summaryrefslogtreecommitdiff
path: root/www/nghttp2/Makefile
diff options
context:
space:
mode:
authoradam <adam@pkgsrc.org>2019-08-14 07:43:33 +0000
committeradam <adam@pkgsrc.org>2019-08-14 07:43:33 +0000
commitdf3aca6c1b3f30760ee4f10de5359ae95bfa09ba (patch)
tree7dda6b5eeeb7f355e62937553190692c60d622b9 /www/nghttp2/Makefile
parent5156bc47da3549efb2ce6d7f75b0b44f0685135f (diff)
downloadpkgsrc-df3aca6c1b3f30760ee4f10de5359ae95bfa09ba.tar.gz
nghttp2: updated to 1.39.2
nghttp2 v1.39.2 This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513 “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack. Fix CVE-2019-9511 and CVE-2019-9513 Add nghttp2_option_set_max_outbound_ack API function nghttpx: Fix request stall
Diffstat (limited to 'www/nghttp2/Makefile')
-rw-r--r--www/nghttp2/Makefile5
1 files changed, 2 insertions, 3 deletions
diff --git a/www/nghttp2/Makefile b/www/nghttp2/Makefile
index 8a72d2a0b26..7de1a8e1ecb 100644
--- a/www/nghttp2/Makefile
+++ b/www/nghttp2/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.54 2019/07/01 04:07:53 ryoon Exp $
+# $NetBSD: Makefile,v 1.55 2019/08/14 07:43:33 adam Exp $
-DISTNAME= nghttp2-1.39.1
-PKGREVISION= 1
+DISTNAME= nghttp2-1.39.2
CATEGORIES= www
MASTER_SITES= ${MASTER_SITE_GITHUB:=tatsuhiro-t/}
EXTRACT_SUFX= .tar.xz