Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python-waitress

Ana Guerrero's avatar Ana Guerrero (anag+factory) accepted request 1100878 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 30) 
Forwarded request #1100756 from bmwiedemann

Drop sphinx doctrees for reproducible builds
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1084290 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 28) 
- Use sphinx-build and do not depend on removed build_sphinx
  in Sphinx 7.0 (boo#1211051).

- add sle15_python_module_pythons (jsc#PED-68)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 1004640 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 27) 
- update to version 2.1.2 (bsc#1200126, CVE-2022-31015):
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 962909 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 24) 
- update to 2.1.1 (bsc#1197255, CVE-2022-24761):
  * Waitress now validates that chunked encoding extensions are valid, and don’t
    contain invalid characters that are not allowed. They are still skipped/not
    processed, but if they contain invalid data we no longer continue in and return
    a 400 Bad Request. This stops potential HTTP desync/HTTP request smuggling.
    Thanks to Zhang Zeyu for reporting this issue. See
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
  * Waitress now validates that the chunk length is only valid hex digits when
    parsing chunked encoding, and values such as 0x01 and +01 are no longer
    supported. This stops potential HTTP desync/HTTP request smuggling. Thanks
    to Zhang Zeyu for reporting this issue. See
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
  * Waitress now validates that the Content-Length sent by a remote contains only
    digits in accordance with RFC7230 and will return a 400 Bad Request when the
    Content-Length header contains invalid data, such as +10 which would
    previously get parsed as 10 and accepted. This stops potential HTTP
    desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue.
    See
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 758618 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 17) 
- update to 1.4.0:
  - Waitress used to slam the door shut on HTTP pipelined requests without
  setting the ``Connection: close`` header as appropriate in the response. This
  is of course not very friendly. Waitress now explicitly sets the header when
  responding with an internally generated error such as 400 Bad Request or 500
  Internal Server Error to notify the remote client that it will be closing the
  connection after the response is sent.
  - Waitress no longer allows any spaces to exist between the header field-name
  and the colon. While waitress did not strip the space and thereby was not
  vulnerable to any potential header field-name confusion, it should have sent
  back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
  - CRLR handling Security fixes
Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 679188 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 13) 
- Add fetch-intersphinx-inventories.sh to sources
- Add local-intersphinx-inventories.patch for generating the docs
  correctly

- update to version 1.2.1:
  too many changes to list here, see:
  https://github.com/Pylons/waitress/blob/master/CHANGES.txt
  or even:
  https://github.com/Pylons/waitress/commits/master
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 659749 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 12) 
Remove superfluous devel dependency for noarch package
Displaying revisions 1 - 20 of 31
openSUSE Build Service is sponsored by
Places