Dirk Mueller
1629614926
* Python 3.13 is now supported.
* twisted.internet.defer.succeed() is significantly faster, and
awaiting Deferred has also been sped up.
* twisted.python.failure.Failure creation no longer records the
place where it was created. This reduces creation time by 60%
at least, thereby speeding up Deferred error handling.
* twisted.internet.defer.Deferred no longer removes the
traceback object from Failures. This may result in more
objects staying in memory if you don't clean up failed
Deferreds, but it speeds up error handling and enables
improvements to traceback reporting.
* twisted.internet.defer APIs are 2%-4% faster in many cases.
* twisted.internet.defer.Deferred runs callbacks with chained
Deferreds a little faster.
* The reactor now will use a little less CPU when events have
been scheduled with callLater().
* Creation of twisted.python.failure.Failure is now faster.
* Fixed unreleased regression caused by PR 12109.
* twisted.logger.eventAsText can now format the output having
types/classes as input. This was a regression introduced in
Twisted 24.3.0.
* twisted.internet.endpoints.clientFromString for TLS endpoints
with "bindAddress=" no longer crashes during connect.
twisted.internet.endpoints.HostnameEndpoint() no longer
crashes when given a bindAddress= argument that is just a
string, and that argument now accepts either address strings
or (address, port) tuples.
* The URLs from README and pyproject.toml were updated.
* #11236, #12060, #12062, #12099, #12219, #12290, #12296,
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Twisted?expand=0&rev=157
65 lines
2.2 KiB
Diff
65 lines
2.2 KiB
Diff
From 7130df7ee21ebd93d7e15e7c4ef752b759f8e1c3 Mon Sep 17 00:00:00 2001
|
|
From: Thomas Grainger <tagrain@gmail.com>
|
|
Date: Sun, 21 Feb 2021 11:54:25 +0000
|
|
Subject: [PATCH] delegate to stdlib parse qs
|
|
|
|
---
|
|
src/twisted/web/http.py | 29 +---------------------
|
|
src/twisted/web/newsfragments/10096.bugfix | 1 +
|
|
2 files changed, 2 insertions(+), 28 deletions(-)
|
|
create mode 100644 src/twisted/web/newsfragments/10096.bugfix
|
|
|
|
Index: twisted-24.10.0/src/twisted/web/http.py
|
|
===================================================================
|
|
--- twisted-24.10.0.orig/src/twisted/web/http.py
|
|
+++ twisted-24.10.0/src/twisted/web/http.py
|
|
@@ -125,6 +125,7 @@ from urllib.parse import (
|
|
ParseResultBytes,
|
|
unquote_to_bytes as unquote,
|
|
urlparse as _urlparse,
|
|
+ parse_qs,
|
|
)
|
|
|
|
from zope.interface import Attribute, Interface, implementer, provider
|
|
@@ -371,34 +372,6 @@ def urlparse(url):
|
|
return ParseResultBytes(scheme, netloc, path, params, query, fragment)
|
|
|
|
|
|
-def parse_qs(qs, keep_blank_values=0, strict_parsing=0):
|
|
- """
|
|
- Like C{cgi.parse_qs}, but with support for parsing byte strings on Python 3.
|
|
-
|
|
- This was created to help with Python 2 to Python 3 migration.
|
|
- Consider using L{urllib.parse.parse_qs}.
|
|
-
|
|
- @type qs: C{bytes}
|
|
- """
|
|
- d = {}
|
|
- items = [s2 for s1 in qs.split(b"&") for s2 in s1.split(b";")]
|
|
- for item in items:
|
|
- try:
|
|
- k, v = item.split(b"=", 1)
|
|
- except ValueError:
|
|
- if strict_parsing:
|
|
- raise
|
|
- continue
|
|
- if v or keep_blank_values:
|
|
- k = unquote(k.replace(b"+", b" "))
|
|
- v = unquote(v.replace(b"+", b" "))
|
|
- if k in d:
|
|
- d[k].append(v)
|
|
- else:
|
|
- d[k] = [v]
|
|
- return d
|
|
-
|
|
-
|
|
def datetimeToString(msSinceEpoch=None):
|
|
"""
|
|
Convert seconds since epoch to HTTP datetime string.
|
|
Index: twisted-24.10.0/src/twisted/web/newsfragments/10096.bugfix
|
|
===================================================================
|
|
--- /dev/null
|
|
+++ twisted-24.10.0/src/twisted/web/newsfragments/10096.bugfix
|
|
@@ -0,0 +1 @@
|
|
+delegate to urllib.parse:parse_qs in twisted.web.http:parse_qs to avoid CVE-2021-23336 and the associated CI failures
|