commit python-gunicorn for openSUSE:Factory

Tue, 23 Apr 2024 09:55:35 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package python-gunicorn for openSUSE:Factory 
checked in at 2024-04-23 18:55:05
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-gunicorn (Old)
 and      /work/SRC/openSUSE:Factory/.python-gunicorn.new.27645 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-gunicorn"

Tue Apr 23 18:55:05 2024 rev:25 rq:1169631 version:22.0.0

Changes:
--------
--- /work/SRC/openSUSE:Factory/python-gunicorn/python-gunicorn.changes  
2024-01-09 20:49:27.367789902 +0100
+++ 
/work/SRC/openSUSE:Factory/.python-gunicorn.new.27645/python-gunicorn.changes   
    2024-04-23 18:55:19.132832879 +0200
@@ -1,0 +2,38 @@
+Wed Apr 17 12:43:25 UTC 2024 - Markéta Machová <[email protected]>
+
+- Update to 22.0.0
+  * use `utime` to notify workers liveness
+  * migrate setup to pyproject.toml
+  * fix numerous security vulnerabilities in HTTP parser (closing some 
+    request smuggling vectors)
+  * parsing additional requests is no longer attempted past unsupported 
+    request framing
+  * on HTTP versions < 1.1 support for chunked transfer is refused
+  * requests conflicting configured or passed SCRIPT_NAME now produce 
+    a verbose error
+  * Trailer fields are no longer inspected for headers indicating secure 
+    scheme
+  * support Python 3.12
+** Breaking changes **
+  * minimum version is Python 3.7
+  * the limitations on valid characters in the HTTP method have been bounded 
+    to Internet Standards
+  * requests specifying unsupported transfer coding (order) are refused by 
+    default (rare)
+  * HTTP methods are no longer casefolded by default (IANA method registry 
+    contains none affected)
+  * HTTP methods containing the number sign (#) are no longer accepted by 
+    default (rare)
+  * HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare)
+  * HTTP versions consisting of multiple digits or containing a prefix/suffix 
+    are no longer accepted
+  * HTTP header field names Gunicorn cannot safely map to variables are 
silently 
+    dropped, as in other software
+  * HTTP headers with empty field name are refused by default
+  * requests with both Transfer-Encoding and Content-Length are refused by 
default 
+    (such a message might indicate an attempt to perform request smuggling)
+  * empty transfer codings are no longer permitted
+** SECURITY **
+  * fix CVE-2024-1135 (bsc#1222950)
+
+-------------------------------------------------------------------

Old:
----
  gunicorn-21.2.0.tar.gz

New:
----
  gunicorn-22.0.0.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-gunicorn.spec ++++++
--- /var/tmp/diff_new_pack.aSpiiF/_old  2024-04-23 18:55:19.840858379 +0200
+++ /var/tmp/diff_new_pack.aSpiiF/_new  2024-04-23 18:55:19.840858379 +0200
@@ -1,5 +1,5 @@
 #
-# spec file
+# spec file for package python-gunicorn
 #
 # Copyright (c) 2024 SUSE LLC
 #
@@ -27,19 +27,20 @@
 %define skip_python2 1
 %{?sle15_python_module_pythons}
 Name:           python-gunicorn%{psuffix}
-Version:        21.2.0
+Version:        22.0.0
 Release:        0
 Summary:        WSGI HTTP Server for UNIX
 License:        MIT
 Group:          Development/Languages/Python
 URL:            https://gunicorn.org
 Source:         
https://files.pythonhosted.org/packages/source/g/gunicorn/gunicorn-%{version}.tar.gz
-BuildRequires:  %{python_module importlib_metadata}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools >= 3.0}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
 Requires(post): update-alternatives
-Requires(postun):update-alternatives
+Requires(postun): update-alternatives
 Suggests:       python-evenlet
 Suggests:       python-gevent
 Suggests:       python-gthread
@@ -56,6 +57,7 @@
 BuildRequires:  %{python_module eventlet}
 BuildRequires:  %{python_module gevent >= 1.4}
 BuildRequires:  %{python_module gunicorn}
+BuildRequires:  %{python_module pytest-cov}
 BuildRequires:  %{python_module pytest}
 %endif
 %python_subpackages
@@ -95,11 +97,11 @@
 %else  # without test
 
 %build
-%python_build
+%pyproject_wheel
 sphinx-build -b html -d docs/build/doctrees docs/source docs/build/html
 
 %install
-%python_install
+%pyproject_install
 %python_clone -a %{buildroot}%{_bindir}/gunicorn
 %python_expand %fdupes %{buildroot}%{$python_sitelib}
 

++++++ gunicorn-21.2.0.tar.gz -> gunicorn-22.0.0.tar.gz ++++++
++++ 2367 lines of diff (skipped)

Reply via email to