Sync from SUSE:SLFO:Main python-gunicorn revision 5749ec172c8f3456624d12b009b2fcd6

This commit is contained in:
Adrian Schröter 2024-08-30 15:33:11 +02:00
parent 13708d8d39
commit 6a5c5e254d
5 changed files with 78 additions and 70 deletions

BIN
gunicorn-20.1.0.tar.gz (Stored with Git LFS)

Binary file not shown.

BIN
gunicorn-22.0.0.tar.gz (Stored with Git LFS) Normal file

Binary file not shown.

View File

@ -1,3 +1,54 @@
-------------------------------------------------------------------
Wed Apr 17 12:43:25 UTC 2024 - Markéta Machová <mmachova@suse.com>
- Update to 22.0.0
* use `utime` to notify workers liveness
* migrate setup to pyproject.toml
* fix numerous security vulnerabilities in HTTP parser (closing some
request smuggling vectors)
* parsing additional requests is no longer attempted past unsupported
request framing
* on HTTP versions < 1.1 support for chunked transfer is refused
* requests conflicting configured or passed SCRIPT_NAME now produce
a verbose error
* Trailer fields are no longer inspected for headers indicating secure
scheme
* support Python 3.12
** Breaking changes **
* minimum version is Python 3.7
* the limitations on valid characters in the HTTP method have been bounded
to Internet Standards
* requests specifying unsupported transfer coding (order) are refused by
default (rare)
* HTTP methods are no longer casefolded by default (IANA method registry
contains none affected)
* HTTP methods containing the number sign (#) are no longer accepted by
default (rare)
* HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare)
* HTTP versions consisting of multiple digits or containing a prefix/suffix
are no longer accepted
* HTTP header field names Gunicorn cannot safely map to variables are silently
dropped, as in other software
* HTTP headers with empty field name are refused by default
* requests with both Transfer-Encoding and Content-Length are refused by default
(such a message might indicate an attempt to perform request smuggling)
* empty transfer codings are no longer permitted
** SECURITY **
* fix CVE-2024-1135 (bsc#1222950)
-------------------------------------------------------------------
Mon Jan 8 23:05:51 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
- Clean up the SPEC file
-------------------------------------------------------------------
Mon Jan 8 09:03:41 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 21.2.0
* See https://github.com/benoitc/gunicorn/blob/21.2.0/docs/source/news.rst
or the packaged news.rst
- Removed support-eventlet-30-3.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Apr 23 23:07:34 UTC 2023 - Matej Cepl <mcepl@suse.com> Sun Apr 23 23:07:34 UTC 2023 - Matej Cepl <mcepl@suse.com>

View File

@ -1,7 +1,7 @@
# #
# spec file # spec file for package python-gunicorn
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -27,25 +27,18 @@
%define skip_python2 1 %define skip_python2 1
%{?sle15_python_module_pythons} %{?sle15_python_module_pythons}
Name: python-gunicorn%{psuffix} Name: python-gunicorn%{psuffix}
Version: 20.1.0 Version: 22.0.0
Release: 0 Release: 0
Summary: WSGI HTTP Server for UNIX Summary: WSGI HTTP Server for UNIX
License: MIT License: MIT
Group: Development/Languages/Python Group: Development/Languages/Python
URL: https://gunicorn.org URL: https://gunicorn.org
Source: https://files.pythonhosted.org/packages/source/g/gunicorn/gunicorn-%{version}.tar.gz Source: https://files.pythonhosted.org/packages/source/g/gunicorn/gunicorn-%{version}.tar.gz
Patch0: support-eventlet-30-3.patch BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools >= 3.0} BuildRequires: %{python_module setuptools >= 3.0}
BuildRequires: %{python_module wheel}
BuildRequires: fdupes BuildRequires: fdupes
BuildRequires: python-rpm-macros BuildRequires: python-rpm-macros
BuildRequires: python3-Sphinx
%if %{with test}
BuildRequires: %{python_module eventlet}
BuildRequires: %{python_module gevent >= 1.4}
BuildRequires: %{python_module gunicorn}
BuildRequires: %{python_module pytest}
%endif
Requires: python-setuptools >= 3.0
Requires(post): update-alternatives Requires(post): update-alternatives
Requires(postun): update-alternatives Requires(postun): update-alternatives
Suggests: python-evenlet Suggests: python-evenlet
@ -54,6 +47,19 @@ Suggests: python-gthread
Suggests: python-setproctitle Suggests: python-setproctitle
Suggests: python-tornado Suggests: python-tornado
BuildArch: noarch BuildArch: noarch
%if 0%{?sle_version} >= 150500
# Fixes the build on Leap
BuildRequires: %{python_module Sphinx}
%else
BuildRequires: python3-Sphinx
%endif
%if %{with test}
BuildRequires: %{python_module eventlet}
BuildRequires: %{python_module gevent >= 1.4}
BuildRequires: %{python_module gunicorn}
BuildRequires: %{python_module pytest-cov}
BuildRequires: %{python_module pytest}
%endif
%python_subpackages %python_subpackages
%description %description
@ -91,11 +97,11 @@ sed -i -e 's/--cov[^ ]*//' -e 's/--cov-report[^ ]*//' setup.cfg
%else # without test %else # without test
%build %build
%python_build %pyproject_wheel
sphinx-build -b html -d docs/build/doctrees docs/source docs/build/html sphinx-build -b html -d docs/build/doctrees docs/source docs/build/html
%install %install
%python_install %pyproject_install
%python_clone -a %{buildroot}%{_bindir}/gunicorn %python_clone -a %{buildroot}%{_bindir}/gunicorn
%python_expand %fdupes %{buildroot}%{$python_sitelib} %python_expand %fdupes %{buildroot}%{$python_sitelib}
@ -108,13 +114,14 @@ sphinx-build -b html -d docs/build/doctrees docs/source docs/build/html
%files %{python_files} %files %{python_files}
%license LICENSE %license LICENSE
%python_alternative %{_bindir}/gunicorn %python_alternative %{_bindir}/gunicorn
%{python_sitelib}/* %{python_sitelib}/gunicorn
%{python_sitelib}/gunicorn-%{version}*-info
%if 0%{?suse_version} > 1500 %if 0%{?suse_version} > 1500
%files -n python-gunicorn-doc %files -n python-gunicorn-doc
%license LICENSE %license LICENSE
%endif %endif
%doc README.rst NOTICE THANKS docs/build/html %doc README.rst NOTICE THANKS docs/build/html docs/source/news.rst
%endif %endif
%changelog %changelog

View File

@ -1,50 +0,0 @@
From 6a8ebb4844b2f28596ffe7421eb9f7d08c8dc4d8 Mon Sep 17 00:00:00 2001
From: Sergey Shepelev <temotor@gmail.com>
Date: Thu, 6 May 2021 12:54:06 +0300
Subject: [PATCH] eventlet worker: ALREADY_HANDLED -> WSGI_LOCAL
Eventlet v0.30.3+ removed wsgi.ALREADY_HANDLED in favor of
`wsgi.WSGI_LOCAL.already_handled: bool`
Sorry, this breaking change happened during only patch
version increase 0.30.2 -> 0.30.3
https://github.com/eventlet/eventlet/issues/543
https://github.com/eventlet/eventlet/pull/544
---
gunicorn/workers/geventlet.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/gunicorn/workers/geventlet.py b/gunicorn/workers/geventlet.py
index ffdb206c0..ea82f3d62 100644
--- a/gunicorn/workers/geventlet.py
+++ b/gunicorn/workers/geventlet.py
@@ -17,11 +17,16 @@
from eventlet import hubs, greenthread
from eventlet.greenio import GreenSocket
-from eventlet.wsgi import ALREADY_HANDLED as EVENTLET_ALREADY_HANDLED
+import eventlet.wsgi
import greenlet
from gunicorn.workers.base_async import AsyncWorker
+# ALREADY_HANDLED is removed in 0.30.3+ now it's `WSGI_LOCAL.already_handled: bool`
+# https://github.com/eventlet/eventlet/pull/544
+EVENTLET_WSGI_LOCAL = getattr(eventlet.wsgi, "WSGI_LOCAL", None)
+EVENTLET_ALREADY_HANDLED = getattr(eventlet.wsgi, "ALREADY_HANDLED", None)
+
def _eventlet_socket_sendfile(self, file, offset=0, count=None):
# Based on the implementation in gevent which in turn is slightly
@@ -125,6 +130,10 @@ def patch(self):
patch_sendfile()
def is_already_handled(self, respiter):
+ # eventlet >= 0.30.3
+ if getattr(EVENTLET_WSGI_LOCAL, "already_handled", None):
+ raise StopIteration()
+ # eventlet < 0.30.3
if respiter == EVENTLET_ALREADY_HANDLED:
raise StopIteration()
return super().is_already_handled(respiter)