python/python-mitmproxy
SHA256
14
0
Fork 0
forked from pool/python-mitmproxy
Code Pull Requests Activity

Accepting request 1244641 from devel:languages:python

Browse Source 
- Update to 11.1.2:
  * CVE-2025-23217: mitmweb's API now requires an authentication token by
    default. The mitmweb API is bound to localhost only, but @gronke found
    that an attacker can circumvent that restriction by tunneling requests
    through the proxy server itself in an SSRF-style attack.
    (fa89055, @mhils)  (bsc#1236890)
  * Add (optional) password protection for mitmweb. The web_password option
    replaces the randomly-generated token authentication with a fixed secret
    that survives mitmproxy restarts. (0bd573a, @mhils)
  * mitmweb can now be hosted under arbitrary domains, the previously-used
    DNS rebind protection is not required anymore. (62693af, @mhils)
  * Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly;
    SameSite=Strict. (#7491, @mhils)
  * Fix console freezing due to DNS queries with an empty question
    section. (#7497, @sujaldev)
  * Fixed a bug that caused mitmproxy to crash when loading prior knowledge
    h2 flows. (#7514, @sujaldev)
  * Fix a bug where mitmproxy would get stuck in secure web proxy mode when
    using ignore_hosts or allow_hosts. (#7519, @mhils)
  * Copy request/response data to the clipboard in mitmweb (#7352, @lups2000)
  * Fix a bug where exporting a curl or httpie command with escaped
    characters would lead to different data being sent.
    (#7520, @proteusvacuum)
  * Local Capture Mode is now available on Linux as well. (#7440, @mhils)
  * mitmproxy now requires Python 3.12 or above. (#7440, @mhils)
  * Add cache-busting for mitmweb's front end code. (#7386, @mhils)
  * Clicking the URL in mitmweb now places the cursor at the current
    position instead of selecting the entire URL. (#7385, @lups2000)
  * Add missing status codes (#7455, @jwadolowski)
  * All filter expressions are now case-insensitive by default. Users can

OBS-URL: https://build.opensuse.org/request/show/1244641
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-mitmproxy?expand=0&rev=12
This commit is contained in:
Ana Guerrero
2025-02-10 16:28:09 +00:00
committed by Git OBS Bridge
parent 2177cae9b1 ab88c497a4
commit 36c2f3cf8b
4 changed files with 98 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
mitmproxy-11.0.0.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4852952008229292b649c80dcc708f24de0eebb6a8d1aabe8b0c79a735d58f13
size 31024600

3
mitmproxy-11.1.2.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c3e47913f4b1ad4784bffbd2d2952ba456fe32e3dfd2da43a78f240b04653792
size 31039774

70
python-mitmproxy.changes
View File

@@ -1,3 +1,73 @@
-------------------------------------------------------------------
Mon Feb 10 04:57:07 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
- Update to 11.1.2:
* CVE-2025-23217: mitmweb's API now requires an authentication token by
default. The mitmweb API is bound to localhost only, but @gronke found
that an attacker can circumvent that restriction by tunneling requests
through the proxy server itself in an SSRF-style attack.
(fa89055, @mhils) (bsc#1236890)
* Add (optional) password protection for mitmweb. The web_password option
replaces the randomly-generated token authentication with a fixed secret
that survives mitmproxy restarts. (0bd573a, @mhils)
* mitmweb can now be hosted under arbitrary domains, the previously-used
DNS rebind protection is not required anymore. (62693af, @mhils)
* Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly;
SameSite=Strict. (#7491, @mhils)
* Fix console freezing due to DNS queries with an empty question
section. (#7497, @sujaldev)
* Fixed a bug that caused mitmproxy to crash when loading prior knowledge
h2 flows. (#7514, @sujaldev)
* Fix a bug where mitmproxy would get stuck in secure web proxy mode when
using ignore_hosts or allow_hosts. (#7519, @mhils)
* Copy request/response data to the clipboard in mitmweb (#7352, @lups2000)
* Fix a bug where exporting a curl or httpie command with escaped
characters would lead to different data being sent.
(#7520, @proteusvacuum)
* Local Capture Mode is now available on Linux as well. (#7440, @mhils)
* mitmproxy now requires Python 3.12 or above. (#7440, @mhils)
* Add cache-busting for mitmweb's front end code. (#7386, @mhils)
* Clicking the URL in mitmweb now places the cursor at the current
position instead of selecting the entire URL. (#7385, @lups2000)
* Add missing status codes (#7455, @jwadolowski)
* All filter expressions are now case-insensitive by default. Users can
opt into case-sensitive filters by setting
MITMPROXY_CASE_SENSITIVE_FILTERS=1 as an environment variable.
(#7458, @mhils, @AdityaPatadiya)
* Remove filter expression lowercasing in block_list addon
(#7456, @jwadolowski)
* Remove check for status codes in the blocklist add-on.
(#7453, @lups2000, @AdityaPatadiya)
* Prompt user before clearing screen (#7445, @errorxyz)
* Stop sorting keys in JSON contentview (#7346, @injust)
* Fix a bug where a custom CA would raise an error. (#7355, @nneonneo)
* Fix a bug where the mitmproxy UI would crash on negative durations.
(#7358, @mhils)
* Allow technically invalid HTTP transfer encodings in requests if
validate_inbound_headers is disabled. (#7361, #7373, @mhils)
* Fix a bug in windows management in mitmproxy TUI whereby the help window
does not appear if "?" is pressed within the overlay
(#6500, @emanuele-em)
* Tighten HTTP detection heuristic to better support custom TCP-based
protocols. (#7228, @fatanugraha)
* Implement stricter validation of HTTP headers to harden against request
smuggling attacks. (#7345, @mhils)
* Increase HTTP/2 default flow control window size, fixing performance
issues. (#7317, @sujaldev)
* Fix a bug where mitmproxy would incorrectly report that TLS 1.0 and 1.1
are not supported with the current OpenSSL build. (#7241, @mhils)
* Add a tun proxy mode that creates a virtual network device on Linux for
transparent proxying. (#7278, @mhils)
* browser.start command now supports Firefox. (#7239, @sujaldev)
* Fix interaction of the modify_headers and stream_large_bodies options.
This may break users of modify_headers that rely on filters referencing
the message body. We expect this to be uncommon, but please make
yourself heard if that's not the case. (#7286, @lukant)
* Fix a crash when handling corrupted compressed body in savehar addon and
its tests. (#7320, @8192bytes)
* Remove dependency on protobuf library as it was no longer being
used. (#7327, @matthew16550)
-------------------------------------------------------------------
Fri Oct 18 00:32:15 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>

57
python-mitmproxy.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package python-mitmproxy
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,85 +17,77 @@
%{?sle15_python_module_pythons}
%define skip_python39 1
# Upstream only supports Python 3.12+!
%define skip_python311 1
Name: python-mitmproxy
Version: 11.0.0
Version: 11.1.2
Release: 0
Summary: An interactive, SSL/TLS-capable intercepting proxy
License: MIT
Group: Development/Languages/Python
URL: https://mitmproxy.org
Source: https://github.com/mitmproxy/mitmproxy/archive/refs/tags/v%{version}.tar.gz#/mitmproxy-%{version}.tar.gz
BuildRequires: %{python_module Brotli >= 1.0}
BuildRequires: %{python_module Flask >= 1.1.1}
BuildRequires: %{python_module aioquic >= 0.9.4}
BuildRequires: %{python_module Flask >= 3.0}
BuildRequires: %{python_module aioquic >= 1.1.0}
BuildRequires: %{python_module argon2-cffi >= 23.1.0}
BuildRequires: %{python_module asgiref >= 3.2.10}
BuildRequires: %{python_module certifi >= 2019.9.11}
BuildRequires: %{python_module click >= 7.0}
BuildRequires: %{python_module cryptography >= 38.0}
BuildRequires: %{python_module cryptography >= 42.0}
BuildRequires: %{python_module h11 >= 0.11}
BuildRequires: %{python_module h2 >= 4.1}
BuildRequires: %{python_module hyperframe >= 6.0}
BuildRequires: %{python_module hypothesis >= 5.8}
BuildRequires: %{python_module kaitaistruct >= 0.10}
BuildRequires: %{python_module ldap3 >= 2.8}
BuildRequires: %{python_module mitmproxy-rs >= 0.5.1}
BuildRequires: %{python_module mitmproxy-wireguard >= 0.1.6}
BuildRequires: %{python_module mitmproxy-rs >= 0.11}
BuildRequires: %{python_module msgpack >= 1.0.0}
BuildRequires: %{python_module parver >= 0.1}
BuildRequires: %{python_module passlib >= 1.6.5}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module protobuf >= 3.14}
BuildRequires: %{python_module publicsuffix2 >= 2.20190812}
BuildRequires: %{python_module pyOpenSSL >= 22.1}
BuildRequires: %{python_module pyparsing >= 2.4.2}
BuildRequires: %{python_module pyperclip >= 1.6.0}
BuildRequires: %{python_module pyperclip >= 1.9.0}
BuildRequires: %{python_module pytest >= 6.1.0}
BuildRequires: %{python_module pytest-asyncio >= 0.17.0}
BuildRequires: %{python_module requests >= 2.9.1}
BuildRequires: %{python_module ruamel.yaml >= 0.16}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module sortedcontainers >= 2.3}
BuildRequires: %{python_module tornado >= 6.1}
BuildRequires: %{python_module typing_extensions >= 4.3 if %python-base < 3.11}
BuildRequires: %{python_module urwid >= 2.1.1}
BuildRequires: %{python_module tornado >= 6.4}
BuildRequires: %{python_module urwid >= 2.6.14}
BuildRequires: %{python_module wheel}
BuildRequires: %{python_module wsproto >= 1.0}
BuildRequires: %{python_module zstandard >= 0.11}
BuildRequires: %{python_module zstandard >= 0.15}
BuildRequires: fdupes
BuildRequires: python-rpm-macros
Requires: python-Brotli >= 1.0
Requires: python-Flask >= 1.1.1
Requires: python-aioquic >= 0.9.4
Requires: python-Flask >= 3.0
Requires: python-aioquic >= 1.1.0
Requires: python-argon2-cffi >= 23.1.0
Requires: python-asgiref >= 3.2.10
Requires: python-certifi >= 2019.9.11
Requires: python-click >= 7.0
Requires: python-cryptography >= 38.0
Requires: python-cryptography >= 42.0
Requires: python-h11 >= 0.11
Requires: python-h2 >= 4.1
Requires: python-hyperframe >= 6.0
Requires: python-kaitaistruct >= 0.10
Requires: python-ldap3 >= 2.8
Requires: python-mitmproxy-rs >= 0.5.1
Requires: python-mitmproxy-wireguard >= 0.1.6
Requires: python-mitmproxy-rs >= 0.11
Requires: python-msgpack >= 1.0.0
Requires: python-passlib >= 1.6.5
Requires: python-protobuf >= 3.14
Requires: python-publicsuffix2 >= 2.20190812
Requires: python-pyOpenSSL >= 22.1
Requires: python-pyparsing >= 2.4.2
Requires: python-pyperclip >= 1.6.0
Requires: python-pyperclip >= 1.9.0
Requires: python-ruamel.yaml >= 0.16
Requires: python-sortedcontainers >= 2.3
Requires: python-tornado >= 6.1
Requires: python-urwid >= 2.1.1
Requires: python-tornado >= 6.4
Requires: python-urwid >= 2.6.14
Requires: python-wsproto >= 1.0
Requires: python-zstandard >= 0.11
Requires: python-zstandard >= 0.15
Requires(post): update-alternatives
Requires(postun): update-alternatives
%if 0%{?python_version_nodots} < 311
Requires: python-typing_extensions >= 4.3
%endif
BuildArch: noarch
%python_subpackages
@@ -135,7 +127,8 @@ hypothesis.settings.register_profile(
# test_refresh fails on i586... wrong timestamp type, maybe?
# test_rollback and test_output[None-expected_out0-expected_err0] just randomly fail on i586
# test_dns and test_name_servers require networking
%pytest -k "not (test_refresh or test_rollback or test_output or test_name_servers or test_dns)" --hypothesis-profile="obs"
# test_tun_mode requires root to create a TUN device
%pytest -k "not (test_refresh or test_rollback or test_output or test_name_servers or test_dns or test_tun_mode)" --hypothesis-profile="obs"
%post
%python_install_alternative mitmdump
@@ -151,7 +144,7 @@ hypothesis.settings.register_profile(
%doc README.md CHANGELOG.md
%license LICENSE
%{python_sitelib}/mitmproxy
%{python_sitelib}/mitmproxy-%{version}*-info
%{python_sitelib}/mitmproxy-%{version}.dist-info
%python_alternative %{_bindir}/mitmdump
%python_alternative %{_bindir}/mitmproxy
%python_alternative %{_bindir}/mitmweb