./www/nghttp2, Implementation of HTTP/2 in C

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.40.0, Package name: nghttp2-1.40.0, Maintainer: pkgsrc-users

nghttp2 is an implementation of HTTP/2 in C.


Required to run:
[textproc/libxml2] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 7df231b961b84bd5d0c8ce81062de8aad83fcf5e
RMD160: 91b637294817800880bdce5d15b0876189f2d53a
Filesize: 1598.637 KB

Version history: (Expand)


CVS history: (Expand)


   2019-11-20 17:38:22 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
nghttp2: updated to 1.40.0

nghttp2 v1.40.0
lib: Add nghttp2_check_authority as public API (GH-1413)
lib: Fix the bug that stream is closed with wrong error code (GH-1408)
lib: Faster huffman encoding and decoding (GH-1405)
build: Avoid filename collision of static and dynamic lib (Patch from William A \ 
Rowe Jr) (GH-1394)
build: Add new flag ENABLE_STATIC_CRT for Windows (Patch from William A Rowe Jr) \ 
(GH-1393)
build: cmake: Support building nghttpx with systemd (Patch from Andrew Penkrat) \ 
(GH-1377)
third-party: Update neverbleed to fix memory leak
nghttpx: Fix bug that mruby is incorrectly shared between backends (GH-1392)
nghttpx: Reconnect h1 backend if it lost connection before sending headers
nghttpx: Returns 408 if backend timed out before sending headers
nghttpx: Fix request stall (GH-1378)
   2019-08-22 14:23:56 by Ryo ONODERA | Files touched by this commit (678)
Log message:
Recursive revbump from boost-1.71.0
   2019-08-14 09:43:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nghttp2: updated to 1.39.2

nghttp2 v1.39.2

This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
https://github.com/Netflix/security-bul … 019-002.md
for details. For nghttpx, additionally limiting inbound traffic by --read-rate \ 
and --read-burst options is quite effective against this kind of attack.

Fix CVE-2019-9511 and CVE-2019-9513
Add nghttp2_option_set_max_outbound_ack API function
nghttpx: Fix request stall
   2019-07-01 06:08:55 by Ryo ONODERA | Files touched by this commit (669)
Log message:
Recursive revbump from boost-1.70.0
   2019-06-13 11:28:52 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nghttp2: updated to 1.39.1

v1.39.1:

nghttpx
This release fixes the bug that log-level is not set with cmd-line or \ 
configuration file. It also fixes FPE with default backend.

v1.39.0:

lib
libnghttp2 now ignores content-length in 200 response to CONNECT request as per \ 
RFC 7230.

third-party
mruby has been upgraded to 2.0.1.

asio
libnghttp2-asio now supports boost-1.70.

src
http-parser has been replaced with llhttp.

nghttpx
nghttpx now ignores Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT.

This release fixes the bug that the log level does not change to the default \ 
value on configuration reload if log-level option is missing in new \ 
configuration.
   2019-04-25 09:33:32 by Maya Rashish | Files touched by this commit (620)
Log message:
PKGREVISION bump for anything using python without a PYPKGPREFIX.

This is a semi-manual PKGREVISION bump.
   2019-04-18 09:19:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nghttp2: updated to 1.38.0

lib
This release fixes the bug that on_header callback is still called after stream \ 
is closed.

third-party
http-parser is upgraded to v2.9.1.

nghttpx
This release fixes the bug that authority and path altered by per-pattern mruby \ 
script can affect backend selection on retry.
It also fixes the bug that HTTP/1.1 chunked request stalls.
Now nghttpx does not log authorization request header field value with -LINFO.
Now nghttpx can be built with modern LibreSSL.
   2019-03-13 18:45:08 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nghttp2: updated to 1.37.0

v1.37.0:
build
CMake build explicitly sets install location when building shared library.

nghttpx
This release fixes possible backend stall when header and request body are sent \ 
in their own packets.
The backend option gets weight parameter to influence backend selection.
This release fixes compile error with BoringSSL.