libhtp-0.5.42-bp156.2.4

- CVE-2024-23837: excessive processing time of HTTP headers can
  lead to denial of service (boo#1220403)
  add CVE-2024-23837.patch

- Update to version 0.5.42
  * github: add initial workflow
  * htp: fixes warning about bad delimiter in URI
  * fuzz: fix a null dereference in a diff report
  * htp: fixes warning about integer

- Update to version 0.5.41
  * trim white space of invalid folding for first header
  * clear buffered data for body data
  * minor optimization for decompression code

- Update to version 0.5.40
  * uri: optionally allows spaces in uri
  * ints: integer handling improvements
  * headers: continue on nul byte
  * headers: consistent trailing space handling
  * list: fix integer overflow
  * util: remove unused htp_utf8_decode
  * fix 100-continue with CL 0
  * lzma: don't do unnecessary realloc

- Update to version 0.5.39
  * host: ipv6 address is a valid host
  * util: one char is not always empty line
  * test and fuzz improvements

- Update to version 0.5.38
  * consume empty lines when parsing chunks to avoid quadratic
    complexity.

- Update to version 0.5.37
  * support request body decompression
  * several accuracy fixes
  * fuzz improvments

- Update to version 0.5.36
  * fix a http pipelining issue

- Update to version 0.5.35
  * fix memory leak in tunnel traffoc
  * fix case where chunked data causes excessive CPU use

- Update to version 0.5.34
  * support data GAP handling
  * support 100-continue Expect
  * lzma: give more control over settings

- Update to version 0.5.33
  * compression bomb protection
  * memory handling issue found by Oss-Fuzz
  * improve handling of anomalies in traffic

- Update to version 0.5.32
  * bug fixes around pipelining

- Udpate to version 0.5.31
  * various improvements related to 'HTTP Evader'
  * various fixes for issues found by oss-fuzz
  * adds optional LZMA decompression

- Correct License

- Update to version 0.5.30
  * array/list handing optimization
  * fuzz targets improvements
- Update to version 0.5.29
  * prepare for oss-fuzz integration
  * fix undefined behavior signed int overflow
  * make status code parsing more robust

- Update to version 0.5.28
  * Fix potential memory leaks
  * Fix string truncation compile warning

- Update to version 0.5.27
  * Folded header field can be parsed as separate if there are
    no data available to peek into [#159]
  * libhtp crash at deal multiple decompression [#158]
  * Fix configure flag handling
  * Fix auth/digist header parsing out of bounds read

- Specfile cleanup
- Update to version 0.5.26
  * allow missing requests [#128, #163]
  * fix memory leak when response line is body [#161]
  * fix build on MinGW [#162]
  * fix gcc7 compiler warnings [#157]
- Update to version 0.5.25
  * underscore in htp_validate_hostname [#149]
  * fix SONAME issue [#151]
  * remove unrelated docbook code from tree [#153]
- Update to version 0.5.24
  * fix HTTP connect handling issue [#150]

- Initial version 0.5.20