Workflow

Python-spdylay

Latest version: v0.1.2

Safety actively analyzes 619197 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

1.4.0

=============

Release Note
------------

This release removes CREDENTIAL frame support. The API functions are
still there, but they are now noop.

Changes
-------

* Renew test key pair

* Fix OpenSSL 1.1.0 deprecation warnings

* spdylay: compile against openssl-1.1.0

It fails to compile against openssl 1.1.0 due to things like
|shrpx_client_handler.cc:90:30: error: 'strerror' was not declared in this scope
|shrpx_listen_handler.cc:112:32: error: 'memset' was not declared in this scope
|shrpx_listen_handler.cc:114:43: error: 'memcpy' was not declared in this scope

This resolves it.

Signed-off-by: Sebastian Andrzej Siewior <sebastianbreakpoint.cc>

Patch from Sebastian Andrzej Siewior

* spdycat: Fix leak in SpdySession.reqvec

* Compile with IRIX 6.5.22 using GCC-4.7.4

Based on the patch from Klaus Ziegler

* Remove CREDENTIAL frame processing completely

We just left API as is, but related functions just do nothing now.

* Allocate stream ID when spdylay_submit_{syn_stream,request} is called

This commit allocates stream ID when spdylay_submit_syn_stream and
spdylay_submit_request is called. Also create stream when
spdylay_session_predicate_syn_stream_send is failed, to provide
stream to user callback (e.g., on_ctrl_not_send_callback).
Allocating stream ID early ensures that we can create stream because
we can catch stream ID exhaustion early and fail fast. Since stream
ID is allocated serially, we have to send SYN_STREAM in the order
they queued. So now all queued syn_stream have the same priority
(lowest). The DATA frame has given priority by application. This
does not work well with CREDENTIAL frame, since SYN_STREAM may wait
for CREDENTIAL, which results in out of order transmission. Since
CREDENTIAL frame was deprecated in SPDY/3.1, and no one use it, we
remove its functionality in the later commit.

* spdycat: --proxy-port, not --proxyport

Fixes GH-132

* spdycat: Check :host header field for SNI, since Host header is not allowed

* spdycat: Update spdycat --help output for --header

Patch from Chris Adams

* spdycat: Fix resource leak found by coverity scan

Links

Releases

Has known vulnerabilities

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.