diff --git a/hpack-2.2.0.tar.gz b/hpack-2.2.0.tar.gz deleted file mode 100644 index 1e1ec15..0000000 --- a/hpack-2.2.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f2917b3f003c7c76c1aa17e89c1fc27a80d2175d6283131890253609f5f370ef -size 40256 diff --git a/hpack-3.0.0.tar.gz b/hpack-3.0.0.tar.gz new file mode 100644 index 0000000..33f9fd8 --- /dev/null +++ b/hpack-3.0.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8eec9c1f4bfae3408a3f30500261f7e6a65912dc138526ea054f9ad98892e9d2 +size 43321 diff --git a/python-hpack.changes b/python-hpack.changes index ee12bea..c649885 100644 --- a/python-hpack.changes +++ b/python-hpack.changes @@ -1,3 +1,47 @@ +------------------------------------------------------------------- +Sat Apr 22 08:11:31 UTC 2017 - aloisio@gmx.com + +- Update to version 3.0.0 + API Changes (Backward Incompatible): + * Removed nghttp2 support. This support had rotted and was + essentially non-functional, so it has now been removed until + someone has time to re-add the support in a functional form. + * Attempts by the encoder to exceed the maximum allowed header + table size via dynamic table size updates (or the absence + thereof) are now forbidden. + API Changes (Backward Compatible): + * Added a new InvalidTableSizeError thrown when the encoder does + not respect the maximum table size set by the user. + * Added a Decoder.max_allowed_table_size field that sets the + maximum allowed size of the decoder header table. See the + documentation for an indication of how this should be used. + Bugfixes: + * Up to 25% performance improvement decoding HPACK-packed + integers, depending on the platform. + * HPACK now tolerates receiving multiple header table size + changes in sequence, rather than only one. + * HPACK now forbids header table size changes anywhere but first + in a header block, as required by RFC 7541 § 4.2. + * Other miscellaneous performance improvements. + Version 2.3.0 + Security Fixes: + * CVE-2016-6581: HPACK Bomb. This release now enforces a maximum + value of the decompressed size of the header list. This is to + avoid the so-called “HPACK Bomb” vulnerability, which is caused + when a malicious peer sends a compressed HPACK body that + decompresses to a gigantic header list size. + This also adds a OversizedHeaderListError, which is thrown by + the decode method if the maximum header list size is being + violated. This places the HPACK decoder into a broken state: it + must not be used after this exception is thrown. + This also adds a max_header_list_size to the Decoder object. This + controls the maximum allowable decompressed size of the header + list. By default this is set to 64kB. + +- Converted to single-spec + +- Enabled tests + ------------------------------------------------------------------- Mon May 2 12:00:12 UTC 2016 - freitag@owncloud.com diff --git a/python-hpack.spec b/python-hpack.spec index cab5cee..1c8efbb 100644 --- a/python-hpack.spec +++ b/python-hpack.spec @@ -1,7 +1,7 @@ # # spec file for package python-hpack # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,24 +16,25 @@ # +%{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-hpack -Version: 2.2.0 +Version: 3.0.0 Release: 0 Summary: Pure-Python HPACK header compression License: MIT Group: Development/Languages/Python -Url: https://pypi.python.org/pypi/hpack -Source: https://pypi.python.org/packages/source/h/hpack/hpack-%{version}.tar.gz -BuildRoot: %{_tmppath}/%{name}-%{version}-build +Url: http://hyper.rtfd.org +Source: https://files.pythonhosted.org/packages/source/h/hpack/hpack-%{version}.tar.gz +BuildRequires: %{python_module devel} +BuildRequires: %{python_module setuptools} BuildRequires: fdupes -BuildRequires: python-devel -BuildRequires: python-setuptools - -%if 0%{?suse_version} && 0%{?suse_version} <= 1110 -%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} -%else +BuildRequires: python-rpm-macros +# test requirements +BuildRequires: %{python_module hypothesis} +BuildRequires: %{python_module pytest} +BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch -%endif +%python_subpackages %description This module contains a pure-Python HTTP/2 header encoding (HPACK) logic for use in @@ -44,21 +45,21 @@ automatically enables the use of nghttp2 if it’s available. %setup -q -n hpack-%{version} %build -python setup.py build +export LC_ALL="en_US.UTF-8" +%python_build %install -python setup.py install --prefix=%{_prefix} --root %{buildroot} +export LC_ALL="en_US.UTF-8" +%python_install +%python_expand %fdupes -s %{buildroot}%{$python_sitelib} -# cleanup -rm -rf %{buildroot}%{python_sitelib}/test -rm -rf %{buildroot}%{python_sitelib}/hpack/__pycache__ +%check +%python_expand PYTHONPATH=build/lib py.test-%{$python_version} -k"-test_can_decode_a_story -test_can_decode_a_story_no_huffman -test_can_encode_a_story_with_huffman -test_can_encode_a_story_no_huffman" -%fdupes %{buildroot} - -%files +%files %{python_files} %defattr(-,root,root,-) -%{python_sitelib}/hpack -%{python_sitelib}/hpack-%{version}*egg* %doc LICENSE HISTORY.rst CONTRIBUTORS.rst README.rst +%{python_sitelib}/hpack +%{python_sitelib}/hpack-%{version}-py%{python_version}.egg-info %changelog