From ea60906717da0447499b07cb6f966b3e0bec419689c2025d9cee4e00a078ba5e Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Fri, 22 Sep 2023 19:46:56 +0000 Subject: [PATCH] baserev update by copy to link target OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-gevent?expand=0&rev=101 --- python-gevent.changes | 40 ---------------------------------------- 1 file changed, 40 deletions(-) diff --git a/python-gevent.changes b/python-gevent.changes index 79ba8e8..eab47d8 100644 --- a/python-gevent.changes +++ b/python-gevent.changes @@ -1,46 +1,6 @@ ------------------------------------------------------------------- Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller -- update to 23.9.0 (CVE-2023-41419): - * Make ``gevent.select.select`` accept arbitrary iterables, not - just sequences. That is, you can now pass in a generator of file - descriptors instead of a realized list. Internally, arbitrary - iterables are copied into lists. This better matches what the - standard library does. - * On Python 3.11 and newer, opt out of Cython's fast exception - manipulation, which *may* be causing problems in certain - circumstances when combined with greenlets. - * On all versions of Python, adjust some error handling in the - default * -based loop. This fixes several assertion failures - on debug versions of CPython. Hopefully it has a positive - impact under real conditions. - * Make ``gevent.pywsgi`` comply more closely with the HTTP - specification for chunked transfer encoding. In particular, - we are much stricter about trailers, and trailers that are - invalid (too long or featuring disallowed characters) forcibly - close the connection to the client *after* the results have - been sent. - * Trailers otherwise continue to be ignored and are not - available to the WSGI application. - Previously, carefully crafted invalid trailers in chunked - requests on keep-alive connections might appear as two - requests to ``gevent.pywsgi``. Because this was handled - exactly as a normal keep-alive connection with two requests, - the WSGI application should handle it normally. However, if - you were counting on some upstream server to filter incoming - requests based on paths or header fields, and the upstream - server simply passed trailers through without - validating them, then this embedded second request would - bypass those checks. - (If the upstream server validated that the trailers - meet the* HTTP specification, this could not occur, - because characters that are required in an HTTP request, - like a space, are not allowed in trailers.) CVE-2023-41419 - was reserved for this. - -------------------------------------------------------------------- -Mon Sep 18 19:07:56 UTC 2023 - Dirk Müller - - update to 23.9.0 (bsc#1215469, CVE-2023-41419): * Make ``gevent.select.select`` accept arbitrary iterables, not just sequences. That is, you can now pass in a generator of file