- Update to 4.3.0 (fixes CVE-2025-57804, bsc#1248737)

* API Changes (Backward Incompatible) - Reject header names and values containing illegal characters, based on RFC 9113, section 8.2.1. The main Python API is compatible, but some previously valid requests/response headers might now be blocked. Use the `validate_inbound_headers` config option if needed. Thanks to Sebastiano Sartor (sebsrt) for the report. * API Changes (Backward Compatible) - h2 events now have tighter type bounds, e.g. `stream_id` is guaranteed to not be `None` for most events now. This simplifies downstream type checking. - Various typing-related improvements. * Bugfixes - Fix error value when opening a new stream on too many open streams. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-h2?expand=0&rev=39
2025-08-26 12:40:51 +00:00
parent 7200eea356
commit 9ee9289968
4 changed files with 23 additions and 7 deletions
--- a/h2-4.2.0.tar.gz
+++ b/h2-4.2.0.tar.gz
--- a/h2-4.3.0.tar.gz
+++ b/h2-4.3.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6c59efe4323fa18b47a632221a1888bd7fde6249819beda254aeca909f221bf1
+size 2152026
--- a/python-h2.changes
+++ b/python-h2.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Tue Aug 26 11:28:51 UTC 2025 - Nico Krapp <nico.krapp@suse.com>
+
+- Update to 4.3.0 (fixes CVE-2025-57804, bsc#1248737)
+  * API Changes (Backward Incompatible)
+    - Reject header names and values containing illegal characters, based on
+      RFC 9113, section 8.2.1. The main Python API is compatible, but some
+      previously valid requests/response headers might now be blocked. Use the
+      `validate_inbound_headers` config option if needed. Thanks to Sebastiano
+      Sartor (sebsrt) for the report.
+  * API Changes (Backward Compatible)
+    - h2 events now have tighter type bounds, e.g. `stream_id` is guaranteed to
+      not be `None` for most events now. This simplifies downstream type
+      checking.
+    - Various typing-related improvements.
+  * Bugfixes
+    - Fix error value when opening a new stream on too many open streams.
+
 -------------------------------------------------------------------
 Tue Feb 11 09:03:44 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>

--- a/python-h2.spec
+++ b/python-h2.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package python-h2
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,11 +16,9 @@
 #


-%{?!python_module:%define python_module() python3-%{**}}
-%define skip_python2 1
 %{?sle15_python_module_pythons}
 Name:           python-h2
-Version:        4.2.0
+Version:        4.3.0
 Release:        0
 Summary:        HTTP/2 State-Machine based protocol implementation
 License:        MIT