Hello community, here is the log from the commit of package python-waitress for openSUSE:Factory checked in at 2017-10-18 10:54:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-waitress (Old) and /work/SRC/openSUSE:Factory/.python-waitress.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-waitress" Wed Oct 18 10:54:05 2017 rev:11 rq:534388 version:1.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-waitress/python-waitress.changes 2017-05-08 19:04:01.343597468 +0200 +++ /work/SRC/openSUSE:Factory/.python-waitress.new/python-waitress.changes 2017-10-18 10:54:06.390670859 +0200 @@ -1,0 +2,16 @@ +Fri Oct 13 00:49:45 UTC 2017 - a...@gmx.de + +- update to version 1.1.0: + * Features + + Waitress now has a __main__ and thus may be called with "python + -mwaitress" + * Bugfixes + + Waitress no longer allows lowercase HTTP verbs. This change was + made to fall in line with most HTTP servers. See + https://github.com/Pylons/waitress/pull/170 + + When receiving non-ascii bytes in the request URL, waitress will + no longer abruptly close the connection, instead returning a 400 + Bad Request. See https://github.com/Pylons/waitress/pull/162 and + https://github.com/Pylons/waitress/issues/64 + +------------------------------------------------------------------- Old: ---- waitress-1.0.2.tar.gz New: ---- waitress-1.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-waitress.spec ++++++ --- /var/tmp/diff_new_pack.PbGAgW/_old 2017-10-18 10:54:07.122636519 +0200 +++ /var/tmp/diff_new_pack.PbGAgW/_new 2017-10-18 10:54:07.122636519 +0200 @@ -21,17 +21,17 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-waitress -Version: 1.0.2 +Version: 1.1.0 Release: 0 Summary: Waitress WSGI server License: ZPL-2.1 Group: Development/Languages/Python Url: https://github.com/Pylons/waitress Source: https://files.pythonhosted.org/packages/source/w/waitress/waitress-%{version}.tar.gz -BuildRequires: fdupes -BuildRequires: python-rpm-macros BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} +BuildRequires: fdupes +BuildRequires: python-rpm-macros %if %{with tests} # Test requirements: BuildRequires: %{python_module nose} ++++++ waitress-1.0.2.tar.gz -> waitress-1.1.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/waitress-1.0.2/CHANGES.txt new/waitress-1.1.0/CHANGES.txt --- old/waitress-1.0.2/CHANGES.txt 2017-02-05 00:06:38.000000000 +0100 +++ new/waitress-1.1.0/CHANGES.txt 2017-10-11 02:58:29.000000000 +0200 @@ -1,3 +1,22 @@ +1.1.0 (2017-10-10) +------------------ + +Features +~~~~~~~~ + +- Waitress now has a __main__ and thus may be called with ``python -mwaitress`` + +Bugfixes +~~~~~~~~ + +- Waitress no longer allows lowercase HTTP verbs. This change was made to fall + in line with most HTTP servers. See https://github.com/Pylons/waitress/pull/170 + +- When receiving non-ascii bytes in the request URL, waitress will no longer + abruptly close the connection, instead returning a 400 Bad Request. See + https://github.com/Pylons/waitress/pull/162 and + https://github.com/Pylons/waitress/issues/64 + 1.0.2 (2017-02-04) ------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/waitress-1.0.2/CONTRIBUTORS.txt new/waitress-1.1.0/CONTRIBUTORS.txt --- old/waitress-1.0.2/CONTRIBUTORS.txt 2016-09-01 20:19:46.000000000 +0200 +++ new/waitress-1.1.0/CONTRIBUTORS.txt 2017-09-15 22:45:36.000000000 +0200 @@ -137,3 +137,6 @@ - Jason Madden, 2016-03-19 +- Atsushi Odagiri, 2017-02-12 + +- David D Lowe, 2017-06-02 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/waitress-1.0.2/PKG-INFO new/waitress-1.1.0/PKG-INFO --- old/waitress-1.0.2/PKG-INFO 2017-02-05 00:10:18.000000000 +0100 +++ new/waitress-1.1.0/PKG-INFO 2017-10-11 03:00:39.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: waitress -Version: 1.0.2 +Version: 1.1.0 Summary: Waitress WSGI server Home-page: https://github.com/Pylons/waitress Author: Pylons Project @@ -16,6 +16,25 @@ http://docs.pylonsproject.org/projects/waitress/en/latest/ . + 1.1.0 (2017-10-10) + ------------------ + + Features + ~~~~~~~~ + + - Waitress now has a __main__ and thus may be called with ``python -mwaitress`` + + Bugfixes + ~~~~~~~~ + + - Waitress no longer allows lowercase HTTP verbs. This change was made to fall + in line with most HTTP servers. See https://github.com/Pylons/waitress/pull/170 + + - When receiving non-ascii bytes in the request URL, waitress will no longer + abruptly close the connection, instead returning a 400 Bad Request. See + https://github.com/Pylons/waitress/pull/162 and + https://github.com/Pylons/waitress/issues/64 + 1.0.2 (2017-02-04) ------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/waitress-1.0.2/setup.py new/waitress-1.1.0/setup.py --- old/waitress-1.0.2/setup.py 2017-02-04 23:49:17.000000000 +0100 +++ new/waitress-1.1.0/setup.py 2017-10-11 02:59:39.000000000 +0200 @@ -34,7 +34,7 @@ setup( name='waitress', - version='1.0.2', + version='1.1.0', author='Zope Foundation and Contributors', author_email='zope-...@zope.org', maintainer="Pylons Project", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/waitress-1.0.2/waitress/__main__.py new/waitress-1.1.0/waitress/__main__.py --- old/waitress-1.0.2/waitress/__main__.py 1970-01-01 01:00:00.000000000 +0100 +++ new/waitress-1.1.0/waitress/__main__.py 2017-09-15 22:45:36.000000000 +0200 @@ -0,0 +1,2 @@ +from waitress.runner import run # pragma nocover +run() # pragma nocover diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/waitress-1.0.2/waitress/parser.py new/waitress-1.1.0/waitress/parser.py --- old/waitress-1.0.2/waitress/parser.py 2016-09-01 20:19:46.000000000 +0200 +++ new/waitress-1.1.0/waitress/parser.py 2017-09-15 22:45:36.000000000 +0200 @@ -253,7 +253,10 @@ def split_uri(uri): # urlsplit handles byte input by returning bytes on py3, so # scheme, netloc, path, query, and fragment are bytes - scheme, netloc, path, query, fragment = urlparse.urlsplit(uri) + try: + scheme, netloc, path, query, fragment = urlparse.urlsplit(uri) + except UnicodeError: + raise ParsingError('Bad URI') return ( tostr(scheme), tostr(netloc), @@ -291,8 +294,20 @@ version = m.group(5) else: version = None - command = m.group(1).upper() + method = m.group(1) + + # the request methods that are currently defined are all uppercase: + # https://www.iana.org/assignments/http-methods/http-methods.xhtml and + # the request method is case sensitive according to + # https://tools.ietf.org/html/rfc7231#section-4.1 + + # By disallowing anything but uppercase methods we save poor + # unsuspecting souls from sending lowercase HTTP methods to waitress + # and having the request complete, while servers like nginx drop the + # request onto the floor. + if method != method.upper(): + raise ParsingError('Malformed HTTP method "%s"' % tostr(method)) uri = m.group(2) - return command, uri, version + return method, uri, version else: return b'', b'', b'' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/waitress-1.0.2/waitress/tests/test_parser.py new/waitress-1.1.0/waitress/tests/test_parser.py --- old/waitress-1.0.2/waitress/tests/test_parser.py 2016-09-01 20:19:47.000000000 +0200 +++ new/waitress-1.1.0/waitress/tests/test_parser.py 2017-09-15 22:45:36.000000000 +0200 @@ -249,6 +249,16 @@ self.assertEqual(self.proxy_scheme, 'https') self.assertEqual(self.proxy_netloc, 'localhost:8080') + def test_split_uri_unicode_error_raises_parsing_error(self): + # See https://github.com/Pylons/waitress/issues/64 + from waitress.parser import ParsingError + # Either pass or throw a ParsingError, just don't throw another type of + # exception as that will cause the connection to close badly: + try: + self._callFUT(b'/\xd0') + except ParsingError: + pass + class Test_get_header_lines(unittest.TestCase): def _callFUT(self, data): @@ -288,15 +298,19 @@ return crack_first_line(line) def test_crack_first_line_matchok(self): - result = self._callFUT(b'get / HTTP/1.0') + result = self._callFUT(b'GET / HTTP/1.0') self.assertEqual(result, (b'GET', b'/', b'1.0')) + def test_crack_first_line_lowercase_method(self): + from waitress.parser import ParsingError + self.assertRaises(ParsingError, self._callFUT, b'get / HTTP/1.0') + def test_crack_first_line_nomatch(self): - result = self._callFUT(b'get / bleh') + result = self._callFUT(b'GET / bleh') self.assertEqual(result, (b'', b'', b'')) def test_crack_first_line_missing_version(self): - result = self._callFUT(b'get /') + result = self._callFUT(b'GET /') self.assertEqual(result, (b'GET', b'/', None)) class TestHTTPRequestParserIntegration(unittest.TestCase): diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/waitress-1.0.2/waitress.egg-info/PKG-INFO new/waitress-1.1.0/waitress.egg-info/PKG-INFO --- old/waitress-1.0.2/waitress.egg-info/PKG-INFO 2017-02-05 00:10:14.000000000 +0100 +++ new/waitress-1.1.0/waitress.egg-info/PKG-INFO 2017-10-11 03:00:39.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: waitress -Version: 1.0.2 +Version: 1.1.0 Summary: Waitress WSGI server Home-page: https://github.com/Pylons/waitress Author: Pylons Project @@ -16,6 +16,25 @@ http://docs.pylonsproject.org/projects/waitress/en/latest/ . + 1.1.0 (2017-10-10) + ------------------ + + Features + ~~~~~~~~ + + - Waitress now has a __main__ and thus may be called with ``python -mwaitress`` + + Bugfixes + ~~~~~~~~ + + - Waitress no longer allows lowercase HTTP verbs. This change was made to fall + in line with most HTTP servers. See https://github.com/Pylons/waitress/pull/170 + + - When receiving non-ascii bytes in the request URL, waitress will no longer + abruptly close the connection, instead returning a 400 Bad Request. See + https://github.com/Pylons/waitress/pull/162 and + https://github.com/Pylons/waitress/issues/64 + 1.0.2 (2017-02-04) ------------------ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/waitress-1.0.2/waitress.egg-info/SOURCES.txt new/waitress-1.1.0/waitress.egg-info/SOURCES.txt --- old/waitress-1.0.2/waitress.egg-info/SOURCES.txt 2017-02-05 00:10:18.000000000 +0100 +++ new/waitress-1.1.0/waitress.egg-info/SOURCES.txt 2017-10-11 03:00:39.000000000 +0200 @@ -25,6 +25,7 @@ docs/rebuild docs/runner.rst waitress/__init__.py +waitress/__main__.py waitress/adjustments.py waitress/buffers.py waitress/channel.py