waitress (1.4.1-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: Request smuggle
    - debian/patches/CVE-2022-24761-*: Fix for HTTP request smuggling due
      to incorrect validation in src/waitress/parser.py,
      src/waitress/receiver.py, src/waitress/rfc7230.py,
      src/waitress/utilities.py, test/test_functional.py,
      test/test_parser.py, test/test_receiver.py.
    - CVE-2022-24761
  * Fixing tests issues
    - debian/patches/fixing_tests.patch: fix compatibility issues in tests
      test/test_functional.py, test/test_receiver.py.

 -- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>  Thu, 31 Mar 2022 15:56:43 -0300

waitress (1.4.1-1) unstable; urgency=medium

  * New upstream release.
    - Closes: #947306:
      CVE-2019-16785: potential HTTP request smuggling/splitting
      due to differences in endline parsing.
      CVE-2019-16786: incorrect treatment of single requests as
      multiple requests in the case of HTTP pipelining due to
      the incorrect parsing of Transfer-Encoding ignoring all but
      the first comma-separated header value.
    - Closes: #947433:
      CVE-2019-16789: potential HTTP request splitting leading
      to potential cache poisoning or unexpected information
      disclosure due to incorrect parsing of special whitespace
      characters in the Transfer-Encoding header.
  * Refresh the documentation configuration patch.
  * Set Rules-Requires-Root: no
  * Bump Standards-Version to 4.4.1, no changes.
  * Replace dh_auto_install override with --shebang.
  * Update debian/copyright.
  * Use ${sphinxdoc:Built-Using}.

 -- Andrej Shadura <andrewsh@debian.org>  Wed, 01 Jan 2020 14:04:40 +0100

waitress (1.3.1-4) unstable; urgency=medium

  * Revert the documentation package rename.
  * Revert the reversion of the Python 3 removal.
  * Remove alternatives on preinst.
  * Install waitress-serve into /usr/bin directly.

 -- Andrej Shadura <andrewsh@debian.org>  Thu, 12 Sep 2019 21:38:15 +0200

waitress (1.3.1-3) unstable; urgency=medium

  * Revert the Python 3 removal.
  * Try to remove alternatives, don’t fail if we can’t.

 -- Andrej Shadura <andrewsh@debian.org>  Thu, 12 Sep 2019 21:07:45 +0200

waitress (1.3.1-2) unstable; urgency=medium

  * Rename the documentation package.

 -- Andrej Shadura <andrewsh@debian.org>  Thu, 12 Sep 2019 18:48:27 +0200

waitress (1.3.1-1) unstable; urgency=medium

  * New upstream release.
  * Maintain in the team.
  * Run wrap-and-sort -bask.
  * Use debhelper-compat instead of debian/compat.
  * Use secure URI in Homepage field.
  * Bump debhelper from old 9 to 12.
  * Drop Python 2 support.

 -- Andrej Shadura <andrewsh@debian.org>  Thu, 12 Sep 2019 18:38:52 +0200

waitress (1.2.0~b2-2) unstable; urgency=medium

  * Unbreak docco build (Closes: #918669).

 -- Andrej Shadura <andrewsh@debian.org>  Tue, 08 Jan 2019 15:54:08 +0100

waitress (1.2.0~b2-1) unstable; urgency=medium

  [ Ondřej Nový ]
  * d/copyright: Use https protocol in Format field.
  * d/control: Add Vcs-* field.

  [ Andrej Shadura ]
  * New upstream release.

 -- Andrej Shadura <andrewsh@debian.org>  Mon, 07 Jan 2019 18:26:54 +0100

waitress (1.1.0-1) unstable; urgency=medium

  * New upstream release.
  * Enable autopkgtests.
  * Add Vcs-*.

 -- Andrej Shadura <andrewsh@debian.org>  Sun, 13 May 2018 10:12:31 +0200

waitress (1.0.1-1) unstable; urgency=medium

  * New upstream release.
  * Update package descriptions.
  * Build-Depend on Python 2.7+/3.3+.

 -- Andrew Shadura <andrewsh@debian.org>  Tue, 13 Dec 2016 14:34:36 +0100

waitress (0.8.10-1) unstable; urgency=medium

  [ Juan Picca ]
  * Make the build reproducible (Closes: #788597).

  [ Andrew Shadura ]
  * New upstream release.

 -- Andrew Shadura <andrewsh@debian.org>  Sat, 26 Dec 2015 14:44:28 +0100

waitress (0.8.9-2) unstable; urgency=medium

  * Fix FTBFS (Closes: #765126).

 -- Andrew Shadura <andrewsh@debian.org>  Mon, 13 Oct 2014 21:56:21 +0200

waitress (0.8.9-1) unstable; urgency=medium

  * New upstream release.

 -- Andrew Shadura <andrewsh@debian.org>  Wed, 08 Oct 2014 15:58:50 +0200

waitress (0.8.8-3) unstable; urgency=low

  * Build against python3.4.
  * Fix shebangs in waitress-serve scripts.

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 24 Apr 2014 08:12:29 +0200

waitress (0.8.8-2) unstable; urgency=low

  * Fix the package description.
  * Bump Standards-Version (no changes).

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 24 Apr 2014 07:45:00 +0200

waitress (0.8.8-1) unstable; urgency=low

  * New upstream release.

 -- Andrew Shadura <andrewsh@debian.org>  Sat, 14 Dec 2013 20:55:11 +0100

waitress (0.8.7-3) unstable; urgency=low

  * Switch to using dh-python instead of versioned depends
    on python3 (Closes: #731532).

 -- Andrew Shadura <andrewsh@debian.org>  Sat, 14 Dec 2013 17:53:03 +0100

waitress (0.8.7-2) unstable; urgency=low

  * Update the watch file.
  * Use alternatives to ensure co-installability of python2 and python3
    versions (Closes: #725260).

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 03 Oct 2013 15:44:25 +0200

waitress (0.8.7-1) unstable; urgency=low

  * New upstream version.

 -- Andrew Shadura <andrewsh@debian.org>  Wed, 02 Oct 2013 20:49:35 +0200

waitress (0.8.1-2) unstable; urgency=low

  * Upload to unstable.
  * Remove erroneous patch.

 -- Andrew Shadura <andrewsh@debian.org>  Sat, 13 Apr 2013 15:25:34 +0200

waitress (0.8.1-1) experimental; urgency=low

  * Initial release.

 -- Andrew Shadura <andrewsh@debian.org>  Thu, 21 Mar 2013 21:02:04 +0100