[Buildroot] [git commit branch/2025.02.x] package/python-h2: security bump to version 4.3.0

Titouan Christophe titouan.christophe at mind.be
Thu Sep 4 11:57:24 UTC 2025 

commit: https://git.buildroot.net/buildroot/commit/?id=65c245324dcacff304843efa438d7012b8a4efcb
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2025.02.x

Fixes the following security vulnerability:

- CVE-2025-57804: HTTP/2 request splitting via CRLF injection

  https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h

Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit 2389965eaf8ba396f74e35d4558be79bf1e8c8a6)
Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
---
 package/python-h2/python-h2.hash | 4 ++--
 package/python-h2/python-h2.mk   | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package/python-h2/python-h2.hash b/package/python-h2/python-h2.hash
index 2f9c8f647f..5adfc86f52 100644
--- a/package/python-h2/python-h2.hash
+++ b/package/python-h2/python-h2.hash
@@ -1,5 +1,5 @@
 # md5, sha256 from https://pypi.org/pypi/h2/json
-md5  4274f9619c0a43bb4ae01b6b02bf0c99  h2-4.1.0.tar.gz
-sha256  a83aca08fbe7aacb79fec788c9c0bac936343560ed9ec18b82a13a12c28d2abb  h2-4.1.0.tar.gz
+md5  b4781bbaaae609aa759565585718e0d7  h2-4.3.0.tar.gz
+sha256  6c59efe4323fa18b47a632221a1888bd7fde6249819beda254aeca909f221bf1  h2-4.3.0.tar.gz
 # Locally computed sha256 checksums
 sha256  7a65a5af0cbabf1c16251c7c6b2b7cb46d16a7222e79975b9b61fcd66a2e3f28  LICENSE
diff --git a/package/python-h2/python-h2.mk b/package/python-h2/python-h2.mk
index 699e8baece..d9cfbdbf92 100644
--- a/package/python-h2/python-h2.mk
+++ b/package/python-h2/python-h2.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-PYTHON_H2_VERSION = 4.1.0
+PYTHON_H2_VERSION = 4.3.0
 PYTHON_H2_SOURCE = h2-$(PYTHON_H2_VERSION).tar.gz
-PYTHON_H2_SITE = https://files.pythonhosted.org/packages/2a/32/fec683ddd10629ea4ea46d206752a95a2d8a48c22521edd70b142488efe1
+PYTHON_H2_SITE = https://files.pythonhosted.org/packages/1d/17/afa56379f94ad0fe8defd37d6eb3f89a25404ffc71d4d848893d270325fc
 PYTHON_H2_SETUP_TYPE = setuptools
 PYTHON_H2_LICENSE = MIT
 PYTHON_H2_LICENSE_FILES = LICENSE

More information about the buildroot mailing list