- Update to 3.0.1 (bsc#1232554, CVE-2024-49769):
* Fix a bug that would lead to Waitress busy looping on select() on a half-open socket due to a race condition that existed when creating a new HTTPChannel. See https://github.com/Pylons/waitress/pull/435, https://github.com/Pylons/waitress/issues/418 and https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6 * No longer strip the header values before passing them to the WSGI environ. See https://github.com/Pylons/waitress/pull/434 and https://github.com/Pylons/waitress/issues/432 * Fix a race condition in Waitress when `channel_request_lookahead` is enabled that could lead to HTTP request smuggling. * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=69
This commit is contained in:
commit
c7e6eec52a
25
.gitattributes
vendored
Normal file
25
.gitattributes
vendored
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
## Default LFS
|
||||||
|
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.png filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||||
|
*.zst filter=lfs diff=lfs merge=lfs -text
|
||||||
|
## Specific LFS patterns
|
||||||
|
python3.inv filter=lfs diff=lfs merge=lfs -text
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
.osc
|
3
_multibuild
Normal file
3
_multibuild
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
<multibuild>
|
||||||
|
<package>doc</package>
|
||||||
|
</multibuild>
|
4
fetch-intersphinx-inventories.sh
Normal file
4
fetch-intersphinx-inventories.sh
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
wget -O python3.inv https://docs.python.org/3/objects.inv
|
||||||
|
|
490
python-waitress.changes
Normal file
490
python-waitress.changes
Normal file
@ -0,0 +1,490 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 30 06:49:46 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||||
|
|
||||||
|
- Update to 3.0.1 (bsc#1232554, CVE-2024-49769):
|
||||||
|
* Fix a bug that would lead to Waitress busy looping on select()
|
||||||
|
on a half-open socket due to a race condition that existed when
|
||||||
|
creating a new HTTPChannel. See
|
||||||
|
https://github.com/Pylons/waitress/pull/435,
|
||||||
|
https://github.com/Pylons/waitress/issues/418 and
|
||||||
|
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
|
||||||
|
* No longer strip the header values before passing them to the
|
||||||
|
WSGI environ. See https://github.com/Pylons/waitress/pull/434
|
||||||
|
and https://github.com/Pylons/waitress/issues/432
|
||||||
|
* Fix a race condition in Waitress when
|
||||||
|
`channel_request_lookahead` is enabled that could lead to HTTP
|
||||||
|
request smuggling.
|
||||||
|
* See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Jun 30 07:59:06 UTC 2024 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 3.0.0:
|
||||||
|
* Fixed testing of vendored asyncore code to not rely on
|
||||||
|
particular naming for errno's.
|
||||||
|
* HTTP Request methods and versions are now validated to meet
|
||||||
|
the HTTP standards thereby dropping invalid requests on the floor.
|
||||||
|
* No longer close the connection when sending a HEAD request
|
||||||
|
response.
|
||||||
|
* Always attempt to send the Connection: close response header
|
||||||
|
when we are going to close the connection to let the remote
|
||||||
|
know in more instances.
|
||||||
|
* Document that trusted_proxy may be set to a wildcard value to
|
||||||
|
trust all proxies.
|
||||||
|
* clear_untrusted_proxy_headers is set to True by default.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Dec 4 15:20:28 UTC 2023 - Ana Guerrero <ana.guerrero@suse.com>
|
||||||
|
|
||||||
|
- Add BuildRequires on python-setuptools for both flavors.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jul 26 07:18:05 UTC 2023 - Bernhard Wiedemann <bwiedemann@suse.com>
|
||||||
|
|
||||||
|
- Drop sphinx doctrees for reproducible builds
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sat Jun 10 09:00:11 UTC 2023 - ecsos <ecsos@opensuse.org>
|
||||||
|
|
||||||
|
- Fix build error for waitress:doc
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed May 3 11:10:33 UTC 2023 - Martin Liška <mliska@suse.cz>
|
||||||
|
|
||||||
|
- Use sphinx-build and do not depend on removed build_sphinx
|
||||||
|
in Sphinx 7.0 (boo#1211051).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Apr 21 12:39:06 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- add sle15_python_module_pythons (jsc#PED-68)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 18 20:45:25 UTC 2022 - Ben Greiner <code@bnavigator.de>
|
||||||
|
|
||||||
|
- Remove code coverage checking for packaging tests
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue May 31 03:16:03 UTC 2022 - Arun Persaud <arun@gmx.de>
|
||||||
|
|
||||||
|
- specfile:
|
||||||
|
* be more specific in %files section
|
||||||
|
|
||||||
|
- update to version 2.1.2 (bsc#1200126, CVE-2022-31015):
|
||||||
|
* Bugfix
|
||||||
|
+ When expose_tracebacks is enabled waitress would fail to
|
||||||
|
properly encode unicode thereby causing another error during
|
||||||
|
error handling. See https://github.com/Pylons/waitress/pull/378
|
||||||
|
+ Header length checking had a calculation that was done
|
||||||
|
incorrectly when the data was received across multple socket
|
||||||
|
reads. This calculation has been corrected, and no longer will
|
||||||
|
Waitress send back a 413 Request Entity Too Large. See
|
||||||
|
https://github.com/Pylons/waitress/pull/376
|
||||||
|
* Security Bugfix
|
||||||
|
+ in 2.1.0 a new feature was introduced that allowed the WSGI
|
||||||
|
thread to start sending data to the socket. However this
|
||||||
|
introduced a race condition whereby a socket may be closed in
|
||||||
|
the sending thread while the main thread is about to call
|
||||||
|
select() therey causing the entire application to be taken down.
|
||||||
|
Waitress will no longer close the socket in the WSGI thread,
|
||||||
|
instead waking up the main thread to cleanup. See
|
||||||
|
https://github.com/Pylons/waitress/pull/377
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Mar 17 17:42:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 2.1.1 (bsc#1197255, CVE-2022-24761):
|
||||||
|
* Waitress now validates that chunked encoding extensions are valid, and don’t
|
||||||
|
contain invalid characters that are not allowed. They are still skipped/not
|
||||||
|
processed, but if they contain invalid data we no longer continue in and return
|
||||||
|
a 400 Bad Request. This stops potential HTTP desync/HTTP request smuggling.
|
||||||
|
Thanks to Zhang Zeyu for reporting this issue. See
|
||||||
|
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
|
||||||
|
* Waitress now validates that the chunk length is only valid hex digits when
|
||||||
|
parsing chunked encoding, and values such as 0x01 and +01 are no longer
|
||||||
|
supported. This stops potential HTTP desync/HTTP request smuggling. Thanks
|
||||||
|
to Zhang Zeyu for reporting this issue. See
|
||||||
|
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
|
||||||
|
* Waitress now validates that the Content-Length sent by a remote contains only
|
||||||
|
digits in accordance with RFC7230 and will return a 400 Bad Request when the
|
||||||
|
Content-Length header contains invalid data, such as +10 which would
|
||||||
|
previously get parsed as 10 and accepted. This stops potential HTTP
|
||||||
|
desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue.
|
||||||
|
See
|
||||||
|
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 27 12:27:31 UTC 2021 - Stefan Schubert <schubi@suse.de>
|
||||||
|
|
||||||
|
- Use libalternatives instead of update-alternatives.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Aug 27 11:27:31 UTC 2021 - pgajdos@suse.com
|
||||||
|
|
||||||
|
- version update to 2.0.0
|
||||||
|
- Friendly Reminder
|
||||||
|
This release still contains a variety of deprecation notices about defaults
|
||||||
|
that can be set for a variety of options.
|
||||||
|
Please note that this is your last warning, and you should update your
|
||||||
|
configuration if you do NOT want to use the new defaults.
|
||||||
|
See the arguments documentation page for all supported options, and pay
|
||||||
|
attention to the warnings:
|
||||||
|
https://docs.pylonsproject.org/projects/waitress/en/stable/arguments.html
|
||||||
|
- Fix a crash on startup when listening to multiple interfaces.
|
||||||
|
See https://github.com/Pylons/waitress/pull/332
|
||||||
|
- Waitress no longer attempts to guess at what the ``server_name`` should be for
|
||||||
|
a listen socket, instead it always use a new adjustment/argument named
|
||||||
|
``server_name``.
|
||||||
|
Please see the documentation for ``server_name`` in
|
||||||
|
https://docs.pylonsproject.org/projects/waitress/en/latest/arguments.html and
|
||||||
|
see https://github.com/Pylons/waitress/pull/329
|
||||||
|
- Allow tasks to notice if the client disconnected.
|
||||||
|
This inserts a callable ``waitress.client_disconnected`` into the environment
|
||||||
|
that allows the task to check if the client disconnected while waiting for
|
||||||
|
the response at strategic points in the execution and to cancel the
|
||||||
|
operation.
|
||||||
|
It requires setting the new adjustment ``channel_request_lookahead`` to a value
|
||||||
|
larger than 0, which continues to read requests from a channel even if a
|
||||||
|
request is already being processed on that channel, up to the given count,
|
||||||
|
since a client disconnect is detected by reading from a readable socket and
|
||||||
|
receiving an empty result.
|
||||||
|
See https://github.com/Pylons/waitress/pull/310
|
||||||
|
- Drop Python 2.7 and 3.5 support
|
||||||
|
- The server now issues warning output when it there are enough open
|
||||||
|
connections (controlled by "connection_limit"), that it is no longer
|
||||||
|
accepting new connections. This situation was previously difficult to
|
||||||
|
diagnose.
|
||||||
|
See https://github.com/Pylons/waitress/pull/322
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Oct 1 13:33:24 UTC 2020 - Hans-Peter Jansen <hpj@urpla.net>
|
||||||
|
|
||||||
|
- Update to version 1.4.4 (2020-06-01)
|
||||||
|
+ Fix an issue with keep-alive connections in which memory usage
|
||||||
|
was higher than expected because output buffers were being
|
||||||
|
reused across requests on a long-lived connection and each
|
||||||
|
buffer would not be freed until it was full or the connection
|
||||||
|
was closed. Buffers are now rotated per-request to stabilize
|
||||||
|
their behavior.
|
||||||
|
+ See https://github.com/Pylons/waitress/pull/300
|
||||||
|
+ Waitress threads have been updated to contain their thread
|
||||||
|
number. This will allow loggers that use that information to
|
||||||
|
print the thread that the log is coming from.
|
||||||
|
+ See https://github.com/Pylons/waitress/pull/302
|
||||||
|
- Switch to pytest, disable one test, that requires network
|
||||||
|
- Create _multibuild for doc package
|
||||||
|
It requires installation of base package now
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 17 08:40:18 UTC 2020 - Jacek Tomasiak <jtomasiak@suse.com>
|
||||||
|
|
||||||
|
- make sure UTF8 locale is used when runnning tests
|
||||||
|
* Sometimes functional tests executed in python3 failed if stdout was not
|
||||||
|
set to UTF-8. The error message was:
|
||||||
|
ValueError: underlying buffer has been detached
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 18 07:25:32 UTC 2020 - Petr Gajdos <pgajdos@suse.com>
|
||||||
|
|
||||||
|
- %python3_only -> %python_alternative
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 6 17:29:20 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>
|
||||||
|
|
||||||
|
- update to 1.4.3
|
||||||
|
* Waitress did not properly validate that the HTTP headers it received
|
||||||
|
were properly formed, thereby potentially allowing a front-end server
|
||||||
|
to treat a request different from Waitress. This could lead to HTTP
|
||||||
|
request smuggling/splitting.
|
||||||
|
- drop patch local-intersphinx-inventories.patch
|
||||||
|
* it was commented out, anyway
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 20 18:28:24 UTC 2019 - Dirk Mueller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 1.4.0:
|
||||||
|
- Waitress used to slam the door shut on HTTP pipelined requests without
|
||||||
|
setting the ``Connection: close`` header as appropriate in the response. This
|
||||||
|
is of course not very friendly. Waitress now explicitly sets the header when
|
||||||
|
responding with an internally generated error such as 400 Bad Request or 500
|
||||||
|
Internal Server Error to notify the remote client that it will be closing the
|
||||||
|
connection after the response is sent.
|
||||||
|
|
||||||
|
- Waitress no longer allows any spaces to exist between the header field-name
|
||||||
|
and the colon. While waitress did not strip the space and thereby was not
|
||||||
|
vulnerable to any potential header field-name confusion, it should have sent
|
||||||
|
back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
|
||||||
|
|
||||||
|
- CRLR handling Security fixes
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Aug 29 13:35:14 UTC 2019 - Marketa Calabkova <mcalabkova@suse.com>
|
||||||
|
|
||||||
|
- update to 1.3.1
|
||||||
|
* Waitress won’t accidentally throw away part of the path if it
|
||||||
|
starts with a double slash
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 6 10:23:01 UTC 2019 - pgajdos@suse.com
|
||||||
|
|
||||||
|
- version update to 1.3.0
|
||||||
|
Deprecations
|
||||||
|
~~~~~~~~~~~~
|
||||||
|
- The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated
|
||||||
|
pending removal in a future release.
|
||||||
|
and https://github.com/Pylons/waitress/pull/246
|
||||||
|
Features
|
||||||
|
~~~~~~~~
|
||||||
|
- Add a new ``outbuf_high_watermark`` adjustment which is used to apply
|
||||||
|
backpressure on the ``app_iter`` to avoid letting it spin faster than data
|
||||||
|
can be written to the socket. This stabilizes responses that iterate quickly
|
||||||
|
with a lot of data.
|
||||||
|
See https://github.com/Pylons/waitress/pull/242
|
||||||
|
- Stop early and close the ``app_iter`` when attempting to write to a closed
|
||||||
|
socket due to a client disconnect. This should notify a long-lived streaming
|
||||||
|
response when a client hangs up.
|
||||||
|
See https://github.com/Pylons/waitress/pull/238
|
||||||
|
and https://github.com/Pylons/waitress/pull/240
|
||||||
|
and https://github.com/Pylons/waitress/pull/241
|
||||||
|
- Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was
|
||||||
|
set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how
|
||||||
|
much waitress will buffer internally before flushing to the kernel, whereas
|
||||||
|
previously it used to also throttle how much data was sent to the kernel.
|
||||||
|
This change enables a streaming ``app_iter`` containing small chunks to
|
||||||
|
still be flushed efficiently.
|
||||||
|
See https://github.com/Pylons/waitress/pull/246
|
||||||
|
Bugfixes
|
||||||
|
~~~~~~~~
|
||||||
|
- Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will
|
||||||
|
no longer set the version to the string value "None". See
|
||||||
|
https://github.com/Pylons/waitress/pull/252 and
|
||||||
|
https://github.com/Pylons/waitress/issues/110
|
||||||
|
- When a client closes a socket unexpectedly there was potential for memory
|
||||||
|
leaks in which data was written to the buffers after they were closed,
|
||||||
|
causing them to reopen.
|
||||||
|
See https://github.com/Pylons/waitress/pull/239
|
||||||
|
- Fix the queue depth warnings to only show when all threads are busy.
|
||||||
|
See https://github.com/Pylons/waitress/pull/243
|
||||||
|
and https://github.com/Pylons/waitress/pull/247
|
||||||
|
- Trigger the ``app_iter`` to close as part of shutdown. This will only be
|
||||||
|
noticeable for users of the internal server api. In more typical operations
|
||||||
|
the server will die before benefiting from these changes.
|
||||||
|
See https://github.com/Pylons/waitress/pull/245
|
||||||
|
- Fix a bug in which a streaming ``app_iter`` may never cleanup data that has
|
||||||
|
already been sent. This would cause buffers in waitress to grow without
|
||||||
|
bounds. These buffers now properly rotate and release their data.
|
||||||
|
See https://github.com/Pylons/waitress/pull/242
|
||||||
|
- Fix a bug in which non-seekable subclasses of ``io.IOBase`` would trigger
|
||||||
|
an exception when passed to the ``wsgi.file_wrapper`` callback.
|
||||||
|
See https://github.com/Pylons/waitress/pull/249
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Mar 20 18:49:38 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Trim marketing wording and other platform mentions.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Feb 25 19:47:04 UTC 2019 - Todd R <toddrme2178@gmail.com>
|
||||||
|
|
||||||
|
- Add fetch-intersphinx-inventories.sh to sources
|
||||||
|
- Add local-intersphinx-inventories.patch for generating the docs
|
||||||
|
correctly
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Feb 7 14:56:02 UTC 2019 - Hans-Peter Jansen <hpj@urpla.net>
|
||||||
|
|
||||||
|
- update to version 1.2.1:
|
||||||
|
too many changes to list here, see:
|
||||||
|
https://github.com/Pylons/waitress/blob/master/CHANGES.txt
|
||||||
|
or even:
|
||||||
|
https://github.com/Pylons/waitress/commits/master
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 4 12:55:53 UTC 2018 - Matej Cepl <mcepl@suse.com>
|
||||||
|
|
||||||
|
- Remove superfluous devel dependency for noarch package
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Oct 13 00:49:45 UTC 2017 - arun@gmx.de
|
||||||
|
|
||||||
|
- update to version 1.1.0:
|
||||||
|
* Features
|
||||||
|
+ Waitress now has a __main__ and thus may be called with "python
|
||||||
|
-mwaitress"
|
||||||
|
* Bugfixes
|
||||||
|
+ Waitress no longer allows lowercase HTTP verbs. This change was
|
||||||
|
made to fall in line with most HTTP servers. See
|
||||||
|
https://github.com/Pylons/waitress/pull/170
|
||||||
|
+ When receiving non-ascii bytes in the request URL, waitress will
|
||||||
|
no longer abruptly close the connection, instead returning a 400
|
||||||
|
Bad Request. See https://github.com/Pylons/waitress/pull/162 and
|
||||||
|
https://github.com/Pylons/waitress/issues/64
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 1 16:38:04 UTC 2017 - toddrme2178@gmail.com
|
||||||
|
|
||||||
|
- Update to 1.0.2
|
||||||
|
* Python 3.6 is now officially supported in Waitress
|
||||||
|
* Add a work-around for libc issue on Linux not following the
|
||||||
|
documented standards. If getnameinfo() fails because of DNS not
|
||||||
|
being available it should return the IP address instead of the
|
||||||
|
reverse DNS entry, however instead getnameinfo() raises. We
|
||||||
|
catch this, and ask getnameinfo() for the same information
|
||||||
|
again, explicitly asking for IP address instead of reverse
|
||||||
|
DNS hostname.
|
||||||
|
- Implement single-spec version.
|
||||||
|
- Fix source URL.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Nov 15 14:49:27 UTC 2016 - tbechtold@suse.com
|
||||||
|
|
||||||
|
- update to 1.0.1:
|
||||||
|
- IPv6 support on Windows was broken due to missing constants in the socket
|
||||||
|
module. This has been resolved by setting the constants on Windows if they
|
||||||
|
are missing. See https://github.com/Pylons/waitress/issues/138
|
||||||
|
- A ValueError was raised on Windows when passing a string for the port, on
|
||||||
|
Windows in Python 2 using service names instead of port numbers doesn't work
|
||||||
|
with `getaddrinfo`. This has been resolved by attempting to convert the port
|
||||||
|
number to an integer, if that fails a ValueError will be raised. See
|
||||||
|
https://github.com/Pylons/waitress/issues/139
|
||||||
|
- Removed `AI_ADDRCONFIG` from the call to `getaddrinfo`, this resolves an
|
||||||
|
issue whereby `getaddrinfo` wouldn't return any addresses to `bind` to on
|
||||||
|
hosts where there is no internet connection but localhost is requested to be
|
||||||
|
bound to. See https://github.com/Pylons/waitress/issues/131 for more
|
||||||
|
information.
|
||||||
|
- disable tests. need network access.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri May 20 11:27:26 UTC 2016 - dmueller@suse.com
|
||||||
|
|
||||||
|
- update to 0.9.0:
|
||||||
|
* Security/Protections
|
||||||
|
- Building on the changes made in pull request 117, add in checking for line
|
||||||
|
feed/carriage return HTTP Response Splitting in the status line, as well as
|
||||||
|
the key of a header. See https://github.com/Pylons/waitress/pull/124 and
|
||||||
|
https://github.com/Pylons/waitress/issues/122.
|
||||||
|
- Waitress will no longer accept headers or status lines with
|
||||||
|
newline/carriage returns in them, thereby disallowing HTTP Response
|
||||||
|
Splitting.
|
||||||
|
* Bugfixes
|
||||||
|
- FileBasedBuffer and more important ReadOnlyFileBasedBuffer no longer report
|
||||||
|
False when tested with bool(), instead always returning True, and becoming
|
||||||
|
more iterator like.
|
||||||
|
- Call prune() on the output buffer at the end of a request so that it doesn't
|
||||||
|
continue to grow without bounds.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Dec 12 22:08:09 UTC 2014 - tbechtold@suse.com
|
||||||
|
|
||||||
|
- update to 0.8.9:
|
||||||
|
- Fix tests under Windows. NB: to run tests under Windows, you cannot run
|
||||||
|
"setup.py test" or "setup.py nosetests". Instead you must run ``python.exe
|
||||||
|
-c "import nose; nose.main()"``. If you try to run the tests using the
|
||||||
|
normal method under Windows, each subprocess created by the test suite will
|
||||||
|
attempt to run the test suite again. See
|
||||||
|
https://github.com/nose-devs/nose/issues/407 for more information.
|
||||||
|
- Give the WSGI app_iter generated when ``wsgi.file_wrapper`` is used
|
||||||
|
(ReadOnlyFileBasedBuffer) a ``close`` method. Do not call ``close`` on an
|
||||||
|
instance of such a class when it's used as a WSGI app_iter, however. This is
|
||||||
|
part of a fix which prevents a leakage of file descriptors; the other part of
|
||||||
|
the fix was in WebOb
|
||||||
|
(https://github.com/Pylons/webob/commit/951a41ce57bd853947f842028bccb500bd5237da).
|
||||||
|
- Allow trusted proxies to override ``wsgi.url_scheme`` via a request header,
|
||||||
|
``X_FORWARDED_PROTO``. Allows proxies which serve mixed HTTP / HTTPS
|
||||||
|
requests to control signal which are served as HTTPS. See
|
||||||
|
https://github.com/Pylons/waitress/pull/42.
|
||||||
|
- Fix some cases where the creation of extremely large output buffers (greater
|
||||||
|
than 2GB, suspected to be buffers added via ``wsgi.file_wrapper``) might
|
||||||
|
cause an OverflowError on Python 2. See
|
||||||
|
https://github.com/Pylons/waitress/issues/47.
|
||||||
|
- When the ``url_prefix`` adjustment starts with more than one slash, all
|
||||||
|
slashes except one will be stripped from its beginning. This differs from
|
||||||
|
older behavior where more than one leading slash would be preserved in
|
||||||
|
``url_prefix``.
|
||||||
|
- If a client somehow manages to send an empty path, we no longer convert the
|
||||||
|
empty path to a single slash in ``PATH_INFO``. Instead, the path remains
|
||||||
|
empty. According to RFC 2616 section "5.1.2 Request-URI", the scenario of a
|
||||||
|
client sending an empty path is actually not possible because the request URI
|
||||||
|
portion cannot be empty.
|
||||||
|
- If the ``url_prefix`` adjustment matches the request path exactly, we now
|
||||||
|
compute ``SCRIPT_NAME`` and ``PATH_INFO`` properly. Previously, if the
|
||||||
|
``url_prefix`` was ``/foo`` and the path received from a client was ``/foo``,
|
||||||
|
we would set *both* ``SCRIPT_NAME`` and ``PATH_INFO`` to ``/foo``. This was
|
||||||
|
incorrect. Now in such a case we set ``PATH_INFO`` to the empty string and
|
||||||
|
we set ``SCRIPT_NAME`` to ``/foo``. Note that the change we made has no
|
||||||
|
effect on paths that do not match the ``url_prefix`` exactly (such as
|
||||||
|
``/foo/bar``); these continue to operate as they did. See
|
||||||
|
https://github.com/Pylons/waitress/issues/46
|
||||||
|
- Preserve header ordering of headers with the same name as per RFC 2616. See
|
||||||
|
https://github.com/Pylons/waitress/pull/44
|
||||||
|
- When waitress receives a ``Transfer-Encoding: chunked`` request, we no longer
|
||||||
|
send the ``TRANSFER_ENCODING`` nor the ``HTTP_TRANSFER_ENCODING`` value to
|
||||||
|
the application in the environment. Instead, we pop this header. Since we
|
||||||
|
cope with chunked requests by buffering the data in the server, we also know
|
||||||
|
when a chunked request has ended, and therefore we know the content length.
|
||||||
|
We set the content-length header in the environment, such that applications
|
||||||
|
effectively never know the original request was a T-E: chunked request; it
|
||||||
|
will appear to them as if the request is a non-chunked request with an
|
||||||
|
accurate content-length.
|
||||||
|
- Cope with the fact that the ``Transfer-Encoding`` value is case-insensitive.
|
||||||
|
- When the ``--unix-socket-perms`` option was used as an argument to
|
||||||
|
``waitress-serve``, a ``TypeError`` would be raised. See
|
||||||
|
https://github.com/Pylons/waitress/issues/50.
|
||||||
|
- Enable testsuite during build
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 11 21:14:23 UTC 2013 - dmueller@suse.com
|
||||||
|
|
||||||
|
- update to 0.8.7:
|
||||||
|
- The HTTP version of the response returned by waitress when it catches an
|
||||||
|
exception will now match the HTTP request version.
|
||||||
|
- Fix: CONNECTION header will be HTTP_CONNECTION and not CONNECTION_TYPE
|
||||||
|
(see https://github.com/Pylons/waitress/issues/13)
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Aug 13 10:15:30 UTC 2013 - dmueller@suse.com
|
||||||
|
|
||||||
|
- update to 0.8.6:
|
||||||
|
- Do alternate type of checking for UNIX socket support, instead of checking
|
||||||
|
for platform == windows.
|
||||||
|
|
||||||
|
- Functional tests now use multiprocessing module instead of subprocess module,
|
||||||
|
speeding up test suite and making concurrent execution more reliable.
|
||||||
|
|
||||||
|
- Runner now appends the current working directory to ``sys.path`` to support
|
||||||
|
running WSGI applications from a directory (i.e., not installed in a
|
||||||
|
virtualenv).
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jun 25 11:28:09 UTC 2013 - dmueller@suse.com
|
||||||
|
|
||||||
|
- update to 0.8.5:
|
||||||
|
- Fix runner multisegment imports in some Python 2 revisions (see
|
||||||
|
https://github.com/Pylons/waitress/pull/34).
|
||||||
|
- For compatibility, WSGIServer is now an alias of TcpWSGIServer. The
|
||||||
|
signature of BaseWSGIServer is now compatible with WSGIServer pre-0.8.4.
|
||||||
|
- Add a command-line runner called ``waitress-serve`` to allow Waitress
|
||||||
|
to run WSGI applications without any addional machinery. This is
|
||||||
|
essentially a thin wrapper around the ``waitress.serve()`` function.
|
||||||
|
- Allow parallel testing (e.g., under ``detox`` or ``nosetests --processes``)
|
||||||
|
using PID-dependent port / socket for functest servers.
|
||||||
|
- Fix integer overflow errors on large buffers. Thanks to Marcin Kuzminski
|
||||||
|
for the patch. See: https://github.com/Pylons/waitress/issues/22
|
||||||
|
- Add support for listening on Unix domain sockets.
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu May 2 12:47:10 UTC 2013 - speilicke@suse.com
|
||||||
|
|
||||||
|
- Fix license string
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Apr 29 14:14:25 UTC 2013 - speilicke@suse.com
|
||||||
|
|
||||||
|
- Reduce buildrequires as long as the testsuite and doc build isn't fixed
|
||||||
|
- Package COPYRIGHT.txt LICENSE.txt README.rst
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Apr 29 13:06:10 UTC 2013 - dmueller@suse.com
|
||||||
|
|
||||||
|
- Initial package (0.8.3)
|
||||||
|
|
139
python-waitress.spec
Normal file
139
python-waitress.spec
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
#
|
||||||
|
# spec file for package python-waitress
|
||||||
|
#
|
||||||
|
# Copyright (c) 2024 SUSE LLC
|
||||||
|
#
|
||||||
|
# All modifications and additions to the file contributed by third parties
|
||||||
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
# upon. The license for this file, and modifications and additions to the
|
||||||
|
# file, is the same license as for the pristine package itself (unless the
|
||||||
|
# license for the pristine package is not an Open Source License, in which
|
||||||
|
# case the license is the MIT License). An "Open Source License" is a
|
||||||
|
# license that conforms to the Open Source Definition (Version 1.9)
|
||||||
|
# published by the Open Source Initiative.
|
||||||
|
|
||||||
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
%global flavor @BUILD_FLAVOR@%{nil}
|
||||||
|
%if "%{flavor}" == "doc"
|
||||||
|
%define psuffix -doc
|
||||||
|
%endif
|
||||||
|
%if "%{flavor}" == ""
|
||||||
|
%define psuffix %{nil}
|
||||||
|
%endif
|
||||||
|
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
|
||||||
|
%if 0%{?suse_version} > 1500
|
||||||
|
%bcond_without libalternatives
|
||||||
|
%else
|
||||||
|
%bcond_with libalternatives
|
||||||
|
%endif
|
||||||
|
%{?sle15_python_module_pythons}
|
||||||
|
Name: python-waitress%{psuffix}
|
||||||
|
Version: 3.0.1
|
||||||
|
Release: 0
|
||||||
|
Summary: Waitress WSGI server
|
||||||
|
License: ZPL-2.1
|
||||||
|
Group: Development/Languages/Python
|
||||||
|
URL: https://github.com/Pylons/waitress
|
||||||
|
Source: https://files.pythonhosted.org/packages/source/w/waitress/waitress-%{version}.tar.gz
|
||||||
|
# intersphinx inventories, as fetched with fetch-intersphinx-inventories.sh
|
||||||
|
# https://docs.python.org/3/objects.inv -> python3.inv
|
||||||
|
Source1: python3.inv
|
||||||
|
Source2: fetch-intersphinx-inventories.sh
|
||||||
|
BuildRequires: %{python_module pip}
|
||||||
|
BuildRequires: %{python_module setuptools}
|
||||||
|
BuildRequires: %{python_module wheel}
|
||||||
|
BuildRequires: fdupes
|
||||||
|
BuildRequires: python-rpm-macros >= 20210929
|
||||||
|
BuildArch: noarch
|
||||||
|
%if "%{flavor}" == ""
|
||||||
|
BuildRequires: %{python_module pytest}
|
||||||
|
%if %{with libalternatives}
|
||||||
|
BuildRequires: alts
|
||||||
|
Requires: alts
|
||||||
|
%else
|
||||||
|
Requires(post): update-alternatives
|
||||||
|
Requires(postun): update-alternatives
|
||||||
|
%endif
|
||||||
|
%else
|
||||||
|
# Documentation requirements
|
||||||
|
%if 0%{?suse_version} > 1500
|
||||||
|
BuildRequires: python3-Sphinx
|
||||||
|
BuildRequires: python3-docutils
|
||||||
|
BuildRequires: python3-pylons-sphinx-themes
|
||||||
|
BuildRequires: python3-waitress = %{version}
|
||||||
|
Recommends: python3-waitress = %{version}
|
||||||
|
%else
|
||||||
|
BuildRequires: %{python_module Sphinx}
|
||||||
|
BuildRequires: %{python_module docutils}
|
||||||
|
BuildRequires: %{python_module pylons-sphinx-themes}
|
||||||
|
BuildRequires: %{python_module waitress = %{version}}
|
||||||
|
Recommends: python-waitress = %{version}
|
||||||
|
%endif
|
||||||
|
%endif
|
||||||
|
%python_subpackages
|
||||||
|
|
||||||
|
%if "%{flavor}" == ""
|
||||||
|
%description
|
||||||
|
Waitress is a pure-Python WSGI server. It has no dependencies except
|
||||||
|
ones which live in the Python standard library. It supports HTTP/1.0
|
||||||
|
and HTTP/1.1.
|
||||||
|
|
||||||
|
For more information, see the "docs" directory of the Waitress package or
|
||||||
|
http://docs.pylonsproject.org/projects/waitress/en/latest/ .
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n waitress-%{version}
|
||||||
|
sed -i '/addopts/d' setup.cfg
|
||||||
|
|
||||||
|
%build
|
||||||
|
%pyproject_wheel
|
||||||
|
|
||||||
|
%install
|
||||||
|
%pyproject_install
|
||||||
|
%python_clone -a %{buildroot}%{_bindir}/waitress-serve
|
||||||
|
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
||||||
|
|
||||||
|
%check
|
||||||
|
# disable one test, that requires network
|
||||||
|
%pytest -k 'not test_service_port'
|
||||||
|
|
||||||
|
%pre
|
||||||
|
# If libalternatives is used: Removing old update-alternatives entries.
|
||||||
|
%python_libalternatives_reset_alternative waitress-serve
|
||||||
|
|
||||||
|
%post
|
||||||
|
%python_install_alternative waitress-serve
|
||||||
|
|
||||||
|
%postun
|
||||||
|
%python_uninstall_alternative waitress-serve
|
||||||
|
|
||||||
|
%files %{python_files}
|
||||||
|
%license LICENSE.txt
|
||||||
|
%doc COPYRIGHT.txt README.rst
|
||||||
|
%python_alternative %{_bindir}/waitress-serve
|
||||||
|
%{python_sitelib}/waitress
|
||||||
|
%{python_sitelib}/waitress-%{version}.dist-info
|
||||||
|
|
||||||
|
%else
|
||||||
|
|
||||||
|
# doc flavor
|
||||||
|
%description
|
||||||
|
This package contains documentation files for %{name}.
|
||||||
|
|
||||||
|
%prep
|
||||||
|
%setup -q -n waitress-%{version}
|
||||||
|
# python3.inv
|
||||||
|
cp %{SOURCE1} docs/
|
||||||
|
|
||||||
|
%build
|
||||||
|
sphinx-build -b html docs build/sphinx/html && rm -r build/sphinx/html/.{buildinfo,doctrees}
|
||||||
|
|
||||||
|
%files %{python_files}
|
||||||
|
%license LICENSE.txt
|
||||||
|
%doc build/sphinx/html
|
||||||
|
%endif
|
||||||
|
|
||||||
|
%changelog
|
3
python3.inv
Normal file
3
python3.inv
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:bfdd2d959d2afb132ac6d420e36f322838b379cc41a8abf36e28b942e165e442
|
||||||
|
size 107005
|
3
waitress-3.0.0.tar.gz
Normal file
3
waitress-3.0.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:005da479b04134cdd9dd602d1ee7c49d79de0537610d653674cc6cbde222b8a1
|
||||||
|
size 179393
|
BIN
waitress-3.0.1.tar.gz
(Stored with Git LFS)
Normal file
BIN
waitress-3.0.1.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
Loading…
Reference in New Issue
Block a user