From 5f085e72aeca50c407187f288b6f597dbab8f22d485b8e316dd40458bdc53767 Mon Sep 17 00:00:00 2001 From: Marguerite Su Date: Sat, 24 Feb 2018 04:59:44 +0000 Subject: [PATCH 1/3] Accepting request 577895 from home:stroeder:branches:server:http - Update to 2.0.16: * [CVE-2018-6758] Stack-based buffer overflow in core/utils.c:uwsgi_expand_path() [..] OBS-URL: https://build.opensuse.org/request/show/577895 OBS-URL: https://build.opensuse.org/package/show/server:http/uwsgi?expand=0&rev=62 --- uwsgi-2.0.15.tar.gz | 3 --- uwsgi-2.0.16.tar.gz | 3 +++ uwsgi.changes | 39 +++++++++++++++++++++++++++++++++++++++ uwsgi.spec | 5 +---- 4 files changed, 43 insertions(+), 7 deletions(-) delete mode 100644 uwsgi-2.0.15.tar.gz create mode 100644 uwsgi-2.0.16.tar.gz diff --git a/uwsgi-2.0.15.tar.gz b/uwsgi-2.0.15.tar.gz deleted file mode 100644 index c4487a7..0000000 --- a/uwsgi-2.0.15.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:572ef9696b97595b4f44f6198fe8c06e6f4e6351d930d22e5330b071391272ff -size 795070 diff --git a/uwsgi-2.0.16.tar.gz b/uwsgi-2.0.16.tar.gz new file mode 100644 index 0000000..6d1972e --- /dev/null +++ b/uwsgi-2.0.16.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a911f48f3cc51ac82fdabc4e001f18a32569128680beb5a833ebc3ff6edcc1f4 +size 798509 diff --git a/uwsgi.changes b/uwsgi.changes index c05a0e2..48e2a98 100644 --- a/uwsgi.changes +++ b/uwsgi.changes @@ -1,3 +1,42 @@ +------------------------------------------------------------------- +Sun Feb 18 18:51:03 UTC 2018 - michael@stroeder.com + +- removed obsolete reproducible.patch +- Update to 2.0.16: + * [CVE-2018-6758] Stack-based buffer overflow in + core/utils.c:uwsgi_expand_path() + * Backported early_post_jail plugin hook (Bjørnar Ness) + * Fixed ipv6 suupport for http-socket (James Brown) + * Enable execinfo on DragonFly BSD (Aaron LI) + * Fix inet_ntop buffer size (Orivej Desh) + * Add worker running time metrics (Serge/yasek) + * Backported safe-pidfile, safe-pidfile2 (Nate Coraor) + * Stop using libxml2 by default on osx + * Fixed uwsgi_kvlist_parse signature + * Backport http range fixes from master (Curtis Maloney, Sokolov Yura) + * relicensed mod_proxy_uwsgi to Apache 2.0 + * logging: Add ${millis} support to json encode + * plugins/router_xmldir: fixup invalid locale check (Riccardo Magliocchetti) + * Add ssl-verify-depth flag to set the max Client CA chain length (Paul Tagliamonte) + * Allow to override build date (Bernhard M. Wiedemann) + * Python 3 plugin: improved thread names handling (Jyrki Muukkonen, Mark Meyer) + * Added uwsgi_resolve_ip for redis host (ahmbas) + * plugins/gevent: Fix signal handlers (Maslov Alexander) + * Write x509 DER to the uwsgi buffer (Paul Tagliamonte) + * plugin/http: Fix compilation (Melvyn Sopacua) + * Fixed emperor throttling system (Jeremy Hiatt) + * Fix application loading without Plack after excluding “.” from @INC in new Perl versions (Anton Petrusevich) + * Fix MULE MSG QUEUE IS FULL message hint (Eugene Tataurov) + * Build System: support k_minor has a _xxx suffix (TOGO Li) + * Fixed drop-after-* options (Robert DeRose) + * Add mule_send_msg success indicator (Josh Tiras) + * Properly check item size in uwsgi_queue_push (Josh Tiras) + * FastRouter / HTTP Router can now have a ‘fallback’ key configured + * HTTP Router now supports post-buffer, just like FastRouter + * Fix handling of env in embedded dict in Python plugin (could cause segfaults in single thread mode) + * Add support for Brotli (.br) with –static-gzip + * Back-ported HTTP/1.1 support (–http11-socket) from 2.1 + ------------------------------------------------------------------- Sun Dec 10 04:51:02 UTC 2017 - i@marguerite.su diff --git a/uwsgi.spec b/uwsgi.spec index aa72764..d583225 100644 --- a/uwsgi.spec +++ b/uwsgi.spec @@ -17,7 +17,7 @@ Name: uwsgi -Version: 2.0.15 +Version: 2.0.16 Release: 0 Summary: Application Container Server for Networked/Clustered Web Applications License: GPL-2.0-with-GCC-exception @@ -40,8 +40,6 @@ Patch1: uwsgi-2.0.12-no-LD_RUN_PATH.patch Patch2: uwsgi-1.9.13-objc_gc-no-fobjc-gc.patch # PATCH-FIX-OPENSUSE uwsgi-1.9.11-systemd_logger-old_systemd.patch - Older systemd in 12.2 does not implicity include syslog.h Patch3: uwsgi-1.9.11-systemd_logger-old_systemd.patch -# PATCH-FIX-UPSTREAM reproducible.patch https://github.com/unbit/uwsgi/pull/1561 -Patch4: reproducible.patch %define apache_branch %(rpm -q --qf %%{version} apache2 | grep -E -o "2\\.[0-9]+") %if "%{apache_branch}" == "2.4" %define apxs %{_bindir}/apxs2 @@ -435,7 +433,6 @@ This package contains support for PHP version 7. %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 # Generate a config that builds all plugins except for examples and stuff we # can't satisfy the requirements for or are just broken excluded_plugins="" From 054ea267dd9578e7e6fff05e449d4e5a60cdb4de75b9998c3850f31e8c9d00e2 Mon Sep 17 00:00:00 2001 From: Marguerite Su Date: Mon, 26 Feb 2018 02:32:57 +0000 Subject: [PATCH 2/3] OBS-URL: https://build.opensuse.org/package/show/server:http/uwsgi?expand=0&rev=63 --- reproducible.patch | 26 -------------------------- 1 file changed, 26 deletions(-) delete mode 100644 reproducible.patch diff --git a/reproducible.patch b/reproducible.patch deleted file mode 100644 index 3c2c24b..0000000 --- a/reproducible.patch +++ /dev/null @@ -1,26 +0,0 @@ -commit a1099983f520395a65ba16a69647f7d8ad8b942d -Author: Bernhard M. Wiedemann -Date: Sat Jun 24 08:46:51 2017 +0200 - -Allow to override build date - -to allow for reproducible builds of uwsgi - -See https://reproducible-builds.org/ for why this is good -and https://reproducible-builds.org/specs/source-date-epoch/ -for the definition of this variable. - -Index: uwsgi-2.0.14/uwsgiconfig.py -=================================================================== ---- uwsgi-2.0.14.orig/uwsgiconfig.py -+++ uwsgi-2.0.14/uwsgiconfig.py -@@ -387,7 +387,8 @@ def build_uwsgi(uc, print_only=False, gc - gcc_list.append(item) - - cflags.append('-DUWSGI_CFLAGS=\\"%s\\"' % uwsgi_cflags) -- cflags.append('-DUWSGI_BUILD_DATE="\\"%s\\""' % time.strftime("%d %B %Y %H:%M:%S")) -+ build_date = int(os.environ.get('SOURCE_DATE_EPOCH', time.time())) -+ cflags.append('-DUWSGI_BUILD_DATE="\\"%s\\""' % time.strftime("%d %B %Y %H:%M:%S", time.gmtime(build_date))) - - post_build = [] - From ba2668de58b44da551be2f04c874e7e1bc319745e05885de5ab296d10451e19f Mon Sep 17 00:00:00 2001 From: Marguerite Su Date: Wed, 28 Feb 2018 09:07:54 +0000 Subject: [PATCH 3/3] Accepting request 580605 from home:iznogood:branches:server:http - Update License tag to SPDX 3 version: Apache-2.0 AND GPL-2.0-only WITH GCC-exception-2.0. OBS-URL: https://build.opensuse.org/request/show/580605 OBS-URL: https://build.opensuse.org/package/show/server:http/uwsgi?expand=0&rev=64 --- uwsgi.changes | 6 ++++++ uwsgi.spec | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/uwsgi.changes b/uwsgi.changes index 48e2a98..139bfa2 100644 --- a/uwsgi.changes +++ b/uwsgi.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Feb 27 11:53:27 UTC 2018 - bjorn.lie@gmail.com + +- Update License tag to SPDX 3 version: + Apache-2.0 AND GPL-2.0-only WITH GCC-exception-2.0. + ------------------------------------------------------------------- Sun Feb 18 18:51:03 UTC 2018 - michael@stroeder.com diff --git a/uwsgi.spec b/uwsgi.spec index d583225..908ae50 100644 --- a/uwsgi.spec +++ b/uwsgi.spec @@ -1,7 +1,7 @@ # # spec file for package uwsgi # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -20,7 +20,7 @@ Name: uwsgi Version: 2.0.16 Release: 0 Summary: Application Container Server for Networked/Clustered Web Applications -License: GPL-2.0-with-GCC-exception +License: Apache-2.0 AND GPL-2.0-only WITH GCC-exception-2.0 Group: Productivity/Networking/Web/Servers Url: https://uwsgi-docs.readthedocs.io/en/latest/ Source: http://projects.unbit.it/downloads/uwsgi-%{version}.tar.gz