./www/nghttp2, Implementation of HTTP/2 in C

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.39.2nb1, Package name: nghttp2-1.39.2nb1, Maintainer: pkgsrc-users

nghttp2 is an implementation of HTTP/2 in C.


Required to run:
[textproc/libxml2] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: 21cc8e8b1f71e3812c5c957280d6addd916311fa
RMD160: 5bda6a53aeaa2d7c194c990346951080a96f0912
Filesize: 1597.098 KB

Version history: (Expand)


CVS history: (Expand)


   2019-08-22 14:23:56 by Ryo ONODERA | Files touched by this commit (678)
Log message:
Recursive revbump from boost-1.71.0
   2019-08-14 09:43:34 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nghttp2: updated to 1.39.2

nghttp2 v1.39.2

This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
https://github.com/Netflix/security-bul … 019-002.md
for details. For nghttpx, additionally limiting inbound traffic by --read-rate \ 
and --read-burst options is quite effective against this kind of attack.

Fix CVE-2019-9511 and CVE-2019-9513
Add nghttp2_option_set_max_outbound_ack API function
nghttpx: Fix request stall
   2019-07-01 06:08:55 by Ryo ONODERA | Files touched by this commit (669)
Log message:
Recursive revbump from boost-1.70.0
   2019-06-13 11:28:52 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nghttp2: updated to 1.39.1

v1.39.1:

nghttpx
This release fixes the bug that log-level is not set with cmd-line or \ 
configuration file. It also fixes FPE with default backend.

v1.39.0:

lib
libnghttp2 now ignores content-length in 200 response to CONNECT request as per \ 
RFC 7230.

third-party
mruby has been upgraded to 2.0.1.

asio
libnghttp2-asio now supports boost-1.70.

src
http-parser has been replaced with llhttp.

nghttpx
nghttpx now ignores Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT.

This release fixes the bug that the log level does not change to the default \ 
value on configuration reload if log-level option is missing in new \ 
configuration.
   2019-04-25 09:33:32 by Maya Rashish | Files touched by this commit (620)
Log message:
PKGREVISION bump for anything using python without a PYPKGPREFIX.

This is a semi-manual PKGREVISION bump.
   2019-04-18 09:19:06 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nghttp2: updated to 1.38.0

lib
This release fixes the bug that on_header callback is still called after stream \ 
is closed.

third-party
http-parser is upgraded to v2.9.1.

nghttpx
This release fixes the bug that authority and path altered by per-pattern mruby \ 
script can affect backend selection on retry.
It also fixes the bug that HTTP/1.1 chunked request stalls.
Now nghttpx does not log authorization request header field value with -LINFO.
Now nghttpx can be built with modern LibreSSL.
   2019-03-13 18:45:08 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nghttp2: updated to 1.37.0

v1.37.0:
build
CMake build explicitly sets install location when building shared library.

nghttpx
This release fixes possible backend stall when header and request body are sent \ 
in their own packets.
The backend option gets weight parameter to influence backend selection.
This release fixes compile error with BoringSSL.
   2019-01-19 16:21:04 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
nghttp2: updated to  1.36.0

nghttp2 v1.36.0.

build
CMake build disables shared library if ENABLE_SHARED_LIB is OFF.

third-party
http-parser has been upgraded to v2.9.0.
mruby has been upgraded to v2.0.0.

nghttpx
nghttpx now pools h1 backend connection per address and uses it when the round \ 
robin index points to the address.
nghttpx now randomizes backend address round robin order per thread.
The bug that long certificate serial numbers cannot be handled has been fixed.

h2load
An option to write per-request logs has been added.

asio
The API to get the current server port has been added.