rpm/python-waitress
SHA256
1
0
Fork 0
forked from pool/python-waitress
Code Pull Requests Activity

Commit Graph

  • ee0612d449 Accepting request 1184077 from devel:languages:python factory Ana Guerrero 2024-07-03 18:28:48 +0000
  • 2507a6a762 - update to 3.0.0: * Fixed testing of vendored asyncore code to not rely on particular naming for errno's. * HTTP Request methods and versions are now validated to meet the HTTP standards thereby dropping invalid requests on the floor. * No longer close the connection when sending a HEAD request response. * Always attempt to send the Connection: close response header when we are going to close the connection to let the remote know in more instances. * Document that trusted_proxy may be set to a wildcard value to trust all proxies. * clear_untrusted_proxy_headers is set to True by default. https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 * Waitress did not properly validate that the HTTP headers it received were properly formed, thereby potentially allowing a front-end server to treat a request different from Waitress. This could lead to HTTP * Waitress won’t accidentally throw away part of the path if it - Initial package (0.8.3) devel Dirk Mueller 2024-06-30 08:09:07 +0000
  • 3fc5e71e86 Accepting request 1130937 from devel:languages:python Ana Guerrero 2023-12-06 22:52:21 +0000
  • 4c23082225 Accepting request 1130817 from home:anag:AllStaging Dirk Mueller 2023-12-05 09:43:01 +0000
  • 5becce6854 Accepting request 1100878 from devel:languages:python Ana Guerrero 2023-07-27 14:50:08 +0000
  • 29fd08fbcd Accepting request 1100756 from home:bmwiedemann:branches:devel:languages:python Matej Cepl 2023-07-26 14:28:43 +0000
  • a33a0e19f3 Accepting request 1093051 from devel:languages:python Dominique Leuenberger 2023-06-16 14:51:56 +0000
  • f31644a2d6 Accepting request 1092787 from home:ecsos:python Markéta Machová 2023-06-14 06:43:44 +0000
  • 2af1e23c55 Accepting request 1084290 from devel:languages:python Dominique Leuenberger 2023-05-04 15:09:45 +0000
  • afae88ea10 - add sle15_python_module_pythons (jsc#PED-68) Dirk Mueller 2023-05-03 11:53:59 +0000
  • 2d70a58bec Accepting request 1084264 from home:marxin:branches:devel:languages:python Dirk Mueller 2023-05-03 11:34:30 +0000
  • d8c94be234 Accepting request 1004640 from devel:languages:python Dominique Leuenberger 2022-09-19 14:39:38 +0000
  • d905a5ccda - update to version 2.1.2 (bsc#1200126, CVE-2022-31015): Dirk Mueller 2022-09-19 09:18:15 +0000
  • 938f902908 Accepting request 998078 from devel:languages:python Dominique Leuenberger 2022-08-20 18:27:35 +0000
  • b729d343c5 Accepting request 998036 from home:bnavigator:branches:devel:languages:python Dirk Mueller 2022-08-19 06:43:19 +0000
  • 84489c9e5d Accepting request 980052 from devel:languages:python Dominique Leuenberger 2022-06-01 15:34:10 +0000
  • a1a3321e5c Accepting request 979986 from home:apersaud:branches:devel:languages:python Dirk Mueller 2022-05-31 08:10:29 +0000
  • ba3ea1b5d6 Accepting request 962909 from devel:languages:python Dominique Leuenberger 2022-03-20 19:55:09 +0000
  • fb396095fb - update to 2.1.1 (bsc#1197255, CVE-2022-24761): * Waitress now validates that chunked encoding extensions are valid, and don’t contain invalid characters that are not allowed. They are still skipped/not processed, but if they contain invalid data we no longer continue in and return a 400 Bad Request. This stops potential HTTP desync/HTTP request smuggling. Thanks to Zhang Zeyu for reporting this issue. See https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 * Waitress now validates that the chunk length is only valid hex digits when parsing chunked encoding, and values such as 0x01 and +01 are no longer supported. This stops potential HTTP desync/HTTP request smuggling. Thanks to Zhang Zeyu for reporting this issue. See https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 * Waitress now validates that the Content-Length sent by a remote contains only digits in accordance with RFC7230 and will return a 400 Bad Request when the Content-Length header contains invalid data, such as +10 which would previously get parsed as 10 and accepted. This stops potential HTTP desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue. See https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 Dirk Mueller 2022-03-17 17:48:05 +0000
  • 7f05dca947 Accepting request 929842 from devel:languages:python Dominique Leuenberger 2021-11-09 22:53:55 +0000
  • 471114f33c Accepting request 923298 from home:schubi2 Dirk Mueller 2021-11-06 10:28:18 +0000
  • 04574ac131 Accepting request 916725 from devel:languages:python Dominique Leuenberger 2021-09-07 19:13:40 +0000
  • 291a34a1f3 Accepting request 914584 from home:pgajdos:python Ondřej Súkup 2021-09-03 12:16:09 +0000
  • 50a667ebfd Accepting request 839291 from devel:languages:python Dominique Leuenberger 2020-10-29 08:46:26 +0000
  • 892ccd9deb Accepting request 839249 from home:frispete:python Dirk Mueller 2020-10-03 08:02:34 +0000
  • c478848a96 Accepting request 815873 from devel:languages:python Dominique Leuenberger 2020-06-23 19:03:00 +0000
  • 2980c5d9a7 Accepting request 815751 from home:jtomasiak:branches:devel:languages:python Tomáš Chvátal 2020-06-19 06:33:26 +0000
  • 60fad30daf Accepting request 806803 from devel:languages:python Yuchen Lin 2020-05-28 07:07:25 +0000
  • 5458ad9d6d Accepting request 806790 from home:pgajdos:python Tomáš Chvátal 2020-05-18 08:11:58 +0000
  • fa9e8e0189 Accepting request 770684 from devel:languages:python Dominique Leuenberger 2020-02-15 21:23:08 +0000
  • 3fd53f8a61 Accepting request 770668 from home:mcalabkova:branches:devel:languages:python Tomáš Chvátal 2020-02-06 18:27:24 +0000
  • 16f24d542b Accepting request 758618 from devel:languages:python Dominique Leuenberger 2020-01-01 13:57:35 +0000
  • 0d71bd52b1 - update to 1.4.0: - Waitress used to slam the door shut on HTTP pipelined requests without setting the `Connection: close` header as appropriate in the response. This is of course not very friendly. Waitress now explicitly sets the header when responding with an internally generated error such as 400 Bad Request or 500 Internal Server Error to notify the remote client that it will be closing the connection after the response is sent. - Waitress no longer allows any spaces to exist between the header field-name and the colon. While waitress did not strip the space and thereby was not vulnerable to any potential header field-name confusion, it should have sent back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273 - CRLR handling Security fixes Dirk Mueller 2019-12-20 18:36:31 +0000
  • 40dcaf8ba7 Accepting request 727098 from devel:languages:python Dominique Leuenberger 2019-09-04 06:56:46 +0000
  • c25411bfa4 Accepting request 727021 from home:mcalabkova:branches:devel:languages:python Tomáš Chvátal 2019-08-30 00:48:54 +0000
  • 4763322e3c Accepting request 701058 from devel:languages:python Dominique Leuenberger 2019-05-07 21:12:54 +0000
  • 9aa15051cf Accepting request 701044 from home:pgajdos Tomáš Chvátal 2019-05-06 11:11:30 +0000
  • 9be6143e3b Accepting request 687121 from devel:languages:python Dominique Leuenberger 2019-03-29 19:36:20 +0000
  • 4802061155 Accepting request 687030 from home:jengelh:branches:devel:languages:python Matej Cepl 2019-03-21 07:06:30 +0000
  • da29675f26 Accepting request 679188 from devel:languages:python Stephan Kulow 2019-03-01 19:28:42 +0000
  • d9640d1c60 OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-waitress?expand=0&rev=30 Tomáš Chvátal 2019-02-26 09:05:29 +0000
  • 8539c955c7 Accepting request 679186 from devel:languages:python Tomáš Chvátal 2019-02-26 09:04:29 +0000
  • 8f5013c612 - Use url normaly to fetch python inventories without any shellscript magic Tomáš Chvátal 2019-02-26 08:57:17 +0000
  • 9ed90d95c8 Accepting request 679044 from home:TheBlackCat:branches:devel:languages:python Tomáš Chvátal 2019-02-26 08:46:40 +0000
  • 2aa94981ca Accepting request 672508 from home:frispete:python Dirk Mueller 2019-02-11 11:59:55 +0000
  • 10f50fd18c Accepting request 659749 from devel:languages:python Dominique Leuenberger 2018-12-24 10:45:59 +0000
  • 9af7d9789a Clean up the SPEC file Matej Cepl 2018-12-04 17:25:22 +0000
  • da6ce7d6ee Remove superfluous devel dependency for noarch package Matej Cepl 2018-12-04 14:13:20 +0000
  • 72d9d714ed Accepting request 534388 from devel:languages:python Dominique Leuenberger 2017-10-18 08:54:05 +0000
  • bd057c9f51 Accepting request 533778 from home:apersaud:branches:devel:languages:python Dirk Mueller 2017-10-17 10:06:16 +0000
  • c9e727d83f Accepting request 493201 from devel:languages:python Dominique Leuenberger 2017-05-08 17:03:19 +0000
  • b05cbc7b1e Accepting request 492325 from home:TheBlackCat:branches:devel:languages:python Todd R 2017-05-06 12:20:37 +0000
  • 058478333b Accepting request 440450 from devel:languages:python Dominique Leuenberger 2016-11-16 12:33:23 +0000
  • 3ce770c533 Accepting request 440410 from home:tbechtold:branches:devel:languages:python Dirk Mueller 2016-11-15 22:04:30 +0000
  • 080a662bd6 Accepting request 398357 from devel:languages:python Dominique Leuenberger 2016-05-29 01:13:23 +0000
  • a11d936bfe - update to 0.9.0: * Security/Protections - Building on the changes made in pull request 117, add in checking for line feed/carriage return HTTP Response Splitting in the status line, as well as the key of a header. See https://github.com/Pylons/waitress/pull/124 and https://github.com/Pylons/waitress/issues/122. - Waitress will no longer accept headers or status lines with newline/carriage returns in them, thereby disallowing HTTP Response Splitting. * Bugfixes - FileBasedBuffer and more important ReadOnlyFileBasedBuffer no longer report False when tested with bool(), instead always returning True, and becoming more iterator like. - Call prune() on the output buffer at the end of a request so that it doesn't continue to grow without bounds. Dirk Mueller 2016-05-20 11:30:01 +0000
  • 3007826c02 Accepting request 265068 from devel:languages:python Dominique Leuenberger 2014-12-16 13:48:42 +0000
  • d251c20f04 Accepting request 265050 from home:tbechtold:branches:devel:languages:python Denisart Benjamin 2014-12-13 12:43:31 +0000
  • 1759a9df3e Accepting request 198878 from devel:languages:python Tomáš Chvátal 2013-09-13 12:46:21 +0000
  • a25969a264 Accepting request 198597 from home:dirkmueller:branches:devel:languages:python Sascha Peilicke 2013-09-13 09:46:30 +0000
  • 86308cd855 Accepting request 186944 from devel:languages:python Tomáš Chvátal 2013-08-15 10:30:21 +0000
  • 1bd76d72fd Accepting request 186925 from home:dirkmueller:branches:devel:languages:python Sascha Peilicke 2013-08-13 11:04:44 +0000
  • 4a8b178ca7 Accepting request 180862 from devel:languages:python Stephan Kulow 2013-06-29 12:36:43 +0000
  • c11a7084a4 Accepting request 180848 from home:dirkmueller:branches:devel:languages:python Sascha Peilicke 2013-06-25 11:52:53 +0000
  • 3570f2efdf Accepting request 174305 from devel:languages:python Stephan Kulow 2013-05-03 05:40:21 +0000
  • d54e85315f - Fix license string Sascha Peilicke 2013-05-02 12:47:20 +0000
  • 2c3446c84e - Package COPYRIGHT.txt LICENSE.txt README.rst Sascha Peilicke 2013-04-29 14:12:14 +0000
  • 8c88c70cd6 - Reduce buildrequires as long as the testsuite and doc build isn't fixed Sascha Peilicke 2013-04-29 14:11:59 +0000
  • e9e2212cdf Accepting request 173795 from home:dirkmueller:branches:devel:languages:python Sascha Peilicke 2013-04-29 14:06:16 +0000