Accepting request 1244641 from devel:languages:python

- Update to 11.1.2: * CVE-2025-23217: mitmweb's API now requires an authentication token by default. The mitmweb API is bound to localhost only, but @gronke found that an attacker can circumvent that restriction by tunneling requests through the proxy server itself in an SSRF-style attack. (fa89055, @mhils) (bsc#1236890) * Add (optional) password protection for mitmweb. The web_password option replaces the randomly-generated token authentication with a fixed secret that survives mitmproxy restarts. (0bd573a, @mhils) * mitmweb can now be hosted under arbitrary domains, the previously-used DNS rebind protection is not required anymore. (62693af, @mhils) * Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly; SameSite=Strict. (#7491, @mhils) * Fix console freezing due to DNS queries with an empty question section. (#7497, @sujaldev) * Fixed a bug that caused mitmproxy to crash when loading prior knowledge h2 flows. (#7514, @sujaldev) * Fix a bug where mitmproxy would get stuck in secure web proxy mode when using ignore_hosts or allow_hosts. (#7519, @mhils) * Copy request/response data to the clipboard in mitmweb (#7352, @lups2000) * Fix a bug where exporting a curl or httpie command with escaped characters would lead to different data being sent. (#7520, @proteusvacuum) * Local Capture Mode is now available on Linux as well. (#7440, @mhils) * mitmproxy now requires Python 3.12 or above. (#7440, @mhils) * Add cache-busting for mitmweb's front end code. (#7386, @mhils) * Clicking the URL in mitmweb now places the cursor at the current position instead of selecting the entire URL. (#7385, @lups2000) * Add missing status codes (#7455, @jwadolowski) * All filter expressions are now case-insensitive by default. Users can OBS-URL: https://build.opensuse.org/request/show/1244641 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-mitmproxy?expand=0&rev=12
2025-02-10 16:28:09 +00:00
parent 2177cae9b1 ab88c497a4
commit 36c2f3cf8b
4 changed files with 98 additions and 35 deletions
--- a/mitmproxy-11.0.0.tar.gz
+++ b/mitmproxy-11.0.0.tar.gz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:4852952008229292b649c80dcc708f24de0eebb6a8d1aabe8b0c79a735d58f13
 size 31024600
--- a/mitmproxy-11.1.2.tar.gz
+++ b/mitmproxy-11.1.2.tar.gz
@@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:c3e47913f4b1ad4784bffbd2d2952ba456fe32e3dfd2da43a78f240b04653792
 size 31039774
--- a/python-mitmproxy.changes
+++ b/python-mitmproxy.changes
@@ -1,3 +1,73 @@
 -------------------------------------------------------------------
 Mon Feb 10 04:57:07 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
 - Update to 11.1.2:
  * CVE-2025-23217: mitmweb's API now requires an authentication token by
    default. The mitmweb API is bound to localhost only, but @gronke found
    that an attacker can circumvent that restriction by tunneling requests
    through the proxy server itself in an SSRF-style attack.
    (fa89055, @mhils)  (bsc#1236890)
  * Add (optional) password protection for mitmweb. The web_password option
    replaces the randomly-generated token authentication with a fixed secret
    that survives mitmproxy restarts. (0bd573a, @mhils)
  * mitmweb can now be hosted under arbitrary domains, the previously-used
    DNS rebind protection is not required anymore. (62693af, @mhils)
  * Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly;
    SameSite=Strict. (#7491, @mhils)
  * Fix console freezing due to DNS queries with an empty question
    section. (#7497, @sujaldev)
  * Fixed a bug that caused mitmproxy to crash when loading prior knowledge
    h2 flows. (#7514, @sujaldev)
  * Fix a bug where mitmproxy would get stuck in secure web proxy mode when
    using ignore_hosts or allow_hosts. (#7519, @mhils)
  * Copy request/response data to the clipboard in mitmweb (#7352, @lups2000)
  * Fix a bug where exporting a curl or httpie command with escaped
    characters would lead to different data being sent.
    (#7520, @proteusvacuum)
  * Local Capture Mode is now available on Linux as well. (#7440, @mhils)
  * mitmproxy now requires Python 3.12 or above. (#7440, @mhils)
  * Add cache-busting for mitmweb's front end code. (#7386, @mhils)
  * Clicking the URL in mitmweb now places the cursor at the current
    position instead of selecting the entire URL. (#7385, @lups2000)
  * Add missing status codes (#7455, @jwadolowski)
  * All filter expressions are now case-insensitive by default. Users can
    opt into case-sensitive filters by setting
    MITMPROXY_CASE_SENSITIVE_FILTERS=1 as an environment variable.
    (#7458, @mhils, @AdityaPatadiya)
  * Remove filter expression lowercasing in block_list addon
    (#7456, @jwadolowski)
  * Remove check for status codes in the blocklist add-on.
    (#7453, @lups2000, @AdityaPatadiya)
  * Prompt user before clearing screen (#7445, @errorxyz)
  * Stop sorting keys in JSON contentview (#7346, @injust)
  * Fix a bug where a custom CA would raise an error. (#7355, @nneonneo)
  * Fix a bug where the mitmproxy UI would crash on negative durations.
    (#7358, @mhils)
  * Allow technically invalid HTTP transfer encodings in requests if
    validate_inbound_headers is disabled. (#7361, #7373, @mhils)
  * Fix a bug in windows management in mitmproxy TUI whereby the help window
    does not appear if "?" is pressed within the overlay
    (#6500, @emanuele-em)
  * Tighten HTTP detection heuristic to better support custom TCP-based
    protocols. (#7228, @fatanugraha)
  * Implement stricter validation of HTTP headers to harden against request
    smuggling attacks. (#7345, @mhils)
  * Increase HTTP/2 default flow control window size, fixing performance
    issues. (#7317, @sujaldev)
  * Fix a bug where mitmproxy would incorrectly report that TLS 1.0 and 1.1
    are not supported with the current OpenSSL build. (#7241, @mhils)
  * Add a tun proxy mode that creates a virtual network device on Linux for
    transparent proxying. (#7278, @mhils)
  * browser.start command now supports Firefox. (#7239, @sujaldev)
  * Fix interaction of the modify_headers and stream_large_bodies options.
    This may break users of modify_headers that rely on filters referencing
    the message body. We expect this to be uncommon, but please make
    yourself heard if that's not the case. (#7286, @lukant)
  * Fix a crash when handling corrupted compressed body in savehar addon and
    its tests. (#7320, @8192bytes)
  * Remove dependency on protobuf library as it was no longer being
    used. (#7327, @matthew16550)
 -------------------------------------------------------------------
 Fri Oct 18 00:32:15 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
--- a/python-mitmproxy.spec
+++ b/python-mitmproxy.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-mitmproxy
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,85 +17,77 @@
 %{?sle15_python_module_pythons}
-%define skip_python39 1
+# Upstream only supports Python 3.12+!
 %define skip_python311 1
 Name:           python-mitmproxy
-Version:        11.0.0
+Version:        11.1.2
 Release:        0
 Summary:        An interactive, SSL/TLS-capable intercepting proxy
 License:        MIT
 Group:          Development/Languages/Python
 URL:            https://mitmproxy.org
 Source:         https://github.com/mitmproxy/mitmproxy/archive/refs/tags/v%{version}.tar.gz#/mitmproxy-%{version}.tar.gz
 BuildRequires:  %{python_module Brotli >= 1.0}
-BuildRequires:  %{python_module Flask >= 1.1.1}
+BuildRequires:  %{python_module Flask >= 3.0}
-BuildRequires:  %{python_module aioquic >= 0.9.4}
+BuildRequires:  %{python_module aioquic >= 1.1.0}
 BuildRequires:  %{python_module argon2-cffi >= 23.1.0}
 BuildRequires:  %{python_module asgiref >= 3.2.10}
 BuildRequires:  %{python_module certifi >= 2019.9.11}
-BuildRequires:  %{python_module click >= 7.0}
+BuildRequires:  %{python_module cryptography >= 42.0}
 BuildRequires:  %{python_module cryptography >= 38.0}
 BuildRequires:  %{python_module h11 >= 0.11}
 BuildRequires:  %{python_module h2 >= 4.1}
 BuildRequires:  %{python_module hyperframe >= 6.0}
 BuildRequires:  %{python_module hypothesis >= 5.8}
 BuildRequires:  %{python_module kaitaistruct >= 0.10}
 BuildRequires:  %{python_module ldap3 >= 2.8}
-BuildRequires:  %{python_module mitmproxy-rs >= 0.5.1}
+BuildRequires:  %{python_module mitmproxy-rs >= 0.11}
 BuildRequires:  %{python_module mitmproxy-wireguard >= 0.1.6}
 BuildRequires:  %{python_module msgpack >= 1.0.0}
 BuildRequires:  %{python_module parver >= 0.1}
 BuildRequires:  %{python_module passlib >= 1.6.5}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module protobuf >= 3.14}
 BuildRequires:  %{python_module publicsuffix2 >= 2.20190812}
 BuildRequires:  %{python_module pyOpenSSL >= 22.1}
 BuildRequires:  %{python_module pyparsing >= 2.4.2}
-BuildRequires:  %{python_module pyperclip >= 1.6.0}
+BuildRequires:  %{python_module pyperclip >= 1.9.0}
 BuildRequires:  %{python_module pytest >= 6.1.0}
 BuildRequires:  %{python_module pytest-asyncio >= 0.17.0}
 BuildRequires:  %{python_module requests >= 2.9.1}
 BuildRequires:  %{python_module ruamel.yaml >= 0.16}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module sortedcontainers >= 2.3}
-BuildRequires:  %{python_module tornado >= 6.1}
+BuildRequires:  %{python_module tornado >= 6.4}
-BuildRequires:  %{python_module typing_extensions >= 4.3 if %python-base < 3.11}
+BuildRequires:  %{python_module urwid >= 2.6.14}
 BuildRequires:  %{python_module urwid >= 2.1.1}
 BuildRequires:  %{python_module wheel}
 BuildRequires:  %{python_module wsproto >= 1.0}
-BuildRequires:  %{python_module zstandard >= 0.11}
+BuildRequires:  %{python_module zstandard >= 0.15}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires:       python-Brotli >= 1.0
-Requires:       python-Flask >= 1.1.1
+Requires:       python-Flask >= 3.0
-Requires:       python-aioquic >= 0.9.4
+Requires:       python-aioquic >= 1.1.0
 Requires:       python-argon2-cffi >= 23.1.0
 Requires:       python-asgiref >= 3.2.10
 Requires:       python-certifi >= 2019.9.11
-Requires:       python-click >= 7.0
+Requires:       python-cryptography >= 42.0
 Requires:       python-cryptography >= 38.0
 Requires:       python-h11 >= 0.11
 Requires:       python-h2 >= 4.1
 Requires:       python-hyperframe >= 6.0
 Requires:       python-kaitaistruct >= 0.10
 Requires:       python-ldap3 >= 2.8
-Requires:       python-mitmproxy-rs >= 0.5.1
+Requires:       python-mitmproxy-rs >= 0.11
 Requires:       python-mitmproxy-wireguard >= 0.1.6
 Requires:       python-msgpack >= 1.0.0
 Requires:       python-passlib >= 1.6.5
 Requires:       python-protobuf >= 3.14
 Requires:       python-publicsuffix2 >= 2.20190812
 Requires:       python-pyOpenSSL >= 22.1
 Requires:       python-pyparsing >= 2.4.2
-Requires:       python-pyperclip >= 1.6.0
+Requires:       python-pyperclip >= 1.9.0
 Requires:       python-ruamel.yaml >= 0.16
 Requires:       python-sortedcontainers >= 2.3
-Requires:       python-tornado >= 6.1
+Requires:       python-tornado >= 6.4
-Requires:       python-urwid >= 2.1.1
+Requires:       python-urwid >= 2.6.14
 Requires:       python-wsproto >= 1.0
-Requires:       python-zstandard >= 0.11
+Requires:       python-zstandard >= 0.15
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
 %if 0%{?python_version_nodots} < 311
 Requires:       python-typing_extensions >= 4.3
 %endif
 BuildArch:      noarch
 %python_subpackages
@@ -135,7 +127,8 @@ hypothesis.settings.register_profile(
 # test_refresh fails on i586... wrong timestamp type, maybe?
 # test_rollback and test_output[None-expected_out0-expected_err0] just randomly fail on i586
 # test_dns and test_name_servers require networking
-%pytest -k "not (test_refresh or test_rollback or test_output or test_name_servers or test_dns)" --hypothesis-profile="obs"
+# test_tun_mode requires root to create a TUN device
 %pytest -k "not (test_refresh or test_rollback or test_output or test_name_servers or test_dns or test_tun_mode)" --hypothesis-profile="obs"
 %post
 %python_install_alternative mitmdump
@@ -151,7 +144,7 @@ hypothesis.settings.register_profile(
 %doc README.md CHANGELOG.md
 %license LICENSE
 %{python_sitelib}/mitmproxy
-%{python_sitelib}/mitmproxy-%{version}*-info
+%{python_sitelib}/mitmproxy-%{version}.dist-info
 %python_alternative %{_bindir}/mitmdump
 %python_alternative %{_bindir}/mitmproxy
 %python_alternative %{_bindir}/mitmweb