Sync from SUSE:SLFO:Main python-gunicorn revision 5749ec172c8f3456624d12b009b2fcd6

2024-08-30 15:33:11 +02:00 · 2024-08-30 15:33:11 +02:00 · 6a5c5e254d
commit 6a5c5e254d
parent 13708d8d39
5 changed files with 78 additions and 70 deletions
--- a/gunicorn-20.1.0.tar.gz
+++ b/gunicorn-20.1.0.tar.gz
--- a/gunicorn-22.0.0.tar.gz
+++ b/gunicorn-22.0.0.tar.gz
--- a/python-gunicorn.changes
+++ b/python-gunicorn.changes
@ -1,3 +1,54 @@
 -------------------------------------------------------------------
 Wed Apr 17 12:43:25 UTC 2024 - Markéta Machová <mmachova@suse.com>
 - Update to 22.0.0
  * use `utime` to notify workers liveness
  * migrate setup to pyproject.toml
  * fix numerous security vulnerabilities in HTTP parser (closing some 
    request smuggling vectors)
  * parsing additional requests is no longer attempted past unsupported 
    request framing
  * on HTTP versions < 1.1 support for chunked transfer is refused
  * requests conflicting configured or passed SCRIPT_NAME now produce 
    a verbose error
  * Trailer fields are no longer inspected for headers indicating secure 
    scheme
  * support Python 3.12
 ** Breaking changes **
  * minimum version is Python 3.7
  * the limitations on valid characters in the HTTP method have been bounded 
    to Internet Standards
  * requests specifying unsupported transfer coding (order) are refused by 
    default (rare)
  * HTTP methods are no longer casefolded by default (IANA method registry 
    contains none affected)
  * HTTP methods containing the number sign (#) are no longer accepted by 
    default (rare)
  * HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare)
  * HTTP versions consisting of multiple digits or containing a prefix/suffix 
    are no longer accepted
  * HTTP header field names Gunicorn cannot safely map to variables are silently 
    dropped, as in other software
  * HTTP headers with empty field name are refused by default
  * requests with both Transfer-Encoding and Content-Length are refused by default 
    (such a message might indicate an attempt to perform request smuggling)
  * empty transfer codings are no longer permitted
 ** SECURITY **
  * fix CVE-2024-1135 (bsc#1222950)
 -------------------------------------------------------------------
 Mon Jan  8 23:05:51 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 - Clean up the SPEC file
 -------------------------------------------------------------------
 Mon Jan  8 09:03:41 UTC 2024 - Andreas Schneider <asn@cryptomilk.org>
 - Update to version 21.2.0
  * See https://github.com/benoitc/gunicorn/blob/21.2.0/docs/source/news.rst
    or the packaged news.rst
 - Removed support-eventlet-30-3.patch
 -------------------------------------------------------------------
 Sun Apr 23 23:07:34 UTC 2023 - Matej Cepl <mcepl@suse.com>
--- a/python-gunicorn.spec
+++ b/python-gunicorn.spec
@ -1,7 +1,7 @@
 #
-# spec file
+# spec file for package python-gunicorn
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -27,33 +27,39 @@
 %define skip_python2 1
 %{?sle15_python_module_pythons}
 Name:           python-gunicorn%{psuffix}
-Version:        20.1.0
+Version:        22.0.0
 Release:        0
 Summary:        WSGI HTTP Server for UNIX
 License:        MIT
 Group:          Development/Languages/Python
 URL:            https://gunicorn.org
 Source:         https://files.pythonhosted.org/packages/source/g/gunicorn/gunicorn-%{version}.tar.gz
-Patch0:         support-eventlet-30-3.patch
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools >= 3.0}
 BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 BuildRequires:  python3-Sphinx
 %if %{with test}
 BuildRequires:  %{python_module eventlet}
 BuildRequires:  %{python_module gevent >= 1.4}
 BuildRequires:  %{python_module gunicorn}
 BuildRequires:  %{python_module pytest}
 %endif
 Requires:       python-setuptools >= 3.0
 Requires(post): update-alternatives
-Requires(postun):update-alternatives
+Requires(postun): update-alternatives
 Suggests:       python-evenlet
 Suggests:       python-gevent
 Suggests:       python-gthread
 Suggests:       python-setproctitle
 Suggests:       python-tornado
 BuildArch:      noarch
 %if 0%{?sle_version} >= 150500
 # Fixes the build on Leap
 BuildRequires:  %{python_module Sphinx}
 %else
 BuildRequires:  python3-Sphinx
 %endif
 %if %{with test}
 BuildRequires:  %{python_module eventlet}
 BuildRequires:  %{python_module gevent >= 1.4}
 BuildRequires:  %{python_module gunicorn}
 BuildRequires:  %{python_module pytest-cov}
 BuildRequires:  %{python_module pytest}
 %endif
 %python_subpackages
 %description
@ -91,11 +97,11 @@ sed -i -e 's/--cov[^ ]*//' -e 's/--cov-report[^ ]*//' setup.cfg
 %else  # without test
 %build
-%python_build
+%pyproject_wheel
 sphinx-build -b html -d docs/build/doctrees docs/source docs/build/html
 %install
-%python_install
+%pyproject_install
 %python_clone -a %{buildroot}%{_bindir}/gunicorn
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
@ -108,13 +114,14 @@ sphinx-build -b html -d docs/build/doctrees docs/source docs/build/html
 %files %{python_files}
 %license LICENSE
 %python_alternative %{_bindir}/gunicorn
-%{python_sitelib}/*
+%{python_sitelib}/gunicorn
 %{python_sitelib}/gunicorn-%{version}*-info
 %if 0%{?suse_version} > 1500
 %files -n python-gunicorn-doc
 %license LICENSE
 %endif
-%doc README.rst NOTICE THANKS docs/build/html
+%doc README.rst NOTICE THANKS docs/build/html docs/source/news.rst
 %endif
 %changelog
--- a/support-eventlet-30-3.patch
+++ b/support-eventlet-30-3.patch
@ -1,50 +0,0 @@
 From 6a8ebb4844b2f28596ffe7421eb9f7d08c8dc4d8 Mon Sep 17 00:00:00 2001
 From: Sergey Shepelev <temotor@gmail.com>
 Date: Thu, 6 May 2021 12:54:06 +0300
 Subject: [PATCH] eventlet worker: ALREADY_HANDLED -> WSGI_LOCAL
 Eventlet v0.30.3+ removed wsgi.ALREADY_HANDLED in favor of
 `wsgi.WSGI_LOCAL.already_handled: bool`
 Sorry, this breaking change happened during only patch
 version increase 0.30.2 -> 0.30.3
 https://github.com/eventlet/eventlet/issues/543
 https://github.com/eventlet/eventlet/pull/544
 ---
 gunicorn/workers/geventlet.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)
 diff --git a/gunicorn/workers/geventlet.py b/gunicorn/workers/geventlet.py
 index ffdb206c0..ea82f3d62 100644
 --- a/gunicorn/workers/geventlet.py
 +++ b/gunicorn/workers/geventlet.py
@@ -17,11 +17,16 @@
 from eventlet import hubs, greenthread
 from eventlet.greenio import GreenSocket
 -from eventlet.wsgi import ALREADY_HANDLED as EVENTLET_ALREADY_HANDLED
 +import eventlet.wsgi
 import greenlet
 from gunicorn.workers.base_async import AsyncWorker
 +# ALREADY_HANDLED is removed in 0.30.3+ now it's `WSGI_LOCAL.already_handled: bool`
 +# https://github.com/eventlet/eventlet/pull/544
 +EVENTLET_WSGI_LOCAL = getattr(eventlet.wsgi, "WSGI_LOCAL", None)
 +EVENTLET_ALREADY_HANDLED = getattr(eventlet.wsgi, "ALREADY_HANDLED", None)
 +
 def _eventlet_socket_sendfile(self, file, offset=0, count=None):
     # Based on the implementation in gevent which in turn is slightly
@@ -125,6 +130,10 @@ def patch(self):
         patch_sendfile()
     def is_already_handled(self, respiter):
 +        # eventlet >= 0.30.3
 +        if getattr(EVENTLET_WSGI_LOCAL, "already_handled", None):
 +            raise StopIteration()
 +        # eventlet < 0.30.3
         if respiter == EVENTLET_ALREADY_HANDLED:
             raise StopIteration()
         return super().is_already_handled(respiter)