pkgsrc/net/py-hpack/patches
leot bc56cc9a19 Update net/py-hpack to 3.0.0
Changes:
3.0.0 (2017-03-29)
------------------
**API Changes (Backward Incompatible)**
- Removed nghttp2 support. This support had rotted and was essentially
  non-functional, so it has now been removed until someone has time to re-add
  the support in a functional form.
- Attempts by the encoder to exceed the maximum allowed header table size via
  dynamic table size updates (or the absence thereof) are now forbidden.

**API Changes (Backward Compatible)**
- Added a new ``InvalidTableSizeError`` thrown when the encoder does not
  respect the maximum table size set by the user.
- Added a ``Decoder.max_allowed_table_size`` field that sets the maximum
  allowed size of the decoder header table. See the documentation for an
  indication of how this should be used.

**Bugfixes**
- Up to 25% performance improvement decoding HPACK-packed integers, depending
  on the platform.
- HPACK now tolerates receiving multiple header table size changes in sequence,
  rather than only one.
- HPACK now forbids header table size changes anywhere but first in a header
  block, as required by RFC 7541 § 4.2.
- Other miscellaneous performance improvements.

2.3.0 (2016-08-04)
------------------
**Security Fixes**
- CVE-2016-6581: HPACK Bomb. This release now enforces a maximum value of the
  decompressed size of the header list. This is to avoid the so-called "HPACK
  Bomb" vulnerability, which is caused when a malicious peer sends a compressed
  HPACK body that decompresses to a gigantic header list size.
  This also adds a ``OversizedHeaderListError``, which is thrown by the
  ``decode`` method if the maximum header list size is being violated. This
  places the HPACK decoder into a broken state: it must not be used after this
  exception is thrown.
  This also adds a ``max_header_list_size`` to the ``Decoder`` object. This
  controls the maximum allowable decompressed size of the header list. By
  default this is set to 64kB.

2.2.0 (2016-04-20)
------------------
**API Changes (Backward Compatible)**
- Added ``HeaderTuple`` and ``NeverIndexedHeaderTuple`` classes that signal
  whether a given header field may ever be indexed in HTTP/2 header
  compression.
- Changed ``Decoder.decode()`` to return the newly added ``HeaderTuple`` class
  and subclass. These objects behave like two-tuples, so this change does not
  break working code.

**Bugfixes**
- Improve Huffman decoding speed by 4x using an approach borrowed from nghttp2.
- Improve HPACK decoding speed by 10% by caching header table sizes.

2.1.1 (2016-03-16)
------------------
**Bugfixes**
- When passing a dictionary or dictionary subclass to ``Encoder.encode``, HPACK
  now ensures that HTTP/2 special headers (headers whose names begin with
  ``:`` characters) appear first in the header block.
2017-04-14 13:08:15 +00:00
..
patch-setup.py