From 38759c5ca524f22d702ee1e37cc9e42464cb8bde40620f0e82cb5e2f3ee0e35c Mon Sep 17 00:00:00 2001
From: Daniel Garcia <daniel.garcia@suse.com>
Date: Fri, 25 Apr 2025 07:30:03 +0000
Subject: [PATCH] - Update 0.16.0:   * Security fix (CVE-2025-43859,
 bsc#1241872)     Reject certain malformed Transfer-Encoding: chunked bodies
 that     were previously accepted. These could have enabled    
 request-smuggling attacks when an h11-based HTTP server was placed     behind
 a load balancer with a matching bug in its chunked     handling.     Advisory
 with more details:    
 https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj -
 0.15.0:   * Reject Content-Lengths >= 1 zettabyte (1 billion terabytes)
 early,     without attempting to parse the integer (#181)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-h11?expand=0&rev=25
---
 h11-0.14.0.tar.gz  |  3 ---
 h11-0.16.0.tar.gz  |  3 +++
 python-h11.changes | 17 +++++++++++++++++
 python-h11.spec    |  4 ++--
 4 files changed, 22 insertions(+), 5 deletions(-)
 delete mode 100644 h11-0.14.0.tar.gz
 create mode 100644 h11-0.16.0.tar.gz

diff --git a/h11-0.14.0.tar.gz b/h11-0.14.0.tar.gz
deleted file mode 100644
index 231c50b..0000000
--- a/h11-0.14.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:8f19fbbe99e72420ff35c00b27a34cb9937e902a8b810e2c88300c6f0a3b699d
-size 100418
diff --git a/h11-0.16.0.tar.gz b/h11-0.16.0.tar.gz
new file mode 100644
index 0000000..9a197f8
--- /dev/null
+++ b/h11-0.16.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4e35b956cf45792e4caa5885e69fba00bdbc6ffafbfa020300e549b208ee5ff1
+size 101250
diff --git a/python-h11.changes b/python-h11.changes
index 9c02187..2453bb6 100644
--- a/python-h11.changes
+++ b/python-h11.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Fri Apr 25 07:26:57 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update 0.16.0:
+  * Security fix (CVE-2025-43859, bsc#1241872)
+    Reject certain malformed Transfer-Encoding: chunked bodies that
+    were previously accepted. These could have enabled
+    request-smuggling attacks when an h11-based HTTP server was placed
+    behind a load balancer with a matching bug in its chunked
+    handling.
+
+    Advisory with more details:
+    https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
+- 0.15.0:
+  * Reject Content-Lengths >= 1 zettabyte (1 billion terabytes) early,
+    without attempting to parse the integer (#181)
+
 -------------------------------------------------------------------
 Mon Jan 29 21:36:32 UTC 2024 - Dirk Müller <dmueller@suse.com>
 
diff --git a/python-h11.spec b/python-h11.spec
index bfb48d9..d9a7e8a 100644
--- a/python-h11.spec
+++ b/python-h11.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-h11
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-h11
-Version:        0.14.0
+Version:        0.16.0
 Release:        0
 Summary:        A pure-Python, bring-your-own-I/O implementation of HTTP/11
 License:        MIT