diff --git a/1521_delegate_parseqs_stdlib_bpo42967.patch b/1521_delegate_parseqs_stdlib_bpo42967.patch index e885264..01f873e 100644 --- a/1521_delegate_parseqs_stdlib_bpo42967.patch +++ b/1521_delegate_parseqs_stdlib_bpo42967.patch @@ -10,16 +10,18 @@ Subject: [PATCH 1/2] delegate to stdlib parse qs 3 files changed, 4 insertions(+), 28 deletions(-) create mode 100644 src/twisted/web/newsfragments/10096.bugfix ---- a/src/twisted/web/http.py -+++ b/src/twisted/web/http.py -@@ -112,6 +112,7 @@ from urllib.parse import ( +Index: Twisted-22.1.0/src/twisted/web/http.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/web/http.py ++++ Twisted-22.1.0/src/twisted/web/http.py +@@ -113,6 +113,7 @@ from urllib.parse import ( ParseResultBytes, - urlparse as _urlparse, unquote_to_bytes as unquote, + urlparse as _urlparse, + parse_qs, ) - from typing import Callable + from zope.interface import Attribute, Interface, implementer, provider @@ -263,31 +264,6 @@ def urlparse(url): return ParseResultBytes(scheme, netloc, path, params, query, fragment) @@ -52,30 +54,34 @@ Subject: [PATCH 1/2] delegate to stdlib parse qs def datetimeToString(msSinceEpoch=None): """ Convert seconds since epoch to HTTP datetime string. +Index: Twisted-22.1.0/src/twisted/web/newsfragments/10096.bugfix +=================================================================== --- /dev/null -+++ b/src/twisted/web/newsfragments/10096.bugfix ++++ Twisted-22.1.0/src/twisted/web/newsfragments/10096.bugfix @@ -0,0 +1 @@ +delegate to urllib.parse:parse_qs in twisted.web.http:parse_qs to avoid CVE-2021-23336 and the associated CI failures ---- a/src/twisted/web/server.py -+++ b/src/twisted/web/server.py -@@ -19,7 +19,7 @@ import os - import re +Index: Twisted-22.1.0/src/twisted/web/server.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/web/server.py ++++ Twisted-22.1.0/src/twisted/web/server.py +@@ -21,7 +21,7 @@ import zlib + from binascii import hexlify from html import escape from typing import List, Optional -from urllib.parse import quote as _quote +from urllib.parse import quote as _quote, unquote_to_bytes as _unquote_to_bytes - import zlib - from binascii import hexlify -@@ -31,7 +31,6 @@ from twisted.spread.pb import Copyable, - from twisted.internet import address, interfaces - from twisted.internet.error import AlreadyCalled, AlreadyCancelled - from twisted.web import iweb, http, util + from zope.interface import implementer + +@@ -37,7 +37,6 @@ from twisted.python.deprecate import dep + from twisted.spread.pb import Copyable, ViewPoint + from twisted.web import http, iweb, resource, util + from twisted.web.error import UnsupportedMethod -from twisted.web.http import unquote - from twisted.python import reflect, failure, components - from twisted import copyright - from twisted.web import resource -@@ -213,7 +212,7 @@ class Request(Copyable, http.Request, co + + NOT_DONE_YET = 1 + +@@ -211,7 +210,7 @@ class Request(Copyable, http.Request, co # Resource Identification self.prepath = [] diff --git a/Twisted-21.7.0.tar.gz b/Twisted-21.7.0.tar.gz deleted file mode 100644 index f11b898..0000000 --- a/Twisted-21.7.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:2cd652542463277378b0d349f47c62f20d9306e57d1247baabd6d1d38a109006 -size 3739740 diff --git a/Twisted-22.1.0.tar.gz b/Twisted-22.1.0.tar.gz new file mode 100644 index 0000000..4be60b0 --- /dev/null +++ b/Twisted-22.1.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b7971ec9805b0f80e1dcb1a3721d7bfad636d5f909de687430ce373979d67b61 +size 3729983 diff --git a/currentThread-deprecated.patch b/currentThread-deprecated.patch deleted file mode 100644 index d54de0d..0000000 --- a/currentThread-deprecated.patch +++ /dev/null @@ -1,13 +0,0 @@ -Index: Twisted-21.7.0/src/twisted/python/threadable.py -=================================================================== ---- Twisted-21.7.0.orig/src/twisted/python/threadable.py -+++ Twisted-21.7.0/src/twisted/python/threadable.py -@@ -104,7 +104,7 @@ _dummyID = object() - def getThreadID(): - if threadingmodule is None: - return _dummyID -- return threadingmodule.currentThread().ident -+ return threadingmodule.current_thread().ident - - - def isInIOThread(): diff --git a/no-cython_test_exception_raiser.patch b/no-cython_test_exception_raiser.patch index cf34e83..b59e62f 100644 --- a/no-cython_test_exception_raiser.patch +++ b/no-cython_test_exception_raiser.patch @@ -2,15 +2,17 @@ src/twisted/test/test_failure.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---- a/src/twisted/test/test_failure.py -+++ b/src/twisted/test/test_failure.py -@@ -22,7 +22,8 @@ from twisted.python import failure - from twisted.trial.unittest import SynchronousTestCase - +Index: Twisted-22.1.0/src/twisted/test/test_failure.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/test/test_failure.py ++++ Twisted-22.1.0/src/twisted/test/test_failure.py +@@ -15,7 +15,8 @@ from io import StringIO + from traceback import FrameSummary + from unittest import skipIf -from cython_test_exception_raiser import raiser # type: ignore[import] +# from cython_test_exception_raiser import raiser # type: ignore[import] +raiser = None - - def getDivisionFailure(*args, **kwargs): + from twisted.python import failure, reflect + from twisted.trial.unittest import SynchronousTestCase diff --git a/no-pygtkcompat.patch b/no-pygtkcompat.patch index 59eb1df..4abbdfe 100644 --- a/no-pygtkcompat.patch +++ b/no-pygtkcompat.patch @@ -1,13 +1,18 @@ -diff -ur Twisted-21.7.0.orig/src/twisted/internet/gireactor.py Twisted-21.7.0/src/twisted/internet/gireactor.py ---- Twisted-21.7.0.orig/src/twisted/internet/gireactor.py -+++ Twisted-21.7.0/src/twisted/internet/gireactor.py -@@ -24,16 +24,21 @@ - from twisted.internet.error import ReactorAlreadyRunning - from twisted.internet import _glibbase - from twisted.python import runtime +Index: Twisted-22.1.0/src/twisted/internet/gireactor.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/internet/gireactor.py ++++ Twisted-22.1.0/src/twisted/internet/gireactor.py +@@ -21,20 +21,24 @@ On Python 3, pygobject v3.4 or later is + """ + + -import gi.pygtkcompat # type: ignore[import] from gi.repository import GLib # type: ignore[import] + from twisted.internet import _glibbase + from twisted.internet.error import ReactorAlreadyRunning + from twisted.python import runtime + -# We require a sufficiently new version of pygobject, so always exists: -_pygtkcompatPresent = True +try: @@ -17,16 +22,15 @@ diff -ur Twisted-21.7.0.orig/src/twisted/internet/gireactor.py Twisted-21.7.0/sr +else: + # We require a sufficiently new version of pygobject, so always exists: + _pygtkcompatPresent = True -+ -+ # Newer version of gi, so we can try to initialize compatibility layer; if -+ # real pygtk was already imported we'll get ImportError at this point -+ # rather than segfault, so unconditional import is fine. -+ gi.pygtkcompat.enable() -# Newer version of gi, so we can try to initialize compatibility layer; if -# real pygtk was already imported we'll get ImportError at this point -# rather than segfault, so unconditional import is fine. -gi.pygtkcompat.enable() ++ # Newer version of gi, so we can try to initialize compatibility layer; if ++ # real pygtk was already imported we'll get ImportError at this point ++ # rather than segfault, so unconditional import is fine. ++ gi.pygtkcompat.enable() # At this point importing gobject will get you gi version, and importing # e.g. gtk will either fail in non-segfaulty way or use gi version if user # does gi.pygtkcompat.enable_gtk(). So, no need to prevent imports of diff --git a/no-test_successResultOfWithFailureHasTraceback.patch b/no-test_successResultOfWithFailureHasTraceback.patch index 13aee14..2fc63eb 100644 --- a/no-test_successResultOfWithFailureHasTraceback.patch +++ b/no-test_successResultOfWithFailureHasTraceback.patch @@ -2,16 +2,18 @@ src/twisted/conch/test/test_keys.py | 3 +++ 1 file changed, 3 insertions(+) ---- a/src/twisted/conch/test/test_keys.py -+++ b/src/twisted/conch/test/test_keys.py +Index: Twisted-22.1.0/src/twisted/conch/test/test_keys.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/conch/test/test_keys.py ++++ Twisted-22.1.0/src/twisted/conch/test/test_keys.py @@ -15,6 +15,7 @@ from twisted.python import randbytes from twisted.python.filepath import FilePath from twisted.python.reflect import requireModule from twisted.trial import unittest +import unittest as pyunit - cryptography = requireModule("cryptography") + if cryptography is None: @@ -253,6 +254,8 @@ class KeyTests(unittest.TestCase): for k, v in data.items(): self.assertEqual(privateKey.data()[k], v) diff --git a/python-Twisted.changes b/python-Twisted.changes index eecbc3c..1c4e710 100644 --- a/python-Twisted.changes +++ b/python-Twisted.changes @@ -1,3 +1,78 @@ +------------------------------------------------------------------- +Wed Feb 9 23:38:50 UTC 2022 - Marcus Rueckert + +- refreshed patches + - 1521_delegate_parseqs_stdlib_bpo42967.patch + - currentThread-deprecated.patch + - no-cython_test_exception_raiser.patch + - no-pygtkcompat.patch + - no-test_successResultOfWithFailureHasTraceback.patch + - remove-dependency-version-upper-bounds.patch + - skip_MultiCast.patch +- remove upstreamed patches + currentThread-deprecated.patch + +------------------------------------------------------------------- +Wed Feb 9 23:29:53 UTC 2022 - Marcus Rueckert + +- Update to 22.1.0: (boo#1195667) + - CVE-2022-21712 / GHSA-92x2-jw7w-xvvx + twisted.web.client.RedirectAgent and + twisted.web.client.BrowserLikeRedirectAgent now properly remove + sensitive headers when redirecting to a different origin. + (#10294) + - Python 3.10 is now a supported platform (#10224) + - Type annotations have been added to the twisted.python.fakepwd + module. (#10287) + - twisted.internet.defer.inlineCallbacks has an improved type + annotation, to avoid typing errors when it is used on a + function which returns a non-None result. (#10231) + - twisted.internet.base.DelayedCall.__repr__ and + twisted.internet.task.LoopingCall.__repr__ had the changes from + #10155 reverted to accept non-function callables. (#10235) + - Revert the removal of .whl building that was done as part of + #10177. (#10236) + - The type annotation of the host parameter to + twisted.internet.interfaces.IReactorTCP.connectTCP has been + corrected from bytes to str. (#10251) + - Deprecated twisted.python.threading.ThreadPool.currentThread() + in favor of threading.current_thread(). + - Switched twisted.python.threading.ThreadPool.currentThread() + and twisted.python.threadable.getThreadID() to use + `threading.current_thread()to avoid the deprecation warnings + introduced forthreading.currentThread()`` in Python 3.10. + (#10273) + - twisted.internet.utils.runWithWarningsSupressed behavior of + waiting on deferreds has been documented. (#10238) + - Sync API docs templates with pydoctor 21.9.0 release, using new + theming capabilities. (#10267) + - #1681, #9944, #10198, #10218, #10219, #10228, #10229, #10234, + #10239, #10240, #10245, #10246, #10248, #10250, #10255, #10277, + #10288, #10292 + - twisted.conch.ssh now supports SSH extension negotiation (RFC + 8308). (#10266) + - twisted.conch now uses constant-time comparisons for MACs. + (#8199) + - twisted.conch.ssh.filetransfer.FileTransferServer will now + return an ENOENT error status if an SFTP client tries to close + an unrecognized file handle. (#10293) + - SSHTransportBase.ssh_KEXINIT now uses the remote peer preferred + MAC list for negotiation. In previous versions it was only + using the local preferred MAC list. (#10241) + - twisted.web.client.RedirectAgent and + twisted.web.client.BrowserLikeRedirectAgent now properly remove + sensitive headers when redirecting to a different origin. + (#10294) + - Add type annotations for twisted.web.client.readBody. (#10269) + - twisted.web.client.getPage, twisted.web.client.downladPage, and + the associated implementation classes (HTTPPageGetter, + HTTPPageDownloader, HTTPClientFactory, HTTPDownloader) have + been removed because they do not segregate cookies by domain. + They were deprecated in Twisted 16.7.0 in favor of + twisted.web.client.Agent. GHSA-92x2-jw7w-xvvx. (#10295) + - trial.runner.filenameToModule now sets the correct + module.__name__ and sys.modules key (#10230) + ------------------------------------------------------------------- Thu Jan 6 04:48:46 UTC 2022 - Steve Kowalik diff --git a/python-Twisted.spec b/python-Twisted.spec index 9c41f4b..483890e 100644 --- a/python-Twisted.spec +++ b/python-Twisted.spec @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python3-%{**}} %define skip_python2 1 Name: python-Twisted -Version: 21.7.0 +Version: 22.1.0 Release: 0 Summary: An asynchronous networking framework written in Python License: MIT @@ -39,8 +39,6 @@ Patch4: no-cython_test_exception_raiser.patch Patch5: no-pygtkcompat.patch # PATCH-FIX-OPENSUSE remove-dependency-version-upper-bounds.patch boo#1190036 -- run with h2 >= 4.0.0 and priority >= 2.0 Patch6: remove-dependency-version-upper-bounds.patch -# PATCH-FIX-OPENSUSE do not throw DeprecatationWarning, upstream's fix is an API break -Patch7: currentThread-deprecated.patch BuildRequires: %{python_module Automat >= 0.8.0} BuildRequires: %{python_module PyHamcrest >= 1.9.0} BuildRequires: %{python_module appdirs >= 1.4.0} diff --git a/remove-dependency-version-upper-bounds.patch b/remove-dependency-version-upper-bounds.patch index 34f39ff..c3794bb 100644 --- a/remove-dependency-version-upper-bounds.patch +++ b/remove-dependency-version-upper-bounds.patch @@ -1,6 +1,8 @@ ---- a/setup.cfg -+++ b/setup.cfg -@@ -67,8 +67,8 @@ serial = +Index: Twisted-22.1.0/setup.cfg +=================================================================== +--- Twisted-22.1.0.orig/setup.cfg ++++ Twisted-22.1.0/setup.cfg +@@ -69,8 +69,8 @@ serial = pyserial >= 3.0 pywin32 != 226; platform_system == "Windows" http2 = diff --git a/skip_MultiCast.patch b/skip_MultiCast.patch index 528ead4..8927ef6 100644 --- a/skip_MultiCast.patch +++ b/skip_MultiCast.patch @@ -2,18 +2,20 @@ src/twisted/test/test_udp.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---- a/src/twisted/test/test_udp.py -+++ b/src/twisted/test/test_udp.py -@@ -9,7 +9,7 @@ Tests for implementations of L{IReactorU +Index: Twisted-22.1.0/src/twisted/test/test_udp.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/test/test_udp.py ++++ Twisted-22.1.0/src/twisted/test/test_udp.py +@@ -8,7 +8,7 @@ Tests for implementations of L{IReactorU + import os - -from unittest import skipIf +from unittest import skipIf, SkipTest - from twisted.trial.unittest import TestCase + from twisted.internet import defer, error, interfaces, protocol, reactor, udp from twisted.internet.defer import Deferred, gatherResults, maybeDeferred -@@ -522,6 +522,7 @@ class MulticastTests(TestCase): +@@ -521,6 +521,7 @@ class MulticastTests(TestCase): skip = "This reactor does not support multicast" def setUp(self):