./www/nghttp2, Implementation of HTTP/2 in C

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 1.41.0, Package name: nghttp2-1.41.0, Maintainer: pkgsrc-users

nghttp2 is an implementation of HTTP/2 in C.


Required to run:
[textproc/libxml2] [lang/python37]

Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: f5cf4fdf6a29adcd810c938736044289a3bf11ff
RMD160: 9d23cd271ac59c4f0c1c4748076d51e356b2fc0b
Filesize: 1602.258 KB

Version history: (Expand)


CVS history: (Expand)


   2020-06-02 21:12:55 by Adam Ciarcinski | Files touched by this commit (4) | Package updated
Log message:
nghttp2: updated to 1.14.0

Nghttp2 v1.41.0

Security Advisory

CVE-2020-11080: Denial of service: Overly large SETTINGS frames

For more information, read the security advisory.

lib

This release implements nghttp2_option_set_max_settings API which sets the \ 
maximum number of SETTINGS entries in one SETTINGS frame to mitigate the \ 
security issue. It also moves SETTINGS flood check earlier to make it more \ 
effective.

The bug which stalls receiving stream data is fixed. Previously, if automatic \ 
window update is enabled (which is default), after window size is set to 0 by \ 
nghttp2_session_set_local_window_size, once the receiving window is exhausted, \ 
even after window size is increased by nghttp2_session_set_local_window_size, no \ 
more data cannot be received. This is because \ 
nghttp2_session_set_local_window_size does not submit WINDOW_UPDATE. It is only \ 
triggered when new data arrives but since window is filled up, no more data \ 
cannot be received, thus dead lock happens.

build

With cmake build, the hard-coded static lib suffix is now optional.

nghttpx

proxyprotocol v2 has been implemented.

The bug in getting certificate serial number with mruby script has been fixed.

h2load

New option, --connect-to, is added.
   2020-06-02 10:25:05 by Adam Ciarcinski | Files touched by this commit (1689)
Log message:
Revbump for icu
   2020-05-06 16:05:09 by Adam Ciarcinski | Files touched by this commit (591) | Package updated
Log message:
revbump after boost update
   2020-03-30 16:00:09 by Adam Ciarcinski | Files touched by this commit (1)
Log message:
nghttp2: add Makefile.common
   2020-03-30 15:54:30 by Adam Ciarcinski | Files touched by this commit (4)
Log message:
Added www/nghttp2-tools (to avoid circular dependency)
   2020-01-18 22:51:16 by Jonathan Perkin | Files touched by this commit (1836)
Log message:
*: Recursive revision bump for openssl 1.1.1.
   2020-01-12 21:20:50 by Ryo ONODERA | Files touched by this commit (574)
Log message:
*: Recursive revbump from devel/boost-libs
   2019-11-20 17:38:22 by Adam Ciarcinski | Files touched by this commit (3) | Package updated
Log message:
nghttp2: updated to 1.40.0

nghttp2 v1.40.0
lib: Add nghttp2_check_authority as public API (GH-1413)
lib: Fix the bug that stream is closed with wrong error code (GH-1408)
lib: Faster huffman encoding and decoding (GH-1405)
build: Avoid filename collision of static and dynamic lib (Patch from William A \ 
Rowe Jr) (GH-1394)
build: Add new flag ENABLE_STATIC_CRT for Windows (Patch from William A Rowe Jr) \ 
(GH-1393)
build: cmake: Support building nghttpx with systemd (Patch from Andrew Penkrat) \ 
(GH-1377)
third-party: Update neverbleed to fix memory leak
nghttpx: Fix bug that mruby is incorrectly shared between backends (GH-1392)
nghttpx: Reconnect h1 backend if it lost connection before sending headers
nghttpx: Returns 408 if backend timed out before sending headers
nghttpx: Fix request stall (GH-1378)