Accepting request 1219322 from devel:languages:python

- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768): * Fix a bug that would lead to Waitress busy looping on select() on a half-open socket due to a race condition that existed when creating a new HTTPChannel. See https://github.com/Pylons/waitress/pull/435, https://github.com/Pylons/waitress/issues/418 and https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6 * No longer strip the header values before passing them to the WSGI environ. See https://github.com/Pylons/waitress/pull/434 and https://github.com/Pylons/waitress/issues/432 * Fix a race condition in Waitress when `channel_request_lookahead` is enabled that could lead to HTTP request smuggling. * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj OBS-URL: https://build.opensuse.org/request/show/1219322 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=33
2024-10-31 15:08:55 +00:00 · 2024-10-31 15:08:55 +00:00 · c8bda9a022
commit c8bda9a022
parent ee0612d449 bbcd124732
4 changed files with 22 additions and 4 deletions
--- a/python-waitress.changes
+++ b/python-waitress.changes
@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Wed Oct 30 06:49:46 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768):
+    * Fix a bug that would lead to Waitress busy looping on select()
+      on a half-open socket due to a race condition that existed when
+      creating a new HTTPChannel. See
+      https://github.com/Pylons/waitress/pull/435,
+      https://github.com/Pylons/waitress/issues/418 and
+      https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
+    * No longer strip the header values before passing them to the
+      WSGI environ. See https://github.com/Pylons/waitress/pull/434
+      and https://github.com/Pylons/waitress/issues/432
+    * Fix a race condition in Waitress when
+      `channel_request_lookahead` is enabled that could lead to HTTP
+      request smuggling.
+    * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
+
 -------------------------------------------------------------------
 Sun Jun 30 07:59:06 UTC 2024 - Dirk Müller <dmueller@suse.com>

--- a/python-waitress.spec
+++ b/python-waitress.spec
@ -31,7 +31,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-waitress%{psuffix}
-Version:        3.0.0
+Version:        3.0.1
 Release:        0
 Summary:        Waitress WSGI server
 License:        ZPL-2.1
--- a/waitress-3.0.0.tar.gz
+++ b/waitress-3.0.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:005da479b04134cdd9dd602d1ee7c49d79de0537610d653674cc6cbde222b8a1
-size 179393
--- a/waitress-3.0.1.tar.gz
+++ b/waitress-3.0.1.tar.gz