forked from pool/python-urllib3
Compare commits
18 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| 7f79f9e0c6 | |||
| 310a047fdd | |||
| fb6b6ac030 | |||
| 6a84f8d26a | |||
| c7e3c17e34 | |||
| 75573f8736 | |||
| b90c81c378 | |||
| fa15163672 | |||
| af9a86ac19 | |||
| 2e3a3af491 | |||
| c9bda474fd | |||
| 9860f9689b | |||
| ef1a31c0b1 | |||
| a5d1101265 | |||
| e84edfbd9b | |||
| a6661b64be | |||
| 259b7264d6 | |||
| 0a96b5f06e |
@@ -1,3 +1,59 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 13 09:40:54 UTC 2026 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
|
||||
|
||||
- Update to 2.6.3
|
||||
* Fixed a high-severity security issue where decompression-bomb safeguards of
|
||||
the streaming API were bypassed when HTTP redirects were followed.
|
||||
(GHSA-38jv-5279-wg99) (bsc#1256331, CVE-2026-21441)
|
||||
* Started treating ``Retry-After`` times greater than 6 hours as 6 hours by
|
||||
default. (#3743)
|
||||
* Fixed ``urllib3.connection.VerifiedHTTPSConnection`` on Emscripten. (#3752)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 7 09:49:28 UTC 2026 - Nico Krapp <nico.krapp@suse.com>
|
||||
|
||||
- Update to 2.6.2
|
||||
* Fixed HTTPResponse.read_chunked() to properly handle leftover data in the
|
||||
decoder's buffer when reading compressed chunked responses.
|
||||
- Update to 2.6.1
|
||||
* Restore previously removed HTTPResponse.getheaders() and
|
||||
HTTPResponse.getheader() methods.
|
||||
- Update to 2.6.0
|
||||
* Security:
|
||||
- Fixed a security issue where streaming API could improperly handle highly
|
||||
compressed HTTP content ("decompression bombs") leading to excessive
|
||||
resource consumption even when a small amount of data was requested.
|
||||
Reading small chunks of compressed data is safer and much more efficient
|
||||
now. (CVE-2025-66471, GHSA-2xpw-w6gg-jr37, bsc#1254867)
|
||||
- Fixed a security issue where an attacker could compose an HTTP response
|
||||
with virtually unlimited links in the Content-Encoding header, potentially
|
||||
leading to a denial of service (DoS) attack by exhausting system resources
|
||||
during decoding. The number of allowed chained encodings is now limited to
|
||||
5. (CVE-2025-66418, GHSA-gm62-xv2j-4w53, bsc#1254866)
|
||||
* Features:
|
||||
- Enabled retrieval, deletion, and membership testing in HTTPHeaderDict
|
||||
using bytes keys.
|
||||
- Added host and port information to string representations of
|
||||
HTTPConnection.
|
||||
- Added support for Python 3.14 free-threading builds explicitly.
|
||||
* Removals:
|
||||
- Removed the HTTPResponse.getheaders() method in favor of
|
||||
HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default)
|
||||
method in favor of HTTPResponse.headers.get(name, default).
|
||||
* Bugfixes:
|
||||
- Fixed redirect handling in urllib3.PoolManager when an integer is passed
|
||||
for the retries parameter.
|
||||
- Fixed HTTPConnectionPool when used in Emscripten with no explicit port.
|
||||
- Fixed handling of SSLKEYLOGFILE with expandable variables.
|
||||
* Misc:
|
||||
- Changed the zstd extra to install backports.zstd instead of zstandard on
|
||||
Python 3.13 and before.
|
||||
- Improved the performance of content decoding by optimizing
|
||||
BytesQueueBuffer class.
|
||||
- Allowed building the urllib3 package with newer setuptools-scm v9.x.
|
||||
- Ensured successful urllib3 builds by setting Hatchling requirement
|
||||
to ≥ 1.27.0.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 23 02:03:12 UTC 2025 - Steve Kowalik <steven.kowalik@suse.com>
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package python-urllib3
|
||||
#
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
# Copyright (c) 2026 SUSE LLC and contributors
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@@ -26,7 +26,7 @@
|
||||
%endif
|
||||
%{?sle15_python_module_pythons}
|
||||
Name: python-urllib3%{psuffix}
|
||||
Version: 2.5.0
|
||||
Version: 2.6.3
|
||||
Release: 0
|
||||
Summary: HTTP library with thread-safe connection pooling, file post, and more
|
||||
License: MIT
|
||||
@@ -43,13 +43,13 @@ BuildRequires: fdupes
|
||||
BuildRequires: python-rpm-macros
|
||||
#!BuildIgnore: python-requests
|
||||
Requires: ca-certificates-mozilla
|
||||
Recommends: python-Brotli >= 1.0.9
|
||||
Recommends: python-Brotli >= 1.2.0
|
||||
Recommends: python-PySocks >= 1.7.1
|
||||
Recommends: python-h2 >= 4
|
||||
Recommends: python-zstandard >= 0.18
|
||||
BuildArch: noarch
|
||||
%if %{with test}
|
||||
BuildRequires: %{python_module Brotli >= 1.0.9}
|
||||
BuildRequires: %{python_module Brotli >= 1.2.0}
|
||||
BuildRequires: %{python_module PySocks >= 1.7.1}
|
||||
BuildRequires: %{python_module Quart >= 0.19}
|
||||
BuildRequires: %{python_module cryptography >= 43}
|
||||
|
||||
BIN
urllib3-2.5.0.tar.gz
LFS
BIN
urllib3-2.5.0.tar.gz
LFS
Binary file not shown.
3
urllib3-2.6.3.tar.gz
Normal file
3
urllib3-2.6.3.tar.gz
Normal file
@@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1b62b6884944a57dbe321509ab94fd4d3b307075e0c2eae991ac71ee15ad38ed
|
||||
size 435556
|
||||
Reference in New Issue
Block a user