SLFO-pool/python-Twisted
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: SLFO-pool:main
Branches Tags
SLFO-pool:main SLFO-pool:1.1
..
compare: SLFO-pool:1.1
Branches Tags
SLFO-pool:1.1 SLFO-pool:main

1 Commits
main ... 1.1

Author SHA256 Message Date
Adrian Schröter
18782d4408 Sync from SUSE:SLFO:1.1 python-Twisted revision 802ba959007571a4690a0d8363c46412 2025-04-16 00:26:02 +02:00
10 changed files with 401 additions and 196 deletions
Expand all files Collapse all files

55
1521_delegate_parseqs_stdlib_bpo42967.patch
View File

@@ -1,19 +1,20 @@
From 7130df7ee21ebd93d7e15e7c4ef752b759f8e1c3 Mon Sep 17 00:00:00 2001
From df79d69adea5c819bb104861dccf1bbe25851644 Mon Sep 17 00:00:00 2001
From: Thomas Grainger <tagrain@gmail.com>
Date: Sun, 21 Feb 2021 11:54:25 +0000
Subject: [PATCH] delegate to stdlib parse qs
Subject: [PATCH 1/2] delegate to stdlib parse qs
---
src/twisted/web/http.py | 29 +---------------------
src/twisted/web/newsfragments/10096.bugfix | 1 +
2 files changed, 2 insertions(+), 28 deletions(-)
src/twisted/web/http.py | 26 +-------------------------
src/twisted/web/newsfragments/10096.bugfix | 1 +
src/twisted/web/server.py | 5 ++---
3 files changed, 4 insertions(+), 28 deletions(-)
create mode 100644 src/twisted/web/newsfragments/10096.bugfix
Index: twisted-24.10.0/src/twisted/web/http.py
Index: twisted-24.3.0/src/twisted/web/http.py
===================================================================
--- twisted-24.10.0.orig/src/twisted/web/http.py
+++ twisted-24.10.0/src/twisted/web/http.py
@@ -125,6 +125,7 @@ from urllib.parse import (
--- twisted-24.3.0.orig/src/twisted/web/http.py
+++ twisted-24.3.0/src/twisted/web/http.py
@@ -115,6 +115,7 @@ from urllib.parse import (
ParseResultBytes,
unquote_to_bytes as unquote,
urlparse as _urlparse,
@@ -21,7 +22,7 @@ Index: twisted-24.10.0/src/twisted/web/http.py
)
from zope.interface import Attribute, Interface, implementer, provider
@@ -371,34 +372,6 @@ def urlparse(url):
@@ -288,34 +289,6 @@ def urlparse(url):
return ParseResultBytes(scheme, netloc, path, params, query, fragment)
@@ -56,9 +57,39 @@ Index: twisted-24.10.0/src/twisted/web/http.py
def datetimeToString(msSinceEpoch=None):
"""
Convert seconds since epoch to HTTP datetime string.
Index: twisted-24.10.0/src/twisted/web/newsfragments/10096.bugfix
Index: twisted-24.3.0/src/twisted/web/newsfragments/10096.bugfix
===================================================================
--- /dev/null
+++ twisted-24.10.0/src/twisted/web/newsfragments/10096.bugfix
+++ twisted-24.3.0/src/twisted/web/newsfragments/10096.bugfix
@@ -0,0 +1 @@
+delegate to urllib.parse:parse_qs in twisted.web.http:parse_qs to avoid CVE-2021-23336 and the associated CI failures
Index: twisted-24.3.0/src/twisted/web/server.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/server.py
+++ twisted-24.3.0/src/twisted/web/server.py
@@ -21,7 +21,7 @@ import zlib
from binascii import hexlify
from html import escape
from typing import List, Optional
-from urllib.parse import quote as _quote
+from urllib.parse import quote as _quote, unquote_to_bytes as _unquote_to_bytes
from zope.interface import implementer
@@ -37,7 +37,6 @@ from twisted.python.deprecate import dep
from twisted.spread.pb import Copyable, ViewPoint
from twisted.web import http, iweb, resource, util
from twisted.web.error import UnsupportedMethod
-from twisted.web.http import unquote
NOT_DONE_YET = 1
@@ -210,7 +209,7 @@ class Request(Copyable, http.Request, co
# Resource Identification
self.prepath = []
- self.postpath = list(map(unquote, self.path[1:].split(b"/")))
+ self.postpath = [_unquote_to_bytes(v) for v in self.path[1:].split(b"/")]
# Short-circuit for requests whose path is '*'.
if self.path == b"*":

242
CVE-2024-41671.patch Normal file
View File

@@ -0,0 +1,242 @@
Index: twisted-24.3.0/src/twisted/web/http.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/http.py
+++ twisted-24.3.0/src/twisted/web/http.py
@@ -1973,16 +1973,21 @@ class _ChunkedTransferDecoder:
@returns: C{False}, as there is either insufficient data to continue,
or no data remains.
"""
- if (
- self._receivedTrailerHeadersSize + len(self._buffer)
- > self._maxTrailerHeadersSize
- ):
- raise _MalformedChunkedDataError("Trailer headers data is too long.")
-
eolIndex = self._buffer.find(b"\r\n", self._start)
if eolIndex == -1:
# Still no end of network line marker found.
+ #
+ # Check if we've run up against the trailer size limit: if the next
+ # read contains the terminating CRLF then we'll have this many bytes
+ # of trailers (including the CRLFs).
+ minTrailerSize = (
+ self._receivedTrailerHeadersSize
+ + len(self._buffer)
+ + (1 if self._buffer.endswith(b"\r") else 2)
+ )
+ if minTrailerSize > self._maxTrailerHeadersSize:
+ raise _MalformedChunkedDataError("Trailer headers data is too long.")
# Continue processing more data.
return False
@@ -1992,6 +1997,8 @@ class _ChunkedTransferDecoder:
del self._buffer[0 : eolIndex + 2]
self._start = 0
self._receivedTrailerHeadersSize += eolIndex + 2
+ if self._receivedTrailerHeadersSize > self._maxTrailerHeadersSize:
+ raise _MalformedChunkedDataError("Trailer headers data is too long.")
return True
# eolIndex in this part of code is equal to 0
@@ -2315,8 +2322,8 @@ class HTTPChannel(basic.LineReceiver, po
self.__header = line
def _finishRequestBody(self, data):
- self.allContentReceived()
self._dataBuffer.append(data)
+ self.allContentReceived()
def _maybeChooseTransferDecoder(self, header, data):
"""
Index: twisted-24.3.0/src/twisted/web/newsfragments/12248.bugfix
===================================================================
--- /dev/null
+++ twisted-24.3.0/src/twisted/web/newsfragments/12248.bugfix
@@ -0,0 +1 @@
+The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure (CVE-2024-41671/GHSA-c8m8-j448-xjx7)
Index: twisted-24.3.0/src/twisted/web/test/test_http.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/test/test_http.py
+++ twisted-24.3.0/src/twisted/web/test/test_http.py
@@ -135,7 +135,7 @@ class DummyHTTPHandler(http.Request):
data = self.content.read()
length = self.getHeader(b"content-length")
if length is None:
- length = networkString(str(length))
+ length = str(length).encode()
request = b"'''\n" + length + b"\n" + data + b"'''\n"
self.setResponseCode(200)
self.setHeader(b"Request", self.uri)
@@ -563,17 +563,23 @@ class HTTP0_9Tests(HTTP1_0Tests):
class PipeliningBodyTests(unittest.TestCase, ResponseTestMixin):
"""
- Tests that multiple pipelined requests with bodies are correctly buffered.
+ Pipelined requests get buffered and executed in the order received,
+ not processed in parallel.
"""
requests = (
b"POST / HTTP/1.1\r\n"
b"Content-Length: 10\r\n"
b"\r\n"
- b"0123456789POST / HTTP/1.1\r\n"
- b"Content-Length: 10\r\n"
- b"\r\n"
b"0123456789"
+ # Chunk encoded request.
+ b"POST / HTTP/1.1\r\n"
+ b"Transfer-Encoding: chunked\r\n"
+ b"\r\n"
+ b"a\r\n"
+ b"0123456789\r\n"
+ b"0\r\n"
+ b"\r\n"
)
expectedResponses = [
@@ -590,14 +596,16 @@ class PipeliningBodyTests(unittest.TestC
b"Request: /",
b"Command: POST",
b"Version: HTTP/1.1",
- b"Content-Length: 21",
- b"'''\n10\n0123456789'''\n",
+ b"Content-Length: 23",
+ b"'''\nNone\n0123456789'''\n",
),
]
- def test_noPipelining(self):
+ def test_stepwiseTinyTube(self):
"""
- Test that pipelined requests get buffered, not processed in parallel.
+ Imitate a slow connection that delivers one byte at a time.
+ The request handler (L{DelayedHTTPHandler}) is puppeted to
+ step through the handling of each request.
"""
b = StringTransport()
a = http.HTTPChannel()
@@ -606,10 +614,9 @@ class PipeliningBodyTests(unittest.TestC
# one byte at a time, to stress it.
for byte in iterbytes(self.requests):
a.dataReceived(byte)
- value = b.value()
# So far only one request should have been dispatched.
- self.assertEqual(value, b"")
+ self.assertEqual(b.value(), b"")
self.assertEqual(1, len(a.requests))
# Now, process each request one at a time.
@@ -618,8 +625,95 @@ class PipeliningBodyTests(unittest.TestC
request = a.requests[0].original
request.delayedProcess()
- value = b.value()
- self.assertResponseEquals(value, self.expectedResponses)
+ self.assertResponseEquals(b.value(), self.expectedResponses)
+
+ def test_stepwiseDumpTruck(self):
+ """
+ Imitate a fast connection where several pipelined
+ requests arrive in a single read. The request handler
+ (L{DelayedHTTPHandler}) is puppeted to step through the
+ handling of each request.
+ """
+ b = StringTransport()
+ a = http.HTTPChannel()
+ a.requestFactory = DelayedHTTPHandlerProxy
+ a.makeConnection(b)
+
+ a.dataReceived(self.requests)
+
+ # So far only one request should have been dispatched.
+ self.assertEqual(b.value(), b"")
+ self.assertEqual(1, len(a.requests))
+
+ # Now, process each request one at a time.
+ while a.requests:
+ self.assertEqual(1, len(a.requests))
+ request = a.requests[0].original
+ request.delayedProcess()
+
+ self.assertResponseEquals(b.value(), self.expectedResponses)
+
+ def test_immediateTinyTube(self):
+ """
+ Imitate a slow connection that delivers one byte at a time.
+
+ (L{DummyHTTPHandler}) immediately responds, but no more
+ than one
+ """
+ b = StringTransport()
+ a = http.HTTPChannel()
+ a.requestFactory = DummyHTTPHandlerProxy # "sync"
+ a.makeConnection(b)
+
+ # one byte at a time, to stress it.
+ for byte in iterbytes(self.requests):
+ a.dataReceived(byte)
+ # There is never more than one request dispatched at a time:
+ self.assertLessEqual(len(a.requests), 1)
+
+ self.assertResponseEquals(b.value(), self.expectedResponses)
+
+ def test_immediateDumpTruck(self):
+ """
+ Imitate a fast connection where several pipelined
+ requests arrive in a single read. The request handler
+ (L{DummyHTTPHandler}) immediately responds.
+
+ This doesn't check the at-most-one pending request
+ invariant but exercises otherwise uncovered code paths.
+ See GHSA-c8m8-j448-xjx7.
+ """
+ b = StringTransport()
+ a = http.HTTPChannel()
+ a.requestFactory = DummyHTTPHandlerProxy
+ a.makeConnection(b)
+
+ # All bytes at once to ensure there's stuff to buffer.
+ a.dataReceived(self.requests)
+
+ self.assertResponseEquals(b.value(), self.expectedResponses)
+
+ def test_immediateABiggerTruck(self):
+ """
+ Imitate a fast connection where a so many pipelined
+ requests arrive in a single read that backpressure is indicated.
+ The request handler (L{DummyHTTPHandler}) immediately responds.
+
+ This doesn't check the at-most-one pending request
+ invariant but exercises otherwise uncovered code paths.
+ See GHSA-c8m8-j448-xjx7.
+
+ @see: L{http.HTTPChannel._optimisticEagerReadSize}
+ """
+ b = StringTransport()
+ a = http.HTTPChannel()
+ a.requestFactory = DummyHTTPHandlerProxy
+ a.makeConnection(b)
+
+ overLimitCount = a._optimisticEagerReadSize // len(self.requests) * 10
+ a.dataReceived(self.requests * overLimitCount)
+
+ self.assertResponseEquals(b.value(), self.expectedResponses * overLimitCount)
def test_pipeliningReadLimit(self):
"""
@@ -1522,7 +1616,11 @@ class ChunkedTransferEncodingTests(unitt
lambda b: None, # pragma: nocov
)
p._maxTrailerHeadersSize = 10
- p.dataReceived(b"3\r\nabc\r\n0\r\n0123456789")
+ # 9 bytes are received so far, in 2 packets.
+ # For now, all is ok.
+ p.dataReceived(b"3\r\nabc\r\n0\r\n01234567")
+ p.dataReceived(b"\r")
+ # Once the 10th byte is received, the processing fails.
self.assertRaises(
http._MalformedChunkedDataError,
p.dataReceived,

83
CVE-2024-41810.patch Normal file
View File

@@ -0,0 +1,83 @@
Index: twisted-24.3.0/src/twisted/web/_template_util.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/_template_util.py
+++ twisted-24.3.0/src/twisted/web/_template_util.py
@@ -92,7 +92,7 @@ def redirectTo(URL: bytes, request: IReq
</body>
</html>
""" % {
- b"url": URL
+ b"url": escape(URL.decode("utf-8")).encode("utf-8")
}
return content
Index: twisted-24.3.0/src/twisted/web/newsfragments/12263.bugfix
===================================================================
--- /dev/null
+++ twisted-24.3.0/src/twisted/web/newsfragments/12263.bugfix
@@ -0,0 +1 @@
+twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2). The issue is being tracked with CVE-2024-41810.
\ No newline at end of file
Index: twisted-24.3.0/src/twisted/web/newsfragments/9839.bugfix
===================================================================
--- /dev/null
+++ twisted-24.3.0/src/twisted/web/newsfragments/9839.bugfix
@@ -0,0 +1 @@
+twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810).
Index: twisted-24.3.0/src/twisted/web/test/test_util.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/web/test/test_util.py
+++ twisted-24.3.0/src/twisted/web/test/test_util.py
@@ -5,7 +5,6 @@
Tests for L{twisted.web.util}.
"""
-
import gc
from twisted.internet import defer
@@ -64,6 +63,44 @@ class RedirectToTests(TestCase):
targetURL = "http://target.example.com/4321"
self.assertRaises(TypeError, redirectTo, targetURL, request)
+ def test_legitimateRedirect(self):
+ """
+ Legitimate URLs are fully interpolated in the `redirectTo` response body without transformation
+ """
+ request = DummyRequest([b""])
+ html = redirectTo(b"https://twisted.org/", request)
+ expected = b"""
+<html>
+ <head>
+ <meta http-equiv=\"refresh\" content=\"0;URL=https://twisted.org/\">
+ </head>
+ <body bgcolor=\"#FFFFFF\" text=\"#000000\">
+ <a href=\"https://twisted.org/\">click here</a>
+ </body>
+</html>
+"""
+ self.assertEqual(html, expected)
+
+ def test_maliciousRedirect(self):
+ """
+ Malicious URLs are HTML-escaped before interpolating them in the `redirectTo` response body
+ """
+ request = DummyRequest([b""])
+ html = redirectTo(
+ b'https://twisted.org/"><script>alert(document.location)</script>', request
+ )
+ expected = b"""
+<html>
+ <head>
+ <meta http-equiv=\"refresh\" content=\"0;URL=https://twisted.org/&quot;&gt;&lt;script&gt;alert(document.location)&lt;/script&gt;\">
+ </head>
+ <body bgcolor=\"#FFFFFF\" text=\"#000000\">
+ <a href=\"https://twisted.org/&quot;&gt;&lt;script&gt;alert(document.location)&lt;/script&gt;\">click here</a>
+ </body>
+</html>
+"""
+ self.assertEqual(html, expected)
+
class ParentRedirectTests(SynchronousTestCase):
"""

16
no-cython_test_exception_raiser.patch
View File

@@ -1,9 +1,13 @@
diff --git a/src/twisted/test/test_failure.py b/src/twisted/test/test_failure.py
index a9e920c10e..de9c499972 100644
--- a/src/twisted/test/test_failure.py
+++ b/src/twisted/test/test_failure.py
@@ -19,7 +19,8 @@ from types import TracebackType
from typing import Any, Generator, cast
---
src/twisted/test/test_failure.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
Index: twisted-24.3.0/src/twisted/test/test_failure.py
===================================================================
--- twisted-24.3.0.orig/src/twisted/test/test_failure.py
+++ twisted-24.3.0/src/twisted/test/test_failure.py
@@ -18,7 +18,8 @@ from types import TracebackType
from typing import Any, Generator
from unittest import skipIf
-from cython_test_exception_raiser import raiser

12
no-test_successResultOfWithFailureHasTraceback.patch
View File

@@ -2,10 +2,10 @@
src/twisted/conch/test/test_keys.py | 3 +++
1 file changed, 3 insertions(+)
Index: twisted-24.10.0/src/twisted/conch/test/test_keys.py
Index: twisted-24.3.0/src/twisted/conch/test/test_keys.py
===================================================================
--- twisted-24.10.0.orig/src/twisted/conch/test/test_keys.py
+++ twisted-24.10.0/src/twisted/conch/test/test_keys.py
--- twisted-24.3.0.orig/src/twisted/conch/test/test_keys.py
+++ twisted-24.3.0/src/twisted/conch/test/test_keys.py
@@ -15,6 +15,7 @@ from twisted.python import randbytes
from twisted.python.filepath import FilePath
from twisted.python.reflect import requireModule
@@ -14,9 +14,9 @@ Index: twisted-24.10.0/src/twisted/conch/test/test_keys.py
cryptography = requireModule("cryptography")
if cryptography is None:
@@ -278,6 +279,8 @@ class KeyTests(unittest.TestCase):
publicKey = keys.Key.fromString(public)
self.assertTrue(publicKey._sk)
@@ -250,6 +251,8 @@ class KeyTests(unittest.TestCase):
for k, v in data.items():
self.assertEqual(privateKey.data()[k], v)
+ @pyunit.skip('Upstream ticket https://twistedmatrix.com/trac/ticket/9665' +
+ ' has still not been resolved.')

158
python-Twisted.changes
View File

@@ -1,161 +1,3 @@
-------------------------------------------------------------------
Tue Oct 29 18:00:39 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 24.10.0:
* Python 3.13 is now supported.
* twisted.internet.defer.succeed() is significantly faster, and
awaiting Deferred has also been sped up.
* twisted.python.failure.Failure creation no longer records the
place where it was created. This reduces creation time by 60%
at least, thereby speeding up Deferred error handling.
* twisted.internet.defer.Deferred no longer removes the
traceback object from Failures. This may result in more
objects staying in memory if you don't clean up failed
Deferreds, but it speeds up error handling and enables
improvements to traceback reporting.
* twisted.internet.defer APIs are 2%-4% faster in many cases.
* twisted.internet.defer.Deferred runs callbacks with chained
Deferreds a little faster.
* The reactor now will use a little less CPU when events have
been scheduled with callLater().
* Creation of twisted.python.failure.Failure is now faster.
* Fixed unreleased regression caused by PR 12109.
* twisted.logger.eventAsText can now format the output having
types/classes as input. This was a regression introduced in
Twisted 24.3.0.
* twisted.internet.endpoints.clientFromString for TLS endpoints
with "bindAddress=" no longer crashes during connect.
twisted.internet.endpoints.HostnameEndpoint() no longer
crashes when given a bindAddress= argument that is just a
string, and that argument now accepts either address strings
or (address, port) tuples.
* The URLs from README and pyproject.toml were updated.
* #11236, #12060, #12062, #12099, #12219, #12290, #12296,
#12305, #12329, #12331, #12339
* twisted.conch.ssh.keys.Key can now load public blob keys of
type sk-ssh-ed25519@openssh.com and sk-ecdsa-
sha2-nistp256@openssh.com.
* twisted.conch tests no longer rely on OpenSSH supporting DSA
keys, fixing compatibility with OpenSSH >= 9.8.
* twisted.conch.ssh.SSHCiphers no longer supports the
cast128-ctr, cast128-cbc, blowfish-ctr, and blowfish-cbc
ciphers. The Blowfish and CAST5 ciphers were removed as they
were deprecated by the Python cryptography library.
* #12313
* The twisted.web HTTP server and client now reject HTTP header
names containing whitespace or other invalid characters by
raising twisted.web.http_headers.InvalidHeaderName, improving
compliance with RFC 9110. As a side effect, the server is
slightly faster.
* twisted.web.client and twisted.web.server now disable the
Nagle algorithm (enable TCP_NODELAY), reducing the latency of
small HTTP queries.
* twisted.web.server is 1-2% faster in some cases.
* twisted.web's HTTP/1.1 server now rejects header values
containing a NUL byte with a 400 error, in compliance with
RFC 9110.
* twisted.internet.address no longer raises DeprecationWarning
when used with attrs>=24.1.0.
* twisted.web's HTTP/1.1 server now accepts '&' within tokens
(methods, header field names, etc.), in compliance with RFC
9110.
* #9743, #12276
* Trial's -j flag now accepts an auto keyword to spawn a number
of workers based on the available CPUs.
- drop 12313-fix-test_manhole.patch: upstream
-------------------------------------------------------------------
Wed Sep 25 06:38:11 UTC 2024 - Markéta Machová <mmachova@suse.com>
- Add upstream patch 12313-fix-test_manhole.patch to fix test failure
with latest python312
-------------------------------------------------------------------
Mon Sep 9 14:23:03 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Update to 24.7.0
* 24.7.0.rc2 fixed an unreleased regression caused by PR 12109. (#12279)
* twisted.web.util.redirectTo now HTML-escapes the provided URL in the fallback
response body it returns (GHSA-cf56-g6w6-pqq2, CVE-2024-41810). (#9839)
* The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined
HTTP requests out-of-order, possibly resulting in information disclosure
(CVE-2024-41671/GHSA-c8m8-j448-xjx7) (#12248)
* twisted.protocols.ftp now supports the IPv6 extensions defined in RFC 2428. (#9645)
* twisted.internet.defer.inlineCallbacks can now yield a coroutine. (#9972)
* twisted.python._shellcomp.ZshArgumentsGenerator was updated for Python 3.13. (#12065)
* twisted.web.wsgi request environment now contains the peer port number as `REMOTE_PORT`. (#12096)
* twisted.internet.defer.Deferred.callback() and twisted.internet.defer.Deferred.addCallbacks()
no longer use `assert` to check the type of the arguments. You should now use type checking
to validate your code. These changes were done to reduce the CPU usage. (#12122)
* Added two new methods, twisted.logger.Logger.failuresHandled and twisted.logger.Logger.\
failureHandler, which allow for more concise and convenient handling of exceptions when
dispatching out to application code. The former can arbitrarily customize failure handling
at the call site, and the latter can be used for performance-sensitive cases where no
additional information needs to be logged. (#12188)
* twisted.internet.defer.Deferred.addCallback now runs about 10% faster. (#12223)
* twisted.internet.defer.Deferred error handling is now faster, taking 40% less time to run. (#12227)
* twisted.internet.ssl.Certificate.__repr__ can now handle certificates without
a common name (CN) in the certificate itself or the signing CA. (#5851)
* Type annotations have been added to twisted.conch.interfaces.IKnownHostEntry
and its implementations, twisted.conch.client.knownhosts.PlainHost and
twisted.conch.client.knownhosts.HashedHost, correcting a variety of
type confusion issues throughout the conch client code. (#9713)
* twisted.python.failure.Failure once again utilizes the custom
pickling logic it used to in the past. (#12112)
* twisted.conch.client.knownhosts.KnownHostsFile.verifyHostKey no longer logs
an exception when automatically adding an IP address host key, which means
the interactive `conch` command-line no longer will either. (#12141)
* The IRC server example found in the documentation was updated for readability. (#12097)
* Remove contextvars from list of optional dependencies. (#12128)
* The documentation for installing Twisted was moved into a single page. (#12145)
* The project's compatibility policy now clearly indicates that the GitHub Actions
test matrix defines the supported platforms. (#12167)
* Updated imap4client.py example, it no longer references Python 2. (#12252)
* twisted.internet.defer.returnValue has been deprecated. You can replace
it with the standard `return` statement. (#9930)
* The `twisted-iocpsupport` is no longer a hard dependency on Windows.
* The IOCP support is now installed together with the other Windows soft
* dependencies via `twisted[windows-platform]`. (#11893)
* twisted.python.deprecate helper function will now always strip whitespaces from the docstrings.
* This is done to have the same behaviour as with Python 3.13. (#12063)
* twisted.conch.manhole.ManholeInterpreter.write, twisted.conch.manhole.ManholeInterpreter.
addOutput, twisted.mail.imap4.IMAP4Server.sendUntaggedResponse `async` argument,
deprecated since 18.9.0, has been removed. (#12130)
* twisted.web.soap was removed.
* The SOAP support was already broken, for at least the last 4 years.
* The SOAP support in Twisted has no active maintainer. (#12146)
* Fix #11744, #11771, #12113, #12154, #12169, #12179, #12193, #12195,
#12197, #12215, #12221, #12243, #12249, #12254, #12259, #12669
* twisted.conch.insults.window.Widget.functionKeyReceived now dispatches
functional key events to corresponding `func_KEYNAME` methods, where `KEYNAME` can be `F1`, `F2`,
`HOME`, `UP_ARROW` etc. This is a regression introduced with #8214 in Twisted 16.5.0, where events
changed from `const` objects to bytestrings in square brackets like `[F1]`. (#12046)
* twisted.web.agent.Agent now allows duplicate Content-Length headers having the same value, per RFC
9110 section 8.6. It is otherwise more strict when parsing Content-Length header values. (#9064)
* twisted.web.client.HTTPConnectionPool used by HTTP clients now runs faster by using a little less CPU. (#12108)
* twisted.web.http_headers now uses less CPU, making a small HTTP client request 10% faster or so. (#12116)
* twisted.web's HTTP/1.1 server now runs a little faster, with about 10% lower CPU overhead. (#12133)
* twisted.web's HTTP 1.1 server is an additional 5% faster. (#12155)
* twisted.web.http.IM_A_TEAPOT was added and returns `I'm a teapot`
* as default message for the status code 418,
* as defined in RFC 2324 section 2.3.2. (#12104)
* The HTTP 1.0/1.1 server provided by twisted.web is now more picky about the first line of a request,
improving compliance with RFC 9112. (#12233)
* The HTTP 1.0/1.1 server provided by twisted.web now constraints the character set of HTTP header names,
improving compliance with RFC 9110. (#12235)
* Fix ReverseProxyResource example in developer guide. (#12152)
* twisted.web.util.ChildRedirector, which has never worked on Python 3, has been removed. (#9591)
* ``twisted.web.http.Request.setResponseCode()`` no longer validates the types of inputs;
we encourage you to use a type checker like mypy to catch these sort of errors. The
long-deprecated ``twisted.web.server.string_date_time()`` and ``twisted.web.server.date_time_string()``
APIs were removed altogether. (#12133)
* twisted.web.http.HTTPClient is now deprecated in favor of twisted.web.client.Agent (#12158)
* Fix #12098, #12194, #12200, #12241, #12257
- Drop CVE-2024-41671.patch, merged upstream
- Drop CVE-2024-41810.patch, merged upstream
- Refresh 1521_delegate_parseqs_stdlib_bpo42967.patch
- Refresh no-cython_test_exception_raiser.patch
-------------------------------------------------------------------
Wed Jul 31 06:07:19 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>

13
python-Twisted.spec
View File

@@ -27,7 +27,7 @@
%{?sle15_python_module_pythons}
Name: python-Twisted%{psuffix}
Version: 24.10.0
Version: 24.3.0
Release: 0
Summary: An asynchronous networking framework written in Python
License: MIT
@@ -45,9 +45,13 @@ Patch3: 1521_delegate_parseqs_stdlib_bpo42967.patch
Patch5: no-cython_test_exception_raiser.patch
# PATCH-FIX-OPENSUSE remove-dependency-version-upper-bounds.patch boo#1190036 -- run with h2 >= 4.0.0 and priority >= 2.0
Patch6: remove-dependency-version-upper-bounds.patch
# PATCH-FIX-UPSTREAM CVE-2024-41671.patch gh#twisted/twisted@4a930de12fb6
Patch7: CVE-2024-41671.patch
# PATCH-FIX-UPSTREAM CVE-2024-41810.patch gh#twisted/twisted@046a164f89a0
Patch8: CVE-2024-41810.patch
BuildRequires: %{python_module hatch-fancy-pypi-readme}
BuildRequires: %{python_module hatchling}
BuildRequires: %{python_module incremental >= 24.7.0}
BuildRequires: %{python_module incremental >= 21.3.0}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module wheel}
@@ -61,7 +65,7 @@ Requires: python-Automat >= 0.8.0
Requires: python-attrs >= 19.2.0
Requires: python-constantly >= 15.1
Requires: python-hyperlink >= 17.1.1
Requires: python-incremental >= 24.7.0
Requires: python-incremental >= 21.3.0
Requires: python-typing_extensions >= 3.6.5
Requires: python-zope.interface >= 4.4.2
# /SECTION
@@ -70,10 +74,9 @@ Requires: python-Twisted-tls = %{version}
%if %{with test}
BuildRequires: %{python_module Twisted-all_non_platform = %{version}}
BuildRequires: %{python_module Twisted-conch_nacl = %{version}}
BuildRequires: %{python_module httpx}
BuildRequires: %{python_module hypothesis}
# declared nowhere but required to pass 8 tests with timezone checks
BuildRequires: %{python_module pytz}
BuildRequires: %{python_module hypothesis}
%endif
BuildArch: noarch
%python_subpackages

12
remove-dependency-version-upper-bounds.patch
View File

@@ -1,14 +1,14 @@
Index: twisted-24.10.0/pyproject.toml
Index: twisted-23.10.0/pyproject.toml
===================================================================
--- twisted-24.10.0.orig/pyproject.toml
+++ twisted-24.10.0/pyproject.toml
@@ -97,8 +97,8 @@ serial = [
--- twisted-23.10.0.orig/pyproject.toml
+++ twisted-23.10.0/pyproject.toml
@@ -95,8 +95,8 @@ serial = [
]
http2 = [
- "h2 >= 3.2, < 5.0",
- "h2 >= 3.0, < 5.0",
- "priority >= 1.1.0, < 2.0",
+ "h2 >= 3.2",
+ "h2 >= 3.0",
+ "priority >= 1.1.0",
]

BIN
twisted-24.10.0.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

BIN
twisted-24.3.0.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.