1.64.0
* Change clang-format options by @tatsuhiro-t in #2240
* build(deps): bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0 by @dependabot in #2243
* build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #2244
* nghttp2_map: Port ngtcp2 changes by @tatsuhiro-t in #2245
* h2load: Fix UDP datagram send/recv metric by @tatsuhiro-t in #2248
* build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #2252
* fix race condition on h1 connection close by @TuxInvader in #2249
* Gha ubuntu 24.04 by @tatsuhiro-t in #2254
* GHA: Run tests for i686-w64-mingw32 host by @tatsuhiro-t in #2255
* cmake: Fix c-ares v1.34.0 version detection failure by @tatsuhiro-t in #2256
* fix: -Wextra-semi errors in nghttp2_helper.h by @codebytere in #2258
* clang-format macros that do not need semicolon at the end by @tatsuhiro-t in #2259
* Remove extra semicolons by @tatsuhiro-t in #2260
* Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2261
* Do not allow '@' in :authority or host field values by @tatsuhiro-t in #2262
* h2load: GRO buffer size should be 64KiB by @tatsuhiro-t in #2263
* Bump libbpf to v1.4.6 by @tatsuhiro-t in #2264
* Update nghttp2_check_authority doc by @tatsuhiro-t in #2265
1.63.0
* Bump libbpf to v1.4.2 by @tatsuhiro-t in #2191
* build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 by @dependabot in #2193
* nghttpx: Fix batch UDP QUIC packet dropped on GRO read by @tatsuhiro-t in #2196
* CMakeLists.txt: allow to compile the C only lib without CXX compiler by @ThomasDevoogdt in #2200
* build(deps): bump github.com/quic-go/quic-go from 0.43.1 to 0.44.0 by @dependabot in #2197
* Fix compiler versions in readme by @ryandesign in #2203
* build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in #2205
* build(deps): bump github.com/quic-go/quic-go from 0.44.0 to 0.45.0 by @dependabot in #2206
* Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2207
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=125
- version update to 1.61.0
* Fixes CVE-2024-28182 [bsc#1221399]
* nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087
* Checkout with submodules by @jonaski in #2093
* Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092
* build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097
* Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098
* docker: Use copy --link by @tatsuhiro-t in #2099
* Nghttpx header idle timeout by @tatsuhiro-t in #2100
* nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101
* Rewrite hexdump by @tatsuhiro-t in #2102
* Switch to distroless/base-nossl by @tatsuhiro-t in #2103
* Bump ngtcp2 by @tatsuhiro-t in #2105
* nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106
* build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107
* autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108
* Automate release process by @tatsuhiro-t in #2109
* autotools: Switch to tar-pax by @tatsuhiro-t in #2110
* nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111
* nghttpx: Fix port byte order by @tatsuhiro-t in #2112
* h2load: Allow host header to be overridden by @tatsuhiro-t in #2113
* nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114
* nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115
* Add actions/stale by @tatsuhiro-t in #2116
* nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117
* nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119
* No rfc7540 priority fix by @tatsuhiro-t in #2120
* Further reduce Stateless reset emission by @tatsuhiro-t in #2122
* nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124
* Nghttpx faster worker lookup by @tatsuhiro-t in #2125
OBS-URL: https://build.opensuse.org/request/show/1164552
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=123
- Update keyring with current key
- version update to 1.60.0
* makerelease.sh: Speed up git submodule
* Speed up git clone
* build(deps): bump actions/cache from 3 to 4
* Fixing the build and install trees
* build(deps): bump microsoft/setup-msbuild from 1 to 2
* nghttpx: Set ocsp response to SSL in case of boringssl
* Run with python3
* src: Certificate Compression with boringssl
* Fix missing newline
* Switch to aws lc
* Libbrotli fixup
* Deprecate RFC 7540 priorities (aka stream dependencies)
* Let dependabot manage go modules
* build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
* integration-tests: Omit unused parameters
* Munit
* Introduce nghttp2_ssize API
* Move deprecated warning upfront
* Describe RFC 7540 priorities deprecation plan
* Apps migrate nghttp2 ssize
* src: Remove unused functions
* Reconsider ssize t usage in src
* Use GitHub private vulnerability reporting
* Move security policy to GitHub standard location
* Bump mruby to 3.3.0
* Bump llhttp to 48588093ca4219b5f689acfc9ebea9e4c8c37663
* h2load: Add --sni option
OBS-URL: https://build.opensuse.org/request/show/1159004
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=80
- update to 1.59.0:
* Update bash_completion
* h2load: Fix bug that ttfb is not recorded if h3 stream
has no data
* h2load: Consider all h2 HEADERS when counting bytes and
recording ttfb
* h2load: Ignore 1xx status code
* nghttpd: Free SSL_CTX on exit
* nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data
* nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data
* cmake: Require OpenSSL >= 1.1.1
* Add nghttp2_select_alpn and deprecate
nghttp2_select_next_protocol
* nghttpx: Add --alpn-list and deprecate --npn-list
* h2load: Add --alpn-list and deprecate --npn-list
* Remove NPN
* src: Support building with aws-lc
* Avoid detecting OpenSSL 3.2 as quictls
* Use nghttp3_pri_parse_priority added since nghttp3 v1.1.0
* h2load: Fix IPv6 address in :authority
* h2load: Fix IPv6 address in :authority
* nghttpx: Propagate stream priority from backend to
frontend
* nghttpx: Propagate stream priority from backend to
frontend
* Merge pull request #1991 from nghttp2/get-and-parse-
extpri
* Add API to get and parse RFC 9218 priority
* nghttpx: Prefer __FILE_NAME__ if defined
OBS-URL: https://build.opensuse.org/request/show/1142108
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=119
- add keyring for gpg validation
- spec file cleanups
For example, if GOAWAY frame has been received, a
* https://nghttp2.org/blog/2023/05/10/nghttp2-v1-53-0/
checking leading and trailing white spaces against HTTP field value.
* https://nghttp2.org/blog/2022/08/22/nghttp2-v1-49-0/
* third-party: Bump neverbleed based on the latest head (GH-1708)
* see https://nghttp2.org/blog/2022/02/23/nghttp2-v1-47-0/
* see https://nghttp2.org/blog/2021/10/19/nghttp2-v1-46-0/
* nghttpx: Fix logging integer
- Conditionally remove dependecy on jemalloc for SLE-12
if table size is changed from default
* Add nghttp2_option_set_max_send_header_block_length API
* Fix warning: declaration of 'free' shadows a global declaration
* nghttpx: Add healthmon parameter to -f option to enable health
* nghttpx: Add --api-max-request-body option to set maximum API
* nghttpx: Add api parameter to --frontend option to mark API
* h2load: Add content-length header field for HTTP/2 and SPDY as
* Run error callback when peer does not send initial SETTINGS
* nghttpx: Fix bug that server push from mruby script did not
* nghttpx: Try next HTTP/1 backend address when connection
* nghttpx: Retry next HTTP/2 backend address when connection
* nghttpx: Enable link header field based push for non-final
* nghttpx: Fix bug that logger wrote string which was not
* nghttpx: Fix bug that backend tls keyword did not work with -s
* lib: Add nghttp2_error_callback to tell application human
* lib: Add nghttp2_http2_strerror() to return HTTP/2 error code
* integration: Disable tests that sometimes break randomly on
* h2load: Fix bug that initial max concurrent streams was too
OBS-URL: https://build.opensuse.org/request/show/1123980
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=76
- spec file cleanups
For example, if GOAWAY frame has been received, a
* https://nghttp2.org/blog/2023/05/10/nghttp2-v1-53-0/
checking leading and trailing white spaces against HTTP field value.
* https://nghttp2.org/blog/2022/08/22/nghttp2-v1-49-0/
* third-party: Bump neverbleed based on the latest head (GH-1708)
* see https://nghttp2.org/blog/2022/02/23/nghttp2-v1-47-0/
* see https://nghttp2.org/blog/2021/10/19/nghttp2-v1-46-0/
* nghttpx: Fix logging integer
- Conditionally remove dependecy on jemalloc for SLE-12
if table size is changed from default
* Add nghttp2_option_set_max_send_header_block_length API
* Fix warning: declaration of 'free' shadows a global declaration
* nghttpx: Add healthmon parameter to -f option to enable health
* nghttpx: Add --api-max-request-body option to set maximum API
* nghttpx: Add api parameter to --frontend option to mark API
* h2load: Add content-length header field for HTTP/2 and SPDY as
* Run error callback when peer does not send initial SETTINGS
* nghttpx: Fix bug that server push from mruby script did not
* nghttpx: Try next HTTP/1 backend address when connection
* nghttpx: Retry next HTTP/2 backend address when connection
* nghttpx: Enable link header field based push for non-final
* nghttpx: Fix bug that logger wrote string which was not
* nghttpx: Fix bug that backend tls keyword did not work with -s
* lib: Add nghttp2_error_callback to tell application human
* lib: Add nghttp2_http2_strerror() to return HTTP/2 error code
* integration: Disable tests that sometimes break randomly on
* h2load: Fix bug that initial max concurrent streams was too
* nghttpx: Workaround for Ubuntu 15.04 which does not
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=116
- version update to 1.57.0 [bsc#1216174]
1.57.0
* Fixes CVE-2023-44487
* Bump ngtcp2 by @tatsuhiro-t in #1944
* Add dependabot to update actions by @tatsuhiro-t in #1946
* Bump golang.org/x/net to v0.15.0 by @tatsuhiro-t in #1950
* Bump actions/setup-go from 3 to 4 by @dependabot in #1948
* Bump actions/checkout from 3 to 4 by @dependabot in #1949
* Bump actions/upload-artifact from 1 to 3 by @dependabot in #1947
* docker: Bump base image to debian 12 by @tatsuhiro-t in #1951
* nghttpx: Header field name must be lowercase by @tatsuhiro-t in #1953
* Bump quictls by @tatsuhiro-t in #1945
* Apps fix by @tatsuhiro-t in #1957
* nghttpx: Fix bug that --single-process does not work by @tatsuhiro-t in #1958
* Fix clang-format by @tatsuhiro-t in #1959
* Rework session management by @tatsuhiro-t in #1961
1.56.0
* doc: Bump boringssl by @tatsuhiro-t in #1928
* Fix memory leak by @tatsuhiro-t in #1930
* Return void by @tatsuhiro-t in #1931
* nghttpx: Rework sending and receiving ECN bits by @tatsuhiro-t in #1934
* CMSG_DATA does not necessarily return an aligned pointer by @tatsuhiro-t in #1935
* Bump quictls by @tatsuhiro-t in #1937
* Bump ngtcp2 and its dependencies by @tatsuhiro-t in #1939
* nghttpx: Simplify std::unique_ptr get and release by @tatsuhiro-t in #1940
* Bump llhttp to 926c982942eb53a13f01c1e9e6b19bd3b196e7dd by @tatsuhiro-t in #1941
* Bump libbpf to v1.2.2 by @tatsuhiro-t in #1942
* Update Dockerfile by @tatsuhiro-t in #1943
OBS-URL: https://build.opensuse.org/request/show/1117984
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=115
- update to 1.55.1:
* Fix memory leak
This commit fixes memory leak that happens when
PUSH_PROMISE or HEADERS frame cannot be sent, and
nghttp2_on_stream_close_callback fails with a fatal error.
For example, if GOAWAY frame has been received, a
HEADERS frame that opens new stream cannot be sent.
This issue has already been made public via CVE-2023-35945
by envoyproxy/envoy project. During embargo period, the
patch to fix this bug was accidentally submitted to
nghttp2/nghttp2 repository [2]. And they decided to
disclose CVE early. I was notified just 1.5 hours
before disclosure. I had no time to respond.
PoC described in [1] is quite simple, but I think it is
not enough to trigger this bug. While it is true that
receiving GOAWAY prevents a client from opening new stream,
and nghttp2 enters error handling branch, in order to cause
the memory leak, nghttp2_session_close_stream function
must return a fatal error.
NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of
memory. It is unlikely that a process gets short of
memory with this simple PoC scenario unless application
does something memory heavy processing.
* NGHTTP2_ERR_CALLBACK_FAILURE is returned from application
defined callback function (nghttp2_on_stream_close_callback, in
this case), which indicates something fatal happened inside a
callback, and a connection must be closed immediately without
any further action. As nghttp2_on_stream_close_error_callback
documentation says, any error code other than 0 or
NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
OBS-URL: https://build.opensuse.org/request/show/1099190
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=74
- update to 1.55.1:
* Fix memory leak
This commit fixes memory leak that happens when
PUSH_PROMISE or HEADERS frame cannot be sent, and
nghttp2_on_stream_close_callback fails with a fatal error.
For example, if GOAWAY frame has been received, a
HEADERS frame that opens new stream cannot be sent.
This issue has already been made public via CVE-2023-35945
by envoyproxy/envoy project. During embargo period, the
patch to fix this bug was accidentally submitted to
nghttp2/nghttp2 repository [2]. And they decided to
disclose CVE early. I was notified just 1.5 hours
before disclosure. I had no time to respond.
PoC described in [1] is quite simple, but I think it is
not enough to trigger this bug. While it is true that
receiving GOAWAY prevents a client from opening new stream,
and nghttp2 enters error handling branch, in order to cause
the memory leak, nghttp2_session_close_stream function
must return a fatal error.
NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of
memory. It is unlikely that a process gets short of
memory with this simple PoC scenario unless application
does something memory heavy processing.
* NGHTTP2_ERR_CALLBACK_FAILURE is returned from application
defined callback function (nghttp2_on_stream_close_callback, in
this case), which indicates something fatal happened inside a
callback, and a connection must be closed immediately without
any further action. As nghttp2_on_stream_close_error_callback
documentation says, any error code other than 0 or
NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
OBS-URL: https://build.opensuse.org/request/show/1098813
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=113
- update to 1.42.0:
* lib: fix ubsan errors (Patch from Asra Ali) (GH-1468)
* lib: Don't send RST_STREAM to idle stream (GH-1477)
* lib: nghttp2_map backed by nghttp2_ksl
* doc: Update sphinx_rtd_theme
* doc: nghttp2_session_send is also affected by max concurrent streams (Patch from Tomas Krizek) (GH-1489)
* doc: clarify flow control behaviour for nghttp2_session_send() (Patch from Tomas Krizek) (GH-1488)
* build: Add missing cmake/FindSystemd.cmake to dist (GH-1526)
* third-party: Bump llhttp to 2.2.0
* third-party: Bump mruby to 2.1.2
* nghttpx: Deal with the case when h2 backend is retired before it is initialized
* nghttpx: Add accesslog variables to record request path without query (GH-1511)
* nghttpx: Fix stall when TLS follows after proxy protocol
* nghttpx: Fix logging integer
OBS-URL: https://build.opensuse.org/request/show/860715
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=101
- Update to 1.41.0
* Fix CVE-2020-11080
* lib: Implement max settings option (Patch from James M Snell)
* lib: Earlier check for settings flood (Patch from James M Snell)
* lib: Fix receiving stream data stall (GH-1444)
* build: cmake: Make hard-coded static lib suffix optional (Patch from Viktor Szakats) (GH-1418)
* third-party: Bump llhttp to 2.0.4 (GH-1442)
* nghttpx: Add PROXY-protocol v2 support (GH-1452)
* nghttpx: Fix get_x509_serial for long serial numbers (Patch from Jacky Tian) (GH-1455)
* h2load: Allow port in --connect-to
* h2load: add --connect-to option (Patch from Lucas Pardue) (GH-1426)
OBS-URL: https://build.opensuse.org/request/show/811122
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=100
- Update to version 1.40.0
* lib: Add nghttp2_check_authority as public API
* lib: Fix the bug that stream is closed with wrong error code
* lib: Faster huffman encoding and decoding
* build: Avoid filename collision of static and dynamic lib
* build: Add new flag ENABLE_STATIC_CRT for Windows
* build: cmake: Support building nghttpx with systemd
* third-party: Update neverbleed to fix memory leak
* nghttpx: Fix bug that mruby is incorrectly shared between
backends
* nghttpx: Reconnect h1 backend if it lost connection before
sending headers
* nghttpx: Returns 408 if backend timed out before sending
headers
* nghttpx: Fix request stal
OBS-URL: https://build.opensuse.org/request/show/765237
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=99
- Update to version 1.39.1:
* This release fixes the bug that log-level is not set with
cmd-line or configuration file. It also fixes FPE with default
backend.
- Changes for version 1.39.0:
* libnghttp2 now ignores content-length in 200 response to
CONNECT request as per RFC 7230.
* mruby has been upgraded to 2.0.1.
* libnghttp2-asio now supports boost-1.70.
* http-parser has been replaced with llhttp.
* nghttpx now ignores Content-Length and Transfer-Encoding in 1xx
or 200 to CONNECT.
- Drop no longer needed boost170.patch
OBS-URL: https://build.opensuse.org/request/show/723082
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=58
* This release fixes the bug that log-level is not set with
cmd-line or configuration file. It also fixes FPE with default
backend.
- Changes for version 1.39.0:
* libnghttp2 now ignores content-length in 200 response to
CONNECT request as per RFC 7230.
* mruby has been upgraded to 2.0.1.
* libnghttp2-asio now supports boost-1.70.
* http-parser has been replaced with llhttp.
* nghttpx now ignores Content-Length and Transfer-Encoding in 1xx
or 200 to CONNECT.
- Drop no longer needed boost170.patch
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=94
- Update to 1.38.0:
* This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry.
* It also fixes the bug that HTTP/1.1 chunked request stalls.
* Now nghttpx does not log authorization request header field value with -LINFO.
* This release fixes possible backend stall when header and request body are sent in their own packets.
* The backend option gets weight parameter to influence backend selection.
* This release fixes compile error with BoringSSL.
- Add patch from upstream to build with new boost bsc#1134616:
* boost170.patch
OBS-URL: https://build.opensuse.org/request/show/701941
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=57
* This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry.
* It also fixes the bug that HTTP/1.1 chunked request stalls.
* Now nghttpx does not log authorization request header field value with -LINFO.
* This release fixes possible backend stall when header and request body are sent in their own packets.
* The backend option gets weight parameter to influence backend selection.
* This release fixes compile error with BoringSSL.
- Add patch from upstream to build with new boost bsc#1134616:
* boost170.patch
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=93
* nghttpx: Fix broken trailing slash handling (GH-1276)
- Changes for version 1.35:
* build: cmake: Fix libevent version detection (Patch from Jan Kundrát) (GH-1238)
* lib: Use __has_declspec_attribute for shared builds (Patch from Don) (GH-1222)
* src: Require C++14 language feature
* nghttpx: Write mruby send_info early
* nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend
* h2load: Handle HTTP/1 non-final response (GH-1259)
* h2load: Clarify that time for connect includes TLS handshake
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=89
- Update to version 1.33.0:
* lib: Tweak nghttp2_session_set_stream_user_data
* lib: Fix handling of SETTINGS_MAX_CONCURRENT_STREAMS.
* lib: Implement ORIGIN frame
* asio: support definition of local endpoint for cleartext
client session
* integration: Remove remaining SPDY code from the integration tests
* nghttpx: Fix worker process crash with neverbleed write error
* nghttpx: Support per-backend mruby script
* nghttpx: Fix stream reset if data from client is arrived before
dconn is attached
OBS-URL: https://build.opensuse.org/request/show/638343
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=86
* lib: Ignore all input after calling session_terminate_session
* lib: Fix treatment of padding
* lib: Don't allow 101 HTTP status code because HTTP/2 removes
HTTP Upgrade
* build: add ENABLE_STATIC_LIB option to build static lib
* third-party: Upgrade neverbleed to the latest master
* asio: Support client side SNI
* src: Compile with libressl 2.7.2
* src: Allow building without NPN
* h2load: -r and --duration are mutually exclusive
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=85
- Version umpdate to 1.31.1:
* Fix bsc#1088639 CVE-2018-1000168
* https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/
- Version update to 1.31.0:
* lib: Add nghttp2_session_set_user_data() public API function (GH-1137)
* src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro (GH-1128)
* nghttpx: Close listening socket on graceful shutdown
* nghttpx: Add an option to accept expired client certificate (GH-1126)
* nghttpx: Add mruby tls_client_not_before, and tls_client_not_after (GH-1123)
* nghttpx: Fix potential memory leak
* lib: Allow PING frame to be sent after GOAWAY (GH-1103)
* nghttpx: Fix bug that h1 backend idle timeout expires sooner
* nghttpx: Stop overwrite of first header on mruby call to env.req.set_header(..) (Patch from Dylan Plecki) (GH-1119)
* nghttpx: Add upgrade-scheme parameter to backend option (GH-1099)
* nghttpx: Fix missing ALPN validation (--npn-list) (GH-1094)
* nghttpx: Remember which resource is pushed for RFC 8297 (GH-1101)
- Drop spdylay dependency as it is deprecated since version 1.28.0
and removed from cofnigure.ac since 1.29.0
OBS-URL: https://build.opensuse.org/request/show/596227
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=51
- Update to version 1.29.0:
* lib: Use NGHTTP2_REFUSED_STREAM for streams which are closed by
GOAWAY
* build: Remove SPDY
* build: Fix CMAKE_MODULE_PATH
* nghttpx: Revert "nghttpx: Use an existing h2 backend connection
as much as possible"
* nghttpx: Write API request body in temporary file
* nghttpx: Increase api-max-request-body
* nghttpx: Faster configuration loading with lots of backends
* nghttpx: Fix crash with --backend-http-proxy-uri option
OBS-URL: https://build.opensuse.org/request/show/561884
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=49
* lib: Use NGHTTP2_REFUSED_STREAM for streams which are closed by
GOAWAY
* build: Remove SPDY
* build: Fix CMAKE_MODULE_PATH
* nghttpx: Revert "nghttpx: Use an existing h2 backend connection
as much as possible"
* nghttpx: Write API request body in temporary file
* nghttpx: Increase api-max-request-body
* nghttpx: Faster configuration loading with lots of backends
* nghttpx: Fix crash with --backend-http-proxy-uri option
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=80
* lib: Add nghttp2_error_callback2
* build: Add deprecation warning when spdylay support is enabled
* Switch to clang-format-5.0
* examples: Make client and server work with libevent-2.1.8
* third-party: Update neverbleed
* integration: Fix issues reported by the go vet tool.
* nghttpx: Fix affinity retry
* nghttpx: Fix stalled backend connection on retry
* nghttpx: Cookie based session affinity
* nghttpx: Expose additional TLS related variables to mruby and
accesslog
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=78
- Update to version 1.27.0:
* h2load: Print out h2 header fields with --verbose option
* nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client
only
- Changes for version 1.26.0:
* docs: Fix some typos in the nghttpx how-to
* h2load: Fix bug that timing script stalls with -m1
* h2load: Reservoir sampling (GH-984)
* h2load: Add timing-based load-testing in h2load
- Switch to python3 support
OBS-URL: https://build.opensuse.org/request/show/536838
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=46
* h2load: Print out h2 header fields with --verbose option
* nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client
only
- Changes for version 1.26.0:
* docs: Fix some typos in the nghttpx how-to
* h2load: Fix bug that timing script stalls with -m1
* h2load: Reservoir sampling (GH-984)
* h2load: Add timing-based load-testing in h2load
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=73
* lib: Accept and ignore content-length: 0 in 204 response for now
* build: Use pkg-config to detect libxml2
* build: Require c-ares to compile applications under src
* build: Add Windows CI via AppVeyor (Patch from Alexis La Goutte)
* examples: Delete tiny-nghttpd
* nghttpx: Retry h1 backend request if first write fails (GH-757)
* nghttpx: Keep reading after backend write failed (GH-756)
* nghttpx: Add frontend-keep-alive-timeout option (GH-755)
* nghttpx: New error log format (GH-749)
* nghttpx: Fix bug that fetch-ocsp-response does not work with OpenSSL 1.1.0 (GH-742)
* nghttpx: Backend API call allows non-numeric host with dns parameter (GH-731)
* nghttpx: Lookup backend host name dynamically (GH-721)
* nghttpx: Accept and ignore content-length: 0 in 204 response for now (GH-735)
* nghttpx: Wait for child process to exit
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=63
* lib: Disallow content-length in 1xx, 204, or 200 to a CONNECT request (GH-722)
* lib: Avoid memcpy against NULL src
* build: MSVC version resource support (Patch from Remo E) (GH-718)
* asio: server: Call on_close callback on connection close (GH-729)
* nghttpx: Fix frequent crash with --backend-http-proxy-uri
* nghttpx: Robust backend read timeout
* nghttpx: Fix bug that mishandles response header from h1 backend
* nghttpx: Fix bug that zero-length POST is not forwarded (GH-726)
* nghttpx: Remove optional reason-phrase from SPDY :status
* nghttpx: Header key and value must be string in mruby script
* nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby (GH-722)
* nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1 (GH-722)
* nghttpx: Fix compilation with BoringSSL (Patch from dalf) (GH-717)
* nghttpd, nghttpx, asio: Add missing mandatory SP after status code
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=62
* lib: Prevent undefined behavior in decode_length
* nghttpx: Fix bug which may crash nghttpx if non-final response
is forwarded from origin server to HTTP/1.1 client
- Changes for version 1.16.0:
* lib: Add nghttp2_set_debug_vprintf_callback to take advantage
of DEBUGF statements in when building DEBUGBUILD.
* Update .clang-format for clang-format-3.9
* build: Make it possible to include nghttp2/CMakeLists.txt in
another project using add_subdirectory.
* third-party: Update http-parser to
feae95a3a69f111bc1897b9048d9acbc290992f9
* asio: Fix crash when end() is called outside nghttp2 callback
* nghttpx: Add --backend-connect-timeout option
* nghttpx: Add TLS signed_certificate_timestamp extension support
* nghttpx: Add --ecdh-curves option to specify list of named
curves
* h2load: Add --header-table-size and --encoder-header-table-size
options
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=61
- Update to version 1.14.0:
* lib: Make emit_header() return void since it always succeed
* lib: Add nghttp2_hd_deflate_hd_vec() deflate API to support
multiple buffer input
* lib: since hd_inflate_commit_indexed() always return 0,
remove the return value check in nghttp2_hd_inflate_hd_nv()
* lib: Use memeq() instead of lstreq() in lookup_token()
* lib: More strict stream state handling
* lib: Modify genlibtokenlookup.py to remove redundant header
comparisons and remove inline qualifier of lookup_token()
in genlibtokenlookup.py
* lib: Fix wrong tree operation to avoid cycle
* lib: Make get_max_index() return the max index in frame,
so we don't need to do extra calculation
* lib: Add nghttp2_on_invalid_header_callback
* lib: Log frame's stream ID for header debug logging
* doc: Remove old doc about differential encoding in HPACK
* doc: Document about ALPN in nghttpx howto
* nghttpx: Log error code from getsockopt(SO_ERROR) on first
write event
* nghttpx: Don't change pushed stream's priority
* nghttpx: Log backend connection failure in WARN level
* nghttpx: Fix bug that api and healthmon parameters do not work
with http2 proxy
* nghttpx: Add access log variable for backend host and port
* nghttpx: Use copy instead of const reference of backend group
* nghttpx: Reload configuration with SIGHUP
* nghttp: Adjust weight according to Firefox stable
* nghttp: Call error callback when invalid header field is
received and ignored
OBS-URL: https://build.opensuse.org/request/show/425620
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=34
* lib: Make emit_header() return void since it always succeed
* lib: Add nghttp2_hd_deflate_hd_vec() deflate API to support
multiple buffer input
* lib: since hd_inflate_commit_indexed() always return 0,
remove the return value check in nghttp2_hd_inflate_hd_nv()
* lib: Use memeq() instead of lstreq() in lookup_token()
* lib: More strict stream state handling
* lib: Modify genlibtokenlookup.py to remove redundant header
comparisons and remove inline qualifier of lookup_token()
in genlibtokenlookup.py
* lib: Fix wrong tree operation to avoid cycle
* lib: Make get_max_index() return the max index in frame,
so we don't need to do extra calculation
* lib: Add nghttp2_on_invalid_header_callback
* lib: Log frame's stream ID for header debug logging
* doc: Remove old doc about differential encoding in HPACK
* doc: Document about ALPN in nghttpx howto
* nghttpx: Log error code from getsockopt(SO_ERROR) on first
write event
* nghttpx: Don't change pushed stream's priority
* nghttpx: Log backend connection failure in WARN level
* nghttpx: Fix bug that api and healthmon parameters do not work
with http2 proxy
* nghttpx: Add access log variable for backend host and port
* nghttpx: Use copy instead of const reference of backend group
* nghttpx: Reload configuration with SIGHUP
* nghttp: Adjust weight according to Firefox stable
* nghttp: Call error callback when invalid header field is
received and ignored
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=59
* lib: Cancel non-DATA frame transmission from
nghttp2_before_frame_send_callback
* doc: Fix warning with Sphinx 1.4
* build: Work with Android NDK r12b
* nghttpx: Use consistent hashing for client IP based session
affinity
* nghttpx: Fix FTBFS on armel by explicitly including the header
* nghttpx: Cast to double to fix build with gcc 4.8 on Solaris 11
* nghttpx: Fix build error with libressl
* examples: Fix compile error with OpenSSL v1.1.0-beta2
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=58
- Update to 1.11.1
* lib: Add nghttp2_hd_inflate_hd2() and deprecate
nghttp2_hd_inflate_hd()
* lib: Avoid 0-length DATA if NGHTTP2_DATA_FLAG_NO_END_STREAM is set
* lib: Fix bug that PING flags are ignored in nghttp2_submit_ping
* integration: Workaround runtime error: cgo argument has Go pointer
to Go pointer
* nghttp: Eliminate zero length DATA frame at the end if possible
* nghttpd: Set content-length in status response
* nghttpx: Add sni keyword to --backend option
* nghttpx: Allow mixed protocol and TLS settings among backends under
same pattern
* nghttpx: Don't add 0-length DATA when response HEADERS bears
END_STREAM flag
* nghttpx: Don't add chunked encoded response body for HEAD request
* nghttpx: Don't use CN if we have dNSName or iPAddress field
* nghttpx: Just call execv instead of execve to pass environ
* nghttpx: Make SETTINGS timeout value configurable
* nghttpx: Save PID file after it is ready to accept connections
* nghttpx: Treat backend failure if SETTINGS is not received within
timeout
* nghttpx: Wait for SETTINGS ACK to make sure that backend h2 server
is alive
OBS-URL: https://build.opensuse.org/request/show/400634
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/nghttp2?expand=0&rev=31
* lib: Add nghttp2_hd_inflate_hd2() and deprecate
nghttp2_hd_inflate_hd()
* lib: Avoid 0-length DATA if NGHTTP2_DATA_FLAG_NO_END_STREAM is set
* lib: Fix bug that PING flags are ignored in nghttp2_submit_ping
* integration: Workaround runtime error: cgo argument has Go pointer
to Go pointer
* nghttp: Eliminate zero length DATA frame at the end if possible
* nghttpd: Set content-length in status response
* nghttpx: Add sni keyword to --backend option
* nghttpx: Allow mixed protocol and TLS settings among backends under
same pattern
* nghttpx: Don't add 0-length DATA when response HEADERS bears
END_STREAM flag
* nghttpx: Don't add chunked encoded response body for HEAD request
* nghttpx: Don't use CN if we have dNSName or iPAddress field
* nghttpx: Just call execv instead of execve to pass environ
* nghttpx: Make SETTINGS timeout value configurable
* nghttpx: Save PID file after it is ready to accept connections
* nghttpx: Treat backend failure if SETTINGS is not received within
timeout
* nghttpx: Wait for SETTINGS ACK to make sure that backend h2 server
is alive
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=56
* nghttpx: Fix crash with backend failure
* nghttpx: Better distribute load to backend h2 servers
* nghttpx: Fix error messages on deprecated mode
* nghttpx: Fix bug that logger wrote string which was not
NULL-terminated
* nghttpx: Fix bug that proxy with HTTP/1.1 CONNECT did not work
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=53
* Fix heap-use-after-free bug when handling idle streams
* Strict error handling for frames which are not allowed after
closed (remote)
* Set max number of outgoing concurrent streams to 100 by
default
* Keep incoming streams only at server side
* Create stream object for pushed resource during
nghttp2_submit_push_promise()
* Add nghttp2_session_create_idle_stream() API
* Handle response in nghttp2_on_begin_frame_callback
* Add --lib-only configure option
* Compile with OpenSSL 1.1.0-pre1
* Fix build when OpenSSL 1.0.2 is not available (patch from
Sunpoet Po-Chuan Hsieh)
* asio: Add connect and read timeout to client API
* asio: Add TLS handshake and read timeout to server API
* asio: Added access to a requests remote endpoint (patch from
Andreas Pohl)
* asio: libnghttp2_asio: Added io_service accessors (patch from
Andreas Pohl)
* h2load: Add req/s min, max, mean and sd for clients
* h2load: Fix broken connection times
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=45
* Avoid usage of typeof and replace __builtin_offsetof with
offsetof
* Honor stream->weight even if stream->last_writelen is 0
* Compile third-party libraries if hpack-tools is enabled
* nghttpx-init: Start nghttpx with --daemon
* Bundle sphinxcontrib.rubydomain https://bitbucket.org/birkenfeld/sphinx-contrib/src/default/rubydomain/
* Bundle mruby
* h2load: Record TTFB on first byte of response body, rather
than first socket read
* h2load: Improve checking for timing script input, prevent
false positive in certain situations
* nghttpx: Implement PROXY protocol version 1
(--accept-proxy-protocol option)
* nghttpx: Allow link header server push for HTTP/2 backend
as well
* nghttpx: Don't initiate push if client disabled push
* nghttpx: Allow absolute URI in Link header field for push
* nghttpx: Fix crash with multi workers and QUIT signal
* nghttpx: Add mruby support which is disabled by default
(use --with-mruby configure option to enable it)
* nghttpx: Drop connection before TLS finish if h2 requirement
is not fulfilled
- Fix typo in previous changelog entry
- Update to 1.3.1
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=36
* Add STREAM_DEP_DEBUG macro switch to enable runtime validation
of depedency tree
* Fix another bug in priority handling; sibling's item is not
queued when ancestor's item is detached
* nghttpx: Fix crash with --http2-bridge and both frontend and
backend TLS
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=26
* Fix assertion failure in stream_update_dep_on_detach_item
(GH-264)
- Changes for 1.0.3
* Fix bug that idle self-depending PRIORITY is not handled
gracefully
* Optimize dependency based priority code to Firefox style tree
* enable third-party for asio_lib too (Patch from Mike
Frysinger)
* fetch-ocsp-response: Support LibreSSL, and include port in
ocsp_host
* src: Support compile with LibreSSL
* nghttpx: Fix bug that x-forwarded-proto header field does not
reflect frontend scheme on HTTP/2 backend
* nghttpx: Validate :path on SPDY frontend
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=24
* Fix bug that data are not consumed for connection in race
condition (GH-253)
* Define NGHTTP2_EXTERN to __declspec(dllimport) when using
nghttp2 for Windows build
* Translate fetch-ocsp-response into Python
* libevent-client: Fix bug that path is broken if URI does not
contain path part
* python: Call on_close callback when connection is lost for
server session
* python: Expose client certificate, if available (Patch from
Fabian Wiesel)
* python: Catch and log failure to set TCP_NODELAY (Patch from
Fabian Wiesel)
* nghttpx: Add --add-request-header option
* nghttpx: Make WebSocket upgrade work
* nghttpx: Fix bug that END_STREAM is not set in backend for
POST with Upgrade
* nghttpx: Don't send "Expect" header field twice
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=22
* v1.0.0 introduced backward incompatible changes from 0.7
series. Read https://nghttp2.org/documentation/package_README.html#migration-from-v0-7-15-or-earlier
to migrate from older version to this latest version.
- Changes for 0.7.15
* Hopefully, this is the last release for 0.7.x series.
Development continues in 1.x series.
* Access violation in buffers (GH-232) (Patch from Etienne Cimon)
* Retry finding jemalloc lib by je_malloc_stats_print (GH-233)
* inflatehd: Fix crash if 'wire' value is not string (GH-235)
* nghttpx: Revert 585af93 to fix crash with TLS (GH-234)
* nghttpd: Add --echo-upload option to send back request body
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=19
* Fix global-buffer-overflow in HPACK code
* Fix doc for nghttp2_select_next_protocol
* Fix bug that promised stream was not reset on decompression
error
* Add systemd and upstart configuration file for nghttpx
(Patch from Zhuoyun Wei)
* Improve nghttpx logrotate configuration file (Patch from
Zhuoyun Wei)
* Update sphinx_rtd_theme
* h2load: Update h2load to give connect time and ttfb stats
(Patch from ericcarlschwartz)
* nghttpd: Add -m, --max-concurrent-streams option
* nghttpx: Log absolute URI for HTTP/2 or client proxy request
* nghttpx: Add --header-field-buffer and --max-header-fields
options
* nghttp: Fix assertion error if very large value is given to -t
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=17
* Fix bug that promised stream was not reset by returning
NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from
nghttp2_on_header_callback. Instead, associated stream was reset.
* Allow NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from
nghttp2_on_begin_headers_callback
* h2load: Effectively disable flow control by setting large
window size
* asio: Graceful shutdown and joinable server (Patch from
Xiaoguang Sun)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=15
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
