Merge branch 'release-20.3-9772' of github.com:twisted/twisted into release-20.3-9772

This reverts commit 50412c939a.

LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2001-2019
+Copyright (c) 2001-2020
 Allen Short
 Amber Hawkie Brown
 Andrew Bennetts

NEWS.rst

@@ -3,6 +3,96 @@ http://twistedmatrix.com/trac/ticket/<number>
 
 .. towncrier release notes start
 
+Twisted 20.3.0 (2020-03-13)
+===========================
+
+Bugfixes
+--------
+
+- twisted.protocols.amp.BoxDispatcher.callRemote and callRemoteString will no longer return failing Deferreds for requiresAnswer=False commands when the transport they're operating on has been disconnected. (#9756)
+
+
+Improved Documentation
+----------------------
+
+- Added a missing hyphen to a reference to the ``--debug`` option of ``pdb`` in the Trial how-to. (#9690)
+- The documentation of the twisted.cred.checkers module has been extended and corrected. (#9724)
+
+
+Deprecations and Removals
+-------------------------
+
+- twisted.news is deprecated. (#9405)
+
+
+Misc
+----
+
+- #9634, #9701, #9707, #9710, #9715, #9726, #9727, #9728, #9729, #9735, #9737, #9757
+
+
+Conch
+-----
+
+Features
+~~~~~~~~
+
+- twisted.conch.ssh now supports the curve25519-sha256 key exchange algorithm (requires OpenSSL >= 1.1.0). (#6814)
+- twisted.conch.ssh.keys can now write private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8.  ckeygen has a corresponding new --private-key-subtype=v1 option. (#9683)
+
+
+Bugfixes
+~~~~~~~~
+
+- twisted.conch.keys.Key.privateBlob now returns the correct blob format for ECDSA (i.e. the same as that implemented by OpenSSH). (#9682)
+
+
+Misc
+~~~~
+
+- #9760
+
+
+Web
+---
+
+Bugfixes
+~~~~~~~~
+
+- Fixed return type of twisted.web.http.Request.getUser and twisted.web.http.Request.getPassword to binary if no authorization header was found or an exception was thrown (#9596)
+- twisted.web.http.HTTPChannel now rejects requests (with status code 400 and a drop) that have malformed headers of the form "Foo : value" or ": value". (#9646)
+- twisted.web.http.Request now correctly parses multipart-encoded form data submitted as a chunked request on Python 3.7+. (#9678)
+- twisted.web.client.BrowserLikePolicyForHTTPS is now listed in __all__, since it's a user-facing class that anyone could import and extend. (#9769)
+- twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than "chunked" and "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400. (#9770)
+
+
+Mail
+----
+
+Misc
+~~~~
+
+- #9733
+
+
+Words
+-----
+
+Bugfixes
+~~~~~~~~
+
+- Fixed parsing of streams with Python 3.8 when there are spaces in namespaces or namespaced attributes in twisted.words.xish.domish.ExpatElementStream (#9730)
+
+
+Names
+-----
+
+Bugfixes
+~~~~~~~~
+
+- twisted.names.secondary.SecondaryAuthority now accepts str for its domain parameter, so twist dns --secondary now functions on Python 3. (#9496)
+
+
 Twisted 19.10.0 (2019-11-03)
 ============================
 

README.rst

@@ -72,7 +72,7 @@ Some of these tests may fail if you:
 Copyright
 ---------
 
-All of the code in this distribution is Copyright (c) 2001-2019 Twisted Matrix Laboratories.
+All of the code in this distribution is Copyright (c) 2001-2020 Twisted Matrix Laboratories.
 
 Twisted is made available under the MIT license.
 The included `LICENSE <LICENSE>`_ file describes this in detail.

src/twisted/__init__.py

@@ -16,7 +16,7 @@ __version__ = version.short()
 from incremental import Version
 from twisted.python.deprecate import deprecatedModuleAttribute
 deprecatedModuleAttribute(
-    Version("Twisted", "NEXT", 0, 0),
+    Version('Twisted', 20, 3, 0),
     "morituri nolumus mori",
     "twisted",
     "news"

src/twisted/_version.py

@@ -7,5 +7,5 @@ Provides Twisted version information.
 
 from incremental import Version
 
-__version__ = Version('Twisted', 19, 10, 0, dev=0)
+__version__ = Version('Twisted', 20, 3, 0)
 __all__ = ["__version__"]

src/twisted/conch/newsfragments/6814.feature

@@ -1 +0,0 @@
-twisted.conch.ssh now supports the curve25519-sha256 key exchange algorithm (requires OpenSSL >= 1.1.0).

src/twisted/conch/newsfragments/9682.bugfix

@@ -1 +0,0 @@
-twisted.conch.keys.Key.privateBlob now returns the correct blob format for ECDSA (i.e. the same as that implemented by OpenSSH).

src/twisted/conch/newsfragments/9683.feature

@@ -1 +0,0 @@
-- twisted.conch.ssh.keys can now write private keys in the new "openssh-key-v1" format, introduced in OpenSSH 6.5 and made the default in OpenSSH 7.8.  ckeygen has a corresponding new --private-key-subtype=v1 option.

src/twisted/conch/newsfragments/9760.misc

@@ -1 +0,0 @@
-

src/twisted/conch/ssh/keys.py

@@ -1209,7 +1209,7 @@ class Key(object):
         @param extra: Any extra data supported by the selected format which
             is not part of the key itself.  For public OpenSSH keys, this is
             a comment.  For private OpenSSH keys, this is a passphrase to
-            encrypt with.  (Deprecated since Twisted NEXT; use C{comment}
+            encrypt with.  (Deprecated since Twisted 20.3.0; use C{comment}
             or C{passphrase} as appropriate instead.)
         @type extra: L{bytes} or L{unicode} or L{None}
 
@@ -1222,14 +1222,14 @@ class Key(object):
         @param comment: A comment to include with the key.  Only supported
             for OpenSSH keys.
 
-            Present since Twisted NEXT.
+            Present since Twisted 20.3.0.
 
         @type comment: L{bytes} or L{unicode} or L{None}
 
         @param passphrase: A passphrase to encrypt the key with.  Only
             supported for private OpenSSH keys.
 
-            Present since Twisted NEXT.
+            Present since Twisted 20.3.0.
 
         @type passphrase: L{bytes} or L{unicode} or L{None}
 
@@ -1240,7 +1240,7 @@ class Key(object):
             warnings.warn(
                 "The 'extra' argument to "
                 "twisted.conch.ssh.keys.Key.toString was deprecated in "
-                "Twisted NEXT; use 'comment' or 'passphrase' instead.",
+                "Twisted 20.3.0; use 'comment' or 'passphrase' instead.",
                 DeprecationWarning, stacklevel=3)
             if self.isPublic():
                 comment = extra

src/twisted/copyright.py

@@ -13,11 +13,11 @@ from twisted import __version__ as version, version as longversion
 
 longversion = str(longversion)
 
-copyright="""\
-Copyright (c) 2001-2019 Twisted Matrix Laboratories.
+copyright = """\
+Copyright (c) 2001-2020 Twisted Matrix Laboratories.
 See LICENSE for details."""
 
-disclaimer='''
+disclaimer = '''
 Twisted, the Framework of Your Internet
 %s
 

src/twisted/names/dns.py

@@ -269,7 +269,7 @@ def domainString(domain):
     @returns: L{bytes} suitable for network transmission.
     @rtype: L{bytes}
 
-    @since: Twisted NEXT
+    @since: Twisted 20.3.0
     """
     if isinstance(domain, unicode):
         domain = domain.encode('idna')

src/twisted/names/newsfragments/9496.bugfix

@@ -1 +0,0 @@
-twisted.names.secondary.SecondaryAuthority now accepts str for its domain parameter, so twist dns --secondary now functions on Python 3.

src/twisted/newsfragments/9405.removal

@@ -1 +0,0 @@
-twisted.news is deprecated.

src/twisted/newsfragments/9690.doc

@@ -1 +0,0 @@
-Added a missing hyphen to a reference to the ``--debug`` option of ``pdb`` in the Trial how-to.

src/twisted/newsfragments/9707.misc

@@ -1 +0,0 @@
-

src/twisted/newsfragments/9710.misc

@@ -1 +0,0 @@
-Require attrs ≥ 19.2.0 to use eq instead of the deprecated cmp

src/twisted/newsfragments/9715.misc

@@ -1 +0,0 @@
-

src/twisted/newsfragments/9724.doc

@@ -1 +0,0 @@
-The documentation of the twisted.cred.checkers module has been extended and corrected.

src/twisted/newsfragments/9756.bugfix

@@ -1 +0,0 @@
-twisted.protocols.amp.BoxDispatcher.callRemote and callRemoteString will no longer return failing Deferreds for requiresAnswer=False commands when the transport they're operating on has been disconnected.

src/twisted/python/_release.py

@@ -523,8 +523,18 @@ class CheckNewsfragmentScript(object):
         branch = runCommand([b"git", b"rev-parse", b"--abbrev-ref",  "HEAD"],
                             cwd=location).decode(encoding).strip()
 
-        r = runCommand([b"git", b"diff", b"--name-only", b"origin/trunk..."],
-                       cwd=location).decode(encoding).strip()
+        # diff-filter=d to exclude deleted newsfiles (which will happen on the
+        # release branch)
+        r = runCommand(
+            [
+                b"git",
+                b"diff",
+                b"--name-only",
+                b"origin/trunk...",
+                b"--diff-filter=d"
+            ],
+            cwd=location
+        ).decode(encoding).strip()
 
         if not r:
             self._print(

src/twisted/test/test_news.py

@@ -26,7 +26,7 @@ class NewsDeprecationTestCase(SynchronousTestCase):
         self.assertEqual(
             warningsShown[0]['message'],
             (
-                'twisted.news was deprecated in Twisted NEXT: '
+                'twisted.news was deprecated in Twisted 20.3.0: '
                 'morituri nolumus mori'
             )
         )

src/twisted/web/newsfragments/9596.bugfix

@@ -1 +0,0 @@
-Fixed return type of twisted.web.http.Request.getUser and twisted.web.http.Request.getPassword to binary if no authorization header was found or an exception was thrown

src/twisted/web/newsfragments/9646.bugfix

@@ -1 +0,0 @@
-twisted.web.http.HTTPChannel now rejects requests (with status code 400 and a drop) that have malformed headers of the form "Foo : value" or ": value".

src/twisted/web/newsfragments/9678.bugfix

@@ -1 +0,0 @@
-twisted.web.http.Request now correctly parses multipart-encoded form data submitted as a chunked request on Python 3.7+.

src/twisted/web/newsfragments/9769.bugfix

@@ -1 +0,0 @@
-twisted.web.client.BrowserLikePolicyForHTTPS is now listed in __all__, since it's a user-facing class that anyone could import and extend. 

src/twisted/web/newsfragments/9770.bugfix

@@ -1 +0,0 @@
-twisted.web.http was subject to several request smuggling attacks. Requests with multiple Content-Length headers were allowed (CVE-2020-10108, thanks to Jake Miller from Bishop Fox and ZeddYu Lu for reporting this) and now fail with a 400; requests with a Content-Length header and a Transfer-Encoding header honored the first header (CVE-2020-10109, thanks to Jake Miller from Bishop Fox for reporting this) and now fail with a 400; requests whose Transfer-Encoding header had a value other than "chunked" and "identity" (thanks to ZeddYu Lu) were allowed and now fail with a 400.

src/twisted/words/newsfragments/9730.bugfix

@@ -1 +0,0 @@
-Fixed parsing of streams with Python 3.8 when there are spaces in namespaces or namespaced attributes in twisted.words.xish.domish.ExpatElementStream