From bf6f8ab10bcee176142ca224c570a9adb7439c3c1355ee049171c4c97018c2d4 Mon Sep 17 00:00:00 2001 From: Martin Pluskal Date: Thu, 4 Apr 2024 10:40:11 +0000 Subject: [PATCH] Accepting request 1164552 from home:pgajdos - version update to 1.61.0 * Fixes CVE-2024-28182 [bsc#1221399] * nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087 * Checkout with submodules by @jonaski in #2093 * Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092 * build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097 * Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098 * docker: Use copy --link by @tatsuhiro-t in #2099 * Nghttpx header idle timeout by @tatsuhiro-t in #2100 * nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101 * Rewrite hexdump by @tatsuhiro-t in #2102 * Switch to distroless/base-nossl by @tatsuhiro-t in #2103 * Bump ngtcp2 by @tatsuhiro-t in #2105 * nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106 * build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107 * autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108 * Automate release process by @tatsuhiro-t in #2109 * autotools: Switch to tar-pax by @tatsuhiro-t in #2110 * nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111 * nghttpx: Fix port byte order by @tatsuhiro-t in #2112 * h2load: Allow host header to be overridden by @tatsuhiro-t in #2113 * nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114 * nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115 * Add actions/stale by @tatsuhiro-t in #2116 * nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117 * nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119 * No rfc7540 priority fix by @tatsuhiro-t in #2120 * Further reduce Stateless reset emission by @tatsuhiro-t in #2122 * nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124 * Nghttpx faster worker lookup by @tatsuhiro-t in #2125 OBS-URL: https://build.opensuse.org/request/show/1164552 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=123 --- nghttp2-1.60.0.tar.xz | 3 --- nghttp2-1.60.0.tar.xz.asc | 16 --------------- nghttp2-1.61.0.tar.xz | 3 +++ nghttp2-1.61.0.tar.xz.asc | 16 +++++++++++++++ nghttp2.changes | 42 +++++++++++++++++++++++++++++++++++++++ nghttp2.spec | 2 +- 6 files changed, 62 insertions(+), 20 deletions(-) delete mode 100644 nghttp2-1.60.0.tar.xz delete mode 100644 nghttp2-1.60.0.tar.xz.asc create mode 100644 nghttp2-1.61.0.tar.xz create mode 100644 nghttp2-1.61.0.tar.xz.asc diff --git a/nghttp2-1.60.0.tar.xz b/nghttp2-1.60.0.tar.xz deleted file mode 100644 index 4796597..0000000 --- a/nghttp2-1.60.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:625d6c3da1d9ca4fd643a638256431ae68fd1901653b2a61a245eea7b261bf4e -size 1587004 diff --git a/nghttp2-1.60.0.tar.xz.asc b/nghttp2-1.60.0.tar.xz.asc deleted file mode 100644 index 72cd9c7..0000000 --- a/nghttp2-1.60.0.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmXhkVQACgkQUzmivoLg -feyFOw//dJLjXBV/aSBczFFe4HrBgQOhRlN+7ub5CnyP/Vl2B9QC8uPuwOfLbg6C -L7vld8NaXM5nCWWFjphOR7KCSsNTjVxSApplLBVCP9o8Kka7APtBrqRsoxzoni2D -XnvIo7gaOKFRAM/FzwL9NSEgCCkQo631DegjSN1PPZJdjRtaBQyYNrLRSyVyNv5q -9q4oBxvJpRMogF+ALiWTHNcVE/UHNE2SoimkJOAxxFDpuk4q+j7Ru90QER9aZJDz -u/6GPt34tVy5VDslAHWbzTHemsu1ya0c9cpCNrAy06WcmhWT1dNIXdEHCZXfEViC -mVnCYCw39s3xAjSQWDkSNiVkg5Z/1E3mw+md+0teHRJuYVnwNXjdZ+mZpfW6l4nq -Qi/Z6jvBccavzAA9H6PazQ7uDvp5wjpk2Ns8bHw0uIk2dVBB8a4mezTG73lU+Q2k -8ovcflNk/aGbeK+AgkNvUHl44r6SIc1HSirpOR3xgh/qBjDB88PENFEg+rW/NdeO -nhjzEjvVv66TJv50sdO3GjOtN6bnWnsOHPigSRcXZx21HQWKyImts4TBkEJqfKMf -zYH6SAAAvIKkdvw8J4egUphKKzB+ByHxPw9na4XnTaefcGQ1PcVG6xGy0Y35uHmW -bWmKFTylo6V7AdKIoDwDrB/InL30JQ5/T/szn6Nx06odpd/S7H4= -=zRmy ------END PGP SIGNATURE----- diff --git a/nghttp2-1.61.0.tar.xz b/nghttp2-1.61.0.tar.xz new file mode 100644 index 0000000..b7b5edd --- /dev/null +++ b/nghttp2-1.61.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c0e660175b9dc429f11d25b9507a834fb752eea9135ab420bb7cb7e9dbcc9654 +size 1645808 diff --git a/nghttp2-1.61.0.tar.xz.asc b/nghttp2-1.61.0.tar.xz.asc new file mode 100644 index 0000000..f8d8632 --- /dev/null +++ b/nghttp2-1.61.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmYOaCgACgkQUzmivoLg +fewugg//dql7ZuvPpru1qc+A5E2da/spcMnnlcKaWgaXECJCLXysoSi3IhfNOGxr +6krf8PGagxw5+sUkr2HwLjJm+K5mbrvaDZajrwGpVFPcpg//eD4vcmFRWmEalhwJ +4kwNMn5gTdMkcWrzpz6nvSBfgB8912rBlUDEuGysGfxWYYLX6PBFqNK6Sn7QYDMw +8cmpkR8q6AcLXYOT6xtD0O2UYADDFvFtQ9TPBO2mGV/pM202QsC5NT1bvagnDB7u +OiChGvoUtbjqp9gUXx61V70vOb7v/SbwivjJlkHYj1S8/AhKNcvYhiiEcRUq2vKt +kQy++35h2r4foybBd89GbEjemJQO/Df6NhFoVoeMy6aeDZ4nTRf8ssM+z9ysNdkA +JJRRVArzQlKmgzRXRnTP2KyOnUckd4bLN709aJ8ft3Ia/ATJFlHpr8fPsLrqLjSH +oR14To1YpnVu/f42OOVgifY5xrfxMJYVCnxb5ePWoZrMU77iJi9uGsWGYN6nwoQj +DxyGJYeTyzC1CKMt/aUcQkxSmhJE9jGXYX9hWu5jVdwNdjFimfkDQQQ1uDEKKOoX +bl81MoN6k3hoyrmL4lONCFF86y/fQzi4Pnjkec6xxjxNMlNnfw8vzzoBVqf1p0g8 +MEONgarmm/7lr1GXK0VenWZv9ouO4UVd4w1t/vzr7XwvMSNkERw= +=OlZ3 +-----END PGP SIGNATURE----- diff --git a/nghttp2.changes b/nghttp2.changes index 547e6eb..144270f 100644 --- a/nghttp2.changes +++ b/nghttp2.changes @@ -1,3 +1,45 @@ +------------------------------------------------------------------- +Thu Apr 4 09:47:27 UTC 2024 - pgajdos@suse.com + +- version update to 1.61.0 + * Fixes CVE-2024-28182 [bsc#1221399] + * nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087 + * Checkout with submodules by @jonaski in #2093 + * Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092 + * build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097 + * Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098 + * docker: Use copy --link by @tatsuhiro-t in #2099 + * Nghttpx header idle timeout by @tatsuhiro-t in #2100 + * nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101 + * Rewrite hexdump by @tatsuhiro-t in #2102 + * Switch to distroless/base-nossl by @tatsuhiro-t in #2103 + * Bump ngtcp2 by @tatsuhiro-t in #2105 + * nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106 + * build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107 + * autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108 + * Automate release process by @tatsuhiro-t in #2109 + * autotools: Switch to tar-pax by @tatsuhiro-t in #2110 + * nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111 + * nghttpx: Fix port byte order by @tatsuhiro-t in #2112 + * h2load: Allow host header to be overridden by @tatsuhiro-t in #2113 + * nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114 + * nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115 + * Add actions/stale by @tatsuhiro-t in #2116 + * nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117 + * nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119 + * No rfc7540 priority fix by @tatsuhiro-t in #2120 + * Further reduce Stateless reset emission by @tatsuhiro-t in #2122 + * nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124 + * Nghttpx faster worker lookup by @tatsuhiro-t in #2125 + * nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126 + * bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127 + * cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128 + * nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129 + * nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132 + * Bump munit by @tatsuhiro-t in #2131 + * nghttpx: Fix error message by @tatsuhiro-t in #2133 + * nghttpd: Fix read stall by @tatsuhiro-t in #2134 + ------------------------------------------------------------------- Wed Apr 3 10:31:13 UTC 2024 - Adam Majer diff --git a/nghttp2.spec b/nghttp2.spec index d3baa1d..b3efbc9 100644 --- a/nghttp2.spec +++ b/nghttp2.spec @@ -20,7 +20,7 @@ %global sover 14 %global flavor @BUILD_FLAVOR@%{nil} Name: nghttp2 -Version: 1.60.0 +Version: 1.61.0 Release: 0 Summary: Implementation of Hypertext Transfer Protocol version 2 in C License: MIT