| Message ID | 20260123170221.671471-5-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-python,scarthgap,01/10] python3-django: upgrade 4.2.20 -> 4.2.27 | expand |
diff --git a/meta-python/recipes-devtools/python/python3-waitress_3.0.0.bb b/meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb similarity index 82% rename from meta-python/recipes-devtools/python/python3-waitress_3.0.0.bb rename to meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb index 7470fc02a0..b8e90807cf 100644 --- a/meta-python/recipes-devtools/python/python3-waitress_3.0.0.bb +++ b/meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb @@ -10,6 +10,6 @@ RDEPENDS:${PN} += " \ python3-logging \ " -SRC_URI[sha256sum] = "005da479b04134cdd9dd602d1ee7c49d79de0537610d653674cc6cbde222b8a1" +SRC_URI[sha256sum] = "682aaaf2af0c44ada4abfb70ded36393f0e307f4ab9456a215ce0020baefc31f" inherit python_setuptools_build_meta pypi
Contains fixes for CVE-2024-49768 and CVE-2024-49769 Changelog: 3.0.1: - Python 3.8 is no longer supported. - Added support for Python 3.13. - Fix a bug that would lead to Waitress busy looping on select() on a half-open socket due to a race condition that existed when creating a new HTTPChannel. - No longer strip the header values before passing them to the WSGI environ. - Fix a race condition in Waitress when `channel_request_lookahead` is enabled that could lead to HTTP request smuggling. 3.0.2: - When using Waitress to process trusted proxy headers, Waitress will now update the headers to drop any untrusted values, thereby making sure that WSGI apps only get trusted and validated values that Waitress itself used to update the environ. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- .../{python3-waitress_3.0.0.bb => python3-waitress_3.0.2.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-waitress_3.0.0.bb => python3-waitress_3.0.2.bb} (82%)