Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-Twisted for openSUSE:Factory checked in at 2022-02-11 23:06:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-Twisted (Old) and /work/SRC/openSUSE:Factory/.python-Twisted.new.1956 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Twisted" Fri Feb 11 23:06:35 2022 rev:52 rq:953273 version:22.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-Twisted/python-Twisted.changes 2022-01-07 12:46:03.643832104 +0100 +++ /work/SRC/openSUSE:Factory/.python-Twisted.new.1956/python-Twisted.changes 2022-02-11 23:06:43.330491315 +0100 @@ -1,0 +2,75 @@ +Wed Feb 9 23:38:50 UTC 2022 - Marcus Rueckert <[email protected]> + +- refreshed patches + - 1521_delegate_parseqs_stdlib_bpo42967.patch + - currentThread-deprecated.patch + - no-cython_test_exception_raiser.patch + - no-pygtkcompat.patch + - no-test_successResultOfWithFailureHasTraceback.patch + - remove-dependency-version-upper-bounds.patch + - skip_MultiCast.patch +- remove upstreamed patches + currentThread-deprecated.patch + +------------------------------------------------------------------- +Wed Feb 9 23:29:53 UTC 2022 - Marcus Rueckert <[email protected]> + +- Update to 22.1.0: (boo#1195667) + - CVE-2022-21712 / GHSA-92x2-jw7w-xvvx + twisted.web.client.RedirectAgent and + twisted.web.client.BrowserLikeRedirectAgent now properly remove + sensitive headers when redirecting to a different origin. + (#10294) + - Python 3.10 is now a supported platform (#10224) + - Type annotations have been added to the twisted.python.fakepwd + module. (#10287) + - twisted.internet.defer.inlineCallbacks has an improved type + annotation, to avoid typing errors when it is used on a + function which returns a non-None result. (#10231) + - twisted.internet.base.DelayedCall.__repr__ and + twisted.internet.task.LoopingCall.__repr__ had the changes from + #10155 reverted to accept non-function callables. (#10235) + - Revert the removal of .whl building that was done as part of + #10177. (#10236) + - The type annotation of the host parameter to + twisted.internet.interfaces.IReactorTCP.connectTCP has been + corrected from bytes to str. (#10251) + - Deprecated twisted.python.threading.ThreadPool.currentThread() + in favor of threading.current_thread(). + - Switched twisted.python.threading.ThreadPool.currentThread() + and twisted.python.threadable.getThreadID() to use + `threading.current_thread()to avoid the deprecation warnings + introduced forthreading.currentThread()`` in Python 3.10. + (#10273) + - twisted.internet.utils.runWithWarningsSupressed behavior of + waiting on deferreds has been documented. (#10238) + - Sync API docs templates with pydoctor 21.9.0 release, using new + theming capabilities. (#10267) + - #1681, #9944, #10198, #10218, #10219, #10228, #10229, #10234, + #10239, #10240, #10245, #10246, #10248, #10250, #10255, #10277, + #10288, #10292 + - twisted.conch.ssh now supports SSH extension negotiation (RFC + 8308). (#10266) + - twisted.conch now uses constant-time comparisons for MACs. + (#8199) + - twisted.conch.ssh.filetransfer.FileTransferServer will now + return an ENOENT error status if an SFTP client tries to close + an unrecognized file handle. (#10293) + - SSHTransportBase.ssh_KEXINIT now uses the remote peer preferred + MAC list for negotiation. In previous versions it was only + using the local preferred MAC list. (#10241) + - twisted.web.client.RedirectAgent and + twisted.web.client.BrowserLikeRedirectAgent now properly remove + sensitive headers when redirecting to a different origin. + (#10294) + - Add type annotations for twisted.web.client.readBody. (#10269) + - twisted.web.client.getPage, twisted.web.client.downladPage, and + the associated implementation classes (HTTPPageGetter, + HTTPPageDownloader, HTTPClientFactory, HTTPDownloader) have + been removed because they do not segregate cookies by domain. + They were deprecated in Twisted 16.7.0 in favor of + twisted.web.client.Agent. GHSA-92x2-jw7w-xvvx. (#10295) + - trial.runner.filenameToModule now sets the correct + module.__name__ and sys.modules key (#10230) + +------------------------------------------------------------------- Old: ---- Twisted-21.7.0.tar.gz currentThread-deprecated.patch New: ---- Twisted-22.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-Twisted.spec ++++++ --- /var/tmp/diff_new_pack.rB3Zui/_old 2022-02-11 23:06:46.214499325 +0100 +++ /var/tmp/diff_new_pack.rB3Zui/_new 2022-02-11 23:06:46.218499335 +0100 @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python3-%{**}} %define skip_python2 1 Name: python-Twisted -Version: 21.7.0 +Version: 22.1.0 Release: 0 Summary: An asynchronous networking framework written in Python License: MIT @@ -39,8 +39,6 @@ Patch5: no-pygtkcompat.patch # PATCH-FIX-OPENSUSE remove-dependency-version-upper-bounds.patch boo#1190036 -- run with h2 >= 4.0.0 and priority >= 2.0 Patch6: remove-dependency-version-upper-bounds.patch -# PATCH-FIX-OPENSUSE do not throw DeprecatationWarning, upstream's fix is an API break -Patch7: currentThread-deprecated.patch BuildRequires: %{python_module Automat >= 0.8.0} BuildRequires: %{python_module PyHamcrest >= 1.9.0} BuildRequires: %{python_module appdirs >= 1.4.0} ++++++ 1521_delegate_parseqs_stdlib_bpo42967.patch ++++++ --- /var/tmp/diff_new_pack.rB3Zui/_old 2022-02-11 23:06:46.242499402 +0100 +++ /var/tmp/diff_new_pack.rB3Zui/_new 2022-02-11 23:06:46.246499414 +0100 @@ -10,16 +10,18 @@ 3 files changed, 4 insertions(+), 28 deletions(-) create mode 100644 src/twisted/web/newsfragments/10096.bugfix ---- a/src/twisted/web/http.py -+++ b/src/twisted/web/http.py -@@ -112,6 +112,7 @@ from urllib.parse import ( +Index: Twisted-22.1.0/src/twisted/web/http.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/web/http.py ++++ Twisted-22.1.0/src/twisted/web/http.py +@@ -113,6 +113,7 @@ from urllib.parse import ( ParseResultBytes, - urlparse as _urlparse, unquote_to_bytes as unquote, + urlparse as _urlparse, + parse_qs, ) - from typing import Callable + from zope.interface import Attribute, Interface, implementer, provider @@ -263,31 +264,6 @@ def urlparse(url): return ParseResultBytes(scheme, netloc, path, params, query, fragment) @@ -52,30 +54,34 @@ def datetimeToString(msSinceEpoch=None): """ Convert seconds since epoch to HTTP datetime string. +Index: Twisted-22.1.0/src/twisted/web/newsfragments/10096.bugfix +=================================================================== --- /dev/null -+++ b/src/twisted/web/newsfragments/10096.bugfix ++++ Twisted-22.1.0/src/twisted/web/newsfragments/10096.bugfix @@ -0,0 +1 @@ +delegate to urllib.parse:parse_qs in twisted.web.http:parse_qs to avoid CVE-2021-23336 and the associated CI failures ---- a/src/twisted/web/server.py -+++ b/src/twisted/web/server.py -@@ -19,7 +19,7 @@ import os - import re +Index: Twisted-22.1.0/src/twisted/web/server.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/web/server.py ++++ Twisted-22.1.0/src/twisted/web/server.py +@@ -21,7 +21,7 @@ import zlib + from binascii import hexlify from html import escape from typing import List, Optional -from urllib.parse import quote as _quote +from urllib.parse import quote as _quote, unquote_to_bytes as _unquote_to_bytes - import zlib - from binascii import hexlify -@@ -31,7 +31,6 @@ from twisted.spread.pb import Copyable, - from twisted.internet import address, interfaces - from twisted.internet.error import AlreadyCalled, AlreadyCancelled - from twisted.web import iweb, http, util + from zope.interface import implementer + +@@ -37,7 +37,6 @@ from twisted.python.deprecate import dep + from twisted.spread.pb import Copyable, ViewPoint + from twisted.web import http, iweb, resource, util + from twisted.web.error import UnsupportedMethod -from twisted.web.http import unquote - from twisted.python import reflect, failure, components - from twisted import copyright - from twisted.web import resource -@@ -213,7 +212,7 @@ class Request(Copyable, http.Request, co + + NOT_DONE_YET = 1 + +@@ -211,7 +210,7 @@ class Request(Copyable, http.Request, co # Resource Identification self.prepath = [] ++++++ Twisted-21.7.0.tar.gz -> Twisted-22.1.0.tar.gz ++++++ ++++ 29533 lines of diff (skipped) ++++++ no-cython_test_exception_raiser.patch ++++++ --- /var/tmp/diff_new_pack.rB3Zui/_old 2022-02-11 23:06:46.766500858 +0100 +++ /var/tmp/diff_new_pack.rB3Zui/_new 2022-02-11 23:06:46.774500880 +0100 @@ -2,16 +2,18 @@ src/twisted/test/test_failure.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---- a/src/twisted/test/test_failure.py -+++ b/src/twisted/test/test_failure.py -@@ -22,7 +22,8 @@ from twisted.python import failure - from twisted.trial.unittest import SynchronousTestCase - +Index: Twisted-22.1.0/src/twisted/test/test_failure.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/test/test_failure.py ++++ Twisted-22.1.0/src/twisted/test/test_failure.py +@@ -15,7 +15,8 @@ from io import StringIO + from traceback import FrameSummary + from unittest import skipIf -from cython_test_exception_raiser import raiser # type: ignore[import] +# from cython_test_exception_raiser import raiser # type: ignore[import] +raiser = None - - def getDivisionFailure(*args, **kwargs): + from twisted.python import failure, reflect + from twisted.trial.unittest import SynchronousTestCase ++++++ no-pygtkcompat.patch ++++++ --- /var/tmp/diff_new_pack.rB3Zui/_old 2022-02-11 23:06:46.786500913 +0100 +++ /var/tmp/diff_new_pack.rB3Zui/_new 2022-02-11 23:06:46.790500924 +0100 @@ -1,13 +1,18 @@ -diff -ur Twisted-21.7.0.orig/src/twisted/internet/gireactor.py Twisted-21.7.0/src/twisted/internet/gireactor.py ---- Twisted-21.7.0.orig/src/twisted/internet/gireactor.py -+++ Twisted-21.7.0/src/twisted/internet/gireactor.py -@@ -24,16 +24,21 @@ - from twisted.internet.error import ReactorAlreadyRunning - from twisted.internet import _glibbase - from twisted.python import runtime +Index: Twisted-22.1.0/src/twisted/internet/gireactor.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/internet/gireactor.py ++++ Twisted-22.1.0/src/twisted/internet/gireactor.py +@@ -21,20 +21,24 @@ On Python 3, pygobject v3.4 or later is + """ + + -import gi.pygtkcompat # type: ignore[import] from gi.repository import GLib # type: ignore[import] + from twisted.internet import _glibbase + from twisted.internet.error import ReactorAlreadyRunning + from twisted.python import runtime + -# We require a sufficiently new version of pygobject, so always exists: -_pygtkcompatPresent = True +try: @@ -17,16 +22,15 @@ +else: + # We require a sufficiently new version of pygobject, so always exists: + _pygtkcompatPresent = True -+ -+ # Newer version of gi, so we can try to initialize compatibility layer; if -+ # real pygtk was already imported we'll get ImportError at this point -+ # rather than segfault, so unconditional import is fine. -+ gi.pygtkcompat.enable() -# Newer version of gi, so we can try to initialize compatibility layer; if -# real pygtk was already imported we'll get ImportError at this point -# rather than segfault, so unconditional import is fine. -gi.pygtkcompat.enable() ++ # Newer version of gi, so we can try to initialize compatibility layer; if ++ # real pygtk was already imported we'll get ImportError at this point ++ # rather than segfault, so unconditional import is fine. ++ gi.pygtkcompat.enable() # At this point importing gobject will get you gi version, and importing # e.g. gtk will either fail in non-segfaulty way or use gi version if user # does gi.pygtkcompat.enable_gtk(). So, no need to prevent imports of ++++++ no-test_successResultOfWithFailureHasTraceback.patch ++++++ --- /var/tmp/diff_new_pack.rB3Zui/_old 2022-02-11 23:06:46.806500969 +0100 +++ /var/tmp/diff_new_pack.rB3Zui/_new 2022-02-11 23:06:46.810500980 +0100 @@ -2,16 +2,18 @@ src/twisted/conch/test/test_keys.py | 3 +++ 1 file changed, 3 insertions(+) ---- a/src/twisted/conch/test/test_keys.py -+++ b/src/twisted/conch/test/test_keys.py +Index: Twisted-22.1.0/src/twisted/conch/test/test_keys.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/conch/test/test_keys.py ++++ Twisted-22.1.0/src/twisted/conch/test/test_keys.py @@ -15,6 +15,7 @@ from twisted.python import randbytes from twisted.python.filepath import FilePath from twisted.python.reflect import requireModule from twisted.trial import unittest +import unittest as pyunit - cryptography = requireModule("cryptography") + if cryptography is None: @@ -253,6 +254,8 @@ class KeyTests(unittest.TestCase): for k, v in data.items(): self.assertEqual(privateKey.data()[k], v) ++++++ remove-dependency-version-upper-bounds.patch ++++++ --- /var/tmp/diff_new_pack.rB3Zui/_old 2022-02-11 23:06:46.834501047 +0100 +++ /var/tmp/diff_new_pack.rB3Zui/_new 2022-02-11 23:06:46.838501057 +0100 @@ -1,6 +1,8 @@ ---- a/setup.cfg -+++ b/setup.cfg -@@ -67,8 +67,8 @@ serial = +Index: Twisted-22.1.0/setup.cfg +=================================================================== +--- Twisted-22.1.0.orig/setup.cfg ++++ Twisted-22.1.0/setup.cfg +@@ -69,8 +69,8 @@ serial = pyserial >= 3.0 pywin32 != 226; platform_system == "Windows" http2 = ++++++ skip_MultiCast.patch ++++++ --- /var/tmp/diff_new_pack.rB3Zui/_old 2022-02-11 23:06:46.846501080 +0100 +++ /var/tmp/diff_new_pack.rB3Zui/_new 2022-02-11 23:06:46.850501091 +0100 @@ -2,18 +2,20 @@ src/twisted/test/test_udp.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) ---- a/src/twisted/test/test_udp.py -+++ b/src/twisted/test/test_udp.py -@@ -9,7 +9,7 @@ Tests for implementations of L{IReactorU +Index: Twisted-22.1.0/src/twisted/test/test_udp.py +=================================================================== +--- Twisted-22.1.0.orig/src/twisted/test/test_udp.py ++++ Twisted-22.1.0/src/twisted/test/test_udp.py +@@ -8,7 +8,7 @@ Tests for implementations of L{IReactorU - import os + import os -from unittest import skipIf +from unittest import skipIf, SkipTest - from twisted.trial.unittest import TestCase + from twisted.internet import defer, error, interfaces, protocol, reactor, udp from twisted.internet.defer import Deferred, gatherResults, maybeDeferred -@@ -522,6 +522,7 @@ class MulticastTests(TestCase): +@@ -521,6 +521,7 @@ class MulticastTests(TestCase): skip = "This reactor does not support multicast" def setUp(self):
