Subject: CVS commit: pkgsrc/net/py-twisted
From: Adam Ciarcinski
Date: 2022-11-27 11:44:20
Message id: 20221127104420.9039BFA90@cvs.NetBSD.org
Log Message:
py-twisted: updated to 22.10.0

Twisted 22.10.0 (2022-10-30)
============================

This release contains a security fix for CVE-2022-39348.
This is a low-severity security bug.

Twisted 22.10.0rc1 release candidate was released on 2022-10-26 and there are
no changes between the release candidate and the final release.

Features
--------
- The ``systemd:`` endpoint parser now supports "named" file \ 
descriptors.  This is a more reliable mechanism for choosing among several \ 
inherited descriptors.

Improved Documentation
----------------------
- The ``systemd`` endpoint parser's ``index`` parameter is now documented as \ 
leading to non-deterministic results in which descriptor is selected.  The new \ 
``name`` parameter is now documented as preferred.
- The implementers of Zope interfaces are once more displayed in the documentations.

Deprecations and Removals
-------------------------
- twisted.protocols.dict, which was deprecated in 17.9, has been removed.

Conch
-----

Bugfixes
~~~~~~~~
- twisted.conch.manhole.ManholeInterpreter now captures tracebacks even if \ 
sys.excepthook has been modified.

Web
---

Features
~~~~~~~~
- The twisted.web.pages.errorPage, notFound, and forbidden each return an \ 
IResource that displays an HTML error pages safely rendered using \ 
twisted.web.template.

Bugfixes
~~~~~~~~
- twisted.web.error.Error.__str__ no longer raises an exception when the error's \ 
message attribute is None. Additionally, it validates that code is a plausible \ 
3-digit HTTP status code.
- The typing of the twisted.web.http_headers.Headers methods addRawHeader() and \ 
setRawHeaders() now allow mixing str and bytes, matching the runtime behavior.
- twisted.web.vhost.NameVirtualHost no longer echoes HTML received in the Host \ 
header without escaping it (CVE-2022-39348, GHSA-vg46-2rrj-3647).

Deprecations and Removals
~~~~~~~~~~~~~~~~~~~~~~~~~
- twisted.web.resource.Resource.putChild now raises TypeError when the path \ 
argument is not bytes, rather than issuing a deprecation warning.
- The twisted.web.resource.ErrorPage, NoResource, and ForbiddenResource classes \ 
have been deprecated in favor of new implementations twisted.web.pages module \ 
because they permit HTML injection.

Mail
----

Bugfixes
~~~~~~~~
- emailserver.tac now runs under python3.x
Files:
RevisionActionfile
1.49modifypkgsrc/net/py-twisted/Makefile.common
1.36modifypkgsrc/net/py-twisted/PLIST
1.45modifypkgsrc/net/py-twisted/distinfo