rpm/python-waitress
SHA256
1
0
Fork 0
forked from pool/python-waitress
Code Pull Requests Activity

Compare commits

merge into: rpm:factory
Branches Tags
rpm:factory rpm:devel pool:factory pool:devel
...
pull from: pool:factory
Branches Tags
pool:factory pool:devel rpm:factory rpm:devel

5 Commits
factory ... factory

Author SHA256 Message Date
Ana Guerrero
390680b3af Accepting request 1226960 from devel:languages:python 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1226960
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=34
 2024-11-28 23:08:32 +00:00
Dirk Mueller
5e9b1792ec - update to 3.0.2: 
* When using Waitress to process trusted proxy headers,
    Waitress will now update the headers to drop any untrusted
    values, thereby making sure that WSGI apps only get trusted
    and validated values that Waitress itself used to update the
    environ.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=72
 2024-11-20 17:07:15 +00:00
Dominique Leuenberger
c8bda9a022 Accepting request 1219322 from devel:languages:python 
- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768):
    * Fix a bug that would lead to Waitress busy looping on select()
      on a half-open socket due to a race condition that existed when
      creating a new HTTPChannel. See
      https://github.com/Pylons/waitress/pull/435,
      https://github.com/Pylons/waitress/issues/418 and
      https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
    * No longer strip the header values before passing them to the
      WSGI environ. See https://github.com/Pylons/waitress/pull/434
      and https://github.com/Pylons/waitress/issues/432
    * Fix a race condition in Waitress when
      `channel_request_lookahead` is enabled that could lead to HTTP
      request smuggling.
    * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

OBS-URL: https://build.opensuse.org/request/show/1219322
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-waitress?expand=0&rev=33
 2024-10-31 15:08:55 +00:00
Daniel Garcia
bbcd124732 - Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768): 
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=70
 2024-10-30 07:33:06 +00:00
Daniel Garcia
c7e6eec52a - Update to 3.0.1 (bsc#1232554, CVE-2024-49769): 
* Fix a bug that would lead to Waitress busy looping on select()
      on a half-open socket due to a race condition that existed when
      creating a new HTTPChannel. See
      https://github.com/Pylons/waitress/pull/435,
      https://github.com/Pylons/waitress/issues/418 and
      https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
    * No longer strip the header values before passing them to the
      WSGI environ. See https://github.com/Pylons/waitress/pull/434
      and https://github.com/Pylons/waitress/issues/432
    * Fix a race condition in Waitress when
      `channel_request_lookahead` is enabled that could lead to HTTP
      request smuggling.
    * See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=69
 2024-10-30 06:51:09 +00:00
4 changed files with 32 additions and 4 deletions
Expand all files Collapse all files

28
python-waitress.changes
View File

@@ -1,3 +1,31 @@
-------------------------------------------------------------------
Wed Nov 20 17:06:45 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 3.0.2:
* When using Waitress to process trusted proxy headers,
Waitress will now update the headers to drop any untrusted
values, thereby making sure that WSGI apps only get trusted
and validated values that Waitress itself used to update the
environ.
-------------------------------------------------------------------
Wed Oct 30 06:49:46 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768):
* Fix a bug that would lead to Waitress busy looping on select()
on a half-open socket due to a race condition that existed when
creating a new HTTPChannel. See
https://github.com/Pylons/waitress/pull/435,
https://github.com/Pylons/waitress/issues/418 and
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
* No longer strip the header values before passing them to the
WSGI environ. See https://github.com/Pylons/waitress/pull/434
and https://github.com/Pylons/waitress/issues/432
* Fix a race condition in Waitress when
`channel_request_lookahead` is enabled that could lead to HTTP
request smuggling.
* See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
-------------------------------------------------------------------
Sun Jun 30 07:59:06 UTC 2024 - Dirk Müller <dmueller@suse.com>

2
python-waitress.spec
View File

@@ -31,7 +31,7 @@
%endif
%{?sle15_python_module_pythons}
Name: python-waitress%{psuffix}
Version: 3.0.0
Version: 3.0.2
Release: 0
Summary: Waitress WSGI server
License: ZPL-2.1

3
waitress-3.0.0.tar.gz
View File

@@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:005da479b04134cdd9dd602d1ee7c49d79de0537610d653674cc6cbde222b8a1
size 179393

BIN
waitress-3.0.2.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.