rpm/nghttp2
SHA256
1
0
Fork 0
forked from pool/nghttp2
Code Pull Requests Activity

Accepting request 724578 from home:adamm:branches:devel:libraries:c_c++

Browse Source 
- Update to version 1.39.2 (bsc#1146184, bsc#1146182):
  * This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
  “Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
  frames cause Denial of Service by consuming CPU time. Check out
  https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
  for details. For nghttpx, additionally limiting inbound traffic by
  --read-rate and --read-burst options is quite effective against
  this kind of attack.
  * Add nghttp2_option_set_max_outbound_ack API function
  * nghttpx: Fix request stall

OBS-URL: https://build.opensuse.org/request/show/724578
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=96
This commit is contained in:
Martin Pluskal 2019-08-19 13:20:08 +00:00 committed by Git OBS Bridge
parent 5b8cf27be9
commit dc40b8ad08
4 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nghttp2-1.39.1.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:679160766401f474731fd60c3aca095f88451e3cc4709b72306e4c34cf981448
size 1634512

3
nghttp2-1.39.2.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a2d216450abd2beaf4e200c168957968e89d602ca4119338b9d7ab059fd4ce8b
size 1635428

15
nghttp2.changes
View File

@ -3,6 +3,21 @@ Mon Aug 19 12:27:38 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Require correct library from devel package - boo#1125689
-------------------------------------------------------------------
Mon Aug 19 12:02:09 UTC 2019 - Adam Majer <adam.majer@suse.de>
- Update to version 1.39.2 (bsc#1146184, bsc#1146182):
* This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for details. For nghttpx, additionally limiting inbound traffic by
--read-rate and --read-burst options is quite effective against
this kind of attack.
* Add nghttp2_option_set_max_outbound_ack API function
* nghttpx: Fix request stall
-------------------------------------------------------------------
Tue Aug 13 13:22:01 UTC 2019 - Martin Pluskal <mpluskal@suse.com>

2
nghttp2.spec
View File

@ -29,7 +29,7 @@
%bcond_with python
%endif
Name: nghttp2%{psuffix}
Version: 1.39.1
Version: 1.39.2
Release: 0
Summary: Implementation of Hypertext Transfer Protocol version 2 in C
License: MIT