Accepting request 577895 from home:stroeder:branches:server:http

- Update to 2.0.16:
  * [CVE-2018-6758] Stack-based buffer overflow in
    core/utils.c:uwsgi_expand_path()
[..]

OBS-URL: https://build.opensuse.org/request/show/577895
OBS-URL: https://build.opensuse.org/package/show/server:http/uwsgi?expand=0&rev=62

uwsgi-2.0.15.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:572ef9696b97595b4f44f6198fe8c06e6f4e6351d930d22e5330b071391272ff
-size 795070

uwsgi-2.0.16.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a911f48f3cc51ac82fdabc4e001f18a32569128680beb5a833ebc3ff6edcc1f4
+size 798509

uwsgi.changes

@@ -1,3 +1,42 @@
+-------------------------------------------------------------------
+Sun Feb 18 18:51:03 UTC 2018 - michael@stroeder.com
+
+- removed obsolete reproducible.patch
+- Update to 2.0.16:
+  * [CVE-2018-6758] Stack-based buffer overflow in
+    core/utils.c:uwsgi_expand_path()
+  * Backported early_post_jail plugin hook (Bjørnar Ness)
+  * Fixed ipv6 suupport for http-socket (James Brown)
+  * Enable execinfo on DragonFly BSD (Aaron LI)
+  * Fix inet_ntop buffer size (Orivej Desh)
+  * Add worker running time metrics (Serge/yasek)
+  * Backported safe-pidfile, safe-pidfile2 (Nate Coraor)
+  * Stop using libxml2 by default on osx
+  * Fixed uwsgi_kvlist_parse signature
+  * Backport http range fixes from master (Curtis Maloney, Sokolov Yura)
+  * relicensed mod_proxy_uwsgi to Apache 2.0
+  * logging: Add ${millis} support to json encode
+  * plugins/router_xmldir: fixup invalid locale check (Riccardo Magliocchetti)
+  * Add ssl-verify-depth flag to set the max Client CA chain length (Paul Tagliamonte)
+  * Allow to override build date (Bernhard M. Wiedemann)
+  * Python 3 plugin: improved thread names handling (Jyrki Muukkonen, Mark Meyer)
+  * Added uwsgi_resolve_ip for redis host (ahmbas)
+  * plugins/gevent: Fix signal handlers (Maslov Alexander)
+  * Write x509 DER to the uwsgi buffer (Paul Tagliamonte)
+  * plugin/http: Fix compilation (Melvyn Sopacua)
+  * Fixed emperor throttling system (Jeremy Hiatt)
+  * Fix application loading without Plack after excluding “.” from @INC in new Perl versions (Anton Petrusevich)
+  * Fix MULE MSG QUEUE IS FULL message hint (Eugene Tataurov)
+  * Build System: support k_minor has a _xxx suffix (TOGO Li)
+  * Fixed drop-after-* options (Robert DeRose)
+  * Add mule_send_msg success indicator (Josh Tiras)
+  * Properly check item size in uwsgi_queue_push (Josh Tiras)
+  * FastRouter / HTTP Router can now have a ‘fallback’ key configured
+  * HTTP Router now supports post-buffer, just like FastRouter
+  * Fix handling of env in embedded dict in Python plugin (could cause segfaults in single thread mode)
+  * Add support for Brotli (.br) with –static-gzip
+  * Back-ported HTTP/1.1 support (–http11-socket) from 2.1
+
 -------------------------------------------------------------------
 Sun Dec 10 04:51:02 UTC 2017 - i@marguerite.su
 

uwsgi.spec

@@ -17,7 +17,7 @@
 
 
 Name:           uwsgi
-Version:        2.0.15
+Version:        2.0.16
 Release:        0
 Summary:        Application Container Server for Networked/Clustered Web Applications
 License:        GPL-2.0-with-GCC-exception
@@ -40,8 +40,6 @@ Patch1:         uwsgi-2.0.12-no-LD_RUN_PATH.patch
 Patch2:         uwsgi-1.9.13-objc_gc-no-fobjc-gc.patch
 # PATCH-FIX-OPENSUSE uwsgi-1.9.11-systemd_logger-old_systemd.patch - Older systemd in 12.2 does not implicity include syslog.h
 Patch3:         uwsgi-1.9.11-systemd_logger-old_systemd.patch
-# PATCH-FIX-UPSTREAM reproducible.patch https://github.com/unbit/uwsgi/pull/1561
-Patch4:         reproducible.patch
 %define apache_branch     %(rpm -q --qf %%{version} apache2 | grep -E -o "2\\.[0-9]+")
 %if "%{apache_branch}" == "2.4"
   %define apxs %{_bindir}/apxs2
@@ -435,7 +433,6 @@ This package contains support for PHP version 7.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
-%patch4 -p1
 # Generate a config that builds all plugins except for examples and stuff we
 # can't satisfy the requirements for or are just broken
 excluded_plugins=""