From 17e6355ee7220d004f7fd63d26255f8d14506cd29b1c9f773351ac54bd288e7e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 23 May 2025 20:40:06 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main python-h11 revision a36bdfa52711a32274ca3b4b61a232c5 --- h11-0.14.0.tar.gz | 3 --- h11-0.16.0.tar.gz | 3 +++ python-h11.changes | 24 +++++++++++++++++++++++- python-h11.spec | 15 ++++++++------- 4 files changed, 34 insertions(+), 11 deletions(-) delete mode 100644 h11-0.14.0.tar.gz create mode 100644 h11-0.16.0.tar.gz diff --git a/h11-0.14.0.tar.gz b/h11-0.14.0.tar.gz deleted file mode 100644 index 231c50b..0000000 --- a/h11-0.14.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8f19fbbe99e72420ff35c00b27a34cb9937e902a8b810e2c88300c6f0a3b699d -size 100418 diff --git a/h11-0.16.0.tar.gz b/h11-0.16.0.tar.gz new file mode 100644 index 0000000..9a197f8 --- /dev/null +++ b/h11-0.16.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4e35b956cf45792e4caa5885e69fba00bdbc6ffafbfa020300e549b208ee5ff1 +size 101250 diff --git a/python-h11.changes b/python-h11.changes index 3ae03c1..2453bb6 100644 --- a/python-h11.changes +++ b/python-h11.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Fri Apr 25 07:26:57 UTC 2025 - Daniel Garcia + +- Update 0.16.0: + * Security fix (CVE-2025-43859, bsc#1241872) + Reject certain malformed Transfer-Encoding: chunked bodies that + were previously accepted. These could have enabled + request-smuggling attacks when an h11-based HTTP server was placed + behind a load balancer with a matching bug in its chunked + handling. + + Advisory with more details: + https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj +- 0.15.0: + * Reject Content-Lengths >= 1 zettabyte (1 billion terabytes) early, + without attempting to parse the integer (#181) + +------------------------------------------------------------------- +Mon Jan 29 21:36:32 UTC 2024 - Dirk Müller + +- spec cleanup + ------------------------------------------------------------------- Fri Apr 21 12:25:58 UTC 2023 - Dirk Müller @@ -11,7 +33,7 @@ Thu Apr 13 22:41:44 UTC 2023 - Matej Cepl ------------------------------------------------------------------- Wed Oct 12 03:33:53 UTC 2022 - Yogalakshmi Arunachalam -- Update to 0.14.0 +- Update to 0.14.0 No upstream changelog ------------------------------------------------------------------- diff --git a/python-h11.spec b/python-h11.spec index 04e49df..d9a7e8a 100644 --- a/python-h11.spec +++ b/python-h11.spec @@ -1,7 +1,7 @@ # # spec file for package python-h11 # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,17 +16,17 @@ # -%{?!python_module:%define python_module() python-%{**} python3-%{**}} -%define skip_python2 1 %{?sle15_python_module_pythons} Name: python-h11 -Version: 0.14.0 +Version: 0.16.0 Release: 0 Summary: A pure-Python, bring-your-own-I/O implementation of HTTP/11 License: MIT URL: https://github.com/python-hyper/h11 Source: https://files.pythonhosted.org/packages/source/h/h11/h11-%{version}.tar.gz +BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} BuildRequires: fdupes BuildRequires: python-rpm-macros BuildArch: noarch @@ -43,10 +43,10 @@ heavily inspired by hyper-h2 %setup -q -n h11-%{version} %build -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install %python_expand %fdupes %{buildroot}%{$python_sitelib} %check @@ -55,6 +55,7 @@ heavily inspired by hyper-h2 %files %{python_files} %doc README.rst %license LICENSE.txt -%{python_sitelib}/* +%{python_sitelib}/h11 +%{python_sitelib}/h11-%{version}.dist-info %changelog