File python-mitmproxy.changes of Package python-mitmproxy
-------------------------------------------------------------------
Mon Feb 10 04:57:07 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
- Update to 11.1.2:
* CVE-2025-23217: mitmweb's API now requires an authentication token by
default. The mitmweb API is bound to localhost only, but @gronke found
that an attacker can circumvent that restriction by tunneling requests
through the proxy server itself in an SSRF-style attack.
(fa89055, @mhils) (bsc#1236890)
* Add (optional) password protection for mitmweb. The web_password option
replaces the randomly-generated token authentication with a fixed secret
that survives mitmproxy restarts. (0bd573a, @mhils)
* mitmweb can now be hosted under arbitrary domains, the previously-used
DNS rebind protection is not required anymore. (62693af, @mhils)
* Security Hardening: mitmweb's xsrf_token cookie is now HttpOnly;
SameSite=Strict. (#7491, @mhils)
* Fix console freezing due to DNS queries with an empty question
section. (#7497, @sujaldev)
* Fixed a bug that caused mitmproxy to crash when loading prior knowledge
h2 flows. (#7514, @sujaldev)
* Fix a bug where mitmproxy would get stuck in secure web proxy mode when
using ignore_hosts or allow_hosts. (#7519, @mhils)
* Copy request/response data to the clipboard in mitmweb (#7352, @lups2000)
* Fix a bug where exporting a curl or httpie command with escaped
characters would lead to different data being sent.
(#7520, @proteusvacuum)
* Local Capture Mode is now available on Linux as well. (#7440, @mhils)
* mitmproxy now requires Python 3.12 or above. (#7440, @mhils)
* Add cache-busting for mitmweb's front end code. (#7386, @mhils)
* Clicking the URL in mitmweb now places the cursor at the current
position instead of selecting the entire URL. (#7385, @lups2000)
* Add missing status codes (#7455, @jwadolowski)
* All filter expressions are now case-insensitive by default. Users can
opt into case-sensitive filters by setting
MITMPROXY_CASE_SENSITIVE_FILTERS=1 as an environment variable.
(#7458, @mhils, @AdityaPatadiya)
* Remove filter expression lowercasing in block_list addon
(#7456, @jwadolowski)
* Remove check for status codes in the blocklist add-on.
(#7453, @lups2000, @AdityaPatadiya)
* Prompt user before clearing screen (#7445, @errorxyz)
* Stop sorting keys in JSON contentview (#7346, @injust)
* Fix a bug where a custom CA would raise an error. (#7355, @nneonneo)
* Fix a bug where the mitmproxy UI would crash on negative durations.
(#7358, @mhils)
* Allow technically invalid HTTP transfer encodings in requests if
validate_inbound_headers is disabled. (#7361, #7373, @mhils)
* Fix a bug in windows management in mitmproxy TUI whereby the help window
does not appear if "?" is pressed within the overlay
(#6500, @emanuele-em)
* Tighten HTTP detection heuristic to better support custom TCP-based
protocols. (#7228, @fatanugraha)
* Implement stricter validation of HTTP headers to harden against request
smuggling attacks. (#7345, @mhils)
* Increase HTTP/2 default flow control window size, fixing performance
issues. (#7317, @sujaldev)
* Fix a bug where mitmproxy would incorrectly report that TLS 1.0 and 1.1
are not supported with the current OpenSSL build. (#7241, @mhils)
* Add a tun proxy mode that creates a virtual network device on Linux for
transparent proxying. (#7278, @mhils)
* browser.start command now supports Firefox. (#7239, @sujaldev)
* Fix interaction of the modify_headers and stream_large_bodies options.
This may break users of modify_headers that rely on filters referencing
the message body. We expect this to be uncommon, but please make
yourself heard if that's not the case. (#7286, @lukant)
* Fix a crash when handling corrupted compressed body in savehar addon and
its tests. (#7320, @8192bytes)
* Remove dependency on protobuf library as it was no longer being
used. (#7327, @matthew16550)
-------------------------------------------------------------------
Fri Oct 18 00:32:15 UTC 2024 - Joshua Smith <smolsheep@opensuse.org>
- Update to version 11.0.0:
* mitmproxy now supports transparent HTTP/3 proxying.
* Add HTTP3 support in HTTPS reverse-proxy mode.
* mitmproxy now officially supports Python 3.13.
* Tighten HTTP detection heuristic to better support custom
TCP-based protocols.
* Add show_ignored_hosts option to display ignored flows in the
UI. This option is implemented as a temporary workaround and
will be removed in the future.
* Fix slow tnetstring parsing in case of very large tnetstring.
* Add getaddrinfo-based fallback for DNS resolution if we are
unable to determine the operating system's name servers.
* Improve the error message when users specify the certs option
without a matching private key.
* Fix a bug where intermediate certificates would not be
transmitted when using QUIC.
* Fix a bug where fragmented QUIC client hellos were not handled
properly.
* Emit a warning when users configure a TLS version that is not
supported by the current OpenSSL build.
* Fix a bug where mitmproxy would crash when receiving
STOP_SENDING QUIC frames.
* Fix error when unmarking all flows.
* Add addon to update the alt-svc header in reverse mode.
* Do not send unnecessary empty data frames when streaming
HTTP/2.
* Fix of measurement unit in HAR import, duration is in
milliseconds.
* Connection.tls_version now is QUICv1 instead of QUIC for QUIC.
* Add support for full mTLS with client certs between client and
mitmproxy.
* Update documentation adding a list of all possibile
web_columns.
- Updates from version 10.4.2:
* Fix a crash on startup when mitmproxy is unable to determine
the OS' DNS servers
- Updates from version 10.4.1:
* Fix a bug where macOS local mode would not start up on macOS.
* Fix UDP error handling when we learn that the remote has
disconnected.
- Updates from version 10.4.0:
* Add support for DNS over TCP.
* Add first MVP new Capture Tab in mitmweb
* Add HttpConnectedHook and HttpConnectErrorHook.
* Fix non-linear growth in processing time for large HTTP bodies.
* Fix a bug where connections would be incorrectly ignored with
allow_hosts.
* Fix zstd decompression to read across frames.
* Handle certificates we cannot parse more gracefully.
* Parse compressed domain names in ResourceRecord data.
* Fix a bug where mitmweb's flow list would not stay at the
bottom.
* Fix a bug where SSH connections would be incorrectly handled as
HTTP.
* Skip UTF-8 byte-order marks (BOM) when loading HAR files.
* Allow typing.Sequence[str] to be an editable option.
* Add Host header to CONNECT requests.
* Support all query types in DNS mode.
* Fix a bug where mitmproxy would crash for pipelined HTTP flows.
* Add an optional "index" column for mitmweb.
- Updates from version 10.3.1:
* Release tags are now prefixed with v again.
* Fix a bug where mitmproxy would not exit when -n is passed.
* Set the unbuffered (stdout/stderr) flag for the mitmdump
PyInstaller build.
* Fix a bug where client replay would not work with proxyauth.
* Fix slowdown when sending large amounts of data over HTTP/2.
* Add an option to strip HTTPS records from DNS responses to
block encrypted ClientHellos.
* Add an API to parse HTTPS records from DNS RDATA.
* Releases now come with a Sigstore attestations file to
demonstrate build provenance.
- Updates from version 10.3.0:
* Add support for editing non text files in a hex editor
* Add server_connect_error hook that is triggered when connection
establishment fails.
* Add section in mitmweb for rendering, adding and removing a
comment
* Fix multipart form content view being unusable.
* Documentation Improvements on CA Certificate Generation
* Make it possible to read flows from stdin with mitmweb.
* Update aioquic dependency to >= 1.0.0, < 2.0.0.
* Fix a bug where async client_connected handlers would crash
mitmproxy.
* Add button to close flow details panel
* Ignore SIGPIPE signals when there is lots of traffic. Socket
errors are handled directly and do not require extra signals
that generate noise.
* Add primitive websocket interception and modification
* Add support for exporting websocket messages when using "raw"
export.
* The "save body" feature now also includes WebSocket messages.
* Fix compatibility with older cryptography versions and silence
a DeprecationWarning on Python <3.11.
* Fix a bug when proxying unicode domains.
- Updates from version 10.2.4:
* Fix a bug where errors during startup would not be displayed
when running mitmproxy.
* Use newer cryptography APIs to avoid
CryptographyDeprecationWarnings. This bumps the minimum
required version to cryptography 42.0.
- Updates from version 10.2.3:
* Fix a regression where allow_hosts/ignore_hosts would break
with IPv6 connections.
* Fix bug where failed CONNECT request URLs are saved to HAR
files incorrectly.
* Add an arm64 variant for the precompiled macOS app.
* Fix duplicate answers being returned in DNS queries.
* Fix bug where wireguard config is generated with incorrect
endpoint when two or more NICs are active.
* Fix a regression when leaf cert creation would fail with
intermediate CAs in ca_file.
* Add content_view_lines_cutoff option to mitmdump
* Allow runtime modifications of HTTP flow filters for server
replays
* Fix bug view options menu in case of overflow
* Allow --allow-hosts and --ignore-hosts to work together
-------------------------------------------------------------------
Tue Feb 27 14:37:10 UTC 2024 - Markéta Machová <mmachova@suse.com>
- Update to version 10.2.2:
* The onboarding_port option has been removed. The onboarding app now
responds to all requests for the hostname specified in onboarding_host.
* connection.Client and connection.Server now accept keyword arguments
only. This is a breaking change for custom addons that use these classes
directly.
* Add experimental support for HTTP/3 and QUIC.
* ASGI/WSGI apps can now listen on all ports for a specific hostname.
* Add replay.server.add command for adding flows to server replay buffer.
* Remove string escaping in raw view.
* mitmproxy now requires Python 3.10 or above.
* Add support for reading and writing HAR files.
* UDP streams are now backed by a new implementation in mitmproxy_rs.
* ignore_hosts now waits for the entire HTTP headers if it suspects the
connection to be HTTP.
-------------------------------------------------------------------
Mon Jan 29 21:27:19 UTC 2024 - Dirk Müller <dmueller@suse.com>
- switch to python311 build
-------------------------------------------------------------------
Thu Dec 15 17:32:53 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>
- Skip broken tests in different architectures
-------------------------------------------------------------------
Thu Dec 15 17:17:36 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>
- Remove fix-big-integer.patch
- Update to version 9.0.1:
- The precompiled binaries now ship with OpenSSL 3.0.7, which resolves
CVE-2022-3602 and CVE-2022-3786.
- Performance and stability improvements for WireGuard mode. (#5694, @mhils,
@decathorpe)
- Fix a bug where the standalone Linux binaries would require libffi to be
installed. (#5699, @mhils)
- Hard exit when mitmproxy cannot write logs, fixes endless loop when parent
process exits. (#4669, @Prinzhorn)
- Fix a permission error affecting the Docker images. (#5700, @mhils)
- 9.0.0
# Major Features
- Add Raw UDP support. (#5414, @meitinger)
- Add WireGuard mode to enable transparent proxying via WireGuard. (#5562,
@decathorpe, @mhils)
- Add DTLS support. (#5397, @kckeiks).
- Add a quick help bar to mitmproxy. (#5381, #5652, @kckeiks, @mhils).
# Deprecations
- Deprecate add_log event hook. Users should use the builtin logging module
instead. See the docs for details and upgrade instructions. (#5590, @mhils)
- Deprecate mitmproxy.ctx.log in favor of Python's builtin logging module.
See the docs for details and upgrade instructions. (#5590, @mhils)
# Breaking Changes
- The mode option is now a list of server specs instead of a single spec. The
CLI interface is unaffected, but users may need to update their
config.yaml. (#5393, @mhils)
# Full Changelog
- Mitmproxy binaries now ship with Python 3.11. (#5678, @mhils)
- One mitmproxy instance can now spawn multiple proxy servers. (#5393,
@mhils)
- Add syntax highlighting to JSON and msgpack content view. (#5623,
@SapiensAnatis)
- Add MQTT content view. (#5588, @nikitastupin, @abbbe)
- Setting connection_strategy to lazy now also disables early upstream
connections to fetch TLS certificate details. (#5487, @mhils)
- Fix order of event hooks on startup. (#5376, @meitinger)
- Include server information in bind/listen errors. (#5495, @meitinger)
- Include information about lazy connection_strategy in related errors.
(#5465, @meitinger, @mhils)
- Fix tls_version_server_min and tls_version_server_max options. (#5546,
@mhils)
- Added Magisk module generation for Android onboarding. (#5547, @jorants)
- Update Linux binary builder to Ubuntu 20.04, bumping the minimum glibc
version to 2.31. (#5547, @jorants)
- Add "Save filtered" button in mitmweb. (#5531, @rnbwdsh, @mhils)
- Render application/prpc content as gRPC/Protocol Buffers (#5568,
@selfisekai)
- Mitmweb now supports content_view_lines_cutoff. (#5548, @sanlengjingvv)
- Fix a mitmweb crash when scrolling down the flow list. (#5507, @LIU-shuyi)
- Add HTTP/3 binary frame content view. (#5582, @mhils)
- Fix mitmweb not properly opening a browser and being stuck on some Linux.
(#5522, @Prinzhorn)
- Fix race condition when updating mitmweb WebSocket connections that are
closing. (#5405, #5686, @mhils)
- Fix mitmweb crash when using filters. (#5658, #5661, @LIU-shuyi, @mhils)
- Fix missing default port when starting a browser. (#5687, @rbdixon)
- Add docs for transparent mode on Windows. (#5402, @stephenspol)
-------------------------------------------------------------------
Fri Oct 7 11:01:46 UTC 2022 - Daniel Garcia <daniel.garcia@suse.com>
- Update to version 8.1.1:
* Support specifying the local address for outgoing connections (#5364,
@meitinger)
* Fix a bug where an excess empty chunk has been sent for chunked HEAD
request. (#5372, @jixunmoe)
* Drop pkg_resources dependency. (#5401, @PavelICS)
* Fix huge (>65kb) http2 responses corrupted. (#5428, @dhabensky)
* Remove overambitious assertions in the HTTP state machine, fix some error
handling. (#5383, @mhils)
* Use default_factory for parser_options. (#5474, @rathann)
- mitmproxy 8.1.0
* DNS support (#5232, @meitinger)
* Mitmproxy now requires Python 3.9 or above. (#5233, @mhils)
* Fix a memory leak in mitmdump where flows were kept in memory. (#4786,
@mhils)
* Replayed flows retain their current position in the flow list. (#5227,
@mhils)
* Periodically send HTTP/2 ping frames to keep connections alive. (#5046,
@EndUser509)
* Console Performance Improvements (#3427, @BkPHcgQL3V)
* Warn users if server side event responses are received without streaming.
(#4469, @mhils)
* Add flatpak support to the browser addon (#5200, @pauloromeira)
* Add example addon to dump contents to files based on a filter expression
(#5190, @redraw)
* Fix a bug where the wrong SNI is sent to an upstream HTTPS proxy (#5109,
@mhils)
* Make sure that mitmproxy displays error messages on startup. (#5225,
@mhils)
* Add example addon for domain fronting. (#5217, @randomstuff)
* Improve cut addon to better handle binary contents (#3965, @mhils)
* Fix text truncation for full-width characters (#4278, @kjy00302)
* Fix mitmweb export copy failed in non-secure domain. (#5264, @Pactortester)
* Add example script for manipulating cookies. (#5278, @WillahScott)
* When opening an external viewer for message contents, mailcap files are not
considered anymore.
* This preempts the upcoming deprecation of Python's mailcap module. (#5297,
@KORraNpl)
* Fix hostname encoding for IDNA domains in upstream mode. (#5316, @nneonneo)
* Fix hot reloading of contentviews. (#5319, @nneonneo)
* Ignore HTTP/2 information responses instead of raising an error. (#5332,
@mhils)
* Improve performance and memory usage by reusing OpenSSL contexts. (#5339,
@mhils)
* Fix handling of multiple Cookie headers when proxying HTTP/2 to HTTP/1
(#5337, @rinsuki)
* Improve http_manipulate_cookies.py example. (#5578, @insilications)
- Add fix-big-integer.patch to fix tests with modern python versions based on
gh#mitmproxy/mitmproxy@780adbaf9b13
-------------------------------------------------------------------
Tue Mar 22 16:01:32 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to 8.0.0
* mitmweb improvements
* Now renders TCP and WebSocket flows
* Offers direct cURL/HTTPie/raw HTTP export
* Added Experimental command bar
* Added Async Event Hooks
* Added event hooks to signal TLS handshake success and failure
for client and server connections
* Support proxy authentication for SOCKS v5 mode
* CVE-2022-24766: Fix request smuggling vulnerability, boo#1197381
-------------------------------------------------------------------
Thu Jan 6 13:33:12 UTC 2022 - Ben Greiner <code@bnavigator.de>
- Register obs hypothesis profile for slow test executions
-------------------------------------------------------------------
Wed Dec 8 21:07:48 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
- Update to 7.0.4
* Compatibility with Python 3.10
* Supports proxying raw TCP connections
* Support TCP connections that start with a server-side greeting
* Support SMTP
* Accept HTTP/2 requests from the client and forward them to
an HTTP/1 server
* Displays WebSocket messages also in a dedicated UI tab
* Clients can now establish TLS with the proxy right from the
start, which can add a significant layer of defense in public
networks.
* Removed pathoc and pathod, see
https://github.com/mitmproxy/mitmproxy/issues/4273
-------------------------------------------------------------------
Wed Jan 27 14:37:07 UTC 2021 - Markéta Machová <mmachova@suse.com>
- Update to 6.0.2
* Mitmproxy now requires Python 3.8 or above.
* Deprecation of pathod and pathoc tools and modules. Future releases
will not contain them!
* SSLKEYLOGFILE now supports TLS 1.3 secrets
* Tests: Replace asynctest with stdlib mock
* Many smaller improvements and bugfixes
- Drop unpin.patch and replace it with a sed script
- Drop merged replace-asynctest.patch
-------------------------------------------------------------------
Tue Aug 11 10:05:06 UTC 2020 - Benjamin Greiner <code@bnavigator.de>
- Update to v5.2
* Add Filter message to mitmdump (@sarthak212)
* Display TCP flows at flow list (@Jessonsotoventura,
@nikitastupin, @mhils)
* Colorize JSON Contentview (@sarthak212)
* Fix console crash when entering regex escape character in
half-open string (@sarthak212)
* Integrate contentviews to TCP flow details (@nikitastupin)
* Added add-ons that enhance the performance of web application
scanners (@anneborcherding)
* Increase WebSocket message timestamp precision
(@JustAnotherArchivist)
* Fix HTTP reason value on HTTP/2 reponses (@rbdixon)
* mitmweb: support wslview to open a web browser (@G-Rath)
* Fix dev version detection with parent git repo
(@JustAnotherArchivist)
* Restructure examples and supported addons (@mhils)
* Certificate generation: mark SAN as critical if no CN is set
(@mhils)
* Simplify Replacements with new ModifyBody addon (@mplattner)
* Rename SetHeaders addon to ModifyHeaders (@mplattner)
* mitmweb: "New -> File" menu option has been renamed to
"Clear All" (@yogeshojha)
* Add new MapRemote addon to rewrite URLs of requests
(@mplattner)
* Add support for HTTP Trailers to the HTTP/2 protocol
(@sanlengjingvv and @Kriechi)
* Fix certificate runtime error during expire cleanup
(@gorogoroumaru)
* Fixed the DNS Rebind Protection for secure support of IPv6
addresses (@tunnelpr0)
* WebSockets: match the HTTP-WebSocket flow for the ~websocket
filter (@Kriechi)
* Fix deadlock caused by the "replay.client.stop" command
(@gorogoroumaru)
* Add new MapLocal addon to serve local files instead of remote
resources (@mplattner and @mhils)
* Add minimal TCP interception and modification (@nikitastupin)
* Add new CheckSSLPinning addon to check SSL-Pinning on client
(@su-vikas)
* Add a JSON dump script: write data into a file or send to an
endpoint as JSON (@emedvedev)
* Fix console output formatting (@sarthak212)
* Add example for proxy authentication using selenium
(@anneborcherding and @weichweich)
- refresh unpin.patch
- replace unmaintained asynctest by native python 3.8 unittest
calls
* replace-asynctest.patch
* gh#mitmproxy/mitmproxy#4020
-------------------------------------------------------------------
Mon Jun 15 10:39:50 UTC 2020 - Marketa Calabkova <mcalabkova@suse.com>
- initial packaging (v5.1.1)
