Compare commits
1 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| 761908b078 |
@@ -1,3 +1,48 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 20 17:06:45 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 3.0.2:
|
||||
* When using Waitress to process trusted proxy headers,
|
||||
Waitress will now update the headers to drop any untrusted
|
||||
values, thereby making sure that WSGI apps only get trusted
|
||||
and validated values that Waitress itself used to update the
|
||||
environ.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 30 06:49:46 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
|
||||
- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768):
|
||||
* Fix a bug that would lead to Waitress busy looping on select()
|
||||
on a half-open socket due to a race condition that existed when
|
||||
creating a new HTTPChannel. See
|
||||
https://github.com/Pylons/waitress/pull/435,
|
||||
https://github.com/Pylons/waitress/issues/418 and
|
||||
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
|
||||
* No longer strip the header values before passing them to the
|
||||
WSGI environ. See https://github.com/Pylons/waitress/pull/434
|
||||
and https://github.com/Pylons/waitress/issues/432
|
||||
* Fix a race condition in Waitress when
|
||||
`channel_request_lookahead` is enabled that could lead to HTTP
|
||||
request smuggling.
|
||||
* See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 30 07:59:06 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 3.0.0:
|
||||
* Fixed testing of vendored asyncore code to not rely on
|
||||
particular naming for errno's.
|
||||
* HTTP Request methods and versions are now validated to meet
|
||||
the HTTP standards thereby dropping invalid requests on the floor.
|
||||
* No longer close the connection when sending a HEAD request
|
||||
response.
|
||||
* Always attempt to send the Connection: close response header
|
||||
when we are going to close the connection to let the remote
|
||||
know in more instances.
|
||||
* Document that trusted_proxy may be set to a wildcard value to
|
||||
trust all proxies.
|
||||
* clear_untrusted_proxy_headers is set to True by default.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 4 15:20:28 UTC 2023 - Ana Guerrero <ana.guerrero@suse.com>
|
||||
|
||||
@@ -76,7 +121,7 @@ Thu Mar 17 17:42:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||
previously get parsed as 10 and accepted. This stops potential HTTP
|
||||
desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue.
|
||||
See
|
||||
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
|
||||
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 27 12:27:31 UTC 2021 - Stefan Schubert <schubi@suse.de>
|
||||
@@ -157,9 +202,9 @@ Mon May 18 07:25:32 UTC 2020 - Petr Gajdos <pgajdos@suse.com>
|
||||
Thu Feb 6 17:29:20 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>
|
||||
|
||||
- update to 1.4.3
|
||||
* Waitress did not properly validate that the HTTP headers it received
|
||||
were properly formed, thereby potentially allowing a front-end server
|
||||
to treat a request different from Waitress. This could lead to HTTP
|
||||
* Waitress did not properly validate that the HTTP headers it received
|
||||
were properly formed, thereby potentially allowing a front-end server
|
||||
to treat a request different from Waitress. This could lead to HTTP
|
||||
request smuggling/splitting.
|
||||
- drop patch local-intersphinx-inventories.patch
|
||||
* it was commented out, anyway
|
||||
@@ -186,7 +231,7 @@ Fri Dec 20 18:28:24 UTC 2019 - Dirk Mueller <dmueller@suse.com>
|
||||
Thu Aug 29 13:35:14 UTC 2019 - Marketa Calabkova <mcalabkova@suse.com>
|
||||
|
||||
- update to 1.3.1
|
||||
* Waitress won’t accidentally throw away part of the path if it
|
||||
* Waitress won’t accidentally throw away part of the path if it
|
||||
starts with a double slash
|
||||
|
||||
-------------------------------------------------------------------
|
||||
@@ -412,10 +457,10 @@ Tue Aug 13 10:15:30 UTC 2013 - dmueller@suse.com
|
||||
- update to 0.8.6:
|
||||
- Do alternate type of checking for UNIX socket support, instead of checking
|
||||
for platform == windows.
|
||||
|
||||
|
||||
- Functional tests now use multiprocessing module instead of subprocess module,
|
||||
speeding up test suite and making concurrent execution more reliable.
|
||||
|
||||
|
||||
- Runner now appends the current working directory to ``sys.path`` to support
|
||||
running WSGI applications from a directory (i.e., not installed in a
|
||||
virtualenv).
|
||||
@@ -451,5 +496,5 @@ Mon Apr 29 14:14:25 UTC 2013 - speilicke@suse.com
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 29 13:06:10 UTC 2013 - dmueller@suse.com
|
||||
|
||||
- Initial package (0.8.3)
|
||||
- Initial package (0.8.3)
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file
|
||||
# spec file for package python-waitress
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
# Copyright (c) 2024 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -31,7 +31,7 @@
|
||||
%endif
|
||||
%{?sle15_python_module_pythons}
|
||||
Name: python-waitress%{psuffix}
|
||||
Version: 2.1.2
|
||||
Version: 3.0.2
|
||||
Release: 0
|
||||
Summary: Waitress WSGI server
|
||||
License: ZPL-2.1
|
||||
@@ -42,7 +42,9 @@ Source: https://files.pythonhosted.org/packages/source/w/waitress/waitre
|
||||
# https://docs.python.org/3/objects.inv -> python3.inv
|
||||
Source1: python3.inv
|
||||
Source2: fetch-intersphinx-inventories.sh
|
||||
BuildRequires: %{python_module pip}
|
||||
BuildRequires: %{python_module setuptools}
|
||||
BuildRequires: %{python_module wheel}
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: python-rpm-macros >= 20210929
|
||||
BuildArch: noarch
|
||||
@@ -53,7 +55,7 @@ BuildRequires: alts
|
||||
Requires: alts
|
||||
%else
|
||||
Requires(post): update-alternatives
|
||||
Requires(postun):update-alternatives
|
||||
Requires(postun): update-alternatives
|
||||
%endif
|
||||
%else
|
||||
# Documentation requirements
|
||||
@@ -87,10 +89,10 @@ http://docs.pylonsproject.org/projects/waitress/en/latest/ .
|
||||
sed -i '/addopts/d' setup.cfg
|
||||
|
||||
%build
|
||||
%python_build
|
||||
%pyproject_wheel
|
||||
|
||||
%install
|
||||
%python_install
|
||||
%pyproject_install
|
||||
%python_clone -a %{buildroot}%{_bindir}/waitress-serve
|
||||
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
||||
|
||||
@@ -113,7 +115,7 @@ sed -i '/addopts/d' setup.cfg
|
||||
%doc COPYRIGHT.txt README.rst
|
||||
%python_alternative %{_bindir}/waitress-serve
|
||||
%{python_sitelib}/waitress
|
||||
%{python_sitelib}/waitress-%{version}*-info
|
||||
%{python_sitelib}/waitress-%{version}.dist-info
|
||||
|
||||
%else
|
||||
|
||||
|
||||
BIN
waitress-2.1.2.tar.gz
(Stored with Git LFS)
BIN
waitress-2.1.2.tar.gz
(Stored with Git LFS)
Binary file not shown.
BIN
waitress-3.0.2.tar.gz
(Stored with Git LFS)
Normal file
BIN
waitress-3.0.2.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
Reference in New Issue
Block a user