pool/python-urllib3
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

merge into: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
...
pull from: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

2 Commits
slfo-main ... factory

Author SHA256 Message Date
Ana Guerrero
fb6b6ac030 Accepting request 1325966 from devel:languages:python 
OBS-URL: https://build.opensuse.org/request/show/1325966
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-urllib3?expand=0&rev=73
 2026-01-09 16:02:44 +00:00
Markéta Machová
6a84f8d26a - Update to 2.6.2 
* Fixed HTTPResponse.read_chunked() to properly handle leftover data in the
    decoder's buffer when reading compressed chunked responses.
- Update to 2.6.1
  * Restore previously removed HTTPResponse.getheaders() and
    HTTPResponse.getheader() methods.
- Update to 2.6.0
  * Security:
    - Fixed a security issue where streaming API could improperly handle highly
      compressed HTTP content ("decompression bombs") leading to excessive
      resource consumption even when a small amount of data was requested.
      Reading small chunks of compressed data is safer and much more efficient
      now. (CVE-2025-66471, GHSA-2xpw-w6gg-jr37, bsc#1254867)
    - Fixed a security issue where an attacker could compose an HTTP response
      with virtually unlimited links in the Content-Encoding header, potentially
      leading to a denial of service (DoS) attack by exhausting system resources
      during decoding. The number of allowed chained encodings is now limited to
      5. (CVE-2025-66418, GHSA-gm62-xv2j-4w53, bsc#1254866)
  * Features:
    - Enabled retrieval, deletion, and membership testing in HTTPHeaderDict
      using bytes keys.
    - Added host and port information to string representations of
      HTTPConnection.
    - Added support for Python 3.14 free-threading builds explicitly.
  * Removals:
    - Removed the HTTPResponse.getheaders() method in favor of
      HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default)
      method in favor of HTTPResponse.headers.get(name, default).
  * Bugfixes:
    - Fixed redirect handling in urllib3.PoolManager when an integer is passed
      for the retries parameter.
    - Fixed HTTPConnectionPool when used in Emscripten with no explicit port.
    - Fixed handling of SSLKEYLOGFILE with expandable variables.
  * Misc:
    - Changed the zstd extra to install backports.zstd instead of zstandard on
      Python 3.13 and before.
    - Improved the performance of content decoding by optimizing
      BytesQueueBuffer class.
    - Allowed building the urllib3 package with newer setuptools-scm v9.x.
    - Ensured successful urllib3 builds by setting Hatchling requirement
      to ≥ 1.27.0.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-urllib3?expand=0&rev=192
 2026-01-08 13:44:15 +00:00
4 changed files with 52 additions and 7 deletions
Expand all files Collapse all files

45
python-urllib3.changes
View File

@@ -1,3 +1,48 @@
-------------------------------------------------------------------
Wed Jan 7 09:49:28 UTC 2026 - Nico Krapp <nico.krapp@suse.com>
- Update to 2.6.2
* Fixed HTTPResponse.read_chunked() to properly handle leftover data in the
decoder's buffer when reading compressed chunked responses.
- Update to 2.6.1
* Restore previously removed HTTPResponse.getheaders() and
HTTPResponse.getheader() methods.
- Update to 2.6.0
* Security:
- Fixed a security issue where streaming API could improperly handle highly
compressed HTTP content ("decompression bombs") leading to excessive
resource consumption even when a small amount of data was requested.
Reading small chunks of compressed data is safer and much more efficient
now. (CVE-2025-66471, GHSA-2xpw-w6gg-jr37, bsc#1254867)
- Fixed a security issue where an attacker could compose an HTTP response
with virtually unlimited links in the Content-Encoding header, potentially
leading to a denial of service (DoS) attack by exhausting system resources
during decoding. The number of allowed chained encodings is now limited to
5. (CVE-2025-66418, GHSA-gm62-xv2j-4w53, bsc#1254866)
* Features:
- Enabled retrieval, deletion, and membership testing in HTTPHeaderDict
using bytes keys.
- Added host and port information to string representations of
HTTPConnection.
- Added support for Python 3.14 free-threading builds explicitly.
* Removals:
- Removed the HTTPResponse.getheaders() method in favor of
HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default)
method in favor of HTTPResponse.headers.get(name, default).
* Bugfixes:
- Fixed redirect handling in urllib3.PoolManager when an integer is passed
for the retries parameter.
- Fixed HTTPConnectionPool when used in Emscripten with no explicit port.
- Fixed handling of SSLKEYLOGFILE with expandable variables.
* Misc:
- Changed the zstd extra to install backports.zstd instead of zstandard on
Python 3.13 and before.
- Improved the performance of content decoding by optimizing
BytesQueueBuffer class.
- Allowed building the urllib3 package with newer setuptools-scm v9.x.
- Ensured successful urllib3 builds by setting Hatchling requirement
to ≥ 1.27.0.
-------------------------------------------------------------------
Mon Jun 23 02:03:12 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>

8
python-urllib3.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package python-urllib3
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2026 SUSE LLC and contributors
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -26,7 +26,7 @@
%endif
%{?sle15_python_module_pythons}
Name: python-urllib3%{psuffix}
Version: 2.5.0
Version: 2.6.2
Release: 0
Summary: HTTP library with thread-safe connection pooling, file post, and more
License: MIT
@@ -43,13 +43,13 @@ BuildRequires: fdupes
BuildRequires: python-rpm-macros
#!BuildIgnore: python-requests
Requires: ca-certificates-mozilla
Recommends: python-Brotli >= 1.0.9
Recommends: python-Brotli >= 1.2.0
Recommends: python-PySocks >= 1.7.1
Recommends: python-h2 >= 4
Recommends: python-zstandard >= 0.18
BuildArch: noarch
%if %{with test}
BuildRequires: %{python_module Brotli >= 1.0.9}
BuildRequires: %{python_module Brotli >= 1.2.0}
BuildRequires: %{python_module PySocks >= 1.7.1}
BuildRequires: %{python_module Quart >= 0.19}
BuildRequires: %{python_module cryptography >= 43}

BIN
urllib3-2.5.0.tar.gz LFS
View File

Binary file not shown.

3
urllib3-2.6.2.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:016f9c98bb7e98085cb2b4b17b87d2c702975664e4f060c6532e64d1c1a5e797
size 432930