packages/python-gevent
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
python-gevent/CVE-2023-41419-pre.patch
starlet-dx 64d0f70eb9 Fix CVE-2023-41419 
(cherry picked from commit 91bae4b8013e2745219a20a78048d9cd344be12a)
2023-09-26 14:27:35 +08:00

74 lines
2.7 KiB
Diff
Raw Blame History

From 6b22af0fa8eb2efa89fce36c35808948c67352b0 Mon Sep 17 00:00:00 2001
From: Jason Madden <jamadden@gmail.com>
Date: Thu, 31 Aug 2023 05:26:35 -0500
Subject: [PATCH] pyproject.toml: Bump to latest cython.
Origin:
https://github.com/gevent/gevent/commit/6b22af0fa8eb2efa89fce36c35808948c67352b0
---
docs/servers.rst | 7 +++++++
pyproject.toml | 2 +-
src/gevent/pywsgi.py | 9 ++++++++-
3 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/docs/servers.rst b/docs/servers.rst
index 846ffbd..190fb1f 100644
--- a/docs/servers.rst
+++ b/docs/servers.rst
@@ -43,6 +43,13 @@ The :mod:`gevent.pywsgi` module contains an implementation of a :pep:`3333`
:class:`WSGI server <gevent.pywsgi.WSGIServer>`. In addition,
gunicorn_ is a stand-alone server that supports gevent.
+.. important::
+
+ The provided server implementations are intended primarily for
+ development and testing, or internal usage, and otherwise only
+ generally "safe" scenarios. They have not been security audited.
+ Expose them to the public Internet at your own risk.
+
API Reference
=============
diff --git a/pyproject.toml b/pyproject.toml
index 2f9b10a..e6fa7bd 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -21,7 +21,7 @@ requires = [
# failing in Python 2 (https://travis-ci.org/github/gevent/gevent/jobs/683782800);
# This was fixed in 3.0a5 (https://github.com/cython/cython/issues/3578)
# 3.0a6 fixes an issue cythonizing source on 32-bit platforms
- "Cython >= 3.0a6",
+ "Cython >= 3.0.2",
# See version requirements in setup.py
"cffi >= 1.12.3 ; platform_python_implementation == 'CPython'",
# Python 3.7 requires at least 0.4.14, which is ABI incompatible with earlier
diff --git a/src/gevent/pywsgi.py b/src/gevent/pywsgi.py
index 28ab815..4d24147 100644
--- a/src/gevent/pywsgi.py
+++ b/src/gevent/pywsgi.py
@@ -1,13 +1,20 @@
# Copyright (c) 2005-2009, eventlet contributors
# Copyright (c) 2009-2018, gevent contributors
"""
-A pure-Python, gevent-friendly WSGI server.
+A pure-Python, gevent-friendly WSGI server implementing HTTP/1.1.
The server is provided in :class:`WSGIServer`, but most of the actual
WSGI work is handled by :class:`WSGIHandler` --- a new instance is
created for each request. The server can be customized to use
different subclasses of :class:`WSGIHandler`.
+.. important::
+
+ This server is intended primarily for development and testing, and
+ secondarily for other "safe" scenarios where it will not be exposed to
+ potentially malicious input. The code has not been security audited,
+ and is not intended for direct exposure to the public Internet.
+
"""
from __future__ import absolute_import
--
2.30.0
Reference in New Issue View Git Blame Copy Permalink