master

分支 (33)

标签 (21)

管理

管理

master

openEuler-24.03-LTS

openEuler-24.03-LTS-Next

openEuler-24.03-LTS-SP1

openEuler-24.09

openEuler-22.03-LTS-Next

openEuler-22.03-LTS-SP3

openEuler-22.03-LTS-SP4

openEuler-22.03-LTS-SP2

openEuler-22.03-LTS

openEuler-22.03-LTS-SP1

openEuler-23.09

openEuler-22.09

openEuler-23.03

Multi-Version_OpenStack-Wallaby_openEuler-22.03-LTS-Next

Multi-Version_OpenStack-Train_openEuler-22.03-LTS

Multi-Version_OpenStack-Train_openEuler-22.03-LTS-Next

Multi-Version_OpenStack-Train_openEuler-22.03-LTS-SP1

Multi-Version_OpenStack-Train_openEuler-22.03-LTS-SP2

Multi-Version_OpenStack-Train_openEuler-22.03-LTS-SP3

openEuler-24.03-LTS-SP1-release

openEuler-22.03-LTS-SP4-release

openEuler-24.09-release

openEuler-24.03-LTS-release

openEuler-22.03-LTS-SP3-release

openEuler-23.09-rc5

openEuler-22.03-LTS-SP1-release

openEuler-22.09-release

openEuler-22.09-rc5

openEuler-22.09-20220829

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.03-LTS-20200606

openEuler-20.09-20200928

python-gevent
/
CVE-2023-41419-pre.patch

From 6b22af0fa8eb2efa89fce36c35808948c67352b0 Mon Sep 17 00:00:00 2001
From: Jason Madden <[email protected]>
Date: Thu, 31 Aug 2023 05:26:35 -0500
Subject: [PATCH] pyproject.toml: Bump to latest cython.

Origin:
https://github.com/gevent/gevent/commit/6b22af0fa8eb2efa89fce36c35808948c67352b0
---
 docs/servers.rst     | 7 +++++++
 pyproject.toml       | 2 +-
 src/gevent/pywsgi.py | 9 ++++++++-
 3 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/docs/servers.rst b/docs/servers.rst
index 846ffbd..190fb1f 100644
--- a/docs/servers.rst
+++ b/docs/servers.rst
@@ -43,6 +43,13 @@ The :mod:`gevent.pywsgi` module contains an implementation of a :pep:`3333`
 :class:`WSGI server <gevent.pywsgi.WSGIServer>`. In addition,
 gunicorn_ is a stand-alone server that supports gevent.

+.. important::
+
+   The provided server implementations are intended primarily for
+   development and testing, or internal usage, and otherwise only
+   generally "safe" scenarios. They have not been security audited.
+   Expose them to the public Internet at your own risk.
+
 API Reference
 =============

diff --git a/pyproject.toml b/pyproject.toml
index 6529ef3..2354d0c 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -17,7 +17,7 @@ requires = [
      # This was fixed in 3.0a5 (https://github.com/cython/cython/issues/3578)
      # 3.0a6 fixes an issue cythonizing source on 32-bit platforms.
      # 3.0a9 is needed for Python 3.10.
-     "Cython >= 3.0a11",
+     "Cython >= 3.0.2",
      # See version requirements in setup.py
      "cffi >= 1.12.3 ; platform_python_implementation == 'CPython'",
      # Python 3.7 requires at least 0.4.14, which is ABI incompatible with earlier
diff --git a/src/gevent/pywsgi.py b/src/gevent/pywsgi.py
index 0ebe095..cfedad5 100644
--- a/src/gevent/pywsgi.py
+++ b/src/gevent/pywsgi.py
@@ -1,13 +1,20 @@
 # Copyright (c) 2005-2009, eventlet contributors
 # Copyright (c) 2009-2018, gevent contributors
 """
-A pure-Python, gevent-friendly WSGI server.
+A pure-Python, gevent-friendly WSGI server implementing HTTP/1.1.

 The server is provided in :class:`WSGIServer`, but most of the actual
 WSGI work is handled by :class:`WSGIHandler` --- a new instance is
 created for each request. The server can be customized to use
 different subclasses of :class:`WSGIHandler`.

+.. important::
+
+   This server is intended primarily for development and testing, and
+   secondarily for other "safe" scenarios where it will not be exposed to
+   potentially malicious input. The code has not been security audited,
+   and is not intended for direct exposure to the public Internet.
+
 """
 from __future__ import absolute_import

--
2.30.0