pool/python-waitress
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1219322 from devel:languages:python

Browse Source 
- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768):
    * Fix a bug that would lead to Waitress busy looping on select()
      on a half-open socket due to a race condition that existed when
      creating a new HTTPChannel. See
      https://github.com/Pylons/waitress/pull/435,
      https://github.com/Pylons/waitress/issues/418 and
      https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
    * No longer strip the header values before passing them to the
      WSGI environ. See https://github.com/Pylons/waitress/pull/434
      and https://github.com/Pylons/waitress/issues/432
    * Fix a race condition in Waitress when
      `channel_request_lookahead` is enabled that could lead to HTTP
      request smuggling.
    * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

OBS-URL: https://build.opensuse.org/request/show/1219322
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=33
This commit is contained in:
Dominique Leuenberger 2024-10-31 15:08:55 +00:00 committed by Git OBS Bridge
commit c8bda9a022
4 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
python-waitress.changes
View File

@ -1,3 +1,21 @@
-------------------------------------------------------------------
Wed Oct 30 06:49:46 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768):
* Fix a bug that would lead to Waitress busy looping on select()
on a half-open socket due to a race condition that existed when
creating a new HTTPChannel. See
https://github.com/Pylons/waitress/pull/435,
https://github.com/Pylons/waitress/issues/418 and
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
* No longer strip the header values before passing them to the
WSGI environ. See https://github.com/Pylons/waitress/pull/434
and https://github.com/Pylons/waitress/issues/432
* Fix a race condition in Waitress when
`channel_request_lookahead` is enabled that could lead to HTTP
request smuggling.
* See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Jun 30 07:59:06 UTC 2024 - Dirk Müller <dmueller@suse.com> Sun Jun 30 07:59:06 UTC 2024 - Dirk Müller <dmueller@suse.com>

2
python-waitress.spec
View File

@ -31,7 +31,7 @@
%endif %endif
%{?sle15_python_module_pythons} %{?sle15_python_module_pythons}
Name: python-waitress%{psuffix} Name: python-waitress%{psuffix}
Version: 3.0.0 Version: 3.0.1
Release: 0 Release: 0
Summary: Waitress WSGI server Summary: Waitress WSGI server
License: ZPL-2.1 License: ZPL-2.1

3
waitress-3.0.0.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:005da479b04134cdd9dd602d1ee7c49d79de0537610d653674cc6cbde222b8a1
size 179393

BIN
waitress-3.0.1.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.