Commit graph

6 commits

Author SHA1 Message Date
leot
bc56cc9a19 Update net/py-hpack to 3.0.0
Changes:
3.0.0 (2017-03-29)
------------------
**API Changes (Backward Incompatible)**
- Removed nghttp2 support. This support had rotted and was essentially
  non-functional, so it has now been removed until someone has time to re-add
  the support in a functional form.
- Attempts by the encoder to exceed the maximum allowed header table size via
  dynamic table size updates (or the absence thereof) are now forbidden.

**API Changes (Backward Compatible)**
- Added a new ``InvalidTableSizeError`` thrown when the encoder does not
  respect the maximum table size set by the user.
- Added a ``Decoder.max_allowed_table_size`` field that sets the maximum
  allowed size of the decoder header table. See the documentation for an
  indication of how this should be used.

**Bugfixes**
- Up to 25% performance improvement decoding HPACK-packed integers, depending
  on the platform.
- HPACK now tolerates receiving multiple header table size changes in sequence,
  rather than only one.
- HPACK now forbids header table size changes anywhere but first in a header
  block, as required by RFC 7541 § 4.2.
- Other miscellaneous performance improvements.

2.3.0 (2016-08-04)
------------------
**Security Fixes**
- CVE-2016-6581: HPACK Bomb. This release now enforces a maximum value of the
  decompressed size of the header list. This is to avoid the so-called "HPACK
  Bomb" vulnerability, which is caused when a malicious peer sends a compressed
  HPACK body that decompresses to a gigantic header list size.
  This also adds a ``OversizedHeaderListError``, which is thrown by the
  ``decode`` method if the maximum header list size is being violated. This
  places the HPACK decoder into a broken state: it must not be used after this
  exception is thrown.
  This also adds a ``max_header_list_size`` to the ``Decoder`` object. This
  controls the maximum allowable decompressed size of the header list. By
  default this is set to 64kB.

2.2.0 (2016-04-20)
------------------
**API Changes (Backward Compatible)**
- Added ``HeaderTuple`` and ``NeverIndexedHeaderTuple`` classes that signal
  whether a given header field may ever be indexed in HTTP/2 header
  compression.
- Changed ``Decoder.decode()`` to return the newly added ``HeaderTuple`` class
  and subclass. These objects behave like two-tuples, so this change does not
  break working code.

**Bugfixes**
- Improve Huffman decoding speed by 4x using an approach borrowed from nghttp2.
- Improve HPACK decoding speed by 10% by caching header table sizes.

2.1.1 (2016-03-16)
------------------
**Bugfixes**
- When passing a dictionary or dictionary subclass to ``Encoder.encode``, HPACK
  now ensures that HTTP/2 special headers (headers whose names begin with
  ``:`` characters) appear first in the header block.
2017-04-14 13:08:15 +00:00
wiz
5690dde468 Fix MASTER_SITES. 2016-06-01 12:30:45 +00:00
leot
190b51695d Update net/py-hpack to 2.1.0.
Changes:
2.1.0 (2016-02-02)
------------------
**API Changes (Backward Compatible)**
- Added new ``InvalidTableIndex`` exception, a subclass of
  ``HPACKDecodingError``.
- Instead of throwing ``IndexError`` when encountering invalid encoded integers
  HPACK now throws ``HPACKDecodingError``.
- Instead of throwing ``UnicodeDecodeError`` when encountering headers that are
  not UTF-8 encoded, HPACK now throws ``HPACKDecodingError``.
- Instead of throwing ``IndexError`` when encountering invalid table offsets,
  HPACK now throws ``InvalidTableIndex``.
- Added ``raw`` flag to ``decode``, allowing ``decode`` to return bytes instead
  of attempting to decode the headers as UTF-8.

**Bugfixes**
- ``memoryview`` objects are now used when decoding HPACK, improving the
  performance by avoiding unnecessary data copies.
2016-02-16 13:43:09 +00:00
leot
60fd659525 Update net/py-hpack to 2.0.1.
Changes:
2.0.1 (2015-11-09)
------------------
Fixed a bug where the Python HPACK implementation would only emit header table
size changes for the total change between one header block and another, rather
than for the entire sequence of changes.

2.0.0 (2015-10-12)
------------------
Remove unused HPACKEncodingError.
Add the shortcut ability to import the public API (Encoder, Decoder, HPACKError,
HPACKDecodingError) directly, rather than from hpack.hpack.
2015-12-30 14:59:02 +00:00
agc
203292f73e Add SHA512 digests for distfiles for net category
Problems found with existing digests:
	Package haproxy distfile haproxy-1.5.14.tar.gz
	159f5beb8fdc6b8059ae51b53dc935d91c0fb51f [recorded]
	da39a3ee5e6b4b0d3255bfef95601890afd80709 [calculated]

Problems found locating distfiles:
	Package bsddip: missing distfile bsddip-1.02.tar.Z
	Package citrix_ica: missing distfile citrix_ica-10.6.115659/en.linuxx86.tar.gz
	Package djbdns: missing distfile djbdns-1.05-test25.diff.bz2
	Package djbdns: missing distfile djbdns-cachestats.patch
	Package djbdns: missing distfile 0002-dnscache-cache-soa-records.patch
	Package gated: missing distfile gated-3-5-11.tar.gz
	Package owncloudclient: missing distfile owncloudclient-2.0.2.tar.xz
	Package poink: missing distfile poink-1.6.tar.gz
	Package ra-rtsp-proxy: missing distfile rtspd-src-1.0.0.0.tar.gz
	Package ucspi-ssl: missing distfile ucspi-ssl-0.70-ucspitls-0.1.patch
	Package waste: missing distfile waste-source.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.
2015-11-04 00:34:51 +00:00
leot
61676794a8 Import net/py-hpack as py-hpack-1.1.0 (needed to update net/mitmproxy).
ok bsiegert@.

Pure-Python HTTP/2 header encoding (HPACK) logic for use in Python
programs that implement HTTP/2. It also contains a compatibility layer
that automatically enables the use of nghttp2 if it's available.
2015-08-23 14:06:11 +00:00