Backport upstream fix for CVE-2022-24761 rhbz#2065791

- Resolves: rhbz#1791421 CVE-2019-16785
- Resolves: rhbz#1791417 CVE-2019-16786
- Resolves: rhbz#1789810 CVE-2019-16789
- Resolves: CVE-2019-16792
- Resolves: CVE-2020-5236

.gitignore

@@ -14,13 +14,4 @@
 /waitress-1.1.0.tar.gz
 /v1.2.1.tar.gz
 /v1.2.1-nodocs.tar.gz
-/v1.3.1-nodocs.tar.gz
-/v1.4.0.tar.gz
-/v1.4.0-nodocs.tar.gz
-/v1.4.1.tar.gz
-/v1.4.1-nodocs.tar.gz
-/v1.4.2.tar.gz
-/v1.4.2-nodocs.tar.gz
-/v1.4.3.tar.gz
 /v1.4.3-nodocs.tar.gz
-/v1.4.4-nodocs.tar.gz

0001-Add-new-regular-expressions-for-Chunked-Encoding.patch

@@ -1,8 +1,4 @@
-From 95f9f188665618759d8d1a27c96b3dacc3ed89be Mon Sep 17 00:00:00 2001
-From: Renata Ravanelli <renata.ravanelli@gmail.com>
-Date: Fri, 15 Sep 2023 12:22:48 -0300
-Subject: [PATCH 1/6] This patch is a backport of commit: e75b0d9
-
+From b3b4d0847c0b22a6f2b12090d8b6b79c4cdea95c Mon Sep 17 00:00:00 2001
 From: Bert JW Regeer <bertjw@regeer.org>
 Date: Sat, 12 Mar 2022 18:30:30 -0700
 Subject: [PATCH 1/8] Add new regular expressions for Chunked Encoding
@@ -10,19 +6,16 @@ Subject: [PATCH 1/8] Add new regular expressions for Chunked Encoding
 This also moves some regular expressions for QUOTED_PAIR/QUOTED_STRING
 into this module from utilities so that they may be reused.
 
-Backport:
-* Patch refresh - no functional change.
-
-Signed-off-by: Renata Ravanelli <renata.ravanelli@gmail.com>
+(cherry picked from commit e75b0d9afbea8a933f8f5f11d279e661cbfd676b)
 ---
- src/waitress/rfc7230.py   | 27 ++++++++++++++++++++++++++-
- src/waitress/utilities.py | 28 +++-------------------------
+ waitress/rfc7230.py   | 27 ++++++++++++++++++++++++++-
+ waitress/utilities.py | 28 +++-------------------------
  2 files changed, 29 insertions(+), 26 deletions(-)
 
-diff --git a/src/waitress/rfc7230.py b/src/waitress/rfc7230.py
-index cd33c90..0b76a38 100644
---- a/src/waitress/rfc7230.py
-+++ b/src/waitress/rfc7230.py
+diff --git a/waitress/rfc7230.py b/waitress/rfc7230.py
+index cd33c90..4c4c0a9 100644
+--- a/waitress/rfc7230.py
++++ b/waitress/rfc7230.py
 @@ -7,6 +7,9 @@ import re
  
  from .compat import tobytes
@@ -62,8 +55,8 @@ index cd33c90..0b76a38 100644
 +)
 +
 +# Pre-compiled regular expressions for use elsewhere
-+ONLY_HEXDIG_RE = re.compile(("^" + HEXDIG + "+$").encode("latin-1"))
-+ONLY_DIGIT_RE = re.compile(("^" + DIGIT + "+$").encode("latin-1"))
++ONLY_HEXDIG_RE = re.compile(tobytes("^" + HEXDIG + "+$"))
++ONLY_DIGIT_RE = re.compile(tobytes("^" + DIGIT + "+$"))
 +HEADER_FIELD_RE = re.compile(
      tobytes(
          "^(?P<name>" + TOKEN + "):" + OWS + "(?P<value>" + FIELD_VALUE + ")" + OWS + "$"
@@ -71,11 +64,11 @@ index cd33c90..0b76a38 100644
  )
 +QUOTED_PAIR_RE = re.compile(QUOTED_PAIR)
 +QUOTED_STRING_RE = re.compile(QUOTED_STRING)
-+CHUNK_EXT_RE = re.compile(("^" + CHUNK_EXT + "$").encode("latin-1"))
-diff --git a/src/waitress/utilities.py b/src/waitress/utilities.py
++CHUNK_EXT_RE = re.compile(tobytes("^" + CHUNK_EXT + "$"))
+diff --git a/waitress/utilities.py b/waitress/utilities.py
 index 556bed2..fa59657 100644
---- a/src/waitress/utilities.py
-+++ b/src/waitress/utilities.py
+--- a/waitress/utilities.py
++++ b/waitress/utilities.py
 @@ -22,7 +22,7 @@ import re
  import stat
  import time
@@ -129,5 +122,5 @@ index 556bed2..fa59657 100644
              return value
      elif not value.startswith('"') and not value.endswith('"'):
 -- 
-2.39.2 (Apple Git-143)
+2.45.2
 

0002-Be-more-strict-in-parsing-Content-Length.patch

@@ -1,11 +1,7 @@
-From c2188f39de0df7fc488703ebe0ed6e224f7be820 Mon Sep 17 00:00:00 2001
-From: Renata Ravanelli <renata.ravanelli@gmail.com>
-Date: Fri, 15 Sep 2023 12:26:52 -0300
-Subject: [PATCH 2/6] This patch is a backport of commit: 1f6059f
-
+From 4105558a82b9d4fd7d68b1887dc22f6a0b627b5f Mon Sep 17 00:00:00 2001
 From: Bert JW Regeer <bertjw@regeer.org>
 Date: Sat, 12 Mar 2022 18:32:24 -0700
-Subject: [PATCH] Be more strict in parsing Content-Length
+Subject: [PATCH 2/8] Be more strict in parsing Content-Length
 
 Validate that we are only parsing digits and nothing else. RFC7230 is
 explicit in that the Content-Length can only exist of 1*DIGIT and may
@@ -14,22 +10,22 @@ not include any additional sign information.
 The Python int() function parses `+10` as `10` which means we were more
 lenient than the standard intended.
 
-Backport:
-* Patch refresh - no functional change.
-
-Signed-off-by: Renata Ravanelli <renata.ravanelli@gmail.com>
+(cherry picked from commit 1f6059f4c4a3a0b256b4027eda64fb9fc311b0a6)
 ---
- src/waitress/parser.py | 11 ++++++-----
- tests/test_parser.py   | 24 ++++++++++++++++++++++++
- 2 files changed, 30 insertions(+), 5 deletions(-)
+ waitress/parser.py            | 13 +++++++------
+ waitress/tests/test_parser.py | 24 ++++++++++++++++++++++++
+ 2 files changed, 31 insertions(+), 6 deletions(-)
 
-diff --git a/src/waitress/parser.py b/src/waitress/parser.py
-index 765fe59..4c6ebeb 100644
---- a/src/waitress/parser.py
-+++ b/src/waitress/parser.py
-@@ -22,6 +22,7 @@ from io import BytesIO
+diff --git a/waitress/parser.py b/waitress/parser.py
+index fef8a3d..500730e 100644
+--- a/waitress/parser.py
++++ b/waitress/parser.py
+@@ -20,8 +20,9 @@ import re
+ from io import BytesIO
+ 
  from waitress.buffers import OverflowableBuffer
- from waitress.compat import tostr, unquote_bytes_to_wsgi, urlparse
+-from waitress.compat import tostr, unquote_bytes_to_wsgi, urlparse
++from waitress.compat import tostr, tobytes, unquote_bytes_to_wsgi, urlparse
  from waitress.receiver import ChunkedReceiver, FixedStreamReceiver
 +from waitress.rfc7230 import HEADER_FIELD_RE, ONLY_DIGIT_RE
  from waitress.utilities import (
@@ -43,7 +39,7 @@ index 765fe59..4c6ebeb 100644
  
  
  class ParsingError(Exception):
-@@ -209,7 +209,7 @@ class HTTPRequestParser(object):
+@@ -208,7 +208,7 @@ class HTTPRequestParser(object):
  
          headers = self.headers
          for line in lines:
@@ -52,7 +48,7 @@ index 765fe59..4c6ebeb 100644
  
              if not header:
                  raise ParsingError("Invalid header")
-@@ -299,11 +299,12 @@ class HTTPRequestParser(object):
+@@ -298,11 +298,12 @@ class HTTPRequestParser(object):
                  self.connection_close = True
  
          if not self.chunked:
@@ -61,17 +57,17 @@ index 765fe59..4c6ebeb 100644
 -            except ValueError:
 +            cl = headers.get("CONTENT_LENGTH", "0")
 +
-+            if not ONLY_DIGIT_RE.match(cl.encode("latin-1")):
++            if not ONLY_DIGIT_RE.match(tobytes(cl)):
                  raise ParsingError("Content-Length is invalid")
  
 +            cl = int(cl)
              self.content_length = cl
              if cl > 0:
                  buf = OverflowableBuffer(self.adj.inbuf_overflow)
-diff --git a/tests/test_parser.py b/tests/test_parser.py
+diff --git a/waitress/tests/test_parser.py b/waitress/tests/test_parser.py
 index 91837c7..eabf353 100644
---- a/tests/test_parser.py
-+++ b/tests/test_parser.py
+--- a/waitress/tests/test_parser.py
++++ b/waitress/tests/test_parser.py
 @@ -194,6 +194,30 @@ class TestHTTPRequestParser(unittest.TestCase):
          else:  # pragma: nocover
              self.assertTrue(False)
@@ -104,5 +100,5 @@ index 91837c7..eabf353 100644
          from waitress.parser import ParsingError
  
 -- 
-2.39.2 (Apple Git-143)
+2.45.2
 

0003-Update-tests-to-remove-invalid-chunked-encoding-chunk-size.patch

@@ -1,11 +1,8 @@
-From 82003049b2b8053d74504c4e6b3e14528a8b38ff Mon Sep 17 00:00:00 2001
-From: Renata Ravanelli <renata.ravanelli@gmail.com>
-Date: Fri, 15 Sep 2023 12:32:19 -0300
-Subject: [PATCH 3/6] This patch is a backport of commit 884bed1
-
+From 42bd030d29b392baed1d427916200df75f4a4a12 Mon Sep 17 00:00:00 2001
 From: Bert JW Regeer <bertjw@regeer.org>
 Date: Sat, 12 Mar 2022 18:35:01 -0700
-Subject: [PATCH] Update tests to remove invalid chunked encoding chunk-size
+Subject: [PATCH 3/8] Update tests to remove invalid chunked encoding
+ chunk-size
 
 RFC7230 states the following:
 
@@ -20,19 +17,17 @@ Where chunk-ext is:
 Only if there is a chunk-ext should there be a `;` after the 1*HEXDIG.
 And a chunk-ext that is empty is invalid.
 
-Backport:
-    * Patch refresh - no functional change.
-Signed-off-by: Renata Ravanelli <renata.ravanelli@gmail.com>
+(cherry picked from commit 884bed167d09c3d5fdf0730e2ca2564eefdd4534)
 ---
- tests/test_functional.py | 6 +++---
- tests/test_parser.py     | 2 +-
+ waitress/tests/test_functional.py | 6 +++---
+ waitress/tests/test_parser.py     | 2 +-
  2 files changed, 4 insertions(+), 4 deletions(-)
 
-diff --git a/tests/test_functional.py b/tests/test_functional.py
-index e894497..7a54b22 100644
---- a/tests/test_functional.py
-+++ b/tests/test_functional.py
-@@ -302,7 +302,7 @@ class EchoTests(object):
+diff --git a/waitress/tests/test_functional.py b/waitress/tests/test_functional.py
+index 8f4b262..33f1317 100644
+--- a/waitress/tests/test_functional.py
++++ b/waitress/tests/test_functional.py
+@@ -301,7 +301,7 @@ class EchoTests(object):
          self.assertFalse("transfer-encoding" in headers)
  
      def test_chunking_request_with_content(self):
@@ -41,7 +36,7 @@ index e894497..7a54b22 100644
          s = b"This string has 32 characters.\r\n"
          expected = s * 12
          header = tobytes("GET / HTTP/1.1\r\nTransfer-Encoding: chunked\r\n\r\n")
-@@ -321,7 +321,7 @@ class EchoTests(object):
+@@ -320,7 +320,7 @@ class EchoTests(object):
          self.assertFalse("transfer-encoding" in headers)
  
      def test_broken_chunked_encoding(self):
@@ -50,7 +45,7 @@ index e894497..7a54b22 100644
          s = "This string has 32 characters.\r\n"
          to_send = "GET / HTTP/1.1\r\nTransfer-Encoding: chunked\r\n\r\n"
          to_send += control_line + s + "\r\n"
-@@ -346,7 +346,7 @@ class EchoTests(object):
+@@ -344,7 +344,7 @@ class EchoTests(object):
          self.assertRaises(ConnectionClosed, read_http, fp)
  
      def test_broken_chunked_encoding_missing_chunk_end(self):
@@ -59,10 +54,10 @@ index e894497..7a54b22 100644
          s = "This string has 32 characters.\r\n"
          to_send = "GET / HTTP/1.1\r\nTransfer-Encoding: chunked\r\n\r\n"
          to_send += control_line + s
-diff --git a/tests/test_parser.py b/tests/test_parser.py
+diff --git a/waitress/tests/test_parser.py b/waitress/tests/test_parser.py
 index eabf353..420f280 100644
---- a/tests/test_parser.py
-+++ b/tests/test_parser.py
+--- a/waitress/tests/test_parser.py
++++ b/waitress/tests/test_parser.py
 @@ -152,7 +152,7 @@ class TestHTTPRequestParser(unittest.TestCase):
              b"Transfer-Encoding: chunked\r\n"
              b"X-Foo: 1\r\n"
@@ -73,5 +68,5 @@ index eabf353..420f280 100644
              b"0\r\n\r\n"
          )
 -- 
-2.39.2 (Apple Git-143)
+2.45.2
 

0004-Error-when-receiving-back-Chunk-Extension.patch

@@ -0,0 +1,135 @@
+From 7661d0826c9d0f197e66feed5b306b56c90255c4 Mon Sep 17 00:00:00 2001
+From: Bert JW Regeer <bertjw@regeer.org>
+Date: Sat, 12 Mar 2022 18:42:51 -0700
+Subject: [PATCH 4/8] Error when receiving back Chunk Extension
+
+Waitress discards chunked extensions and does no further processing on
+them, however it failed to validate that the chunked encoding extension
+did not contain invalid data.
+
+We now validate that if there are any chunked extensions that they are
+well-formed, if they are not and contain invalid characters, then
+Waitress will now correctly return a Bad Request and stop any further
+processing of the request.
+
+(cherry picked from commit d032a669682838b26d6a1a1b513b9da83b0e0f90)
+---
+ waitress/receiver.py              | 11 ++++++++++-
+ waitress/tests/test_functional.py | 22 ++++++++++++++++++++++
+ waitress/tests/test_receiver.py   | 31 +++++++++++++++++++++++++++++++
+ 3 files changed, 63 insertions(+), 1 deletion(-)
+
+diff --git a/waitress/receiver.py b/waitress/receiver.py
+index 5d1568d..106dbc7 100644
+--- a/waitress/receiver.py
++++ b/waitress/receiver.py
+@@ -14,6 +14,7 @@
+ """Data Chunk Receiver
+ """
+ 
++from waitress.rfc7230 import CHUNK_EXT_RE, ONLY_HEXDIG_RE
+ from waitress.utilities import BadRequest, find_double_newline
+ 
+ 
+@@ -110,6 +111,7 @@ class ChunkedReceiver(object):
+                     s = b""
+                 else:
+                     self.chunk_end = b""
++
+                     if pos == 0:
+                         # Chop off the terminating CR LF from the chunk
+                         s = s[2:]
+@@ -140,7 +142,14 @@ class ChunkedReceiver(object):
+                         semi = line.find(b";")
+ 
+                         if semi >= 0:
+-                            # discard extension info.
++                            extinfo = line[semi:]
++                            valid_ext_info = CHUNK_EXT_RE.match(extinfo)
++
++                            if not valid_ext_info:
++                                self.error = BadRequest("Invalid chunk extension")
++                                self.all_chunks_received = True
++
++                                break
+                             line = line[:semi]
+                         try:
+                             sz = int(line.strip(), 16)  # hexadecimal
+diff --git a/waitress/tests/test_functional.py b/waitress/tests/test_functional.py
+index 33f1317..b1aac96 100644
+--- a/waitress/tests/test_functional.py
++++ b/waitress/tests/test_functional.py
+@@ -343,6 +343,28 @@ class EchoTests(object):
+         self.send_check_error(to_send)
+         self.assertRaises(ConnectionClosed, read_http, fp)
+ 
++    def test_broken_chunked_encoding_invalid_extension(self):
++        control_line = b"20;invalid=\r\n"  # 20 hex = 32 dec
++        s = b"This string has 32 characters.\r\n"
++        to_send = b"GET / HTTP/1.1\r\nTransfer-Encoding: chunked\r\n\r\n"
++        to_send += control_line + s + b"\r\n"
++        self.connect()
++        self.sock.send(to_send)
++        fp = self.sock.makefile("rb", 0)
++        line, headers, response_body = read_http(fp)
++        self.assertline(line, "400", "Bad Request", "HTTP/1.1")
++        cl = int(headers["content-length"])
++        self.assertEqual(cl, len(response_body))
++        self.assertIn(b"Invalid chunk extension", response_body)
++        self.assertEqual(
++            sorted(headers.keys()),
++            ["connection", "content-length", "content-type", "date", "server"],
++        )
++        self.assertEqual(headers["content-type"], "text/plain")
++        # connection has been closed
++        self.send_check_error(to_send)
++        self.assertRaises(ConnectionClosed, read_http, fp)
++
+     def test_broken_chunked_encoding_missing_chunk_end(self):
+         control_line = "20\r\n"  # 20 hex = 32 dec
+         s = "This string has 32 characters.\r\n"
+diff --git a/waitress/tests/test_receiver.py b/waitress/tests/test_receiver.py
+index b4910bb..e5d31a3 100644
+--- a/waitress/tests/test_receiver.py
++++ b/waitress/tests/test_receiver.py
+@@ -226,6 +226,37 @@ class TestChunkedReceiver(unittest.TestCase):
+         self.assertEqual(inst.error, None)
+ 
+ 
++class TestChunkedReceiverParametrized:
++    def _makeOne(self, buf):
++        from waitress.receiver import ChunkedReceiver
++
++        return ChunkedReceiver(buf)
++
++    def test_received_invalid_extensions(self):
++        from waitress.utilities import BadRequest
++
++        for invalid_extension in [b"\n", b"invalid=", b"\r", b"invalid = true"]:
++            buf = DummyBuffer()
++            inst = self._makeOne(buf)
++            data = b"4;" + invalid_extension + b"\r\ntest\r\n"
++            result = inst.received(data)
++            assert result == len(data)
++            assert inst.error.__class__ == BadRequest
++            assert inst.error.body == "Invalid chunk extension"
++
++    def test_received_valid_extensions(self):
++        # While waitress may ignore extensions in Chunked Encoding, we do want
++        # to make sure that we don't fail when we do encounter one that is
++        # valid
++        for valid_extension in [b"test", b"valid=true", b"valid=true;other=true"]:
++            buf = DummyBuffer()
++            inst = self._makeOne(buf)
++            data = b"4;" + valid_extension + b"\r\ntest\r\n"
++            result = inst.received(data)
++            assert result == len(data)
++            assert inst.error == None
++
++
+ class DummyBuffer(object):
+     def __init__(self, data=None):
+         if data is None:
+-- 
+2.45.2
+

0004-This-patch-is-a-backport-of-commit-d032a66.patch

@@ -1,152 +0,0 @@
-From 86a7f4d2ea10ab96a3597f64b8662fbd741e2031 Mon Sep 17 00:00:00 2001
-From: Renata Ravanelli <renata.ravanelli@gmail.com>
-Date: Fri, 15 Sep 2023 12:40:31 -0300
-Subject: [PATCH 4/6] This patch is a backport of commit: d032a66
-
-From: Bert JW Regeer <bertjw@regeer.org>
-
-Date: Sat, 12 Mar 2022 18:42:51 -0700
-Subject: [PATCH] Error when receiving back Chunk Extension
-
-Waitress discards chunked extensions and does no further processing on
-them, however it failed to validate that the chunked encoding extension
-did not contain invalid data.
-
-We now validate that if there are any chunked extensions that they are
-well-formed, if they are not and contain invalid characters, then
-Waitress will now correctly return a Bad Request and stop any further
-processing of the request
-
-Signed-off-by: Renata Ravanelli <renata.ravanelli@gmail.com>
----
- src/waitress/receiver.py | 11 ++++++++++-
- tests/test_functional.py | 22 ++++++++++++++++++++++
- tests/test_receiver.py   | 37 +++++++++++++++++++++++++++++++++++++
- 3 files changed, 69 insertions(+), 1 deletion(-)
-
-diff --git a/src/waitress/receiver.py b/src/waitress/receiver.py
-index 5d1568d..106dbc7 100644
---- a/src/waitress/receiver.py
-+++ b/src/waitress/receiver.py
-@@ -14,6 +14,7 @@
- """Data Chunk Receiver
- """
- 
-+from waitress.rfc7230 import CHUNK_EXT_RE, ONLY_HEXDIG_RE
- from waitress.utilities import BadRequest, find_double_newline
- 
- 
-@@ -110,6 +111,7 @@ class ChunkedReceiver(object):
-                     s = b""
-                 else:
-                     self.chunk_end = b""
-+
-                     if pos == 0:
-                         # Chop off the terminating CR LF from the chunk
-                         s = s[2:]
-@@ -140,7 +142,14 @@ class ChunkedReceiver(object):
-                         semi = line.find(b";")
- 
-                         if semi >= 0:
--                            # discard extension info.
-+                            extinfo = line[semi:]
-+                            valid_ext_info = CHUNK_EXT_RE.match(extinfo)
-+
-+                            if not valid_ext_info:
-+                                self.error = BadRequest("Invalid chunk extension")
-+                                self.all_chunks_received = True
-+
-+                                break
-                             line = line[:semi]
-                         try:
-                             sz = int(line.strip(), 16)  # hexadecimal
-diff --git a/tests/test_functional.py b/tests/test_functional.py
-index 7a54b22..853942c 100644
---- a/tests/test_functional.py
-+++ b/tests/test_functional.py
-@@ -345,6 +345,28 @@ class EchoTests(object):
-         self.send_check_error(to_send)
-         self.assertRaises(ConnectionClosed, read_http, fp)
- 
-+    def test_broken_chunked_encoding_invalid_extension(self):
-+        control_line = b"20;invalid=\r\n"  # 20 hex = 32 dec
-+        s = b"This string has 32 characters.\r\n"
-+        to_send = b"GET / HTTP/1.1\r\nTransfer-Encoding: chunked\r\n\r\n"
-+        to_send += control_line + s + b"\r\n"
-+        self.connect()
-+        self.sock.send(to_send)
-+        with self.sock.makefile("rb", 0) as fp:
-+            line, headers, response_body = read_http(fp)
-+            self.assertline(line, "400", "Bad Request", "HTTP/1.1")
-+            cl = int(headers["content-length"])
-+            self.assertEqual(cl, len(response_body))
-+            self.assertIn(b"Invalid chunk extension", response_body)
-+            self.assertEqual(
-+                sorted(headers.keys()),
-+                ["connection", "content-length", "content-type", "date", "server"],
-+            )
-+            self.assertEqual(headers["content-type"], "text/plain")
-+            # connection has been closed
-+            self.send_check_error(to_send)
-+            self.assertRaises(ConnectionClosed, read_http, fp)
-+
-     def test_broken_chunked_encoding_missing_chunk_end(self):
-         control_line = "20\r\n"  # 20 hex = 32 dec
-         s = "This string has 32 characters.\r\n"
-diff --git a/tests/test_receiver.py b/tests/test_receiver.py
-index b4910bb..a6261ea 100644
---- a/tests/test_receiver.py
-+++ b/tests/test_receiver.py
-@@ -1,5 +1,7 @@
- import unittest
- 
-+import pytest
-+
- 
- class TestFixedStreamReceiver(unittest.TestCase):
-     def _makeOne(self, cl, buf):
-@@ -226,6 +228,41 @@ class TestChunkedReceiver(unittest.TestCase):
-         self.assertEqual(inst.error, None)
- 
- 
-+class TestChunkedReceiverParametrized:
-+    def _makeOne(self, buf):
-+        from waitress.receiver import ChunkedReceiver
-+
-+        return ChunkedReceiver(buf)
-+
-+    @pytest.mark.parametrize(
-+        "invalid_extension", [b"\n", b"invalid=", b"\r", b"invalid = true"]
-+    )
-+    def test_received_invalid_extensions(self, invalid_extension):
-+        from waitress.utilities import BadRequest
-+
-+        buf = DummyBuffer()
-+        inst = self._makeOne(buf)
-+        data = b"4;" + invalid_extension + b"\r\ntest\r\n"
-+        result = inst.received(data)
-+        assert result == len(data)
-+        assert inst.error.__class__ == BadRequest
-+        assert inst.error.body == "Invalid chunk extension"
-+
-+    @pytest.mark.parametrize(
-+        "valid_extension", [b"test", b"valid=true", b"valid=true;other=true"]
-+    )
-+    def test_received_valid_extensions(self, valid_extension):
-+        # While waitress may ignore extensions in Chunked Encoding, we do want
-+        # to make sure that we don't fail when we do encounter one that is
-+        # valid
-+        buf = DummyBuffer()
-+        inst = self._makeOne(buf)
-+        data = b"4;" + valid_extension + b"\r\ntest\r\n"
-+        result = inst.received(data)
-+        assert result == len(data)
-+        assert inst.error == None
-+
-+
- class DummyBuffer(object):
-     def __init__(self, data=None):
-         if data is None:
--- 
-2.39.2 (Apple Git-143)
-

0005-Validate-chunk-size-in-Chunked-Encoding-are-HEXDIG.patch

@@ -1,11 +1,7 @@
-From b0ae7e3e156ac6f4a30ac4a54af0bffb707b008d Mon Sep 17 00:00:00 2001
-From: Renata Ravanelli <renata.ravanelli@gmail.com>
-Date: Fri, 15 Sep 2023 12:41:06 -0300
-Subject: [PATCH 5/6] This patch is a backport of commit d9bdfa0
-
+From 4f0c74f6aab47c599d33d36cd783b5fa330384d9 Mon Sep 17 00:00:00 2001
 From: Bert JW Regeer <bertjw@regeer.org>
 Date: Sat, 12 Mar 2022 18:48:26 -0700
-Subject: [PATCH] Validate chunk size in Chunked Encoding are HEXDIG
+Subject: [PATCH 5/8] Validate chunk size in Chunked Encoding are HEXDIG
 
 RFC7230 states that a chunk-size should be 1*HEXDIG, this is now
 validated before passing the resulting string to int() which would also
@@ -17,17 +13,17 @@ leading to request smuggling.
 With the increased validation if the size is not just hex digits,
 Waitress now returns a Bad Request and stops processing the request.
 
-Signed-off-by: Renata Ravanelli <renata.ravanelli@gmail.com>
+(cherry picked from commit d9bdfa0cf210f6daf017d7c5a3cc149bdec8a9a7)
 ---
- src/waitress/receiver.py | 19 ++++++++++++++-----
- tests/test_functional.py | 22 ++++++++++++++++++++++
- tests/test_receiver.py   | 12 ++++++++++++
+ waitress/receiver.py              | 19 ++++++++++++++-----
+ waitress/tests/test_functional.py | 22 ++++++++++++++++++++++
+ waitress/tests/test_receiver.py   | 12 ++++++++++++
  3 files changed, 48 insertions(+), 5 deletions(-)
 
-diff --git a/src/waitress/receiver.py b/src/waitress/receiver.py
+diff --git a/waitress/receiver.py b/waitress/receiver.py
 index 106dbc7..9e4bffe 100644
---- a/src/waitress/receiver.py
-+++ b/src/waitress/receiver.py
+--- a/waitress/receiver.py
++++ b/waitress/receiver.py
 @@ -150,12 +150,21 @@ class ChunkedReceiver(object):
                                  self.all_chunks_received = True
  
@@ -55,11 +51,11 @@ index 106dbc7..9e4bffe 100644
  
                          if sz > 0:
                              # Start a new chunk.
-diff --git a/tests/test_functional.py b/tests/test_functional.py
-index 853942c..448e0c0 100644
---- a/tests/test_functional.py
-+++ b/tests/test_functional.py
-@@ -345,6 +345,28 @@ class EchoTests(object):
+diff --git a/waitress/tests/test_functional.py b/waitress/tests/test_functional.py
+index b1aac96..a7421c6 100644
+--- a/waitress/tests/test_functional.py
++++ b/waitress/tests/test_functional.py
+@@ -343,6 +343,28 @@ class EchoTests(object):
          self.send_check_error(to_send)
          self.assertRaises(ConnectionClosed, read_http, fp)
  
@@ -70,47 +66,47 @@ index 853942c..448e0c0 100644
 +        to_send += control_line + s + b"\r\n"
 +        self.connect()
 +        self.sock.send(to_send)
-+        with self.sock.makefile("rb", 0) as fp:
-+            line, headers, response_body = read_http(fp)
-+            self.assertline(line, "400", "Bad Request", "HTTP/1.1")
-+            cl = int(headers["content-length"])
-+            self.assertEqual(cl, len(response_body))
-+            self.assertIn(b"Invalid chunk size", response_body)
-+            self.assertEqual(
-+                sorted(headers.keys()),
-+                ["connection", "content-length", "content-type", "date", "server"],
-+            )
-+            self.assertEqual(headers["content-type"], "text/plain")
-+            # connection has been closed
-+            self.send_check_error(to_send)
-+            self.assertRaises(ConnectionClosed, read_http, fp)
++        fp = self.sock.makefile("rb", 0)
++        line, headers, response_body = read_http(fp)
++        self.assertline(line, "400", "Bad Request", "HTTP/1.1")
++        cl = int(headers["content-length"])
++        self.assertEqual(cl, len(response_body))
++        self.assertIn(b"Invalid chunk size", response_body)
++        self.assertEqual(
++            sorted(headers.keys()),
++            ["connection", "content-length", "content-type", "date", "server"],
++        )
++        self.assertEqual(headers["content-type"], "text/plain")
++        # connection has been closed
++        self.send_check_error(to_send)
++        self.assertRaises(ConnectionClosed, read_http, fp)
 +
      def test_broken_chunked_encoding_invalid_extension(self):
          control_line = b"20;invalid=\r\n"  # 20 hex = 32 dec
          s = b"This string has 32 characters.\r\n"
-diff --git a/tests/test_receiver.py b/tests/test_receiver.py
-index a6261ea..17328d4 100644
---- a/tests/test_receiver.py
-+++ b/tests/test_receiver.py
-@@ -262,6 +262,18 @@ class TestChunkedReceiverParametrized:
-         assert result == len(data)
-         assert inst.error == None
+diff --git a/waitress/tests/test_receiver.py b/waitress/tests/test_receiver.py
+index e5d31a3..b539264 100644
+--- a/waitress/tests/test_receiver.py
++++ b/waitress/tests/test_receiver.py
+@@ -256,6 +256,18 @@ class TestChunkedReceiverParametrized:
+             assert result == len(data)
+             assert inst.error == None
  
-+    @pytest.mark.parametrize("invalid_size", [b"0x04", b"+0x04", b"x04", b"+04"])
 +    def test_received_invalid_size(self, invalid_size):
 +        from waitress.utilities import BadRequest
 +
-+        buf = DummyBuffer()
-+        inst = self._makeOne(buf)
-+        data = invalid_size + b"\r\ntest\r\n"
-+        result = inst.received(data)
-+        assert result == len(data)
-+        assert inst.error.__class__ == BadRequest
-+        assert inst.error.body == "Invalid chunk size"
++        for invalid_size in [b"0x04", b"+0x04", b"x04", b"+04"]:
++            buf = DummyBuffer()
++            inst = self._makeOne(buf)
++            data = invalid_size + b"\r\ntest\r\n"
++            result = inst.received(data)
++            assert result == len(data)
++            assert inst.error.__class__ == BadRequest
++            assert inst.error.body == "Invalid chunk size"
 +
  
  class DummyBuffer(object):
      def __init__(self, data=None):
 -- 
-2.39.2 (Apple Git-143)
+2.45.2
 

0006-Remove-extraneous-calls-to-.strip-in-Chunked-Encoding.patch

@@ -1,12 +1,7 @@
-From ef0b3d7cb9f532c062052082f71174ef94d4a3e3 Mon Sep 17 00:00:00 2001
-From: Renata Ravanelli <renata.ravanelli@gmail.com>
-Date: Fri, 15 Sep 2023 12:41:52 -0300
-Subject: [PATCH 6/6] This patch is a backport of commit bd22869
-
-From bd22869 Mon Sep 17 00:00:00 2001
+From 92c5f8b8dbfc73780f8404b225b1282d58c5cd96 Mon Sep 17 00:00:00 2001
 From: Bert JW Regeer <bertjw@regeer.org>
 Date: Sat, 12 Mar 2022 19:16:23 -0700
-Subject: [PATCH] Remove extraneous calls to .strip() in Chunked Encoding
+Subject: [PATCH 6/8] Remove extraneous calls to .strip() in Chunked Encoding
 
 To be valid chunked encoding we should not be removing any whitespace as
 the standard does not allow for optional whitespace.
@@ -14,19 +9,16 @@ the standard does not allow for optional whitespace.
 If whitespace is encountered in the wrong place, it should lead to a 400
 Bad Request instead.
 
-Backport:
-  * Patch refresh - no functional change.
-
-Signed-off-by: Renata Ravanelli <renata.ravanelli@gmail.com>
+(cherry picked from commit bd22869c143a3f1284f271399524676efbafa655)
 ---
- src/waitress/receiver.py | 6 +-----
- tests/test_receiver.py   | 4 +++-
- 2 files changed, 4 insertions(+), 6 deletions(-)
+ waitress/receiver.py            | 6 +-----
+ waitress/tests/test_receiver.py | 2 +-
+ 2 files changed, 2 insertions(+), 6 deletions(-)
 
-diff --git a/src/waitress/receiver.py b/src/waitress/receiver.py
+diff --git a/waitress/receiver.py b/waitress/receiver.py
 index 9e4bffe..806ff87 100644
---- a/src/waitress/receiver.py
-+++ b/src/waitress/receiver.py
+--- a/waitress/receiver.py
++++ b/waitress/receiver.py
 @@ -135,7 +135,6 @@ class ChunkedReceiver(object):
                      line = s[:pos]
                      s = s[pos + 2 :]
@@ -54,21 +46,19 @@ index 9e4bffe..806ff87 100644
  
                          if sz > 0:
                              # Start a new chunk.
-diff --git a/tests/test_receiver.py b/tests/test_receiver.py
-index 17328d4..014f785 100644
---- a/tests/test_receiver.py
-+++ b/tests/test_receiver.py
-@@ -262,7 +262,9 @@ class TestChunkedReceiverParametrized:
-         assert result == len(data)
-         assert inst.error == None
- 
--    @pytest.mark.parametrize("invalid_size", [b"0x04", b"+0x04", b"x04", b"+04"])
-+    @pytest.mark.parametrize(
-+        "invalid_size", [b"0x04", b"+0x04", b"x04", b"+04", b" 04", b" 0x04"]
-+    )
+diff --git a/waitress/tests/test_receiver.py b/waitress/tests/test_receiver.py
+index b539264..fd192c1 100644
+--- a/waitress/tests/test_receiver.py
++++ b/waitress/tests/test_receiver.py
+@@ -259,7 +259,7 @@ class TestChunkedReceiverParametrized:
      def test_received_invalid_size(self, invalid_size):
          from waitress.utilities import BadRequest
  
+-        for invalid_size in [b"0x04", b"+0x04", b"x04", b"+04"]:
++        for invalid_size in [b"0x04", b"+0x04", b"x04", b"+04", b" 04", b" 0x04"]:
+             buf = DummyBuffer()
+             inst = self._makeOne(buf)
+             data = invalid_size + b"\r\ntest\r\n"
 -- 
-2.39.2 (Apple Git-143)
+2.45.2
 

0007-Backport-security-fix-note.patch

@@ -0,0 +1,43 @@
+From 6e0af1e0e01f7c9a9a83431b99a82b0de5c6a5da Mon Sep 17 00:00:00 2001
+From: Carl George <carlwgeorge@gmail.com>
+Date: Tue, 25 Jun 2024 22:40:57 -0500
+Subject: [PATCH 7/8] Backport security fix note
+
+---
+ CHANGES.txt | 23 +++++++++++++++++++++++
+ 1 file changed, 23 insertions(+)
+
+diff --git a/CHANGES.txt b/CHANGES.txt
+index 701c2b0..f9d4c42 100644
+--- a/CHANGES.txt
++++ b/CHANGES.txt
+@@ -1,3 +1,26 @@
++Security Bugfix
++~~~~~~~~~~~~~~~
++
++- Waitress now validates that chunked encoding extensions are valid, and don't
++  contain invalid characters that are not allowed. They are still skipped/not
++  processed, but if they contain invalid data we no longer continue in and
++  return a 400 Bad Request. This stops potential HTTP desync/HTTP request
++  smuggling. Thanks to Zhang Zeyu for reporting this issue. See
++  https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
++
++- Waitress now validates that the chunk length is only valid hex digits when
++  parsing chunked encoding, and values such as ``0x01`` and ``+01`` are no
++  longer supported. This stops potential HTTP desync/HTTP request smuggling.
++  Thanks to Zhang Zeyu for reporting this issue. See
++  https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
++
++- Waitress now validates that the Content-Length sent by a remote contains only
++  digits in accordance with RFC7230 and will return a 400 Bad Request when the
++  Content-Length header contains invalid data, such as ``+10`` which would
++  previously get parsed as ``10`` and accepted. This stops potential HTTP
++  desync/HTTP request smuggling Thanks to Zhang Zeyu for reporting this issue. See
++  https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
++
+ 1.4.3 (2020-02-02)
+ ------------------
+ 
+-- 
+2.45.2
+

0008-Skip-tests-that-fail-inconsistently-during-mock-build.patch

@@ -0,0 +1,32 @@
+From 4f0407051486b5e01a148ca53f361dd802d88c59 Mon Sep 17 00:00:00 2001
+From: Carl George <carlwgeorge@gmail.com>
+Date: Tue, 25 Jun 2024 22:55:20 -0500
+Subject: [PATCH 8/8] Skip tests that fail inconsistently during mock build
+
+---
+ waitress/tests/test_functional.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/waitress/tests/test_functional.py b/waitress/tests/test_functional.py
+index a7421c6..d846d06 100644
+--- a/waitress/tests/test_functional.py
++++ b/waitress/tests/test_functional.py
+@@ -1224,6 +1224,7 @@ class InternalServerErrorTests(object):
+         self.send_check_error(to_send)
+         self.assertRaises(ConnectionClosed, read_http, fp)
+ 
++    @unittest.skip('fails inconsistently during mock build')
+     def test_after_write_cb(self):
+         to_send = "GET /after_write_cb HTTP/1.1\r\n\r\n"
+         to_send = tobytes(to_send)
+@@ -1237,6 +1238,7 @@ class InternalServerErrorTests(object):
+         self.send_check_error(to_send)
+         self.assertRaises(ConnectionClosed, read_http, fp)
+ 
++    @unittest.skip('fails inconsistently during mock build')
+     def test_in_generator(self):
+         to_send = "GET /in_generator HTTP/1.1\r\n\r\n"
+         to_send = tobytes(to_send)
+-- 
+2.45.2
+

python-waitress.spec

@@ -1,14 +1,18 @@
-Name:           python-waitress
-Version:        1.4.4
-Release:        8%{?dist}
+%global srcname waitress
+
+%global _docdir_fmt %{name}
+
+Name:           python-%{srcname}
+Version:        1.4.3
+Release:        2%{?dist}
 Summary:        Waitress WSGI server
 
-License:        ZPL-2.1
-URL:            https://github.com/Pylons/waitress
+License:        ZPLv2.1
+URL:            https://github.com/Pylons/%{srcname}
 Source0:        v%{version}-nodocs.tar.gz
-# Upstream ships non free docs files.
+# Upstream ships non free docs files. 
 # We do not even want them in our src.rpms
-# So we remove them before uploading.
+# So we remove them before uploading. 
 #
 # Download the upstream tarball and invoke this script while in the
 # tarball's directory:
@@ -16,14 +20,21 @@ Source0:        v%{version}-nodocs.tar.gz
 #
 Source1: generate-tarball.sh
 
-# These patches are backports based on RHEL patch #923591398b8553c7ba295dfede592671b653f946
-
-Patch1:		0001-This-patch-is-a-backport-of-commit-e75b0d9.patch
-Patch2:		0002-This-patch-is-a-backport-of-commit-1f6059f.patch
-Patch3:		0003-This-patch-is-a-backport-of-commit-884bed1.patch
-Patch4:		0004-This-patch-is-a-backport-of-commit-d032a66.patch
-Patch5:		0005-This-patch-is-a-backport-of-commit-d9bdfa0.patch
-Patch6:		0006-This-patch-is-a-backport-of-commit-bd22869.patch
+# https://github.com/Pylons/waitress/commit/e75b0d9afbea8a933f8f5f11d279e661cbfd676b
+Patch1:         0001-Add-new-regular-expressions-for-Chunked-Encoding.patch
+# https://github.com/Pylons/waitress/commit/1f6059f4c4a3a0b256b4027eda64fb9fc311b0a6
+Patch2:         0002-Be-more-strict-in-parsing-Content-Length.patch
+# https://github.com/Pylons/waitress/commit/884bed167d09c3d5fdf0730e2ca2564eefdd4534
+Patch3:         0003-Update-tests-to-remove-invalid-chunked-encoding-chunk-size.patch
+# https://github.com/Pylons/waitress/commit/d032a669682838b26d6a1a1b513b9da83b0e0f90
+Patch4:         0004-Error-when-receiving-back-Chunk-Extension.patch
+# https://github.com/Pylons/waitress/commit/d9bdfa0cf210f6daf017d7c5a3cc149bdec8a9a7
+Patch5:         0005-Validate-chunk-size-in-Chunked-Encoding-are-HEXDIG.patch
+# https://github.com/Pylons/waitress/commit/bd22869c143a3f1284f271399524676efbafa655
+Patch6:         0006-Remove-extraneous-calls-to-.strip-in-Chunked-Encoding.patch
+# downstream only patches
+Patch7:         0007-Backport-security-fix-note.patch
+Patch8:         0008-Skip-tests-that-fail-inconsistently-during-mock-build.patch
 
 BuildArch:      noarch
 
@@ -31,106 +42,77 @@ BuildArch:      noarch
 Waitress is meant to be a production-quality pure-Python WSGI server with very
 acceptable performance. It has no dependencies except ones which live in the
 Python standard library. It runs on CPython on Unix and Windows under Python
-2.7+ and Python 3.5+. It is also known to run on PyPy 1.6.0+ on UNIX. It
+2.7+ and Python 3.4+. It is also known to run on PyPy 1.6.0+ on UNIX. It
 supports HTTP/1.0 and HTTP/1.1.}
 
 %description %{_description}
 
-%package -n python3-waitress
+%package -n python2-%{srcname}
+Summary:        %{summary}
+BuildRequires:  python2-devel
+BuildRequires:  python2-setuptools
+BuildRequires:  python2-nose
+
+%description -n python2-%{srcname} %{_description}
+
+Python 2 version.
+
+%package -n python3-%{srcname}
 Summary:        %{summary}
 BuildRequires:  python3-devel
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-nose
 
-%description -n python3-waitress %{_description}
+%description -n python3-%{srcname} %{_description}
 
-%prep
-%autosetup -n waitress-%{version}-nodocs -p 1
-sed -e '/pytest-cover/d' \
-    -e '/coverage/d' \
-    -e '/addopts/d' \
-    -i setup.cfg
+Python 3 version.
 
-%generate_buildrequires
-%pyproject_buildrequires -x testing
+%prep
+%autosetup -n %{srcname}-%{version}-nodocs -p 1
 
 %build
-%pyproject_wheel
+%py2_build
+%py3_build
 
 %install
-%pyproject_install
-%pyproject_save_files waitress
+%py2_install
+%py3_install
 
 %check
-%pytest
+PYTHONPATH=%{buildroot}%{python2_sitelib} nosetests-%{python2_version} %{srcname}
+PYTHONPATH=%{buildroot}%{python3_sitelib} nosetests-%{python3_version} %{srcname}
+
+%files -n python2-%{srcname}
+%license COPYRIGHT.txt LICENSE.txt
+%doc README.rst CHANGES.txt
+%{python2_sitelib}/%{srcname}/
+%{python2_sitelib}/%{srcname}-*.egg-info/
 
-%files -n python3-waitress -f %{pyproject_files}
+%files -n python3-%{srcname}
 %license COPYRIGHT.txt LICENSE.txt
 %doc README.rst CHANGES.txt
 %{_bindir}/waitress-serve
+%{python3_sitelib}/%{srcname}/
+%{python3_sitelib}/%{srcname}-*.egg-info/
 
 %changelog
-* Fri Jul 21 2023 Renata Ravanelli <rravanel@redhat.com> - 1.4.4-8
-- Backport changes to fix CVE-2022-24761
-
-* Wed May 10 2023 Carl George <carl@george.computer> - 1.4.4-7
-- Convert to pyproject macros
+* Wed Jun 26 2024 Carl George <carlwgeorge@fedoraproject.org> - 1.4.3-2
+- Backport upstream fix for CVE-2022-24761 rhbz#2065791
+
+* Wed May 10 2023 Carl George <carl@george.computer> - 1.4.3-1
+- Update to version 1.4.3
+- Resolves: rhbz#1791421 CVE-2019-16785
+- Resolves: rhbz#1791417 CVE-2019-16786
+- Resolves: rhbz#1789810 CVE-2019-16789
+- Resolves: CVE-2019-16792
+- Resolves: CVE-2020-5236
 - Run test suite
-- Switch to SPDX license identifier
-
-* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-6
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Thu Jun 03 2021 Python Maint <python-maint@redhat.com> - 1.4.4-4
-- Rebuilt for Python 3.10
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.4-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Fri Jan 15 2021 Troy Dawson <tdawson@redhat.com> - 1.4.4-2
-- Remove test BuildRequires until tests are working
-
-* Thu Sep 10 2020 Joel Capitao <jcapitao@redhat.com> - 1.4.4-1
-- Update to 1.4.4
-
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.3-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Sat May 23 2020 Miro Hrončok <mhroncok@redhat.com> - 1.4.3-2
-- Rebuilt for Python 3.9
-
-* Fri Feb 07 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez@gmail.com> - 1.4.3-1
-- Update to 1.4.3 Fixes bug #1785591
-
-* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.4.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Mon Jan 20 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez@gmail.com> - 1.4.2-1
-- Update to 1.4.2 Fixes bugs #1785591 #1789807 #1789809 #1789810 #1791415
-  #1791416 #1791417 #1791420 #1791421 #1791422 #1791423
-
-* Thu Jan 16 2020 Lorenzo Gil Sanchez <lorenzo.gil.sanchez@gmail.com> - 1.4.1-1
-- Update to 1.4.1 Fixes bug #1785591
-
-* Wed Dec 25 2019 Lorenzo Gil Sanchez <lorenzo.gil.sanchez@gmail.com> - 1.4.0-1
-- Update to 1.4.0 Fixes bug #1785591
-
-* Sun Oct 06 2019 Kevin Fenzi <kevin@scrye.com> - 1.3.1-1
-- Update to 1.3.1. Fixes bug #1747075
-
-* Mon Sep 09 2019 Miro Hrončok <mhroncok@redhat.com> - 1.2.1-5
-- Subpackage python2-waitress has been removed
-  See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
-
-* Sat Aug 17 2019 Miro Hrončok <mhroncok@redhat.com> - 1.2.1-4
-- Rebuilt for Python 3.8
 
-* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.1-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+* Wed Jul 24 2019 Stephen Smoogen <smooge@fedoraproject.org> - 1.2.1-2.1
+- Change out python3-coverage with standard lookup call.
 
 * Sat Jun 29 2019 Kevin Fenzi <kevin@scrye.com> - 1.2.1-2
-- Remove non free docs from src.rpm and provide script to do so before upload.
+- Remove non free docs from src.rpm and provide script to do so before upload. 
 - Fixes bug #1684335
 
 * Tue Feb 05 2019 Lorenzo Gil Sanchez <lorenzo.gil.sanchez@gmail.com> - 1.2.1-1

sources

@@ -1 +1 @@
-SHA512 (v1.4.4-nodocs.tar.gz) = 246e066774f093caf174c2e7a054fedf9d09ce871524f6fdfd86bade89b858ff28ea0fd7347874303e473bf2527919beecc174264d5d8283030ab13c5942ef2d
+SHA512 (v1.4.3-nodocs.tar.gz) = c3749376e97d864874b1976b7f9f2688d3b55c56e33a01d968fc59a068a27ea14dd389d8ca4feb211afbfd0bb6848f6b8d483142e0b7a1b403f924fb7cb87f3c