Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libnghttp2-14-1.62.1-1.1 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: libnghttp2-14 Distribution: openSUSE Tumbleweed
Version: 1.62.1 Vendor: openSUSE
Release: 1.1 Build date: Mon Jun 17 20:02:25 2024
Group: System/Libraries Build host: reproducible
Size: 179489 Source RPM: nghttp2-1.62.1-1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://nghttp2.org/
Summary: Shared library for nghttp2
Shared C libraries for implementation of Hypertext Transfer Protocol
version 2.

Provides

Requires

License

MIT

Changelog

* Mon Jun 17 2024 Dirk Müller <dmueller@suse.com>
  - update to 1.62.1:
    * nghttpx: Fix batch UDP QUIC packet dropped on GRO read
  - update to 1.62.0:
    * nghttpx: Fix QUIC stateless reset stack buffer overflow
    * Require c-ares >= 1.16.0 for ares_getaddrinfo
    * Require C++20 compiler
    * Adopt std::to_array and remove make_array
    * nghttpx: Define APIEndpoints separately
    * nghttpx: Do not send error/status body when method is HEAD
    * nghttpx: Fix alignment issues in BlockAllocator
    * nghttpx: Simplify parameter declaration for ipc_fd functions
    * nghttpx: Add extent to ipc_fd explicitly
    * Make make_byte_ref return std::span
    * Make util::decode_hex return std::span
    * Rewrite util::parse_uint
    * Let base64::decode return std::span
    * Refactor StringRef
    * Stringref refactor c str and str
    * Add StringRef literal operator and remove StringRef::from_lit
    * Make StringRef(const std::string&) implicit
    * Add http2::make_field family functions
    * Remove std::string conversion operator from StringRef
    * Optimize StringRef comparisons against c-string
    * Pack more quic pkt
    * nghttpx: Dynamic GSO failover
    * Refactor ImmutableString
    * nghttpx: Refactor QUIC data path
    * nghttpx: Fix inherited TCP port comparison
    * make_websocket_accept_token: Lesser conversions
    * Add http3::make_field family functions
    * Remove unnecessary namespace qualifications
    * Refactor http utils
    * Refactor streq
    * Remove util::streq and let StringRef operator== deal with it
    * Update the link for the Prefix.pdf document. fix #2178
    * Introduce typed nghttp2_min and nghttp2_max
  - drop gcc7.patch (obsolete, we require C++20 now)
* Thu Apr 04 2024 pgajdos@suse.com
  - version update to 1.61.0
    * Fixes CVE-2024-28182 [bsc#1221399]
    * nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087
    * Checkout with submodules by @jonaski in #2093
    * Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092
    * build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097
    * Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098
    * docker: Use copy --link by @tatsuhiro-t in #2099
    * Nghttpx header idle timeout by @tatsuhiro-t in #2100
    * nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101
    * Rewrite hexdump by @tatsuhiro-t in #2102
    * Switch to distroless/base-nossl by @tatsuhiro-t in #2103
    * Bump ngtcp2 by @tatsuhiro-t in #2105
    * nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106
    * build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107
    * autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108
    * Automate release process by @tatsuhiro-t in #2109
    * autotools: Switch to tar-pax by @tatsuhiro-t in #2110
    * nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111
    * nghttpx: Fix port byte order by @tatsuhiro-t in #2112
    * h2load: Allow host header to be overridden by @tatsuhiro-t in #2113
    * nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114
    * nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115
    * Add actions/stale by @tatsuhiro-t in #2116
    * nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117
    * nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119
    * No rfc7540 priority fix by @tatsuhiro-t in #2120
    * Further reduce Stateless reset emission by @tatsuhiro-t in #2122
    * nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124
    * Nghttpx faster worker lookup by @tatsuhiro-t in #2125
    * nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126
    * bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127
    * cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128
    * nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129
    * nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132
    * Bump munit by @tatsuhiro-t in #2131
    * nghttpx: Fix error message by @tatsuhiro-t in #2133
    * nghttpd: Fix read stall by @tatsuhiro-t in #2134
* Wed Apr 03 2024 Adam Majer <adam.majer@suse.de>
  - gcc7.patch: Fix compilation for SLE-15 (jsc#PED-8206)
* Mon Mar 18 2024 Martin Pluskal <mpluskal@suse.com>
  - Update keyring with current key
* Mon Mar 18 2024 pgajdos@suse.com
  - version update to 1.60.0
    * makerelease.sh: Speed up git submodule
    * Speed up git clone
    * build(deps): bump actions/cache from 3 to 4
    * Fixing the build and install trees
    * build(deps): bump microsoft/setup-msbuild from 1 to 2
    * nghttpx: Set ocsp response to SSL in case of boringssl
    * Run with python3
    * src: Certificate Compression with boringssl
    * Fix missing newline
    * Switch to aws lc
    * Libbrotli fixup
    * Deprecate RFC 7540 priorities (aka stream dependencies)
    * Let dependabot manage go modules
    * build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
    * integration-tests: Omit unused parameters
    * Munit
    * Introduce nghttp2_ssize API
    * Move deprecated warning upfront
    * Describe RFC 7540 priorities deprecation plan
    * Apps migrate nghttp2 ssize
    * src: Remove unused functions
    * Reconsider ssize t usage in src
    * Use GitHub private vulnerability reporting
    * Move security policy to GitHub standard location
    * Bump mruby to 3.3.0
    * Bump llhttp to 48588093ca4219b5f689acfc9ebea9e4c8c37663
    * h2load: Add --sni option
    * Bump ngtcp2 dependencies
    * mruby: Adopt deprecation of mrbc_ prefix
    * neverbleed: Define _GNU_SOURCE for pthread_setaffinity_np
    * bpf: Pre-expand aes key
    * mruby: Exclude mrdb gem which causes nghttpx to crash
    * nghttpx: Reuse EVP_CIPHER_CTX for QUIC connection ID encryption
    * Run apt-get update before install
    * src: Deal with the case that send_quantum < max_udp_payload_size
    * nghttpx: Remove SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE
    * Fix build when AI_NUMERICSERV is undefined
  - remove dependency on /usr/bin/python3 using
    %python3_fix_shebang_path macro, [bsc#1212476]
* Sun Jan 28 2024 Dirk Müller <dmueller@suse.com>
  - update to 1.59.0:
    * Update bash_completion
    * h2load: Fix bug that ttfb is not recorded if h3 stream
      has no data
    * h2load: Consider all h2 HEADERS when counting bytes and
      recording ttfb
    * h2load: Ignore 1xx status code
    * nghttpd: Free SSL_CTX on exit
    * nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data
    * nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data
    * cmake: Require OpenSSL >= 1.1.1
    * Add nghttp2_select_alpn and deprecate
      nghttp2_select_next_protocol
    * nghttpx: Add --alpn-list and deprecate --npn-list
    * h2load: Add --alpn-list and deprecate --npn-list
    * Remove NPN
    * src: Support building with aws-lc
    * Avoid detecting OpenSSL 3.2 as quictls
    * Use nghttp3_pri_parse_priority added since nghttp3 v1.1.0
    * h2load: Fix IPv6 address in :authority
    * h2load: Fix IPv6 address in :authority
    * nghttpx: Propagate stream priority from backend to
      frontend
    * nghttpx: Propagate stream priority from backend to
      frontend
    * Merge pull request #1991 from nghttp2/get-and-parse-
      extpri
    * Add API to get and parse RFC 9218 priority
    * nghttpx: Prefer __FILE_NAME__ if defined
* Sat Nov 25 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.58.0:
    * Update manual pages
    * Bump neverbleed
    * Bump ngtcp2
    * Prefer clock_gettime if __CYGWIN__ defined
    * Do not require strict c++ mode
    * nghttpx: Stricter transfer-encoding checks
    * Refactor character comparison
    * Integration servertester h3
    * integration: Enable http3 test with cmake
* Tue Nov 21 2023 Dirk Müller <dmueller@suse.com>
  - fix unversioned provides to be in sync with nghttp3
* Tue Nov 07 2023 Dirk Müller <dmueller@suse.com>
  - add keyring for gpg validation
  - spec file cleanups
* Mon Oct 16 2023 pgajdos@suse.com
  - version update to 1.57.0 [bsc#1216174]
    1.57.0
    * Fixes CVE-2023-44487
    * Bump ngtcp2 by @tatsuhiro-t in #1944
    * Add dependabot to update actions by @tatsuhiro-t in #1946
    * Bump golang.org/x/net to v0.15.0 by @tatsuhiro-t in #1950
    * Bump actions/setup-go from 3 to 4 by @dependabot in #1948
    * Bump actions/checkout from 3 to 4 by @dependabot in #1949
    * Bump actions/upload-artifact from 1 to 3 by @dependabot in #1947
    * docker: Bump base image to debian 12 by @tatsuhiro-t in #1951
    * nghttpx: Header field name must be lowercase by @tatsuhiro-t in #1953
    * Bump quictls by @tatsuhiro-t in #1945
    * Apps fix by @tatsuhiro-t in #1957
    * nghttpx: Fix bug that --single-process does not work by @tatsuhiro-t in #1958
    * Fix clang-format by @tatsuhiro-t in #1959
    * Rework session management by @tatsuhiro-t in #1961
    1.56.0
    * doc: Bump boringssl by @tatsuhiro-t in #1928
    * Fix memory leak by @tatsuhiro-t in #1930
    * Return void by @tatsuhiro-t in #1931
    * nghttpx: Rework sending and receiving ECN bits by @tatsuhiro-t in #1934
    * CMSG_DATA does not necessarily return an aligned pointer by @tatsuhiro-t in #1935
    * Bump quictls by @tatsuhiro-t in #1937
    * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #1939
    * nghttpx: Simplify std::unique_ptr get and release by @tatsuhiro-t in #1940
    * Bump llhttp to 926c982942eb53a13f01c1e9e6b19bd3b196e7dd by @tatsuhiro-t in #1941
    * Bump libbpf to v1.2.2 by @tatsuhiro-t in #1942
    * Update Dockerfile by @tatsuhiro-t in #1943
* Sat Jul 15 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.55.1:
    * Fix memory leak
      This commit fixes memory leak that happens when
      PUSH_PROMISE or HEADERS frame cannot be sent, and
      nghttp2_on_stream_close_callback fails with a fatal error.
      For example, if GOAWAY frame has been received, a
      HEADERS frame that opens new stream cannot be sent.
      This issue has already been made public via CVE-2023-35945
      by envoyproxy/envoy project.  During embargo period, the
      patch to fix this bug was accidentally submitted to
      nghttp2/nghttp2 repository [2]. And they decided to
      disclose CVE early.  I was notified just 1.5 hours
      before disclosure.  I had no time to respond.
      PoC described in [1] is quite simple, but I think it is
      not enough to trigger this bug.  While it is true that
      receiving GOAWAY prevents a client from opening new stream,
      and nghttp2 enters error handling branch, in order to cause
      the memory leak, nghttp2_session_close_stream function
      must return a fatal error.
      NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of
      memory.  It is unlikely that a process gets short of
      memory with this simple PoC scenario unless application
      does something memory heavy processing.
    * NGHTTP2_ERR_CALLBACK_FAILURE is returned from application
      defined callback function (nghttp2_on_stream_close_callback, in
      this case), which indicates something fatal happened inside a
      callback, and a connection must be closed immediately without
      any further action.  As nghttp2_on_stream_close_error_callback
      documentation says, any error code other than 0 or
      NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
      error code.  More specifically, it is treated as if
      NGHTTP2_ERR_CALLBACK_FAILURE is returned.  I guess that
      envoy returns
      NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is
      translated into NGHTTP2_ERR_CALLBACK_FAILURE.
      https://github.com/envoyproxy/envoy/security/advisories/GHSA-
      jfxv-29pc-x22r
* Tue Jun 20 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.54.0:
    * nghttpx: Consistent error handling and use of high-level API
    * h2load: Fix http3 upload stall
    * h2load: Use std::chrono::steady_clock for quic timestamp
* Thu May 18 2023 Martin Pluskal <mpluskal@suse.com>
  - Update to version 1.53.0:
    * https://nghttp2.org/blog/2023/05/10/nghttp2-v1-53-0/
* Tue Mar 14 2023 Dirk Müller <dmueller@suse.com>
  - update to 1.52.0:
    * https://nghttp2.org/blog/2023/02/13/nghttp2-v1-52-0/
    * sphinx_rtd_theme has been removed from the repository
      and archive.
    * The deprecated Python bindings has been removed.
    * The deprecated libnghttp2_asio has been removed.
    * llhttp and neverbleed have been updated.
    * This release fixes the bug that stalls TLS connection.
    * This release adds more http3 integration tests.
  - drop nghttp2-remove-python-build.patch: obsolete as the code got removed
* Thu Nov 17 2022 Dirk Müller <dmueller@suse.com>
  - update to 1.51.0:
    * https://nghttp2.org/blog/2022/11/13/nghttp2-v1-51-0/
    This release fixes affinity-cookie-stickiness parameter handling.
* Sat Sep 24 2022 Dirk Müller <dmueller@suse.com>
  - update to 1.50.0:
    * https://nghttp2.org/blog/2022/09/21/nghttp2-v1-50-0/
    This release adds
    nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation which disables
    checking leading and trailing white spaces against HTTP field value.
* Fri Sep 23 2022 Dirk Müller <dmueller@suse.com>
  - disable asio by default as it is deprecated by upstream and
    will be removed in the next release
* Mon Aug 22 2022 Dirk Müller <dmueller@suse.com>
  - update to 1.49.0:
    * https://nghttp2.org/blog/2022/08/22/nghttp2-v1-49-0/
* Mon Jul 11 2022 Dirk Müller <dmueller@suse.com>
  - update to 1.48.0:
    * lib: Allow server to override RFC 9218 stream priority
    * lib: Add a server option to fallback to RFC 7540 priorities
    * lib: Add PRIORITY_UPDATE frame support
    * lib: Implement RFC 9218 extensible prioritization scheme
    * lib: Do not verify host field specific characters for response field
    * lib: No rfc7540 priorities
    * lib: Fix stream stall when initial window size is decreased
    * doc: Document how to change stream prioritization scheme
    * build: Compile with libressl 3.5
    * build: EXTRA_DIST: List mruby files explicitly
    * build: Bump ngtcp2 and nghttp3
    * build: Do not check application libraries if --enable-lib-only is given
    * src: Update default TLS cipher suites
    * nghttpx, h2load: Better pack UDP packets in one GSO write
    * nghttpx, h2load: Quic error handling
    * nghttpx, h2load: Fix QUIC performance regression
    * nghttp, nghttpd, nghttpx: Add ktls support
    * h2load: Send more packets without GSO per event loop
    * h2load: Add ktls support
    * nghttpd: Fix TLS read stall
    * nghttpx: Disable RFC 7540 priorities
    * nghttpx: Client always uses simpler TLS handshake
    * nghttpx: Add affinity-cookie-stickiness backend parameter
    * nghttpx: Fix broken session affinity
    * nghttpx: Limit CONNECTION_CLOSE and Retry under server amplification limit
    * integration: Go update
    * integration: Add go.mod
    * third-party: Bump llhttp to 75b45129db961e1fb3c56044e1b8f7721bfaee5d
    * third-party: Bump libbpf to v0.8.0
    * third-party: Bump mruby to 3.1.0
    * third-party: Bump neverbleed based on the latest head (GH-1708)
* Sun Mar 20 2022 Dirk Müller <dmueller@suse.com>
  - update to 1.47.0:
    * see https://nghttp2.org/blog/2022/02/23/nghttp2-v1-47-0/
* Sat Dec 18 2021 Dirk Müller <dmueller@suse.com>
  - update to 1.46.0:
    * see https://nghttp2.org/blog/2021/07/18/nghttp2-v1-44-0/
    * see https://nghttp2.org/blog/2021/09/20/nghttp2-v1-45-0/
    * see https://nghttp2.org/blog/2021/10/19/nghttp2-v1-46-0/
* Thu Feb 04 2021 Dirk Müller <dmueller@suse.com>
  - update to 1.43.0:
    * doc: Make doc generation work with sphinx v3.3
    * python: Require python3 for python bindings
    * python: Require python3 for python scripts
    * nghttpx: Make sure that Pool gets cleared when all buffers are returned
    * nghttpx: Choose ECDSA cert if compatible signature algorithm available
    * nghttpx: Add workaround to include ':' in backend pattern
* Wed Jan 06 2021 Dirk Müller <dmueller@suse.com>
  - update to 1.42.0:
    * lib: fix ubsan errors (Patch from Asra Ali) (GH-1468)
    * lib: Don't send RST_STREAM to idle stream (GH-1477)
    * lib: nghttp2_map backed by nghttp2_ksl
    * doc: Update sphinx_rtd_theme
    * doc: nghttp2_session_send is also affected by max concurrent streams (Patch from Tomas Krizek) (GH-1489)
    * doc: clarify flow control behaviour for nghttp2_session_send() (Patch from Tomas Krizek) (GH-1488)
    * build: Add missing cmake/FindSystemd.cmake to dist (GH-1526)
    * third-party: Bump llhttp to 2.2.0
    * third-party: Bump mruby to 2.1.2
    * nghttpx: Deal with the case when h2 backend is retired before it is initialized
    * nghttpx: Add accesslog variables to record request path without query (GH-1511)
    * nghttpx: Fix stall when TLS follows after proxy protocol
    * nghttpx: Fix logging integer

Files

/usr/lib64/libnghttp2.so.14
/usr/lib64/libnghttp2.so.14.28.1
/usr/share/licenses/libnghttp2-14
/usr/share/licenses/libnghttp2-14/COPYING


Generated by rpm2html 1.8.1

Fabrice Bellet, Thu Nov 14 00:03:47 2024