python/python-hpack
SHA256
15
0
Fork 0
forked from pool/python-hpack
Code Pull Requests Activity

Accepting request 489919 from home:alois:branches:devel:languages:python

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/489919
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-hpack?expand=0&rev=4
This commit is contained in:
Thomas Bechtold
2017-04-23 05:51:35 +00:00
committed by Git OBS Bridge
parent f85a8842cf
commit 9fd3881818
4 changed files with 70 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
python-hpack.changes
View File

@@ -1,3 +1,47 @@
-------------------------------------------------------------------
Sat Apr 22 08:11:31 UTC 2017 - aloisio@gmx.com
- Update to version 3.0.0
API Changes (Backward Incompatible):
* Removed nghttp2 support. This support had rotted and was
essentially non-functional, so it has now been removed until
someone has time to re-add the support in a functional form.
* Attempts by the encoder to exceed the maximum allowed header
table size via dynamic table size updates (or the absence
thereof) are now forbidden.
API Changes (Backward Compatible):
* Added a new InvalidTableSizeError thrown when the encoder does
not respect the maximum table size set by the user.
* Added a Decoder.max_allowed_table_size field that sets the
maximum allowed size of the decoder header table. See the
documentation for an indication of how this should be used.
Bugfixes:
* Up to 25% performance improvement decoding HPACK-packed
integers, depending on the platform.
* HPACK now tolerates receiving multiple header table size
changes in sequence, rather than only one.
* HPACK now forbids header table size changes anywhere but first
in a header block, as required by RFC 7541 § 4.2.
* Other miscellaneous performance improvements.
Version 2.3.0
Security Fixes:
* CVE-2016-6581: HPACK Bomb. This release now enforces a maximum
value of the decompressed size of the header list. This is to
avoid the so-called “HPACK Bomb” vulnerability, which is caused
when a malicious peer sends a compressed HPACK body that
decompresses to a gigantic header list size.
This also adds a OversizedHeaderListError, which is thrown by
the decode method if the maximum header list size is being
violated. This places the HPACK decoder into a broken state: it
must not be used after this exception is thrown.
This also adds a max_header_list_size to the Decoder object. This
controls the maximum allowable decompressed size of the header
list. By default this is set to 64kB.
- Converted to single-spec
- Enabled tests
-------------------------------------------------------------------
Mon May 2 12:00:12 UTC 2016 - freitag@owncloud.com