Hello community,
here is the log from the commit of package python-waitress for openSUSE:Factory
checked in at 2020-01-01 14:57:35
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-waitress (Old)
and /work/SRC/openSUSE:Factory/.python-waitress.new.6675 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-waitress"
Wed Jan 1 14:57:35 2020 rev:17 rq:758618 version:1.4.0
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-waitress/python-waitress.changes
2019-09-04 08:56:46.291085145 +0200
+++
/work/SRC/openSUSE:Factory/.python-waitress.new.6675/python-waitress.changes
2020-01-01 14:58:13.077928582 +0100
@@ -1,0 +2,18 @@
+Fri Dec 20 18:28:24 UTC 2019 - Dirk Mueller <[email protected]>
+
+- update to 1.4.0:
+ - Waitress used to slam the door shut on HTTP pipelined requests without
+ setting the ``Connection: close`` header as appropriate in the response. This
+ is of course not very friendly. Waitress now explicitly sets the header when
+ responding with an internally generated error such as 400 Bad Request or 500
+ Internal Server Error to notify the remote client that it will be closing the
+ connection after the response is sent.
+
+ - Waitress no longer allows any spaces to exist between the header field-name
+ and the colon. While waitress did not strip the space and thereby was not
+ vulnerable to any potential header field-name confusion, it should have sent
+ back a 400 Bad Request. See https://github.com/Pylons/waitress/issues/273
+
+ - CRLR handling Security fixes
+
+-------------------------------------------------------------------
Old:
----
waitress-1.3.1.tar.gz
New:
----
waitress-1.4.0.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-waitress.spec ++++++
--- /var/tmp/diff_new_pack.l8CgEm/_old 2020-01-01 14:58:15.565929881 +0100
+++ /var/tmp/diff_new_pack.l8CgEm/_new 2020-01-01 14:58:15.565929881 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-waitress
#
-# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2019 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
Name: python-waitress
-Version: 1.3.1
+Version: 1.4.0
Release: 0
Summary: Waitress WSGI server
License: ZPL-2.1
@@ -59,7 +59,7 @@
%prep
%setup -q -n waitress-%{version}
-%patch -p1
+#%patch -p1
cp %{S:1} docs/
%build
++++++ waitress-1.3.1.tar.gz -> waitress-1.4.0.tar.gz ++++++
++++ 14887 lines of diff (skipped)
