Overview Repositories Revisions Requests Users Attributes Meta

Revisions of python-waitress

buildservice-autocommit accepted request 962909 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 51) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 50) 
- update to 2.1.1 (bsc#1197255, CVE-2022-24761):
  * Waitress now validates that chunked encoding extensions are valid, and don’t
    contain invalid characters that are not allowed. They are still skipped/not
    processed, but if they contain invalid data we no longer continue in and return
    a 400 Bad Request. This stops potential HTTP desync/HTTP request smuggling.
    Thanks to Zhang Zeyu for reporting this issue. See
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
  * Waitress now validates that the chunk length is only valid hex digits when
    parsing chunked encoding, and values such as 0x01 and +01 are no longer
    supported. This stops potential HTTP desync/HTTP request smuggling. Thanks
    to Zhang Zeyu for reporting this issue. See
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
  * Waitress now validates that the Content-Length sent by a remote contains only
    digits in accordance with RFC7230 and will return a 400 Bad Request when the
    Content-Length header contains invalid data, such as +10 which would
    previously get parsed as 10 and accepted. This stops potential HTTP
    desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue.
    See
    https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 923298 from Stefan Schubert's avatar Stefan Schubert (schubi2) (revision 49) 
- Use libalternatives instead of update-alternatives.
Ondřej Súkup's avatar Ondřej Súkup (mimi_vx) accepted request 914584 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 48) 
- version update to 2.0.0
  - Friendly Reminder
    This release still contains a variety of deprecation notices about defaults
    that can be set for a variety of options.
    Please note that this is your last warning, and you should update your
    configuration if you do NOT want to use the new defaults.
    See the arguments documentation page for all supported options, and pay
    attention to the warnings:
    https://docs.pylonsproject.org/projects/waitress/en/stable/arguments.html
  - Fix a crash on startup when listening to multiple interfaces.
    See https://github.com/Pylons/waitress/pull/332
  - Waitress no longer attempts to guess at what the ``server_name`` should be for
    a listen socket, instead it always use a new adjustment/argument named
    ``server_name``.
    Please see the documentation for ``server_name`` in
    https://docs.pylonsproject.org/projects/waitress/en/latest/arguments.html and
    see https://github.com/Pylons/waitress/pull/329
  - Allow tasks to notice if the client disconnected.
    This inserts a callable ``waitress.client_disconnected`` into the environment
    that allows the task to check if the client disconnected while waiting for
    the response at strategic points in the execution and to cancel the
    operation.
    It requires setting the new adjustment ``channel_request_lookahead`` to a value
    larger than 0, which continues to read requests from a channel even if a
    request is already being processed on that channel, up to the given count,
    since a client disconnect is detected by reading from a readable socket and
    receiving an empty result.
    See https://github.com/Pylons/waitress/pull/310
  - Drop Python 2.7 and 3.5 support
  - The server now issues warning output when it there are enough open
buildservice-autocommit accepted request 839291 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 47) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) accepted request 839249 from Hans-Peter Jansen's avatar Hans-Peter Jansen (frispete) (revision 46) 
- Update to version 1.4.4 (2020-06-01)
  + Fix an issue with keep-alive connections in which memory usage
    was higher than expected because output buffers were being
    reused across requests on a long-lived connection and each
    buffer would not be freed until it was full or the connection
    was closed. Buffers are now rotated per-request to stabilize
    their behavior.
  + See https://github.com/Pylons/waitress/pull/300
  + Waitress threads have been updated to contain their thread
    number. This will allow loggers that use that information to
    print the thread that the log is coming from.
  + See https://github.com/Pylons/waitress/pull/302
- Switch to pytest, disable one test, that requires network
- Create _multibuild for doc package
  It requires installation of base package now
buildservice-autocommit accepted request 815873 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 45) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 815751 from Jacek Tomasiak's avatar Jacek Tomasiak (jtomasiak) (revision 44) 
- make sure UTF8 locale is used when runnning tests
  * Sometimes functional tests executed in python3 failed if stdout was not
    set to UTF-8. The error message was:
      ValueError: underlying buffer has been detached
buildservice-autocommit accepted request 806803 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 43) 
baserev update by copy to link target
buildservice-autocommit accepted request 770684 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 41) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 770668 from Markéta Machová's avatar Markéta Machová (mcalabkova) (revision 40) 
- update to 1.4.3
  * Waitress did not properly validate that the HTTP headers it received 
    were properly formed, thereby potentially allowing a front-end server 
    to treat a request different from Waitress. This could lead to HTTP 
    request smuggling/splitting.
- drop patch local-intersphinx-inventories.patch
  * it was commented out, anyway
buildservice-autocommit accepted request 758618 from Dirk Mueller's avatar Dirk Mueller (dirkmueller) (revision 39) 
baserev update by copy to link target
Dirk Mueller's avatar Dirk Mueller (dirkmueller) committed (revision 38) 
- update to 1.4.0:
  - Waitress used to slam the door shut on HTTP pipelined requests without
  setting the ``Connection: close`` header as appropriate in the response. This
  is of course not very friendly. Waitress now explicitly sets the header when
  responding with an internally generated error such as 400 Bad Request or 500
  Internal Server Error to notify the remote client that it will be closing the
  connection after the response is sent.
  - Waitress no longer allows any spaces to exist between the header field-name
  and the colon. While waitress did not strip the space and thereby was not
  vulnerable to any potential header field-name confusion, it should have sent
  back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
  - CRLR handling Security fixes
buildservice-autocommit accepted request 727098 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 37) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 727021 from Markéta Machová's avatar Markéta Machová (mcalabkova) (revision 36) 
- update to 1.3.1
  * Waitress won’t accidentally throw away part of the path if it 
    starts with a double slash
buildservice-autocommit accepted request 701058 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 35) 
baserev update by copy to link target
Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) accepted request 701044 from Petr Gajdos's avatar Petr Gajdos (pgajdos) (revision 34) 
- version update to 1.3.0
  Deprecations
  ~~~~~~~~~~~~
  - The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated
    pending removal in a future release.
    and https://github.com/Pylons/waitress/pull/246
  Features
  ~~~~~~~~
  - Add a new ``outbuf_high_watermark`` adjustment which is used to apply
    backpressure on the ``app_iter`` to avoid letting it spin faster than data
    can be written to the socket. This stabilizes responses that iterate quickly
    with a lot of data.
    See https://github.com/Pylons/waitress/pull/242
  - Stop early and close the ``app_iter`` when attempting to write to a closed
    socket due to a client disconnect. This should notify a long-lived streaming
    response when a client hangs up.
    See https://github.com/Pylons/waitress/pull/238
    and https://github.com/Pylons/waitress/pull/240
    and https://github.com/Pylons/waitress/pull/241
  - Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was
    set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls how
    much waitress will buffer internally before flushing to the kernel, whereas
    previously it used to also throttle how much data was sent to the kernel.
    This change enables a streaming ``app_iter`` containing small chunks to
    still be flushed efficiently.
    See https://github.com/Pylons/waitress/pull/246
  Bugfixes
  ~~~~~~~~
  - Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we will
    no longer set the version to the string value "None". See
buildservice-autocommit accepted request 687121 from Matej Cepl's avatar Matej Cepl (mcepl) (revision 33) 
baserev update by copy to link target
Matej Cepl's avatar Matej Cepl (mcepl) accepted request 687030 from Jan Engelhardt's avatar Jan Engelhardt (jengelh) (revision 32) 
- Trim marketing wording and other platform mentions.
Displaying revisions 21 - 40 of 71
openSUSE Build Service is sponsored by
Places