python/python-waitress
SHA256
14
0
Fork 0
forked from pool/python-waitress
Code Pull Requests Activity

Compare commits

base: python:slfo-main
Branches Tags
python:main python:slfo-1.2 python:slfo-main pool:factory pool:slfo-1.2 pool:slfo-main pool:devel
..
compare: python:main
Branches Tags
python:main python:slfo-1.2 python:slfo-main pool:factory pool:slfo-1.2 pool:slfo-main pool:devel

7 Commits
slfo-main ... main

Author SHA256 Message Date
Ana Guerrero
43e8383ddf Accepting request 1226960 from devel:languages:python 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1226960
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=34
 2024-11-28 23:08:32 +00:00
Dirk Mueller
0b7a677481 - update to 3.0.2: 
* When using Waitress to process trusted proxy headers,
    Waitress will now update the headers to drop any untrusted
    values, thereby making sure that WSGI apps only get trusted
    and validated values that Waitress itself used to update the
    environ.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=72
 2024-11-20 17:07:15 +00:00
Dominique Leuenberger
4336a63d6c Accepting request 1219322 from devel:languages:python 
- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768):
    * Fix a bug that would lead to Waitress busy looping on select()
      on a half-open socket due to a race condition that existed when
      creating a new HTTPChannel. See
      https://github.com/Pylons/waitress/pull/435,
      https://github.com/Pylons/waitress/issues/418 and
      https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
    * No longer strip the header values before passing them to the
      WSGI environ. See https://github.com/Pylons/waitress/pull/434
      and https://github.com/Pylons/waitress/issues/432
    * Fix a race condition in Waitress when
      `channel_request_lookahead` is enabled that could lead to HTTP
      request smuggling.
    * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

OBS-URL: https://build.opensuse.org/request/show/1219322
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=33
 2024-10-31 15:08:55 +00:00
Daniel Garcia
640180ab34 - Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768): 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=70
 2024-10-30 07:33:06 +00:00
Daniel Garcia
21eaa3dbfb - Update to 3.0.1 (bsc#1232554, CVE-2024-49769): 
* Fix a bug that would lead to Waitress busy looping on select()
      on a half-open socket due to a race condition that existed when
      creating a new HTTPChannel. See
      https://github.com/Pylons/waitress/pull/435,
      https://github.com/Pylons/waitress/issues/418 and
      https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
    * No longer strip the header values before passing them to the
      WSGI environ. See https://github.com/Pylons/waitress/pull/434
      and https://github.com/Pylons/waitress/issues/432
    * Fix a race condition in Waitress when
      `channel_request_lookahead` is enabled that could lead to HTTP
      request smuggling.
    * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=69
 2024-10-30 06:51:09 +00:00
Ana Guerrero
049b7e57f5 Accepting request 1184077 from devel:languages:python 
- update to 3.0.0:
  * Fixed testing of vendored asyncore code to not rely on
    particular naming for errno's.
  * HTTP Request methods and versions are now validated to meet
    the HTTP standards thereby dropping invalid requests on the floor.
  * No longer close the connection when sending a HEAD request
    response.
  * Always attempt to send the Connection: close response header
    when we are going to close the connection to let the remote
    know in more instances.
  * Document that trusted_proxy may be set to a wildcard value to
    trust all proxies.
  * clear_untrusted_proxy_headers is set to True by default.

    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
  * Waitress did not properly validate that the HTTP headers it received
    were properly formed, thereby potentially allowing a front-end server
    to treat a request different from Waitress. This could lead to HTTP
  * Waitress won’t accidentally throw away part of the path if it
- Initial package (0.8.3)

OBS-URL: https://build.opensuse.org/request/show/1184077
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=32
 2024-07-03 18:28:48 +00:00
Dirk Mueller
f63d8bdc1a - update to 3.0.0: 
* Fixed testing of vendored asyncore code to not rely on
    particular naming for errno's.
  * HTTP Request methods and versions are now validated to meet
    the HTTP standards thereby dropping invalid requests on the floor.
  * No longer close the connection when sending a HEAD request
    response.
  * Always attempt to send the Connection: close response header
    when we are going to close the connection to let the remote
    know in more instances.
  * Document that trusted_proxy may be set to a wildcard value to
    trust all proxies.
  * clear_untrusted_proxy_headers is set to True by default.
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
  * Waitress did not properly validate that the HTTP headers it received
    were properly formed, thereby potentially allowing a front-end server
    to treat a request different from Waitress. This could lead to HTTP
  * Waitress won’t accidentally throw away part of the path if it
- Initial package (0.8.3)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=67
 2024-06-30 08:09:07 +00:00
Expand all files Collapse all files

Diff Content Not Available