| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: python312-waitress-doc | Distribution: openSUSE:Factory:zSystems |
| Version: 3.0.2 | Vendor: openSUSE |
| Release: 1.2 | Build date: Wed Nov 20 18:06:45 2024 |
| Group: Development/Languages/Python | Build host: reproducible |
| Size: 501079 | Source RPM: python-waitress-doc-3.0.2-1.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/Pylons/waitress | |
| Summary: Waitress WSGI server | |
This package contains documentation files for python312-waitress-doc.
ZPL-2.1
* Wed Nov 20 2024 Dirk Müller <dmueller@suse.com>
- update to 3.0.2:
* When using Waitress to process trusted proxy headers,
Waitress will now update the headers to drop any untrusted
values, thereby making sure that WSGI apps only get trusted
and validated values that Waitress itself used to update the
environ.
* Wed Oct 30 2024 Daniel Garcia <daniel.garcia@suse.com>
- Update to 3.0.1 (bsc#1232554, bsc#1232556, CVE-2024-49769, CVE-2024-49768):
* Fix a bug that would lead to Waitress busy looping on select()
on a half-open socket due to a race condition that existed when
creating a new HTTPChannel. See
https://github.com/Pylons/waitress/pull/435,
https://github.com/Pylons/waitress/issues/418 and
https://github.com/Pylons/waitress/security/advisories/GHSA-3f84-rpwh-47g6
* No longer strip the header values before passing them to the
WSGI environ. See https://github.com/Pylons/waitress/pull/434
and https://github.com/Pylons/waitress/issues/432
* Fix a race condition in Waitress when
`channel_request_lookahead` is enabled that could lead to HTTP
request smuggling.
* See https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
* Sun Jun 30 2024 Dirk Müller <dmueller@suse.com>
- update to 3.0.0:
* Fixed testing of vendored asyncore code to not rely on
particular naming for errno's.
* HTTP Request methods and versions are now validated to meet
the HTTP standards thereby dropping invalid requests on the floor.
* No longer close the connection when sending a HEAD request
response.
* Always attempt to send the Connection: close response header
when we are going to close the connection to let the remote
know in more instances.
* Document that trusted_proxy may be set to a wildcard value to
trust all proxies.
* clear_untrusted_proxy_headers is set to True by default.
* Mon Dec 04 2023 Ana Guerrero <ana.guerrero@suse.com>
- Add BuildRequires on python-setuptools for both flavors.
* Wed Jul 26 2023 Bernhard Wiedemann <bwiedemann@suse.com>
- Drop sphinx doctrees for reproducible builds
* Sat Jun 10 2023 ecsos <ecsos@opensuse.org>
- Fix build error for waitress:doc
* Wed May 03 2023 Martin Liška <mliska@suse.cz>
- Use sphinx-build and do not depend on removed build_sphinx
in Sphinx 7.0 (boo#1211051).
* Fri Apr 21 2023 Dirk Müller <dmueller@suse.com>
- add sle15_python_module_pythons (jsc#PED-68)
* Thu Aug 18 2022 Ben Greiner <code@bnavigator.de>
- Remove code coverage checking for packaging tests
* Tue May 31 2022 Arun Persaud <arun@gmx.de>
- specfile:
* be more specific in %files section
- update to version 2.1.2 (bsc#1200126, CVE-2022-31015):
* Bugfix
+ When expose_tracebacks is enabled waitress would fail to
properly encode unicode thereby causing another error during
error handling. See https://github.com/Pylons/waitress/pull/378
+ Header length checking had a calculation that was done
incorrectly when the data was received across multple socket
reads. This calculation has been corrected, and no longer will
Waitress send back a 413 Request Entity Too Large. See
https://github.com/Pylons/waitress/pull/376
* Security Bugfix
+ in 2.1.0 a new feature was introduced that allowed the WSGI
thread to start sending data to the socket. However this
introduced a race condition whereby a socket may be closed in
the sending thread while the main thread is about to call
select() therey causing the entire application to be taken down.
Waitress will no longer close the socket in the WSGI thread,
instead waking up the main thread to cleanup. See
https://github.com/Pylons/waitress/pull/377
* Thu Mar 17 2022 Dirk Müller <dmueller@suse.com>
- update to 2.1.1 (bsc#1197255, CVE-2022-24761):
* Waitress now validates that chunked encoding extensions are valid, and don’t
contain invalid characters that are not allowed. They are still skipped/not
processed, but if they contain invalid data we no longer continue in and return
a 400 Bad Request. This stops potential HTTP desync/HTTP request smuggling.
Thanks to Zhang Zeyu for reporting this issue. See
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
* Waitress now validates that the chunk length is only valid hex digits when
parsing chunked encoding, and values such as 0x01 and +01 are no longer
supported. This stops potential HTTP desync/HTTP request smuggling. Thanks
to Zhang Zeyu for reporting this issue. See
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
* Waitress now validates that the Content-Length sent by a remote contains only
digits in accordance with RFC7230 and will return a 400 Bad Request when the
Content-Length header contains invalid data, such as +10 which would
previously get parsed as 10 and accepted. This stops potential HTTP
desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue.
See
https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
/usr/share/doc/packages/python312-waitress-doc /usr/share/doc/packages/python312-waitress-doc/html /usr/share/doc/packages/python312-waitress-doc/html/_sources /usr/share/doc/packages/python312-waitress-doc/html/_sources/api.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/arguments.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/design.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/differences.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/filewrapper.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/glossary.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/index.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/logging.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/reverse-proxy.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/runner.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/socket-activation.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_sources/usage.rst.txt /usr/share/doc/packages/python312-waitress-doc/html/_static /usr/share/doc/packages/python312-waitress-doc/html/_static/basic.css /usr/share/doc/packages/python312-waitress-doc/html/_static/dialog-note.png /usr/share/doc/packages/python312-waitress-doc/html/_static/dialog-seealso.png /usr/share/doc/packages/python312-waitress-doc/html/_static/dialog-topic.png /usr/share/doc/packages/python312-waitress-doc/html/_static/dialog-warning.png /usr/share/doc/packages/python312-waitress-doc/html/_static/doctools.js /usr/share/doc/packages/python312-waitress-doc/html/_static/documentation_options.js /usr/share/doc/packages/python312-waitress-doc/html/_static/edit-me-on-github.png /usr/share/doc/packages/python312-waitress-doc/html/_static/epub.css /usr/share/doc/packages/python312-waitress-doc/html/_static/file.png /usr/share/doc/packages/python312-waitress-doc/html/_static/footerbg.png /usr/share/doc/packages/python312-waitress-doc/html/_static/headerbg.png /usr/share/doc/packages/python312-waitress-doc/html/_static/ie6.css /usr/share/doc/packages/python312-waitress-doc/html/_static/in_progress.png /usr/share/doc/packages/python312-waitress-doc/html/_static/language_data.js /usr/share/doc/packages/python312-waitress-doc/html/_static/middlebg.png /usr/share/doc/packages/python312-waitress-doc/html/_static/minus.png /usr/share/doc/packages/python312-waitress-doc/html/_static/outdated.png /usr/share/doc/packages/python312-waitress-doc/html/_static/plus.png /usr/share/doc/packages/python312-waitress-doc/html/_static/pygments.css /usr/share/doc/packages/python312-waitress-doc/html/_static/pylons-latex.png /usr/share/doc/packages/python312-waitress-doc/html/_static/pylons-small.png /usr/share/doc/packages/python312-waitress-doc/html/_static/pylons.css /usr/share/doc/packages/python312-waitress-doc/html/_static/pylons.ico /usr/share/doc/packages/python312-waitress-doc/html/_static/pylons.png /usr/share/doc/packages/python312-waitress-doc/html/_static/searchtools.js /usr/share/doc/packages/python312-waitress-doc/html/_static/sphinx_highlight.js /usr/share/doc/packages/python312-waitress-doc/html/_static/transparent.gif /usr/share/doc/packages/python312-waitress-doc/html/api.html /usr/share/doc/packages/python312-waitress-doc/html/arguments.html /usr/share/doc/packages/python312-waitress-doc/html/design.html /usr/share/doc/packages/python312-waitress-doc/html/differences.html /usr/share/doc/packages/python312-waitress-doc/html/filewrapper.html /usr/share/doc/packages/python312-waitress-doc/html/genindex.html /usr/share/doc/packages/python312-waitress-doc/html/glossary.html /usr/share/doc/packages/python312-waitress-doc/html/index.html /usr/share/doc/packages/python312-waitress-doc/html/logging.html /usr/share/doc/packages/python312-waitress-doc/html/objects.inv /usr/share/doc/packages/python312-waitress-doc/html/py-modindex.html /usr/share/doc/packages/python312-waitress-doc/html/reverse-proxy.html /usr/share/doc/packages/python312-waitress-doc/html/runner.html /usr/share/doc/packages/python312-waitress-doc/html/search.html /usr/share/doc/packages/python312-waitress-doc/html/searchindex.js /usr/share/doc/packages/python312-waitress-doc/html/socket-activation.html /usr/share/doc/packages/python312-waitress-doc/html/usage.html /usr/share/licenses/python312-waitress-doc /usr/share/licenses/python312-waitress-doc/LICENSE.txt
Generated by rpm2html 1.8.1
Fabrice Bellet, Sun Feb 23 00:14:44 2025