From: Stuart Henderson <stu@spacehopper.org>
Subject: Re: www/py-h2: secutriy update to 4.3.0
To: ports@openbsd.org, daniel@openbsd.org
Date: Tue, 26 Aug 2025 11:27:09 +0100

On 2025/08/25 00:53, Kirill A. Korinsky wrote:
> ports@,
> 
> I'd like to update www/py-h2 to 4.3.0.
> 
> This is security related update, see:
> https://github.com/python-hyper/h2/security/advisories/GHSA-847f-9342-265h
> 
> I've brifly tested it by www/httpcore and tested with my usual usecase with
> security/mitmproxy on -current/amd64, no regression.
> 
> Ok?
> 
> Also, I not sure should we backport to -stable, thougs?
> 
> Index: Makefile
> ===================================================================
> RCS file: /home/cvs/ports/www/py-h2/Makefile,v
> diff -u -p -r1.4 Makefile
> --- Makefile	29 Apr 2025 10:40:30 -0000	1.4
> +++ Makefile	24 Aug 2025 22:45:52 -0000
> @@ -1,6 +1,6 @@
>  COMMENT =		pure-Python HTTP/2 State-Machine based protocol
>  
> -MODPY_DISTV =		4.2.0
> +MODPY_DISTV =		4.3.0
>  DISTNAME =		h2-${MODPY_DISTV}
>  PKGNAME =		py-${DISTNAME}
>  REVISION =		0

REVISION to drop

> Index: distinfo
> ===================================================================
> RCS file: /home/cvs/ports/www/py-h2/distinfo,v
> diff -u -p -r1.2 distinfo
> --- distinfo	3 Feb 2025 14:16:33 -0000	1.2
> +++ distinfo	24 Aug 2025 22:47:34 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (h2-4.2.0.tar.gz) = yKUhKWleiLGgV42NLMaEK715EorGhUY7iH7ieBJq0B8=
> -SIZE (h2-4.2.0.tar.gz) = 2150682
> +SHA256 (h2-4.3.0.tar.gz) = bFnv5DI/oYtHpjIiGhiIvX/eYkmBm+2iVK7KkJ8iG/E=
> +SIZE (h2-4.3.0.tar.gz) = 2152026
> 
> 
> -- 
> wbr, Kirill
> 

afaik, this could go to -stable without problems if wanted.