pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/net/py-twisted py-twisted: updated to 19.10.0

branches:  trunk
changeset: 422915:c250fb7b7e61
user:      adam <>
date:      Thu Feb 06 15:44:57 2020 +0000

py-twisted: updated to 19.10.0

Twisted 19.10.0:

- twisted.trial.successResultOf, twisted.trial.failureResultOf, and
  twisted.trial.assertNoResult accept coroutines as well as Deferreds.

- Fixed circular import in twisted.trial.reporter, introduced in Twisted 16.0.0.
- The POP3 server implemented by twisted.mail.pop3 now accepts passwords that contain spaces.
- Incoming HTTP/2 connections will now not time out if they persist for longer than one minute.
- The serial extra now requires pywin32 on Windows enabling use of twisted.internet.serialport without specifying the windows_platform extra.

- twisted.conch.ssh.keys now correctly writes the "iqmp" parameter in serialized RSA private keys as q^-1 mod p rather than p^-1 mod q.

- twisted.web.server.Request will now use twisted.web.server.Site.getContentFile, if it exists, to get a file into which to write request content.  If getContentFile is not provided by the site, it 
will fall back to the previous behavior of using io.BytesIO for small requests and tempfile.TemporaryFile for large ones.

- twisted.web.client.FileBodyProducer will now stop producing when the Deferred returned by FileBodyProducer.startProducing is cancelled.
- The HTTP/2 server implementation now enforces TCP flow control on control frame messages and times out clients that send invalid data without reading responses.  This closes CVE-2019-9512 (Ping 
Flood), CVE-2019-9514 (Reset Flood), and CVE-2019-9515 (Settings Flood).  Thanks to Jonathan Looney and Piotr Sikora.

Twisted 19.7.0:

- The callable argument to twisted.internet.task.deferLater() is no longer required.
- Twisted's minimum Cryptography requirement is now 2.5.
- twisted.internet.utils.getProcessOutputAndValue now accepts `stdinBytes` to write to the child process's standard input.
- Add new twisted.logger.capturedLogs context manager for capturing observed log events in tests.
- twisted.internet.base.PluggableResolverMixin, which implements the pluggable resolver interfaces for easier re-use in other reactors, has been factored out of ReactorBase.
- The PyPI page for Twisted has been enhanced to include more information and useful links.

- twisted.internet.endpoints is now importable on Windows when pywin32 is not installed.
- twisted.conch.ssh now generates correct keys when using hmac-sha2-512 with SHA1 based KEX algorithms.
- twisted.internet.iocpreactor.abstract.FileHandle no longer duplicates/looses outgoing data when .write() is called in rapid succession with large payloads
- twisted.application.backoffPolicy will not fail on connection attempts > 1750 with default settings.
- Trial on Python 3 will now properly re-raise ImportErrors that occur during the import of a module, rather than saying the module doesn't exist.
- twisted.internet.process does not fail on import when the process has more than 1024 file descriptors opened.
- Add the stackLevel keyword argument to twisted.logger.STDLibLogObserver._findCaller to fix an incompatibility with Python 3.8.

Improved Documentation
- Fix the incorrect docstring for twisted.python.components.Componentized.addComponent which stated that the function returned a list of interfaces, even though the function doesn't actually do so.

Deprecations and Removals
- twisted.test.proto_helpers has moved to twisted.internet.testing. twisted.test.proto_helpers has been deprecated.
- twisted.protocols.mice, deprecated since Twisted 16.0, has been removed.
- twisted.conch.insults.client and twisted.conch.insults.colors, deprecated since Twisted 10.1, have been removed.
- The __version__ attribute of Twisted submodules that were previously packaged separately, deprecated since Twisted 16.0, has been removed.
- Python 3.4 is no longer supported.
- twisted.python.compat.OrderedDict, an alias for collections.OrderedDict and deprecated since Twisted 15.5, has been removed.

- t.c.ssh.connection.SSHConnection now fails channels that are in the process of opening when the connection is lost.

- twisted.web.tap, the module that is run by `twist web`, now accepts --display-tracebacks to render tracebacks on uncaught exceptions.

- twisted.web.http.Request.write after the channel is disconnected will no longer raise AttributeError.
- twisted.web.client.Agent.request() and twisted.web.client.ProxyAgent.request() now produce TypeError when the method argument is not bytes, rather than failing to generate the request.
- twisted.web.http.HTTPChannel no longer raises TypeError internally when receiving a line-folded HTTP header on Python 3.
- All HTTP clients in twisted.web.client now raise a ValueError when called with a method and/or URL that contain invalid characters.  This mitigates CVE-2019-12387.  Thanks to Alex Brasetvik for 
reporting this vulnerability.
- twisted.web.server.Site's instance variable displayTracebacks is now set to False by default.

Improved Documentation
- twisted.web.iweb.IRequest's "prepath" and "postpath" attributes, which have existed for a long time, are now documented.
- The documented type of t.w.iweb.IRequest's "method" and "uri" attributes on Python 3 has been corrected to match the implementation.
- t.w.iweb.IRequest's "args" attribute is now correctly documented to be bytes.
- The API documentation of twisted.web.iweb.IRequest and twisted.web.http.Request has been updated and extended to match the implementation.

Deprecations and Removals
- Passing a path argument to twisted.web.resource.Resource.putChild which is not of type bytes is now deprecated.  In the future, passing a non-bytes argument to putChild will return an error.
- Passing --notracebacks/-n to twisted.web.tap, the module that is run by `twist web`, is now deprecated due to traceback rendering being disabled by default.

- twisted.words.protocols.jabber.xmlstream.TLSInitiatingInitializer and twisted.words.protocols.jabber.client.XMPPClientFactory now take an optional configurationForTLS for customizing certificate 
options for StartTLS.

- twisted.words.protocols.jabber.xmlstream.TLSInitiatingInitializer now properly verifies the server's certificate against platform CAs and the stream's domain, mitigating CVE-2019-12855.

- twisted.names.client.Resolver will no longer infinite loop if it cannot bind a UDP port to use for resolving.

Twisted 19.2.0:
This is the final release that will support Python 3.4.

- twisted.internet.ssl.CertificateOptions now uses 32 random bytes instead of an MD5 hash for the ssl session identifier context.
- DeferredLock and DeferredSemaphore can be used as asynchronous context
  managers on Python 3.5+.
- t.i.b.BaseConnector has custom __repr__
- twisted.internet.ssl.optionsForClientTLS now supports validating IP addresses from the certificate subjectAltName
- Twisted's minimum Cryptography requirement is now 2.5.

- twisted.web.proxy.ReverseProxyResource fixed documentation and example snippet
- twisted.python.failure.Failure.getTracebackObject now returns traceback objects whose frames can be passed into traceback.print_stack for better debugging of where the exception came from.
- twisted.internet.ssl.KeyPair.generate: No longer generate 1024-bit RSA keys by default. Anyone who generated a key with this method using the default value should move to replace it immediately.
- The message of twisted.internet.error.ConnectionAborted is no longer truncated.
- twisted.enterprise.adbapi.ConnectionPool.connect now logs only the dbapiName and not the connection arguments, which may contain credentials
- twisted.python.runtime.Platform.supportsINotify no longer considers the result of isDocker for its own result.

Improved Documentation
- The documentation for the the twisted.internet.interfaces.IConsumer, IProducer, and IPullProducer interfaces is more detailed.
- The errback example in the docstring of twisted.logger.Logger.failure has been corrected.
- The sample code in the "Twisted Web In 60 Seconds" tutorial runs on Python 3.

- twisted.conch.ssh.keys can now read private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8.

- Conch now uses pyca/cryptography for Diffie-Hellman key generation and agreement.

- twisted.web.client.HostnameCachingHTTPSPolicy was added as a new contextFactory option.  The policy caches a specified number of twisted.internet.interfaces.IOpenSSLClientConnectionCreator 
instances to to avoid the cost of instantiating a connection creator for multiple requests to the same host.

- twisted.web.http.Request.cookies, twisted.web.http.HTTPChannel.writeHeaders, and twisted.web.http_headers.Headers were all vulnerable to header injection attacks.  They now replace linear 
whitespace ('\r', '\n', and '\r\n') with a single space.  twisted.web.http.Reqeuest.cookies also replaces semicolons (';') with a single space.
- twisted.web.client.Request and twisted.web.client.HTTPClient were both vulnerable to header injection attacks.  They now replace linear whitespace ('\r', '\n', and '\r\n') with a single space.

- twisted.names.dns now has IRecord implementations for the SSHFP and TSIG record types.


 net/py-twisted/Makefile                                    |  14 ++---
 net/py-twisted/Makefile.common                             |   4 +-
 net/py-twisted/PLIST                                       |  37 +++++++------
 net/py-twisted/distinfo                                    |  12 ++--
 net/py-twisted/patches/ |   8 +-
 5 files changed, 39 insertions(+), 36 deletions(-)

diffs (210 lines):

diff -r fc70496bf292 -r c250fb7b7e61 net/py-twisted/Makefile
--- a/net/py-twisted/Makefile   Thu Feb 06 11:28:49 2020 +0000
+++ b/net/py-twisted/Makefile   Thu Feb 06 15:44:57 2020 +0000
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.41 2019/08/11 13:22:28 wiz Exp $
+# $NetBSD: Makefile,v 1.42 2020/02/06 15:44:57 adam Exp $
 COMMENT=       Framework for writing networked applications
 .include "../../net/py-twisted/Makefile.common"
@@ -14,20 +13,19 @@
 DEPENDS+=      ${PYPKGPREFIX}-ZopeInterface>=4.4.2:../../devel/py-ZopeInterface
 # TLS
 DEPENDS+=      ${PYPKGPREFIX}-OpenSSL>=16.0.0:../../security/py-OpenSSL
-DEPENDS+=      ${PYPKGPREFIX}-service_identity-[0-9]*:../../security/py-service_identity
+DEPENDS+=      ${PYPKGPREFIX}-service_identity>=18.1.0:../../security/py-service_identity
 DEPENDS+=      ${PYPKGPREFIX}-idna>=2.4:../../www/py-idna
 REPLACE_PYTHON+=       src/twisted/mail/test/
 REPLACE_PYTHON+=       src/twisted/trial/test/
-REPLACE_PYTHON+=       src/twisted/python/test/
-USE_LANGUAGES=         c99
+.for bin in cftp ckeygen conch mailmail pyhtmlizer tkconch trial twist twistd
        cd ${DESTDIR}${PREFIX}/bin && \
-       for i in cftp ckeygen conch mailmail pyhtmlizer tkconch trial twist twistd; do \
-               ${MV} $$i $$i-${PYVERSSUFFIX} || ${TRUE}; \
-       done
+       ${MV} ${bin} ${bin}-${PYVERSSUFFIX} || ${TRUE}
 .include "../../lang/python/"
 .include "../../lang/python/"
diff -r fc70496bf292 -r c250fb7b7e61 net/py-twisted/Makefile.common
--- a/net/py-twisted/Makefile.common    Thu Feb 06 11:28:49 2020 +0000
+++ b/net/py-twisted/Makefile.common    Thu Feb 06 15:44:57 2020 +0000
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile.common,v 1.42 2018/10/16 09:44:51 adam Exp $
+# $NetBSD: Makefile.common,v 1.43 2020/02/06 15:44:57 adam Exp $
 # used by net/py-twisted/Makefile
 # used by net/py-twisted-docs/Makefile
-DISTNAME=      Twisted-18.9.0
+DISTNAME=      Twisted-19.10.0
 CATEGORIES=    net python
 EXTRACT_SUFX=  .tar.bz2
diff -r fc70496bf292 -r c250fb7b7e61 net/py-twisted/PLIST
--- a/net/py-twisted/PLIST      Thu Feb 06 11:28:49 2020 +0000
+++ b/net/py-twisted/PLIST      Thu Feb 06 15:44:57 2020 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.31 2018/10/16 09:44:51 adam Exp $
+@comment $NetBSD: PLIST,v 1.32 2020/02/06 15:44:57 adam Exp $
@@ -168,12 +168,6 @@
@@ -689,6 +683,9 @@
@@ -752,6 +749,9 @@
@@ -776,6 +776,9 @@
@@ -806,6 +809,9 @@
@@ -851,6 +857,9 @@
@@ -1320,12 +1329,6 @@
@@ -1844,6 +1847,7 @@
@@ -1987,9 +1991,6 @@
@@ -2110,6 +2111,7 @@
@@ -2320,6 +2322,9 @@
diff -r fc70496bf292 -r c250fb7b7e61 net/py-twisted/distinfo
--- a/net/py-twisted/distinfo   Thu Feb 06 11:28:49 2020 +0000
+++ b/net/py-twisted/distinfo   Thu Feb 06 15:44:57 2020 +0000
@@ -1,7 +1,7 @@
-$NetBSD: distinfo,v 1.37 2018/10/16 09:44:51 adam Exp $
+$NetBSD: distinfo,v 1.38 2020/02/06 15:44:57 adam Exp $
-SHA1 (Twisted-18.9.0.tar.bz2) = 9dae1ef0978a4fad8d5143d782580553375adab5
-RMD160 (Twisted-18.9.0.tar.bz2) = 76c506213c00d48c381bf9d74ff917823b0a6227
-SHA512 (Twisted-18.9.0.tar.bz2) = a9878750f46207b8758f5407a0e4332d9e367bd3ed4e18001825982c3ba78c56372934e634f1866805b9b9bc452698ad36396285172b61cf84da0de5efa7cc29
-Size (Twisted-18.9.0.tar.bz2) = 3088398 bytes
-SHA1 ( = 3c1a44f4249d545426d1a63ca09ffbd1761d1a3a
+SHA1 (Twisted-19.10.0.tar.bz2) = 38a7f1b9c63ba0d2db553e2d210af2fd01b3ed21
+RMD160 (Twisted-19.10.0.tar.bz2) = d1c3684e564f13f554f08656ec2a03f725796505
+SHA512 (Twisted-19.10.0.tar.bz2) = de8d7fd0b2081cebeff68b060c8469377011648bc563a94a993d3530fb007ed42c3a54925c9a10c465ee7a3065cc9108ace12d10d358223fab13494becb9ac4b
+Size (Twisted-19.10.0.tar.bz2) = 3118485 bytes
+SHA1 ( = 3094320805707f13c64e0f9b4e2e67b5b26dac37
diff -r fc70496bf292 -r c250fb7b7e61 net/py-twisted/patches/
--- a/net/py-twisted/patches/        Thu Feb 06 11:28:49 2020 +0000
+++ b/net/py-twisted/patches/        Thu Feb 06 15:44:57 2020 +0000
@@ -1,11 +1,11 @@
-$NetBSD:,v 1.2 2018/07/24 15:10:04 adam Exp $
+$NetBSD:,v 1.3 2020/02/06 15:44:58 adam Exp $
 Allow building with a c99 compiler on SunOS
---- src/twisted/python/  2017-09-23 05:51:46.000000000 +0000
+--- src/twisted/python/  2019-11-02 16:29:27.000000000 +0000
 +++ src/twisted/python/
-@@ -293,8 +293,7 @@ class build_ext_twisted(build_ext.build_
-         #  See the documentation
+@@ -355,8 +355,7 @@ class build_ext_twisted(build_ext.build_
+         #  See the documentation
          # of X/Open CAE in the standards(5) man page of Solaris.
          if sys.platform.startswith('sunos'):
 -            self.define_macros.append(('_XOPEN_SOURCE', 1))

Home | Main Index | Thread Index | Old Index