Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/python-urllib3: security bump to 2.6.1

Browse Source 
Version 2.6.0 fixes the following security issues:

* CVE-2025-66471 / GHSA-2xpw-w6gg-jr37 [1]:
  Fixed a security issue where streaming API could improperly handle
  highly compressed HTTP content ("decompression bombs") leading to
  excessive resource consumption even when a small amount of data was
  requested. Reading small chunks of compressed data is safer and much
  more efficient now.

* CVE-2025-66418 / GHSA-gm62-xv2j-4w53 [2]:
  Fixed a security issue where an attacker could compose an HTTP
  response with virtually unlimited links in the Content-Encoding header,
  potentially leading to a denial of service (DoS) attack by exhausting
  system resources during decoding. The number of allowed chained
  encodings is now limited to 5.

2.6.0 also contains the removal of a deprecated but apparently still
widely used API. 2.6.1 reintroduces this API. [3]

Full 2.6.0 Changelog: https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#260-2025-12-05

[1] https://github.com/urllib3/urllib3/security/advisories/GHSA-2xpw-w6gg-jr37
[2] https://github.com/urllib3/urllib3/security/advisories/GHSA-gm62-xv2j-4w53
[3] https://github.com/urllib3/urllib3/blob/main/CHANGES.rst#261-2025-12-08

Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Marcus Hoffmann
2025-12-11 13:14:10 +01:00
committed by Peter Korsgaard
parent 9dd501bcc9
commit e73101a0c3
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/python-urllib3/python-urllib3.hash
View File

@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/urllib3/json
md5 2b8a86438e4d35fbc90572dbdb424759 urllib3-2.5.0.tar.gz
sha256 3fc47733c7e419d4bc3f6b3dc2b4f890bb743906a30d56ba4a5bfa4bbff92760 urllib3-2.5.0.tar.gz
md5 52150787074f43057a0e691c7ebe00d8 urllib3-2.6.1.tar.gz
sha256 5379eb6e1aba4088bae84f8242960017ec8d8e3decf30480b3a1abdaa9671a3f urllib3-2.6.1.tar.gz
# Locally computed sha256 checksums
sha256 130e3a64d5fdd5d096a752694634a7d9df284469de86e5732100268041e3d686 LICENSE.txt

4
package/python-urllib3/python-urllib3.mk
View File

@@ -4,9 +4,9 @@
#
################################################################################
PYTHON_URLLIB3_VERSION = 2.5.0
PYTHON_URLLIB3_VERSION = 2.6.1
PYTHON_URLLIB3_SOURCE = urllib3-$(PYTHON_URLLIB3_VERSION).tar.gz
PYTHON_URLLIB3_SITE = https://files.pythonhosted.org/packages/15/22/9ee70a2574a4f4599c47dd506532914ce044817c7752a79b6a51286319bc
PYTHON_URLLIB3_SITE = https://files.pythonhosted.org/packages/5e/1d/0f3a93cca1ac5e8287842ed4eebbd0f7a991315089b1a0b01c7788aa7b63
PYTHON_URLLIB3_LICENSE = MIT
PYTHON_URLLIB3_LICENSE_FILES = LICENSE.txt
PYTHON_URLLIB3_CPE_ID_VENDOR = python