./www/h2o, Optimized HTTP server with support for HTTP/1.x and HTTP/2

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.2.5nb1, Package name: h2o-2.2.5nb1, Maintainer: pkgsrc-users

H2O is a very fast HTTP server written in C. It can also be used as a library.


* HTTP/1.0, HTTP/1.1
* HTTP/2
* WebSocket
* static file serving
* reverse proxy
* access-logging
* graceful restart and self-upgrade

Required to run:
[lang/perl5] [textproc/libyaml] [devel/libuv] [www/wslay]

Required to build:

Master sites:

SHA1: 188cd4792d28cd7c88a572f6a92949c6aaef5693
RMD160: 4036c8ec4042fd3d9191aa38cff0754072b9067f
Filesize: 15876.265 KB

Version history: (Expand)

CVS history: (Expand)

   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-06-24 11:17:03 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
h2o: updated to 2.2.5:

H2O version 2.2.5:
This is a bug-fix release of the 2.2 series with following changes from 2.2.4, \ 
including one vulnerability fix.
[security fix][access-log] fix buffer overflow CVE-2018-0608
[fastcgi] index file name must be part of SCRIPT_NAME
[http2] do not compress cookies less than 20 bytes long
[http2] stop opening new push streams after receiving GOAWAY
[http2] fix conformance issues
[mruby] drop the link rel=preload header with a x-http2-push-only attribute
[mruby] allow loading a file that shares the basename with one of the preloaded files
[proxy] fix I/O error when receiving multiple informational responses
[ssl] fix bug that prevents record size growing to maximum when latency \ 
optimization is disabled
[ssl] fix compatibility issues with libressl 2.7
[ssl] update picotls to support TLS 1.3 draft-26
   2017-07-31 00:32:28 by Thomas Klausner | Files touched by this commit (229)
Log message:
Switch github HOMEPAGEs to https.
   2017-04-09 17:30:07 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 2.2.0:
[core] add crash-handler.wait-pipe-close parameter 1092 (Frederik Deweerdt)
[core] introduce an option to bypass the server header sent from upstream 1226 \ 
(Frederik Deweerdt)
[core] apply global- and host-level configuration to requests not applicable to \ 
any of the path-level configurations 1231 (Kazuho Oku)
[access-log] add %{remote}p for logging the remote port 1166 (Kazuho Oku)
[access-log] add support for JSON-style escapes and null 1208 (Kazuho Oku)
[access-log] add specifier for logging per-request environment variables 1221 \ 
(Yannick Koechlin)
[access-log] add support for <, > modifiers for logging either the \ 
original or the final response 1238 (Kazuho Oku)
[access-log] do not emit request-total-time twice 1017 (Kazuho Oku)
[fastcgi] fix a bug that closes the FastCGI listener socket during startup 1203 \ 
(Frederik Deweerdt)
[file] add directive for serving gzipped files, decompressing them on-the-fly \ 
1140 (Ichito Nagata)
[headers] fix buffer overrun during startup 1180 (Frederik Deweerdt)
[http1][proxy] preserve the cases of characters used in header names 1194 \ 
(Frederik Deweerdt)
[http1][proxy] fix undefined behavior in HTTP/1 parser 1189 (Frederik Deweerdt)
[http1] stop reading from socket after sending 400 to avoid the risk of \ 
assertion failure 1223 (Frederik Deweerdt)
[http2] recognize x-http2-push-only attribute on link header 1169 (Frederik Deweerdt)
[http2] add optional timeout for closing connections upon graceful shutdown 1108 \ 
(Frederik Deweerdt)
[http2] do not ack an acked PING frame 1175 (Moto Ishisawa)
[http2] reject requests exceeding the maximum allowed size more efficiently 1183 \ 
(Frederik Deweerdt)
[mruby] remove dependenty to mkmf 1197 (Yuki Kurihara)
[mruby] correct the line number reported on an exception 1239 (Ichito Nagata)
[proxy] add directives for tweaking headers sent to upstream 1126 (Justin Zhu)
[proxy] retain case-sensitivity of unix socket paths 1131 (Frederik Deweerdt)
[proxy] add directive for controlling the via request header 1225 (Frederik Deweerdt)
[ssl] add directive for logging session ID 1164 (Yannick Koechlin)
[ssl] add support for TLS 1.3 draft-18 1204 (Kazuho Oku)
[ssl] stop evicting session entries in memcached when they are removed from \ 
internal cache 1185 (Ichito Nagata)
[ssl] fix crash when a secp384r1, secp521r1 certificate is used with TLS 1.3 \ 
1214 (Kazuho Oku)
[ssl] fix build failure with OpenSSL 1.1.0 1216 (Kazuho Oku)
[ssl] add doc for handshake-timeout 1233 (Kazuho Oku)
[status] fix race condition during start-up 1242 (Frederik Deweerdt)
[libh2o] implement h2o_evloop_destroy 1200 (kazan417)
[misc] add test code for fuzzing 1174 1182 1191 1192 (Frederik Deweerdt, \ 
Jonathan Foote)
[misc] fix issues reported by Coverity 1168 1172 1179 (Harrison Bowden, Frederik \ 
   2017-01-26 22:11:54 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Changes 2.1.0:
[core] TCP latency optimization
[core] provide tag to include other YAML files from the configuration file
[core] accept sequence of mappings for path-level configuration
[core] fix broken support for TCP Fast Open in OS X
[access-log] provide directive to emit request-level errors
[access-log] emit values of all set-cookie headers concatenated
[fastcgi] fix connection failure when fastcgi.spawn is used with an uid
[file] more pre-defined MIME types
[http2][proxy] recognize link rel=preload headers in interim response as a \ 
trigger to push resources
[http1][http2] validate characters used in the headers
[http1][http2] notify error downstream when an error occurred while generating a \ 
[http1][http2] fix resource leak upon upgrade failure to HTTP/2
[http2] add http2-push-preload directive to turn off H2 push being initiated by \ 
link rel=preload header
[http2] add support for cache-digest header
[http2] drop host header in HTTP/2 layer
[http2] don't use etag for calculating casper cookie
[http2] add support for H2 debug state
[mruby] add dos_detector mruby handler
[mruby] add DSL for access control lists (acl)
[mruby] share mruby state and constants between handlers
[mruby] add library for address-block-based access control
[proxy] add an option to connect to upstream using PROXY protocol
[proxy] don't escape : in URI path
[proxy] preserve received URLs as much as possible
[proxy] add an option to prevent emiting x-forwarded-* headers
[proxy] cache TLS session used for upstream connections
[proxy] turn on/off on-the-fly compression based on the x-compress-hint header
[ssl] set add_lock callback to prevent unnecessary lock-add-unlock
[ssl] add support for OpenSSL 1.1.0
[status] collect and report HTTP statistics
[status] report additional stats when jemalloc is used
[throttle] add new handler for throttling the response bandwidth
[libh2o] provide h2o_rand that calls the appropriate random function depending \ 
on the OS
[libh2o] do not require use of picohttpparser.h when using the HTTP/1 client
[libh2o] install library files to the correct location
[misc] provide crash-handler directive to customize crash logging
[misc] guess the default location of h2o.conf
[misc] allow to disable libuv even when it is found
[misc] add font/woff2 to the default mime-type mapping
[misc] mark JavaScript and JSON files as compressible by default
   2016-09-17 13:10:23 by Makoto Fujiwara | Files touched by this commit (2) | Package updated
Log message:
Updated www/h2o to 2.0.4
2.0.4 2016-09-14 08:00:00+0000
 - [security fix][core] fix DoS attack vector CVE-2016-4864 (Frederik Deweerdt, \ 
Kazuho Oku)
 - [libh2o] fix crash on connect timeout #960 (disigma)
   2016-09-14 16:23:25 by Makoto Fujiwara | Files touched by this commit (2)
Log message:
2.0.3 2016-09-07 22:03:00+0000
 - [file] don't use `readdir_r` on Linux, Solaris #1046 #1052
          (Frederik Deweerdt, Kazuho Oku)
 - [http2] fix negative error code sent when cancelling a pushed
           stream #1039 (Frederik Deweerdt)
 - [http2] fix a bug that may cause a stream to stall #1040 (Frederik
 - [http2] fix a bug that reset the stream when receiving HEADERS
           after PRIORITY #1043 (Frederik Deweerdt)
 - [mruby] fix mruby handler becoming unusable after failed connection
           in http_request on FreeBSD #1062 (Kazuho Oku)
   2016-08-02 19:39:41 by Amitai Schlair | Files touched by this commit (3) | Package updated
Log message:
Update to 2.0.2. From the changelog:

- [fastcgi] setenv should displace HTTP headers
  #996 (Kazuho Oku)
- [http2] fix buffer overrun
  #972 (Frederik Deweerdt)
- [misc] fix build error when libuv is not found
  #1008 (nextgenthemes)
- [misc] fix assertion failure when YAML alias and merge is used in
  certain way
  #1011 (Kazuho Oku)
- [fastcgi] fix internal server error when PHP returns a huge header
  #958 (Kazuho Oku)
- [http2] recognize link header containing multiple links
  #950 (Frederik Deweerdt)
- [libh2o] fix resource leaks upon startup failure
  #936 (David CARLIER)
- [libh2o] do not require linking to libbrotli externally
  #941 (Kazuho Oku)
- [core][breaking change] do not automatically append `/` to path-level
  #820 (Kazuho Oku)
- [core] support `<<` in configuration file
  #786 (Kazuho Oku)
- [core] configurable server: header
  #877 (Frederik Deweerdt)
- [core] add directive for customizing the path of temporary buffer files
  #911 (Kazuho Oku)
- [core] fix crash when receiving SIGTERM during start-up
  #878 (Frederik Deweerdt)
- [core] spawn the configured number of DNS client threads
  #880 (Sean McArthur)
- [access-log] add directive for logging protocol-specific values
  #801 (Kazuho Oku)
- [access-log][fastcgi][mruby] per-request environment variables
  #868 (Kazuho Oku)
- [access-log] fix memory leak during start-up
  #864 (Frederik Deweerdt)
- [compress] on-the-fly compression using brotli, as well as
  directives to tune the compression parameters
  #802, #924 (Kazuho Oku, Frederik Deweerdt)
- [compress][expires] refrain from setting redundant `cache-control` tokens
  #846 (Kazuho Oku)
- [file] `file.file` directive for mapping specific file
  #822 (Kazuho Oku)
- [file] `send-compress` directive (renamed from `send-gzip`) to support
  pre-compressed files using brotli
  #802 (Kazuho Oku)
- [file] cache open failures
  #836 (Kazuho Oku)
- [http2] support for nopush attribute in the link rel=preload header
  #863 (Satoh Hiroh)
- [http2] support for push after delegation
  #866 (Kazuho Oku)
- [http2] ignore push indications made by a pushed response
  #897 (Kazuho Oku)
- [http2] accept `capacity-bits` attribute of the `http2-casper`
  configuration directive
  #882 (Satoh Hiroh)
- [http2] avoid memcpy during HPACK huffman encoding
  #749 (Kazuho Oku)
- [http2] fix potential stall when http2-max-concurrent-requests-per-
  connection is set to a small number
  #912 (Kazuho Oku)
- [http2] refuse push a single resource more than once
  #903 (Kazuho Oku)
- [http2] fix assertion failure when receiving more data than expected
  during upgrade
  #922 (Frederik Deweerdt)
- [mruby] add $H2O_ROOT/share/h2o/mruby to the default load path
  #851 (Kazuho Oku)
- [proxy] add support for HTTPS
  #875 (Kazuho Oku)
- [proxy] add an configuration option to pass through `x-forwarded-
  proto` request header
  #883 (Kazuho Oku)
- [proxy] log error when upstream connection is unexpectedly closed
  #895 (Frederik Deweerdt)
- [ssl] update libressl to 2.2.7
  #898 (Kazuho Oku)
- [ssl] support ECDH curves other than P-256
  #841 (Kazuho Oku)
- [ssl] add support for text-based memcache protocol
  #854 (Kazuho Oku)
- [ssl] fix memory leak when using TLS resumption with the memcached backend
  #856 (Kazuho Oku)
- [ssl] fix "undefined subroutine" error in the OCSP updater
  #872 (Masayuki Matsuki)
- [ssl] cap the number of OCSP updaters running concurrently
  #891 (Kazuho Oku)
- [ssl] fix use-after-free when using session resumption with memcached backend
  #923 (Frederik Deweerdt)
- [libh2o] add API for obtaining the socket descriptor
  #886 (Frederik Deweerdt)
- [libh2o] add API to selectively disable automated I/O on reads and writes
  #890 (Frederik Deweerdt)
- [libh2o] bugfix: h2o_mem_swap swaps only the first 256 bytes
  #924 (Frederik Deweerdt)
- [status] introduce the status handler
  #848 (Kazuho Oku)
- [misc] install examples
  #850 (James Rouzier)
- [security fix][http2] fix use-after-free on premature connection close
  #920 (Frederik Deweerdt)
- [core] fix SIGBUS when temporary disk space is full
  #910 (Kazuho Oku)
- [mruby] do not drop `link` header
  #913 (Kazuho Oku)
- [mruby] fix memory leak during initialization
  #906 (Frederik Deweerdt)
- [mruby] fix race condition in mruby regex handler
  #908 (Kazuho Oku)
- [libh2o] fix crash in h2o_url_stringify
  #918 (Kazuho OKu)