From eb50cc82bed0a7f7d36db713fca9017d11c2102e Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Fri, 23 Jan 2026 18:02:16 +0100
Subject: python3-waitress: upgrade 3.0.0 -> 3.0.2

Contains fixes for CVE-2024-49768 and CVE-2024-49769

Changelog:
3.0.1:
- Python 3.8 is no longer supported.
- Added support for Python 3.13.
- Fix a bug that would lead to Waitress busy looping on select() on a half-open
  socket due to a race condition that existed when creating a new HTTPChannel.
- No longer strip the header values before passing them to the WSGI environ.
- Fix a race condition in Waitress when `channel_request_lookahead` is enabled
  that could lead to HTTP request smuggling.

3.0.2:
- When using Waitress to process trusted proxy headers, Waitress will now
  update the headers to drop any untrusted values, thereby making sure that
  WSGI apps only get trusted and validated values that Waitress itself used to
  update the environ.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../recipes-devtools/python/python3-waitress_3.0.0.bb     | 15 ---------------
 .../recipes-devtools/python/python3-waitress_3.0.2.bb     | 15 +++++++++++++++
 2 files changed, 15 insertions(+), 15 deletions(-)
 delete mode 100644 meta-python/recipes-devtools/python/python3-waitress_3.0.0.bb
 create mode 100644 meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb

(limited to 'meta-python/recipes-devtools')

diff --git a/meta-python/recipes-devtools/python/python3-waitress_3.0.0.bb b/meta-python/recipes-devtools/python/python3-waitress_3.0.0.bb
deleted file mode 100644
index 7470fc02a0..0000000000
--- a/meta-python/recipes-devtools/python/python3-waitress_3.0.0.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-SUMMARY = "A WSGI server for Python"
-DESCRIPTION = "Waitress is meant to be a production-quality pure-Python WSGI \
-    server with very acceptable performance."
-HOMEPAGE = "https://github.com/Pylons/waitress"
-SECTION = "devel/python"
-LICENSE = "ZPL-2.1"
-LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=78ccb3640dc841e1baecb3e27a6966b2"
-
-RDEPENDS:${PN} += " \
-        python3-logging \
-"
-
-SRC_URI[sha256sum] = "005da479b04134cdd9dd602d1ee7c49d79de0537610d653674cc6cbde222b8a1"
-
-inherit python_setuptools_build_meta pypi
diff --git a/meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb b/meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb
new file mode 100644
index 0000000000..b8e90807cf
--- /dev/null
+++ b/meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb
@@ -0,0 +1,15 @@
+SUMMARY = "A WSGI server for Python"
+DESCRIPTION = "Waitress is meant to be a production-quality pure-Python WSGI \
+    server with very acceptable performance."
+HOMEPAGE = "https://github.com/Pylons/waitress"
+SECTION = "devel/python"
+LICENSE = "ZPL-2.1"
+LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=78ccb3640dc841e1baecb3e27a6966b2"
+
+RDEPENDS:${PN} += " \
+        python3-logging \
+"
+
+SRC_URI[sha256sum] = "682aaaf2af0c44ada4abfb70ded36393f0e307f4ab9456a215ce0020baefc31f"
+
+inherit python_setuptools_build_meta pypi
-- 
cgit v1.2.3-54-g00ecf