Hello community, here is the log from the commit of package python-cheroot for openSUSE:Factory checked in at 2020-05-09 19:52:13 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-cheroot (Old) and /work/SRC/openSUSE:Factory/.python-cheroot.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-cheroot" Sat May 9 19:52:13 2020 rev:12 rq:801107 version:8.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/python-cheroot/python-cheroot.changes 2020-03-27 00:25:19.176257478 +0100 +++ /work/SRC/openSUSE:Factory/.python-cheroot.new.2738/python-cheroot.changes 2020-05-09 19:52:21.736838897 +0200 @@ -1,0 +2,8 @@ +Thu May 7 09:33:29 UTC 2020 - Pablo Suárez Hernández <[email protected]> + +- Avoid possible race condition on persistent HTTP connections (bsc#1169604) + +- Added: + * 0001-Avoid-race-condition-on-persistent-HTTP-connections.patch + +------------------------------------------------------------------- New: ---- 0001-Avoid-race-condition-on-persistent-HTTP-connections.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-cheroot.spec ++++++ --- /var/tmp/diff_new_pack.9aggIA/_old 2020-05-09 19:52:23.376842418 +0200 +++ /var/tmp/diff_new_pack.9aggIA/_new 2020-05-09 19:52:23.380842426 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-cheroot # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,6 +26,9 @@ License: BSD-3-Clause URL: https://github.com/cherrypy/cheroot Source: https://files.pythonhosted.org/packages/source/c/%{pypi_name}/%{pypi_name}-%{version}.tar.gz +# PATCH-FIX_UPSTREAM //github.com/cherrypy/cheroot/pull/282 +Patch1: 0001-Avoid-race-condition-on-persistent-HTTP-connections.patch + BuildRequires: %{python_module jaraco.functools} BuildRequires: %{python_module jaraco.text >= 3.1} BuildRequires: %{python_module more-itertools >= 2.6} ++++++ 0001-Avoid-race-condition-on-persistent-HTTP-connections.patch ++++++ >From 49a8934d726574f7ff85356e6acbfdc06ca7fbdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pablo=20Su=C3=A1rez=20Hern=C3=A1ndez?= <[email protected]> Date: Wed, 6 May 2020 14:04:48 +0100 Subject: [PATCH] Avoid race condition on persistent HTTP connections Add a HTTP "Keep-Alive" header with "timeout" on the HTTP response to avoid a race condition on persistent HTTP connections when the HTTP client reuses a connection after the "socket.timeout" exception triggered on the HTTPServer but before the FIN packet is produced. When this happens, the client gets a "connection reset by peer" after writting the request. This commit makes a HTTP client to know about this "Keep-Alive" idle timeout by exposing it on the HTTP "Keep-Alive" response header, so the connection won't be reused if it was "idle" for that "timeout" after the last request response. --- cheroot/server.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cheroot/server.py b/cheroot/server.py index 223bed86..f29559b4 100644 --- a/cheroot/server.py +++ b/cheroot/server.py @@ -1167,6 +1167,11 @@ class HTTPRequest: if not self.close_connection: self.outheaders.append((b'Connection', b'Keep-Alive')) + self.outheaders.append(( + b'Keep-Alive', + "timeout={}".format(self.server.timeout).encode('ISO-8859-1'), + )) + if (not self.close_connection) and (not self.chunked_read): # Read any remaining request body data on the socket. # "If an origin server receives a request that does not include an -- 2.23.0
