From a11d936bfe464f24f47f6e316e43aeec670e360b2ec54af8e30ce0b9e68726bb Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Fri, 20 May 2016 11:30:01 +0000 Subject: [PATCH] - update to 0.9.0: * Security/Protections - Building on the changes made in pull request 117, add in checking for line feed/carriage return HTTP Response Splitting in the status line, as well as the key of a header. See https://github.com/Pylons/waitress/pull/124 and https://github.com/Pylons/waitress/issues/122. - Waitress will no longer accept headers or status lines with newline/carriage returns in them, thereby disallowing HTTP Response Splitting. * Bugfixes - FileBasedBuffer and more important ReadOnlyFileBasedBuffer no longer report False when tested with bool(), instead always returning True, and becoming more iterator like. - Call prune() on the output buffer at the end of a request so that it doesn't continue to grow without bounds. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=15 --- python-waitress.changes | 19 +++++++++++++++++++ python-waitress.spec | 6 +++--- waitress-0.8.9.tar.gz | 3 --- waitress-0.9.0.tar.gz | 3 +++ 4 files changed, 25 insertions(+), 6 deletions(-) delete mode 100644 waitress-0.8.9.tar.gz create mode 100644 waitress-0.9.0.tar.gz diff --git a/python-waitress.changes b/python-waitress.changes index 51ee489..f253c52 100644 --- a/python-waitress.changes +++ b/python-waitress.changes @@ -1,3 +1,22 @@ +------------------------------------------------------------------- +Fri May 20 11:27:26 UTC 2016 - dmueller@suse.com + +- update to 0.9.0: + * Security/Protections + - Building on the changes made in pull request 117, add in checking for line + feed/carriage return HTTP Response Splitting in the status line, as well as + the key of a header. See https://github.com/Pylons/waitress/pull/124 and + https://github.com/Pylons/waitress/issues/122. + - Waitress will no longer accept headers or status lines with + newline/carriage returns in them, thereby disallowing HTTP Response + Splitting. + * Bugfixes + - FileBasedBuffer and more important ReadOnlyFileBasedBuffer no longer report + False when tested with bool(), instead always returning True, and becoming + more iterator like. + - Call prune() on the output buffer at the end of a request so that it doesn't + continue to grow without bounds. + ------------------------------------------------------------------- Fri Dec 12 22:08:09 UTC 2014 - tbechtold@suse.com diff --git a/python-waitress.spec b/python-waitress.spec index a39bf41..bbe3220 100644 --- a/python-waitress.spec +++ b/python-waitress.spec @@ -1,7 +1,7 @@ # # spec file for package python-waitress # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: python-waitress -Version: 0.8.9 +Version: 0.9.0 Release: 0 Summary: Waitress WSGI server License: ZPL-2.1 Group: Development/Languages/Python Url: https://github.com/Pylons/waitress -Source: http://pypi.python.org/packages/source/w/waitress/waitress-%{version}.tar.gz +Source: https://pypi.python.org/packages/fd/6c/f26e54acb01ee6731d9e2c8f8718a8ff8c44fbfa0f76f446e821487adec2/waitress-%{version}.tar.gz BuildRequires: python-devel BuildRequires: python-setuptools # Test requirements: diff --git a/waitress-0.8.9.tar.gz b/waitress-0.8.9.tar.gz deleted file mode 100644 index 4c0ce8b..0000000 --- a/waitress-0.8.9.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:826527dc9d334ed4ed76cdae672fdcbbccf614186657db71679ab58df869458a -size 121048 diff --git a/waitress-0.9.0.tar.gz b/waitress-0.9.0.tar.gz new file mode 100644 index 0000000..a5f7b69 --- /dev/null +++ b/waitress-0.9.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5368b6f2c51823b60e01cd762610385cc2951b25cbf0e930445215d2527acbb4 +size 119624