Accepting request 1244641 from devel:languages:python

- Update to 11.1.2:
  * CVE-2025-23217: mitmweb's API now requires an authentication token by
    default. The mitmweb API is bound to localhost only, but @gronke found
    that an attacker can circumvent that restriction by tunneling requests
    through the proxy server itself in an SSRF-style attack.
    (fa89055, @mhils)  (bsc#1236890)
  * Add (optional) password protection for mitmweb. The web_password option
    replaces the randomly-generated token authentication with a fixed secret
    that survives mitmproxy restarts. (0bd573a, @mhils)
  * mitmweb can now be hosted under arbitrary domains, the previously-used
    DNS rebind protection is not required anymore. (62693af, @mhils)
  * Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly;
    SameSite=Strict. (#7491, @mhils)
  * Fix console freezing due to DNS queries with an empty question
    section. (#7497, @sujaldev)
  * Fixed a bug that caused mitmproxy to crash when loading prior knowledge
    h2 flows. (#7514, @sujaldev)
  * Fix a bug where mitmproxy would get stuck in secure web proxy mode when
    using ignore_hosts or allow_hosts. (#7519, @mhils)
  * Copy request/response data to the clipboard in mitmweb (#7352, @lups2000)
  * Fix a bug where exporting a curl or httpie command with escaped
    characters would lead to different data being sent.
    (#7520, @proteusvacuum)
  * Local Capture Mode is now available on Linux as well. (#7440, @mhils)
  * mitmproxy now requires Python 3.12 or above. (#7440, @mhils)
  * Add cache-busting for mitmweb's front end code. (#7386, @mhils)
  * Clicking the URL in mitmweb now places the cursor at the current
    position instead of selecting the entire URL. (#7385, @lups2000)
  * Add missing status codes (#7455, @jwadolowski)
  * All filter expressions are now case-insensitive by default. Users can

OBS-URL: https://build.opensuse.org/request/show/1244641
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-mitmproxy?expand=0&rev=12

mitmproxy-10.2.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:04125906ec8b34c9ebb381ac2bdfe5f7bd00db859288e78b4a5e6c79a6a57e6e
-size 30897633

mitmproxy-11.1.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:c3e47913f4b1ad4784bffbd2d2952ba456fe32e3dfd2da43a78f240b04653792
+size 31039774

python-mitmproxy.changes

@@ -1,3 +1,194 @@
+-------------------------------------------------------------------
+Mon Feb 10 04:57:07 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 11.1.2:
+  * CVE-2025-23217: mitmweb's API now requires an authentication token by
+    default. The mitmweb API is bound to localhost only, but @gronke found
+    that an attacker can circumvent that restriction by tunneling requests
+    through the proxy server itself in an SSRF-style attack.
+    (fa89055, @mhils)  (bsc#1236890)
+  * Add (optional) password protection for mitmweb. The web_password option
+    replaces the randomly-generated token authentication with a fixed secret
+    that survives mitmproxy restarts. (0bd573a, @mhils)
+  * mitmweb can now be hosted under arbitrary domains, the previously-used
+    DNS rebind protection is not required anymore. (62693af, @mhils)
+  * Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly;
+    SameSite=Strict. (#7491, @mhils)
+  * Fix console freezing due to DNS queries with an empty question
+    section. (#7497, @sujaldev)
+  * Fixed a bug that caused mitmproxy to crash when loading prior knowledge
+    h2 flows. (#7514, @sujaldev)
+  * Fix a bug where mitmproxy would get stuck in secure web proxy mode when
+    using ignore_hosts or allow_hosts. (#7519, @mhils)
+  * Copy request/response data to the clipboard in mitmweb (#7352, @lups2000)
+  * Fix a bug where exporting a curl or httpie command with escaped
+    characters would lead to different data being sent.
+    (#7520, @proteusvacuum)
+  * Local Capture Mode is now available on Linux as well. (#7440, @mhils)
+  * mitmproxy now requires Python 3.12 or above. (#7440, @mhils)
+  * Add cache-busting for mitmweb's front end code. (#7386, @mhils)
+  * Clicking the URL in mitmweb now places the cursor at the current
+    position instead of selecting the entire URL. (#7385, @lups2000)
+  * Add missing status codes (#7455, @jwadolowski)
+  * All filter expressions are now case-insensitive by default. Users can
+    opt into case-sensitive filters by setting
+    MITMPROXY_CASE_SENSITIVE_FILTERS=1 as an environment variable.
+    (#7458, @mhils, @AdityaPatadiya)
+  * Remove filter expression lowercasing in block_list addon
+    (#7456, @jwadolowski)
+  * Remove check for status codes in the blocklist add-on.
+    (#7453, @lups2000, @AdityaPatadiya)
+  * Prompt user before clearing screen (#7445, @errorxyz)
+  * Stop sorting keys in JSON contentview (#7346, @injust)
+  * Fix a bug where a custom CA would raise an error. (#7355, @nneonneo)
+  * Fix a bug where the mitmproxy UI would crash on negative durations.
+    (#7358, @mhils)
+  * Allow technically invalid HTTP transfer encodings in requests if
+    validate_inbound_headers is disabled. (#7361, #7373, @mhils)
+  * Fix a bug in windows management in mitmproxy TUI whereby the help window
+    does not appear if "?" is pressed within the overlay
+    (#6500, @emanuele-em)
+  * Tighten HTTP detection heuristic to better support custom TCP-based
+    protocols. (#7228, @fatanugraha)
+  * Implement stricter validation of HTTP headers to harden against request
+    smuggling attacks. (#7345, @mhils)
+  * Increase HTTP/2 default flow control window size, fixing performance
+    issues. (#7317, @sujaldev)
+  * Fix a bug where mitmproxy would incorrectly report that TLS 1.0 and 1.1
+    are not supported with the current OpenSSL build. (#7241, @mhils)
+  * Add a tun proxy mode that creates a virtual network device on Linux for
+    transparent proxying. (#7278, @mhils)
+  * browser.start command now supports Firefox. (#7239, @sujaldev)
+  * Fix interaction of the modify_headers and stream_large_bodies options.
+    This may break users of modify_headers that rely on filters referencing
+    the message body. We expect this to be uncommon, but please make
+    yourself heard if that's not the case. (#7286, @lukant)
+  * Fix a crash when handling corrupted compressed body in savehar addon and
+    its tests. (#7320, @8192bytes)
+  * Remove dependency on protobuf library as it was no longer being
+    used. (#7327, @matthew16550)
+
+-------------------------------------------------------------------
+Fri Oct 18 00:32:15 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
+
+- Update to version 11.0.0:
+  * mitmproxy now supports transparent HTTP/3 proxying.
+  * Add HTTP3 support in HTTPS reverse-proxy mode.
+  * mitmproxy now officially supports Python 3.13.
+  * Tighten HTTP detection heuristic to better support custom
+    TCP-based protocols.
+  * Add show_ignored_hosts option to display ignored flows in the
+    UI. This option is implemented as a temporary workaround and
+    will be removed in the future.
+  * Fix slow tnetstring parsing in case of very large tnetstring.
+  * Add getaddrinfo-based fallback for DNS resolution if we are
+    unable to determine the operating system's name servers.
+  * Improve the error message when users specify the certs option
+    without a matching private key.
+  * Fix a bug where intermediate certificates would not be
+    transmitted when using QUIC.
+  * Fix a bug where fragmented QUIC client hellos were not handled
+    properly.
+  * Emit a warning when users configure a TLS version that is not
+    supported by the current OpenSSL build.
+  * Fix a bug where mitmproxy would crash when receiving
+    STOP_SENDING QUIC frames.
+  * Fix error when unmarking all flows.
+  * Add addon to update the alt-svc header in reverse mode.
+  * Do not send unnecessary empty data frames when streaming
+    HTTP/2.
+  * Fix of measurement unit in HAR import, duration is in
+    milliseconds.
+  * Connection.tls_version now is QUICv1 instead of QUIC for QUIC.
+  * Add support for full mTLS with client certs between client and
+    mitmproxy.
+  * Update documentation adding a list of all possibile
+    web_columns.
+- Updates from version 10.4.2:
+  * Fix a crash on startup when mitmproxy is unable to determine
+    the OS' DNS servers
+- Updates from version 10.4.1:
+  * Fix a bug where macOS local mode would not start up on macOS.
+  * Fix UDP error handling when we learn that the remote has
+    disconnected.
+- Updates from version 10.4.0:
+  * Add support for DNS over TCP.
+  * Add first MVP new Capture Tab in mitmweb
+  * Add HttpConnectedHook and HttpConnectErrorHook.
+  * Fix non-linear growth in processing time for large HTTP bodies.
+  * Fix a bug where connections would be incorrectly ignored with
+    allow_hosts.
+  * Fix zstd decompression to read across frames.
+  * Handle certificates we cannot parse more gracefully.
+  * Parse compressed domain names in ResourceRecord data.
+  * Fix a bug where mitmweb's flow list would not stay at the
+    bottom.
+  * Fix a bug where SSH connections would be incorrectly handled as
+    HTTP.
+  * Skip UTF-8 byte-order marks (BOM) when loading HAR files.
+  * Allow typing.Sequence[str] to be an editable option.
+  * Add Host header to CONNECT requests.
+  * Support all query types in DNS mode.
+  * Fix a bug where mitmproxy would crash for pipelined HTTP flows.
+  * Add an optional "index" column for mitmweb.
+- Updates from version 10.3.1:
+  * Release tags are now prefixed with v again.
+  * Fix a bug where mitmproxy would not exit when -n is passed.
+  * Set the unbuffered (stdout/stderr) flag for the mitmdump
+    PyInstaller build.
+  * Fix a bug where client replay would not work with proxyauth.
+  * Fix slowdown when sending large amounts of data over HTTP/2.
+  * Add an option to strip HTTPS records from DNS responses to
+    block encrypted ClientHellos.
+  * Add an API to parse HTTPS records from DNS RDATA.
+  * Releases now come with a Sigstore attestations file to
+    demonstrate build provenance.
+- Updates from version 10.3.0:
+  * Add support for editing non text files in a hex editor
+  * Add server_connect_error hook that is triggered when connection
+    establishment fails.
+  * Add section in mitmweb for rendering, adding and removing a
+    comment
+  * Fix multipart form content view being unusable.
+  * Documentation Improvements on CA Certificate Generation
+  * Make it possible to read flows from stdin with mitmweb.
+  * Update aioquic dependency to >= 1.0.0, < 2.0.0.
+  * Fix a bug where async client_connected handlers would crash
+    mitmproxy.
+  * Add button to close flow details panel
+  * Ignore SIGPIPE signals when there is lots of traffic. Socket
+    errors are handled directly and do not require extra signals
+    that generate noise.
+  * Add primitive websocket interception and modification
+  * Add support for exporting websocket messages when using "raw"
+    export.
+  * The "save body" feature now also includes WebSocket messages.
+  * Fix compatibility with older cryptography versions and silence
+    a DeprecationWarning on Python <3.11.
+  * Fix a bug when proxying unicode domains.
+- Updates from version 10.2.4:
+  * Fix a bug where errors during startup would not be displayed
+    when running mitmproxy.
+  * Use newer cryptography APIs to avoid
+    CryptographyDeprecationWarnings. This bumps the minimum
+    required version to cryptography 42.0.
+- Updates from version 10.2.3:
+  * Fix a regression where allow_hosts/ignore_hosts would break
+    with IPv6 connections.
+  * Fix bug where failed CONNECT request URLs are saved to HAR
+    files incorrectly.
+  * Add an arm64 variant for the precompiled macOS app.
+  * Fix duplicate answers being returned in DNS queries.
+  * Fix bug where wireguard config is generated with incorrect
+    endpoint when two or more NICs are active.
+  * Fix a regression when leaf cert creation would fail with
+    intermediate CAs in ca_file.
+  * Add content_view_lines_cutoff option to mitmdump
+  * Allow runtime modifications of HTTP flow filters for server
+    replays
+  * Fix bug view options menu in case of overflow
+  * Allow --allow-hosts and --ignore-hosts to work together
+
 -------------------------------------------------------------------
 Tue Feb 27 14:37:10 UTC 2024 - Markéta Machová <mmachova@suse.com>
 

python-mitmproxy.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-mitmproxy
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,85 +17,77 @@
 
 
 %{?sle15_python_module_pythons}
-%define skip_python39 1
+# Upstream only supports Python 3.12+!
+%define skip_python311 1
 Name:           python-mitmproxy
-Version:        10.2.2
+Version:        11.1.2
 Release:        0
 Summary:        An interactive, SSL/TLS-capable intercepting proxy
 License:        MIT
-Group:          Development/Languages/Python
 URL:            https://mitmproxy.org
-Source:         https://github.com/mitmproxy/mitmproxy/archive/refs/tags/%{version}.tar.gz#/mitmproxy-%{version}.tar.gz
+Source:         https://github.com/mitmproxy/mitmproxy/archive/refs/tags/v%{version}.tar.gz#/mitmproxy-%{version}.tar.gz
 BuildRequires:  %{python_module Brotli >= 1.0}
-BuildRequires:  %{python_module Flask >= 1.1.1}
+BuildRequires:  %{python_module Flask >= 3.0}
-BuildRequires:  %{python_module aioquic >= 0.9.4}
+BuildRequires:  %{python_module aioquic >= 1.1.0}
+BuildRequires:  %{python_module argon2-cffi >= 23.1.0}
 BuildRequires:  %{python_module asgiref >= 3.2.10}
 BuildRequires:  %{python_module certifi >= 2019.9.11}
-BuildRequires:  %{python_module click >= 7.0}
+BuildRequires:  %{python_module cryptography >= 42.0}
-BuildRequires:  %{python_module cryptography >= 38.0}
 BuildRequires:  %{python_module h11 >= 0.11}
 BuildRequires:  %{python_module h2 >= 4.1}
 BuildRequires:  %{python_module hyperframe >= 6.0}
 BuildRequires:  %{python_module hypothesis >= 5.8}
 BuildRequires:  %{python_module kaitaistruct >= 0.10}
 BuildRequires:  %{python_module ldap3 >= 2.8}
-BuildRequires:  %{python_module mitmproxy-rs >= 0.5.1}
+BuildRequires:  %{python_module mitmproxy-rs >= 0.11}
-BuildRequires:  %{python_module mitmproxy-wireguard >= 0.1.6}
 BuildRequires:  %{python_module msgpack >= 1.0.0}
 BuildRequires:  %{python_module parver >= 0.1}
 BuildRequires:  %{python_module passlib >= 1.6.5}
 BuildRequires:  %{python_module pip}
-BuildRequires:  %{python_module protobuf >= 3.14}
 BuildRequires:  %{python_module publicsuffix2 >= 2.20190812}
 BuildRequires:  %{python_module pyOpenSSL >= 22.1}
 BuildRequires:  %{python_module pyparsing >= 2.4.2}
-BuildRequires:  %{python_module pyperclip >= 1.6.0}
+BuildRequires:  %{python_module pyperclip >= 1.9.0}
 BuildRequires:  %{python_module pytest >= 6.1.0}
 BuildRequires:  %{python_module pytest-asyncio >= 0.17.0}
 BuildRequires:  %{python_module requests >= 2.9.1}
 BuildRequires:  %{python_module ruamel.yaml >= 0.16}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module sortedcontainers >= 2.3}
-BuildRequires:  %{python_module tornado >= 6.1}
+BuildRequires:  %{python_module tornado >= 6.4}
-BuildRequires:  %{python_module typing_extensions >= 4.3 if %python-base < 3.11}
+BuildRequires:  %{python_module urwid >= 2.6.14}
-BuildRequires:  %{python_module urwid >= 2.1.1}
 BuildRequires:  %{python_module wheel}
 BuildRequires:  %{python_module wsproto >= 1.0}
-BuildRequires:  %{python_module zstandard >= 0.11}
+BuildRequires:  %{python_module zstandard >= 0.15}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires:       python-Brotli >= 1.0
-Requires:       python-Flask >= 1.1.1
+Requires:       python-Flask >= 3.0
-Requires:       python-aioquic >= 0.9.4
+Requires:       python-aioquic >= 1.1.0
+Requires:       python-argon2-cffi >= 23.1.0
 Requires:       python-asgiref >= 3.2.10
 Requires:       python-certifi >= 2019.9.11
-Requires:       python-click >= 7.0
+Requires:       python-cryptography >= 42.0
-Requires:       python-cryptography >= 38.0
 Requires:       python-h11 >= 0.11
 Requires:       python-h2 >= 4.1
 Requires:       python-hyperframe >= 6.0
 Requires:       python-kaitaistruct >= 0.10
 Requires:       python-ldap3 >= 2.8
-Requires:       python-mitmproxy-rs >= 0.5.1
+Requires:       python-mitmproxy-rs >= 0.11
-Requires:       python-mitmproxy-wireguard >= 0.1.6
 Requires:       python-msgpack >= 1.0.0
 Requires:       python-passlib >= 1.6.5
-Requires:       python-protobuf >= 3.14
 Requires:       python-publicsuffix2 >= 2.20190812
 Requires:       python-pyOpenSSL >= 22.1
 Requires:       python-pyparsing >= 2.4.2
-Requires:       python-pyperclip >= 1.6.0
+Requires:       python-pyperclip >= 1.9.0
 Requires:       python-ruamel.yaml >= 0.16
 Requires:       python-sortedcontainers >= 2.3
-Requires:       python-tornado >= 6.1
+Requires:       python-tornado >= 6.4
-Requires:       python-urwid >= 2.1.1
+Requires:       python-urwid >= 2.6.14
 Requires:       python-wsproto >= 1.0
-Requires:       python-zstandard >= 0.11
+Requires:       python-zstandard >= 0.15
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
-%if 0%{?python_version_nodots} < 311
-Requires:       python-typing_extensions >= 4.3
-%endif
 BuildArch:      noarch
 %python_subpackages
 
@@ -111,8 +103,6 @@ mitmweb is a web-based interface for mitmproxy.
 %autosetup -p1 -n mitmproxy-%{version}
 rm mitmproxy/contrib/kaitaistruct/make.sh
 
-sed -i 's/--color=yes//' setup.cfg
-
 echo "
 # increase test deadline for slow obs executions
 import hypothesis
@@ -136,7 +126,9 @@ hypothesis.settings.register_profile(
 %check
 # test_refresh fails on i586... wrong timestamp type, maybe?
 # test_rollback and test_output[None-expected_out0-expected_err0] just randomly fail on i586
-%pytest -k "not (test_refresh or test_rollback or test_output)" --hypothesis-profile="obs"
+# test_dns and test_name_servers require networking
+# test_tun_mode requires root to create a TUN device
+%pytest -k "not (test_refresh or test_rollback or test_output or test_name_servers or test_dns or test_tun_mode)" --hypothesis-profile="obs"
 
 %post
 %python_install_alternative mitmdump
@@ -152,7 +144,7 @@ hypothesis.settings.register_profile(
 %doc README.md CHANGELOG.md
 %license LICENSE
 %{python_sitelib}/mitmproxy
-%{python_sitelib}/mitmproxy-%{version}*-info
+%{python_sitelib}/mitmproxy-%{version}.dist-info
 %python_alternative %{_bindir}/mitmdump
 %python_alternative %{_bindir}/mitmproxy
 %python_alternative %{_bindir}/mitmweb