From 82b0f403d1958291bc182dec6b75793fb5e5c7f919f1ae43f135989b97f84567 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Fri, 22 Sep 2023 09:41:56 +0000
Subject: [PATCH 1/3] - update to 23.9.0 (bsc#1215469, CVE-2023-41419):

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-gevent?expand=0&rev=100
---
 python-gevent.changes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python-gevent.changes b/python-gevent.changes
index 4c726b5..eab47d8 100644
--- a/python-gevent.changes
+++ b/python-gevent.changes
@@ -1,7 +1,7 @@
 -------------------------------------------------------------------
 Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
 
-- update to 23.9.0 (CVE-2023-41419):
+- update to 23.9.0 (bsc#1215469, CVE-2023-41419):
   * Make ``gevent.select.select`` accept arbitrary iterables, not
     just sequences. That is, you can now pass in a generator of file
     descriptors instead of a realized list. Internally, arbitrary

From 61d106a577e7c03f1e2e6320885d41d835ae6ac16fcf6c740067e6adc817d6b6 Mon Sep 17 00:00:00 2001
From: OBS User buildservice-autocommit <null@suse.de>
Date: Fri, 22 Sep 2023 19:46:56 +0000
Subject: [PATCH 2/3] Updating link to change in openSUSE:Factory/python-gevent
 revision 45

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-gevent?expand=0&rev=4606ff1e4655d60a2171bc80e74ce243
---
 python-gevent.changes | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/python-gevent.changes b/python-gevent.changes
index eab47d8..79ba8e8 100644
--- a/python-gevent.changes
+++ b/python-gevent.changes
@@ -1,6 +1,46 @@
 -------------------------------------------------------------------
 Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
 
+- update to 23.9.0 (CVE-2023-41419):
+  * Make ``gevent.select.select`` accept arbitrary iterables, not
+    just sequences. That is, you can now pass in a generator of file
+    descriptors instead of a realized list. Internally, arbitrary
+    iterables are copied into lists. This better matches what the
+    standard library does.
+  * On Python 3.11 and newer, opt out of Cython's fast exception
+    manipulation, which *may* be causing problems in certain
+    circumstances when combined with greenlets.
+  * On all versions of Python, adjust some error handling in the
+    default * -based loop. This fixes several assertion failures
+    on debug versions of CPython. Hopefully it has a positive
+    impact under real conditions.
+  * Make ``gevent.pywsgi`` comply more closely with the HTTP
+    specification for chunked transfer encoding. In particular,
+    we are much stricter about trailers, and trailers that are
+    invalid (too long or featuring disallowed characters) forcibly
+    close the connection to the client *after* the results have
+    been sent.
+  * Trailers otherwise continue to be ignored and are not
+    available to the WSGI application.
+    Previously, carefully crafted invalid trailers in chunked
+    requests on keep-alive connections might appear as two
+    requests to ``gevent.pywsgi``. Because this was handled
+    exactly as a normal keep-alive connection with two requests,
+    the WSGI application should handle it normally. However, if
+    you were counting on some upstream server to filter incoming
+    requests based on paths or header fields, and the upstream
+    server simply passed trailers through without
+    validating them, then this embedded second request would
+    bypass those checks.
+    (If the upstream server validated that the trailers
+    meet the* HTTP specification, this could not occur,
+    because characters that are required in an HTTP request,
+    like a space, are not allowed in trailers.) CVE-2023-41419
+    was reserved for this.
+
+-------------------------------------------------------------------
+Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
+
 - update to 23.9.0 (bsc#1215469, CVE-2023-41419):
   * Make ``gevent.select.select`` accept arbitrary iterables, not
     just sequences. That is, you can now pass in a generator of file

From ea60906717da0447499b07cb6f966b3e0bec419689c2025d9cee4e00a078ba5e Mon Sep 17 00:00:00 2001
From: OBS User buildservice-autocommit <null@suse.de>
Date: Fri, 22 Sep 2023 19:46:56 +0000
Subject: [PATCH 3/3] baserev update by copy to link target

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-gevent?expand=0&rev=101
---
 python-gevent.changes | 40 ----------------------------------------
 1 file changed, 40 deletions(-)

diff --git a/python-gevent.changes b/python-gevent.changes
index 79ba8e8..eab47d8 100644
--- a/python-gevent.changes
+++ b/python-gevent.changes
@@ -1,46 +1,6 @@
 -------------------------------------------------------------------
 Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
 
-- update to 23.9.0 (CVE-2023-41419):
-  * Make ``gevent.select.select`` accept arbitrary iterables, not
-    just sequences. That is, you can now pass in a generator of file
-    descriptors instead of a realized list. Internally, arbitrary
-    iterables are copied into lists. This better matches what the
-    standard library does.
-  * On Python 3.11 and newer, opt out of Cython's fast exception
-    manipulation, which *may* be causing problems in certain
-    circumstances when combined with greenlets.
-  * On all versions of Python, adjust some error handling in the
-    default * -based loop. This fixes several assertion failures
-    on debug versions of CPython. Hopefully it has a positive
-    impact under real conditions.
-  * Make ``gevent.pywsgi`` comply more closely with the HTTP
-    specification for chunked transfer encoding. In particular,
-    we are much stricter about trailers, and trailers that are
-    invalid (too long or featuring disallowed characters) forcibly
-    close the connection to the client *after* the results have
-    been sent.
-  * Trailers otherwise continue to be ignored and are not
-    available to the WSGI application.
-    Previously, carefully crafted invalid trailers in chunked
-    requests on keep-alive connections might appear as two
-    requests to ``gevent.pywsgi``. Because this was handled
-    exactly as a normal keep-alive connection with two requests,
-    the WSGI application should handle it normally. However, if
-    you were counting on some upstream server to filter incoming
-    requests based on paths or header fields, and the upstream
-    server simply passed trailers through without
-    validating them, then this embedded second request would
-    bypass those checks.
-    (If the upstream server validated that the trailers
-    meet the* HTTP specification, this could not occur,
-    because characters that are required in an HTTP request,
-    like a space, are not allowed in trailers.) CVE-2023-41419
-    was reserved for this.
-
--------------------------------------------------------------------
-Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller <dmueller@suse.com>
-
 - update to 23.9.0 (bsc#1215469, CVE-2023-41419):
   * Make ``gevent.select.select`` accept arbitrary iterables, not
     just sequences. That is, you can now pass in a generator of file