rpm/python-h11
SHA256
1
0
Fork 0
forked from pool/python-h11
Code Pull Requests Activity

Compare commits

base: rpm:factory
Branches Tags
rpm:factory pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main rpm:factory

2 Commits
factory ... slfo-main

Author SHA256 Message Date
Ana Guerrero
59c4533990 Accepting request 1272594 from devel:languages:python 
- Update 0.16.0:
  * Security fix (CVE-2025-43859, bsc#1241872)
    Reject certain malformed Transfer-Encoding: chunked bodies that
    were previously accepted. These could have enabled
    request-smuggling attacks when an h11-based HTTP server was placed
    behind a load balancer with a matching bug in its chunked
    handling.
    Advisory with more details:
    https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
- 0.15.0:
  * Reject Content-Lengths >= 1 zettabyte (1 billion terabytes) early,
    without attempting to parse the integer (#181)

OBS-URL: https://build.opensuse.org/request/show/1272594
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-h11?expand=0&rev=13
 2025-04-25 20:18:17 +00:00
Daniel Garcia
6fd01eff96 - Update 0.16.0: 
* Security fix (CVE-2025-43859, bsc#1241872)
    Reject certain malformed Transfer-Encoding: chunked bodies that
    were previously accepted. These could have enabled
    request-smuggling attacks when an h11-based HTTP server was placed
    behind a load balancer with a matching bug in its chunked
    handling.
    Advisory with more details:
    https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
- 0.15.0:
  * Reject Content-Lengths >= 1 zettabyte (1 billion terabytes) early,
    without attempting to parse the integer (#181)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-h11?expand=0&rev=25
 2025-04-25 07:30:03 +00:00
4 changed files with 22 additions and 5 deletions
Expand all files Collapse all files

BIN
h11-0.14.0.tar.gz LFS
View File

Binary file not shown.

BIN
h11-0.16.0.tar.gz LFS Normal file
View File

Binary file not shown.

17
python-h11.changes
View File

@@ -1,3 +1,20 @@
-------------------------------------------------------------------
Fri Apr 25 07:26:57 UTC 2025 - Daniel Garcia <daniel.garcia@suse.com>
- Update 0.16.0:
* Security fix (CVE-2025-43859, bsc#1241872)
Reject certain malformed Transfer-Encoding: chunked bodies that
were previously accepted. These could have enabled
request-smuggling attacks when an h11-based HTTP server was placed
behind a load balancer with a matching bug in its chunked
handling.
Advisory with more details:
https://github.com/python-hyper/h11/security/advisories/GHSA-vqfr-h8mv-ghfj
- 0.15.0:
* Reject Content-Lengths >= 1 zettabyte (1 billion terabytes) early,
without attempting to parse the integer (#181)
-------------------------------------------------------------------
Mon Jan 29 21:36:32 UTC 2024 - Dirk Müller <dmueller@suse.com>

4
python-h11.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package python-h11
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2025 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-h11
Version: 0.14.0
Version: 0.16.0
Release: 0
Summary: A pure-Python, bring-your-own-I/O implementation of HTTP/11
License: MIT