SLFO-pool/nghttp2
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main nghttp2 revision d521df2e29062fab3a277490a9d80d86

Browse Source
This commit is contained in:
Adrian Schröter 2024-12-13 10:44:16 +01:00
parent 05bc9efd8d
commit 188bf2eb44
10 changed files with 617 additions and 593 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
baselibs.conf
View File

@ -1,2 +1 @@
libnghttp2-14
libnghttp2_asio1

BIN
nghttp2-1.52.0.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

BIN
nghttp2-1.64.0.tar.xz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
nghttp2-1.64.0.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmcWQzsACgkQUzmivoLg
fexT6w/9Eo6PuvGWcYn0e8CbTHDi+BhyCs3AQHPKmuJi19yIeknZd7qcQE1xYryJ
Xef5W1q5+p06kDgFH56Y7wORwCWmtzx5gZLVYNY7qNCCJ0CsMLI2/ypf2L06MLWe
c8dS8DFsvqrSTe3QzPHCP+T7FDp7bfH7gKLoEobhU9v299MseLMUdw06fBTLGqKs
KWhuQ0gD2r1zJfGdX+O5zf97pLYtR/Ch+YGHqcNYCmiIguKpZX+Vg3pHr1vJhqnT
P6LiFVeokI6zeW1YWB0DQNBrGXEx3AZWzR9d9IlA2ijobtItc/lTTUn0zpmqNFiv
E95D29wEQ2MtbCJd/nolIz0YiDn0JpwHBBfkWRNLj7+LqBlebyVwig8nMO453sE9
vxklm7yONLJDDiU3o8lmUf8IVTX+FpZ3nbbeQkDwTPKU7hvcTojasPMegS4Laiok
sfKIKaMTeYokSD4M++ikyb8c2+Vt4genVIyeUAohlSUhUr4I8E/O36JvfPaA4nTe
S2oNl5iv/0pPQpuXTMcf/MGR3b8HmN0bH4tkowV3sRWLNHeBn6hnlY1sq1ZcegMs
vAqum1CyReyhLfThvXAV7ImjsplNVmshQK4IaXNDYYJyr/wNAgnw41RiO01W+NgX
KbPvx4H1actquW04yYCAAvDcBHfERM71Ye17oTFjoOEeDoQsMJg=
=aykV
-----END PGP SIGNATURE-----

143
nghttp2-CVE-2023-35945.patch
View File

@ -1,143 +0,0 @@
From ce385d3f55a4b76da976b3bdf71fe2deddf315ba Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Fri, 14 Jul 2023 20:52:03 +0900
Subject: [PATCH] Fix memory leak
This commit fixes memory leak that happens when PUSH_PROMISE or
HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback
fails with a fatal error. For example, if GOAWAY frame has been
received, a HEADERS frame that opens new stream cannot be sent.
This issue has already been made public via CVE-2023-35945 [1] issued
by envoyproxy/envoy project. During embargo period, the patch to fix
this bug was accidentally submitted to nghttp2/nghttp2 repository [2].
And they decided to disclose CVE early. I was notified just 1.5 hours
before disclosure. I had no time to respond.
PoC described in [1] is quite simple, but I think it is not enough to
trigger this bug. While it is true that receiving GOAWAY prevents a
client from opening new stream, and nghttp2 enters error handling
branch, in order to cause the memory leak,
nghttp2_session_close_stream function must return a fatal error.
nghttp2 defines 2 fatal error codes:
- NGHTTP2_ERR_NOMEM
- NGHTTP2_ERR_CALLBACK_FAILURE
NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of memory. It
is unlikely that a process gets short of memory with this simple PoC
scenario unless application does something memory heavy processing.
NGHTTP2_ERR_CALLBACK_FAILURE is returned from application defined
callback function (nghttp2_on_stream_close_callback, in this case),
which indicates something fatal happened inside a callback, and a
connection must be closed immediately without any further action. As
nghttp2_on_stream_close_error_callback documentation says, any error
code other than 0 or NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
error code. More specifically, it is treated as if
NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that envoy returns
NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is translated
into NGHTTP2_ERR_CALLBACK_FAILURE.
[1] https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
[2] https://github.com/nghttp2/nghttp2/pull/1929
---
lib/nghttp2_session.c | 10 +++++-----
tests/nghttp2_session_test.c | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 5 deletions(-)
Index: nghttp2-1.52.0/lib/nghttp2_session.c
===================================================================
--- nghttp2-1.52.0.orig/lib/nghttp2_session.c
+++ nghttp2-1.52.0/lib/nghttp2_session.c
@@ -3300,6 +3300,7 @@ static ssize_t nghttp2_session_mem_send_
if (rv < 0) {
int32_t opened_stream_id = 0;
uint32_t error_code = NGHTTP2_INTERNAL_ERROR;
+ int rv2 = 0;
DEBUGF("send: frame preparation failed with %s\n",
nghttp2_strerror(rv));
@@ -3342,19 +3343,18 @@ static ssize_t nghttp2_session_mem_send_
}
if (opened_stream_id) {
/* careful not to override rv */
- int rv2;
rv2 = nghttp2_session_close_stream(session, opened_stream_id,
error_code);
-
- if (nghttp2_is_fatal(rv2)) {
- return rv2;
- }
}
nghttp2_outbound_item_free(item, mem);
nghttp2_mem_free(mem, item);
active_outbound_item_reset(aob, mem);
+ if (nghttp2_is_fatal(rv2)) {
+ return rv2;
+ }
+
if (rv == NGHTTP2_ERR_HEADER_COMP) {
/* If header compression error occurred, should terminiate
connection. */
Index: nghttp2-1.52.0/tests/nghttp2_session_test.c
===================================================================
--- nghttp2-1.52.0.orig/tests/nghttp2_session_test.c
+++ nghttp2-1.52.0/tests/nghttp2_session_test.c
@@ -585,6 +585,15 @@ static int on_stream_close_callback(nght
return 0;
}
+static int fatal_error_on_stream_close_callback(nghttp2_session *session,
+ int32_t stream_id,
+ uint32_t error_code,
+ void *user_data) {
+ on_stream_close_callback(session, stream_id, error_code, user_data);
+
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+}
+
static ssize_t pack_extension_callback(nghttp2_session *session, uint8_t *buf,
size_t len, const nghttp2_frame *frame,
void *user_data) {
@@ -4297,6 +4306,8 @@ void test_nghttp2_session_on_goaway_rece
nghttp2_frame frame;
int i;
nghttp2_mem *mem;
+ const uint8_t *data;
+ ssize_t datalen;
mem = nghttp2_mem_default();
user_data.frame_recv_cb_called = 0;
@@ -4338,6 +4349,29 @@ void test_nghttp2_session_on_goaway_rece
nghttp2_frame_goaway_free(&frame.goaway, mem);
nghttp2_session_del(session);
+
+ /* Make sure that no memory leak when stream_close callback fails
+ with a fatal error */
+ memset(&callbacks, 0, sizeof(nghttp2_session_callbacks));
+ callbacks.on_stream_close_callback = fatal_error_on_stream_close_callback;
+
+ memset(&user_data, 0, sizeof(user_data));
+
+ nghttp2_session_client_new(&session, &callbacks, &user_data);
+
+ nghttp2_frame_goaway_init(&frame.goaway, 0, NGHTTP2_NO_ERROR, NULL, 0);
+
+ CU_ASSERT(0 == nghttp2_session_on_goaway_received(session, &frame));
+
+ nghttp2_submit_request(session, NULL, reqnv, ARRLEN(reqnv), NULL, NULL);
+
+ datalen = nghttp2_session_mem_send(session, &data);
+
+ CU_ASSERT(NGHTTP2_ERR_CALLBACK_FAILURE == datalen);
+ CU_ASSERT(1 == user_data.stream_close_cb_called);
+
+ nghttp2_frame_goaway_free(&frame.goaway, mem);
+ nghttp2_session_del(session);
}
void test_nghttp2_session_on_window_update_received(void) {

103
nghttp2-CVE-2024-28182-1.patch
View File

@ -1,103 +0,0 @@
From 00201ecd8f982da3b67d4f6868af72a1b03b14e0 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:26:42 +0900
Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
---
lib/includes/nghttp2/nghttp2.h | 7 ++++++-
lib/nghttp2_helper.c | 2 ++
lib/nghttp2_session.c | 7 +++++++
lib/nghttp2_session.h | 10 ++++++++++
4 files changed, 25 insertions(+), 1 deletion(-)
Index: nghttp2-1.52.0/lib/includes/nghttp2/nghttp2.h
===================================================================
--- nghttp2-1.52.0.orig/lib/includes/nghttp2/nghttp2.h
+++ nghttp2-1.52.0/lib/includes/nghttp2/nghttp2.h
@@ -440,7 +440,12 @@ typedef enum {
* exhaustion on server side to send these frames forever and does
* not read network.
*/
- NGHTTP2_ERR_FLOODED = -904
+ NGHTTP2_ERR_FLOODED = -904,
+ /**
+ * When a local endpoint receives too many CONTINUATION frames
+ * following a HEADER frame.
+ */
+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
} nghttp2_error;
/**
Index: nghttp2-1.52.0/lib/nghttp2_helper.c
===================================================================
--- nghttp2-1.52.0.orig/lib/nghttp2_helper.c
+++ nghttp2-1.52.0/lib/nghttp2_helper.c
@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_c
"closed";
case NGHTTP2_ERR_TOO_MANY_SETTINGS:
return "SETTINGS frame contained more than the maximum allowed entries";
+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
+ return "Too many CONTINUATION frames following a HEADER frame";
default:
return "Unknown error code";
}
Index: nghttp2-1.52.0/lib/nghttp2_session.c
===================================================================
--- nghttp2-1.52.0.orig/lib/nghttp2_session.c
+++ nghttp2-1.52.0/lib/nghttp2_session.c
@@ -491,6 +491,7 @@ static int session_new(nghttp2_session *
(*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
(*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
(*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
if (option) {
if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
@@ -6838,6 +6839,8 @@ ssize_t nghttp2_session_mem_recv(nghttp2
}
}
session_inbound_frame_reset(session);
+
+ session->num_continuations = 0;
}
break;
}
@@ -6959,6 +6962,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2
}
#endif /* DEBUGBUILD */
+ if (++session->num_continuations > session->max_continuations) {
+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
+ }
+
readlen = inbound_frame_buf_read(iframe, in, last);
in += readlen;
Index: nghttp2-1.52.0/lib/nghttp2_session.h
===================================================================
--- nghttp2-1.52.0.orig/lib/nghttp2_session.h
+++ nghttp2-1.52.0/lib/nghttp2_session.h
@@ -105,6 +105,10 @@ typedef struct {
/* The default value of maximum number of concurrent streams. */
#define NGHTTP2_DEFAULT_MAX_CONCURRENT_STREAMS 0xffffffffu
+/* The default max number of CONTINUATION frames following an incoming
+ HEADER frame. */
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
+
/* Internal state when receiving incoming frame */
typedef enum {
/* Receiving frame header */
@@ -280,6 +284,12 @@ struct nghttp2_session {
size_t max_send_header_block_length;
/* The maximum number of settings accepted per SETTINGS frame. */
size_t max_settings;
+ /* The maximum number of CONTINUATION frames following an incoming
+ HEADER frame. */
+ size_t max_continuations;
+ /* The number of CONTINUATION frames following an incoming HEADER
+ frame. This variable is reset when END_HEADERS flag is seen. */
+ size_t num_continuations;
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
uint32_t next_stream_id;
/* The last stream ID this session initiated. For client session,

86
nghttp2-CVE-2024-28182-2.patch
View File

@ -1,86 +0,0 @@
From d71a4668c6bead55805d18810d633fbb98315af9 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:48:10 +0900
Subject: [PATCH] Add nghttp2_option_set_max_continuations
---
doc/Makefile.am | 1 +
lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
lib/nghttp2_option.c | 5 +++++
lib/nghttp2_option.h | 5 +++++
lib/nghttp2_session.c | 4 ++++
5 files changed, 26 insertions(+)
Index: nghttp2-1.52.0/lib/includes/nghttp2/nghttp2.h
===================================================================
--- nghttp2-1.52.0.orig/lib/includes/nghttp2/nghttp2.h
+++ nghttp2-1.52.0/lib/includes/nghttp2/nghttp2.h
@@ -3215,6 +3215,17 @@ nghttp2_session_set_stream_user_data(ngh
/**
* @function
*
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame. If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed. The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+ size_t val);
+
+/**
+ * @function
+ *
* Sets |user_data| to |session|, overwriting the existing user data
* specified in `nghttp2_session_client_new()`, or
* `nghttp2_session_server_new()`.
Index: nghttp2-1.52.0/lib/nghttp2_option.c
===================================================================
--- nghttp2-1.52.0.orig/lib/nghttp2_option.c
+++ nghttp2-1.52.0/lib/nghttp2_option.c
@@ -143,3 +143,8 @@ void nghttp2_option_set_no_rfc9113_leadi
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION;
option->no_rfc9113_leading_and_trailing_ws_validation = val;
}
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+ option->max_continuations = val;
+}
Index: nghttp2-1.52.0/lib/nghttp2_option.h
===================================================================
--- nghttp2-1.52.0.orig/lib/nghttp2_option.h
+++ nghttp2-1.52.0/lib/nghttp2_option.h
@@ -70,6 +70,7 @@ typedef enum {
NGHTTP2_OPT_MAX_SETTINGS = 1 << 12,
NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
} nghttp2_option_flag;
/**
@@ -93,6 +94,10 @@ struct nghttp2_option {
*/
size_t max_settings;
/**
+ * NGHTTP2_OPT_MAX_CONTINUATIONS
+ */
+ size_t max_continuations;
+ /**
* Bitwise OR of nghttp2_option_flag to determine that which fields
* are specified.
*/
Index: nghttp2-1.52.0/lib/nghttp2_session.c
===================================================================
--- nghttp2-1.52.0.orig/lib/nghttp2_session.c
+++ nghttp2-1.52.0/lib/nghttp2_session.c
@@ -574,6 +574,10 @@ static int session_new(nghttp2_session *
(*session_ptr)->opt_flags |=
NGHTTP2_OPTMASK_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION;
}
+
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+ (*session_ptr)->max_continuations = option->max_continuations;
+ }
}
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,

348
nghttp2.changes
View File

@ -1,20 +1,339 @@
-------------------------------------------------------------------
Thu Apr 4 12:25:30 UTC 2024 - pgajdos@suse.com
Tue Nov 12 10:57:02 UTC 2024 - pgajdos@suse.com
- security update
- added patches
fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+ nghttp2-CVE-2024-28182-1.patch
fix CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+ nghttp2-CVE-2024-28182-2.patch
- version update to 1.64.0
1.64.0
* Change clang-format options by @tatsuhiro-t in #2240
* build(deps): bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0 by @dependabot in #2243
* build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #2244
* nghttp2_map: Port ngtcp2 changes by @tatsuhiro-t in #2245
* h2load: Fix UDP datagram send/recv metric by @tatsuhiro-t in #2248
* build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #2252
* fix race condition on h1 connection close by @TuxInvader in #2249
* Gha ubuntu 24.04 by @tatsuhiro-t in #2254
* GHA: Run tests for i686-w64-mingw32 host by @tatsuhiro-t in #2255
* cmake: Fix c-ares v1.34.0 version detection failure by @tatsuhiro-t in #2256
* fix: -Wextra-semi errors in nghttp2_helper.h by @codebytere in #2258
* clang-format macros that do not need semicolon at the end by @tatsuhiro-t in #2259
* Remove extra semicolons by @tatsuhiro-t in #2260
* Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2261
* Do not allow '@' in :authority or host field values by @tatsuhiro-t in #2262
* h2load: GRO buffer size should be 64KiB by @tatsuhiro-t in #2263
* Bump libbpf to v1.4.6 by @tatsuhiro-t in #2264
* Update nghttp2_check_authority doc by @tatsuhiro-t in #2265
1.63.0
* Bump libbpf to v1.4.2 by @tatsuhiro-t in #2191
* build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 by @dependabot in #2193
* nghttpx: Fix batch UDP QUIC packet dropped on GRO read by @tatsuhiro-t in #2196
* CMakeLists.txt: allow to compile the C only lib without CXX compiler by @ThomasDevoogdt in #2200
* build(deps): bump github.com/quic-go/quic-go from 0.43.1 to 0.44.0 by @dependabot in #2197
* Fix compiler versions in readme by @ryandesign in #2203
* build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in #2205
* build(deps): bump github.com/quic-go/quic-go from 0.44.0 to 0.45.0 by @dependabot in #2206
* Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2207
* build(deps): bump docker/build-push-action from 5 to 6 by @dependabot in #2208
* Add wolfSSL support by @tatsuhiro-t in #2209
* Append --shallow-submodules to git clone --recursive by @tatsuhiro-t in #2210
* Always append options to extra options by @tatsuhiro-t in #2211
* build(deps): bump github.com/quic-go/quic-go from 0.45.0 to 0.45.1 by @dependabot in #2213
* Disable dependency tracking by @tatsuhiro-t in #2214
* Fix Dockerfile.android build failure by @tatsuhiro-t in #2215
* Fix UDP_GRO struct cmsghdr data type by @tatsuhiro-t in #2216
* GHA: Suppress warnings by @tatsuhiro-t in #2217
* Fix levenshtein initialization by @tatsuhiro-t in #2218
* build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 by @dependabot in #2220
* Undefine NGHTTP2_NO_SSIZE_T if BUILDING_NGHTTP2 is defined by @tatsuhiro-t in #2224
* Bump clang format by @tatsuhiro-t in #2226
* Suppress old compiler error by @tatsuhiro-t in #2228
* build(deps): bump github.com/quic-go/quic-go from 0.45.1 to 0.45.2 by @dependabot in #2229
* build(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 by @dependabot in #2231
* build(deps): bump github.com/quic-go/quic-go from 0.45.2 to 0.46.0 by @dependabot in #2232
* Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2236
* Bump libbpf to v1.4.5 by @tatsuhiro-t in #2237
* Update go by @tatsuhiro-t in #2238
* levenshtein: Use size_t by @tatsuhiro-t in #2239
-------------------------------------------------------------------
Tue Sep 26 13:58:42 UTC 2023 - Valentin Lefebvre <valentin.lefebvre@suse.com>
Mon Jun 17 18:02:25 UTC 2024 - Dirk Müller <dmueller@suse.com>
- Fixes memory leak that happens when PUSH_PROMISE or HEADERS frame cannot be
sent, and nghttp2_on_stream_close_callback fails with a fatal error.
[CVE-2023-35945 bsc#1215713]
+ nghttp2-CVE-2023-35945.patch
- update to 1.62.1:
* nghttpx: Fix batch UDP QUIC packet dropped on GRO read
- update to 1.62.0:
* nghttpx: Fix QUIC stateless reset stack buffer overflow
* Require c-ares >= 1.16.0 for ares_getaddrinfo
* Require C++20 compiler
* Adopt std::to_array and remove make_array
* nghttpx: Define APIEndpoints separately
* nghttpx: Do not send error/status body when method is HEAD
* nghttpx: Fix alignment issues in BlockAllocator
* nghttpx: Simplify parameter declaration for ipc_fd functions
* nghttpx: Add extent to ipc_fd explicitly
* Make make_byte_ref return std::span
* Make util::decode_hex return std::span
* Rewrite util::parse_uint
* Let base64::decode return std::span
* Refactor StringRef
* Stringref refactor c str and str
* Add StringRef literal operator and remove StringRef::from_lit
* Make StringRef(const std::string&) implicit
* Add http2::make_field family functions
* Remove std::string conversion operator from StringRef
* Optimize StringRef comparisons against c-string
* Pack more quic pkt
* nghttpx: Dynamic GSO failover
* Refactor ImmutableString
* nghttpx: Refactor QUIC data path
* nghttpx: Fix inherited TCP port comparison
* make_websocket_accept_token: Lesser conversions
* Add http3::make_field family functions
* Remove unnecessary namespace qualifications
* Refactor http utils
* Refactor streq
* Remove util::streq and let StringRef operator== deal with it
* Update the link for the Prefix.pdf document. fix #2178
* Introduce typed nghttp2_min and nghttp2_max
- drop gcc7.patch (obsolete, we require C++20 now)
-------------------------------------------------------------------
Thu Apr 4 09:47:27 UTC 2024 - pgajdos@suse.com
- version update to 1.61.0
* Fixes CVE-2024-28182 [bsc#1221399]
* nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087
* Checkout with submodules by @jonaski in #2093
* Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092
* build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097
* Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098
* docker: Use copy --link by @tatsuhiro-t in #2099
* Nghttpx header idle timeout by @tatsuhiro-t in #2100
* nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101
* Rewrite hexdump by @tatsuhiro-t in #2102
* Switch to distroless/base-nossl by @tatsuhiro-t in #2103
* Bump ngtcp2 by @tatsuhiro-t in #2105
* nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106
* build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107
* autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108
* Automate release process by @tatsuhiro-t in #2109
* autotools: Switch to tar-pax by @tatsuhiro-t in #2110
* nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111
* nghttpx: Fix port byte order by @tatsuhiro-t in #2112
* h2load: Allow host header to be overridden by @tatsuhiro-t in #2113
* nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114
* nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115
* Add actions/stale by @tatsuhiro-t in #2116
* nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117
* nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119
* No rfc7540 priority fix by @tatsuhiro-t in #2120
* Further reduce Stateless reset emission by @tatsuhiro-t in #2122
* nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124
* Nghttpx faster worker lookup by @tatsuhiro-t in #2125
* nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126
* bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127
* cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128
* nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129
* nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132
* Bump munit by @tatsuhiro-t in #2131
* nghttpx: Fix error message by @tatsuhiro-t in #2133
* nghttpd: Fix read stall by @tatsuhiro-t in #2134
-------------------------------------------------------------------
Wed Apr 3 10:31:13 UTC 2024 - Adam Majer <adam.majer@suse.de>
- gcc7.patch: Fix compilation for SLE-15 (jsc#PED-8206)
-------------------------------------------------------------------
Mon Mar 18 12:59:00 UTC 2024 - Martin Pluskal <mpluskal@suse.com>
- Update keyring with current key
-------------------------------------------------------------------
Mon Mar 18 08:35:17 UTC 2024 - pgajdos@suse.com
- version update to 1.60.0
* makerelease.sh: Speed up git submodule
* Speed up git clone
* build(deps): bump actions/cache from 3 to 4
* Fixing the build and install trees
* build(deps): bump microsoft/setup-msbuild from 1 to 2
* nghttpx: Set ocsp response to SSL in case of boringssl
* Run with python3
* src: Certificate Compression with boringssl
* Fix missing newline
* Switch to aws lc
* Libbrotli fixup
* Deprecate RFC 7540 priorities (aka stream dependencies)
* Let dependabot manage go modules
* build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
* integration-tests: Omit unused parameters
* Munit
* Introduce nghttp2_ssize API
* Move deprecated warning upfront
* Describe RFC 7540 priorities deprecation plan
* Apps migrate nghttp2 ssize
* src: Remove unused functions
* Reconsider ssize t usage in src
* Use GitHub private vulnerability reporting
* Move security policy to GitHub standard location
* Bump mruby to 3.3.0
* Bump llhttp to 48588093ca4219b5f689acfc9ebea9e4c8c37663
* h2load: Add --sni option
* Bump ngtcp2 dependencies
* mruby: Adopt deprecation of mrbc_ prefix
* neverbleed: Define _GNU_SOURCE for pthread_setaffinity_np
* bpf: Pre-expand aes key
* mruby: Exclude mrdb gem which causes nghttpx to crash
* nghttpx: Reuse EVP_CIPHER_CTX for QUIC connection ID encryption
* Run apt-get update before install
* src: Deal with the case that send_quantum < max_udp_payload_size
* nghttpx: Remove SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE
* Fix build when AI_NUMERICSERV is undefined
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang_path macro, [bsc#1212476]
-------------------------------------------------------------------
Sun Jan 28 17:01:52 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 1.59.0:
* Update bash_completion
* h2load: Fix bug that ttfb is not recorded if h3 stream
has no data
* h2load: Consider all h2 HEADERS when counting bytes and
recording ttfb
* h2load: Ignore 1xx status code
* nghttpd: Free SSL_CTX on exit
* nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data
* nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data
* cmake: Require OpenSSL >= 1.1.1
* Add nghttp2_select_alpn and deprecate
nghttp2_select_next_protocol
* nghttpx: Add --alpn-list and deprecate --npn-list
* h2load: Add --alpn-list and deprecate --npn-list
* Remove NPN
* src: Support building with aws-lc
* Avoid detecting OpenSSL 3.2 as quictls
* Use nghttp3_pri_parse_priority added since nghttp3 v1.1.0
* h2load: Fix IPv6 address in :authority
* h2load: Fix IPv6 address in :authority
* nghttpx: Propagate stream priority from backend to
frontend
* nghttpx: Propagate stream priority from backend to
frontend
* Merge pull request #1991 from nghttp2/get-and-parse-
extpri
* Add API to get and parse RFC 9218 priority
* nghttpx: Prefer __FILE_NAME__ if defined
-------------------------------------------------------------------
Sat Nov 25 22:23:00 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.58.0:
* Update manual pages
* Bump neverbleed
* Bump ngtcp2
* Prefer clock_gettime if __CYGWIN__ defined
* Do not require strict c++ mode
* nghttpx: Stricter transfer-encoding checks
* Refactor character comparison
* Integration servertester h3
* integration: Enable http3 test with cmake
-------------------------------------------------------------------
Tue Nov 21 11:53:04 UTC 2023 - Dirk Müller <dmueller@suse.com>
- fix unversioned provides to be in sync with nghttp3
-------------------------------------------------------------------
Tue Nov 7 12:54:09 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add keyring for gpg validation
- spec file cleanups
-------------------------------------------------------------------
Mon Oct 16 10:24:50 UTC 2023 - pgajdos@suse.com
- version update to 1.57.0 [bsc#1216174]
1.57.0
* Fixes CVE-2023-44487 (bsc#1216123)
* Bump ngtcp2 by @tatsuhiro-t in #1944
* Add dependabot to update actions by @tatsuhiro-t in #1946
* Bump golang.org/x/net to v0.15.0 by @tatsuhiro-t in #1950
* Bump actions/setup-go from 3 to 4 by @dependabot in #1948
* Bump actions/checkout from 3 to 4 by @dependabot in #1949
* Bump actions/upload-artifact from 1 to 3 by @dependabot in #1947
* docker: Bump base image to debian 12 by @tatsuhiro-t in #1951
* nghttpx: Header field name must be lowercase by @tatsuhiro-t in #1953
* Bump quictls by @tatsuhiro-t in #1945
* Apps fix by @tatsuhiro-t in #1957
* nghttpx: Fix bug that --single-process does not work by @tatsuhiro-t in #1958
* Fix clang-format by @tatsuhiro-t in #1959
* Rework session management by @tatsuhiro-t in #1961
1.56.0
* doc: Bump boringssl by @tatsuhiro-t in #1928
* Fix memory leak by @tatsuhiro-t in #1930
* Return void by @tatsuhiro-t in #1931
* nghttpx: Rework sending and receiving ECN bits by @tatsuhiro-t in #1934
* CMSG_DATA does not necessarily return an aligned pointer by @tatsuhiro-t in #1935
* Bump quictls by @tatsuhiro-t in #1937
* Bump ngtcp2 and its dependencies by @tatsuhiro-t in #1939
* nghttpx: Simplify std::unique_ptr get and release by @tatsuhiro-t in #1940
* Bump llhttp to 926c982942eb53a13f01c1e9e6b19bd3b196e7dd by @tatsuhiro-t in #1941
* Bump libbpf to v1.2.2 by @tatsuhiro-t in #1942
* Update Dockerfile by @tatsuhiro-t in #1943
-------------------------------------------------------------------
Sat Jul 15 15:11:52 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.55.1:
* Fix memory leak (bsc#1215713)
This commit fixes memory leak that happens when
PUSH_PROMISE or HEADERS frame cannot be sent, and
nghttp2_on_stream_close_callback fails with a fatal error.
For example, if GOAWAY frame has been received, a
HEADERS frame that opens new stream cannot be sent.
This issue has already been made public via CVE-2023-35945
by envoyproxy/envoy project. During embargo period, the
patch to fix this bug was accidentally submitted to
nghttp2/nghttp2 repository [2]. And they decided to
disclose CVE early. I was notified just 1.5 hours
before disclosure. I had no time to respond.
PoC described in [1] is quite simple, but I think it is
not enough to trigger this bug. While it is true that
receiving GOAWAY prevents a client from opening new stream,
and nghttp2 enters error handling branch, in order to cause
the memory leak, nghttp2_session_close_stream function
must return a fatal error.
NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of
memory. It is unlikely that a process gets short of
memory with this simple PoC scenario unless application
does something memory heavy processing.
* NGHTTP2_ERR_CALLBACK_FAILURE is returned from application
defined callback function (nghttp2_on_stream_close_callback, in
this case), which indicates something fatal happened inside a
callback, and a connection must be closed immediately without
any further action. As nghttp2_on_stream_close_error_callback
documentation says, any error code other than 0 or
NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
error code. More specifically, it is treated as if
NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that
envoy returns
NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is
translated into NGHTTP2_ERR_CALLBACK_FAILURE.
https://github.com/envoyproxy/envoy/security/advisories/GHSA-
jfxv-29pc-x22r
-------------------------------------------------------------------
Tue Jun 20 20:48:11 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.54.0:
* nghttpx: Consistent error handling and use of high-level API
* h2load: Fix http3 upload stall
* h2load: Use std::chrono::steady_clock for quic timestamp
-------------------------------------------------------------------
Thu May 18 04:53:42 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
- Update to version 1.53.0:
* https://nghttp2.org/blog/2023/05/10/nghttp2-v1-53-0/
-------------------------------------------------------------------
Tue Mar 14 09:33:48 UTC 2023 - Dirk Müller <dmueller@suse.com>
@ -141,7 +460,7 @@ Wed Jan 6 12:22:21 UTC 2021 - Dirk Müller <dmueller@suse.com>
Wed Jun 3 11:45:25 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
- Update to 1.41.0
* Fix CVE-2020-11080
* Fix CVE-2020-11080 (bsc#1181358)
* lib: Implement max settings option (Patch from James M Snell)
* lib: Earlier check for settings flood (Patch from James M Snell)
* lib: Fix receiving stream data stall (GH-1444)
@ -155,7 +474,8 @@ Wed Jun 3 11:45:25 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
-------------------------------------------------------------------
Tue Jan 14 18:01:52 UTC 2020 - Michał Rostecki <mrostecki@opensuse.org>
- Update to version 1.40.0
- Update to version 1.40.0 to fix CVE-2019-18802 in envoy-proxy and
cilium-proxy (bsc#1166481)
* lib: Add nghttp2_check_authority as public API
* lib: Fix the bug that stream is closed with wrong error code
* lib: Faster huffman encoding and decoding

64
nghttp2.keyring Normal file
View File

@ -0,0 +1,64 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQGiBEmgJCARBACDsyRcJt0cPqS5I3nooSD4ETmsqXSGoA1QP0NcD3mMDIxfwOk3
ZgaLAhQTpylqzYu4uQ5lDcvkpZtN8cA+R+9Bxq1VcY5Jra4t93Eyxd/14oufgg8w
GLZ8q2otuUliL+RWPEuuBLNJFrdHeLfITBX88ZyHz8tu0kpWBBVBLb5yYwCg3OmH
L59aPl0TIoKGIL/xYs80ixcD/3PA9z6SbChDHRKA647Smrw6QuQHl7Uubg6LYYxz
FoxeN3F/grZHNJyUzlkdraIcWWYi1Dr0D28TnuQUbPoj7ju248iPRv2ZEr7OpV9j
RksxJIBqzC698XwPuq2Jo8iBNgE2t25aY9UHXxehqg6zkyR1bdhFzDV1cEKGkU62
TAnvA/9tB77GiQ9H02oybfqYrdxrWCou3kRa7owd/tBqRMkzH4Vt86VIXwVdsMn1
sGeF4YGUqwY7GCT+jviFCdvGTRqeCJgaLJAYE8hSFIxpDTdUNxaPxwuOd3Jq5BKC
U7boXpLlAcdh47CMk4qvIDZfBb2iVjZCN1yFI9R/TCH7JCT9NLQrVGF0c3VoaXJv
IFRzdWppa2F3YSA8dGF0c3VoaXJvLnRAZ21haWwuY29tPohgBBMRAgAgBQJJoCQg
AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQfoQD1dZzw2YoTgCgmzKU0uK/
fr2nVqYondsxppQS83wAoIPlXaxcUV39DvA7/Rui6+rBNljmuQQNBEmgJCAQEADi
J5vXLb+y5g2kQApYk/iPqlJV02jHX7VJnWwivfQNq0F56TiiAZx9B6QR71pShkv8
L4FgdmuNPcxamh4LAiVsiE3lW5dnlt6cp5bmWvNOTDZIojbxSfS4ZhQmt3Ij4vJ5
fnlgUeaLDzXqeuO5ezMZvpsoBcDMvPCnv8R28JX0z1LIjA42sC85Kvd8EeB7uyGJ
q0qzU7OMP6JdxN2IwvdGiqXAAHI2KZOU9Pp4Kvg4qj8v3ELXrhlrZVye6PAmbufJ
Gdcg73EEabhoWutzt1h++qUkhzSQRUoTIqa2DWyE/bTPGlxqKgHmur5okBn5iwcr
BijhE6d8AvBqlopxyHHIEsZ4YswvLR8VcOt//aT1ArYdrxAfyjujvimoW1+gDjsA
+Hc1wlrYW6uLgHwFIzQFOi4Yt/+hw26dlqJhO9pnK8vwpPsMnvkfHQx5A7EeZhpN
g1YIDhPEO+RSk81Gs0Y1xzJjLulncxlzprX6xmyZK/B2dQZy4XFl5K02Q7Zas++x
z70JvwOC8kDu117jb3QtersJHt09SGywCrkaU6P8+iKxPd2PEwaPWKqu4n7IpLZu
2Kg5GXO1h80fqhPSRJGbj5a6YVvfVHoRPaUL34Y4yYPxPVxjpgYR6ohhhoyURA4w
+qkhugcbYM9/wQTbwhgLc5mG62bq+WVkhehaGFOCwwADBRAAkzofRfa6dNtZC8kp
4bTmTydRCRrAAjUvCtRNL+PjB6JpTsIru/w6dR2i3TYDnUOBNkvVLUNG+Sk6fsR2
CcEefsa4AQwRb8G33FATsewFbImSrBNT9R5hr+hR33XWxo0KAcXrucnaboidQOBK
lDD0SEC6eBexVXa4/h9qum4Qmj0u9XBBqMqEOJY/Mao5SJ8EWZV+UAszgJdmHDvq
s9+1425NuzuG9/KQzx/5wWjQmtAHikE/oFQ1RZ3hWxRpe4YmsrKQuVqwHRfIjCrB
MdBteldVr4NN0eUqfnrXgTpInXSsUstDr1/04u2Q3+spQUjJOcZ+IluPLfr12EAH
UKc9/2CT6cLmBVEl2s2PijC5EoxH3UA2KkxcxBy5LleKvF5FZ3MHbXaj2RLMLBlW
aGhlFF2H85EEmq73Ex5ncLPT4BW2rHrkwdUOOXCN8riUZr42E3K+GTyfGyRbU9Ar
MBP62ytvamwBO9O+E6sJCVraoho4a2ERORh5PQzEot1Tmyf4u6AQf1+JVMn2yThc
ilRKWD1Q/AfEAibVbPANkXXjX5pZkIRc1Eunq5afYf2ixyS96RSjc6EZ+euaaaFC
96+MdDtlycafZIXYNgiNkrrm8mzPCb2i8tmF9aPnGYBknsnFLlda3Zz4afFDKyLN
LYRvqAujonL+HBOLW2InmeD5p6SISQQYEQIACQUCSaAkIAIbDAAKCRB+hAPV1nPD
ZqpZAJ9Kw73IdA3hw+wQEen991bFlMzHfQCgtG/GMjXB246Qt9XPVvToTSFJQPq5
Ag0EZdRdtAEQAMIqEK6XuVLgY6KPOUqHFjQZdi87hCX9sTSHVuvQ75Ko70Ayz/AH
I7YWnPoaJjWQwCugGOdEjXKQMUUKuGUrWAtGoGUg9MDFXdAXRrwBhhKz8ZGJzGPU
YXkanJSHo3AAFQ4QWSJmGvlZ2VhthB5v/njUlpzFvNusa5e71RRLM5f5R3kROUlj
vwAXUcosLESi864AKFzo1qiQB6KtatTLJH8aHQEFrVwzrleKdkF5OozfWw1poB4g
94QBkIzXgmEA3uTpXHLctIngpR8mZrQQtohI2zKlpnq9lCMZ7j3/xitZ6xS2KSlH
BU3Z4TXZKZuFP7IsITVTdlMg/OHua2l0i3ZewbIWPnnPJC8dQi+QdYe6FWjDwZPu
HBAbbxHVFCYnz5f4SP9LNqeWRGqHHnzb5pNe2xZHykPP84kvFvmRonqMBIvFrPhV
kw+Z43JBvxM4YwYp0GWEuDAik6KmbuM5SmwAiR67KigwwUoumJi9YdQlUIkNKO7P
SvmHCzaX47+AdLxDToMXCsIO2NlLGE5GN/RwQ8k0owWoK5WZYUI16pgZ39n/Z03y
Ig+W//qUJ7+eYTgvvCngR3kxUXipSVA0+skxWvdmRHla5MasuvtPuW/Xz6/+U3fS
4bmYTWA5TmhfrMublTncBXgEvX9LzyL+kPhf81OAix3RNUlD6Jp5+751ABEBAAGJ
ApYEGBECACAWIQT087kUdNHrKYib0O9+hAPV1nPDZgUCZdRdtAIbAgJACRB+hAPV
1nPDZsF0IAQZAQoAHRYhBFFrYikY0VxHirHqOlM5or6C4H3sBQJl1F20AAoJEFM5
or6C4H3sBa8QALx76ibbGN3vz9+Aa58gtk1oDIIfEF/U7PmMuPB9CA9738kgiXvq
nxKAkiBU9EkaiYsPfF/iv35xp44CrFz/mjqMQiMlWOxMtRVXjsQQoGKmkdei4THk
3pVE4u6bXXb38LUnXyYVV9P0XLNV/ilwvRlnozP4NqrjH7MuKLKLUoKNHMD6UK2/
UWUqHQPboFYTIb826+S8PiGQ/3PO7+Y+h0Jyq2o5c76N2PvMgtkQwvTTw6hPP8p1
EIffN1wUpZ5dG+Cxe9oN2FF6Lq89WCK1M7n3DU4JZqjKIcmxJKPPmjQjdVUUhyXQ
4naywi+h30esJ/CbrQ0oyDnr0jbiTg04c6IV5U5deVDywJ9gAAgV0g12NDwo2SCb
ZeLGul8/tZXpXiTYJdTQ0N3EUZYPbOvY8Kdh95stq9HtKJyozP/yemFBfiTtK0Kt
QISQHf0GNJR+D682S0iB3nSprzXpgwgjaHYLQXYdUomg7lMGrtf3XZQlUaHYLHp6
W0xhOweS/2kr5G461zSyJ3T9ITm59GapunXfuSGqA2mJvv9CXJqN8Qm6UzUD8QBk
JxiUC6IMVAoBShSPD9qC0jBxXETKNHC4zPoF0wfOVYjKJ29btfOjneL0IdLNR/6c
WcszscQx9Rm+vWArbDdcATTnImO1hIehxeQPp/8IRPpxHjD64GoNSbzyZkwAn0n6
KhOXkidphC12e/W/W3vSRrm5AKC2S6Ile4sLQr7aDSQZLvJz54gxYw==
=Rw9e
-----END PGP PUBLIC KEY BLOCK-----

101
nghttp2.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package nghttp2
#
# Copyright (c) 2022 SUSE LLC
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -18,31 +18,25 @@
%global soname libnghttp2
%global sover 14
%global soname_asio libnghttp2_asio
%global sover_asio 1
%global flavor @BUILD_FLAVOR@%{nil}
# libnghttp2_asio has been deprecated in this repository due to maintenance
# issue and will be removed at the end of 2022
%bcond_with asio
Name: nghttp2
Version: 1.52.0
Version: 1.64.0
Release: 0
Summary: Implementation of Hypertext Transfer Protocol version 2 in C
License: MIT
Group: Development/Libraries/C and C++
URL: https://nghttp2.org/
Source: https://github.com/nghttp2/nghttp2/releases/download/v%{version}/nghttp2-%{version}.tar.xz
Source1: baselibs.conf
# CVE-2023-35945 [bsc#1215713], Fixes leak memory
Patch0: nghttp2-CVE-2023-35945.patch
# CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Patch1: nghttp2-CVE-2024-28182-1.patch
# CVE-2024-28182 [bsc#1221399], HTTP/2 CONTINUATION frames can be utilized for DoS attacks
Patch2: nghttp2-CVE-2024-28182-2.patch
BuildRequires: autoconf
BuildRequires: automake
Source0: https://github.com/nghttp2/nghttp2/releases/download/v%{version}/nghttp2-%{version}.tar.xz
Source1: https://github.com/nghttp2/nghttp2/releases/download/v%{version}/nghttp2-%{version}.tar.xz.asc
Source2: nghttp2.keyring
Source3: baselibs.conf
%if 0%{?suse_version} && 0%{?suse_version} == 1500
BuildRequires: gcc13-c++
%else
BuildRequires: gcc-c++
BuildRequires: libtool
%endif
BuildRequires: libboost_system-devel
BuildRequires: libboost_thread-devel
BuildRequires: pkgconfig
BuildRequires: python-rpm-macros
BuildRequires: pkgconfig(cunit)
@ -52,19 +46,11 @@ BuildRequires: pkgconfig(libev)
BuildRequires: pkgconfig(liblzma)
BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(libxml-2.0)
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(openssl) >= 1.1.1
BuildRequires: pkgconfig(zlib)
%ifnarch ppc %{arm}
%if 0%{?sle_version} >= 150000 && 0%{?is_opensuse}
BuildRequires: pkgconfig(jemalloc)
%endif
%endif
%if 0%{?suse_version} > 1325
BuildRequires: libboost_system-devel
BuildRequires: libboost_thread-devel
%else
BuildRequires: boost-devel
%endif
%description
This is an implementation of Hypertext Transfer Protocol version 2.
@ -83,14 +69,6 @@ Group: System/Libraries
Shared C libraries for implementation of Hypertext Transfer Protocol
version 2.
%package -n %{soname_asio}%{sover_asio}
Summary: Shared library for nghttp2
Group: System/Libraries
%description -n %{soname_asio}%{sover_asio}
Shared libraries for asynchronous implementation of Hypertext Transfer
Protocol version 2.
%package -n python3-nghttp2
Summary: Python3 bindings for nghttp2
Group: Development/Libraries/Python
@ -103,21 +81,12 @@ Python bindings for implementation of Hypertext Transfer Protocol version
Summary: Development files for nghttp2
Group: Development/Languages/C and C++
Requires: %{soname}-%{sover} = %{version}
Provides: %{name}-devel
Provides: %{name}-devel = %{version}
%description -n %{soname}-devel
Development files for usage with libnghttp2, which implements
Hypertext Transfer Protocol version 2.
%package -n %{soname_asio}-devel
Summary: Development files for nghttp2
Group: Development/Languages/C and C++
Requires: %{soname_asio}%{sover_asio} = %{version}
%description -n %{soname_asio}-devel
Development files for usage with libnghttp2_aio, which implements
asynchronous Hypertext Transfer Protocol version 2.
%package doc
Summary: Documentation for nghttp2
Group: Documentation/HTML
@ -129,15 +98,14 @@ HTTP/2 client, server and proxy.
%prep
%autosetup -p1 -n nghttp2-%{version}
# fix python shebang
sed -i -e 's:#!%{_bindir}/env python:#!%{_bindir}/python3:g' script/fetch-ocsp-response
%build
autoreconf -fiv
%if 0%{?suse_version} && 0%{?suse_version} == 1500
export CC=/usr/bin/gcc-13
export CXX=/usr/bin/g++-13
%endif
%configure \
--disable-static \
--disable-silent-rules \
%{?with_asio:--enable-asio-lib} %{!?with_asio: --disable-asio-lib} \
--enable-app \
%{nil}
%make_build all
@ -146,24 +114,25 @@ autoreconf -fiv
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
# Do not ship theis
# Do not ship this
rm -rf %{buildroot}%{_datadir}/doc/nghttp2
# None of applications using these man pages are built.
rm -rf %{buildroot}%{_mandir}/man1/* \
doc/manual/html/.buildinfo
%check
# One test fails if python-sphinx is not present
%make_build check ||:
%post -n %{soname}-%{sover} -p /sbin/ldconfig
%postun -n %{soname}-%{sover} -p /sbin/ldconfig
%if %{with asio}
%post -n %{soname_asio}%{sover_asio} -p /sbin/ldconfig
%postun -n %{soname_asio}%{sover_asio} -p /sbin/ldconfig
# https://build.opensuse.org/request/show/1212476
%if %{suse_version} >= 1600
%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/fetch-ocsp-response
%endif
%check
%make_build check
%ldconfig_scriptlets -n %{soname}-%{sover}
%files
%{_bindir}/deflatehd
%{_bindir}/inflatehd
@ -183,16 +152,4 @@ rm -rf %{buildroot}%{_mandir}/man1/* \
%{_libdir}/%{soname}.so
%{_libdir}/pkgconfig/%{soname}.pc
%if %{with asio}
%files -n %{soname_asio}%{sover_asio}
%license COPYING
%{_libdir}/%{soname_asio}.so.%{sover_asio}*
%files -n %{soname_asio}-devel
%dir %{_includedir}/%{name}/
%{_includedir}/%{name}/asio_http2*.h
%{_libdir}/%{soname_asio}.so
%{_libdir}/pkgconfig/%{soname_asio}.pc
%endif
%changelog