SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for python-gevent-debuginfo-1.2.2-150000.5.3.1.x86_64.rpm :

* Fri Sep 22 2023 mceplAATTsuse.com- (bsc#1215469, CVE-2023-41419) Add CVE-2023-41419-http-req-smuggle.patch preventing http request smuggling. Make ``gevent.pywsgi`` comply more closely with the HTTP specification for chunked transfer encoding. In particular, we are much stricter about trailers, and trailers that are invalid (too long or featuring disallowed characters) forcibly close the connection to the client
*after
* the results have been sent. Trailers otherwise continue to be ignored and are not available to the WSGI application. Previously, carefully crafted invalid trailers in chunked requests on keep-alive connections might appear as two requests to ``gevent.pywsgi``. Because this was handled exactly as a normal keep-alive connection with two requests, the WSGI application should handle it normally. However, if you were counting on some upstream server to filter incoming requests based on paths or header fields, and the upstream server simply passed trailers through without validating them, then this embedded second request would bypass those checks. (If the upstream server validated that the trailers meet the HTTP specification, this could not occur, because characters that are required in an HTTP request, like a space, are not allowed in trailers.) CVE-2023-41419 was reserved for this.
* Tue Jan 23 2018 dimstarAATTopensuse.org- Disable building of the documentation: the make html call fails already, and with rpm 4.14, this aborts the entire build.- Drop python-Sphinx buildrequires: not needed when not building the docs.
* Wed Nov 22 2017 jmatejekAATTsuse.com- add greenlet dependency to Python 3 as well (bsc#1055386)
* Sun Nov 12 2017 arunAATTgmx.de- specfile:
* added CHANGES.rst CONTRIBUTING.rst to %doc- update to version 1.2.2:
* Testing on Python 3.5 now uses Python 3.5.3 due to SSL changes. See :issue:`943`.
* Linux CI has been updated from Ubuntu 12.04 to Ubuntu 14.04 since the former has reached EOL.
* Linux CI now tests on PyPy2 5.7.1, updated from PyPy2 5.6.0.
* Linux CI now tests on PyPy3 3.5-5.7.1-beta, updated from PyPy3 3.3-5.5-alpha.
* Python 2 sockets are compatible with the SOCK_CLOEXEC flag found on Linux. They no longer pass the socket type or protocol to getaddrinfo when connect is called. Reported in :issue:`944` by Bernie Hackett.
* Replace optparse module with argparse. See :issue:`947`.
* Update to version 1.3.1 of tblib to fix :issue:`954`, reported by ml31415.
* Fix the name of the type parameter to :func:`gevent.socket.getaddrinfo` to be correct on Python 3. This would cause callers using keyword arguments to raise a :exc:`TypeError`. Reported in :issue:`960` by js6626069. Likewise, correct the argument names for fromfd and socketpair on Python 2, although they cannot be called with keyword arguments under CPython. Note: The gethost
* functions take different argument names under CPython and PyPy. gevent follows the CPython convention, although these functions cannot be called with keyword arguments on CPython.
* The previously-singleton exception objects FileObjectClosed and cancel_wait_ex were converted to classes. On Python 3, an exception object is stateful, including references to its context and possibly traceback, which could lead to objects remaining alive longer than intended.
* Make sure that python -m gevent.monkey