Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/python-h2: security bump to version 4.3.0

Browse Source 
Fixes the following security vulnerability:

- CVE-2025-57804: HTTP/2 request splitting via CRLF injection

  https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2389965eaf)
Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>
This commit is contained in:
Peter Korsgaard
2025-08-29 07:49:36 +02:00
committed by Titouan Christophe
parent 9ecc8d0abf
commit 65c245324d
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/python-h2/python-h2.hash
View File

@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/h2/json
md5 4274f9619c0a43bb4ae01b6b02bf0c99 h2-4.1.0.tar.gz
sha256 a83aca08fbe7aacb79fec788c9c0bac936343560ed9ec18b82a13a12c28d2abb h2-4.1.0.tar.gz
md5 b4781bbaaae609aa759565585718e0d7 h2-4.3.0.tar.gz
sha256 6c59efe4323fa18b47a632221a1888bd7fde6249819beda254aeca909f221bf1 h2-4.3.0.tar.gz
# Locally computed sha256 checksums
sha256 7a65a5af0cbabf1c16251c7c6b2b7cb46d16a7222e79975b9b61fcd66a2e3f28 LICENSE

4
package/python-h2/python-h2.mk
View File

@@ -4,9 +4,9 @@
#
################################################################################
PYTHON_H2_VERSION = 4.1.0
PYTHON_H2_VERSION = 4.3.0
PYTHON_H2_SOURCE = h2-$(PYTHON_H2_VERSION).tar.gz
PYTHON_H2_SITE = https://files.pythonhosted.org/packages/2a/32/fec683ddd10629ea4ea46d206752a95a2d8a48c22521edd70b142488efe1
PYTHON_H2_SITE = https://files.pythonhosted.org/packages/1d/17/afa56379f94ad0fe8defd37d6eb3f89a25404ffc71d4d848893d270325fc
PYTHON_H2_SETUP_TYPE = setuptools
PYTHON_H2_LICENSE = MIT
PYTHON_H2_LICENSE_FILES = LICENSE