bc56cc9a19
Changes: 3.0.0 (2017-03-29) ------------------ **API Changes (Backward Incompatible)** - Removed nghttp2 support. This support had rotted and was essentially non-functional, so it has now been removed until someone has time to re-add the support in a functional form. - Attempts by the encoder to exceed the maximum allowed header table size via dynamic table size updates (or the absence thereof) are now forbidden. **API Changes (Backward Compatible)** - Added a new ``InvalidTableSizeError`` thrown when the encoder does not respect the maximum table size set by the user. - Added a ``Decoder.max_allowed_table_size`` field that sets the maximum allowed size of the decoder header table. See the documentation for an indication of how this should be used. **Bugfixes** - Up to 25% performance improvement decoding HPACK-packed integers, depending on the platform. - HPACK now tolerates receiving multiple header table size changes in sequence, rather than only one. - HPACK now forbids header table size changes anywhere but first in a header block, as required by RFC 7541 § 4.2. - Other miscellaneous performance improvements. 2.3.0 (2016-08-04) ------------------ **Security Fixes** - CVE-2016-6581: HPACK Bomb. This release now enforces a maximum value of the decompressed size of the header list. This is to avoid the so-called "HPACK Bomb" vulnerability, which is caused when a malicious peer sends a compressed HPACK body that decompresses to a gigantic header list size. This also adds a ``OversizedHeaderListError``, which is thrown by the ``decode`` method if the maximum header list size is being violated. This places the HPACK decoder into a broken state: it must not be used after this exception is thrown. This also adds a ``max_header_list_size`` to the ``Decoder`` object. This controls the maximum allowable decompressed size of the header list. By default this is set to 64kB. 2.2.0 (2016-04-20) ------------------ **API Changes (Backward Compatible)** - Added ``HeaderTuple`` and ``NeverIndexedHeaderTuple`` classes that signal whether a given header field may ever be indexed in HTTP/2 header compression. - Changed ``Decoder.decode()`` to return the newly added ``HeaderTuple`` class and subclass. These objects behave like two-tuples, so this change does not break working code. **Bugfixes** - Improve Huffman decoding speed by 4x using an approach borrowed from nghttp2. - Improve HPACK decoding speed by 10% by caching header table sizes. 2.1.1 (2016-03-16) ------------------ **Bugfixes** - When passing a dictionary or dictionary subclass to ``Encoder.encode``, HPACK now ensures that HTTP/2 special headers (headers whose names begin with ``:`` characters) appear first in the header block.
7 lines
460 B
Text
7 lines
460 B
Text
$NetBSD: distinfo,v 1.5 2017/04/14 13:08:15 leot Exp $
|
|
|
|
SHA1 (hpack-3.0.0.tar.gz) = d230ec65b27dc18e545f90fe9f804586666de890
|
|
RMD160 (hpack-3.0.0.tar.gz) = 3aa077f29a21fb1cd06a3fccd7b05709591f57f9
|
|
SHA512 (hpack-3.0.0.tar.gz) = ffac4bdf19f8826027d8f89fe07e1837eacabbf18d1ff18e0cb13505c6714afd62125aa5cc594c75273725be71cc6e17b2315257fabb7779ce51de8c877267a3
|
|
Size (hpack-3.0.0.tar.gz) = 43321 bytes
|
|
SHA1 (patch-setup.py) = 2f72bac372d14182f4a553904d8db588d40aaa91
|