Revisions of python-waitress
Ana Guerrero (anag+factory)
accepted
request 1100878
from
Matej Cepl (mcepl)
(revision 30)
Forwarded request #1100756 from bmwiedemann Drop sphinx doctrees for reproducible builds
Dominique Leuenberger (dimstar_suse)
accepted
request 1093051
from
Markéta Machová (mcalabkova)
(revision 29)
Dominique Leuenberger (dimstar_suse)
accepted
request 1084290
from
Dirk Mueller (dirkmueller)
(revision 28)
- Use sphinx-build and do not depend on removed build_sphinx in Sphinx 7.0 (boo#1211051). - add sle15_python_module_pythons (jsc#PED-68)
Dominique Leuenberger (dimstar_suse)
accepted
request 1004640
from
Dirk Mueller (dirkmueller)
(revision 27)
- update to version 2.1.2 (bsc#1200126, CVE-2022-31015):
Dominique Leuenberger (dimstar_suse)
accepted
request 998078
from
Dirk Mueller (dirkmueller)
(revision 26)
Dominique Leuenberger (dimstar_suse)
accepted
request 980052
from
Dirk Mueller (dirkmueller)
(revision 25)
Dominique Leuenberger (dimstar_suse)
accepted
request 962909
from
Dirk Mueller (dirkmueller)
(revision 24)
- update to 2.1.1 (bsc#1197255, CVE-2022-24761): * Waitress now validates that chunked encoding extensions are valid, and don’t contain invalid characters that are not allowed. They are still skipped/not processed, but if they contain invalid data we no longer continue in and return a 400 Bad Request. This stops potential HTTP desync/HTTP request smuggling. Thanks to Zhang Zeyu for reporting this issue. See https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 * Waitress now validates that the chunk length is only valid hex digits when parsing chunked encoding, and values such as 0x01 and +01 are no longer supported. This stops potential HTTP desync/HTTP request smuggling. Thanks to Zhang Zeyu for reporting this issue. See https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 * Waitress now validates that the Content-Length sent by a remote contains only digits in accordance with RFC7230 and will return a 400 Bad Request when the Content-Length header contains invalid data, such as +10 which would previously get parsed as 10 and accepted. This stops potential HTTP desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue. See https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
Dominique Leuenberger (dimstar_suse)
accepted
request 929842
from
Dirk Mueller (dirkmueller)
(revision 23)
Dominique Leuenberger (dimstar_suse)
accepted
request 916725
from
Ondřej Súkup (mimi_vx)
(revision 22)
Dominique Leuenberger (dimstar_suse)
accepted
request 839291
from
Dirk Mueller (dirkmueller)
(revision 21)
Dominique Leuenberger (dimstar_suse)
accepted
request 815873
from
Tomáš Chvátal (scarabeus_iv)
(revision 20)
Dominique Leuenberger (dimstar_suse)
accepted
request 770684
from
Tomáš Chvátal (scarabeus_iv)
(revision 18)
Dominique Leuenberger (dimstar_suse)
accepted
request 758618
from
Dirk Mueller (dirkmueller)
(revision 17)
- update to 1.4.0: - Waitress used to slam the door shut on HTTP pipelined requests without setting the ``Connection: close`` header as appropriate in the response. This is of course not very friendly. Waitress now explicitly sets the header when responding with an internally generated error such as 400 Bad Request or 500 Internal Server Error to notify the remote client that it will be closing the connection after the response is sent. - Waitress no longer allows any spaces to exist between the header field-name and the colon. While waitress did not strip the space and thereby was not vulnerable to any potential header field-name confusion, it should have sent back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273 - CRLR handling Security fixes
Dominique Leuenberger (dimstar_suse)
accepted
request 727098
from
Tomáš Chvátal (scarabeus_iv)
(revision 16)
Dominique Leuenberger (dimstar_suse)
accepted
request 701058
from
Tomáš Chvátal (scarabeus_iv)
(revision 15)
Stephan Kulow (coolo)
accepted
request 679188
from
Tomáš Chvátal (scarabeus_iv)
(revision 13)
- Add fetch-intersphinx-inventories.sh to sources - Add local-intersphinx-inventories.patch for generating the docs correctly - update to version 1.2.1: too many changes to list here, see: https://github.com/Pylons/waitress/blob/master/CHANGES.txt or even: https://github.com/Pylons/waitress/commits/master
Dominique Leuenberger (dimstar_suse)
accepted
request 659749
from
Matej Cepl (mcepl)
(revision 12)
Remove superfluous devel dependency for noarch package
Displaying revisions 1 - 20 of 31