diff options
author | adam <adam@pkgsrc.org> | 2020-06-02 19:12:55 +0000 |
---|---|---|
committer | adam <adam@pkgsrc.org> | 2020-06-02 19:12:55 +0000 |
commit | 092be1d4b9668d36e25886bfda2b22f24740bdbe (patch) | |
tree | 8281cc9767490e4ecca5a5d4f12afb957023e92c /www | |
parent | 161d5b5ea01ababac055f13e6b22483046cbefd4 (diff) | |
download | pkgsrc-092be1d4b9668d36e25886bfda2b22f24740bdbe.tar.gz |
nghttp2: updated to 1.14.0
Nghttp2 v1.41.0
Security Advisory
CVE-2020-11080: Denial of service: Overly large SETTINGS frames
For more information, read the security advisory.
lib
This release implements nghttp2_option_set_max_settings API which sets the maximum number of SETTINGS entries in one SETTINGS frame to mitigate the security issue. It also moves SETTINGS flood check earlier to make it more effective.
The bug which stalls receiving stream data is fixed. Previously, if automatic window update is enabled (which is default), after window size is set to 0 by nghttp2_session_set_local_window_size, once the receiving window is exhausted, even after window size is increased by nghttp2_session_set_local_window_size, no more data cannot be received. This is because nghttp2_session_set_local_window_size does not submit WINDOW_UPDATE. It is only triggered when new data arrives but since window is filled up, no more data cannot be received, thus dead lock happens.
build
With cmake build, the hard-coded static lib suffix is now optional.
nghttpx
proxyprotocol v2 has been implemented.
The bug in getting certificate serial number with mruby script has been fixed.
h2load
New option, --connect-to, is added.
Diffstat (limited to 'www')
-rw-r--r-- | www/nghttp2-tools/Makefile | 3 | ||||
-rw-r--r-- | www/nghttp2/Makefile | 4 | ||||
-rw-r--r-- | www/nghttp2/Makefile.common | 4 | ||||
-rw-r--r-- | www/nghttp2/distinfo | 10 |
4 files changed, 9 insertions, 12 deletions
diff --git a/www/nghttp2-tools/Makefile b/www/nghttp2-tools/Makefile index ee304ca3f7f..f140869a7e0 100644 --- a/www/nghttp2-tools/Makefile +++ b/www/nghttp2-tools/Makefile @@ -1,6 +1,5 @@ -# $NetBSD: Makefile,v 1.3 2020/06/02 08:24:57 adam Exp $ +# $NetBSD: Makefile,v 1.4 2020/06/02 19:12:55 adam Exp $ -PKGREVISION= 2 .include "../../www/nghttp2/Makefile.common" PKGNAME= ${DISTNAME:S/-/-tools-/} diff --git a/www/nghttp2/Makefile b/www/nghttp2/Makefile index 03c9e6bb592..936fec83d1a 100644 --- a/www/nghttp2/Makefile +++ b/www/nghttp2/Makefile @@ -1,9 +1,7 @@ -# $NetBSD: Makefile,v 1.62 2020/06/02 08:24:57 adam Exp $ +# $NetBSD: Makefile,v 1.63 2020/06/02 19:12:55 adam Exp $ .include "Makefile.common" -PKGREVISION= 5 - COMMENT= Implementation of HTTP/2 in C # Upstream documents that c++14 is required for C++ parts of the code; diff --git a/www/nghttp2/Makefile.common b/www/nghttp2/Makefile.common index e5790da2d5e..252a262b579 100644 --- a/www/nghttp2/Makefile.common +++ b/www/nghttp2/Makefile.common @@ -1,8 +1,8 @@ -# $NetBSD: Makefile.common,v 1.1 2020/03/30 14:00:09 adam Exp $ +# $NetBSD: Makefile.common,v 1.2 2020/06/02 19:12:55 adam Exp $ # used by www/nghttp2/Makefile # used by www/nghttp2-tools/Makefile -DISTNAME= nghttp2-1.40.0 +DISTNAME= nghttp2-1.41.0 CATEGORIES= www MASTER_SITES= ${MASTER_SITE_GITHUB:=tatsuhiro-t/} EXTRACT_SUFX= .tar.xz diff --git a/www/nghttp2/distinfo b/www/nghttp2/distinfo index 9cc868dae3e..b264f9abb1e 100644 --- a/www/nghttp2/distinfo +++ b/www/nghttp2/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.43 2019/11/20 16:38:22 adam Exp $ +$NetBSD: distinfo,v 1.44 2020/06/02 19:12:55 adam Exp $ -SHA1 (nghttp2-1.40.0.tar.xz) = 7df231b961b84bd5d0c8ce81062de8aad83fcf5e -RMD160 (nghttp2-1.40.0.tar.xz) = 91b637294817800880bdce5d15b0876189f2d53a -SHA512 (nghttp2-1.40.0.tar.xz) = 3f9b989c4bd9571b11bb9d59fe2dfd5596ba3962babfc836587d5047e780400a6cf46e43c602caa25ca83c03b84a1629953140d45223099b193df54a719745ce -Size (nghttp2-1.40.0.tar.xz) = 1637004 bytes +SHA1 (nghttp2-1.41.0.tar.xz) = f5cf4fdf6a29adcd810c938736044289a3bf11ff +RMD160 (nghttp2-1.41.0.tar.xz) = 9d23cd271ac59c4f0c1c4748076d51e356b2fc0b +SHA512 (nghttp2-1.41.0.tar.xz) = c92e8022ccc876fa311f21bc5bf5af75feff8232efb56a4b2ab198031e974d15b67c16c046188cc76552f75a1b2e7115925d6ce1e42d6f94ae482fe69727466d +Size (nghttp2-1.41.0.tar.xz) = 1640712 bytes |