Accepting request 1168546 from home:mcalabkova:branches:devel:languages:python

- Update to 22.0.0 * use `utime` to notify workers liveness * migrate setup to pyproject.toml * fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors) * parsing additional requests is no longer attempted past unsupported request framing * on HTTP versions < 1.1 support for chunked transfer is refused * requests conflicting configured or passed SCRIPT_NAME now produce a verbose error * Trailer fields are no longer inspected for headers indicating secure scheme * support Python 3.12 ** Breaking changes ** * minimum version is Python 3.7 * the limitations on valid characters in the HTTP method have been bounded to Internet Standards * requests specifying unsupported transfer coding (order) are refused by default (rare) * HTTP methods are no longer casefolded by default (IANA method registry contains none affected) * HTTP methods containing the number sign (#) are no longer accepted by default (rare) * HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare) * HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted * HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software * HTTP headers with empty field name are refused by default * requests with both Transfer-Encoding and Content-Length are refused by default OBS-URL: https://build.opensuse.org/request/show/1168546 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-gunicorn?expand=0&rev=59
2024-04-22 09:19:09 +00:00 · 2024-04-22 09:19:09 +00:00 · 711614fd06
commit 711614fd06
parent 9e9ff4c19b
4 changed files with 49 additions and 9 deletions
--- a/gunicorn-21.2.0.tar.gz
+++ b/gunicorn-21.2.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:88ec8bff1d634f98e61b9f65bc4bf3cd918a90806c6f5c48bc5603849ec81033
 size 3632557
--- a/gunicorn-22.0.0.tar.gz
+++ b/gunicorn-22.0.0.tar.gz
--- a/python-gunicorn.changes
+++ b/python-gunicorn.changes
@ -1,3 +1,41 @@
 -------------------------------------------------------------------
 Wed Apr 17 12:43:25 UTC 2024 - Markéta Machová <mmachova@suse.com>
 - Update to 22.0.0
  * use `utime` to notify workers liveness
  * migrate setup to pyproject.toml
  * fix numerous security vulnerabilities in HTTP parser (closing some 
    request smuggling vectors)
  * parsing additional requests is no longer attempted past unsupported 
    request framing
  * on HTTP versions < 1.1 support for chunked transfer is refused
  * requests conflicting configured or passed SCRIPT_NAME now produce 
    a verbose error
  * Trailer fields are no longer inspected for headers indicating secure 
    scheme
  * support Python 3.12
 ** Breaking changes **
  * minimum version is Python 3.7
  * the limitations on valid characters in the HTTP method have been bounded 
    to Internet Standards
  * requests specifying unsupported transfer coding (order) are refused by 
    default (rare)
  * HTTP methods are no longer casefolded by default (IANA method registry 
    contains none affected)
  * HTTP methods containing the number sign (#) are no longer accepted by 
    default (rare)
  * HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare)
  * HTTP versions consisting of multiple digits or containing a prefix/suffix 
    are no longer accepted
  * HTTP header field names Gunicorn cannot safely map to variables are silently 
    dropped, as in other software
  * HTTP headers with empty field name are refused by default
  * requests with both Transfer-Encoding and Content-Length are refused by default 
    (such a message might indicate an attempt to perform request smuggling)
  * empty transfer codings are no longer permitted
 ** SECURITY **
  * fix CVE-2024-1135 (bsc#1222950)
 -------------------------------------------------------------------
 Mon Jan  8 23:05:51 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
--- a/python-gunicorn.spec
+++ b/python-gunicorn.spec
@ -1,5 +1,5 @@
 #
-# spec file
+# spec file for package python-gunicorn
 #
 # Copyright (c) 2024 SUSE LLC
 #
@ -27,19 +27,20 @@
 %define skip_python2 1
 %{?sle15_python_module_pythons}
 Name:           python-gunicorn%{psuffix}
-Version:        21.2.0
+Version:        22.0.0
 Release:        0
 Summary:        WSGI HTTP Server for UNIX
 License:        MIT
 Group:          Development/Languages/Python
 URL:            https://gunicorn.org
 Source:         https://files.pythonhosted.org/packages/source/g/gunicorn/gunicorn-%{version}.tar.gz
-BuildRequires:  %{python_module importlib_metadata}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools >= 3.0}
 BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires(post): update-alternatives
-Requires(postun):update-alternatives
+Requires(postun): update-alternatives
 Suggests:       python-evenlet
 Suggests:       python-gevent
 Suggests:       python-gthread
@ -56,6 +57,7 @@ BuildRequires:  python3-Sphinx
 BuildRequires:  %{python_module eventlet}
 BuildRequires:  %{python_module gevent >= 1.4}
 BuildRequires:  %{python_module gunicorn}
 BuildRequires:  %{python_module pytest-cov}
 BuildRequires:  %{python_module pytest}
 %endif
 %python_subpackages
@ -95,11 +97,11 @@ sed -i -e 's/--cov[^ ]*//' -e 's/--cov-report[^ ]*//' setup.cfg
 %else  # without test
 %build
-%python_build
+%pyproject_wheel
 sphinx-build -b html -d docs/build/doctrees docs/source docs/build/html
 %install
-%python_install
+%pyproject_install
 %python_clone -a %{buildroot}%{_bindir}/gunicorn
 %python_expand %fdupes %{buildroot}%{$python_sitelib}