Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-urllib3 for openSUSE:Factory checked in at 2026-01-09 17:02:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-urllib3 (Old) and /work/SRC/openSUSE:Factory/.python-urllib3.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-urllib3" Fri Jan 9 17:02:44 2026 rev:73 rq:1325966 version:2.6.2 Changes: -------- --- /work/SRC/openSUSE:Factory/python-urllib3/python-urllib3.changes 2025-06-24 20:46:12.164975997 +0200 +++ /work/SRC/openSUSE:Factory/.python-urllib3.new.1928/python-urllib3.changes 2026-01-09 17:02:53.122421463 +0100 @@ -1,0 +2,45 @@ +Wed Jan 7 09:49:28 UTC 2026 - Nico Krapp <[email protected]> + +- Update to 2.6.2 + * Fixed HTTPResponse.read_chunked() to properly handle leftover data in the + decoder's buffer when reading compressed chunked responses. +- Update to 2.6.1 + * Restore previously removed HTTPResponse.getheaders() and + HTTPResponse.getheader() methods. +- Update to 2.6.0 + * Security: + - Fixed a security issue where streaming API could improperly handle highly + compressed HTTP content ("decompression bombs") leading to excessive + resource consumption even when a small amount of data was requested. + Reading small chunks of compressed data is safer and much more efficient + now. (CVE-2025-66471, GHSA-2xpw-w6gg-jr37, bsc#1254867) + - Fixed a security issue where an attacker could compose an HTTP response + with virtually unlimited links in the Content-Encoding header, potentially + leading to a denial of service (DoS) attack by exhausting system resources + during decoding. The number of allowed chained encodings is now limited to + 5. (CVE-2025-66418, GHSA-gm62-xv2j-4w53, bsc#1254866) + * Features: + - Enabled retrieval, deletion, and membership testing in HTTPHeaderDict + using bytes keys. + - Added host and port information to string representations of + HTTPConnection. + - Added support for Python 3.14 free-threading builds explicitly. + * Removals: + - Removed the HTTPResponse.getheaders() method in favor of + HTTPResponse.headers. Removed the HTTPResponse.getheader(name, default) + method in favor of HTTPResponse.headers.get(name, default). + * Bugfixes: + - Fixed redirect handling in urllib3.PoolManager when an integer is passed + for the retries parameter. + - Fixed HTTPConnectionPool when used in Emscripten with no explicit port. + - Fixed handling of SSLKEYLOGFILE with expandable variables. + * Misc: + - Changed the zstd extra to install backports.zstd instead of zstandard on + Python 3.13 and before. + - Improved the performance of content decoding by optimizing + BytesQueueBuffer class. + - Allowed building the urllib3 package with newer setuptools-scm v9.x. + - Ensured successful urllib3 builds by setting Hatchling requirement + to ≥ 1.27.0. + +------------------------------------------------------------------- Old: ---- urllib3-2.5.0.tar.gz New: ---- urllib3-2.6.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-urllib3.spec ++++++ --- /var/tmp/diff_new_pack.gPpjWa/_old 2026-01-09 17:02:53.962457024 +0100 +++ /var/tmp/diff_new_pack.gPpjWa/_new 2026-01-09 17:02:53.966457193 +0100 @@ -1,7 +1,7 @@ # # spec file for package python-urllib3 # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %endif %{?sle15_python_module_pythons} Name: python-urllib3%{psuffix} -Version: 2.5.0 +Version: 2.6.2 Release: 0 Summary: HTTP library with thread-safe connection pooling, file post, and more License: MIT @@ -43,13 +43,13 @@ BuildRequires: python-rpm-macros #!BuildIgnore: python-requests Requires: ca-certificates-mozilla -Recommends: python-Brotli >= 1.0.9 +Recommends: python-Brotli >= 1.2.0 Recommends: python-PySocks >= 1.7.1 Recommends: python-h2 >= 4 Recommends: python-zstandard >= 0.18 BuildArch: noarch %if %{with test} -BuildRequires: %{python_module Brotli >= 1.0.9} +BuildRequires: %{python_module Brotli >= 1.2.0} BuildRequires: %{python_module PySocks >= 1.7.1} BuildRequires: %{python_module Quart >= 0.19} BuildRequires: %{python_module cryptography >= 43} ++++++ urllib3-2.5.0.tar.gz -> urllib3-2.6.2.tar.gz ++++++ ++++ 6119 lines of diff (skipped)
