./www/h2o, Optimized HTTP server with support for HTTP/1.x and HTTP/2

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 2.2.6, Package name: h2o-2.2.6, Maintainer: pkgsrc-users

H2O is a very fast HTTP server written in C. It can also be used as a library.


* HTTP/1.0, HTTP/1.1
* HTTP/2
* WebSocket
* static file serving
* reverse proxy
* access-logging
* graceful restart and self-upgrade

Required to run:
[lang/perl5] [security/openssl] [textproc/libyaml] [devel/libuv] [www/wslay]

Required to build:

Master sites:

SHA1: 5cc09af1baf35938a86d7cfafe8a0b876ff2ee81
RMD160: bf99a74257ccb4c9efbd7e11ce7aab2a7af01a95
Filesize: 15876.719 KB

Version history: (Expand)

CVS history: (Expand)

   2020-03-21 15:16:04 by Nia Alarie | Files touched by this commit (4) | Package updated
Log message:
h2o: Update to 2.2.6 and build shared libraries.

From @Habbie on GitHub.  Closes NetBSD/pkgsrc#56


2.2.6 2019-08-13 17:00:00+0000
	- [security fix][http2] fix HTTP/2 DoS attack vectors CVE-2019-9512 \ 
CVE-2019-9514 CVE-2019-9515 #2090 (Kazuho Oku)
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2019-08-11 15:25:21 by Thomas Klausner | Files touched by this commit (3557) | Package updated
Log message:
Bump PKGREVISIONs for perl 5.30.0
   2018-08-22 11:48:07 by Thomas Klausner | Files touched by this commit (3558)
Log message:
Recursive bump for perl5-5.28.0
   2018-06-24 11:17:03 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
h2o: updated to 2.2.5:

H2O version 2.2.5:
This is a bug-fix release of the 2.2 series with following changes from 2.2.4, \ 
including one vulnerability fix.
[security fix][access-log] fix buffer overflow CVE-2018-0608
[fastcgi] index file name must be part of SCRIPT_NAME
[http2] do not compress cookies less than 20 bytes long
[http2] stop opening new push streams after receiving GOAWAY
[http2] fix conformance issues
[mruby] drop the link rel=preload header with a x-http2-push-only attribute
[mruby] allow loading a file that shares the basename with one of the preloaded files
[proxy] fix I/O error when receiving multiple informational responses
[ssl] fix bug that prevents record size growing to maximum when latency \ 
optimization is disabled
[ssl] fix compatibility issues with libressl 2.7
[ssl] update picotls to support TLS 1.3 draft-26
   2017-07-31 00:32:28 by Thomas Klausner | Files touched by this commit (229)
Log message:
Switch github HOMEPAGEs to https.
   2017-04-09 17:30:07 by Adam Ciarcinski | Files touched by this commit (2)
Log message:
Changes 2.2.0:
[core] add crash-handler.wait-pipe-close parameter 1092 (Frederik Deweerdt)
[core] introduce an option to bypass the server header sent from upstream 1226 \ 
(Frederik Deweerdt)
[core] apply global- and host-level configuration to requests not applicable to \ 
any of the path-level configurations 1231 (Kazuho Oku)
[access-log] add %{remote}p for logging the remote port 1166 (Kazuho Oku)
[access-log] add support for JSON-style escapes and null 1208 (Kazuho Oku)
[access-log] add specifier for logging per-request environment variables 1221 \ 
(Yannick Koechlin)
[access-log] add support for <, > modifiers for logging either the \ 
original or the final response 1238 (Kazuho Oku)
[access-log] do not emit request-total-time twice 1017 (Kazuho Oku)
[fastcgi] fix a bug that closes the FastCGI listener socket during startup 1203 \ 
(Frederik Deweerdt)
[file] add directive for serving gzipped files, decompressing them on-the-fly \ 
1140 (Ichito Nagata)
[headers] fix buffer overrun during startup 1180 (Frederik Deweerdt)
[http1][proxy] preserve the cases of characters used in header names 1194 \ 
(Frederik Deweerdt)
[http1][proxy] fix undefined behavior in HTTP/1 parser 1189 (Frederik Deweerdt)
[http1] stop reading from socket after sending 400 to avoid the risk of \ 
assertion failure 1223 (Frederik Deweerdt)
[http2] recognize x-http2-push-only attribute on link header 1169 (Frederik Deweerdt)
[http2] add optional timeout for closing connections upon graceful shutdown 1108 \ 
(Frederik Deweerdt)
[http2] do not ack an acked PING frame 1175 (Moto Ishisawa)
[http2] reject requests exceeding the maximum allowed size more efficiently 1183 \ 
(Frederik Deweerdt)
[mruby] remove dependenty to mkmf 1197 (Yuki Kurihara)
[mruby] correct the line number reported on an exception 1239 (Ichito Nagata)
[proxy] add directives for tweaking headers sent to upstream 1126 (Justin Zhu)
[proxy] retain case-sensitivity of unix socket paths 1131 (Frederik Deweerdt)
[proxy] add directive for controlling the via request header 1225 (Frederik Deweerdt)
[ssl] add directive for logging session ID 1164 (Yannick Koechlin)
[ssl] add support for TLS 1.3 draft-18 1204 (Kazuho Oku)
[ssl] stop evicting session entries in memcached when they are removed from \ 
internal cache 1185 (Ichito Nagata)
[ssl] fix crash when a secp384r1, secp521r1 certificate is used with TLS 1.3 \ 
1214 (Kazuho Oku)
[ssl] fix build failure with OpenSSL 1.1.0 1216 (Kazuho Oku)
[ssl] add doc for handshake-timeout 1233 (Kazuho Oku)
[status] fix race condition during start-up 1242 (Frederik Deweerdt)
[libh2o] implement h2o_evloop_destroy 1200 (kazan417)
[misc] add test code for fuzzing 1174 1182 1191 1192 (Frederik Deweerdt, \ 
Jonathan Foote)
[misc] fix issues reported by Coverity 1168 1172 1179 (Harrison Bowden, Frederik \ 
   2017-01-26 22:11:54 by Adam Ciarcinski | Files touched by this commit (3)
Log message:
Changes 2.1.0:
[core] TCP latency optimization
[core] provide tag to include other YAML files from the configuration file
[core] accept sequence of mappings for path-level configuration
[core] fix broken support for TCP Fast Open in OS X
[access-log] provide directive to emit request-level errors
[access-log] emit values of all set-cookie headers concatenated
[fastcgi] fix connection failure when fastcgi.spawn is used with an uid
[file] more pre-defined MIME types
[http2][proxy] recognize link rel=preload headers in interim response as a \ 
trigger to push resources
[http1][http2] validate characters used in the headers
[http1][http2] notify error downstream when an error occurred while generating a \ 
[http1][http2] fix resource leak upon upgrade failure to HTTP/2
[http2] add http2-push-preload directive to turn off H2 push being initiated by \ 
link rel=preload header
[http2] add support for cache-digest header
[http2] drop host header in HTTP/2 layer
[http2] don't use etag for calculating casper cookie
[http2] add support for H2 debug state
[mruby] add dos_detector mruby handler
[mruby] add DSL for access control lists (acl)
[mruby] share mruby state and constants between handlers
[mruby] add library for address-block-based access control
[proxy] add an option to connect to upstream using PROXY protocol
[proxy] don't escape : in URI path
[proxy] preserve received URLs as much as possible
[proxy] add an option to prevent emiting x-forwarded-* headers
[proxy] cache TLS session used for upstream connections
[proxy] turn on/off on-the-fly compression based on the x-compress-hint header
[ssl] set add_lock callback to prevent unnecessary lock-add-unlock
[ssl] add support for OpenSSL 1.1.0
[status] collect and report HTTP statistics
[status] report additional stats when jemalloc is used
[throttle] add new handler for throttling the response bandwidth
[libh2o] provide h2o_rand that calls the appropriate random function depending \ 
on the OS
[libh2o] do not require use of picohttpparser.h when using the HTTP/1 client
[libh2o] install library files to the correct location
[misc] provide crash-handler directive to customize crash logging
[misc] guess the default location of h2o.conf
[misc] allow to disable libuv even when it is found
[misc] add font/woff2 to the default mime-type mapping
[misc] mark JavaScript and JSON files as compressible by default