twisted (24.3.0-1ubuntu0.1) noble-security; urgency=medium
* SECURITY UPDATE: Information disclosure by processing
pipelined HTTP requests out-of-order
- debian/patches/CVE-2024-41671-*.patch: Correct processing
of HTTP requests
- CVE-2024-41671
* SECURITY UPDATE: HTML injection in HTTP redirect body
- debian/patches/CVE-2024-41810-*.patch: added output
encoding in redirect HTML
- CVE-2024-41810
-- Nick Galanis <nick.galanis@canonical.com> Tue, 27 Aug 2024 13:30:39 +0300
twisted (24.3.0-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Drop unittest-skip-3.12.1.patch, superseded upstream.
-- Stefano Rivera <stefanor@debian.org> Mon, 04 Mar 2024 10:57:17 -0400
twisted (23.10.0-2) unstable; urgency=medium
* Patch: Skip test_sendFileDescriptorTriggersPauseProducing, as it was
failing in Debian CI.
-- Stefano Rivera <stefanor@debian.org> Tue, 26 Dec 2023 10:02:51 -0400
twisted (23.10.0-1) unstable; urgency=medium
[ Matthias Klose ]
* Remove myself as uploader.
[ Stefano Rivera ]
* Add myself as an uploader.
* New upstream release.
- Resolves CVE-2023-46137: Disordered HTTP pipeline response in
twisted.web. (Closes: #1054913)
* Refresh patches.
* Drop patches, superseded upstream:
- debian-hacks/Sphinx-Set-html_theme-to-twisteddefault.patch
- documentation/pydoctor-22.7.patch
- Implement-twisted.python.failure._Code.co_positions.patch
- Deprecate-twisted.web.resource.ErrorPage-and-spawn.patch
- Implement-twisted.web.pages.patch
- Update-imports-to-avoid-warnings.patch
- Update-the-docs.patch
- Address-DummyRequest-MyPy-issue.patch
- Address-IRenderable-MyPy-issue.patch
- Failing-test.patch
- Fix-NameVirtualHost-HTML-injection-vulnerability.patch
- Fix-references-to-twisted.pages.patch
- Call-the-superclass-constructor-via-private-alias.patch
- twisted.web.pages.-ErrorPage-errorPage.patch
- tests/Tests-remove-spurious-test-for-illegal-whitespace-in-xmlns.patch
- Add-CVE-to-newsfragment.patch
- Tests-Handle-setlocale-more-tolerant.patch
* Bump copyright years.
* Migrate to pybuild-plugin-pyproject and hatchling.
* Build-Depend on python3-sphinx-rtd-theme, now used by the docs.
* autopkgtest: Permit stderr.
* autopkgtest: Run without root, on all supported python 3 versions.
* autopkgtest: Depend on python3-hypothesis and locales-all.
- All pass now. (Closes: #1033516)
* Allow 2 digit minor versions in watch.
* Patch: Don't embed the build date in docs, making them reproducible.
(Closes: #1034499)
* Patch: Support unittest behaviour change in Python 3.12.1.
* Bump Standards-Version to 4.6.2, no changes needed.
-- Stefano Rivera <stefanor@debian.org> Mon, 25 Dec 2023 10:49:12 -0400
twisted (22.4.0-4) unstable; urgency=medium
* Team upload.
* Add upstream patch for Python 3.11 (Closes: #1029579)
* Add upstream patch for CVE-2022-39348 (Closes: #1023359)
-- Jochen Sprickerhof <jspricke@debian.org> Mon, 30 Jan 2023 16:12:17 +0100
twisted (22.4.0-3) unstable; urgency=medium
* Team upload.
* Patch: Fix FTBFS with pydoctor 22.7 (Closes: #1016315)
* Rebase pydoctor-22.7.patch underneath other debian-specific patches
touching the same code.
-- Stefano Rivera <stefanor@debian.org> Fri, 02 Sep 2022 14:10:50 +0200
twisted (22.4.0-2) unstable; urgency=medium
* Team upload.
* Patch: Drop dependency on python3-typing-extensions, we don't need it.
Avoids an unnecessary Main Inclusion Request in Ubuntu.
-- Stefano Rivera <stefanor@debian.org> Sat, 07 May 2022 08:58:45 -0400
twisted (22.4.0-1) unstable; urgency=medium
* Team upload.
* New upstream release.
- Fixes CVE-2022-24801 (Closes: #1009030)
* Refresh patches.
* Drop patch tests/Tests-Ignore-test_unicodeLogFileUTF8.patch, superseded
upstream.
* Drop "compression = gz" from gbp.conf, we are getting xz tarballs from
upstream.
* Patch: remove spurious test for illegal whitespace in xmlns.
-- Stefano Rivera <stefanor@debian.org> Fri, 22 Apr 2022 22:36:35 -0400
twisted (22.2.0-1) unstable; urgency=medium
* Team upload.
* New upstream release.
* Refresh patches.
* gbp.conf: Update the main branch.
* Make sure we exclude .gitattributes from the next generated tarballs.
-- Andrej Shadura <andrewsh@debian.org> Mon, 07 Mar 2022 12:32:07 +0100
twisted (22.1.0-2) unstable; urgency=medium
* Team upload.
* Removal of a private _PY3 constant breaks treq << 20.9.0.
-- Andrej Shadura <andrewsh@debian.org> Thu, 17 Feb 2022 11:40:49 +0100
twisted (22.1.0-1) unstable; urgency=medium
* Team upload
[ Carsten Schoenert ]
* d/gbp.conf: Extend with some more defaults
* d/watch: Update to version 4
* New upstream version 21.7.0
* Rebuild patch queue from patch-queue branch
Updated/Rebased/Adjusted/Renamed patches:
0003-sphinx-theme.patch ->
debian-hacks/Sphinx-Set-html_theme-to-twisteddefault.patch
0004-localIntersphinx.patch ->
debian-hacks/Sphinx-Set-intersphinx_mapping-for-py3.patch
0005-insecure-pythonpath.patch ->
debian-hacks/Security-Fix-vulnerable-example-of-PYTHONPATH.patch
0006-fix-sphinx-import-path.patch ->
debian-hacks/Sphinx-Adjust-setup-of-sys.path.insert.patch
0009-no-stderr-in-test_ckeygen.patch ->
tests/Tests-Fix-ckeygen-test-writing-to-stderr.patch
0010-handle-setlocale-test-failure.patch ->
tests/Tests-Handle-setlocale-more-tolerant.patch
0012-Skip-test-for-empty-cypher-string-openssl-does-not-t.patch ->
tests/Tests-Skip-test-for-empty-cypher-string.patch
0013-Drop-test_givesMeaningfulErrorMessageIfNoCipherMatch.patch ->
tests/Tests-Drop-test_givesMeaningfulErrorMessageIfNoCipherMatc.patch
0016-Try-exec-ing-ckeygen3-if-ckeygen-was-not-found.patch ->
debian-hacks/Try-exec-ing-ckeygen3-if-ckeygen-was-not-found.patch
Removed patches (included upstream):
0001-wxpython3.0.patch
0002-combinedlog.patch
0008-sort-option-keys.patch
0010-spurious-failure-in-setup-unit-tests.patch
0011-Ignore-fuction-name-in-SSL-error-code-in-tests-to-wo.patch
0017-Add-digestmod-parameter-to-HMAC.__init__-invocations.patch
0018-Make-the-twisted-tests-work-when-pyOpenSSL-deletes-N.patch
0019-Replace-base64.-string-functions-to-fix-py3.9-suppor.patch
0020-Fix-imap4-utf-7-codec-lookup-function-for-Python-3.9.patch
0021-Merge-9652-wiml-mktime-Allow-mktime-to-raise-EOVERFL.patch
0022-increase-size-of-FFDH-keys-for-conch-testing.patch
0023-Merge-9801-rodrigc-cgi-Change-import-of-cgi.parse_qs.patch
0024-fixed-corrupted-iqmp-value-in-test-RSA-key.patch
0025-Skip-failing-twisted.web.test.test_http.QueryArgumen.patch
* d/control: Add new required build dependencies
Adding pydoctor and python3-typing-extensions as new dependency required
for the package build.
* d/rules: Drop dh_movefiles for python3-twisted-bin
The files which were moved within target aren't existing any more.
* autopkgtest: Adjust testing call
* Rebuild patch queue from patch-queue branch
Added patches:
documentation/docs-Don-t-depend-on-git-stuff.patch
documentation/docs-conf.py-Adjust-the-intersphinx-mapping.patch
documentation/docs-conf.py-Don-t-use-intersphinx-within-pydoctor_args.patch
privacy/Privacy-Don-t-sideload-Google-Analytics.patch
tests/Test-Ignore-test_failure.py-file.patch
tests/Testing-Ignore-test-around-git-tooling.patch
tests/Tests-Ignore-test_listingModulesAlreadyImport.patch
tests/Tests-Ignore-test_unicodeLogFileUTF8.patch
tests/Tests-Ignore-tests-with-some-version-checking.patch
Adding some more required patches so the build and a later done
autopkgtest will succeed.
* Lintian: Remove override for python3-twisted
* d/control: Remove packages python3-twisted-{bin,dbg}
These packages arn't build any more, the source for previous created SO
files are now living within a own new upstream project.
* d/*control: Running wrap-and-sort -ast
* d/control: Update Standards-Version to 4.6.0
No further changes needed.
* d/rules: Ignore things around previous apidocs folder
* d/control: Adjust and update Build-Depends
Drop python2-doc and python3-all-{dbg,dev}, adding an versioned
dependency on pydoctor >= 21.12.1.
* d/control: Update suggestion of python3-twisted
* d/rules: Move over to debhelper style
Using debhelper targets within d/rules improves the readability
enormously and decreases the amount the really needed content to an
minimum.
* metadata: Update to serve more content
Extend data to also include the fields for Bug-Database, Bug-Submit and
FAQ.
* d/control: Adding entry Rules-Requires-Root: no
* d/d/options: Drop config file
* d/copyright: Update to current year data
* d/python3-twisted.post{inst.rm}: Uniform indentation style
* d/rules: Adjust shebang to use python3 in twisted-doc
* Lintian: Adding an override for twisted-doc
[ Andrej Shadura ]
* New upstream release.
* Update dependency versions.
* Refresh patches.
* Use dh-sequence-python3 instead of --with python3.
-- Andrej Shadura <andrewsh@debian.org> Thu, 10 Feb 2022 14:48:43 +0100
twisted (20.3.0-7) unstable; urgency=medium
* Team upload.
* Use the correct patch for upload (Closes: #984493) Sorry!
-- Ole Streicher <olebole@debian.org> Sat, 24 Apr 2021 18:36:24 +0200
twisted (20.3.0-6) unstable; urgency=medium
* Team upload.
* Fix skipIf call to actually fix autopkgtest
* Add Gitlab CI configuration
-- Ole Streicher <olebole@debian.org> Sat, 24 Apr 2021 18:36:24 +0200
twisted (20.3.0-5) unstable; urgency=medium
* Team upload.
* skip failing QueryArgumentsTests.testParseqs test
-- Ole Streicher <olebole@debian.org> Sat, 24 Apr 2021 14:24:44 +0200
twisted (20.3.0-4) unstable; urgency=medium
* Team upload.
* Fix several autopkgtest failures. (Closes: #979838)
- d/p/0016-Try-exec-ing-ckeygen3-if-ckeygen-was-not-found.path:
Rename ckeygen to ckeygen3.
- d/p/0017-Add-digestmod-parameter-to-HMAC.__init__-invocations.patch:
Add digestmod parameter to HMAC.__init__() invocations.
- d/p/0018-Make-the-twisted-tests-work-when-pyOpenSSL-deletes-N.patch:
Make the twisted tests work when pyOpenSSL deletes NPN.
- d/p/0019-Replace-base64.-string-functions-to-fix-py3.9-suppor.patch:
Replace base64.*string() functions to fix py3.9 support.
- d/p/0020-Fix-imap4-utf-7-codec-lookup-function-for-Python-3.9.patch:
Rename imap4-utf-7 to imap_utf_7.
- d/p/0021-Merge-9652-wiml-mktime-Allow-mktime-to-raise-EOVERFL.patch:
Allow mktime() to raise EOVERFLOW if isdst=1 and there's no DST.
- d/p/0022-increase-size-of-FFDH-keys-for-conch-testing.patch:
Increase size of FFDH keys for conch testing.
- d/p/0023-Merge-9801-rodrigc-cgi-Change-import-of-cgi.parse_qs.patch:
Change import of cgi.parse_qs to urllib.parse.parse_qs.
- d/p/0024-fixed-corrupted-iqmp-value-in-test-RSA-key.patch:
Fix corrupted iqmp value in test RSA key.
-- Sergio Durigan Junior <sergiodj@debian.org> Sat, 13 Feb 2021 02:12:02 -0500
twisted (20.3.0-3) unstable; urgency=medium
* Update python3-twisted dependencies to match upstream tls and conch
extras: in particular, the missing dependency on python3-bcrypt broke
openssh's autopkgtests.
-- Colin Watson <cjwatson@debian.org> Mon, 19 Oct 2020 23:13:43 +0100
twisted (20.3.0-2) unstable; urgency=medium
* Upload to unstable
[ Ondřej Nový ]
* d/control: Update Maintainer field with new Debian Python Team
contact address.
* d/control: Update Vcs-* fields with new Debian Python Team Salsa
layout.
[ Andrej Shadura ]
* Bump debhelper from old 12 to 13.
* Update standards version to 4.5.0, no changes needed.
-- Andrej Shadura <andrewsh@debian.org> Wed, 14 Oct 2020 15:19:41 +0200
twisted (20.3.0-1) experimental; urgency=medium
* New upstream release 20.3.0.
* Drop patches applies upstream.
-- Andrej Shadura <andrewsh@debian.org> Mon, 23 Mar 2020 21:08:16 +0100
twisted (19.10.0~rc1-1) experimental; urgency=medium
* New upstream 19.10.0 release candidate 1.
-- Matthias Klose <doko@debian.org> Sun, 27 Oct 2019 21:07:04 +0100
twisted (18.9.0-11) unstable; urgency=medium
* Drop python2 support; Closes: #938731
-- Sandro Tosi <morph@debian.org> Wed, 01 Apr 2020 20:34:17 -0400
twisted (18.9.0-10) unstable; urgency=medium
* The package currently doesn’t build apidocs, make this non-fatal.
When apidocs aren’t available, skip fixing up the URLs so that the
online version can be used.
-- Andrej Shadura <andrewsh@debian.org> Fri, 27 Mar 2020 10:59:44 +0100
twisted (18.9.0-9) unstable; urgency=medium
* Wrap long lines in changelog entries: 18.9.0-2.
* Bump debhelper from old 9 to 12.
* Convert debian/copyright to the machine-readable format.
Also provide fill.copyright.blanks.yml for scan-copyrights to
make it easier to update it in future.
* Fix day-of-week for changelog entries 1.1.2-1, 1.1.0-1, 1.0.7-1.
* Set upstream metadata fields: Repository, Repository-Browse.
* Improve building without documentation:
- DEB_BUILD_OPTIONS has to have nodoc, not nodocs to skip docs.
- Not only don’t install them, but don’t build them either.
- Support nodoc build profile.
-- Andrej Shadura <andrewsh@debian.org> Thu, 26 Mar 2020 17:31:42 +0100
twisted (18.9.0-8) unstable; urgency=high
* A no-change upload to set urgency to high since the upload
fixes security issues.
-- Andrej Shadura <andrewsh@debian.org> Mon, 23 Mar 2020 21:14:09 +0100
twisted (18.9.0-7) unstable; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: incorrect URI and HTTP method validation
- debian/patches/CVE-2019-12387.patch: prevent CRLF injections in
src/twisted/web/_newclient.py, src/twisted/web/client.py,
src/twisted/web/test/injectionhelpers.py,
src/twisted/web/test/test_agent.py,
src/twisted/web/test/test_webclient.py.
- CVE-2019-12387
- Closes: #930389
* SECURITY UPDATE: incorrect cert validation in XMPP support
- debian/patches/CVE-2019-12855-*.patch: upstream patches to implement
certificate checking.
- CVE-2019-12855
- Closes: #930626
* SECURITY UPDATE: HTTP/2 denial of service issues
- debian/patches/CVE-2019-951x.patch: buffer outbound control frames
and timeout invalid clients in src/twisted/web/_http2.py,
src/twisted/web/error.py, src/twisted/web/http.py,
src/twisted/web/test/test_http.py,
src/twisted/web/test/test_http2.py.
- CVE-2019-9511
- CVE-2019-9514
- CVE-2019-9515
* SECURITY UPDATE: request smuggling attacks
- debian/patches/CVE-2020-1010x-pre1.patch: refactor to reduce
duplication in src/twisted/web/test/test_http.py.
- debian/patches/CVE-2020-1010x.patch: fix several request smuggling
attacks in src/twisted/web/http.py,
src/twisted/web/test/test_http.py.
- CVE-2020-10108
- CVE-2020-10109
- Closes: #953950
[ Emmanuel Arias ]
* Add patch to fix SyntaxWarning (Closes: #948560).
[ Moritz Muehlenhoff ]
* Remove Suggests on python-gtk2/python-glade2, which is being removed.
-- Andrej Shadura <andrewsh@debian.org> Mon, 23 Mar 2020 20:49:21 +0100
twisted (18.9.0-6) unstable; urgency=medium
* Use python2 in the Python2 autopkg test.
* python-twisted-*-dbg: Depend on python2-dbg instead of python-dbg.
-- Matthias Klose <doko@ubuntu.com> Thu, 09 Jan 2020 21:25:22 +0100
twisted (18.9.0-5) unstable; urgency=medium
[ Ondřej Nový ]
* Use debhelper-compat instead of debian/compat
* Add python{,3}-hamcrest to B-D (Closes: #943582).
* Add python{,3}-hamcrest to B-D and D (Closes: #943582).
-- Balint Reczey <rbalint@ubuntu.com> Thu, 07 Nov 2019 17:05:21 +0100
twisted (18.9.0-4) unstable; urgency=medium
[ Matthias Klose ]
* Fix installation of python3.8 extensions.
* Bump standards version.
* Build-depend on python2-doc instead of python-doc.
* Use python2 as shebang for the Python2 packages.
[ Julian Andres Klode ]
* Add missing Depends for python{,3}-idna to python{,3}-twisted-core, as
they are needed for TLS support. Closes: #935965.
-- Matthias Klose <doko@debian.org> Sat, 19 Oct 2019 13:24:26 +0200
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog python3-twisted`.
Generated by dwww version 1.16 on Mon Dec 15 20:57:48 CET 2025.