Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-pylsqpack for
openSUSE:Factory checked in at 2026-04-28 11:53:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-pylsqpack (Old)
and /work/SRC/openSUSE:Factory/.python-pylsqpack.new.11940 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-pylsqpack"
Tue Apr 28 11:53:22 2026 rev:8 rq:1349273 version:0.3.24
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-pylsqpack/python-pylsqpack.changes
2026-01-28 15:05:54.042888707 +0100
+++
/work/SRC/openSUSE:Factory/.python-pylsqpack.new.11940/python-pylsqpack.changes
2026-04-28 11:53:32.618467056 +0200
@@ -1,0 +2,7 @@
+Sat Apr 25 19:56:19 UTC 2026 - Dirk Müller <[email protected]>
+
+- update to 0.3.24:
+ * Do not crash if decoding an empty header name
+ * Ensure encoder validates all input before starting encoding
+
+-------------------------------------------------------------------
Old:
----
pylsqpack-0.3.23.tar.gz
New:
----
pylsqpack-0.3.24.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-pylsqpack.spec ++++++
--- /var/tmp/diff_new_pack.MQGNOX/_old 2026-04-28 11:53:33.446501247 +0200
+++ /var/tmp/diff_new_pack.MQGNOX/_new 2026-04-28 11:53:33.450501413 +0200
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-pylsqpack
-Version: 0.3.23
+Version: 0.3.24
Release: 0
Summary: Python ls-qpack QPACK library
License: BSD-3-Clause
++++++ pylsqpack-0.3.23.tar.gz -> pylsqpack-0.3.24.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pylsqpack-0.3.23/PKG-INFO
new/pylsqpack-0.3.24/PKG-INFO
--- old/pylsqpack-0.3.23/PKG-INFO 2025-10-10 19:06:52.422104800 +0200
+++ new/pylsqpack-0.3.24/PKG-INFO 2026-03-29 17:37:19.968556600 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: pylsqpack
-Version: 0.3.23
+Version: 0.3.24
Summary: Python wrapper for the ls-qpack QPACK library
Author-email: Jeremy Lainé <[email protected]>
License-Expression: BSD-3-Clause
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pylsqpack-0.3.23/src/pylsqpack/__init__.py
new/pylsqpack-0.3.24/src/pylsqpack/__init__.py
--- old/pylsqpack-0.3.23/src/pylsqpack/__init__.py 2025-10-10
19:06:42.000000000 +0200
+++ new/pylsqpack-0.3.24/src/pylsqpack/__init__.py 2026-03-29
17:37:12.000000000 +0200
@@ -9,4 +9,4 @@
StreamBlocked,
)
-__version__ = "0.3.23"
+__version__ = "0.3.24"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pylsqpack-0.3.23/src/pylsqpack/binding.c
new/pylsqpack-0.3.24/src/pylsqpack/binding.c
--- old/pylsqpack-0.3.23/src/pylsqpack/binding.c 2025-10-10
19:06:42.000000000 +0200
+++ new/pylsqpack-0.3.24/src/pylsqpack/binding.c 2026-03-29
17:37:12.000000000 +0200
@@ -68,8 +68,17 @@
*/
static struct lsxpack_header *header_block_prepare_decode(void *opaque, struct
lsxpack_header *xhdr, size_t space) {
struct header_block *hblock = opaque;
- char *buf = realloc(hblock->header_buffer, space);
- if (!buf) return NULL;
+ char *buf;
+
+ // The behaviour of realloc(ptr, 0) is implementation specific,
+ // so if asked for a zero size we explicitly free the memory.
+ if (space) {
+ buf = realloc(hblock->header_buffer, space);
+ if (!buf) return NULL;
+ } else {
+ free(hblock->header_buffer);
+ buf = 0;
+ }
hblock->header_buffer = buf;
if (xhdr) {
@@ -426,16 +435,12 @@
if (!PyArg_ParseTupleAndKeywords(args, kwargs, "KO", kwlist, &stream_id,
&list))
return NULL;
+ // Validate all the input headers.
if (!PyList_Check(list)) {
PyErr_SetString(PyExc_ValueError, "headers must be a list");
return NULL;
}
- if (lsqpack_enc_start_header(&self->enc, stream_id, seqno) != 0) {
- PyErr_SetString(PyExc_RuntimeError, "lsqpack_enc_start_header failed");
- return NULL;
- }
-
for (Py_ssize_t i = 0; i < PyList_Size(list); ++i) {
tuple = PyList_GetItem(list, i);
if (!PyTuple_Check(tuple) || PyTuple_Size(tuple) != 2) {
@@ -450,10 +455,28 @@
}
name_len = PyBytes_Size(name);
value_len = PyBytes_Size(value);
+ if (name_len == 0) {
+ PyErr_SetString(PyExc_ValueError, "the header's name must not be
empty");
+ return NULL;
+ }
if (name_len + value_len > XHDR_BUF_SZ) {
PyErr_SetString(PyExc_ValueError, "the header's name and value are
too long");
return NULL;
}
+ }
+
+ // Start the encoding transaction.
+ if (lsqpack_enc_start_header(&self->enc, stream_id, seqno) != 0) {
+ PyErr_SetString(PyExc_RuntimeError, "lsqpack_enc_start_header failed");
+ return NULL;
+ }
+
+ for (Py_ssize_t i = 0; i < PyList_Size(list); ++i) {
+ tuple = PyList_GetItem(list, i);
+ name = PyTuple_GetItem(tuple, 0);
+ value = PyTuple_GetItem(tuple, 1);
+ name_len = PyBytes_Size(name);
+ value_len = PyBytes_Size(value);
// Copy the header name and value into the xhdr buffer.
memcpy(self->xhdr_buf, PyBytes_AsString(name), name_len);
@@ -468,6 +491,7 @@
&xhdr,
0) != LQES_OK) {
PyErr_SetString(PyExc_RuntimeError, "lsqpack_enc_encode failed");
+ lsqpack_enc_end_header(&self->enc, self->pfx_buf, PREFIX_MAX_SIZE,
NULL);
return NULL;
}
enc_off += enc_len;
@@ -476,7 +500,7 @@
pfx_len = lsqpack_enc_end_header(&self->enc, self->pfx_buf,
PREFIX_MAX_SIZE, NULL);
if (pfx_len <= 0) {
- PyErr_SetString(PyExc_RuntimeError, "lsqpack_enc_start_header failed");
+ PyErr_SetString(PyExc_RuntimeError, "lsqpack_enc_end_header failed");
return NULL;
}
pfx_off = PREFIX_MAX_SIZE - pfx_len;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pylsqpack-0.3.23/src/pylsqpack.egg-info/PKG-INFO
new/pylsqpack-0.3.24/src/pylsqpack.egg-info/PKG-INFO
--- old/pylsqpack-0.3.23/src/pylsqpack.egg-info/PKG-INFO 2025-10-10
19:06:52.000000000 +0200
+++ new/pylsqpack-0.3.24/src/pylsqpack.egg-info/PKG-INFO 2026-03-29
17:37:19.000000000 +0200
@@ -1,6 +1,6 @@
Metadata-Version: 2.4
Name: pylsqpack
-Version: 0.3.23
+Version: 0.3.24
Summary: Python wrapper for the ls-qpack QPACK library
Author-email: Jeremy Lainé <[email protected]>
License-Expression: BSD-3-Clause
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pylsqpack-0.3.23/tests/test_decoder.py
new/pylsqpack-0.3.24/tests/test_decoder.py
--- old/pylsqpack-0.3.23/tests/test_decoder.py 2025-10-10 19:06:42.000000000
+0200
+++ new/pylsqpack-0.3.24/tests/test_decoder.py 2026-03-29 17:37:12.000000000
+0200
@@ -63,6 +63,19 @@
# free the decoder with pending block
del decoder
+ def test_decompress_failed_empty_header_name(self):
+ """
+ Decoding a header with an empty name should fail but not crash.
+
+ The input was generated by passing the following to the encoder:
+
+ [(b"one", b"foo"), (b"", b"bar")]
+ """
+ decoder = Decoder(0x100, 0x10)
+ with self.assertRaises(DecompressionFailed) as cm:
+ decoder.feed_header(0,
binascii.unhexlify("00002a3d458294e72003626172"))
+ self.assertEqual(str(cm.exception), "lsqpack_dec_header_in for stream
0 failed")
+
def test_decompression_failed_too_short(self):
decoder = Decoder(0x100, 0x10)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/pylsqpack-0.3.23/tests/test_encoder.py
new/pylsqpack-0.3.24/tests/test_encoder.py
--- old/pylsqpack-0.3.23/tests/test_encoder.py 2025-10-10 19:06:42.000000000
+0200
+++ new/pylsqpack-0.3.24/tests/test_encoder.py 2026-03-29 17:37:12.000000000
+0200
@@ -17,6 +17,13 @@
encoder.encode(stream_id, ["hello"])
self.assertEqual(str(cm.exception), "the header must be a two-tuple")
+ def test_encode_name_empty(self):
+ encoder = Encoder()
+ stream_id = 0
+ with self.assertRaises(ValueError) as cm:
+ encoder.encode(stream_id, [(b"", b"bar")])
+ self.assertEqual(str(cm.exception), "the header's name must not be
empty")
+
def test_encode_name_not_bytes(self):
encoder = Encoder()
stream_id = 0
