diff options
author | adam <adam@pkgsrc.org> | 2019-08-14 07:43:33 +0000 |
---|---|---|
committer | adam <adam@pkgsrc.org> | 2019-08-14 07:43:33 +0000 |
commit | df3aca6c1b3f30760ee4f10de5359ae95bfa09ba (patch) | |
tree | 7dda6b5eeeb7f355e62937553190692c60d622b9 /www/nghttp2/Makefile | |
parent | 5156bc47da3549efb2ce6d7f75b0b44f0685135f (diff) | |
download | pkgsrc-df3aca6c1b3f30760ee4f10de5359ae95bfa09ba.tar.gz |
nghttp2: updated to 1.39.2
nghttp2 v1.39.2
This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack.
Fix CVE-2019-9511 and CVE-2019-9513
Add nghttp2_option_set_max_outbound_ack API function
nghttpx: Fix request stall
Diffstat (limited to 'www/nghttp2/Makefile')
-rw-r--r-- | www/nghttp2/Makefile | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/www/nghttp2/Makefile b/www/nghttp2/Makefile index 8a72d2a0b26..7de1a8e1ecb 100644 --- a/www/nghttp2/Makefile +++ b/www/nghttp2/Makefile @@ -1,7 +1,6 @@ -# $NetBSD: Makefile,v 1.54 2019/07/01 04:07:53 ryoon Exp $ +# $NetBSD: Makefile,v 1.55 2019/08/14 07:43:33 adam Exp $ -DISTNAME= nghttp2-1.39.1 -PKGREVISION= 1 +DISTNAME= nghttp2-1.39.2 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_GITHUB:=tatsuhiro-t/} EXTRACT_SUFX= .tar.xz |