pool/python-gevent
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updating link to change in openSUSE:Factory/python-gevent revision 45

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-gevent?expand=0&rev=4606ff1e4655d60a2171bc80e74ce243
This commit is contained in:
OBS User buildservice-autocommit 2023-09-22 19:46:56 +00:00 committed by Git OBS Bridge
parent 82b0f403d1
commit 61d106a577
1 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
python-gevent.changes
View File

@ -1,6 +1,46 @@
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller <dmueller@suse.com> Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 23.9.0 (CVE-2023-41419):
* Make ``gevent.select.select`` accept arbitrary iterables, not
just sequences. That is, you can now pass in a generator of file
descriptors instead of a realized list. Internally, arbitrary
iterables are copied into lists. This better matches what the
standard library does.
* On Python 3.11 and newer, opt out of Cython's fast exception
manipulation, which *may* be causing problems in certain
circumstances when combined with greenlets.
* On all versions of Python, adjust some error handling in the
default * -based loop. This fixes several assertion failures
on debug versions of CPython. Hopefully it has a positive
impact under real conditions.
* Make ``gevent.pywsgi`` comply more closely with the HTTP
specification for chunked transfer encoding. In particular,
we are much stricter about trailers, and trailers that are
invalid (too long or featuring disallowed characters) forcibly
close the connection to the client *after* the results have
been sent.
* Trailers otherwise continue to be ignored and are not
available to the WSGI application.
Previously, carefully crafted invalid trailers in chunked
requests on keep-alive connections might appear as two
requests to ``gevent.pywsgi``. Because this was handled
exactly as a normal keep-alive connection with two requests,
the WSGI application should handle it normally. However, if
you were counting on some upstream server to filter incoming
requests based on paths or header fields, and the upstream
server simply passed trailers through without
validating them, then this embedded second request would
bypass those checks.
(If the upstream server validated that the trailers
meet the* HTTP specification, this could not occur,
because characters that are required in an HTTP request,
like a space, are not allowed in trailers.) CVE-2023-41419
was reserved for this.
-------------------------------------------------------------------
Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 23.9.0 (bsc#1215469, CVE-2023-41419): - update to 23.9.0 (bsc#1215469, CVE-2023-41419):
* Make ``gevent.select.select`` accept arbitrary iterables, not * Make ``gevent.select.select`` accept arbitrary iterables, not
just sequences. That is, you can now pass in a generator of file just sequences. That is, you can now pass in a generator of file