From 6218b1b8dadffa20c079e98ae2166fe95b4870f2 Mon Sep 17 00:00:00 2001 From: Pierre-Jean Texier Date: Sun, 12 Apr 2020 17:03:31 +0200 Subject: python3-waitress: upgrade 1.4.2 -> 1.4.3 This is a security release: - In Waitress version 1.4.2 a new regular expression was added to validate the headers that Waitress receives to make sure that it matches RFC7230. Unfortunately the regular expression was written in a way that with invalid input it leads to catastrophic backtracking which allows for a Denial of Service and CPU usage going to a 100%. Signed-off-by: Pierre-Jean Texier Signed-off-by: Khem Raj --- .../recipes-devtools/python/python3-waitress_1.4.3.bb | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-waitress_1.4.3.bb (limited to 'meta-python/recipes-devtools/python/python3-waitress_1.4.3.bb') diff --git a/meta-python/recipes-devtools/python/python3-waitress_1.4.3.bb b/meta-python/recipes-devtools/python/python3-waitress_1.4.3.bb new file mode 100644 index 0000000000..8ac3e928ea --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-waitress_1.4.3.bb @@ -0,0 +1,12 @@ +SUMMARY = "A WSGI server for Python" +DESCRIPTION = "Waitress is meant to be a production-quality pure-Python WSGI \ + server with very acceptable performance." +HOMEPAGE = "https://github.com/Pylons/waitress" +SECTION = "devel/python" +LICENSE = "ZPL-2.1" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=78ccb3640dc841e1baecb3e27a6966b2" + +SRC_URI[md5sum] = "4bffad7009d3824ae61ea6c0696e45f6" +SRC_URI[sha256sum] = "045b3efc3d97c93362173ab1dfc159b52cfa22b46c3334ffc805dbdbf0e4309e" + +inherit setuptools3 pypi -- cgit v1.2.3-54-g00ecf