python-mitmproxy/python-mitmproxy.changes

-------------------------------------------------------------------
Mon Feb 10 04:57:07 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>

- Update to 11.1.2:
  * CVE-2025-23217: mitmweb's API now requires an authentication token by
    default. The mitmweb API is bound to localhost only, but @gronke found
    that an attacker can circumvent that restriction by tunneling requests
    through the proxy server itself in an SSRF-style attack.
    (fa89055, @mhils)  (bsc#1236890)
  * Add (optional) password protection for mitmweb. The web_password option
    replaces the randomly-generated token authentication with a fixed secret
    that survives mitmproxy restarts. (0bd573a, @mhils)
  * mitmweb can now be hosted under arbitrary domains, the previously-used
    DNS rebind protection is not required anymore. (62693af, @mhils)
  * Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly;
    SameSite=Strict. (#7491, @mhils)
  * Fix console freezing due to DNS queries with an empty question
    section. (#7497, @sujaldev)
  * Fixed a bug that caused mitmproxy to crash when loading prior knowledge
    h2 flows. (#7514, @sujaldev)
  * Fix a bug where mitmproxy would get stuck in secure web proxy mode when
    using ignore_hosts or allow_hosts. (#7519, @mhils)
  * Copy request/response data to the clipboard in mitmweb (#7352, @lups2000)
  * Fix a bug where exporting a curl or httpie command with escaped
    characters would lead to different data being sent.
    (#7520, @proteusvacuum)
  * Local Capture Mode is now available on Linux as well. (#7440, @mhils)
  * mitmproxy now requires Python 3.12 or above. (#7440, @mhils)
  * Add cache-busting for mitmweb's front end code. (#7386, @mhils)
  * Clicking the URL in mitmweb now places the cursor at the current
    position instead of selecting the entire URL. (#7385, @lups2000)
  * Add missing status codes (#7455, @jwadolowski)
  * All filter expressions are now case-insensitive by default. Users can
    opt into case-sensitive filters by setting
    MITMPROXY_CASE_SENSITIVE_FILTERS=1 as an environment variable.
    (#7458, @mhils, @AdityaPatadiya)
  * Remove filter expression lowercasing in block_list addon
    (#7456, @jwadolowski)
  * Remove check for status codes in the blocklist add-on.
    (#7453, @lups2000, @AdityaPatadiya)
  * Prompt user before clearing screen (#7445, @errorxyz)
  * Stop sorting keys in JSON contentview (#7346, @injust)
  * Fix a bug where a custom CA would raise an error. (#7355, @nneonneo)
  * Fix a bug where the mitmproxy UI would crash on negative durations.
    (#7358, @mhils)
  * Allow technically invalid HTTP transfer encodings in requests if
    validate_inbound_headers is disabled. (#7361, #7373, @mhils)
  * Fix a bug in windows management in mitmproxy TUI whereby the help window
    does not appear if "?" is pressed within the overlay
    (#6500, @emanuele-em)
  * Tighten HTTP detection heuristic to better support custom TCP-based
    protocols. (#7228, @fatanugraha)
  * Implement stricter validation of HTTP headers to harden against request
    smuggling attacks. (#7345, @mhils)
  * Increase HTTP/2 default flow control window size, fixing performance
    issues. (#7317, @sujaldev)
  * Fix a bug where mitmproxy would incorrectly report that TLS 1.0 and 1.1
    are not supported with the current OpenSSL build. (#7241, @mhils)
  * Add a tun proxy mode that creates a virtual network device on Linux for
    transparent proxying. (#7278, @mhils)
  * browser.start command now supports Firefox. (#7239, @sujaldev)
  * Fix interaction of the modify_headers and stream_large_bodies options.
    This may break users of modify_headers that rely on filters referencing
    the message body. We expect this to be uncommon, but please make
    yourself heard if that's not the case. (#7286, @lukant)
  * Fix a crash when handling corrupted compressed body in savehar addon and
    its tests. (#7320, @8192bytes)
  * Remove dependency on protobuf library as it was no longer being
    used. (#7327, @matthew16550)

-------------------------------------------------------------------
Fri Oct 18 00:32:15 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>

- Update to version 11.0.0:
  * mitmproxy now supports transparent HTTP/3 proxying.
  * Add HTTP3 support in HTTPS reverse-proxy mode.
  * mitmproxy now officially supports Python 3.13.
  * Tighten HTTP detection heuristic to better support custom
    TCP-based protocols.
  * Add show_ignored_hosts option to display ignored flows in the
    UI. This option is implemented as a temporary workaround and
    will be removed in the future.
  * Fix slow tnetstring parsing in case of very large tnetstring.
  * Add getaddrinfo-based fallback for DNS resolution if we are
    unable to determine the operating system's name servers.
  * Improve the error message when users specify the certs option
    without a matching private key.
  * Fix a bug where intermediate certificates would not be
    transmitted when using QUIC.
  * Fix a bug where fragmented QUIC client hellos were not handled
    properly.
  * Emit a warning when users configure a TLS version that is not
    supported by the current OpenSSL build.
  * Fix a bug where mitmproxy would crash when receiving
    STOP_SENDING QUIC frames.
  * Fix error when unmarking all flows.
  * Add addon to update the alt-svc header in reverse mode.
  * Do not send unnecessary empty data frames when streaming
    HTTP/2.
  * Fix of measurement unit in HAR import, duration is in
    milliseconds.
  * Connection.tls_version now is QUICv1 instead of QUIC for QUIC.
  * Add support for full mTLS with client certs between client and
    mitmproxy.
  * Update documentation adding a list of all possibile
    web_columns.
- Updates from version 10.4.2:
  * Fix a crash on startup when mitmproxy is unable to determine
    the OS' DNS servers
- Updates from version 10.4.1:
  * Fix a bug where macOS local mode would not start up on macOS.
  * Fix UDP error handling when we learn that the remote has
    disconnected.
- Updates from version 10.4.0:
  * Add support for DNS over TCP.
  * Add first MVP new Capture Tab in mitmweb
  * Add HttpConnectedHook and HttpConnectErrorHook.
  * Fix non-linear growth in processing time for large HTTP bodies.
  * Fix a bug where connections would be incorrectly ignored with
    allow_hosts.
  * Fix zstd decompression to read across frames.
  * Handle certificates we cannot parse more gracefully.
  * Parse compressed domain names in ResourceRecord data.
  * Fix a bug where mitmweb's flow list would not stay at the
    bottom.
  * Fix a bug where SSH connections would be incorrectly handled as
    HTTP.
  * Skip UTF-8 byte-order marks (BOM) when loading HAR files.
  * Allow typing.Sequence[str] to be an editable option.
  * Add Host header to CONNECT requests.
  * Support all query types in DNS mode.
  * Fix a bug where mitmproxy would crash for pipelined HTTP flows.
  * Add an optional "index" column for mitmweb.
- Updates from version 10.3.1:
  * Release tags are now prefixed with v again.
  * Fix a bug where mitmproxy would not exit when -n is passed.
  * Set the unbuffered (stdout/stderr) flag for the mitmdump
    PyInstaller build.
  * Fix a bug where client replay would not work with proxyauth.
  * Fix slowdown when sending large amounts of data over HTTP/2.
  * Add an option to strip HTTPS records from DNS responses to
    block encrypted ClientHellos.
  * Add an API to parse HTTPS records from DNS RDATA.
  * Releases now come with a Sigstore attestations file to
    demonstrate build provenance.
- Updates from version 10.3.0:
  * Add support for editing non text files in a hex editor
  * Add server_connect_error hook that is triggered when connection
    establishment fails.
  * Add section in mitmweb for rendering, adding and removing a
    comment
  * Fix multipart form content view being unusable.
  * Documentation Improvements on CA Certificate Generation
  * Make it possible to read flows from stdin with mitmweb.
  * Update aioquic dependency to >= 1.0.0, < 2.0.0.
  * Fix a bug where async client_connected handlers would crash
    mitmproxy.
  * Add button to close flow details panel
  * Ignore SIGPIPE signals when there is lots of traffic. Socket
    errors are handled directly and do not require extra signals
    that generate noise.
  * Add primitive websocket interception and modification
  * Add support for exporting websocket messages when using "raw"
    export.
  * The "save body" feature now also includes WebSocket messages.
  * Fix compatibility with older cryptography versions and silence
    a DeprecationWarning on Python <3.11.
  * Fix a bug when proxying unicode domains.
- Updates from version 10.2.4:
  * Fix a bug where errors during startup would not be displayed
    when running mitmproxy.
  * Use newer cryptography APIs to avoid
    CryptographyDeprecationWarnings. This bumps the minimum
    required version to cryptography 42.0.
- Updates from version 10.2.3:
  * Fix a regression where allow_hosts/ignore_hosts would break
    with IPv6 connections.
  * Fix bug where failed CONNECT request URLs are saved to HAR
    files incorrectly.
  * Add an arm64 variant for the precompiled macOS app.
  * Fix duplicate answers being returned in DNS queries.
  * Fix bug where wireguard config is generated with incorrect
    endpoint when two or more NICs are active.
  * Fix a regression when leaf cert creation would fail with
    intermediate CAs in ca_file.
  * Add content_view_lines_cutoff option to mitmdump
  * Allow runtime modifications of HTTP flow filters for server
    replays
  * Fix bug view options menu in case of overflow
  * Allow --allow-hosts and --ignore-hosts to work together

-------------------------------------------------------------------
Tue Feb 27 14:37:10 UTC 2024 - Markéta Machová <mmachova@suse.com>

- Update to version 10.2.2:
  * The onboarding_port option has been removed. The onboarding app now 
    responds to all requests for the hostname specified in onboarding_host.
  * connection.Client and connection.Server now accept keyword arguments 
    only. This is a breaking change for custom addons that use these classes 
    directly.
  * Add experimental support for HTTP/3 and QUIC.
  * ASGI/WSGI apps can now listen on all ports for a specific hostname.
  * Add replay.server.add command for adding flows to server replay buffer.
  * Remove string escaping in raw view.
  * mitmproxy now requires Python 3.10 or above.
  * Add support for reading and writing HAR files.
  * UDP streams are now backed by a new implementation in mitmproxy_rs.
  * ignore_hosts now waits for the entire HTTP headers if it suspects the 
    connection to be HTTP.

-------------------------------------------------------------------
Mon Jan 29 21:27:19 UTC 2024 - Dirk Müller <dmueller@suse.com>

- switch to python311 build

-------------------------------------------------------------------
Thu Dec 15 17:32:53 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>

- Skip broken tests in different architectures

-------------------------------------------------------------------
Thu Dec 15 17:17:36 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>

- Remove fix-big-integer.patch
- Update to version 9.0.1:
  - The precompiled binaries now ship with OpenSSL 3.0.7, which resolves
    CVE-2022-3602 and CVE-2022-3786.
  - Performance and stability improvements for WireGuard mode. (#5694, @mhils,
    @decathorpe)
  - Fix a bug where the standalone Linux binaries would require libffi to be
    installed. (#5699, @mhils)
  - Hard exit when mitmproxy cannot write logs, fixes endless loop when parent
    process exits. (#4669, @Prinzhorn)
  - Fix a permission error affecting the Docker images. (#5700, @mhils)

- 9.0.0
  # Major Features
  - Add Raw UDP support. (#5414, @meitinger)
  - Add WireGuard mode to enable transparent proxying via WireGuard. (#5562,
    @decathorpe, @mhils)
  - Add DTLS support. (#5397, @kckeiks).
  - Add a quick help bar to mitmproxy. (#5381, #5652, @kckeiks, @mhils).

  # Deprecations
  - Deprecate add_log event hook. Users should use the builtin logging module
    instead. See the docs for details and upgrade instructions. (#5590, @mhils)
  - Deprecate mitmproxy.ctx.log in favor of Python's builtin logging module.
    See the docs for details and upgrade instructions. (#5590, @mhils)

  # Breaking Changes
  - The mode option is now a list of server specs instead of a single spec. The
    CLI interface is unaffected, but users may need to update their
    config.yaml. (#5393, @mhils)

  # Full Changelog
  - Mitmproxy binaries now ship with Python 3.11. (#5678, @mhils)
  - One mitmproxy instance can now spawn multiple proxy servers. (#5393,
    @mhils)
  - Add syntax highlighting to JSON and msgpack content view. (#5623,
    @SapiensAnatis)
  - Add MQTT content view. (#5588, @nikitastupin, @abbbe)
  - Setting connection_strategy to lazy now also disables early upstream
    connections to fetch TLS certificate details. (#5487, @mhils)
  - Fix order of event hooks on startup. (#5376, @meitinger)
  - Include server information in bind/listen errors. (#5495, @meitinger)
  - Include information about lazy connection_strategy in related errors.
    (#5465, @meitinger, @mhils)
  - Fix tls_version_server_min and tls_version_server_max options. (#5546,
    @mhils)
  - Added Magisk module generation for Android onboarding. (#5547, @jorants)
  - Update Linux binary builder to Ubuntu 20.04, bumping the minimum glibc
    version to 2.31. (#5547, @jorants)
  - Add "Save filtered" button in mitmweb. (#5531, @rnbwdsh, @mhils)
  - Render application/prpc content as gRPC/Protocol Buffers (#5568,
    @selfisekai)
  - Mitmweb now supports content_view_lines_cutoff. (#5548, @sanlengjingvv)
  - Fix a mitmweb crash when scrolling down the flow list. (#5507, @LIU-shuyi)
  - Add HTTP/3 binary frame content view. (#5582, @mhils)
  - Fix mitmweb not properly opening a browser and being stuck on some Linux.
    (#5522, @Prinzhorn)
  - Fix race condition when updating mitmweb WebSocket connections that are
    closing. (#5405, #5686, @mhils)
  - Fix mitmweb crash when using filters. (#5658, #5661, @LIU-shuyi, @mhils)
  - Fix missing default port when starting a browser. (#5687, @rbdixon)
  - Add docs for transparent mode on Windows. (#5402, @stephenspol)

-------------------------------------------------------------------
Fri Oct  7 11:01:46 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>

- Update to version 8.1.1:
  * Support specifying the local address for outgoing connections (#5364,
    @meitinger)
  * Fix a bug where an excess empty chunk has been sent for chunked HEAD
    request. (#5372, @jixunmoe)
  * Drop pkg_resources dependency. (#5401, @PavelICS)
  * Fix huge (>65kb) http2 responses corrupted. (#5428, @dhabensky)
  * Remove overambitious assertions in the HTTP state machine, fix some error
    handling. (#5383, @mhils)
  * Use default_factory for parser_options. (#5474, @rathann)
- mitmproxy 8.1.0
  * DNS support (#5232, @meitinger)
  * Mitmproxy now requires Python 3.9 or above. (#5233, @mhils)
  * Fix a memory leak in mitmdump where flows were kept in memory. (#4786,
    @mhils)
  * Replayed flows retain their current position in the flow list. (#5227,
    @mhils)
  * Periodically send HTTP/2 ping frames to keep connections alive. (#5046,
    @EndUser509)
  * Console Performance Improvements (#3427, @BkPHcgQL3V)
  * Warn users if server side event responses are received without streaming.
    (#4469, @mhils)
  * Add flatpak support to the browser addon (#5200, @pauloromeira)
  * Add example addon to dump contents to files based on a filter expression
    (#5190, @redraw)
  * Fix a bug where the wrong SNI is sent to an upstream HTTPS proxy (#5109,
    @mhils)
  * Make sure that mitmproxy displays error messages on startup. (#5225,
    @mhils)
  * Add example addon for domain fronting. (#5217, @randomstuff)
  * Improve cut addon to better handle binary contents (#3965, @mhils)
  * Fix text truncation for full-width characters (#4278, @kjy00302)
  * Fix mitmweb export copy failed in non-secure domain. (#5264, @Pactortester)
  * Add example script for manipulating cookies. (#5278, @WillahScott)
  * When opening an external viewer for message contents, mailcap files are not
    considered anymore.
  * This preempts the upcoming deprecation of Python's mailcap module. (#5297,
    @KORraNpl)
  * Fix hostname encoding for IDNA domains in upstream mode. (#5316, @nneonneo)
  * Fix hot reloading of contentviews. (#5319, @nneonneo)
  * Ignore HTTP/2 information responses instead of raising an error. (#5332,
    @mhils)
  * Improve performance and memory usage by reusing OpenSSL contexts. (#5339,
    @mhils)
  * Fix handling of multiple Cookie headers when proxying HTTP/2 to HTTP/1
    (#5337, @rinsuki)
  * Improve http_manipulate_cookies.py example. (#5578, @insilications)

- Add fix-big-integer.patch to fix tests with modern python versions based on
  gh#mitmproxy/mitmproxy@780adbaf9b13

-------------------------------------------------------------------
Tue Mar 22 16:01:32 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>

- Update to 8.0.0
  * mitmweb improvements
    * Now renders TCP and WebSocket flows
    * Offers direct cURL/HTTPie/raw HTTP export
    * Added Experimental command bar
  * Added Async Event Hooks
  * Added event hooks to signal TLS handshake success and failure
    for client and server connections
  * Support proxy authentication for SOCKS v5 mode
  * CVE-2022-24766: Fix request smuggling vulnerability, boo#1197381

-------------------------------------------------------------------
Thu Jan  6 13:33:12 UTC 2022 - Ben Greiner <code@bnavigator.de>

- Register obs hypothesis profile for slow test executions

-------------------------------------------------------------------
Wed Dec  8 21:07:48 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>

- Update to 7.0.4
  * Compatibility with Python 3.10
  * Supports proxying raw TCP connections
  * Support TCP connections that start with a server-side greeting
  * Support SMTP
  * Accept HTTP/2 requests from the client and forward them to
    an HTTP/1 server
  * Displays WebSocket messages also in a dedicated UI tab
  * Clients can now establish TLS with the proxy right from the
    start, which can add a significant layer of defense in public
    networks.
  * Removed pathoc and pathod, see
    https://github.com/mitmproxy/mitmproxy/issues/4273

-------------------------------------------------------------------
Wed Jan 27 14:37:07 UTC 2021 - Markéta Machová <mmachova@suse.com>

- Update to 6.0.2
  * Mitmproxy now requires Python 3.8 or above.
  * Deprecation of pathod and pathoc tools and modules. Future releases
    will not contain them!
  * SSLKEYLOGFILE now supports TLS 1.3 secrets
  * Tests: Replace asynctest with stdlib mock
  * Many smaller improvements and bugfixes
- Drop unpin.patch and replace it with a sed script
- Drop merged replace-asynctest.patch

-------------------------------------------------------------------
Tue Aug 11 10:05:06 UTC 2020 - Benjamin Greiner <code@bnavigator.de>

- Update to v5.2
  * Add Filter message to mitmdump (@sarthak212)
  * Display TCP flows at flow list (@Jessonsotoventura,
    @nikitastupin, @mhils)
  * Colorize JSON Contentview (@sarthak212)
  * Fix console crash when entering regex escape character in
    half-open string (@sarthak212)
  * Integrate contentviews to TCP flow details (@nikitastupin)
  * Added add-ons that enhance the performance of web application
    scanners (@anneborcherding)
  * Increase WebSocket message timestamp precision
    (@JustAnotherArchivist)
  * Fix HTTP reason value on HTTP/2 reponses (@rbdixon)
  * mitmweb: support wslview to open a web browser (@G-Rath)
  * Fix dev version detection with parent git repo
    (@JustAnotherArchivist)
  * Restructure examples and supported addons (@mhils)
  * Certificate generation: mark SAN as critical if no CN is set
    (@mhils)
  * Simplify Replacements with new ModifyBody addon (@mplattner)
  * Rename SetHeaders addon to ModifyHeaders (@mplattner)
  * mitmweb: "New -> File" menu option has been renamed to
    "Clear All" (@yogeshojha)
  * Add new MapRemote addon to rewrite URLs of requests
    (@mplattner)
  * Add support for HTTP Trailers to the HTTP/2 protocol
    (@sanlengjingvv and @Kriechi)
  * Fix certificate runtime error during expire cleanup
    (@gorogoroumaru)
  * Fixed the DNS Rebind Protection for secure support of IPv6
    addresses (@tunnelpr0)
  * WebSockets: match the HTTP-WebSocket flow for the ~websocket
    filter (@Kriechi)
  * Fix deadlock caused by the "replay.client.stop" command
    (@gorogoroumaru)
  * Add new MapLocal addon to serve local files instead of remote
    resources (@mplattner and @mhils)
  * Add minimal TCP interception and modification (@nikitastupin)
  * Add new CheckSSLPinning addon to check SSL-Pinning on client
    (@su-vikas)
  * Add a JSON dump script: write data into a file or send to an
    endpoint as JSON (@emedvedev)
  * Fix console output formatting (@sarthak212)
  * Add example for proxy authentication using selenium
    (@anneborcherding and @weichweich)
- refresh unpin.patch
- replace unmaintained asynctest by native python 3.8 unittest
  calls
  * replace-asynctest.patch
  * gh#mitmproxy/mitmproxy#4020

-------------------------------------------------------------------
Mon Jun 15 10:39:50 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>

- initial packaging (v5.1.1)