF1 + dGhvcml0eTEpMCcGCSqGSIb3DQEJARYac2VjdXJpdHlAdHdpc3RlZG1hdHJpeC5j +-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Gk1skmQfONi+GdM2 +-Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6KtAI +-rVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sODELN +-rzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF8jLu +-o1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZqHHf +-CSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXkgRd3 +-9Yy9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBABuOxiDnfrjQjbP4ZWrDj+doK8Zk +-CUwtyM3gFVF1LBZxBCxVa6hzD2N7/1o0+KHjmiGks7SnXb6aG2nEqypciZ4xkPjt +-wVIcTWCW8ddPrfMi4/esiQFlPck1p3QSfkPiAgHAjJiDDqDtqsMKr+5AkUaHlqjR +-VV3YE27x/QyLZbV7igiTPdh1fTV7+Yl8VHpBdnMRUVTFoZaIiCe0efmqsvzBd73A +-c75aKTwu6cPQ9dH/gIEOHCvrgweED7ZcabT7h/k7DXL2zhnJTPmQSJLWjfQebJOu +-4l1p7tn35xbjqu906l4iII+YqWCAj/gNT2qdcIWQmxg/reg2tRbU7Nv3M0c= ++b20wIBcNMjMwNjE0MTM0MDI4WhgPMjEyMzA1MjExMzQwMjhaMIG9MRgwFgYDVQQD ++DA9BIEhvc3QsIExvY2FsbHkxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0x ++FDASBgNVBAcMC0JhxZ9tYWvDp8SxMRwwGgYDVQQKDBNUd2lzdGVkIE1hdHJpeCBM ++YWJzMSQwIgYDVQQLDBtBdXRvbWF0ZWQgVGVzdGluZyBBdXRob3JpdHkxKTAnBgkq ++hkiG9w0BCQEWGnNlY3VyaXR5QHR3aXN0ZWRtYXRyaXguY29tMIIBIjANBgkqhkiG ++9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiY ++jsVeJAOtHAYq8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6d ++W1zZ8Tllunbdb/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR ++8V/y+8dG3mR5W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1d ++yHPMVkUHJF9Jsuj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLt ++WnsCEJDV9owCjaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABoxgwFjAU ++BgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAEHAErq/Fs8h ++M+kwGCt5Ochqyu/IzPbwgQ27n5IJehl7kmpoXBxGa/u+ajoxrZaOheg8E2MYVwQi ++FTKE9wJgaN3uGo4bzCbCYxDm7tflQORo6QOZlumfiQIzXON2RvgJpwFfkLNtq0t9 ++e453kJ7+e11Wah46bc3RAvBZpwswh6hDv2FvFUZ+IUcO0tU8O4kWrLIFPpJbcHQq ++wezjky773X4CNEtoeuTb8/ws/eED/TGZ2AZO+BWT93OZJgwE2x3iUd3k8HbwxfoY ++bZ+NHgtM7iKRcL59asB0OMi3Ays0+IOfZ1+3aB82zYlxFBoDyalR7NJjJGdTwNFt ++3CPGCQ28cDk= + -----END CERTIFICATE----- +\ No newline at end of file +diff --git a/src/twisted/test/key.pem.no_trailing_newline b/src/twisted/test/key.pem.no_trailing_newline +index 63845f8249f..5d489fd73ac 100644 +--- a/src/twisted/test/key.pem.no_trailing_newline ++++ b/src/twisted/test/key.pem.no_trailing_newline +@@ -1,28 +1,27 @@ +------BEGIN PRIVATE KEY----- +-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9Gk1skmQfONi+ +-GdM2Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6 +-KtAIrVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sO +-DELNrzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF +-8jLuo1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZ +-qHHfCSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXk +-gRd39Yy9AgMBAAECggEAIvGt1f7VRpm8H6DpEVIdvX/gMNCqTqZ7rTcWaVmpWj5Q +-lsxflfoNDNetjkZ95PdnmJ9i/BzI+MzPj48Cw1+5GMs7UCE3EshuOV1S/Ic0GsLB +-HeiOYaQjVZSgqiPtBy5A3Rl05T1yTtUzpZxpadXTONS5c8HBXRyLewId8NFDY9ls +-76PYRq4ui7QGOmXw7VAVzg/7RxcupuSkecE7472Ek1jtEdRdplBga/XE5/+FZhrr +-NyAdVo/1VD8zpaenWiBgfqJTVc/VRBaE0kLa777E++ruqGGz/c5cQPOWzEp0vPbi +-kXz16X2TQDeTe6QfBBYjzD2+LyJh2TXfRtEn56MtJwKBgQDaTzHFOoiPS0+JpOBH +-yW2gIFigEH70Hi++m0okmewGLTGrjOsIVWx8u5QFMANEYXeXIT7sM1eyONYjtxNC +-gpeLyyN9zTyLPWdx3CzNodY2Dg/irTZtPQp7/efAHcn7kW8V0OxCGTyXAzdhKXmN +-thN9KMk6peQMU8L4FqypNznFrwKBgQDdwD0NBxqNk3/Q/qih2EJUOO7uuPAZnTJf +-neRnY4Pc94ticdQbd03ZArP3ybl9wWy+Ri9D+I9P753Hyfb7BSKwwIyYRgxSjGU/ +-wqcmv0V/mSY7N4eCDaXqEjdovaZ76d3L60FPH5rJbn7yHZBYWaSqXgk0HDYUmQwg +-huPLNu8bUwKBgQCH/rGohbAwY9/mhRlaXva1u7C59czAUlW3zZFAf8pyhpDcp2p6 +-xIxSn5+0I5bFcFpJgWJrTgihc5qioReUZTn20dMIOWQv8U6RtXELoHeLMPNgaDrx +-jgcL+r32BhifaJfk5UNoYcRG5rAHDQk16Gj3nQLOUC1iKIPafHWO7GJG7QKBgQCj +-yVfOhY6xP17K6S14zRjAyISCQorlAFyyjxai3rgIv7Zt8hFucAJJ5Vs0DAU7w2Ak +-cgZ7N93ydtOdO6l24uYqky3FUwfK+PPX0lhPoDse8elxF6S5BIeliervLBUJtUUj +-VxIX9QoI+do9zmRNPXkIdQhrOuMe96Qjaj5aXKrjDQKBgBS2LGghCFgqaxtHeIpl +-RLOnpxLaiitGH412O6VKHkkXaNYEOlbtFVlPuE1zHeyIvLQb666lW/w0+HMmfMTU +-SQI2gIndUb6pMzLjZUrCyYz618EoAmhx6+VnbRSY+iSEIdYqx6VBl0HY9RWJa18H +-4LPzH6dfRnKf2jCer3DtWALD +------END PRIVATE KEY----- +\ No newline at end of file ++-----BEGIN RSA PRIVATE KEY----- ++MIIEogIBAAKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiYjsVeJAOtHAYq ++8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6dW1zZ8Tllunbd ++b/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR8V/y+8dG3mR5 ++W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1dyHPMVkUHJF9J ++suj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLtWnsCEJDV9owC ++jaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABAoH/Ib7aSjKDHXTaFV58 ++lFBZftI6AMJQc+Ncgno99J+ndB0inFpghmfpw6gvRn5wphAt/mlXbx7IW0X1cali ++WefBC7NAbx1qrBmusnnUuc0lGn0WzcY7sLHiXWQ8J9qiUUGDyCnGKWbofN9VpCYg ++7VJMl4IVWNb9/t7fQcY3GXFEeQ4mzLo7p+gPxyeUcCLVrhVrHzw1HFTIlA51LjfI ++xQM+QVeaEWQQ4UsDdPe5iGthDd7ze2F5ciDzMkShrf7URSudS+Us6vr6gDVpKAky ++eCVyFPJXCfH4qJoa6mB6L6SFzMnN3OPp3RlYQWQ7sK/ELQfhPoyHyRvL1woUIO5C ++tK0pAoGBAPS6ZSZ26M0guZ2K/2fKMiGq0jZQLcxP3N0jWm8R8ENOnuIjhCl5aKsB ++DoV0BvPv1C2vWm+VgNArgTece9l8o5f8pcfjbT5r/k8zoqgcj9CmmDofBka4XxZb ++wxsut+8rBSIoVKIre4Pyqfa9u1IrEnoOzMqvF16xUME2t2EaryUzAoGBANxpb4Jz ++FjH7nfPc3iejd+cXovX6x2VTJzWaknA6hGsoc+UZ01KTaKyYpq+9q9VxXhWxYsh3 ++TL1JWuIBy6ao5tdt4nPBu07J7tfu5bfr3Imd8waNQxDEfKeFedskxORs+FIUzqBb ++3nIkQH8sx0Syv620coIdtEn1raVXc9QfRgSVAoGAWNFhLoGPYgsTcnrk0N1QLmnZ ++mv6kcHc3mEZhZtgi07qv7TCooYi/lPhwNbzzXQrYfbAbaU3gDy0K24z+YeNbWCjI ++XfBLUJFPHZ2G1e5vv3EG5GkoFPiLAglRmQbumG2LkmcCuEyBqlSinLslRd/997Bx ++YMoE+EfwH/9ktGhD0oMCgYEAxaSqAFDQ00ssjTM95k94Qjn4wBf7WwmgfDm6HHbs ++rOZeXk61JzPVxgcwWSB8iG4bDtq8mMQZhRbVLxqrEiwcq4r2aBSNsI305Z5sUWtn ++m+ONvA9J1yxKFzHiXjbvc2GfnoLX8gXPR4zoZOGzYg/jP5EyqSiXtUZfSodL7yeH ++8q0CgYEA2OzA59AITJe8jhC5JsVbLs7Rj4kFTjD+iZ8P86FnWBf1iDeuywEZJqvG ++n6SNK4KczDJ//DBV06w4L6iwe5iOCdf06+V7Hnkbvrjk0ONnXX7VXNgJ3/e7aJTx ++gE42Ug0qu6lXtEfYqlhQoF2lAtnYq0fty/XWMVfpjVuh1lyd4C4= ++-----END RSA PRIVATE KEY----- +\ No newline at end of file +diff --git a/src/twisted/test/server.pem b/src/twisted/test/server.pem +index 0c633e6e9e3..6d2be8be95b 100644 +--- a/src/twisted/test/server.pem ++++ b/src/twisted/test/server.pem +@@ -1,97 +1,123 @@ + # coding: utf-8 + +-from inspect import getsource +-from datetime import datetime + +-from OpenSSL.crypto import FILETYPE_PEM, TYPE_RSA, X509, PKey, dump_privatekey, dump_certificate ++from datetime import datetime, timedelta ++from inspect import getsource + +-key = PKey() +-key.generate_key(TYPE_RSA, 2048) ++from cryptography.hazmat.primitives.asymmetric.rsa import generate_private_key ++from cryptography.hazmat.primitives.hashes import SHA256 ++from cryptography.hazmat.primitives.serialization import ( ++ Encoding, ++ NoEncryption, ++ PrivateFormat, ++) ++from cryptography.x509 import ( ++ CertificateBuilder, ++ Name, ++ NameAttribute, ++ NameOID, ++ SubjectAlternativeName, ++ DNSName, ++ random_serial_number, ++) + +-cert = X509() +-issuer = cert.get_issuer() +-subject = cert.get_subject() ++pk = generate_private_key(key_size=2048, public_exponent=65537) + +-for dn in [issuer, subject]: +- dn.C = b"TR" +- dn.ST = "Çorum".encode("utf-8") +- dn.L = "Başmakçı".encode("utf-8") +- dn.CN = b"localhost" +- dn.O = b"Twisted Matrix Labs" +- dn.OU = b"Automated Testing Authority" +- dn.emailAddress = b"security@twistedmatrix.com" ++me = Name( ++ [ ++ NameAttribute(NameOID.COMMON_NAME, "A Host, Locally"), ++ NameAttribute(NameOID.COUNTRY_NAME, "TR"), ++ NameAttribute(NameOID.STATE_OR_PROVINCE_NAME, "Çorum"), ++ NameAttribute(NameOID.LOCALITY_NAME, "Başmakçı"), ++ NameAttribute(NameOID.ORGANIZATION_NAME, "Twisted Matrix Labs"), ++ NameAttribute(NameOID.ORGANIZATIONAL_UNIT_NAME, "Automated Testing Authority"), ++ NameAttribute(NameOID.EMAIL_ADDRESS, "security@twistedmatrix.com"), ++ ] ++) + +-cert.set_serial_number(datetime.now().toordinal()) +-cert.gmtime_adj_notBefore(0) +-cert.gmtime_adj_notAfter(60 * 60 * 24 * 365 * 100) ++certificate_bytes = ( ++ CertificateBuilder() ++ .serial_number(random_serial_number()) ++ .not_valid_before(datetime.now()) ++ .not_valid_after(datetime.now() + timedelta(seconds=60 * 60 * 24 * 365 * 100)) ++ .subject_name(me) ++ .add_extension(SubjectAlternativeName([DNSName("localhost")]), False) ++ .issuer_name(me) ++ .public_key(pk.public_key()) ++ .sign(pk, algorithm=SHA256()) ++).public_bytes(Encoding.PEM) + +-cert.set_pubkey(key) +-cert.sign(key, "sha256") ++privkey_bytes = pk.private_bytes( ++ Encoding.PEM, PrivateFormat.TraditionalOpenSSL, NoEncryption() ++) + + import __main__ ++ + source = getsource(__main__) + source = source.split("\n" + "-" * 5)[0].rsplit("\n", 1)[0] + with open("server.pem", "w") as fObj: + fObj.write(source) + fObj.write("\n") +- fObj.write("'''\n") +- fObj.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii")) +- fObj.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii")) +- fObj.write("'''\n") ++ fObj.write('"""\n') ++ fObj.write(privkey_bytes.decode("ascii")) ++ fObj.write(certificate_bytes.decode("ascii")) ++ fObj.write('"""\n') + with open(b"key.pem.no_trailing_newline", "w") as fObj: +- fObj.write(dump_privatekey(FILETYPE_PEM, key).decode("ascii").rstrip('\n')) ++ fObj.write(privkey_bytes.decode("ascii").rstrip("\n")) + with open(b"cert.pem.no_trailing_newline", "w") as fObj: +- fObj.write(dump_certificate(FILETYPE_PEM, cert).decode("ascii").rstrip('\n')) +-''' +------BEGIN PRIVATE KEY----- +-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC9Gk1skmQfONi+ +-GdM2Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6 +-KtAIrVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sO +-DELNrzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF +-8jLuo1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZ +-qHHfCSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXk +-gRd39Yy9AgMBAAECggEAIvGt1f7VRpm8H6DpEVIdvX/gMNCqTqZ7rTcWaVmpWj5Q +-lsxflfoNDNetjkZ95PdnmJ9i/BzI+MzPj48Cw1+5GMs7UCE3EshuOV1S/Ic0GsLB +-HeiOYaQjVZSgqiPtBy5A3Rl05T1yTtUzpZxpadXTONS5c8HBXRyLewId8NFDY9ls +-76PYRq4ui7QGOmXw7VAVzg/7RxcupuSkecE7472Ek1jtEdRdplBga/XE5/+FZhrr +-NyAdVo/1VD8zpaenWiBgfqJTVc/VRBaE0kLa777E++ruqGGz/c5cQPOWzEp0vPbi +-kXz16X2TQDeTe6QfBBYjzD2+LyJh2TXfRtEn56MtJwKBgQDaTzHFOoiPS0+JpOBH +-yW2gIFigEH70Hi++m0okmewGLTGrjOsIVWx8u5QFMANEYXeXIT7sM1eyONYjtxNC +-gpeLyyN9zTyLPWdx3CzNodY2Dg/irTZtPQp7/efAHcn7kW8V0OxCGTyXAzdhKXmN +-thN9KMk6peQMU8L4FqypNznFrwKBgQDdwD0NBxqNk3/Q/qih2EJUOO7uuPAZnTJf +-neRnY4Pc94ticdQbd03ZArP3ybl9wWy+Ri9D+I9P753Hyfb7BSKwwIyYRgxSjGU/ +-wqcmv0V/mSY7N4eCDaXqEjdovaZ76d3L60FPH5rJbn7yHZBYWaSqXgk0HDYUmQwg +-huPLNu8bUwKBgQCH/rGohbAwY9/mhRlaXva1u7C59czAUlW3zZFAf8pyhpDcp2p6 +-xIxSn5+0I5bFcFpJgWJrTgihc5qioReUZTn20dMIOWQv8U6RtXELoHeLMPNgaDrx +-jgcL+r32BhifaJfk5UNoYcRG5rAHDQk16Gj3nQLOUC1iKIPafHWO7GJG7QKBgQCj +-yVfOhY6xP17K6S14zRjAyISCQorlAFyyjxai3rgIv7Zt8hFucAJJ5Vs0DAU7w2Ak +-cgZ7N93ydtOdO6l24uYqky3FUwfK+PPX0lhPoDse8elxF6S5BIeliervLBUJtUUj +-VxIX9QoI+do9zmRNPXkIdQhrOuMe96Qjaj5aXKrjDQKBgBS2LGghCFgqaxtHeIpl +-RLOnpxLaiitGH412O6VKHkkXaNYEOlbtFVlPuE1zHeyIvLQb666lW/w0+HMmfMTU +-SQI2gIndUb6pMzLjZUrCyYz618EoAmhx6+VnbRSY+iSEIdYqx6VBl0HY9RWJa18H +-4LPzH6dfRnKf2jCer3DtWALD +------END PRIVATE KEY----- ++ fObj.write(certificate_bytes.decode("ascii").rstrip("\n")) ++ ++""" ++-----BEGIN RSA PRIVATE KEY----- ++MIIEogIBAAKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiYjsVeJAOtHAYq ++8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6dW1zZ8Tllunbd ++b/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR8V/y+8dG3mR5 ++W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1dyHPMVkUHJF9J ++suj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLtWnsCEJDV9owC ++jaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABAoH/Ib7aSjKDHXTaFV58 ++lFBZftI6AMJQc+Ncgno99J+ndB0inFpghmfpw6gvRn5wphAt/mlXbx7IW0X1cali ++WefBC7NAbx1qrBmusnnUuc0lGn0WzcY7sLHiXWQ8J9qiUUGDyCnGKWbofN9VpCYg ++7VJMl4IVWNb9/t7fQcY3GXFEeQ4mzLo7p+gPxyeUcCLVrhVrHzw1HFTIlA51LjfI ++xQM+QVeaEWQQ4UsDdPe5iGthDd7ze2F5ciDzMkShrf7URSudS+Us6vr6gDVpKAky ++eCVyFPJXCfH4qJoa6mB6L6SFzMnN3OPp3RlYQWQ7sK/ELQfhPoyHyRvL1woUIO5C ++tK0pAoGBAPS6ZSZ26M0guZ2K/2fKMiGq0jZQLcxP3N0jWm8R8ENOnuIjhCl5aKsB ++DoV0BvPv1C2vWm+VgNArgTece9l8o5f8pcfjbT5r/k8zoqgcj9CmmDofBka4XxZb ++wxsut+8rBSIoVKIre4Pyqfa9u1IrEnoOzMqvF16xUME2t2EaryUzAoGBANxpb4Jz ++FjH7nfPc3iejd+cXovX6x2VTJzWaknA6hGsoc+UZ01KTaKyYpq+9q9VxXhWxYsh3 ++TL1JWuIBy6ao5tdt4nPBu07J7tfu5bfr3Imd8waNQxDEfKeFedskxORs+FIUzqBb ++3nIkQH8sx0Syv620coIdtEn1raVXc9QfRgSVAoGAWNFhLoGPYgsTcnrk0N1QLmnZ ++mv6kcHc3mEZhZtgi07qv7TCooYi/lPhwNbzzXQrYfbAbaU3gDy0K24z+YeNbWCjI ++XfBLUJFPHZ2G1e5vv3EG5GkoFPiLAglRmQbumG2LkmcCuEyBqlSinLslRd/997Bx ++YMoE+EfwH/9ktGhD0oMCgYEAxaSqAFDQ00ssjTM95k94Qjn4wBf7WwmgfDm6HHbs ++rOZeXk61JzPVxgcwWSB8iG4bDtq8mMQZhRbVLxqrEiwcq4r2aBSNsI305Z5sUWtn ++m+ONvA9J1yxKFzHiXjbvc2GfnoLX8gXPR4zoZOGzYg/jP5EyqSiXtUZfSodL7yeH ++8q0CgYEA2OzA59AITJe8jhC5JsVbLs7Rj4kFTjD+iZ8P86FnWBf1iDeuywEZJqvG ++n6SNK4KczDJ//DBV06w4L6iwe5iOCdf06+V7Hnkbvrjk0ONnXX7VXNgJ3/e7aJTx ++gE42Ug0qu6lXtEfYqlhQoF2lAtnYq0fty/XWMVfpjVuh1lyd4C4= ++-----END RSA PRIVATE KEY----- + -----BEGIN CERTIFICATE----- +-MIID6DCCAtACAwtEVjANBgkqhkiG9w0BAQsFADCBtzELMAkGA1UEBhMCVFIxDzAN +-BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExEjAQBgNVBAMMCWxv +-Y2FsaG9zdDEcMBoGA1UECgwTVHdpc3RlZCBNYXRyaXggTGFiczEkMCIGA1UECwwb +-QXV0b21hdGVkIFRlc3RpbmcgQXV0aG9yaXR5MSkwJwYJKoZIhvcNAQkBFhpzZWN1 +-cml0eUB0d2lzdGVkbWF0cml4LmNvbTAgFw0yMjA4MjMyMzUyNTJaGA8yMTIyMDcz +-MDIzNTI1MlowgbcxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0xFDASBgNV +-BAcMC0JhxZ9tYWvDp8SxMRIwEAYDVQQDDAlsb2NhbGhvc3QxHDAaBgNVBAoME1R3 ++MIIEJDCCAwygAwIBAgIUKaSXgzt5gDMt9GbUzLz/A9HEyFEwDQYJKoZIhvcNAQEL ++BQAwgb0xGDAWBgNVBAMMD0EgSG9zdCwgTG9jYWxseTELMAkGA1UEBhMCVFIxDzAN ++BgNVBAgMBsOHb3J1bTEUMBIGA1UEBwwLQmHFn21ha8OnxLExHDAaBgNVBAoME1R3 + aXN0ZWQgTWF0cml4IExhYnMxJDAiBgNVBAsMG0F1dG9tYXRlZCBUZXN0aW5nIEF1 + dGhvcml0eTEpMCcGCSqGSIb3DQEJARYac2VjdXJpdHlAdHdpc3RlZG1hdHJpeC5j +-b20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Gk1skmQfONi+GdM2 +-Rwb6a/2weSX7eM3MwT3vXYr+0dx9ScWERILTNkLGrvfslHKdUE7hBDKjtuj6KtAI +-rVjeDDMD6Ue77EcbL3QEO1QZeBjJ3hQbaB447PhE1wwgEsWndPMcDDVm93sODELN +-rzWMLhabgCJ5cJYo5RQs7IvVtE36KaoSgfC9rTP8Lva+MW5wNeHn2f0hDlUF8jLu +-o1W+eDb9CHV7vwL19DZ3w74UkQ3RnfNDnZzVhsNI4YGaSBGtOHY3ioDspGQZqHHf +-CSTjjMwq3ddEkPd7iNu4N5KUamnH69A0JfRODC8tXjFG9/WFROhYZkUQRhXkgRd3 +-9Yy9AgMBAAEwDQYJKoZIhvcNAQELBQADggEBABuOxiDnfrjQjbP4ZWrDj+doK8Zk +-CUwtyM3gFVF1LBZxBCxVa6hzD2N7/1o0+KHjmiGks7SnXb6aG2nEqypciZ4xkPjt +-wVIcTWCW8ddPrfMi4/esiQFlPck1p3QSfkPiAgHAjJiDDqDtqsMKr+5AkUaHlqjR +-VV3YE27x/QyLZbV7igiTPdh1fTV7+Yl8VHpBdnMRUVTFoZaIiCe0efmqsvzBd73A +-c75aKTwu6cPQ9dH/gIEOHCvrgweED7ZcabT7h/k7DXL2zhnJTPmQSJLWjfQebJOu +-4l1p7tn35xbjqu906l4iII+YqWCAj/gNT2qdcIWQmxg/reg2tRbU7Nv3M0c= ++b20wIBcNMjMwNjE0MTM0MDI4WhgPMjEyMzA1MjExMzQwMjhaMIG9MRgwFgYDVQQD ++DA9BIEhvc3QsIExvY2FsbHkxCzAJBgNVBAYTAlRSMQ8wDQYDVQQIDAbDh29ydW0x ++FDASBgNVBAcMC0JhxZ9tYWvDp8SxMRwwGgYDVQQKDBNUd2lzdGVkIE1hdHJpeCBM ++YWJzMSQwIgYDVQQLDBtBdXRvbWF0ZWQgVGVzdGluZyBBdXRob3JpdHkxKTAnBgkq ++hkiG9w0BCQEWGnNlY3VyaXR5QHR3aXN0ZWRtYXRyaXguY29tMIIBIjANBgkqhkiG ++9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0rT5+hF+1BjE7qXms9PZWHskXZGXLPiYVmiY ++jsVeJAOtHAYq8igzA49KgR1xR9M4jQ6U46nwPsnGCh4liyxdWkBLw9maxMoE+r6d ++W1zZ8Tllunbdb/Da6L8P55SKb7QGet4CB1fZ2SqZD4GvTby6xpoR09AqrfjuEIYR ++8V/y+8dG3mR5W0HqaJ58IWihAwIQSakuc8jTadJY55t7UW6Ebj2X2WTO6Zh7gJ1d ++yHPMVkUHJF9Jsuj/4F4lx6hWGQzWO8Nf8Q7t364pagE3evUv/BECJLONNYLaFjLt ++WnsCEJDV9owCjaxu785KuA7OM/f3h3xVIfTBTo2AlHiQnXdyrwIDAQABoxgwFjAU ++BgNVHREEDTALgglsb2NhbGhvc3QwDQYJKoZIhvcNAQELBQADggEBAEHAErq/Fs8h ++M+kwGCt5Ochqyu/IzPbwgQ27n5IJehl7kmpoXBxGa/u+ajoxrZaOheg8E2MYVwQi ++FTKE9wJgaN3uGo4bzCbCYxDm7tflQORo6QOZlumfiQIzXON2RvgJpwFfkLNtq0t9 ++e453kJ7+e11Wah46bc3RAvBZpwswh6hDv2FvFUZ+IUcO0tU8O4kWrLIFPpJbcHQq ++wezjky773X4CNEtoeuTb8/ws/eED/TGZ2AZO+BWT93OZJgwE2x3iUd3k8HbwxfoY ++bZ+NHgtM7iKRcL59asB0OMi3Ays0+IOfZ1+3aB82zYlxFBoDyalR7NJjJGdTwNFt ++3CPGCQ28cDk= + -----END CERTIFICATE----- +-''' ++""" + +From 1f0c2a3a774d89fb10782a8abf62e219d1f4818f Mon Sep 17 00:00:00 2001 +From: Glyph +Date: Wed, 14 Jun 2023 14:06:56 -0700 +Subject: [PATCH 2/4] todo server.pem should generate this too + +--- + src/twisted/protocols/test/test_tls.py | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/twisted/protocols/test/test_tls.py b/src/twisted/protocols/test/test_tls.py +index 5915d6bc5b2..37de80feb9f 100644 +--- a/src/twisted/protocols/test/test_tls.py ++++ b/src/twisted/protocols/test/test_tls.py +@@ -522,9 +522,10 @@ def cbHandshook(ignored): + self.assertIsInstance(cert, crypto.X509) + self.assertEqual( + cert.digest("sha256"), +- # openssl x509 -noout -sha256 -fingerprint -in server.pem +- b"C4:F5:8E:9D:A0:AC:85:24:9B:2D:AA:2C:EC:87:DB:5F:33:22:94:" +- b"01:94:DC:D3:42:4C:E4:B9:F5:0F:45:F2:24", ++ # openssl x509 -noout -sha256 -fingerprint ++ # -in src/twisted/test/server.pem ++ b"D6:F2:2C:74:3B:E2:5E:F9:CA:DA:47:08:14:78:20:75:78:95:9E:52" ++ b":BD:D2:7C:77:DD:D4:EE:DE:33:BF:34:40", + ) + + handshakeDeferred.addCallback(cbHandshook) + +From 137a3a6fa27374ecb879c67557197a3f0b37aab1 Mon Sep 17 00:00:00 2001 +From: Glyph +Date: Wed, 14 Jun 2023 14:08:13 -0700 +Subject: [PATCH 3/4] address review + +--- + src/twisted/test/server.pem | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/twisted/test/server.pem b/src/twisted/test/server.pem +index 6d2be8be95b..33fdbbd1cac 100644 +--- a/src/twisted/test/server.pem ++++ b/src/twisted/test/server.pem +@@ -41,7 +41,7 @@ certificate_bytes = ( + .not_valid_before(datetime.now()) + .not_valid_after(datetime.now() + timedelta(seconds=60 * 60 * 24 * 365 * 100)) + .subject_name(me) +- .add_extension(SubjectAlternativeName([DNSName("localhost")]), False) ++ .add_extension(SubjectAlternativeName([DNSName("localhost")]), critical=False) + .issuer_name(me) + .public_key(pk.public_key()) + .sign(pk, algorithm=SHA256()) + +From c8dce7b42b13466afd24ea5f9bbfc9a1c08c585f Mon Sep 17 00:00:00 2001 +From: Glyph +Date: Wed, 14 Jun 2023 14:17:12 -0700 +Subject: [PATCH 4/4] hooray, type stubs are updated too + +--- + src/twisted/internet/_sslverify.py | 7 ++----- + 1 file changed, 2 insertions(+), 5 deletions(-) + +diff --git a/src/twisted/internet/_sslverify.py b/src/twisted/internet/_sslverify.py +index 6824482dc5b..d8f62e40954 100644 +--- a/src/twisted/internet/_sslverify.py ++++ b/src/twisted/internet/_sslverify.py +@@ -159,11 +159,8 @@ def _selectVerifyImplementation(): + ) + + try: +- from service_identity import VerificationError # type: ignore[import] +- from service_identity.pyopenssl import ( # type: ignore[import] +- verify_hostname, +- verify_ip_address, +- ) ++ from service_identity import VerificationError ++ from service_identity.pyopenssl import verify_hostname, verify_ip_address + + return verify_hostname, verify_ip_address, VerificationError + except ImportError as e: diff --git a/remove-dependency-version-upper-bounds.patch b/remove-dependency-version-upper-bounds.patch new file mode 100644 index 0000000..ae13ff2 --- /dev/null +++ b/remove-dependency-version-upper-bounds.patch @@ -0,0 +1,18 @@ +Index: Twisted-22.10.0/setup.cfg +=================================================================== +--- Twisted-22.10.0.orig/setup.cfg ++++ Twisted-22.10.0/setup.cfg +@@ -72,10 +72,10 @@ serial = + pyserial >= 3.0 + pywin32 != 226; platform_system == "Windows" + http2 = +- h2 >= 3.0, < 5.0 +- priority >= 1.1.0, < 2.0 ++ h2 >= 3.0 ++ priority >= 1.1.0 + contextvars = +- contextvars >= 2.4, < 3; python_version < "3.7" ++ contextvars >= 2.4; python_version < "3.7" + all_non_platform = + %(test)s + %(tls)s diff --git a/remove-pynacl-optional-dependency.patch b/remove-pynacl-optional-dependency.patch new file mode 100644 index 0000000..4c8e87e --- /dev/null +++ b/remove-pynacl-optional-dependency.patch @@ -0,0 +1,360 @@ +From 1716d312600a9c49279e6c15da9ad8ca21431580 Mon Sep 17 00:00:00 2001 +From: Glyph +Date: Thu, 8 Jun 2023 18:13:11 -0700 +Subject: [PATCH 1/2] remove PyNaCl optional dependency + +--- + docs/installation/howto/optional.rst | 3 - + pyproject.toml | 6 - + src/twisted/conch/newsfragments/11871.removal | 1 + + src/twisted/conch/ssh/_keys_pynacl.py | 104 ------------ + src/twisted/conch/ssh/keys.py | 9 +- + src/twisted/conch/test/test_keys.py | 157 +----------------- + tox.ini | 4 +- + 7 files changed, 6 insertions(+), 278 deletions(-) + create mode 100644 src/twisted/conch/newsfragments/11871.removal + delete mode 100644 src/twisted/conch/ssh/_keys_pynacl.py + +Index: Twisted-22.10.0/docs/installation/howto/optional.rst +=================================================================== +--- Twisted-22.10.0.orig/docs/installation/howto/optional.rst ++++ Twisted-22.10.0/docs/installation/howto/optional.rst +@@ -67,7 +67,6 @@ The following optional dependencies are + .. _service_identity: https://pypi.python.org/pypi/service_identity + .. _pyasn1: https://pypi.python.org/pypi/pyasn1 + .. _cryptography: https://pypi.python.org/pypi/cryptography +-.. _PyNaCl: https://pypi.python.org/pypi/PyNaCl + .. _SOAPpy: https://pypi.python.org/pypi/SOAPpy + .. _pyserial: https://pypi.python.org/pypi/pyserial + .. _pyobjc: https://pypi.python.org/pypi/pyobjc +Index: Twisted-22.10.0/src/twisted/conch/newsfragments/11871.removal +=================================================================== +--- /dev/null ++++ Twisted-22.10.0/src/twisted/conch/newsfragments/11871.removal +@@ -0,0 +1 @@ ++Due to changes in the way raw private key byte serialization are handled in Cryptography, and widespread support for Ed25519 in current versions of OpenSSL, we no longer support PyNaCl as a fallback for Ed25519 keys in Conch. +Index: Twisted-22.10.0/src/twisted/conch/ssh/_keys_pynacl.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/conch/ssh/_keys_pynacl.py ++++ /dev/null +@@ -1,104 +0,0 @@ +-# -*- test-case-name: twisted.conch.test.test_keys -*- +-# Copyright (c) Twisted Matrix Laboratories. +-# See LICENSE for details. +- +-""" +-Optional PyNaCl fallback code for Ed25519 keys. +-""" +- +-from cryptography.exceptions import InvalidSignature +-from cryptography.hazmat.primitives import serialization +-from cryptography.hazmat.primitives.asymmetric import ed25519 +-from nacl.exceptions import BadSignatureError +-from nacl.signing import SigningKey, VerifyKey +- +- +-class Ed25519PublicKey(ed25519.Ed25519PublicKey): +- def __init__(self, data: bytes): +- self._key = VerifyKey(data) +- +- def __bytes__(self) -> bytes: +- return bytes(self._key) +- +- def __hash__(self) -> int: +- return hash(bytes(self)) +- +- def __eq__(self, other: object) -> bool: +- if not isinstance(other, self.__class__): +- return False +- return self._key == other._key +- +- def __ne__(self, other: object) -> bool: +- return not (self == other) +- +- @classmethod +- def from_public_bytes(cls, data: bytes) -> ed25519.Ed25519PublicKey: +- return cls(data) +- +- def public_bytes( +- self, +- encoding: serialization.Encoding, +- format: serialization.PublicFormat, +- ) -> bytes: +- if ( +- encoding is not serialization.Encoding.Raw +- or format is not serialization.PublicFormat.Raw +- ): +- raise ValueError("Both encoding and format must be Raw") +- return bytes(self) +- +- def verify(self, signature: bytes, data: bytes) -> None: +- try: +- self._key.verify(data, signature) +- except BadSignatureError as e: +- raise InvalidSignature(str(e)) +- +- +-class Ed25519PrivateKey(ed25519.Ed25519PrivateKey): +- def __init__(self, data: bytes): +- self._key = SigningKey(data) +- +- def __bytes__(self) -> bytes: +- return bytes(self._key) +- +- def __hash__(self) -> int: +- return hash(bytes(self)) +- +- def __eq__(self, other: object) -> bool: +- if not isinstance(other, self.__class__): +- return False +- return self._key == other._key +- +- def __ne__(self, other: object) -> bool: +- return not (self == other) +- +- @classmethod +- def generate(cls) -> ed25519.Ed25519PrivateKey: +- return cls(bytes(SigningKey.generate())) +- +- @classmethod +- def from_private_bytes(cls, data: bytes) -> ed25519.Ed25519PrivateKey: +- return cls(data) +- +- def public_key(self) -> ed25519.Ed25519PublicKey: +- return Ed25519PublicKey(bytes(self._key.verify_key)) +- +- def private_bytes( +- self, +- encoding: serialization.Encoding, +- format: serialization.PrivateFormat, +- encryption_algorithm: serialization.KeySerializationEncryption, +- ) -> bytes: +- if ( +- encoding is not serialization.Encoding.Raw +- or format is not serialization.PrivateFormat.Raw +- or not isinstance(encryption_algorithm, serialization.NoEncryption) +- ): +- raise ValueError( +- "Encoding and format must be Raw and " +- "encryption_algorithm must be NoEncryption" +- ) +- return bytes(self) +- +- def sign(self, data: bytes) -> bytes: +- return self._key.sign(data).signature +Index: Twisted-22.10.0/src/twisted/conch/ssh/keys.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/conch/ssh/keys.py ++++ Twisted-22.10.0/src/twisted/conch/ssh/keys.py +@@ -14,7 +14,6 @@ import unicodedata + import warnings + from base64 import b64encode, decodebytes, encodebytes + from hashlib import md5, sha256 +-from typing import Optional, Type + + import bcrypt + from cryptography import utils +@@ -68,18 +67,8 @@ _secToNist = { + } + + +-Ed25519PublicKey: Optional[Type[ed25519.Ed25519PublicKey]] +-Ed25519PrivateKey: Optional[Type[ed25519.Ed25519PrivateKey]] +- +-if default_backend().ed25519_supported(): +- Ed25519PublicKey = ed25519.Ed25519PublicKey +- Ed25519PrivateKey = ed25519.Ed25519PrivateKey +-else: # pragma: no cover +- try: +- from twisted.conch.ssh._keys_pynacl import Ed25519PrivateKey, Ed25519PublicKey +- except ImportError: +- Ed25519PublicKey = None +- Ed25519PrivateKey = None ++Ed25519PublicKey = ed25519.Ed25519PublicKey ++Ed25519PrivateKey = ed25519.Ed25519PrivateKey + + + class BadKeyError(Exception): +Index: Twisted-22.10.0/src/twisted/conch/test/test_keys.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/conch/test/test_keys.py ++++ Twisted-22.10.0/src/twisted/conch/test/test_keys.py +@@ -22,20 +22,15 @@ if cryptography is None: + skipCryptography = "Cannot run without cryptography." + + pyasn1 = requireModule("pyasn1") +-_keys_pynacl = requireModule("twisted.conch.ssh._keys_pynacl") +- + + if cryptography and pyasn1: +- from cryptography.exceptions import InvalidSignature + from cryptography.hazmat.backends import default_backend + from cryptography.hazmat.primitives import hashes + from cryptography.hazmat.primitives.asymmetric import padding + + from twisted.conch.ssh import common, keys, sexpy + +- ED25519_SUPPORTED = ( +- default_backend().ed25519_supported() or _keys_pynacl is not None +- ) ++ ED25519_SUPPORTED = default_backend().ed25519_supported() + else: + ED25519_SUPPORTED = False + +@@ -1676,156 +1671,6 @@ attr n: + ) + + +-class PyNaClKeyTests(KeyTests): +- """ +- Key tests, but forcing the use of C{PyNaCl}. +- """ +- +- if cryptography is None: +- skip = skipCryptography +- if _keys_pynacl is None: +- skip = "Cannot run without PyNaCl" +- +- def setUp(self): +- super().setUp() +- self.patch(keys, "Ed25519PublicKey", _keys_pynacl.Ed25519PublicKey) +- self.patch(keys, "Ed25519PrivateKey", _keys_pynacl.Ed25519PrivateKey) +- +- def test_naclPrivateBytes(self): +- """ +- L{_keys_pynacl.Ed25519PrivateKey.private_bytes} and +- L{_keys_pynacl.Ed25519PrivateKey.from_private_bytes} round-trip. +- """ +- from cryptography.hazmat.primitives import serialization +- +- key = _keys_pynacl.Ed25519PrivateKey.generate() +- key_bytes = key.private_bytes( +- serialization.Encoding.Raw, +- serialization.PrivateFormat.Raw, +- serialization.NoEncryption(), +- ) +- self.assertIsInstance(key_bytes, bytes) +- self.assertEqual( +- key, _keys_pynacl.Ed25519PrivateKey.from_private_bytes(key_bytes) +- ) +- +- def test_naclPrivateBytesInvalidParameters(self): +- """ +- L{_keys_pynacl.Ed25519PrivateKey.private_bytes} only accepts certain parameters. +- """ +- from cryptography.hazmat.primitives import serialization +- +- key = _keys_pynacl.Ed25519PrivateKey.generate() +- self.assertRaises( +- ValueError, +- key.private_bytes, +- serialization.Encoding.PEM, +- serialization.PrivateFormat.Raw, +- serialization.NoEncryption(), +- ) +- self.assertRaises( +- ValueError, +- key.private_bytes, +- serialization.Encoding.Raw, +- serialization.PrivateFormat.PKCS8, +- serialization.NoEncryption(), +- ) +- self.assertRaises( +- ValueError, +- key.private_bytes, +- serialization.Encoding.Raw, +- serialization.PrivateFormat.Raw, +- serialization.BestAvailableEncryption(b"password"), +- ) +- +- def test_naclPrivateHash(self): +- """ +- L{_keys_pynacl.Ed25519PrivateKey.__hash__} allows instances to be hashed. +- """ +- key = _keys_pynacl.Ed25519PrivateKey.generate() +- d = {key: True} +- self.assertTrue(d[key]) +- +- def test_naclPrivateEquality(self): +- """ +- L{_keys_pynacl.Ed25519PrivateKey} implements equality test methods. +- """ +- key1 = _keys_pynacl.Ed25519PrivateKey.generate() +- key2 = _keys_pynacl.Ed25519PrivateKey.generate() +- self.assertEqual(key1, key1) +- self.assertNotEqual(key1, key2) +- self.assertNotEqual(key1, bytes(key1)) +- +- def test_naclPublicBytes(self): +- """ +- L{_keys_pynacl.Ed25519PublicKey.public_bytes} and +- L{_keys_pynacl.Ed25519PublicKey.from_public_bytes} round-trip. +- """ +- from cryptography.hazmat.primitives import serialization +- +- key = _keys_pynacl.Ed25519PrivateKey.generate().public_key() +- key_bytes = key.public_bytes( +- serialization.Encoding.Raw, serialization.PublicFormat.Raw +- ) +- self.assertIsInstance(key_bytes, bytes) +- self.assertEqual( +- key, _keys_pynacl.Ed25519PublicKey.from_public_bytes(key_bytes) +- ) +- +- def test_naclPublicBytesInvalidParameters(self): +- """ +- L{_keys_pynacl.Ed25519PublicKey.public_bytes} only accepts certain parameters. +- """ +- from cryptography.hazmat.primitives import serialization +- +- key = _keys_pynacl.Ed25519PrivateKey.generate().public_key() +- self.assertRaises( +- ValueError, +- key.public_bytes, +- serialization.Encoding.PEM, +- serialization.PublicFormat.Raw, +- ) +- self.assertRaises( +- ValueError, +- key.public_bytes, +- serialization.Encoding.Raw, +- serialization.PublicFormat.PKCS1, +- ) +- +- def test_naclPublicHash(self): +- """ +- L{_keys_pynacl.Ed25519PublicKey.__hash__} allows instances to be hashed. +- """ +- key = _keys_pynacl.Ed25519PrivateKey.generate().public_key() +- d = {key: True} +- self.assertTrue(d[key]) +- +- def test_naclPublicEquality(self): +- """ +- L{_keys_pynacl.Ed25519PublicKey} implements equality test methods. +- """ +- key1 = _keys_pynacl.Ed25519PrivateKey.generate().public_key() +- key2 = _keys_pynacl.Ed25519PrivateKey.generate().public_key() +- self.assertEqual(key1, key1) +- self.assertNotEqual(key1, key2) +- self.assertNotEqual(key1, bytes(key1)) +- +- def test_naclVerify(self): +- """ +- L{_keys_pynacl.Ed25519PublicKey.verify} raises appropriate exceptions. +- """ +- key = _keys_pynacl.Ed25519PrivateKey.generate() +- self.assertIsInstance(key, keys.Ed25519PrivateKey) +- signature = key.sign(b"test data") +- self.assertIsNone(key.public_key().verify(signature, b"test data")) +- self.assertRaises( +- InvalidSignature, key.public_key().verify, signature, b"wrong data" +- ) +- self.assertRaises( +- InvalidSignature, key.public_key().verify, b"0" * 64, b"test data" +- ) +- +- + class PersistentRSAKeyTests(unittest.TestCase): + """ + Tests for L{keys._getPersistentRSAKey}. diff --git a/skip_MultiCast.patch b/skip_MultiCast.patch new file mode 100644 index 0000000..505efa9 --- /dev/null +++ b/skip_MultiCast.patch @@ -0,0 +1,25 @@ +--- + src/twisted/test/test_udp.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +Index: Twisted-22.10.0/src/twisted/test/test_udp.py +=================================================================== +--- Twisted-22.10.0.orig/src/twisted/test/test_udp.py ++++ Twisted-22.10.0/src/twisted/test/test_udp.py +@@ -8,7 +8,7 @@ Tests for implementations of L{IReactorU + + + import os +-from unittest import skipIf ++from unittest import skipIf, SkipTest + + from twisted.internet import defer, error, interfaces, protocol, reactor, udp + from twisted.internet.defer import Deferred, gatherResults, maybeDeferred +@@ -581,6 +581,7 @@ class MulticastTests(TestCase): + skip = "This reactor does not support multicast" + + def setUp(self): ++ raise SkipTest("Multicast networking doesn't work with OBS") + self.server = Server() + self.client = Client() + # multicast won't work if we listen over loopback, apparently diff --git a/support-new-glibc.patch b/support-new-glibc.patch new file mode 100644 index 0000000..cea4bab --- /dev/null +++ b/support-new-glibc.patch @@ -0,0 +1,116 @@ +From da3bf3dc29f067e7019b2a1c205834ab64b2139a Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Fri, 9 Dec 2022 10:16:42 -0800 +Subject: [PATCH] #11786 fix misuse of mktime in tests + +--- + src/twisted/logger/test/test_format.py | 27 +++++++++++++------------- + 1 file changed, 14 insertions(+), 13 deletions(-) + +diff --git a/src/twisted/logger/test/test_format.py b/src/twisted/logger/test/test_format.py +index dbfbe1af1ae..0671b6662c8 100644 +--- a/src/twisted/logger/test/test_format.py ++++ b/src/twisted/logger/test/test_format.py +@@ -166,16 +166,17 @@ def test_formatTimeWithDefaultFormat(self) -> None: + def testForTimeZone(name: str, expectedDST: str, expectedSTD: str) -> None: + setTZ(name) + +- localDST = mktime((2006, 6, 30, 0, 0, 0, 4, 181, 1)) + localSTD = mktime((2007, 1, 31, 0, 0, 0, 2, 31, 0)) +- +- self.assertEqual(formatTime(localDST), expectedDST) + self.assertEqual(formatTime(localSTD), expectedSTD) + ++ if expectedDST: ++ localDST = mktime((2006, 6, 30, 0, 0, 0, 4, 181, 1)) ++ self.assertEqual(formatTime(localDST), expectedDST) ++ + # UTC + testForTimeZone( + "UTC+00", +- "2006-06-30T00:00:00+0000", ++ None, + "2007-01-31T00:00:00+0000", + ) + +@@ -196,7 +197,7 @@ def testForTimeZone(name: str, expectedDST: str, expectedSTD: str) -> None: + # No DST + testForTimeZone( + "CST+06", +- "2006-06-30T00:00:00-0600", ++ None, + "2007-01-31T00:00:00-0600", + ) + +@@ -211,7 +212,7 @@ def test_formatTimeWithNoFormat(self) -> None: + """ + If C{timeFormat} argument is L{None}, we get the default output. + """ +- t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, 1)) ++ t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, -1)) + self.assertEqual(formatTime(t, timeFormat=None), "-") + self.assertEqual(formatTime(t, timeFormat=None, default="!"), "!") + +@@ -219,7 +220,7 @@ def test_formatTimeWithAlternateTimeFormat(self) -> None: + """ + Alternate time format in output. + """ +- t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, 1)) ++ t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, -1)) + self.assertEqual(formatTime(t, timeFormat="%Y/%W"), "2013/38") + + def test_formatTimePercentF(self) -> None: +@@ -246,7 +247,7 @@ def test_formatTimeDefault(self) -> None: + addTZCleanup(self) + setTZ("UTC+00") + +- t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, 1)) ++ t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, -1)) + event = dict(log_format="XYZZY", log_time=t) + self.assertEqual( + formatEventAsClassicLogText(event), +@@ -539,7 +540,7 @@ def test_eventAsTextSystemOnly(self) -> None: + except CapturedError: + f = Failure() + +- t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, 1)) ++ t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, -1)) + event: LogEvent = { + "log_format": "ABCD", + "log_system": "fake_system", +@@ -573,7 +574,7 @@ def test_eventAsTextTimestampOnly(self) -> None: + except CapturedError: + f = Failure() + +- t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, 1)) ++ t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, -1)) + event: LogEvent = { + "log_format": "ABCD", + "log_system": "fake_system", +@@ -601,7 +602,7 @@ def test_eventAsTextSystemMissing(self) -> None: + except CapturedError: + f = Failure() + +- t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, 1)) ++ t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, -1)) + event: LogEvent = { + "log_format": "ABCD", + "log_time": t, +@@ -628,7 +629,7 @@ def test_eventAsTextSystemMissingNamespaceAndLevel(self) -> None: + except CapturedError: + f = Failure() + +- t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, 1)) ++ t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, -1)) + event: LogEvent = { + "log_format": "ABCD", + "log_time": t, +@@ -657,7 +658,7 @@ def test_eventAsTextSystemMissingLevelOnly(self) -> None: + except CapturedError: + f = Failure() + +- t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, 1)) ++ t = mktime((2013, 9, 24, 11, 40, 47, 1, 267, -1)) + event: LogEvent = { + "log_format": "ABCD", + "log_time": t,