From 0ebf7c52ec4bb26646ee2d12397547535ce609c2 Mon Sep 17 00:00:00 2001 From: Amber Brown Date: Fri, 13 Mar 2020 14:53:33 +1100 Subject: [PATCH 1/3] Revert "20.3rc1 towncrier" This reverts commit 50412c939af71da0cf09e87065553c036458e09b. --- NEWS.rst | 90 -------------------- src/twisted/conch/newsfragments/6814.feature | 1 + src/twisted/conch/newsfragments/9682.bugfix | 1 + src/twisted/conch/newsfragments/9683.feature | 1 + src/twisted/conch/newsfragments/9760.misc | 1 + src/twisted/mail/newsfragments/9733.misc | 0 src/twisted/names/newsfragments/9496.bugfix | 1 + src/twisted/newsfragments/9405.removal | 1 + src/twisted/newsfragments/9634.misc | 0 src/twisted/newsfragments/9690.doc | 1 + src/twisted/newsfragments/9701.misc | 0 src/twisted/newsfragments/9707.misc | 1 + src/twisted/newsfragments/9710.misc | 1 + src/twisted/newsfragments/9715.misc | 1 + src/twisted/newsfragments/9724.doc | 1 + src/twisted/newsfragments/9726.misc | 0 src/twisted/newsfragments/9727.misc | 0 src/twisted/newsfragments/9728.misc | 0 src/twisted/newsfragments/9729.misc | 0 src/twisted/newsfragments/9735.misc | 0 src/twisted/newsfragments/9737.misc | 0 src/twisted/newsfragments/9756.bugfix | 1 + src/twisted/newsfragments/9757.misc | 0 src/twisted/web/newsfragments/9596.bugfix | 1 + src/twisted/web/newsfragments/9646.bugfix | 1 + src/twisted/web/newsfragments/9678.bugfix | 1 + src/twisted/web/newsfragments/9769.bugfix | 1 + src/twisted/web/newsfragments/9770.bugfix | 1 + src/twisted/words/newsfragments/9730.bugfix | 1 + 29 files changed, 18 insertions(+), 90 deletions(-) create mode 100644 src/twisted/conch/newsfragments/6814.feature create mode 100644 src/twisted/conch/newsfragments/9682.bugfix create mode 100644 src/twisted/conch/newsfragments/9683.feature create mode 100644 src/twisted/conch/newsfragments/9760.misc create mode 100644 src/twisted/mail/newsfragments/9733.misc create mode 100644 src/twisted/names/newsfragments/9496.bugfix create mode 100644 src/twisted/newsfragments/9405.removal create mode 100644 src/twisted/newsfragments/9634.misc create mode 100644 src/twisted/newsfragments/9690.doc create mode 100644 src/twisted/newsfragments/9701.misc create mode 100644 src/twisted/newsfragments/9707.misc create mode 100644 src/twisted/newsfragments/9710.misc create mode 100644 src/twisted/newsfragments/9715.misc create mode 100644 src/twisted/newsfragments/9724.doc create mode 100644 src/twisted/newsfragments/9726.misc create mode 100644 src/twisted/newsfragments/9727.misc create mode 100644 src/twisted/newsfragments/9728.misc create mode 100644 src/twisted/newsfragments/9729.misc create mode 100644 src/twisted/newsfragments/9735.misc create mode 100644 src/twisted/newsfragments/9737.misc create mode 100644 src/twisted/newsfragments/9756.bugfix create mode 100644 src/twisted/newsfragments/9757.misc create mode 100644 src/twisted/web/newsfragments/9596.bugfix create mode 100644 src/twisted/web/newsfragments/9646.bugfix create mode 100644 src/twisted/web/newsfragments/9678.bugfix create mode 100644 src/twisted/web/newsfragments/9769.bugfix create mode 100644 src/twisted/web/newsfragments/9770.bugfix create mode 100644 src/twisted/words/newsfragments/9730.bugfix diff --git a/NEWS.rst b/NEWS.rst index c3a3f1320..fc6a014ad 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -3,96 +3,6 @@ http://twistedmatrix.com/trac/ticket/ .. towncrier release notes start -Twisted 20.3.0rc1 (2020-03-08) -============================== - -Bugfixes --------- - -- twisted.protocols.amp.BoxDispatcher.callRemote and callRemoteString will no longer return failing Deferreds for requiresAnswer=False commands when the transport they're operating on has been disconnected. (#9756) - - -Improved Documentation ----------------------- - -- Added a missing hyphen to a reference to the ``--debug`` option of ``pdb`` in the Trial how-to. (#9690) -- The documentation of the twisted.cred.checkers module has been extended and corrected. (#9724) - - -Deprecations and Removals -------------------------- - -- twisted.news is deprecated. (#9405) - - -Misc ----- - -- #9634, #9701, #9707, #9710, #9715, #9726, #9727, #9728, #9729, #9735, #9737, #9757 - - -Conch ------ - -Features -~~~~~~~~ - -- twisted.conch.ssh now supports the curve25519-sha256 key exchange algorithm (requires OpenSSL >= 1.1.0). (#6814) -- twisted.conch.ssh.keys can now write private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. ckeygen has a corresponding new --private-key-subtype=v1 option. (#9683) - - -Bugfixes -~~~~~~~~ - -- twisted.conch.keys.Key.privateBlob now returns the correct blob format for ECDSA (i.e. the same as that implemented by OpenSSH). (#9682) - - -Misc -~~~~ - -- #9760 - - -Web ---- - -Bugfixes -~~~~~~~~ - -- Fixed return type of twisted.web.http.Request.getUser and twisted.web.http.Request.getPassword to binary if no authorization header was found or an exception was thrown (#9596) -- twisted.web.http.HTTPChannel now rejects requests (with status code 400 and a drop) that have malformed headers of the form "Foo : value" or ": value". (#9646) -- twisted.web.http.Request now correctly parses multipart-encoded form data submitted as a chunked request on Python 3.7+. (#9678) -- twisted.web.client.BrowserLikePolicyForHTTPS is now listed in __all__, since it's a user-facing class that anyone could import and extend. (#9769) -- twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than "chunked" and "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400. (#9770) - - -Mail ----- - -Misc -~~~~ - -- #9733 - - -Words ------ - -Bugfixes -~~~~~~~~ - -- Fixed parsing of streams with Python 3.8 when there are spaces in namespaces or namespaced attributes in twisted.words.xish.domish.ExpatElementStream (#9730) - - -Names ------ - -Bugfixes -~~~~~~~~ - -- twisted.names.secondary.SecondaryAuthority now accepts str for its domain parameter, so twist dns --secondary now functions on Python 3. (#9496) - - Twisted 19.10.0 (2019-11-03) ============================ diff --git a/src/twisted/conch/newsfragments/6814.feature b/src/twisted/conch/newsfragments/6814.feature new file mode 100644 index 000000000..f644d9df7 --- /dev/null +++ b/src/twisted/conch/newsfragments/6814.feature @@ -0,0 +1 @@ +twisted.conch.ssh now supports the curve25519-sha256 key exchange algorithm (requires OpenSSL >= 1.1.0). diff --git a/src/twisted/conch/newsfragments/9682.bugfix b/src/twisted/conch/newsfragments/9682.bugfix new file mode 100644 index 000000000..86bd37f30 --- /dev/null +++ b/src/twisted/conch/newsfragments/9682.bugfix @@ -0,0 +1 @@ +twisted.conch.keys.Key.privateBlob now returns the correct blob format for ECDSA (i.e. the same as that implemented by OpenSSH). diff --git a/src/twisted/conch/newsfragments/9683.feature b/src/twisted/conch/newsfragments/9683.feature new file mode 100644 index 000000000..c1cac3cca --- /dev/null +++ b/src/twisted/conch/newsfragments/9683.feature @@ -0,0 +1 @@ +twisted.conch.ssh.keys can now write private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. ckeygen has a corresponding new --private-key-subtype=v1 option. diff --git a/src/twisted/conch/newsfragments/9760.misc b/src/twisted/conch/newsfragments/9760.misc new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/src/twisted/conch/newsfragments/9760.misc @@ -0,0 +1 @@ + diff --git a/src/twisted/mail/newsfragments/9733.misc b/src/twisted/mail/newsfragments/9733.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/names/newsfragments/9496.bugfix b/src/twisted/names/newsfragments/9496.bugfix new file mode 100644 index 000000000..5bf10f7a9 --- /dev/null +++ b/src/twisted/names/newsfragments/9496.bugfix @@ -0,0 +1 @@ +twisted.names.secondary.SecondaryAuthority now accepts str for its domain parameter, so twist dns --secondary now functions on Python 3. diff --git a/src/twisted/newsfragments/9405.removal b/src/twisted/newsfragments/9405.removal new file mode 100644 index 000000000..26af0c8d6 --- /dev/null +++ b/src/twisted/newsfragments/9405.removal @@ -0,0 +1 @@ +twisted.news is deprecated. diff --git a/src/twisted/newsfragments/9634.misc b/src/twisted/newsfragments/9634.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/newsfragments/9690.doc b/src/twisted/newsfragments/9690.doc new file mode 100644 index 000000000..e37a4b8e0 --- /dev/null +++ b/src/twisted/newsfragments/9690.doc @@ -0,0 +1 @@ +Added a missing hyphen to a reference to the ``--debug`` option of ``pdb`` in the Trial how-to. diff --git a/src/twisted/newsfragments/9701.misc b/src/twisted/newsfragments/9701.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/newsfragments/9707.misc b/src/twisted/newsfragments/9707.misc new file mode 100644 index 000000000..8b1378917 --- /dev/null +++ b/src/twisted/newsfragments/9707.misc @@ -0,0 +1 @@ + diff --git a/src/twisted/newsfragments/9710.misc b/src/twisted/newsfragments/9710.misc new file mode 100644 index 000000000..6e242fdef --- /dev/null +++ b/src/twisted/newsfragments/9710.misc @@ -0,0 +1 @@ +Require attrs ≥ 19.2.0 to use eq instead of the deprecated cmp diff --git a/src/twisted/newsfragments/9715.misc b/src/twisted/newsfragments/9715.misc new file mode 100644 index 000000000..d3f5a12fa --- /dev/null +++ b/src/twisted/newsfragments/9715.misc @@ -0,0 +1 @@ + diff --git a/src/twisted/newsfragments/9724.doc b/src/twisted/newsfragments/9724.doc new file mode 100644 index 000000000..e07cb6ea1 --- /dev/null +++ b/src/twisted/newsfragments/9724.doc @@ -0,0 +1 @@ +The documentation of the twisted.cred.checkers module has been extended and corrected. diff --git a/src/twisted/newsfragments/9726.misc b/src/twisted/newsfragments/9726.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/newsfragments/9727.misc b/src/twisted/newsfragments/9727.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/newsfragments/9728.misc b/src/twisted/newsfragments/9728.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/newsfragments/9729.misc b/src/twisted/newsfragments/9729.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/newsfragments/9735.misc b/src/twisted/newsfragments/9735.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/newsfragments/9737.misc b/src/twisted/newsfragments/9737.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/newsfragments/9756.bugfix b/src/twisted/newsfragments/9756.bugfix new file mode 100644 index 000000000..eb29854b1 --- /dev/null +++ b/src/twisted/newsfragments/9756.bugfix @@ -0,0 +1 @@ +twisted.protocols.amp.BoxDispatcher.callRemote and callRemoteString will no longer return failing Deferreds for requiresAnswer=False commands when the transport they're operating on has been disconnected. \ No newline at end of file diff --git a/src/twisted/newsfragments/9757.misc b/src/twisted/newsfragments/9757.misc new file mode 100644 index 000000000..e69de29bb diff --git a/src/twisted/web/newsfragments/9596.bugfix b/src/twisted/web/newsfragments/9596.bugfix new file mode 100644 index 000000000..65425dd10 --- /dev/null +++ b/src/twisted/web/newsfragments/9596.bugfix @@ -0,0 +1 @@ +Fixed return type of twisted.web.http.Request.getUser and twisted.web.http.Request.getPassword to binary if no authorization header was found or an exception was thrown diff --git a/src/twisted/web/newsfragments/9646.bugfix b/src/twisted/web/newsfragments/9646.bugfix new file mode 100644 index 000000000..3d1ae8511 --- /dev/null +++ b/src/twisted/web/newsfragments/9646.bugfix @@ -0,0 +1 @@ +twisted.web.http.HTTPChannel now rejects requests (with status code 400 and a drop) that have malformed headers of the form "Foo : value" or ": value". diff --git a/src/twisted/web/newsfragments/9678.bugfix b/src/twisted/web/newsfragments/9678.bugfix new file mode 100644 index 000000000..141578b7d --- /dev/null +++ b/src/twisted/web/newsfragments/9678.bugfix @@ -0,0 +1 @@ +twisted.web.http.Request now correctly parses multipart-encoded form data submitted as a chunked request on Python 3.7+. diff --git a/src/twisted/web/newsfragments/9769.bugfix b/src/twisted/web/newsfragments/9769.bugfix new file mode 100644 index 000000000..8d90e7c38 --- /dev/null +++ b/src/twisted/web/newsfragments/9769.bugfix @@ -0,0 +1 @@ +twisted.web.client.BrowserLikePolicyForHTTPS is now listed in __all__, since it's a user-facing class that anyone could import and extend. diff --git a/src/twisted/web/newsfragments/9770.bugfix b/src/twisted/web/newsfragments/9770.bugfix new file mode 100644 index 000000000..ce8498857 --- /dev/null +++ b/src/twisted/web/newsfragments/9770.bugfix @@ -0,0 +1 @@ +twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than "chunked" and "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400. \ No newline at end of file diff --git a/src/twisted/words/newsfragments/9730.bugfix b/src/twisted/words/newsfragments/9730.bugfix new file mode 100644 index 000000000..5c91305c8 --- /dev/null +++ b/src/twisted/words/newsfragments/9730.bugfix @@ -0,0 +1 @@ +Fixed parsing of streams with Python 3.8 when there are spaces in namespaces or namespaced attributes in twisted.words.xish.domish.ExpatElementStream From 35db7f16c4fb0ffde35c7abd348042f018df5c2f Mon Sep 17 00:00:00 2001 From: Amber Brown Date: Fri, 13 Mar 2020 14:54:05 +1100 Subject: [PATCH 2/3] incremental 20.3.0 --- src/twisted/__init__.py | 2 +- src/twisted/_version.py | 2 +- src/twisted/conch/ssh/keys.py | 8 ++++---- src/twisted/names/dns.py | 2 +- src/twisted/test/test_news.py | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/twisted/__init__.py b/src/twisted/__init__.py index ec96ad7a0..9d281a6db 100644 --- a/src/twisted/__init__.py +++ b/src/twisted/__init__.py @@ -16,7 +16,7 @@ __version__ = version.short() from incremental import Version from twisted.python.deprecate import deprecatedModuleAttribute deprecatedModuleAttribute( - Version('Twisted', 20, 3, 0, release_candidate=1), + Version('Twisted', 20, 3, 0), "morituri nolumus mori", "twisted", "news" diff --git a/src/twisted/_version.py b/src/twisted/_version.py index 9584cf050..13073dd42 100644 --- a/src/twisted/_version.py +++ b/src/twisted/_version.py @@ -7,5 +7,5 @@ Provides Twisted version information. from incremental import Version -__version__ = Version('Twisted', 20, 3, 0, release_candidate=1) +__version__ = Version('Twisted', 20, 3, 0) __all__ = ["__version__"] diff --git a/src/twisted/conch/ssh/keys.py b/src/twisted/conch/ssh/keys.py index aa6275047..fcbf9d286 100644 --- a/src/twisted/conch/ssh/keys.py +++ b/src/twisted/conch/ssh/keys.py @@ -1209,7 +1209,7 @@ class Key(object): @param extra: Any extra data supported by the selected format which is not part of the key itself. For public OpenSSH keys, this is a comment. For private OpenSSH keys, this is a passphrase to - encrypt with. (Deprecated since Twisted 20.3.0rc1; use C{comment} + encrypt with. (Deprecated since Twisted 20.3.0; use C{comment} or C{passphrase} as appropriate instead.) @type extra: L{bytes} or L{unicode} or L{None} @@ -1222,14 +1222,14 @@ class Key(object): @param comment: A comment to include with the key. Only supported for OpenSSH keys. - Present since Twisted 20.3.0rc1. + Present since Twisted 20.3.0. @type comment: L{bytes} or L{unicode} or L{None} @param passphrase: A passphrase to encrypt the key with. Only supported for private OpenSSH keys. - Present since Twisted 20.3.0rc1. + Present since Twisted 20.3.0. @type passphrase: L{bytes} or L{unicode} or L{None} @@ -1240,7 +1240,7 @@ class Key(object): warnings.warn( "The 'extra' argument to " "twisted.conch.ssh.keys.Key.toString was deprecated in " - "Twisted 20.3.0rc1; use 'comment' or 'passphrase' instead.", + "Twisted 20.3.0; use 'comment' or 'passphrase' instead.", DeprecationWarning, stacklevel=3) if self.isPublic(): comment = extra diff --git a/src/twisted/names/dns.py b/src/twisted/names/dns.py index 06d1d249a..89509a644 100644 --- a/src/twisted/names/dns.py +++ b/src/twisted/names/dns.py @@ -269,7 +269,7 @@ def domainString(domain): @returns: L{bytes} suitable for network transmission. @rtype: L{bytes} - @since: Twisted 20.3.0rc1 + @since: Twisted 20.3.0 """ if isinstance(domain, unicode): domain = domain.encode('idna') diff --git a/src/twisted/test/test_news.py b/src/twisted/test/test_news.py index c3fcf6b69..c88e5b6ba 100644 --- a/src/twisted/test/test_news.py +++ b/src/twisted/test/test_news.py @@ -26,7 +26,7 @@ class NewsDeprecationTestCase(SynchronousTestCase): self.assertEqual( warningsShown[0]['message'], ( - 'twisted.news was deprecated in Twisted 20.3.0rc1: ' + 'twisted.news was deprecated in Twisted 20.3.0: ' 'morituri nolumus mori' ) ) From 384de5918e70d36b38ae82d27eafe818e5bb5162 Mon Sep 17 00:00:00 2001 From: Amber Brown Date: Fri, 13 Mar 2020 14:55:30 +1100 Subject: [PATCH 3/3] towncrier for 20.3.0 --- NEWS.rst | 90 ++++++++++++++++++++ src/twisted/conch/newsfragments/6814.feature | 1 - src/twisted/conch/newsfragments/9682.bugfix | 1 - src/twisted/conch/newsfragments/9683.feature | 1 - src/twisted/conch/newsfragments/9760.misc | 1 - src/twisted/mail/newsfragments/9733.misc | 0 src/twisted/names/newsfragments/9496.bugfix | 1 - src/twisted/newsfragments/9405.removal | 1 - src/twisted/newsfragments/9634.misc | 0 src/twisted/newsfragments/9690.doc | 1 - src/twisted/newsfragments/9701.misc | 0 src/twisted/newsfragments/9707.misc | 1 - src/twisted/newsfragments/9710.misc | 1 - src/twisted/newsfragments/9715.misc | 1 - src/twisted/newsfragments/9724.doc | 1 - src/twisted/newsfragments/9726.misc | 0 src/twisted/newsfragments/9727.misc | 0 src/twisted/newsfragments/9728.misc | 0 src/twisted/newsfragments/9729.misc | 0 src/twisted/newsfragments/9735.misc | 0 src/twisted/newsfragments/9737.misc | 0 src/twisted/newsfragments/9756.bugfix | 1 - src/twisted/newsfragments/9757.misc | 0 src/twisted/web/newsfragments/9596.bugfix | 1 - src/twisted/web/newsfragments/9646.bugfix | 1 - src/twisted/web/newsfragments/9678.bugfix | 1 - src/twisted/web/newsfragments/9769.bugfix | 1 - src/twisted/web/newsfragments/9770.bugfix | 1 - src/twisted/words/newsfragments/9730.bugfix | 1 - 29 files changed, 90 insertions(+), 18 deletions(-) delete mode 100644 src/twisted/conch/newsfragments/6814.feature delete mode 100644 src/twisted/conch/newsfragments/9682.bugfix delete mode 100644 src/twisted/conch/newsfragments/9683.feature delete mode 100644 src/twisted/conch/newsfragments/9760.misc delete mode 100644 src/twisted/mail/newsfragments/9733.misc delete mode 100644 src/twisted/names/newsfragments/9496.bugfix delete mode 100644 src/twisted/newsfragments/9405.removal delete mode 100644 src/twisted/newsfragments/9634.misc delete mode 100644 src/twisted/newsfragments/9690.doc delete mode 100644 src/twisted/newsfragments/9701.misc delete mode 100644 src/twisted/newsfragments/9707.misc delete mode 100644 src/twisted/newsfragments/9710.misc delete mode 100644 src/twisted/newsfragments/9715.misc delete mode 100644 src/twisted/newsfragments/9724.doc delete mode 100644 src/twisted/newsfragments/9726.misc delete mode 100644 src/twisted/newsfragments/9727.misc delete mode 100644 src/twisted/newsfragments/9728.misc delete mode 100644 src/twisted/newsfragments/9729.misc delete mode 100644 src/twisted/newsfragments/9735.misc delete mode 100644 src/twisted/newsfragments/9737.misc delete mode 100644 src/twisted/newsfragments/9756.bugfix delete mode 100644 src/twisted/newsfragments/9757.misc delete mode 100644 src/twisted/web/newsfragments/9596.bugfix delete mode 100644 src/twisted/web/newsfragments/9646.bugfix delete mode 100644 src/twisted/web/newsfragments/9678.bugfix delete mode 100644 src/twisted/web/newsfragments/9769.bugfix delete mode 100644 src/twisted/web/newsfragments/9770.bugfix delete mode 100644 src/twisted/words/newsfragments/9730.bugfix diff --git a/NEWS.rst b/NEWS.rst index fc6a014ad..8494d533e 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -3,6 +3,96 @@ http://twistedmatrix.com/trac/ticket/ .. towncrier release notes start +Twisted 20.3.0 (2020-03-13) +=========================== + +Bugfixes +-------- + +- twisted.protocols.amp.BoxDispatcher.callRemote and callRemoteString will no longer return failing Deferreds for requiresAnswer=False commands when the transport they're operating on has been disconnected. (#9756) + + +Improved Documentation +---------------------- + +- Added a missing hyphen to a reference to the ``--debug`` option of ``pdb`` in the Trial how-to. (#9690) +- The documentation of the twisted.cred.checkers module has been extended and corrected. (#9724) + + +Deprecations and Removals +------------------------- + +- twisted.news is deprecated. (#9405) + + +Misc +---- + +- #9634, #9701, #9707, #9710, #9715, #9726, #9727, #9728, #9729, #9735, #9737, #9757 + + +Conch +----- + +Features +~~~~~~~~ + +- twisted.conch.ssh now supports the curve25519-sha256 key exchange algorithm (requires OpenSSL >= 1.1.0). (#6814) +- twisted.conch.ssh.keys can now write private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. ckeygen has a corresponding new --private-key-subtype=v1 option. (#9683) + + +Bugfixes +~~~~~~~~ + +- twisted.conch.keys.Key.privateBlob now returns the correct blob format for ECDSA (i.e. the same as that implemented by OpenSSH). (#9682) + + +Misc +~~~~ + +- #9760 + + +Web +--- + +Bugfixes +~~~~~~~~ + +- Fixed return type of twisted.web.http.Request.getUser and twisted.web.http.Request.getPassword to binary if no authorization header was found or an exception was thrown (#9596) +- twisted.web.http.HTTPChannel now rejects requests (with status code 400 and a drop) that have malformed headers of the form "Foo : value" or ": value". (#9646) +- twisted.web.http.Request now correctly parses multipart-encoded form data submitted as a chunked request on Python 3.7+. (#9678) +- twisted.web.client.BrowserLikePolicyForHTTPS is now listed in __all__, since it's a user-facing class that anyone could import and extend. (#9769) +- twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than "chunked" and "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400. (#9770) + + +Mail +---- + +Misc +~~~~ + +- #9733 + + +Words +----- + +Bugfixes +~~~~~~~~ + +- Fixed parsing of streams with Python 3.8 when there are spaces in namespaces or namespaced attributes in twisted.words.xish.domish.ExpatElementStream (#9730) + + +Names +----- + +Bugfixes +~~~~~~~~ + +- twisted.names.secondary.SecondaryAuthority now accepts str for its domain parameter, so twist dns --secondary now functions on Python 3. (#9496) + + Twisted 19.10.0 (2019-11-03) ============================ diff --git a/src/twisted/conch/newsfragments/6814.feature b/src/twisted/conch/newsfragments/6814.feature deleted file mode 100644 index f644d9df7..000000000 --- a/src/twisted/conch/newsfragments/6814.feature +++ /dev/null @@ -1 +0,0 @@ -twisted.conch.ssh now supports the curve25519-sha256 key exchange algorithm (requires OpenSSL >= 1.1.0). diff --git a/src/twisted/conch/newsfragments/9682.bugfix b/src/twisted/conch/newsfragments/9682.bugfix deleted file mode 100644 index 86bd37f30..000000000 --- a/src/twisted/conch/newsfragments/9682.bugfix +++ /dev/null @@ -1 +0,0 @@ -twisted.conch.keys.Key.privateBlob now returns the correct blob format for ECDSA (i.e. the same as that implemented by OpenSSH). diff --git a/src/twisted/conch/newsfragments/9683.feature b/src/twisted/conch/newsfragments/9683.feature deleted file mode 100644 index c1cac3cca..000000000 --- a/src/twisted/conch/newsfragments/9683.feature +++ /dev/null @@ -1 +0,0 @@ -twisted.conch.ssh.keys can now write private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8. ckeygen has a corresponding new --private-key-subtype=v1 option. diff --git a/src/twisted/conch/newsfragments/9760.misc b/src/twisted/conch/newsfragments/9760.misc deleted file mode 100644 index 8b1378917..000000000 --- a/src/twisted/conch/newsfragments/9760.misc +++ /dev/null @@ -1 +0,0 @@ - diff --git a/src/twisted/mail/newsfragments/9733.misc b/src/twisted/mail/newsfragments/9733.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/names/newsfragments/9496.bugfix b/src/twisted/names/newsfragments/9496.bugfix deleted file mode 100644 index 5bf10f7a9..000000000 --- a/src/twisted/names/newsfragments/9496.bugfix +++ /dev/null @@ -1 +0,0 @@ -twisted.names.secondary.SecondaryAuthority now accepts str for its domain parameter, so twist dns --secondary now functions on Python 3. diff --git a/src/twisted/newsfragments/9405.removal b/src/twisted/newsfragments/9405.removal deleted file mode 100644 index 26af0c8d6..000000000 --- a/src/twisted/newsfragments/9405.removal +++ /dev/null @@ -1 +0,0 @@ -twisted.news is deprecated. diff --git a/src/twisted/newsfragments/9634.misc b/src/twisted/newsfragments/9634.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/newsfragments/9690.doc b/src/twisted/newsfragments/9690.doc deleted file mode 100644 index e37a4b8e0..000000000 --- a/src/twisted/newsfragments/9690.doc +++ /dev/null @@ -1 +0,0 @@ -Added a missing hyphen to a reference to the ``--debug`` option of ``pdb`` in the Trial how-to. diff --git a/src/twisted/newsfragments/9701.misc b/src/twisted/newsfragments/9701.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/newsfragments/9707.misc b/src/twisted/newsfragments/9707.misc deleted file mode 100644 index 8b1378917..000000000 --- a/src/twisted/newsfragments/9707.misc +++ /dev/null @@ -1 +0,0 @@ - diff --git a/src/twisted/newsfragments/9710.misc b/src/twisted/newsfragments/9710.misc deleted file mode 100644 index 6e242fdef..000000000 --- a/src/twisted/newsfragments/9710.misc +++ /dev/null @@ -1 +0,0 @@ -Require attrs ≥ 19.2.0 to use eq instead of the deprecated cmp diff --git a/src/twisted/newsfragments/9715.misc b/src/twisted/newsfragments/9715.misc deleted file mode 100644 index d3f5a12fa..000000000 --- a/src/twisted/newsfragments/9715.misc +++ /dev/null @@ -1 +0,0 @@ - diff --git a/src/twisted/newsfragments/9724.doc b/src/twisted/newsfragments/9724.doc deleted file mode 100644 index e07cb6ea1..000000000 --- a/src/twisted/newsfragments/9724.doc +++ /dev/null @@ -1 +0,0 @@ -The documentation of the twisted.cred.checkers module has been extended and corrected. diff --git a/src/twisted/newsfragments/9726.misc b/src/twisted/newsfragments/9726.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/newsfragments/9727.misc b/src/twisted/newsfragments/9727.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/newsfragments/9728.misc b/src/twisted/newsfragments/9728.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/newsfragments/9729.misc b/src/twisted/newsfragments/9729.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/newsfragments/9735.misc b/src/twisted/newsfragments/9735.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/newsfragments/9737.misc b/src/twisted/newsfragments/9737.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/newsfragments/9756.bugfix b/src/twisted/newsfragments/9756.bugfix deleted file mode 100644 index eb29854b1..000000000 --- a/src/twisted/newsfragments/9756.bugfix +++ /dev/null @@ -1 +0,0 @@ -twisted.protocols.amp.BoxDispatcher.callRemote and callRemoteString will no longer return failing Deferreds for requiresAnswer=False commands when the transport they're operating on has been disconnected. \ No newline at end of file diff --git a/src/twisted/newsfragments/9757.misc b/src/twisted/newsfragments/9757.misc deleted file mode 100644 index e69de29bb..000000000 diff --git a/src/twisted/web/newsfragments/9596.bugfix b/src/twisted/web/newsfragments/9596.bugfix deleted file mode 100644 index 65425dd10..000000000 --- a/src/twisted/web/newsfragments/9596.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fixed return type of twisted.web.http.Request.getUser and twisted.web.http.Request.getPassword to binary if no authorization header was found or an exception was thrown diff --git a/src/twisted/web/newsfragments/9646.bugfix b/src/twisted/web/newsfragments/9646.bugfix deleted file mode 100644 index 3d1ae8511..000000000 --- a/src/twisted/web/newsfragments/9646.bugfix +++ /dev/null @@ -1 +0,0 @@ -twisted.web.http.HTTPChannel now rejects requests (with status code 400 and a drop) that have malformed headers of the form "Foo : value" or ": value". diff --git a/src/twisted/web/newsfragments/9678.bugfix b/src/twisted/web/newsfragments/9678.bugfix deleted file mode 100644 index 141578b7d..000000000 --- a/src/twisted/web/newsfragments/9678.bugfix +++ /dev/null @@ -1 +0,0 @@ -twisted.web.http.Request now correctly parses multipart-encoded form data submitted as a chunked request on Python 3.7+. diff --git a/src/twisted/web/newsfragments/9769.bugfix b/src/twisted/web/newsfragments/9769.bugfix deleted file mode 100644 index 8d90e7c38..000000000 --- a/src/twisted/web/newsfragments/9769.bugfix +++ /dev/null @@ -1 +0,0 @@ -twisted.web.client.BrowserLikePolicyForHTTPS is now listed in __all__, since it's a user-facing class that anyone could import and extend. diff --git a/src/twisted/web/newsfragments/9770.bugfix b/src/twisted/web/newsfragments/9770.bugfix deleted file mode 100644 index ce8498857..000000000 --- a/src/twisted/web/newsfragments/9770.bugfix +++ /dev/null @@ -1 +0,0 @@ -twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than "chunked" and "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400. \ No newline at end of file diff --git a/src/twisted/words/newsfragments/9730.bugfix b/src/twisted/words/newsfragments/9730.bugfix deleted file mode 100644 index 5c91305c8..000000000 --- a/src/twisted/words/newsfragments/9730.bugfix +++ /dev/null @@ -1 +0,0 @@ -Fixed parsing of streams with Python 3.8 when there are spaces in namespaces or namespaced attributes in twisted.words.xish.domish.ExpatElementStream