commit cb4115e7cbf2a52e56e8ead47071c796788bab35c58139d77a864b8a521beacb Author: Martin Pluskal Date: Tue Nov 12 17:32:42 2024 +0000 - version update to 1.64.0 1.64.0 * Change clang-format options by @tatsuhiro-t in #2240 * build(deps): bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0 by @dependabot in #2243 * build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #2244 * nghttp2_map: Port ngtcp2 changes by @tatsuhiro-t in #2245 * h2load: Fix UDP datagram send/recv metric by @tatsuhiro-t in #2248 * build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #2252 * fix race condition on h1 connection close by @TuxInvader in #2249 * Gha ubuntu 24.04 by @tatsuhiro-t in #2254 * GHA: Run tests for i686-w64-mingw32 host by @tatsuhiro-t in #2255 * cmake: Fix c-ares v1.34.0 version detection failure by @tatsuhiro-t in #2256 * fix: -Wextra-semi errors in nghttp2_helper.h by @codebytere in #2258 * clang-format macros that do not need semicolon at the end by @tatsuhiro-t in #2259 * Remove extra semicolons by @tatsuhiro-t in #2260 * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2261 * Do not allow '@' in :authority or host field values by @tatsuhiro-t in #2262 * h2load: GRO buffer size should be 64KiB by @tatsuhiro-t in #2263 * Bump libbpf to v1.4.6 by @tatsuhiro-t in #2264 * Update nghttp2_check_authority doc by @tatsuhiro-t in #2265 1.63.0 * Bump libbpf to v1.4.2 by @tatsuhiro-t in #2191 * build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 by @dependabot in #2193 * nghttpx: Fix batch UDP QUIC packet dropped on GRO read by @tatsuhiro-t in #2196 * CMakeLists.txt: allow to compile the C only lib without CXX compiler by @ThomasDevoogdt in #2200 * build(deps): bump github.com/quic-go/quic-go from 0.43.1 to 0.44.0 by @dependabot in #2197 * Fix compiler versions in readme by @ryandesign in #2203 * build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in #2205 * build(deps): bump github.com/quic-go/quic-go from 0.44.0 to 0.45.0 by @dependabot in #2206 * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2207 OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=125 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..8f82c0d --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libnghttp2-14 diff --git a/nghttp2-1.62.1.tar.xz b/nghttp2-1.62.1.tar.xz new file mode 100644 index 0000000..c6b5ba3 --- /dev/null +++ b/nghttp2-1.62.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2345d4dc136fda28ce243e0bb21f2e7e8ef6293d62c799abbf6f633a6887af72 +size 1606084 diff --git a/nghttp2-1.62.1.tar.xz.asc b/nghttp2-1.62.1.tar.xz.asc new file mode 100644 index 0000000..bbefa3f --- /dev/null +++ b/nghttp2-1.62.1.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmZJm48ACgkQUzmivoLg +fezkKQ//ckpW4fclZ95IPGYWDMmzsuXpeUeY1+SqD92neSKGqMzOcIYrdObBbSO7 +DDPVl2Vi+iW1nw20jztx9HT/J8Chl9qkThj1mzowwHGS7GaNLIJBbDSnI/Rnbp9z +zDvoHrgr7vQjfIigutzTZ+k38k1phfg5mDQkIEF6/55m1/yZKycGL9RtWCUC6xVU +JCYrz4vCu1VpwzvEMa/rNp5DmQ0o9lIf/Frq6Ki6OCayGgcXBazX3qqqdlWXJswW +dMO15eCwJQGz1b0I26v1BfdIpntU87Z5NaASN/s7ONjvkbwb+7Tedh33P5PzrLik +5MaKVS5YHXWWwK8u20lu35hvv3/lor5RW0PO5p50kApxvqa3qP8r2hn/f6sbaZyS +6LQmmT6KxEgaw2tiqGSjKmnvPHwxt4SGtFc7bAtr9gOD3/HknRI3T5NidMs1HluX +CnD8G88UmgfbHfGP7GaEm9Wh/AD+G+dksixdkXyIa+btypuZpzOJcF885Sv5d0t6 +bhGoBTZyQ+k1u+LoKrtwbWS00Hn4XmFx06nMvJFeuetmuuZlBlWhTdYE22UVX8/P ++5b+sVMgPQ5MPFb0ldQfj3pyanalflZ/zUixZY/c+bGCgS0u5fre3GNcT66zuIH9 +V+rGSnN+RchVPKUoWan9BXZRyFga5Fiefu1ARP8f2vaDBRate6Q= +=dcEC +-----END PGP SIGNATURE----- diff --git a/nghttp2-1.64.0.tar.xz b/nghttp2-1.64.0.tar.xz new file mode 100644 index 0000000..4735e9f --- /dev/null +++ b/nghttp2-1.64.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:88bb94c9e4fd1c499967f83dece36a78122af7d5fb40da2019c56b9ccc6eb9dd +size 1676124 diff --git a/nghttp2-1.64.0.tar.xz.asc b/nghttp2-1.64.0.tar.xz.asc new file mode 100644 index 0000000..d9a3593 --- /dev/null +++ b/nghttp2-1.64.0.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmcWQzsACgkQUzmivoLg +fexT6w/9Eo6PuvGWcYn0e8CbTHDi+BhyCs3AQHPKmuJi19yIeknZd7qcQE1xYryJ +Xef5W1q5+p06kDgFH56Y7wORwCWmtzx5gZLVYNY7qNCCJ0CsMLI2/ypf2L06MLWe +c8dS8DFsvqrSTe3QzPHCP+T7FDp7bfH7gKLoEobhU9v299MseLMUdw06fBTLGqKs +KWhuQ0gD2r1zJfGdX+O5zf97pLYtR/Ch+YGHqcNYCmiIguKpZX+Vg3pHr1vJhqnT +P6LiFVeokI6zeW1YWB0DQNBrGXEx3AZWzR9d9IlA2ijobtItc/lTTUn0zpmqNFiv +E95D29wEQ2MtbCJd/nolIz0YiDn0JpwHBBfkWRNLj7+LqBlebyVwig8nMO453sE9 +vxklm7yONLJDDiU3o8lmUf8IVTX+FpZ3nbbeQkDwTPKU7hvcTojasPMegS4Laiok +sfKIKaMTeYokSD4M++ikyb8c2+Vt4genVIyeUAohlSUhUr4I8E/O36JvfPaA4nTe +S2oNl5iv/0pPQpuXTMcf/MGR3b8HmN0bH4tkowV3sRWLNHeBn6hnlY1sq1ZcegMs +vAqum1CyReyhLfThvXAV7ImjsplNVmshQK4IaXNDYYJyr/wNAgnw41RiO01W+NgX +KbPvx4H1actquW04yYCAAvDcBHfERM71Ye17oTFjoOEeDoQsMJg= +=aykV +-----END PGP SIGNATURE----- diff --git a/nghttp2.changes b/nghttp2.changes new file mode 100644 index 0000000..1d072b7 --- /dev/null +++ b/nghttp2.changes @@ -0,0 +1,1831 @@ +------------------------------------------------------------------- +Tue Nov 12 10:57:02 UTC 2024 - pgajdos@suse.com + +- version update to 1.64.0 + 1.64.0 + * Change clang-format options by @tatsuhiro-t in #2240 + * build(deps): bump github.com/quic-go/quic-go from 0.46.0 to 0.47.0 by @dependabot in #2243 + * build(deps): bump golang.org/x/net from 0.28.0 to 0.29.0 by @dependabot in #2244 + * nghttp2_map: Port ngtcp2 changes by @tatsuhiro-t in #2245 + * h2load: Fix UDP datagram send/recv metric by @tatsuhiro-t in #2248 + * build(deps): bump golang.org/x/net from 0.29.0 to 0.30.0 by @dependabot in #2252 + * fix race condition on h1 connection close by @TuxInvader in #2249 + * Gha ubuntu 24.04 by @tatsuhiro-t in #2254 + * GHA: Run tests for i686-w64-mingw32 host by @tatsuhiro-t in #2255 + * cmake: Fix c-ares v1.34.0 version detection failure by @tatsuhiro-t in #2256 + * fix: -Wextra-semi errors in nghttp2_helper.h by @codebytere in #2258 + * clang-format macros that do not need semicolon at the end by @tatsuhiro-t in #2259 + * Remove extra semicolons by @tatsuhiro-t in #2260 + * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2261 + * Do not allow '@' in :authority or host field values by @tatsuhiro-t in #2262 + * h2load: GRO buffer size should be 64KiB by @tatsuhiro-t in #2263 + * Bump libbpf to v1.4.6 by @tatsuhiro-t in #2264 + * Update nghttp2_check_authority doc by @tatsuhiro-t in #2265 + 1.63.0 + * Bump libbpf to v1.4.2 by @tatsuhiro-t in #2191 + * build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 by @dependabot in #2193 + * nghttpx: Fix batch UDP QUIC packet dropped on GRO read by @tatsuhiro-t in #2196 + * CMakeLists.txt: allow to compile the C only lib without CXX compiler by @ThomasDevoogdt in #2200 + * build(deps): bump github.com/quic-go/quic-go from 0.43.1 to 0.44.0 by @dependabot in #2197 + * Fix compiler versions in readme by @ryandesign in #2203 + * build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in #2205 + * build(deps): bump github.com/quic-go/quic-go from 0.44.0 to 0.45.0 by @dependabot in #2206 + * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2207 + * build(deps): bump docker/build-push-action from 5 to 6 by @dependabot in #2208 + * Add wolfSSL support by @tatsuhiro-t in #2209 + * Append --shallow-submodules to git clone --recursive by @tatsuhiro-t in #2210 + * Always append options to extra options by @tatsuhiro-t in #2211 + * build(deps): bump github.com/quic-go/quic-go from 0.45.0 to 0.45.1 by @dependabot in #2213 + * Disable dependency tracking by @tatsuhiro-t in #2214 + * Fix Dockerfile.android build failure by @tatsuhiro-t in #2215 + * Fix UDP_GRO struct cmsghdr data type by @tatsuhiro-t in #2216 + * GHA: Suppress warnings by @tatsuhiro-t in #2217 + * Fix levenshtein initialization by @tatsuhiro-t in #2218 + * build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 by @dependabot in #2220 + * Undefine NGHTTP2_NO_SSIZE_T if BUILDING_NGHTTP2 is defined by @tatsuhiro-t in #2224 + * Bump clang format by @tatsuhiro-t in #2226 + * Suppress old compiler error by @tatsuhiro-t in #2228 + * build(deps): bump github.com/quic-go/quic-go from 0.45.1 to 0.45.2 by @dependabot in #2229 + * build(deps): bump golang.org/x/net from 0.27.0 to 0.28.0 by @dependabot in #2231 + * build(deps): bump github.com/quic-go/quic-go from 0.45.2 to 0.46.0 by @dependabot in #2232 + * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #2236 + * Bump libbpf to v1.4.5 by @tatsuhiro-t in #2237 + * Update go by @tatsuhiro-t in #2238 + * levenshtein: Use size_t by @tatsuhiro-t in #2239 + +------------------------------------------------------------------- +Mon Jun 17 18:02:25 UTC 2024 - Dirk Müller + +- update to 1.62.1: + * nghttpx: Fix batch UDP QUIC packet dropped on GRO read +- update to 1.62.0: + * nghttpx: Fix QUIC stateless reset stack buffer overflow + * Require c-ares >= 1.16.0 for ares_getaddrinfo + * Require C++20 compiler + * Adopt std::to_array and remove make_array + * nghttpx: Define APIEndpoints separately + * nghttpx: Do not send error/status body when method is HEAD + * nghttpx: Fix alignment issues in BlockAllocator + * nghttpx: Simplify parameter declaration for ipc_fd functions + * nghttpx: Add extent to ipc_fd explicitly + * Make make_byte_ref return std::span + * Make util::decode_hex return std::span + * Rewrite util::parse_uint + * Let base64::decode return std::span + * Refactor StringRef + * Stringref refactor c str and str + * Add StringRef literal operator and remove StringRef::from_lit + * Make StringRef(const std::string&) implicit + * Add http2::make_field family functions + * Remove std::string conversion operator from StringRef + * Optimize StringRef comparisons against c-string + * Pack more quic pkt + * nghttpx: Dynamic GSO failover + * Refactor ImmutableString + * nghttpx: Refactor QUIC data path + * nghttpx: Fix inherited TCP port comparison + * make_websocket_accept_token: Lesser conversions + * Add http3::make_field family functions + * Remove unnecessary namespace qualifications + * Refactor http utils + * Refactor streq + * Remove util::streq and let StringRef operator== deal with it + * Update the link for the Prefix.pdf document. fix #2178 + * Introduce typed nghttp2_min and nghttp2_max +- drop gcc7.patch (obsolete, we require C++20 now) + +------------------------------------------------------------------- +Thu Apr 4 09:47:27 UTC 2024 - pgajdos@suse.com + +- version update to 1.61.0 + * Fixes CVE-2024-28182 [bsc#1221399] + * nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087 + * Checkout with submodules by @jonaski in #2093 + * Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092 + * build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097 + * Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098 + * docker: Use copy --link by @tatsuhiro-t in #2099 + * Nghttpx header idle timeout by @tatsuhiro-t in #2100 + * nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101 + * Rewrite hexdump by @tatsuhiro-t in #2102 + * Switch to distroless/base-nossl by @tatsuhiro-t in #2103 + * Bump ngtcp2 by @tatsuhiro-t in #2105 + * nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106 + * build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107 + * autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108 + * Automate release process by @tatsuhiro-t in #2109 + * autotools: Switch to tar-pax by @tatsuhiro-t in #2110 + * nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111 + * nghttpx: Fix port byte order by @tatsuhiro-t in #2112 + * h2load: Allow host header to be overridden by @tatsuhiro-t in #2113 + * nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114 + * nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115 + * Add actions/stale by @tatsuhiro-t in #2116 + * nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117 + * nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119 + * No rfc7540 priority fix by @tatsuhiro-t in #2120 + * Further reduce Stateless reset emission by @tatsuhiro-t in #2122 + * nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124 + * Nghttpx faster worker lookup by @tatsuhiro-t in #2125 + * nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126 + * bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127 + * cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128 + * nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129 + * nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132 + * Bump munit by @tatsuhiro-t in #2131 + * nghttpx: Fix error message by @tatsuhiro-t in #2133 + * nghttpd: Fix read stall by @tatsuhiro-t in #2134 + +------------------------------------------------------------------- +Wed Apr 3 10:31:13 UTC 2024 - Adam Majer + +- gcc7.patch: Fix compilation for SLE-15 (jsc#PED-8206) + +------------------------------------------------------------------- +Mon Mar 18 12:59:00 UTC 2024 - Martin Pluskal + +- Update keyring with current key + +------------------------------------------------------------------- +Mon Mar 18 08:35:17 UTC 2024 - pgajdos@suse.com + +- version update to 1.60.0 + * makerelease.sh: Speed up git submodule + * Speed up git clone + * build(deps): bump actions/cache from 3 to 4 + * Fixing the build and install trees + * build(deps): bump microsoft/setup-msbuild from 1 to 2 + * nghttpx: Set ocsp response to SSL in case of boringssl + * Run with python3 + * src: Certificate Compression with boringssl + * Fix missing newline + * Switch to aws lc + * Libbrotli fixup + * Deprecate RFC 7540 priorities (aka stream dependencies) + * Let dependabot manage go modules + * build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 + * integration-tests: Omit unused parameters + * Munit + * Introduce nghttp2_ssize API + * Move deprecated warning upfront + * Describe RFC 7540 priorities deprecation plan + * Apps migrate nghttp2 ssize + * src: Remove unused functions + * Reconsider ssize t usage in src + * Use GitHub private vulnerability reporting + * Move security policy to GitHub standard location + * Bump mruby to 3.3.0 + * Bump llhttp to 48588093ca4219b5f689acfc9ebea9e4c8c37663 + * h2load: Add --sni option + * Bump ngtcp2 dependencies + * mruby: Adopt deprecation of mrbc_ prefix + * neverbleed: Define _GNU_SOURCE for pthread_setaffinity_np + * bpf: Pre-expand aes key + * mruby: Exclude mrdb gem which causes nghttpx to crash + * nghttpx: Reuse EVP_CIPHER_CTX for QUIC connection ID encryption + * Run apt-get update before install + * src: Deal with the case that send_quantum < max_udp_payload_size + * nghttpx: Remove SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE + * Fix build when AI_NUMERICSERV is undefined +- remove dependency on /usr/bin/python3 using + %python3_fix_shebang_path macro, [bsc#1212476] + +------------------------------------------------------------------- +Sun Jan 28 17:01:52 UTC 2024 - Dirk Müller + +- update to 1.59.0: + * Update bash_completion + * h2load: Fix bug that ttfb is not recorded if h3 stream + has no data + * h2load: Consider all h2 HEADERS when counting bytes and + recording ttfb + * h2load: Ignore 1xx status code + * nghttpd: Free SSL_CTX on exit + * nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data + * nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data + * cmake: Require OpenSSL >= 1.1.1 + * Add nghttp2_select_alpn and deprecate + nghttp2_select_next_protocol + * nghttpx: Add --alpn-list and deprecate --npn-list + * h2load: Add --alpn-list and deprecate --npn-list + * Remove NPN + * src: Support building with aws-lc + * Avoid detecting OpenSSL 3.2 as quictls + * Use nghttp3_pri_parse_priority added since nghttp3 v1.1.0 + * h2load: Fix IPv6 address in :authority + * h2load: Fix IPv6 address in :authority + * nghttpx: Propagate stream priority from backend to + frontend + * nghttpx: Propagate stream priority from backend to + frontend + * Merge pull request #1991 from nghttp2/get-and-parse- + extpri + * Add API to get and parse RFC 9218 priority + * nghttpx: Prefer __FILE_NAME__ if defined + +------------------------------------------------------------------- +Sat Nov 25 22:23:00 UTC 2023 - Dirk Müller + +- update to 1.58.0: + * Update manual pages + * Bump neverbleed + * Bump ngtcp2 + * Prefer clock_gettime if __CYGWIN__ defined + * Do not require strict c++ mode + * nghttpx: Stricter transfer-encoding checks + * Refactor character comparison + * Integration servertester h3 + * integration: Enable http3 test with cmake + +------------------------------------------------------------------- +Tue Nov 21 11:53:04 UTC 2023 - Dirk Müller + +- fix unversioned provides to be in sync with nghttp3 + +------------------------------------------------------------------- +Tue Nov 7 12:54:09 UTC 2023 - Dirk Müller + +- add keyring for gpg validation +- spec file cleanups + +------------------------------------------------------------------- +Mon Oct 16 10:24:50 UTC 2023 - pgajdos@suse.com + +- version update to 1.57.0 [bsc#1216174] + 1.57.0 + * Fixes CVE-2023-44487 (bsc#1216123) + * Bump ngtcp2 by @tatsuhiro-t in #1944 + * Add dependabot to update actions by @tatsuhiro-t in #1946 + * Bump golang.org/x/net to v0.15.0 by @tatsuhiro-t in #1950 + * Bump actions/setup-go from 3 to 4 by @dependabot in #1948 + * Bump actions/checkout from 3 to 4 by @dependabot in #1949 + * Bump actions/upload-artifact from 1 to 3 by @dependabot in #1947 + * docker: Bump base image to debian 12 by @tatsuhiro-t in #1951 + * nghttpx: Header field name must be lowercase by @tatsuhiro-t in #1953 + * Bump quictls by @tatsuhiro-t in #1945 + * Apps fix by @tatsuhiro-t in #1957 + * nghttpx: Fix bug that --single-process does not work by @tatsuhiro-t in #1958 + * Fix clang-format by @tatsuhiro-t in #1959 + * Rework session management by @tatsuhiro-t in #1961 + 1.56.0 + * doc: Bump boringssl by @tatsuhiro-t in #1928 + * Fix memory leak by @tatsuhiro-t in #1930 + * Return void by @tatsuhiro-t in #1931 + * nghttpx: Rework sending and receiving ECN bits by @tatsuhiro-t in #1934 + * CMSG_DATA does not necessarily return an aligned pointer by @tatsuhiro-t in #1935 + * Bump quictls by @tatsuhiro-t in #1937 + * Bump ngtcp2 and its dependencies by @tatsuhiro-t in #1939 + * nghttpx: Simplify std::unique_ptr get and release by @tatsuhiro-t in #1940 + * Bump llhttp to 926c982942eb53a13f01c1e9e6b19bd3b196e7dd by @tatsuhiro-t in #1941 + * Bump libbpf to v1.2.2 by @tatsuhiro-t in #1942 + * Update Dockerfile by @tatsuhiro-t in #1943 + +------------------------------------------------------------------- +Sat Jul 15 15:11:52 UTC 2023 - Dirk Müller + +- update to 1.55.1: + * Fix memory leak (bsc#1215713) + This commit fixes memory leak that happens when + PUSH_PROMISE or HEADERS frame cannot be sent, and + nghttp2_on_stream_close_callback fails with a fatal error. + For example, if GOAWAY frame has been received, a + HEADERS frame that opens new stream cannot be sent. + This issue has already been made public via CVE-2023-35945 + by envoyproxy/envoy project. During embargo period, the + patch to fix this bug was accidentally submitted to + nghttp2/nghttp2 repository [2]. And they decided to + disclose CVE early. I was notified just 1.5 hours + before disclosure. I had no time to respond. + PoC described in [1] is quite simple, but I think it is + not enough to trigger this bug. While it is true that + receiving GOAWAY prevents a client from opening new stream, + and nghttp2 enters error handling branch, in order to cause + the memory leak, nghttp2_session_close_stream function + must return a fatal error. + NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of + memory. It is unlikely that a process gets short of + memory with this simple PoC scenario unless application + does something memory heavy processing. + * NGHTTP2_ERR_CALLBACK_FAILURE is returned from application + defined callback function (nghttp2_on_stream_close_callback, in + this case), which indicates something fatal happened inside a + callback, and a connection must be closed immediately without + any further action. As nghttp2_on_stream_close_error_callback + documentation says, any error code other than 0 or + NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal + error code. More specifically, it is treated as if + NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that + envoy returns + NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is + translated into NGHTTP2_ERR_CALLBACK_FAILURE. + https://github.com/envoyproxy/envoy/security/advisories/GHSA- + jfxv-29pc-x22r + +------------------------------------------------------------------- +Tue Jun 20 20:48:11 UTC 2023 - Dirk Müller + +- update to 1.54.0: + * nghttpx: Consistent error handling and use of high-level API + * h2load: Fix http3 upload stall + * h2load: Use std::chrono::steady_clock for quic timestamp + +------------------------------------------------------------------- +Thu May 18 04:53:42 UTC 2023 - Martin Pluskal + +- Update to version 1.53.0: + * https://nghttp2.org/blog/2023/05/10/nghttp2-v1-53-0/ + +------------------------------------------------------------------- +Tue Mar 14 09:33:48 UTC 2023 - Dirk Müller + +- update to 1.52.0: + * https://nghttp2.org/blog/2023/02/13/nghttp2-v1-52-0/ + * sphinx_rtd_theme has been removed from the repository + and archive. + * The deprecated Python bindings has been removed. + * The deprecated libnghttp2_asio has been removed. + * llhttp and neverbleed have been updated. + * This release fixes the bug that stalls TLS connection. + * This release adds more http3 integration tests. +- drop nghttp2-remove-python-build.patch: obsolete as the code got removed + +------------------------------------------------------------------- +Thu Nov 17 16:35:21 UTC 2022 - Dirk Müller + +- update to 1.51.0: + * https://nghttp2.org/blog/2022/11/13/nghttp2-v1-51-0/ + This release fixes affinity-cookie-stickiness parameter handling. + +------------------------------------------------------------------- +Sat Sep 24 11:21:43 UTC 2022 - Dirk Müller + +- update to 1.50.0: + * https://nghttp2.org/blog/2022/09/21/nghttp2-v1-50-0/ + This release adds + nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation which disables + checking leading and trailing white spaces against HTTP field value. + +------------------------------------------------------------------- +Fri Sep 23 15:38:24 UTC 2022 - Dirk Müller + +- disable asio by default as it is deprecated by upstream and + will be removed in the next release + +------------------------------------------------------------------- +Mon Aug 22 21:23:42 UTC 2022 - Dirk Müller + +- update to 1.49.0: + * https://nghttp2.org/blog/2022/08/22/nghttp2-v1-49-0/ + +------------------------------------------------------------------- +Mon Jul 11 19:43:07 UTC 2022 - Dirk Müller + +- update to 1.48.0: + * lib: Allow server to override RFC 9218 stream priority + * lib: Add a server option to fallback to RFC 7540 priorities + * lib: Add PRIORITY_UPDATE frame support + * lib: Implement RFC 9218 extensible prioritization scheme + * lib: Do not verify host field specific characters for response field + * lib: No rfc7540 priorities + * lib: Fix stream stall when initial window size is decreased + * doc: Document how to change stream prioritization scheme + * build: Compile with libressl 3.5 + * build: EXTRA_DIST: List mruby files explicitly + * build: Bump ngtcp2 and nghttp3 + * build: Do not check application libraries if --enable-lib-only is given + * src: Update default TLS cipher suites + * nghttpx, h2load: Better pack UDP packets in one GSO write + * nghttpx, h2load: Quic error handling + * nghttpx, h2load: Fix QUIC performance regression + * nghttp, nghttpd, nghttpx: Add ktls support + * h2load: Send more packets without GSO per event loop + * h2load: Add ktls support + * nghttpd: Fix TLS read stall + * nghttpx: Disable RFC 7540 priorities + * nghttpx: Client always uses simpler TLS handshake + * nghttpx: Add affinity-cookie-stickiness backend parameter + * nghttpx: Fix broken session affinity + * nghttpx: Limit CONNECTION_CLOSE and Retry under server amplification limit + * integration: Go update + * integration: Add go.mod + * third-party: Bump llhttp to 75b45129db961e1fb3c56044e1b8f7721bfaee5d + * third-party: Bump libbpf to v0.8.0 + * third-party: Bump mruby to 3.1.0 + * third-party: Bump neverbleed based on the latest head (GH-1708) + +------------------------------------------------------------------- +Sun Mar 20 21:13:42 UTC 2022 - Dirk Müller + +- update to 1.47.0: + * see https://nghttp2.org/blog/2022/02/23/nghttp2-v1-47-0/ + +------------------------------------------------------------------- +Sat Dec 18 19:24:21 UTC 2021 - Dirk Müller + +- update to 1.46.0: + * see https://nghttp2.org/blog/2021/07/18/nghttp2-v1-44-0/ + * see https://nghttp2.org/blog/2021/09/20/nghttp2-v1-45-0/ + * see https://nghttp2.org/blog/2021/10/19/nghttp2-v1-46-0/ + +------------------------------------------------------------------- +Thu Feb 4 11:22:06 UTC 2021 - Dirk Müller + +- update to 1.43.0: + * doc: Make doc generation work with sphinx v3.3 + * python: Require python3 for python bindings + * python: Require python3 for python scripts + * nghttpx: Make sure that Pool gets cleared when all buffers are returned + * nghttpx: Choose ECDSA cert if compatible signature algorithm available + * nghttpx: Add workaround to include ':' in backend pattern + +------------------------------------------------------------------- +Wed Jan 6 12:22:21 UTC 2021 - Dirk Müller + +- update to 1.42.0: + * lib: fix ubsan errors (Patch from Asra Ali) (GH-1468) + * lib: Don't send RST_STREAM to idle stream (GH-1477) + * lib: nghttp2_map backed by nghttp2_ksl + * doc: Update sphinx_rtd_theme + * doc: nghttp2_session_send is also affected by max concurrent streams (Patch from Tomas Krizek) (GH-1489) + * doc: clarify flow control behaviour for nghttp2_session_send() (Patch from Tomas Krizek) (GH-1488) + * build: Add missing cmake/FindSystemd.cmake to dist (GH-1526) + * third-party: Bump llhttp to 2.2.0 + * third-party: Bump mruby to 2.1.2 + * nghttpx: Deal with the case when h2 backend is retired before it is initialized + * nghttpx: Add accesslog variables to record request path without query (GH-1511) + * nghttpx: Fix stall when TLS follows after proxy protocol + * nghttpx: Fix logging integer + +------------------------------------------------------------------- +Wed Jun 3 11:45:25 UTC 2020 - Paolo Stivanin + +- Update to 1.41.0 + * Fix CVE-2020-11080 (bsc#1181358) + * lib: Implement max settings option (Patch from James M Snell) + * lib: Earlier check for settings flood (Patch from James M Snell) + * lib: Fix receiving stream data stall (GH-1444) + * build: cmake: Make hard-coded static lib suffix optional (Patch from Viktor Szakats) (GH-1418) + * third-party: Bump llhttp to 2.0.4 (GH-1442) + * nghttpx: Add PROXY-protocol v2 support (GH-1452) + * nghttpx: Fix get_x509_serial for long serial numbers (Patch from Jacky Tian) (GH-1455) + * h2load: Allow port in --connect-to + * h2load: add --connect-to option (Patch from Lucas Pardue) (GH-1426) + +------------------------------------------------------------------- +Tue Jan 14 18:01:52 UTC 2020 - Michał Rostecki + +- Update to version 1.40.0 to fix CVE-2019-18802 in envoy-proxy and + cilium-proxy (bsc#1166481) + * lib: Add nghttp2_check_authority as public API + * lib: Fix the bug that stream is closed with wrong error code + * lib: Faster huffman encoding and decoding + * build: Avoid filename collision of static and dynamic lib + * build: Add new flag ENABLE_STATIC_CRT for Windows + * build: cmake: Support building nghttpx with systemd + * third-party: Update neverbleed to fix memory leak + * nghttpx: Fix bug that mruby is incorrectly shared between + backends + * nghttpx: Reconnect h1 backend if it lost connection before + sending headers + * nghttpx: Returns 408 if backend timed out before sending + headers + * nghttpx: Fix request stal + +------------------------------------------------------------------- +Fri Aug 30 02:45:32 UTC 2019 - Martin Pluskal + +- Conditionally remove dependecy on jemalloc for SLE-12 + +------------------------------------------------------------------- +Mon Aug 19 12:27:38 UTC 2019 - Martin Pluskal + +- Require correct library from devel package - boo#1125689 + +------------------------------------------------------------------- +Mon Aug 19 12:02:09 UTC 2019 - Adam Majer + +- Update to version 1.39.2 (bsc#1146184, bsc#1146182): + * This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513 + “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 + frames cause Denial of Service by consuming CPU time. Check out + https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md + for details. For nghttpx, additionally limiting inbound traffic by + --read-rate and --read-burst options is quite effective against + this kind of attack. + + * Add nghttp2_option_set_max_outbound_ack API function + * nghttpx: Fix request stall + +------------------------------------------------------------------- +Tue Aug 13 13:22:01 UTC 2019 - Martin Pluskal + +- Update to version 1.39.1: + * This release fixes the bug that log-level is not set with + cmd-line or configuration file. It also fixes FPE with default + backend. +- Changes for version 1.39.0: + * libnghttp2 now ignores content-length in 200 response to + CONNECT request as per RFC 7230. + * mruby has been upgraded to 2.0.1. + * libnghttp2-asio now supports boost-1.70. + * http-parser has been replaced with llhttp. + * nghttpx now ignores Content-Length and Transfer-Encoding in 1xx + or 200 to CONNECT. +- Drop no longer needed boost170.patch + +------------------------------------------------------------------- +Fri May 10 08:24:23 UTC 2019 - Tomáš Chvátal + +- Update to 1.38.0: + * This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry. + * It also fixes the bug that HTTP/1.1 chunked request stalls. + * Now nghttpx does not log authorization request header field value with -LINFO. + * This release fixes possible backend stall when header and request body are sent in their own packets. + * The backend option gets weight parameter to influence backend selection. + * This release fixes compile error with BoringSSL. +- Add patch from upstream to build with new boost bsc#1134616: + * boost170.patch + +------------------------------------------------------------------- +Fri Jan 18 16:42:34 UTC 2019 - seanlew@opensuse.org + +- Update to 1.36.0 + * build: disable shared library if ENABLE_SHARED_LIB is off + * third-party: use http-parser to v2.9.0 (GH-1294) + * third-party: Update mruby to 2.0.0 + * nghttpx: Pool h1 backend connection per address (GH-1292) + * nghttpx: Randomize backend address round robin order per thread + (GH-1291) + * nghttpx: Fix getting long SNs for openssl < 1.1 (GH-1287) + * h2load: add an option to write per-request logs (GH-1256) + * asio: added access to # of the current server port (GH-1257) + +------------------------------------------------------------------- +Fri Jan 18 14:35:14 UTC 2019 - Tomáš Chvátal + +- Use multibuild to not pull in python3 in first build, nghttp2 + is low in the system + +------------------------------------------------------------------- +Fri Jan 11 14:24:40 UTC 2019 - Martin Pluskal + +- Update to version 1.35.1: + * nghttpx: Fix broken trailing slash handling (GH-1276) +- Changes for version 1.35: + * build: cmake: Fix libevent version detection (Patch from Jan Kundrát) (GH-1238) + * lib: Use __has_declspec_attribute for shared builds (Patch from Don) (GH-1222) + * src: Require C++14 language feature + * nghttpx: Write mruby send_info early + * nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend + * h2load: Handle HTTP/1 non-final response (GH-1259) + * h2load: Clarify that time for connect includes TLS handshake + +------------------------------------------------------------------- +Mon Oct 8 19:46:51 UTC 2018 - adam.majer@suse.de + +- Update to version 1.34.0: (bsc#1112438, FATE#326776) + * lib: Implement RFC 8441 :protocol support + * nghttpx: Add read/write-timeout parameters to backend option + * nghttpx: Fix mruby parameter validation in backend option + * nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2 + * nghttpx: Update neverbleed to fix OpenSSL 1.1.1 issues + * nghttpx: Update mruby 1.4.1 + * nghttpx: Add mruby env.tls_handshake_finished + * nghttpx: Add --tls13-ciphers and --tls-client-ciphers options + * nghttpx: Add RFC 8470 Early-Data header field support + * nghttpx: Add RFC 8446 TLSv1.3 0-RTT early data support + +------------------------------------------------------------------- +Wed Sep 26 08:00:27 UTC 2018 - adam.majer@suse.de + +- Update to version 1.33.0: + * lib: Tweak nghttp2_session_set_stream_user_data + * lib: Fix handling of SETTINGS_MAX_CONCURRENT_STREAMS. + * lib: Implement ORIGIN frame + * asio: support definition of local endpoint for cleartext + client session + * integration: Remove remaining SPDY code from the integration tests + * nghttpx: Fix worker process crash with neverbleed write error + * nghttpx: Support per-backend mruby script + * nghttpx: Fix stream reset if data from client is arrived before + dconn is attached + +------------------------------------------------------------------- +Mon Jul 9 15:04:12 UTC 2018 - mpluskal@suse.com + +- Update to version 1.32.0: + * lib: Ignore all input after calling session_terminate_session + * lib: Fix treatment of padding + * lib: Don't allow 101 HTTP status code because HTTP/2 removes + HTTP Upgrade + * build: add ENABLE_STATIC_LIB option to build static lib + * third-party: Upgrade neverbleed to the latest master + * asio: Support client side SNI + * src: Compile with libressl 2.7.2 + * src: Allow building without NPN + * h2load: -r and --duration are mutually exclusive + +------------------------------------------------------------------- +Fri Apr 13 08:40:38 UTC 2018 - tchvatal@suse.com + +- Version umpdate to 1.31.1: + * Fix bsc#1088639 CVE-2018-1000168 + * https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/ + +------------------------------------------------------------------- +Mon Apr 9 10:16:47 UTC 2018 - tchvatal@suse.com + +- Version update to 1.31.0: + * lib: Add nghttp2_session_set_user_data() public API function (GH-1137) + * src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro (GH-1128) + * nghttpx: Close listening socket on graceful shutdown + * nghttpx: Add an option to accept expired client certificate (GH-1126) + * nghttpx: Add mruby tls_client_not_before, and tls_client_not_after (GH-1123) + * nghttpx: Fix potential memory leak + * lib: Allow PING frame to be sent after GOAWAY (GH-1103) + * nghttpx: Fix bug that h1 backend idle timeout expires sooner + * nghttpx: Stop overwrite of first header on mruby call to env.req.set_header(..) (Patch from Dylan Plecki) (GH-1119) + * nghttpx: Add upgrade-scheme parameter to backend option (GH-1099) + * nghttpx: Fix missing ALPN validation (--npn-list) (GH-1094) + * nghttpx: Remember which resource is pushed for RFC 8297 (GH-1101) + +------------------------------------------------------------------- +Mon Apr 9 08:59:52 UTC 2018 - tchvatal@suse.com + +- Drop spdylay dependency as it is deprecated since version 1.28.0 + and removed from cofnigure.ac since 1.29.0 + +------------------------------------------------------------------- +Thu Feb 22 15:10:41 UTC 2018 - fvogt@suse.com + +- Use %license (boo#1082318) + +------------------------------------------------------------------- +Fri Jan 5 13:21:33 UTC 2018 - mpluskal@suse.com + +- Update to version 1.29.0: + * lib: Use NGHTTP2_REFUSED_STREAM for streams which are closed by + GOAWAY + * build: Remove SPDY + * build: Fix CMAKE_MODULE_PATH + * nghttpx: Revert "nghttpx: Use an existing h2 backend connection + as much as possible" + * nghttpx: Write API request body in temporary file + * nghttpx: Increase api-max-request-body + * nghttpx: Faster configuration loading with lots of backends + * nghttpx: Fix crash with --backend-http-proxy-uri option + +------------------------------------------------------------------- +Mon Dec 11 16:53:16 UTC 2017 - dimstar@opensuse.org + +- Export PYTHON=/usr/bin/python3 before running configure: allow to + build without (comnplete) python2 in the buildroot. In any case + we only ship python3-bindings already. + +------------------------------------------------------------------- +Wed Dec 6 16:35:46 UTC 2017 - mpluskal@suse.com + +- Upodate to version 1.28.0: + * lib: Add nghttp2_error_callback2 + * build: Add deprecation warning when spdylay support is enabled + * Switch to clang-format-5.0 + * examples: Make client and server work with libevent-2.1.8 + * third-party: Update neverbleed + * integration: Fix issues reported by the go vet tool. + * nghttpx: Fix affinity retry + * nghttpx: Fix stalled backend connection on retry + * nghttpx: Cookie based session affinity + * nghttpx: Expose additional TLS related variables to mruby and + accesslog + +------------------------------------------------------------------- +Wed Nov 8 16:54:59 UTC 2017 - mpluskal@suse.com + +- Drop forgotten python2 build dependency + +------------------------------------------------------------------- +Thu Oct 26 10:28:19 UTC 2017 - mpluskal@suse.com + +- Update to version 1.27.0: + * h2load: Print out h2 header fields with --verbose option + * nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client + only +- Changes for version 1.26.0: + * docs: Fix some typos in the nghttpx how-to + * h2load: Fix bug that timing script stalls with -m1 + * h2load: Reservoir sampling (GH-984) + * h2load: Add timing-based load-testing in h2load +- Switch to python3 support + +------------------------------------------------------------------- +Mon Oct 9 10:14:26 UTC 2017 - schwab@suse.de + +- Don't use jemalloc on ppc or %arm, where it is broken. + +------------------------------------------------------------------- +Mon Aug 28 10:58:52 UTC 2017 - mpluskal@suse.com + +- Update to version 1.25.0: + * lib: add nghttp2_rcbuf_is_static() (Patch from Anna Henningsen) (GH-983) + * nghttpx: Fix bug that forwarded for is not affected by proxy protocol (GH-979) + * nghttpx: Update mruby to 1.3.0 (GH-957) + +------------------------------------------------------------------- +Mon Jul 17 19:45:59 UTC 2017 - mpluskal@suse.com + +- Drop doc building +- Rename python subpackage to python2 + +------------------------------------------------------------------- +Mon Jul 10 14:35:59 UTC 2017 - mpluskal@suse.com + +- Update to version 1.24.0: + * doc: README.rst: fix typo (Patch from Simone Basso) (GH-947) + * doc: fix up grammar in submit_trailer docs (Patch from Benjamin Peterson) (GH-945) + * doc: fix cleaning in out-of-tree builds (Patch from Benjamin Peterson) (GH-938) + * nghttp: Fix bug that upgrade fails if reason-phrase is missing (GH-949) + * nghttpx: Verify OCSP response using trusted CA certificates (GH-943) + * nghttpx: Set default minimum TLS version to TLSv1.2 (GH-937) +- Changes for version 1.23.1: + * nghttpx: Fix crash in OCSP response verification +- Changes for version 1.23.0: + * lib: nghttp2_session: Allow for compiling library with -DNDEBUG set (Patch from Angus Gratton) (GH-919) + * lib: Treat incoming invalid regular header field as stream error (GH-900) + * lib: Call nghttp2_on_invalid_frame_callback if altsvc validation fails (GH-904) + * doc: spelling mistake in arguments to build nghttp apps (Patch from Soham Sinha) (GH-925) + * doc: Add notes for installation on linux systems (Patch from Tapanito) (GH-917) + * doc: Clarify the effect of nghttp2_option_set_no_http_messaging + * nghttpx: Verify OCSP response (GH-929) + * nghttpx: Fix certificate selection based on pub key algorithm (GH-924) + * nghttpx: Fix certificate indexing bug + * nghttpx: Run OCSP at startup (GH-922) + * nghttpx: Wildcard path matching (GH-914) + * nghttpx: Forward multiple via, xff, and xfp header fields (GH-903) + * nghttp: Add -y, --no-verify-peer option to suppress peer verify warn (GH-906) + +------------------------------------------------------------------- +Wed May 10 12:03:35 UTC 2017 - mpluskal@suse.com + +- Update to version 1.22.0: + * lib: Add missing free call on error in inflight_settings_new() (Patch from lstefani) (GH-884) + * asio: Support specifying stream priority via session::submit() (Patch from Matt Way) (GH-881) + * nghttpx: Clarify --conf option behaviour + * nghttpx: Add $tls_sni access log variable (GH-896) + * nghttpx: Rename ssl_* log variables as tls_* (GH-895) + * nghttpx: Fix path matching bug (GH-894) + * nghttpx: SNI based backend server selection (GH-892) + * nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3 (GH-878) + * nghttpx: Add options for X-Forwarded-Proto header field (GH-872) + * nghttpx: Add --single-process option (GH-869) + * nghttpx: Use 502 as server error code + * nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl + * nghttp: Verify server certificate and show warning if it fails (GH-870) + * integration: Use nip.io instead of xip.io + +------------------------------------------------------------------- +Fri Apr 21 10:27:41 UTC 2017 - mpluskal@suse.com + +- Update to version 1.21.1: + * asio: Fix crash if connect takes longer time than ping interval (GH-866) + * nghttpx: Fix bug that 204 from h1 backend is always treated as error (GH-871) +- Changes for version 1.21.0: + * lib: Fix nghttp2_session_want_write (GH-832) + * doc: Document pkg-config path usage + * build: Eliminate U macro; Instead use (void)VAR for better compiler compatibility. + * src: BoringSSL supports SSL_CTX_set_{min,max}_proto_version. (Patch from Piotr Sikora) (GH-853) + * src: Use Mozilla's "Modern compatibility" ciphers by default + * src: nghttp2_gzip: fix this statement may fall through [-Werror=implicit-fallthrough=] found by gcc7 (Patch from Alexis La Goutte) (GH-823) + * nghttpx: Print version number with -v option + * nghttpx: Enable X25519 with boringssl + * nghttpx: Retry getaddrinfo without AI_ADDRCONFIG (GH-858) + * nghttpx: Failing to listen on server socket is fatal error + * nghttpx: Escape certain characters in access log (GH-856) + * nghttpx: Ignore further input if connection is going to close + * nghttpx: Don't call functions which are not async-signal-safe after fork but before execv in multithreaded process. + * nghttpx: Enable backend pattern matching with http2-proxy (GH-733) + * asio: client: Send PING after 30 seconds idle (GH-847) + + +------------------------------------------------------------------- +Thu Mar 23 18:53:19 UTC 2017 - mpluskal@suse.com + +- Update to version 1.20.0: + * lib: nghttp2_session: fix The 'then' statement is equivalent to the subsequent code fragment found by PVS Studio (V523) (Patch from Alexis La Goutte) (GH-814) + * lib: Add nghttp2_option_set_no_closed_streams (GH-810) + * build: Disable spdylay detection by default + * build: Add --with-systemd option to configure + * fuzz: Add fuzzer for oss-fuzz (GH-799) + * src: Enable TLSv1.3 if it is supported by OpenSSL (or BoringSSL) (GH-816) + * src: h2 requires >= TLSv1.2 + * asio: More graceful stop of nghttp2::asio_http2::server::http2 (Patch from Amir Pakdel) (GH-805) + * asio: Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted. (Patch from clemahieu) + * asio: Fix infinite loop in acceptor handler (Patch from clemahieu) (GH-794) + * asio: close_stream erases from streams_ while it's being iterated over. (Patch from clemahieu) (GH-795) + * nghttpx: Strip version number from server header field + * nghttpx: Add --single-worker option + * nghttpx: Fix bug that send_reply does not participate graceful shutdown + * nghttpx: Add --frontend-max-requests option + * nghttpx: Enable stream-write-timeout by default + * nghttpx: Fix stream write timer handling + * nghttpx: Add configrevision API endpoint (GH-820) + * nghttpx: Redirect to HTTPS URI with redirect-if-not-tls parameter (GH-819) + * nghttpx: Update log time stamp in millisecond interval + * nghttpx: Better error message when private key and certificate are missing + * nghttpx: Fix bug that old config is used during reloading configuration + * nghttpx: Specify TLS protocol by version range (GH-809) + * nghttpx: Send SIGQUIT to the original master process (GH-807) + * nghttpx: Restrict HTTP major and minor in 0 or 1 + * nghttpx: Drop privilege of neverbleed daemon first + * nghttpx: add systemd support (Patch from Tomasz Torcz) (GH-802) + * nghttpx: Fix crash on SIGHUP with multi thread configuration (GH-801) + * nghttpx: Send 1xx non-final response using mruby script (GH-800) + * nghttpx: Select certificate by client's supported signature algorithm (GH-792) + * nghttpx: Recommend POST for backendconfig API request + * nghttpx: Don't build PSK features with LibreSSL (Patch from Bernard Spil) (GH-789) + * nghttp: add support for link rel="preload" for --get-assets (Patch from Benedikt Christoph Wolters) (GH-791) + * h2load: Fix wrong req_stat updates + * h2load: Explicitly count the number of requests left and inflight + * integration: Fix deprecation warnings + * integration: Redirect nghttpx stdout/stderr to test driver's stdout/stderr +- Changes for version 1.19.0: + * lib: Fix memory leak of nghttp2_stream object in server side nghttp2_session object + * Fix issues found by PVS Studio (Patch from Alexis La Goutte) (GH-769) + * doc: Update README file to write about the issue of Alpine Linux's inability to replace malloc (Patch from makovich) (GH-768) + * build: Compile with Android NDK r13b using clang + * src: Fix assertion error with boringssl + * nghttp: Take into account scheme and port when parsing HTML links + * nghttp: Fix authority for --get-assets if IP address is used in conjunction with user-defined :authority header (Patch from Benedikt Christoph Wolters) (GH-783) + * nghttpx: Add --accesslog-write-early option (GH-777) + * nghttpx: Fix access.log timestamp (GH-778) + * nghttpx: Show default cipher list in -h + * nghttpx: Add client-ciphers option + * nghttpx: Add client-no-http2-cipher-black-list option + * nghttpx: Fix the bug that no-http2-cipher-black-list does not work on backend HTTP/2 connections. + * nghttpx: Add --client-psk-secret option to enable PSK in backend (GH-612) + * nghttpx: Add --psk-secret option to enable PSK in frontend connection (GH-612) + * nghttpx: Enable SCT with OpenSSL 1.1.0 + * nghttpx: Add proxyproto to frontend option to accept PROXY protocol (GH-765) + * h2load: Show default cipher list in -h + * h2load: Show custom server temp key such as X25519 + * h2load: Fix incorrect return value from spdylay_send_callback +- Changes for version 1.18.1: + * nghttpx: Fix assertion error in libev ev_io_start (GH-759) + * nghttpx: Handle c-ares success without result + * nghttpx: Fix bug that DNS timeout was erroneously disabled (GH-763) + * nghttpx: Fix bug that DNS timeout was ignored (GH-763) + +------------------------------------------------------------------- +Thu Feb 2 10:21:27 UTC 2017 - adam.majer@suse.de + +- use individual libboost-*-devel packages instead of boost-devel + +------------------------------------------------------------------- +Tue Jan 3 10:39:12 UTC 2017 - mpluskal@suse.com + +- Update to version 1.18.0: + * lib: Accept and ignore content-length: 0 in 204 response for now + * build: Use pkg-config to detect libxml2 + * build: Require c-ares to compile applications under src + * build: Add Windows CI via AppVeyor (Patch from Alexis La Goutte) + * examples: Delete tiny-nghttpd + * nghttpx: Retry h1 backend request if first write fails (GH-757) + * nghttpx: Keep reading after backend write failed (GH-756) + * nghttpx: Add frontend-keep-alive-timeout option (GH-755) + * nghttpx: New error log format (GH-749) + * nghttpx: Fix bug that fetch-ocsp-response does not work with OpenSSL 1.1.0 (GH-742) + * nghttpx: Backend API call allows non-numeric host with dns parameter (GH-731) + * nghttpx: Lookup backend host name dynamically (GH-721) + * nghttpx: Accept and ignore content-length: 0 in 204 response for now (GH-735) + * nghttpx: Wait for child process to exit + +------------------------------------------------------------------- +Wed Dec 14 10:19:51 UTC 2016 - mpluskal@suse.com + +- Update to version 1.17.0: + * lib: Disallow content-length in 1xx, 204, or 200 to a CONNECT request (GH-722) + * lib: Avoid memcpy against NULL src + * build: MSVC version resource support (Patch from Remo E) (GH-718) + * asio: server: Call on_close callback on connection close (GH-729) + * nghttpx: Fix frequent crash with --backend-http-proxy-uri + * nghttpx: Robust backend read timeout + * nghttpx: Fix bug that mishandles response header from h1 backend + * nghttpx: Fix bug that zero-length POST is not forwarded (GH-726) + * nghttpx: Remove optional reason-phrase from SPDY :status + * nghttpx: Header key and value must be string in mruby script + * nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby (GH-722) + * nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1 (GH-722) + * nghttpx: Fix compilation with BoringSSL (Patch from dalf) (GH-717) + * nghttpd, nghttpx, asio: Add missing mandatory SP after status code + +------------------------------------------------------------------- +Thu Nov 24 09:44:32 UTC 2016 - mpluskal@suse.com + +- Update to version 1.16.1: + * lib: Prevent undefined behavior in decode_length + * nghttpx: Fix bug which may crash nghttpx if non-final response + is forwarded from origin server to HTTP/1.1 client +- Changes for version 1.16.0: + * lib: Add nghttp2_set_debug_vprintf_callback to take advantage + of DEBUGF statements in when building DEBUGBUILD. + * Update .clang-format for clang-format-3.9 + * build: Make it possible to include nghttp2/CMakeLists.txt in + another project using add_subdirectory. + * third-party: Update http-parser to + feae95a3a69f111bc1897b9048d9acbc290992f9 + * asio: Fix crash when end() is called outside nghttp2 callback + * nghttpx: Add --backend-connect-timeout option + * nghttpx: Add TLS signed_certificate_timestamp extension support + * nghttpx: Add --ecdh-curves option to specify list of named + curves + * h2load: Add --header-table-size and --encoder-header-table-size + options + +------------------------------------------------------------------- +Sun Sep 25 09:01:48 UTC 2016 - mpluskal@suse.com + +- Update to version 1.15.0: + * lib: Add nghttp2_option_set_max_deflate_dynamic_table_size() + API function (GH-684) + * lib: Allow NGHTTP2_ERR_PAUSE from + nghttp2_data_source_read_callback (GH-671) + * lib: Add nghttp2_session_get_hd_deflate_dynamic_table_size() + and nghttp2_session_get_hd_inflate_dynamic_table_size() API + functions to get current HPACK dynamic table size (GH-664) + * lib: Add nghttp2_session_get_local_settings() API function + * lib: Add nghttp2_session_get_local_window_size() and + nghttp2_session_get_stream_local_window_size() API functions + * build: Add -lsocket -lnsl to APPLDFLAGS for solaris build + * neverbleed: Update neverbleed to support ECDSA certificate + * doc: Mention --enable-lib-only configure option in README + * integration: Fix test failure with go1.7.1 + * src: Fix compile error with openssl 1.1.0 + * nghttpx: Improve performance with HTTP/1.1 backend when + request body is involved + * nghttpx: Use std::atomic_* overloads for std::shared_ptr if + available + * nghttpx: Migrate backend stream to another h2 session on + graceful shutdown + * nghttpx: Add option to specify HPACK encoder/decoder dynamic + table size + * nghttpx: Log client address + * nghttpx: Add tls_sni to mruby Nghttpx::Env class + * nghttpx: Add --frontend-http2-window-size option, and its + family functions + * nghttpx: Add experimental TCP optimization for h2 frontend + * nghttpx: Workaround for std::make_shared bug in Xcode7, 7.1, + and 7.2 (GH-670) + * nghttpx: Fix bug that bytes are doubly counted to rate limit + for TLS connections + * nghttpx: Add --no-server-rewrite option not to rewrite server + header field (GH-667) + * nghttpx: Retry if backend h1 connection cannot be established + due to timeout + * nghttpx: Reset stream if invalid header field is received in h2 + * nghttpx: Add --server-name option to change server response + header field (GH-667) + * nghttpd: Add --encoder-header-table-size option + * nghttp: Add --encoder-header-table-size option + * python: Support ALPN, require Python 3.5 + +------------------------------------------------------------------- +Thu Sep 8 08:35:52 UTC 2016 - idonmez@suse.com + +- Update to version 1.14.0: + * lib: Make emit_header() return void since it always succeed + * lib: Add nghttp2_hd_deflate_hd_vec() deflate API to support + multiple buffer input + * lib: since hd_inflate_commit_indexed() always return 0, + remove the return value check in nghttp2_hd_inflate_hd_nv() + * lib: Use memeq() instead of lstreq() in lookup_token() + * lib: More strict stream state handling + * lib: Modify genlibtokenlookup.py to remove redundant header + comparisons and remove inline qualifier of lookup_token() + in genlibtokenlookup.py + * lib: Fix wrong tree operation to avoid cycle + * lib: Make get_max_index() return the max index in frame, + so we don't need to do extra calculation + * lib: Add nghttp2_on_invalid_header_callback + * lib: Log frame's stream ID for header debug logging + * doc: Remove old doc about differential encoding in HPACK + * doc: Document about ALPN in nghttpx howto + * nghttpx: Log error code from getsockopt(SO_ERROR) on first + write event + * nghttpx: Don't change pushed stream's priority + * nghttpx: Log backend connection failure in WARN level + * nghttpx: Fix bug that api and healthmon parameters do not work + with http2 proxy + * nghttpx: Add access log variable for backend host and port + * nghttpx: Use copy instead of const reference of backend group + * nghttpx: Reload configuration with SIGHUP + * nghttp: Adjust weight according to Firefox stable + * nghttp: Call error callback when invalid header field is + received and ignored + * nghttp: Allow multiple -p option + * deflatehd: Call nghttp2_hd_deflate_change_table_size only + if table size is changed from default + +------------------------------------------------------------------- +Sun Aug 7 17:23:20 UTC 2016 - mpluskal@suse.com + +- Update to version 1.13.0: + * lib: Cancel non-DATA frame transmission from + nghttp2_before_frame_send_callback + * doc: Fix warning with Sphinx 1.4 + * build: Work with Android NDK r12b + * nghttpx: Use consistent hashing for client IP based session + affinity + * nghttpx: Fix FTBFS on armel by explicitly including the header + * nghttpx: Cast to double to fix build with gcc 4.8 on Solaris 11 + * nghttpx: Fix build error with libressl + * examples: Fix compile error with OpenSSL v1.1.0-beta2 + +------------------------------------------------------------------- +Thu Jul 14 13:08:52 UTC 2016 - mpluskal@suse.com + +- Update to version 1.12.0: + * Add nghttp2_session_set_local_window_size API function + * Add nghttp2_option_set_max_send_header_block_length API + function (GH-613) + * Fix warning: declaration of 'free' shadows a global declaration + (Patch from Alexis La Goutte) + * examples: Add ALPN support to tutorial client/server (GH-614) + * nghttpx: Reduce TTFB with large number of incoming connections + * nghttpx: Rewrite read timer handling + * nghttpx: Clean up neverbleed AF_UNIX socket + * nghttpx: Add --backend-max-backoff option + * nghttpx: Use 16KiB buffer for reading to match TLS record size + * nghttpx: Add healthmon parameter to -f option to enable health + monitor mode + * nghttpx: Receive reference of std::mt19937, not making a copy + * nghttpx: Fix bug that backend never return to online (GH-615) + * nghttpx: Implement client IP based session affinity + * nghttpx: Add --api-max-request-body option to set maximum API + request body size + * nghttpx: Add api parameter to --frontend option to mark API + endpoint + * h2load: Add content-length header field for HTTP/2 and SPDY as + well + * h2load: Implement HTTP/1 upload (GH-611) + +------------------------------------------------------------------- +Wed Jun 8 09:03:04 UTC 2016 - idonmez@suse.com + +- Update to 1.11.1 + * lib: Add nghttp2_hd_inflate_hd2() and deprecate + nghttp2_hd_inflate_hd() + * lib: Avoid 0-length DATA if NGHTTP2_DATA_FLAG_NO_END_STREAM is set + * lib: Fix bug that PING flags are ignored in nghttp2_submit_ping + * integration: Workaround runtime error: cgo argument has Go pointer + to Go pointer + * nghttp: Eliminate zero length DATA frame at the end if possible + * nghttpd: Set content-length in status response + * nghttpx: Add sni keyword to --backend option + * nghttpx: Allow mixed protocol and TLS settings among backends under + same pattern + * nghttpx: Don't add 0-length DATA when response HEADERS bears + END_STREAM flag + * nghttpx: Don't add chunked encoded response body for HEAD request + * nghttpx: Don't use CN if we have dNSName or iPAddress field + * nghttpx: Just call execv instead of execve to pass environ + * nghttpx: Make SETTINGS timeout value configurable + * nghttpx: Save PID file after it is ready to accept connections + * nghttpx: Treat backend failure if SETTINGS is not received within + timeout + * nghttpx: Wait for SETTINGS ACK to make sure that backend h2 server + is alive + +------------------------------------------------------------------- +Wed Apr 27 10:04:48 UTC 2016 - mpluskal@suse.com + +- Update to 1.10.0 + * Pass unknown SETTINGS values to nghttp2_on_frame_recv_callback + * Add ALTSVC frame support + * Run error callback when peer does not send initial SETTINGS + frame + * Update http-parser + * Update sphinx_rtd_theme + * nghttp: add an --expect-continue option + * nghttpx: Fix downstream connect callback called early + * nghttpx: Truncate too long -b option signature + * nghttpx: Fix bug that server push from mruby script did not + work + * nghttpx: Try next HTTP/1 backend address when connection + cannot be made + * nghttpx: Retry next HTTP/2 backend address when connection + cannot be made + * nghttpx: Enable link header field based push for non-final + response + * nghttpx: Detect online/offline state of backend servers + * nghttpx: Better load balancing between backend HTTP/2 servers + * nghttpx: Fix crash with backend failure + +------------------------------------------------------------------- +Wed Apr 13 18:31:20 UTC 2016 - mpluskal@suse.com + +- Update to 1.9.2 + * nghttpx: Fix crash with backend failure + * nghttpx: Better distribute load to backend h2 servers + * nghttpx: Fix error messages on deprecated mode + * nghttpx: Fix bug that logger wrote string which was not + NULL-terminated + * nghttpx: Fix bug that proxy with HTTP/1.1 CONNECT did not work + +------------------------------------------------------------------- +Sun Mar 27 16:57:17 UTC 2016 - mpluskal@suse.com + +- Update to 1.9.1 + * nghttpx: Fix bug that backend tls keyword did not work with -s + option + * nghttpx: Fix handing stream after connection check was failed +- Changes for 1.9.0 + * lib: Add nghttp2_error_callback to tell application human + readable error message + * lib: Reference counted HPACK name/value pair, adding + * nghttp2_on_header_callback2 + * lib: Add nghttp2_option_set_no_auto_ping_ack() option + * lib: Add nghttp2_http2_strerror() to return HTTP/2 error code + string + * build: Makefile.msvc enhancements (Patch from Jan-E) + * build: Lower libev version requirement (Patch from Peter Wu) + * build: cmake build support (Patch from Peter Wu) + * asio: Fix bug that server event loop breaks with exception + * integration: Disable tests that sometimes break randomly on + travis + * integration: do not use recursive target (Patch from Peter Wu) + * h2load: Fix bug that it did not try to connect to server again + * h2load: Fix bug that initial max concurrent streams was too + large + * nghttpx: Memcached connection encryption with tls keyword + * nghttpx: Enable/disable TLS per frontend address + * nghttpx: Configure TLS per backend routing pattern + * nghttpx: Workaround for Ubuntu 15.04 which does not + value-initialize on std::make_shared. + * nghttpx: Add --error-page option to set custom error pages + * nghttpx: Add wildcard host routing + * nghttpx: Change read timeout reset timing + * nghttpx: Don't push if Link header field includes nopush + * nghttpx: Deprecate backend-http1-connections-per-host in favor + of backend-connections-per-host + * nghttpx: Restructure mode settings, removing --http2-bridge, + --client, and --client-proxy options + * nghttpx: Deprecate backend-http1-connections-per-frontend in + favor of backend-connections-per-frontend + * nghttpx: Don't share session which is already in draining + state + * nghttpx: Effectively disable backend HTTP/2 connection flow + control + * nghttpx: Add --frontend-http2-max-concurrent-streams and + --backend-http2-max-concurrent-streams, and deprecate + --http2-max-concurrent-streams option + * nghttpx: Deprecate --backend-http2-connections-per-worker + option + * nghttpx: Share TLS session cache between HTTP/2 and HTTP/1 + backend + * nghttpx: Rewrite backend HTTP/2 connection coalesce strategy + +------------------------------------------------------------------- +Fri Feb 26 13:00:38 UTC 2016 - mpluskal@suse.com + +- Update to 1.8.0 + * Add Architecture documents (work in progress) + * List all contributors in AUTHORS + * doc: fix out-of-tree doc builds (Patch from Peter Wu) + * Wrap AM_PATH_XML2 by m4_ifdef to handle the case when + _PATH_XML2 is not found + * Fix configure script for non-gcc, clang build + * Document compiling apps and include h2load in configure (Patch + from David Beitey) + * Don't check for dlopen/libdl on *BSD (Patch from Bernard Spil) + * Don't taint CXXFLAGS from AX_CXX_COMPILE_STDCXX_11 + * Fixing Windows Makefile version detection (Patch from Reza + Tavakoli) + * lib: Tokenize extra HTTP header fields + * lib: Fix typo in HAVE_CONFIG_H name (Patch from Peter Wu) + * lib: Add HTTP/2 extension framework to send and receive + non-critical frames + * tests: remove unused macros (Patch from Peter Wu) + * src: Update default cipher list + * src: Fix compile error with gcc-6 which enables C++14 by default + * asio: client: Fix connect timeout does not work, return from cb + if session stopped, removing client::session::connect_timeout() + functon + * nghttpd: Start SETTINGS timer after it is written to output + buffer + * nghttpd: Add trailer header field to status responses + * nghttpd: Add -w and -W options to change window size + * nghttpx: Worker wide blocker which is used when socket(2) is + failed + * nghttpx: ConnectBlocker per backend address + * nghttpx: Interleave text/html pushed resources with associated + resource + * nghttpx: Add headers given in add-response-headers for mruby + response + * nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor + of --backend-address-family + * nghttpx: Add options to specify address family of memcached + connections + * nghttpx: Add encryption support for TLS ticket key retrieval + * nghttpx: Add TLS support for session cache memcached connection + * nghttpx: Refactor blacklisted cipher suite check (Patch from + Jay Satiro) + * nghttpx: Add TLS support for HTTP/1 backend + * nghttpx: Add request-header-field-buffer and + max-request-header-fields options, deprecating + header-field-buffer and max-header-fields options. + * nghttpx: Add --no-http2-cipher-black-list to allow black listed + cipher suite + * nghttpx: Limit header fields from backend + * nghttpx: Fix bug that IPv6 address in Forwarded "for" is not + quoted-string + * nghttpx: Support multiple frontend addresses + * integration-tests: support out-of-tree tests (Patch from Peter + Wu) + * examples: fix compile warnings (Patch from Peter Wu) +- Drop upstreamed nghttp2-c++14.patch + +------------------------------------------------------------------- +Fri Feb 12 17:21:54 UTC 2016 - mpluskal@suse.com + +- Update to 1.7.1 + * Fix CVE-2016-1544 (boo#966514) + +------------------------------------------------------------------- +Thu Jan 28 14:43:56 UTC 2016 - rguenther@suse.com + +- Add nghttp2-c++14.patch to properly guard make_unique templates. + [bsc#964140] + +------------------------------------------------------------------- +Tue Jan 26 20:02:00 UTC 2016 - mpluskal@suse.com + +- Update to 1.7.0 + * Reset (RST_STREAM) stream if flow control window gets overflow + * Validate :authroity, host, and :scheme value more strictly + * Check request/response submission error based side of session + * Strict outgoing idle stream detection + * Return error from nghttp2_submit_{headers,request} when self + dependency is made + * Add -ldl to APPLDFLAGS for static openssl linking + * asio: Stop acceptor on server::http2::stop + * asio: Rename http2::get_io_services() as http2::io_services() + * h2load: Support UNIX domain socket + * h2load: Improve readability of traffic numbers + * h2load: Remove "auto" for -m option + * h2load: Show progress in rate mode + * h2load: Perform sampling for request and connection timings to + reduce memory consumption + * nghttpd: Add --no-content-length option to omit content-length + in response + * nghttpx: Interleave pushed streams with the associated stream + if pushed streams are javascript and CSS resources + * nghttpx: The initial value of request/response buffer is + increased to 128K + * nghttpx: Fix bug that --listener-disable-timeout option is not + used + * nghttpx: Don't emit :authority if request does not contain + authority information + * nghttpx: Add clarification of quotes in configuration file + * nghttpx: Don't allow certain characters in host and :scheme + header field + * nghttpx: Add RFC 7239 Forwarded header field support + * nghttpx: Fix crash when running on IPv6 only (Patch from Vernon + Tang) + * nghttpx: Take into account of trailers when applying + max_header_fields + * nghttpx: Don't apply max_header_fields and header_field_buffer + limit to response + * nghttpx: Strict validation for header fields given in + configuration + * nghttpx: header value should not be lower-cased (Patch from + ayanamist) + +------------------------------------------------------------------- +Thu Jan 21 08:28:51 UTC 2016 - pgajdos@suse.com + +- fixed typo in libnghttp2_asio1 [bsc#962914] + +------------------------------------------------------------------- +Wed Dec 23 17:48:47 UTC 2015 - mpluskal@suse.com + +- Update to 1.6.0 + * Fix heap-use-after-free bug when handling idle streams + * Strict error handling for frames which are not allowed after + closed (remote) + * Set max number of outgoing concurrent streams to 100 by + default + * Keep incoming streams only at server side + * Create stream object for pushed resource during + nghttp2_submit_push_promise() + * Add nghttp2_session_create_idle_stream() API + * Handle response in nghttp2_on_begin_frame_callback + * Add --lib-only configure option + * Compile with OpenSSL 1.1.0-pre1 + * Fix build when OpenSSL 1.0.2 is not available (patch from + Sunpoet Po-Chuan Hsieh) + * asio: Add connect and read timeout to client API + * asio: Add TLS handshake and read timeout to server API + * asio: Added access to a requests remote endpoint (patch from + Andreas Pohl) + * asio: libnghttp2_asio: Added io_service accessors (patch from + Andreas Pohl) + * h2load: Add req/s min, max, mean and sd for clients + * h2load: Fix broken connection times + +------------------------------------------------------------------- +Tue Dec 1 14:13:15 UTC 2015 - mpluskal@suse.com + +- Update to 1.5.0 + * Fix bug that nghttp2_session_find_stream(session, 0) returned + NULL + * Add nghttp2_session_change_stream_priority() to change stream + priority without sending PRIORITY frame + * Add nghttp2_session_check_server_session() API + * Consider to use CANCEL error code when closing streams with + GOAWAY + * Don't send push response if GOAWAY has been received + * Use error code CANCEL to reset pushed reserved stream from + remote + * Add nghttp2_session_upgrade2(), deprecate + nghttp2_session_upgrade() + * Workaround HTTP upgrade with HEAD request in + nghttp2_session_upgrade() + * Introduce NGHTTP2_NV_FLAG_NO_COPY_NAME and + NGHTTP2_NV_FLAG_NO_COPY_VALUE + * Add nghttp2_session_check_request_allowed() API function + * Switch to clang-format-3.6 + * Update mruby to 1.2.0 + * tests: fix broken linkage with --disable-static (Patch from + Kamil Dudka) + * python: Send RST_STREAM if remote side is not closed and + response finished + * asio: client: call on_error when connection is dropped + * asio: ALPN support + * h2load: Add --h1 option to force http/1.1 for both http and + https URI + * h2load: Fix crash when dealing with "connection: close" form + HTTP/1.1 server + * h2load: h2load goes into infinite loop when timing script file + starts with 0.0 in first line (Patch from Kit Chan) + * h2load: Override user-agent with -H option + * h2load: Print "space savings" to measure header compression + efficiency + * h2load: Stream error should be counted toward errored + * h2load: Show application protocol with OpenSSL < 1.0.2 + * nghttpx: Don't send RST_STREAM to h2 backend if backend is + disconnected state + * nghttpx: Support server push from HTTP/2 backend + * nghttpx: Fix bug that causes connection failure with backend + proxy URI + * nghttpx: Use --backend-tls-sni-field to verify certificate + hostname + * nghttpx: Log :authority as $http_host if available + * nghttpd: Fix crash with CONNECT request + * nghttpd: Defered eviction of cached fd using timer + * nghttpd: Read /etc/mime.types to set content-type header field + * nghttp: Record request method to output it in har correctly + * nghttp: Use method given in -H with ":method" in HTTP Upgrade +- Drop nghttp2-1.4.0-fix-tests.patch (now in upstream) + +------------------------------------------------------------------- +Mon Nov 16 17:21:15 UTC 2015 - mpluskal@suse.com + +- Enable spdy and more example applications + +------------------------------------------------------------------- +Sat Oct 31 10:21:56 UTC 2015 - sor.alexei@meowr.ru + +- Update to 1.4.0: + * lib: Don't always expect dynamic table size update. + * lib: Shrink to the minimum table size seen in local SETTINGS. + * lib: Add new error code NGHTTP2_ERR_PAUSE to send_data_callback. + * lib: Avoid excessive WINDOW_UPDATE queuing. + * lib: Return fatal error if flooding is detected to close + session immediately. + * lib: Return type of nghttp2_submit_trailer is int. + * lib: Don't send WINDOW_UPDATE with 0 increment. + * lib: Fix bug that headers in CONTINUATION were ignored after + HEADERS with padding. + * package: Use -fvisibility=hidden for internal functions. + * package: Show more information in configure summary. + * package: Add PIDFile directive to systemd service. + * package: Fix daemon upgrade when running under systemd. + * app: Compile with BoringSSL. + * nghttp: Allow multiple -c option occurrence, and take min and + last value. + * nghttpd: Fix leak when server failed to listen to given port. + * nghttpx: Add TLS dynamic record size behaviour command line + options. + * nghttpx: Reduce default timeouts for read sockets to 1m. + * nghttpx: Fix bug that PUT is replaced with POST. + * nghttpx: Change mruby script handling. + * nghttpx: Added support for RFC 7413 (TCP Fast Open) on nghttpx + proxy listening connections. + * nghttpx: Add neverbleed support. + * h2load: Don't DOS our server! + * h2load: Use duration syntax for timeouts. + * h2load: Support subsecond rate period. + * h2load: Simplify rate mode. + * h2load: Add option for user-definable rate period. + * h2load: Reuse SSL/TLS session. + * h2load: Reconnect server on connection: close. + * h2load: Don't exit in the case of no ALPN protocol overlap. + * integration: Update go's http2 package URI. +- Add missing baselibs.conf. +- Add nghttp2-1.4.0-fix-tests.patch from commit 4825009. +- Small spec cleanup. + +------------------------------------------------------------------- +Sun Sep 27 12:38:17 UTC 2015 - mpluskal@suse.com + +- Update to 1.3.4 + * Make traditional init script fail if new config file is broken + (Patch from Janusz Dziemidowicz) + * nghttpx-logrotate: Don't use killall since we have multiple + processes + * nghttpx: Fix improper signal handling +- Changes for 1.3.3 + * Fix bug in padding handling of DATA frame + * Use hash table for dynamic table lookup + * More warning flags for --enable-werror + * Update mruby + * h2load: HTTP/1.1 support (Patch from Lucas Pardue) + * nghttpx: Do not try to set TCP_NODELAY when frontend is an + UNIX socket (Patch from Janusz Dziemidowicz) + * nghttpx: Chown UNIX domain socket to user specified as --user + * nghttpx: Split monolithic one process into control and worker + processes + * nghttpx: Handle SSL/TLS data following PROXY protocol line +- Changes for 1.3.2 + * Check header block limit after new stream is opened + * nghttp: Show error if HEADERS frame cannot be sent for + whatever reason + * nghttpx: Fix assertion failure on TLS handshake + * nghttpx: Add x-http2-push header field for pushed resource + * nghttpx: Fix compile error with --disable-threads + +------------------------------------------------------------------- +Mon Sep 14 13:33:16 UTC 2015 - mpluskal@suse.com + +- Update to 1.3.1 + * Avoid usage of typeof and replace __builtin_offsetof with + offsetof + * Honor stream->weight even if stream->last_writelen is 0 + * Compile third-party libraries if hpack-tools is enabled + * nghttpx-init: Start nghttpx with --daemon + * Bundle sphinxcontrib.rubydomain https://bitbucket.org/birkenfeld/sphinx-contrib/src/default/rubydomain/ + * Bundle mruby + * h2load: Record TTFB on first byte of response body, rather + than first socket read + * h2load: Improve checking for timing script input, prevent + false positive in certain situations + * nghttpx: Implement PROXY protocol version 1 + (--accept-proxy-protocol option) + * nghttpx: Allow link header server push for HTTP/2 backend + as well + * nghttpx: Don't initiate push if client disabled push + * nghttpx: Allow absolute URI in Link header field for push + * nghttpx: Fix crash with multi workers and QUIT signal + * nghttpx: Add mruby support which is disabled by default + (use --with-mruby configure option to enable it) + * nghttpx: Drop connection before TLS finish if h2 requirement + is not fulfilled +- Fix typo in previous changelog entry + +------------------------------------------------------------------- +Tue Sep 1 06:59:43 UTC 2015 - mpluskal@suse.com + +- Update to 1.3.1 + * Limit the number of incoming reserved (remote) streams + * Add stream public API + * Rewrite priority tree handling + * Fix parallel make distcheck + * Define it and itprep recursive target if + AM_EXTRA_RECURSIVE_TARGETS is defined + * fetch-ocsp-response: Handle spurious openssl exist status 0 + * nghttpx: Use nghttp2::ssl::DEFAULT_CIPHER_LIST for backend TLS + connection + * nghttpx: Don't allow blacked listed cipher suites for HTTP/2 + connection + * nghttpx: better handle /dev/stderr and /dev/stdout (Patch from + Tomasz Buchert) + * nghttpd: GOAWAY if SSL/TLS requirements for HTTP/2 are not met + * nghttpd: Return date header field for 304 + * nghttpd: Support HEAD request + * h2load: Add Timing-script and base URI support (Patch from + Lucas Pardue) + * h2load: Add timeout options (Patch from Nora) +- Fix typo in changelog + +------------------------------------------------------------------- +Mon Aug 17 10:51:27 UTC 2015 - mpluskal@suse.com + +- Update to 1.2.1 + * doc: Reword the HPACK tutorial (Patch from Tom Harwood) + * nghttpx: Fix stability issues + * h2load: Fix crash if -r > -n + +------------------------------------------------------------------- +Mon Aug 10 14:10:20 UTC 2015 - mpluskal@suse.com + +- Update to 1.2.0 + * Fix crash if response or data is submitted to closing stream + * Header table size UINT32_MAX must be accepted + * Use PROTOCOL_ERROR against DATA sent to idle stream + * Allow multiple in-flight SETTINGS + * Strictly check occurrence of dynamic table size update + * Fix configure warning that 'missing' is missing or too old + * Fix rm: cannot remove ‘*.rst’: No such file or directory when + "make clean" (Patch from Alexis La Goutte) + * doc: Reword some of the server and client tutorial (Patch + from Tom Harwood) + * src: Remove monotonic_clock replacement macro for gcc-4.6 + * nghttpx: Add TLS ticket key sharing among nghttpx instances + using memcached + * nghttpx: Add shared session cache using memcached + * nghttpx: Set SSL/TLS session timeout to 12 hours + * nghttpx: Enable session resumption on HTTP/2 backend + * nghttpx: Don't rewrite host header field by default + * nghttpx: Generate new ticket key every 1hr and its life time + is now 12hrs + * nghttpx: Don't reuse backend connection if it is not clean + * nghttpx: Add AES-256-CBC encryption for TLS session ticket + * nghttpd: Fix the bug that 304 response has non-empty body + * h2load: Add -r and -C options to h2load (Patch from + Nora Shoemaker) +- Changes for 1.1.2 + * Fix linker error with libnghttp2_asio + * Allow custom installation location for Python bindings +- Drop no longer needed missing_nghttp2_timegm.patch + +------------------------------------------------------------------- +Thu Jul 16 06:58:40 UTC 2015 - mpluskal@suse.com + +- Update to 1.1.1 + * nghttpx: Fix various stability issues and memory leak bug +- Changes for 1.1.0 + * Fix DATA is not consumed if nghttp2_http_on_data_chunk failed + * nghttp2_submit_response and nghttp2_submit_headers may return + * NGHTTP2_ERR_DATA_EXIST + * msvc build fixes and enchantments (Patch from Gabi Davar) + * Compile with IRIX gcc-4.7 (Patch from Klaus Ziegler) + * nghttp: Add --max-concurrent-streams option + * nghttp: Add comment on HAR on pushed objects (Patch from + acesso) + * nghttpx: Add --include option to read additional configuration + from given file + * nghttpx: Add backend routing based on request host and path by + extending -b option + * nghttpx: Allow log variable to be enclosed by curly braces for + disambiguation + * nghttpx: Add log variables related to SSL/TLS connection + * h2load: Add --ciphers option +- Add patches + * missing_nghttp2_timegm.patch to fix building of asio library + * nghttp2-remove-python-build.patch to fix python bindings + installation when autotools are used + +------------------------------------------------------------------- +Tue Jun 30 11:54:06 UTC 2015 - mpluskal@suse.com + +- Update to 1.0.5 + * Add STREAM_DEP_DEBUG macro switch to enable runtime validation + of depedency tree + * Fix another bug in priority handling; sibling's item is not + queued when ancestor's item is detached + * nghttpx: Fix crash with --http2-bridge and both frontend and + backend TLS + +------------------------------------------------------------------- +Wed Jun 24 10:52:12 UTC 2015 - mpluskal@suse.com + +- Update to 1.0.4 + * Fix assertion failure in stream_update_dep_on_detach_item + (GH-264) +- Changes for 1.0.3 + * Fix bug that idle self-depending PRIORITY is not handled + gracefully + * Optimize dependency based priority code to Firefox style tree + * enable third-party for asio_lib too (Patch from Mike + Frysinger) + * fetch-ocsp-response: Support LibreSSL, and include port in + ocsp_host + * src: Support compile with LibreSSL + * nghttpx: Fix bug that x-forwarded-proto header field does not + reflect frontend scheme on HTTP/2 backend + * nghttpx: Validate :path on SPDY frontend + +------------------------------------------------------------------- +Tue Jun 16 08:27:32 UTC 2015 - mpluskal@suse.com + +- Update to 1.0.2 + * Fix bug that data are not consumed for connection in race + condition (GH-253) + * Define NGHTTP2_EXTERN to __declspec(dllimport) when using + nghttp2 for Windows build + * Translate fetch-ocsp-response into Python + * libevent-client: Fix bug that path is broken if URI does not + contain path part + * python: Call on_close callback when connection is lost for + server session + * python: Expose client certificate, if available (Patch from + Fabian Wiesel) + * python: Catch and log failure to set TCP_NODELAY (Patch from + Fabian Wiesel) + * nghttpx: Add --add-request-header option + * nghttpx: Make WebSocket upgrade work + * nghttpx: Fix bug that END_STREAM is not set in backend for + POST with Upgrade + * nghttpx: Don't send "Expect" header field twice + +------------------------------------------------------------------- +Mon May 25 15:13:45 UTC 2015 - mpluskal@suse.com + +- Update to 1.0.1 + * Include stdint.h instead of inttypes.h when compiled with MSVC + < 2013 + * Fix invalid memory free on out-of-memory handling + * integration: Use our own copy of golang spdy package + * android: Don't link zlib bundled with android NDK + * Dockerfile.android: Update NDK ver, and ubuntu; build and link + zlib + * src, examples: Fix up OpenSSL initialization + * nghttpx: Allow HTTP Upgrade from POST request if response + header has not been sent to the client + * nghttpx: Fix bug that PUSH_PROMISE is sent after associated + response HEADERS + * nghttpd: Close connection after settings timeout and GOAWAY + was sent + * h2load: Fix bug that NPN fails if ALPN is enabled + +------------------------------------------------------------------- +Thu May 21 06:50:36 UTC 2015 - mpluskal@suse.com + +- Update to 1.0.0 + * v1.0.0 introduced backward incompatible changes from 0.7 + series. Read https://nghttp2.org/documentation/package_README.html#migration-from-v0-7-15-or-earlier + to migrate from older version to this latest version. +- Changes for 0.7.15 + * Hopefully, this is the last release for 0.7.x series. + Development continues in 1.x series. + * Access violation in buffers (GH-232) (Patch from Etienne Cimon) + * Retry finding jemalloc lib by je_malloc_stats_print (GH-233) + * inflatehd: Fix crash if 'wire' value is not string (GH-235) + * nghttpx: Revert 585af93 to fix crash with TLS (GH-234) + * nghttpd: Add --echo-upload option to send back request body + +------------------------------------------------------------------- +Wed May 13 13:07:14 UTC 2015 - mpluskal@suse.com + +- Update to 0.7.14 + * Fix global-buffer-overflow in HPACK code + * Fix doc for nghttp2_select_next_protocol + * Fix bug that promised stream was not reset on decompression + error + * Add systemd and upstart configuration file for nghttpx + (Patch from Zhuoyun Wei) + * Improve nghttpx logrotate configuration file (Patch from + Zhuoyun Wei) + * Update sphinx_rtd_theme + * h2load: Update h2load to give connect time and ttfb stats + (Patch from ericcarlschwartz) + * nghttpd: Add -m, --max-concurrent-streams option + * nghttpx: Log absolute URI for HTTP/2 or client proxy request + * nghttpx: Add --header-field-buffer and --max-header-fields + options + * nghttp: Fix assertion error if very large value is given to -t + +------------------------------------------------------------------- +Fri May 1 13:47:12 UTC 2015 - mpluskal@suse.com + +- Update to 0.7.13 + * Fix bug that promised stream was not reset by returning + NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from + nghttp2_on_header_callback. Instead, associated stream was reset. + * Allow NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from + nghttp2_on_begin_headers_callback + * h2load: Effectively disable flow control by setting large + window size + * asio: Graceful shutdown and joinable server (Patch from + Xiaoguang Sun) + +------------------------------------------------------------------- +Mon Apr 20 08:40:33 UTC 2015 - mpluskal@suse.com + +- Update to 0.7.12 + * Fix bug that nghttp2_session_set_next_stream_id accepts invalid + stream_id + * HPACK: Rewrite static header table handling + * HPACK: Never index authorization and small cookie header field + * Don't install libnghttp2_asio headers if they are disabled + * doc: Specify program directive so that hyperlink to option is + correctly pointed to the intended location + * asio: client: Call error_cb on error occurred in do_read and + do_write (Fixes GH-207) + * nghttp: Add --no-push option to disable server push + * nghttp: Show stream ID in statistics output + * nghttp: Remove --dep-idle option + * nghttp: Use same priority anchor nodes as Firefox does + * nghttpx: Don't push resource if link header has non empty + loadpolicy + * nghttpx: Add logging for somewhat important events (logs, + tickets, and ocsp) + * nghttpx: Set Downstream to stream user data on HTTP Upgrade + to h2 + +------------------------------------------------------------------- +Sun Apr 12 17:38:36 UTC 2015 - mpluskal@suse.com + +- Update to 0.7.11 + * nghttpx: Fix waitpid race condition in ocsp response update + * nghttp: Consider user-provided :authority header field for SNI + as well as host header field +- Changes for 0.7.10 + * Make sure that nghttp2 license is MIT license + * Add nghttp2_session_consume_{connection,stream} to consume + bytes independent + * Add nghttp2_send_data_callback to send DATA payload without + copying "static inline" fix for build with VS2013 (Patch from + Remo E) + * Update lib/Makefile.msvc (Patch from Remo E) + * Remove dependency on libws2_32 on Windows build + * Define NGHTTP2_EXTERN macro to export function for Windows + build + * doc: Generate API doc per function + * python: Add async body generation support + * python: Fix pseudo-header field ordering bug + * nghttpx: Redirect stderr to errorlog file + * nghttpx: Fix bug that data buffered in SSL object are not + read + * nghttpx: Remove --tls-ctx-per-worker option + * nghttpx: Add OCSP stapling feature + +------------------------------------------------------------------- +Sat Apr 4 16:55:55 UTC 2015 - mpluskal@suse.com + +- Enable python bindings +- Update to 0.7.9 + * Implements h2-14 protocol (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14) + * Implements HPACK 09 (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09) + * h2load: Fix crash if -t > -c + * h2load: Add -d option to upload data to server + * nghttpx: Forward only "trailers" keyword in te when forwarding HTTP/2 backend + * nghttpx: Fix PUSH_PROMISE header field corruption [GH-194] + * nghttpx: Fix te header field is duplicated when forwarding HTTP/2 backend + * nghttp, nghttpd: Add --hexdump option to hexdump incoming traffic. + * examples: Place AM_CPPFLAGS first to use in-package header files first [GH-192] +- Changes for 0.7.8 + * Implements h2-14 protocol (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14) + * Implements HPACK 09 (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09) + * Validate :path header field for http or https URI scheme + * NULL-terminate header field name and value presented by callback + * README.rst: Cleaned up the grammar a bit (Patch from Ross Smith II) + * h2load: fix for segfault by reserving correct worker count (Patch from Stefan Eissing) + +------------------------------------------------------------------- +Wed Mar 18 21:29:49 UTC 2015 - jengelh@inai.de + +- Avoid shipping documentation redundantly. Set RPM groups. + +------------------------------------------------------------------- +Fri Mar 6 18:19:47 UTC 2015 - mpluskal@suse.com + +- Fix rpm group + +------------------------------------------------------------------- +Tue Mar 3 22:15:13 UTC 2015 - mpluskal@suse.com + +- Update to 0.7.5 + * Implements h2-14 protocol + (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14) + * Implements HPACK 09 + (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09) + * Validate HTTP semantics by default + * Add nghttp2_option_set_no_http_messaging() API function + * Update http-parser + * nghttp, nghttpd, nghttpx: Use "sensitive" to indicate + "never indexed" header field + * nghttp, nghttpd, nghttpx, h2load: Select/announce h2 in + ALPN/NPN + * nghttp: Fix unaligned field output in --stat + * nghttp: Fix -H does not work with -u upgrade request + * nghttp: Update resource timing terminology according to + Resource Timing TR + * nghttpd: Add -a option which takes an address parameter that + allows nghttpd to bind to a non-default address. Patch + from Brian Card + * nghttpx: Use omit minor version in case of HTTP/2 in via + header and access log + * nghttpx: Support UNIX domain socket on both frontend and backend + * nghttpx: Fix crash in http/1 backend when backend returns more + bytes than CL + * nghttpx: Cast configuration value to rlim_t to avoid compile + error on 32bit + * nghttpx: Fix 1 second delay in HTTP/2 backend connection + * nghttpx: Fix request re-submission bug in HTTP/2 backend + * asio-sv2: Fix compile error with OS X + +------------------------------------------------------------------- +Sun Feb 15 11:00:12 UTC 2015 - mpluskal@suse.com + +- Initial packaging of 0.7.4 + diff --git a/nghttp2.keyring b/nghttp2.keyring new file mode 100644 index 0000000..e225d72 --- /dev/null +++ b/nghttp2.keyring @@ -0,0 +1,64 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBEmgJCARBACDsyRcJt0cPqS5I3nooSD4ETmsqXSGoA1QP0NcD3mMDIxfwOk3 +ZgaLAhQTpylqzYu4uQ5lDcvkpZtN8cA+R+9Bxq1VcY5Jra4t93Eyxd/14oufgg8w +GLZ8q2otuUliL+RWPEuuBLNJFrdHeLfITBX88ZyHz8tu0kpWBBVBLb5yYwCg3OmH +L59aPl0TIoKGIL/xYs80ixcD/3PA9z6SbChDHRKA647Smrw6QuQHl7Uubg6LYYxz +FoxeN3F/grZHNJyUzlkdraIcWWYi1Dr0D28TnuQUbPoj7ju248iPRv2ZEr7OpV9j +RksxJIBqzC698XwPuq2Jo8iBNgE2t25aY9UHXxehqg6zkyR1bdhFzDV1cEKGkU62 +TAnvA/9tB77GiQ9H02oybfqYrdxrWCou3kRa7owd/tBqRMkzH4Vt86VIXwVdsMn1 +sGeF4YGUqwY7GCT+jviFCdvGTRqeCJgaLJAYE8hSFIxpDTdUNxaPxwuOd3Jq5BKC +U7boXpLlAcdh47CMk4qvIDZfBb2iVjZCN1yFI9R/TCH7JCT9NLQrVGF0c3VoaXJv +IFRzdWppa2F3YSA8dGF0c3VoaXJvLnRAZ21haWwuY29tPohgBBMRAgAgBQJJoCQg +AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQfoQD1dZzw2YoTgCgmzKU0uK/ +fr2nVqYondsxppQS83wAoIPlXaxcUV39DvA7/Rui6+rBNljmuQQNBEmgJCAQEADi +J5vXLb+y5g2kQApYk/iPqlJV02jHX7VJnWwivfQNq0F56TiiAZx9B6QR71pShkv8 +L4FgdmuNPcxamh4LAiVsiE3lW5dnlt6cp5bmWvNOTDZIojbxSfS4ZhQmt3Ij4vJ5 +fnlgUeaLDzXqeuO5ezMZvpsoBcDMvPCnv8R28JX0z1LIjA42sC85Kvd8EeB7uyGJ +q0qzU7OMP6JdxN2IwvdGiqXAAHI2KZOU9Pp4Kvg4qj8v3ELXrhlrZVye6PAmbufJ +Gdcg73EEabhoWutzt1h++qUkhzSQRUoTIqa2DWyE/bTPGlxqKgHmur5okBn5iwcr +BijhE6d8AvBqlopxyHHIEsZ4YswvLR8VcOt//aT1ArYdrxAfyjujvimoW1+gDjsA ++Hc1wlrYW6uLgHwFIzQFOi4Yt/+hw26dlqJhO9pnK8vwpPsMnvkfHQx5A7EeZhpN +g1YIDhPEO+RSk81Gs0Y1xzJjLulncxlzprX6xmyZK/B2dQZy4XFl5K02Q7Zas++x +z70JvwOC8kDu117jb3QtersJHt09SGywCrkaU6P8+iKxPd2PEwaPWKqu4n7IpLZu +2Kg5GXO1h80fqhPSRJGbj5a6YVvfVHoRPaUL34Y4yYPxPVxjpgYR6ohhhoyURA4w ++qkhugcbYM9/wQTbwhgLc5mG62bq+WVkhehaGFOCwwADBRAAkzofRfa6dNtZC8kp +4bTmTydRCRrAAjUvCtRNL+PjB6JpTsIru/w6dR2i3TYDnUOBNkvVLUNG+Sk6fsR2 +CcEefsa4AQwRb8G33FATsewFbImSrBNT9R5hr+hR33XWxo0KAcXrucnaboidQOBK +lDD0SEC6eBexVXa4/h9qum4Qmj0u9XBBqMqEOJY/Mao5SJ8EWZV+UAszgJdmHDvq +s9+1425NuzuG9/KQzx/5wWjQmtAHikE/oFQ1RZ3hWxRpe4YmsrKQuVqwHRfIjCrB +MdBteldVr4NN0eUqfnrXgTpInXSsUstDr1/04u2Q3+spQUjJOcZ+IluPLfr12EAH +UKc9/2CT6cLmBVEl2s2PijC5EoxH3UA2KkxcxBy5LleKvF5FZ3MHbXaj2RLMLBlW +aGhlFF2H85EEmq73Ex5ncLPT4BW2rHrkwdUOOXCN8riUZr42E3K+GTyfGyRbU9Ar +MBP62ytvamwBO9O+E6sJCVraoho4a2ERORh5PQzEot1Tmyf4u6AQf1+JVMn2yThc +ilRKWD1Q/AfEAibVbPANkXXjX5pZkIRc1Eunq5afYf2ixyS96RSjc6EZ+euaaaFC +96+MdDtlycafZIXYNgiNkrrm8mzPCb2i8tmF9aPnGYBknsnFLlda3Zz4afFDKyLN +LYRvqAujonL+HBOLW2InmeD5p6SISQQYEQIACQUCSaAkIAIbDAAKCRB+hAPV1nPD +ZqpZAJ9Kw73IdA3hw+wQEen991bFlMzHfQCgtG/GMjXB246Qt9XPVvToTSFJQPq5 +Ag0EZdRdtAEQAMIqEK6XuVLgY6KPOUqHFjQZdi87hCX9sTSHVuvQ75Ko70Ayz/AH +I7YWnPoaJjWQwCugGOdEjXKQMUUKuGUrWAtGoGUg9MDFXdAXRrwBhhKz8ZGJzGPU +YXkanJSHo3AAFQ4QWSJmGvlZ2VhthB5v/njUlpzFvNusa5e71RRLM5f5R3kROUlj +vwAXUcosLESi864AKFzo1qiQB6KtatTLJH8aHQEFrVwzrleKdkF5OozfWw1poB4g +94QBkIzXgmEA3uTpXHLctIngpR8mZrQQtohI2zKlpnq9lCMZ7j3/xitZ6xS2KSlH +BU3Z4TXZKZuFP7IsITVTdlMg/OHua2l0i3ZewbIWPnnPJC8dQi+QdYe6FWjDwZPu +HBAbbxHVFCYnz5f4SP9LNqeWRGqHHnzb5pNe2xZHykPP84kvFvmRonqMBIvFrPhV +kw+Z43JBvxM4YwYp0GWEuDAik6KmbuM5SmwAiR67KigwwUoumJi9YdQlUIkNKO7P +SvmHCzaX47+AdLxDToMXCsIO2NlLGE5GN/RwQ8k0owWoK5WZYUI16pgZ39n/Z03y +Ig+W//qUJ7+eYTgvvCngR3kxUXipSVA0+skxWvdmRHla5MasuvtPuW/Xz6/+U3fS +4bmYTWA5TmhfrMublTncBXgEvX9LzyL+kPhf81OAix3RNUlD6Jp5+751ABEBAAGJ +ApYEGBECACAWIQT087kUdNHrKYib0O9+hAPV1nPDZgUCZdRdtAIbAgJACRB+hAPV +1nPDZsF0IAQZAQoAHRYhBFFrYikY0VxHirHqOlM5or6C4H3sBQJl1F20AAoJEFM5 +or6C4H3sBa8QALx76ibbGN3vz9+Aa58gtk1oDIIfEF/U7PmMuPB9CA9738kgiXvq +nxKAkiBU9EkaiYsPfF/iv35xp44CrFz/mjqMQiMlWOxMtRVXjsQQoGKmkdei4THk +3pVE4u6bXXb38LUnXyYVV9P0XLNV/ilwvRlnozP4NqrjH7MuKLKLUoKNHMD6UK2/ +UWUqHQPboFYTIb826+S8PiGQ/3PO7+Y+h0Jyq2o5c76N2PvMgtkQwvTTw6hPP8p1 +EIffN1wUpZ5dG+Cxe9oN2FF6Lq89WCK1M7n3DU4JZqjKIcmxJKPPmjQjdVUUhyXQ +4naywi+h30esJ/CbrQ0oyDnr0jbiTg04c6IV5U5deVDywJ9gAAgV0g12NDwo2SCb +ZeLGul8/tZXpXiTYJdTQ0N3EUZYPbOvY8Kdh95stq9HtKJyozP/yemFBfiTtK0Kt +QISQHf0GNJR+D682S0iB3nSprzXpgwgjaHYLQXYdUomg7lMGrtf3XZQlUaHYLHp6 +W0xhOweS/2kr5G461zSyJ3T9ITm59GapunXfuSGqA2mJvv9CXJqN8Qm6UzUD8QBk +JxiUC6IMVAoBShSPD9qC0jBxXETKNHC4zPoF0wfOVYjKJ29btfOjneL0IdLNR/6c +WcszscQx9Rm+vWArbDdcATTnImO1hIehxeQPp/8IRPpxHjD64GoNSbzyZkwAn0n6 +KhOXkidphC12e/W/W3vSRrm5AKC2S6Ile4sLQr7aDSQZLvJz54gxYw== +=Rw9e +-----END PGP PUBLIC KEY BLOCK----- diff --git a/nghttp2.spec b/nghttp2.spec new file mode 100644 index 0000000..436a0af --- /dev/null +++ b/nghttp2.spec @@ -0,0 +1,155 @@ +# +# spec file for package nghttp2 +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%global soname libnghttp2 +%global sover 14 +%global flavor @BUILD_FLAVOR@%{nil} +Name: nghttp2 +Version: 1.64.0 +Release: 0 +Summary: Implementation of Hypertext Transfer Protocol version 2 in C +License: MIT +Group: Development/Libraries/C and C++ +URL: https://nghttp2.org/ +Source0: https://github.com/nghttp2/nghttp2/releases/download/v%{version}/nghttp2-%{version}.tar.xz +Source1: https://github.com/nghttp2/nghttp2/releases/download/v%{version}/nghttp2-%{version}.tar.xz.asc +Source2: nghttp2.keyring +Source3: baselibs.conf +%if 0%{?suse_version} && 0%{?suse_version} == 1500 +BuildRequires: gcc13-c++ +%else +BuildRequires: gcc-c++ +%endif +BuildRequires: libboost_system-devel +BuildRequires: libboost_thread-devel +BuildRequires: pkgconfig +BuildRequires: python-rpm-macros +BuildRequires: pkgconfig(cunit) +BuildRequires: pkgconfig(jansson) +BuildRequires: pkgconfig(libcares) +BuildRequires: pkgconfig(libev) +BuildRequires: pkgconfig(liblzma) +BuildRequires: pkgconfig(libsystemd) +BuildRequires: pkgconfig(libxml-2.0) +BuildRequires: pkgconfig(openssl) >= 1.1.1 +BuildRequires: pkgconfig(zlib) +%ifnarch ppc %{arm} +BuildRequires: pkgconfig(jemalloc) +%endif + +%description +This is an implementation of Hypertext Transfer Protocol version 2. + +The framing layer of HTTP/2 is implemented as a form of reusable C library. +On top of that, we have implemented HTTP/2 client, server and proxy. We +have also developed load test and benchmarking tool for HTTP/2. + +HPACK encoder and decoder are available as public API. + +%package -n %{soname}-%{sover} +Summary: Shared library for nghttp2 +Group: System/Libraries + +%description -n %{soname}-%{sover} +Shared C libraries for implementation of Hypertext Transfer Protocol +version 2. + +%package -n python3-nghttp2 +Summary: Python3 bindings for nghttp2 +Group: Development/Libraries/Python + +%description -n python3-nghttp2 +Python bindings for implementation of Hypertext Transfer Protocol version +2. + +%package -n %{soname}-devel +Summary: Development files for nghttp2 +Group: Development/Languages/C and C++ +Requires: %{soname}-%{sover} = %{version} +Provides: %{name}-devel = %{version} + +%description -n %{soname}-devel +Development files for usage with libnghttp2, which implements +Hypertext Transfer Protocol version 2. + +%package doc +Summary: Documentation for nghttp2 +Group: Documentation/HTML + +%description doc +Documentation for nghttp2, which includes a shared C library, +HTTP/2 client, server and proxy. + +%prep +%autosetup -p1 -n nghttp2-%{version} + +%build +%if 0%{?suse_version} && 0%{?suse_version} == 1500 +export CC=/usr/bin/gcc-13 +export CXX=/usr/bin/g++-13 +%endif +%configure \ + --disable-static \ + --disable-silent-rules \ + --enable-app \ + %{nil} +%make_build all + +%install +%make_install +find %{buildroot} -type f -name "*.la" -delete -print + + +# Do not ship this +rm -rf %{buildroot}%{_datadir}/doc/nghttp2 + +# None of applications using these man pages are built. +rm -rf %{buildroot}%{_mandir}/man1/* \ + doc/manual/html/.buildinfo + +# https://build.opensuse.org/request/show/1212476 +%if %{suse_version} >= 1600 +%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/fetch-ocsp-response +%endif + + +%check +%make_build check + +%ldconfig_scriptlets -n %{soname}-%{sover} + +%files +%{_bindir}/deflatehd +%{_bindir}/inflatehd +%{_bindir}/h2load +%{_bindir}/nghttp +%{_bindir}/nghttpd +%{_bindir}/nghttpx +%{_datadir}/%{name}/ + +%files -n %{soname}-%{sover} +%license COPYING +%{_libdir}/%{soname}.so.%{sover}* + +%files -n %{soname}-devel +%dir %{_includedir}/%{name}/ +%{_includedir}/%{name}/%{name}*.h +%{_libdir}/%{soname}.so +%{_libdir}/pkgconfig/%{soname}.pc + +%changelog