Hello community, here is the log from the commit of package python-hpack for openSUSE:Factory checked in at 2017-05-06 18:27:14 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-hpack (Old) and /work/SRC/openSUSE:Factory/.python-hpack.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-hpack" Sat May 6 18:27:14 2017 rev:1 rq:489998 version:3.0.0 Changes: -------- New Changes file: --- /dev/null 2017-03-01 00:40:19.279048016 +0100 +++ /work/SRC/openSUSE:Factory/.python-hpack.new/python-hpack.changes 2017-05-06 18:27:14.971562774 +0200 @@ -0,0 +1,111 @@ +------------------------------------------------------------------- +Sat Apr 22 08:11:31 UTC 2017 - aloisio@gmx.com + +- Update to version 3.0.0 + API Changes (Backward Incompatible): + * Removed nghttp2 support. This support had rotted and was + essentially non-functional, so it has now been removed until + someone has time to re-add the support in a functional form. + * Attempts by the encoder to exceed the maximum allowed header + table size via dynamic table size updates (or the absence + thereof) are now forbidden. + API Changes (Backward Compatible): + * Added a new InvalidTableSizeError thrown when the encoder does + not respect the maximum table size set by the user. + * Added a Decoder.max_allowed_table_size field that sets the + maximum allowed size of the decoder header table. See the + documentation for an indication of how this should be used. + Bugfixes: + * Up to 25% performance improvement decoding HPACK-packed + integers, depending on the platform. + * HPACK now tolerates receiving multiple header table size + changes in sequence, rather than only one. + * HPACK now forbids header table size changes anywhere but first + in a header block, as required by RFC 7541 § 4.2. + * Other miscellaneous performance improvements. + Version 2.3.0 + Security Fixes: + * CVE-2016-6581: HPACK Bomb. This release now enforces a maximum + value of the decompressed size of the header list. This is to + avoid the so-called “HPACK Bomb” vulnerability, which is caused + when a malicious peer sends a compressed HPACK body that + decompresses to a gigantic header list size. + This also adds a OversizedHeaderListError, which is thrown by + the decode method if the maximum header list size is being + violated. This places the HPACK decoder into a broken state: it + must not be used after this exception is thrown. + This also adds a max_header_list_size to the Decoder object. This + controls the maximum allowable decompressed size of the header + list. By default this is set to 64kB. + +- Converted to single-spec + +- Enabled tests + +------------------------------------------------------------------- +Mon May 2 12:00:12 UTC 2016 - freitag@owncloud.com + +- Fixed messy changelog. + +------------------------------------------------------------------- +Mon Apr 25 11:16:50 UTC 2016 - freitag@owncloud.com + +- Update to version 2.2.0: + API Changes (Backward Compatible) + * Added HeaderTuple and NeverIndexedHeaderTuple classes that signal + whether a given header field may ever be indexed in HTTP/2 header + compression. + * Changed Decoder.decode() to return the newly added HeaderTuple + class and subclass. These objects behave like two-tuples, so this + change does not break working code. + Bugfixes + * Improve Huffman decoding speed by 4x using an approach borrowed + from nghttp2. + * Improve HPACK decoding speed by 10% by caching header table sizes. + +- Bugfixes since 2.1.1: + * When passing a dictionary or dictionary subclass to Encoder.encode, + HPACK now ensures that HTTP/2 special headers (headers whose names + begin with `:` characters) appear first in the header block. + +- Changes in 2.1.0 (2016-02-02) + API Changes (Backward Compatible) + * Added new InvalidTableIndex exception, a subclass of + HPACKDecodingError. + * Instead of throwing IndexError when encountering invalid encoded + integers HPACK now throws HPACKDecodingError. + * Instead of throwing UnicodeDecodeError when encountering headers + that are not UTF-8 encoded, HPACK now throws HPACKDecodingError. + * Instead of throwing IndexError when encountering invalid table + offsets, HPACK now throws InvalidTableIndex. + * Added raw flag to decode, allowing decode to return bytes instead + of attempting to decode the headers as UTF-8. + Bugfixes + * memoryview objects are now used when decoding HPACK, improving + the performance by avoiding unnecessary data copies. + +------------------------------------------------------------------- +Wed Jan 6 19:43:13 UTC 2016 - freitag@opensuse.org + +- Update to version 2.0.1 + * Fixed a bug where the Python HPACK implementation would only + emit header table size changes for the total change between one + header block and another, rather than for the entire sequence + of changes. + +- Additional changes from version 2.0.0 (2015-10-12) + * Remove unused HPACKEncodingError. + * Add the shortcut ability to import the public API (Encoder, + Decoder, HPACKError, HPACKDecodingError) directly, rather than + from hpack.hpack. + +------------------------------------------------------------------- +Tue Aug 25 12:39:56 UTC 2015 - freitag@owncloud.com + +- Add forgotten doc files to filelist + +------------------------------------------------------------------- +Mon Aug 24 18:33:25 UTC 2015 - freitag@opensuse.org + +- Initial package version 1.1.0 + New: ---- hpack-3.0.0.tar.gz python-hpack.changes python-hpack.spec ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-hpack.spec ++++++ # # spec file for package python-hpack # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-hpack Version: 3.0.0 Release: 0 Summary: Pure-Python HPACK header compression License: MIT Group: Development/Languages/Python Url: http://hyper.rtfd.org Source: https://files.pythonhosted.org/packages/source/h/hpack/hpack-%{version}.tar.gz BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} BuildRequires: fdupes BuildRequires: python-rpm-macros # test requirements BuildRequires: %{python_module hypothesis} BuildRequires: %{python_module pytest} BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %python_subpackages %description This module contains a pure-Python HTTP/2 header encoding (HPACK) logic for use in Python programs that implement HTTP/2. It also contains a compatibility layer that automatically enables the use of nghttp2 if it’s available. %prep %setup -q -n hpack-%{version} %build export LC_ALL="en_US.UTF-8" %python_build %install export LC_ALL="en_US.UTF-8" %python_install %python_expand %fdupes -s %{buildroot}%{$python_sitelib} %check %python_expand PYTHONPATH=build/lib py.test-%{$python_version} -k"-test_can_decode_a_story -test_can_decode_a_story_no_huffman -test_can_encode_a_story_with_huffman -test_can_encode_a_story_no_huffman" %files %{python_files} %defattr(-,root,root,-) %doc LICENSE HISTORY.rst CONTRIBUTORS.rst README.rst %{python_sitelib}/hpack %{python_sitelib}/hpack-%{version}-py%{python_version}.egg-info %changelog