Log message:
py-twisted: updated to 22.10.0

Twisted 22.10.0 (2022-10-30)
============================

This release contains a security fix for CVE-2022-39348.
This is a low-severity security bug.

Twisted 22.10.0rc1 release candidate was released on 2022-10-26 and there are
no changes between the release candidate and the final release.

Features
--------
- The ``systemd:`` endpoint parser now supports "named" file \ 
descriptors.  This is a more reliable mechanism for choosing among several \ 
inherited descriptors.

Improved Documentation
----------------------
- The ``systemd`` endpoint parser's ``index`` parameter is now documented as \ 
leading to non-deterministic results in which descriptor is selected.  The new \ 
``name`` parameter is now documented as preferred.
- The implementers of Zope interfaces are once more displayed in the documentations.

Deprecations and Removals
-------------------------
- twisted.protocols.dict, which was deprecated in 17.9, has been removed.

Conch
-----

Bugfixes
~~~~~~~~
- twisted.conch.manhole.ManholeInterpreter now captures tracebacks even if \ 
sys.excepthook has been modified.

Web
---

Features
~~~~~~~~
- The twisted.web.pages.errorPage, notFound, and forbidden each return an \ 
IResource that displays an HTML error pages safely rendered using \ 
twisted.web.template.

Bugfixes
~~~~~~~~
- twisted.web.error.Error.__str__ no longer raises an exception when the error's \ 
message attribute is None. Additionally, it validates that code is a plausible \ 
3-digit HTTP status code.
- The typing of the twisted.web.http_headers.Headers methods addRawHeader() and \ 
setRawHeaders() now allow mixing str and bytes, matching the runtime behavior.
- twisted.web.vhost.NameVirtualHost no longer echoes HTML received in the Host \ 
header without escaping it (CVE-2022-39348, GHSA-vg46-2rrj-3647).

Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~
- twisted.web.resource.Resource.putChild now raises TypeError when the path \ 
argument is not bytes, rather than issuing a deprecation warning.
- The twisted.web.resource.ErrorPage, NoResource, and ForbiddenResource classes \ 
have been deprecated in favor of new implementations twisted.web.pages module \ 
because they permit HTML injection.

Mail
----

Bugfixes
~~~~~~~~
- emailserver.tac now runs under python3.x

Log message:
py-twisted: updated to 22.8.0

Twisted 22.8.0 (2022-09-06)
===========================

Twisted 22.8.0rc1 release candidate was released on 2022-08-28 and there are
no changes between the release candidate and the final release.

Features
--------
- twisted.internet.defer.maybeDeferred will now schedule a coroutine result as \ 
asynchronous operation and return a Deferred that fires with the result of the \ 
coroutine.
- Twisted now works with Cryptography versions 37 and above, and as a result, \ 
its minimum TLS protocol version has been upgraded to TLSv1.2.

Bugfixes
--------
- ``twisted.internet.base.DelayedCall.__repr__`` will no longer raise \ 
``AttributeError`` if the ``DelayedCall`` was created before debug mode was \ 
enabled.  As a side-effect, ``twisted.internet.base.DelayedCall.creator`` is now \ 
defined as ``None`` in cases where previously it was undefined.
- twisted.internet.iocpreactor.udp now properly re-queues its listener when \ 
there is a failure condition on the read from the socket.
- twisted.internet.defer.inlineCallbacks no longer causes confusing \ 
StopIteration tracebacks to be added to the top of tracebacks originating in \ 
triggered callbacks
- The typing of twisted.internet.task.react no longer constrains the type of argv.
- `ContextVar.reset()` now works correctly inside `inlineCallbacks` functions \ 
and coroutines.
- Implement twisted.python.failure._Code.co_positions for compatibility with \ 
Python 3.11.
- twisted.pair.tuntap._TUNSETIFF and ._TUNGETIFF values are now correct parisc, \ 
powerpc and sparc architectures.

Improved Documentation
----------------------
- The release process documentation was updated to include information about
  doing a security release.
- The development and policy documentation pages were moved into the same
  directory that is now placed inside the documentation root directory.

Deprecations and Removals
-------------------------
- Python 3.6 is no longer supported.
  Twisted 22.4.0 was the last version with support for Python 3.6.

Conch
-----

Bugfixes
~~~~~~~~
- twisted.conch.checkers.UNIXAuthorizedKeysFiles now uses the filesystem \ 
encoding to decode usernames before looking them up in the password database, so \ 
it works on Python 3.
- twisted.conch.ssh.SSHSession.request_env no longer gives a warning if the \ 
session does not implement ISessionSetEnv.
- The cftp command line (and \ 
`twisted.conch.scripts.cftp.SSHSession.extReceived`) no longer raises an \ 
unhandled error when receiving data on stderr from the server.

Web
---

Features
~~~~~~~~
- twisted.web.template.renderElement now combines consecutive, \ 
sychronously-available bytes up to a fixed size limit into a single string to \ 
pass to ``IRequest.write`` instead of passing them all separately.  This greatly \ 
reduces the number of chunks in the response.

Mail
----

Bugfixes
~~~~~~~~
- twisted.mail.maildir.MaildirMessage now use byte header to avoid \ 
incompatibility with the FileMessage which writes bytes not strings lines to a \ 
message file

Words
-----

Bugfixes
~~~~~~~~
- twisted.words.protocols.irc.IRCClient now splits overly long NOTICEs and \ 
NOTICEs containing \n before sending.

Names
-----

Bugfixes
~~~~~~~~
- twisted.names.dns logs unparsable messages rather than generating a Failure \ 
instance

Trial
-----

Features
~~~~~~~~
- ``trial --jobs=N --exitfirst`` is now supported.

Bugfixes
~~~~~~~~
- `trial --jobs=N --until-failure ...` now reports the correct number of tests \ 
run after each iteration.
- ``trial -jN ...`` will now pass errors and failures to ``IReporter`` methods \ 
as instances of ``WorkerException`` instead of ``str``.

Log message:
fighting a losing battle against the py-cryptography rustification, part 5

Convert py-OpenSSL users to versioned_dependencies.mk

Log message:
py-twisted: updated to 22.4.0

Twisted 22.4.0 (2022-04-11)
===========================

Features
--------
- twisted.python.failure.Failure tracebacks now capture module information, \ 
improving compatibility with the Raven Sentry client.
- twisted.python.failure.Failure objects are now compatible with dis.distb, \ 
improving compatibility with post-mortem debuggers.

Bugfixes
- twisted.internet.interfaces.IReactorSSL.listenSSL now has correct type annotations.
- twisted.internet.test.test_glibbase.GlibReactorBaseTests now passes.

Conch
-----

Features
- twisted.conch.ssh now supports using RSA keys with SHA-2 signatures (RFC 8332) \ 
when acting as a server.  The rsa-sha2-512 and rsa-sha2-256 public key signature \ 
algorithms are automatically preferred over ssh-rsa if the client advertises \ 
support for them; the actual public keys do not need to change.
- twisted.conch.ssh now has an alternative Ed25519 implementation using PyNaCl, \ 
in order to support platforms that lack OpenSSL >= 1.1.1b.  The new \ 
"conch_nacl" extra has the necessary dependency.

Web
---

Features
- Twisted is now compatible with h2 4.x.x.

Bugfixes
- twisted.web.http had several several defects in HTTP request parsing that \ 
could permit HTTP request smuggling. It now disallows signed Content-Length \ 
headers, forbids illegal characters in chunked extensions, forbids a ``0x`` \ 
prefix to chunk lengths, and only strips spaces and horizontal tab characters \ 
from header values. These changes address CVE-2022-24801 and \ 
GHSA-c2jg-hw38-jrqq.

Mail
----
Bugfixes
- twisted.mail.pop3.APOPCredentials is now correctly marked as implementing \ 
twisted.cred.credentials.IUsernamHashedPassword, rather than IUsernamePassword.

Trial
-----
Features
- `trial --until-failure --jobs=N` now reports the number of each test pass as \ 
it begins.

Bugfixes
- twisted.trial.unittest.TestCase now discards cleanup functions after running \ 
them.  Notably, this prevents them from being run an ever growing number of \ 
times with `trial -u ...`.

Twisted 22.2.0 (2022-03-01)
===========================

Bugfixes
- twisted.internet.gireactor.PortableGIReactor.simulate and \ 
twisted.internet.gtk2reactor.PortableGtkReactor.simulate no longer raises \ 
TypeError when there are no delayed called. This was a regression introduced \ 
with the migration to Python 3 in which the builtin `min` function no longer \ 
accepts `None` as an argument.
- twisted.conch.ssh.transport.SSHTransportBase now disconnects the remote peer if the
  SSH version string is not sent in the first 4096 bytes.
  GHSA-rv6r-3f5q-9rgx)

Improved Documentation
- Add type annotations for twisted.web.http.Request.getHeader.

Deprecations and Removals
- Support for Python 3.6, which is EoL as of 2021-09-04, has been deprecated.

Log message:
*: recursive bump for perl 5.36

Log message:
py-twisted: updated to 22.1.0

Twisted 22.1.0 (2022-02-03)
===========================

Features
--------
- Python 3.10 is now a supported platform
- Type annotations have been added to the twisted.python.fakepwd module.

Bugfixes
--------
- twisted.internet.defer.inlineCallbacks has an improved type annotation, to \ 
avoid typing errors when it is used on a function which returns a non-None \ 
result.
- ``twisted.internet.base.DelayedCall.__repr__`` and \ 
``twisted.internet.task.LoopingCall.__repr__`` had the changes from 10155 \ 
reverted to accept non-function callables.
- Revert the removal of .whl building that was done as part of 10177.
- The type annotation of the host parameter to \ 
twisted.internet.interfaces.IReactorTCP.connectTCP has been corrected from bytes \ 
to str.
- Deprecated ``twisted.python.threading.ThreadPool.currentThread()`` in favor of \ 
``threading.current_thread()``.
  Switched ``twisted.python.threading.ThreadPool.currentThread()`` and \ 
``twisted.python.threadable.getThreadID()`` to use `threading.current_thread()`` \ 
to avoid the deprecation warnings introduced for ``threading.currentThread()`` \ 
in Python 3.10.

Improved Documentation
----------------------
- twisted.internet.utils.runWithWarningsSupressed behavior of waiting on \ 
deferreds has been documented.
- Sync API docs templates with pydoctor 21.9.0 release, using new theming \ 
capabilities.

Bugfixes
--------
- SSHTransportBase.ssh_KEXINIT now uses the remote peer preferred MAC list for \ 
negotiation. In previous versions  it was only using the local preferred MAC \ 
list.

Features
~~~~~~~~
- twisted.conch.ssh now supports SSH extension negotiation (RFC 8308).

Bugfixes
~~~~~~~~
- twisted.conch now uses constant-time comparisons for MACs.
- twisted.conch.ssh.filetransfer.FileTransferServer will now return an ENOENT \ 
error status if an SFTP client tries to close an unrecognized file handle.
- twisted.web.client.RedirectAgent and \ 
twisted.web.client.BrowserLikeRedirectAgent now properly remove sensitive \ 
headers when redirecting to a different origin.

Improved Documentation
----------------------
- Add type annotations for twisted.web.client.readBody.

Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~
- twisted.web.client.getPage, twisted.web.client.downladPage, and the associated \ 
implementation classes (HTTPPageGetter, HTTPPageDownloader, HTTPClientFactory, \ 
HTTPDownloader) have been removed because they do not segregate cookies by \ 
domain. They were deprecated in Twisted 16.7.0 in favor of \ 
twisted.web.client.Agent. GHSA-92x2-jw7w-xvvx.

Mail
----
No significant changes.

Words
-----
No significant changes.

Names
-----
No significant changes.

Trial
-----

Bugfixes
~~~~~~~~
- trial.runner.filenameToModule now sets the correct module.__name__ and \ 
sys.modules key

Log message:
py-twisted: mark as not for python 2

Log message:
py-twisted: reset PKGREVISION after update