- update to 2.1.1 (bsc#1197255, CVE-2022-24761):

* Waitress now validates that chunked encoding extensions are valid, and don’t
    contain invalid characters that are not allowed. They are still skipped/not
    processed, but if they contain invalid data we no longer continue in and return
    a 400 Bad Request. This stops potential HTTP desync/HTTP request smuggling.
    Thanks to Zhang Zeyu for reporting this issue. See
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
  * Waitress now validates that the chunk length is only valid hex digits when
    parsing chunked encoding, and values such as 0x01 and +01 are no longer
    supported. This stops potential HTTP desync/HTTP request smuggling. Thanks
    to Zhang Zeyu for reporting this issue. See
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
  * Waitress now validates that the Content-Length sent by a remote contains only
    digits in accordance with RFC7230 and will return a 400 Bad Request when the
    Content-Length header contains invalid data, such as +10 which would
    previously get parsed as 10 and accepted. This stops potential HTTP
    desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue.
    See
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=50

python-waitress.spec

@@ -1,7 +1,7 @@
 #
-# spec file for package python-waitress
+# spec file
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -33,7 +33,7 @@
 
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-waitress%{psuffix}
-Version:        2.0.0
+Version:        2.1.1
 Release:        0
 Summary:        Waitress WSGI server
 License:        ZPL-2.1