[rpms/cpp-httplib] f43: Update to 0.48.0 (rhbz#2481109)

public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed

* [rpms/cpp-httplib] f43: Update to 0.48.0 (rhbz#2481109)
@ 2026-06-24 12:49 
  0 siblings, 0 replies; only message in thread
From:  @ 2026-06-24 12:49 UTC (permalink / raw)
  To: git-commits

            A new commit has been pushed.

            Repo   : rpms/cpp-httplib
            Branch : f43
            Commit : f739e96075999566403d917ce6a416a927ccfa97
            Author : Petr Menšík <pemensik@redhat.com>
            Date   : 2026-06-24T14:49:16+02:00
            Stats  : +2/-2 in 2 file(s)
            URL    : https://src.fedoraproject.org/rpms/cpp-httplib/c/f739e96075999566403d917ce6a416a927ccfa97?branch=f43

            Log:
            Update to 0.48.0 (rhbz#2481109)

Security fixes

- Complete the IP-host certificate identity fix from v0.47.0 for the
Mbed TLS and wolfSSL backends. An IP-literal host is now authenticated
only via a matching iPAddress SAN, never via the certificate's Common
Name (RFC 9110) — matching what the OpenSSL backend already enforces
through X509_check_ip. Previously these backends fell back to the CN
when no IP SAN matched, and recognized IPv4 only; now IPv6 (16-byte)
iPAddress SANs are matched as well, and the CN fallback is skipped for
both IPv4 and IPv6 literal hosts (#2476)

Improvements

- Replace the strtod-based from_chars for double with a hand-written,
locale-independent parser. The only double parsed by the library is the
HTTP quality value; strtod reads the decimal separator from the global C
locale, so an embedder calling setlocale(LC_ALL, "") into a
comma-decimal locale would mis-parse q-values. The new parser always
treats . as the decimal separator and is allocation-free (Fix #2475)
- Fix OpenSSL 4.0 deprecation warnings: fetch CA store objects via the
thread-safe X509_STORE_get1_objects() (OpenSSL 3.3+) and extract the
subject CN via X509_NAME_get_index_by_NID()/X509_NAME_get_entry()
instead of the deprecated X509_STORE_get0_objects() and
X509_NAME_get_text_by_NID(). Older OpenSSL, BoringSSL, and LibreSSL keep
using the get0 path. Verified warning-free against OpenSSL 4.0.1, 3.6.2,
and 3.0

Behavior changes

- decode_query_component() now uses strict hex parsing for
percent-escapes, consistent with decode_uri_component() and
decode_path_component(). A % followed by non-hex characters (e.g. a sign
or whitespace such as %-1, %+5, % 5) is passed through literally instead
of being accepted as a valid escape (#2472)

Source: https://github.com/yhirose/cpp-httplib/releases/tag/v0.48.0

---
diff --git a/cpp-httplib.spec b/cpp-httplib.spec
index d75ea00..56bec19 100644
--- a/cpp-httplib.spec
+++ b/cpp-httplib.spec
@@ -18,7 +18,7 @@
 %endif
 
 Name:           cpp-httplib
-Version:        0.47.0
+Version:        0.48.0
 %forgemeta
 Release:        %autorelease
 

diff --git a/sources b/sources
index 639925f..7f35b15 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (cpp-httplib-0.47.0.tar.gz) = dffde14997beef8b6f35f985d0865b2679f133a79a626df1d915c445b63108ef326becd31475751c78d02a1563ef0cff48ff646e47591e2e479b3bbc57d65d2d
+SHA512 (cpp-httplib-0.48.0.tar.gz) = bc9474b0069b84b33f96790d48cee5b52eb1b9555ea6321ce878679c4469f1c56b87b34e74786e47d09cad5a00539cdd6726058bd0ffb2087255f02d7bdabe51

^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2026-06-24 12:49 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-24 12:49 [rpms/cpp-httplib] f43: Update to 0.48.0 (rhbz#2481109)

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox