Accepting request 1226960 from devel:languages:python

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/1226960 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=34
- update to 3.0.2:
2024-11-28 23:08:32 +00:00 · 2024-11-20 17:07:15 +00:00 · 2024-10-31 15:08:55 +00:00 · 2024-10-30 07:33:06 +00:00 · 2024-10-30 06:51:09 +00:00 · 2024-07-03 18:28:48 +00:00
4 changed files with 65 additions and 18 deletions
--- a/python-waitress.changes
+++ b/python-waitress.changes
@@ -1,3 +1,48 @@
 -------------------------------------------------------------------
 Wed Nov 20 17:06:45 UTC 2024 - Dirk Müller <dmueller@suse.com>
 - update to 3.0.2:
  * When using Waitress to process trusted proxy headers,
    Waitress will now update the headers to drop any untrusted
    values, thereby making sure that WSGI apps only get trusted
    and validated values that Waitress itself used to update the
    environ.
 -------------------------------------------------------------------
 Wed Oct 30 06:49:46 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
 - Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768):
    * Fix a bug that would lead to Waitress busy looping on select()
      on a half-open socket due to a race condition that existed when
      creating a new HTTPChannel. See
      https://github.com/Pylons/waitress/pull/435,
      https://github.com/Pylons/waitress/issues/418 and
      https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
    * No longer strip the header values before passing them to the
      WSGI environ. See https://github.com/Pylons/waitress/pull/434
      and https://github.com/Pylons/waitress/issues/432
    * Fix a race condition in Waitress when
      `channel_request_lookahead` is enabled that could lead to HTTP
      request smuggling.
    * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
 -------------------------------------------------------------------
 Sun Jun 30 07:59:06 UTC 2024 - Dirk Müller <dmueller@suse.com>
 - update to 3.0.0:
  * Fixed testing of vendored asyncore code to not rely on
    particular naming for errno's.
  * HTTP Request methods and versions are now validated to meet
    the HTTP standards thereby dropping invalid requests on the floor.
  * No longer close the connection when sending a HEAD request
    response.
  * Always attempt to send the Connection: close response header
    when we are going to close the connection to let the remote
    know in more instances.
  * Document that trusted_proxy may be set to a wildcard value to
    trust all proxies.
  * clear_untrusted_proxy_headers is set to True by default.
 -------------------------------------------------------------------
 Mon Dec  4 15:20:28 UTC 2023 - Ana Guerrero <ana.guerrero@suse.com>
--- a/python-waitress.spec
+++ b/python-waitress.spec
@@ -1,7 +1,7 @@
 #
-# spec file
+# spec file for package python-waitress
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -31,7 +31,7 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-waitress%{psuffix}
-Version:        2.1.2
+Version:        3.0.2
 Release:        0
 Summary:        Waitress WSGI server
 License:        ZPL-2.1
@@ -42,7 +42,9 @@ Source:         https://files.pythonhosted.org/packages/source/w/waitress/waitre
 # https://docs.python.org/3/objects.inv -> python3.inv
 Source1:        python3.inv
 Source2:        fetch-intersphinx-inventories.sh
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros >= 20210929
 BuildArch:      noarch
@@ -53,7 +55,7 @@ BuildRequires:  alts
 Requires:       alts
 %else
 Requires(post): update-alternatives
-Requires(postun):update-alternatives
+Requires(postun): update-alternatives
 %endif
 %else
 # Documentation requirements
@@ -87,10 +89,10 @@ http://docs.pylonsproject.org/projects/waitress/en/latest/ .
 sed -i '/addopts/d' setup.cfg
 %build
-%python_build
+%pyproject_wheel
 %install
-%python_install
+%pyproject_install
 %python_clone -a %{buildroot}%{_bindir}/waitress-serve
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
@@ -113,7 +115,7 @@ sed -i '/addopts/d' setup.cfg
 %doc COPYRIGHT.txt README.rst
 %python_alternative %{_bindir}/waitress-serve
 %{python_sitelib}/waitress
-%{python_sitelib}/waitress-%{version}*-info
+%{python_sitelib}/waitress-%{version}.dist-info
 %else
--- a/waitress-2.1.2.tar.gz
+++ b/waitress-2.1.2.tar.gz
--- a/waitress-3.0.2.tar.gz
+++ b/waitress-3.0.2.tar.gz
Author	SHA256	Message	Date
Ana Guerrero	43e8383ddf	Accepting request 1226960 from devel:languages:python Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/1226960 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=34	2024-11-28 23:08:32 +00:00
Dirk Mueller	0b7a677481	- update to 3.0.2: * When using Waitress to process trusted proxy headers, Waitress will now update the headers to drop any untrusted values, thereby making sure that WSGI apps only get trusted and validated values that Waitress itself used to update the environ. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=72	2024-11-20 17:07:15 +00:00
Dominique Leuenberger	4336a63d6c	Accepting request 1219322 from devel:languages:python - Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768): * Fix a bug that would lead to Waitress busy looping on select() on a half-open socket due to a race condition that existed when creating a new HTTPChannel. See https://github.com/Pylons/waitress/pull/435, https://github.com/Pylons/waitress/issues/418 and https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6 * No longer strip the header values before passing them to the WSGI environ. See https://github.com/Pylons/waitress/pull/434 and https://github.com/Pylons/waitress/issues/432 * Fix a race condition in Waitress when `channel_request_lookahead` is enabled that could lead to HTTP request smuggling. * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj OBS-URL: https://build.opensuse.org/request/show/1219322 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=33	2024-10-31 15:08:55 +00:00
Daniel Garcia	640180ab34	- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768): OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=70	2024-10-30 07:33:06 +00:00
Daniel Garcia	21eaa3dbfb	- Update to 3.0.1 (bsc#1232554, CVE-2024-49769): * Fix a bug that would lead to Waitress busy looping on select() on a half-open socket due to a race condition that existed when creating a new HTTPChannel. See https://github.com/Pylons/waitress/pull/435, https://github.com/Pylons/waitress/issues/418 and https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6 * No longer strip the header values before passing them to the WSGI environ. See https://github.com/Pylons/waitress/pull/434 and https://github.com/Pylons/waitress/issues/432 * Fix a race condition in Waitress when `channel_request_lookahead` is enabled that could lead to HTTP request smuggling. * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=69	2024-10-30 06:51:09 +00:00
Ana Guerrero	049b7e57f5	Accepting request 1184077 from devel:languages:python - update to 3.0.0: * Fixed testing of vendored asyncore code to not rely on particular naming for errno's. * HTTP Request methods and versions are now validated to meet the HTTP standards thereby dropping invalid requests on the floor. * No longer close the connection when sending a HEAD request response. * Always attempt to send the Connection: close response header when we are going to close the connection to let the remote know in more instances. * Document that trusted_proxy may be set to a wildcard value to trust all proxies. * clear_untrusted_proxy_headers is set to True by default. https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 * Waitress did not properly validate that the HTTP headers it received were properly formed, thereby potentially allowing a front-end server to treat a request different from Waitress. This could lead to HTTP * Waitress won’t accidentally throw away part of the path if it - Initial package (0.8.3) OBS-URL: https://build.opensuse.org/request/show/1184077 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=32	2024-07-03 18:28:48 +00:00
Dirk Mueller	f63d8bdc1a	- update to 3.0.0: * Fixed testing of vendored asyncore code to not rely on particular naming for errno's. * HTTP Request methods and versions are now validated to meet the HTTP standards thereby dropping invalid requests on the floor. * No longer close the connection when sending a HEAD request response. * Always attempt to send the Connection: close response header when we are going to close the connection to let the remote know in more instances. * Document that trusted_proxy may be set to a wildcard value to trust all proxies. * clear_untrusted_proxy_headers is set to True by default. https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 * Waitress did not properly validate that the HTTP headers it received were properly formed, thereby potentially allowing a front-end server to treat a request different from Waitress. This could lead to HTTP * Waitress won’t accidentally throw away part of the path if it - Initial package (0.8.3) OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=67	2024-06-30 08:09:07 +00:00