- update to 1.4.0:

- Waitress used to slam the door shut on HTTP pipelined requests without setting the ``Connection: close`` header as appropriate in the response. This is of course not very friendly. Waitress now explicitly sets the header when responding with an internally generated error such as 400 Bad Request or 500 Internal Server Error to notify the remote client that it will be closing the connection after the response is sent. - Waitress no longer allows any spaces to exist between the header field-name and the colon. While waitress did not strip the space and thereby was not vulnerable to any potential header field-name confusion, it should have sent back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273 - CRLR handling Security fixes OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=38
2019-12-20 18:36:31 +00:00 · 2019-12-20 18:36:31 +00:00 · 0d71bd52b1
commit 0d71bd52b1
parent c25411bfa4
4 changed files with 24 additions and 6 deletions
--- a/python-waitress.changes
+++ b/python-waitress.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Fri Dec 20 18:28:24 UTC 2019 - Dirk Mueller <dmueller@suse.com>
+
+- update to 1.4.0:
+  - Waitress used to slam the door shut on HTTP pipelined requests without
+  setting the ``Connection: close`` header as appropriate in the response. This
+  is of course not very friendly. Waitress now explicitly sets the header when
+  responding with an internally generated error such as 400 Bad Request or 500
+  Internal Server Error to notify the remote client that it will be closing the
+  connection after the response is sent.
+
+  - Waitress no longer allows any spaces to exist between the header field-name
+  and the colon. While waitress did not strip the space and thereby was not
+  vulnerable to any potential header field-name confusion, it should have sent
+  back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
+
+  - CRLR handling Security fixes
+
 -------------------------------------------------------------------
 Thu Aug 29 13:35:14 UTC 2019 - Marketa Calabkova <mcalabkova@suse.com>

--- a/python-waitress.spec
+++ b/python-waitress.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-waitress
 #
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -18,7 +18,7 @@

 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-waitress
-Version:        1.3.1
+Version:        1.4.0
 Release:        0
 Summary:        Waitress WSGI server
 License:        ZPL-2.1
@ -59,7 +59,7 @@ This package contains documentation files for %{name}.

 %prep
 %setup -q -n waitress-%{version}
-%patch -p1
+#%patch -p1
 cp %{S:1} docs/

 %build
--- a/waitress-1.3.1.tar.gz
+++ b/waitress-1.3.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:278e09d6849acc1365404bbf7d790d0423b159802e850c726e8cd0a126a2dac7
-size 167097
--- a/waitress-1.4.0.tar.gz
+++ b/waitress-1.4.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b3b6450106b65bfcbefce5940fff23240305db86683cbf4e524af199b514ba61
+size 170493