SHA256
1
0
forked from pool/nghttp2
nghttp2/nghttp2.changes
Dirk Mueller e56fd1ccf1 - update to 1.62.1:
* nghttpx: Fix batch UDP QUIC packet dropped on GRO read
- update to 1.62.0:
  * nghttpx: Fix QUIC stateless reset stack buffer overflow
  * Require c-ares >= 1.16.0 for ares_getaddrinfo
  * Require C++20 compiler
  * Adopt std::to_array and remove make_array
  * nghttpx: Define APIEndpoints separately
  * nghttpx: Do not send error/status body when method is HEAD
  * nghttpx: Fix alignment issues in BlockAllocator
  * nghttpx: Simplify parameter declaration for ipc_fd functions
  * nghttpx: Add extent to ipc_fd explicitly
  * Make make_byte_ref return std::span
  * Make util::decode_hex return std::span
  * Rewrite util::parse_uint
  * Let base64::decode return std::span
  * Refactor StringRef
  * Stringref refactor c str and str
  * Add StringRef literal operator and remove StringRef::from_lit
  * Make StringRef(const std::string&) implicit
  * Add http2::make_field family functions
  * Remove std::string conversion operator from StringRef
  * Optimize StringRef comparisons against c-string
  * Pack more quic pkt
  * nghttpx: Dynamic GSO failover
  * Refactor ImmutableString
  * nghttpx: Refactor QUIC data path
  * nghttpx: Fix inherited TCP port comparison
  * make_websocket_accept_token: Lesser conversions
  * Add http3::make_field family functions

OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/nghttp2?expand=0&rev=124
2024-06-17 18:13:31 +00:00

1776 lines
79 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

-------------------------------------------------------------------
Mon Jun 17 18:02:25 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 1.62.1:
* nghttpx: Fix batch UDP QUIC packet dropped on GRO read
- update to 1.62.0:
* nghttpx: Fix QUIC stateless reset stack buffer overflow
* Require c-ares >= 1.16.0 for ares_getaddrinfo
* Require C++20 compiler
* Adopt std::to_array and remove make_array
* nghttpx: Define APIEndpoints separately
* nghttpx: Do not send error/status body when method is HEAD
* nghttpx: Fix alignment issues in BlockAllocator
* nghttpx: Simplify parameter declaration for ipc_fd functions
* nghttpx: Add extent to ipc_fd explicitly
* Make make_byte_ref return std::span
* Make util::decode_hex return std::span
* Rewrite util::parse_uint
* Let base64::decode return std::span
* Refactor StringRef
* Stringref refactor c str and str
* Add StringRef literal operator and remove StringRef::from_lit
* Make StringRef(const std::string&) implicit
* Add http2::make_field family functions
* Remove std::string conversion operator from StringRef
* Optimize StringRef comparisons against c-string
* Pack more quic pkt
* nghttpx: Dynamic GSO failover
* Refactor ImmutableString
* nghttpx: Refactor QUIC data path
* nghttpx: Fix inherited TCP port comparison
* make_websocket_accept_token: Lesser conversions
* Add http3::make_field family functions
* Remove unnecessary namespace qualifications
* Refactor http utils
* Refactor streq
* Remove util::streq and let StringRef operator== deal with it
* Update the link for the Prefix.pdf document. fix #2178
* Introduce typed nghttp2_min and nghttp2_max
- drop gcc7.patch (obsolete, we require C++20 now)
-------------------------------------------------------------------
Thu Apr 4 09:47:27 UTC 2024 - pgajdos@suse.com
- version update to 1.61.0
* Fixes CVE-2024-28182 [bsc#1221399]
* nghttpx: Shutdown h3 stream read with trailer as well by @tatsuhiro-t in #2087
* Checkout with submodules by @jonaski in #2093
* Respect BUILD_STATIC_LIBS and add option for tests by @jonaski in #2092
* build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #2097
* Workaround llvm issue on github ubuntu runner by @tatsuhiro-t in #2098
* docker: Use copy --link by @tatsuhiro-t in #2099
* Nghttpx header idle timeout by @tatsuhiro-t in #2100
* nghttpx: Fix frontend-header-timeout does not work in config file by @tatsuhiro-t in #2101
* Rewrite hexdump by @tatsuhiro-t in #2102
* Switch to distroless/base-nossl by @tatsuhiro-t in #2103
* Bump ngtcp2 by @tatsuhiro-t in #2105
* nghttpx: Simplify quic connection close handling by @tatsuhiro-t in #2106
* build(deps): bump github.com/quic-go/quic-go from 0.41.0 to 0.42.0 by @dependabot in #2107
* autotools: Use tar-ustar automake option by @tatsuhiro-t in #2108
* Automate release process by @tatsuhiro-t in #2109
* autotools: Switch to tar-pax by @tatsuhiro-t in #2110
* nghttpx: Drop a UDP datagram from well-known port by @tatsuhiro-t in #2111
* nghttpx: Fix port byte order by @tatsuhiro-t in #2112
* h2load: Allow host header to be overridden by @tatsuhiro-t in #2113
* nghttpx: Rework QUIC stateless reset packet size by @tatsuhiro-t in #2114
* nghttpx: More QUIC prohibited ports by @tatsuhiro-t in #2115
* Add actions/stale by @tatsuhiro-t in #2116
* nghttpx: Discard UDP datagram that is too short to be a valid QUIC packet by @tatsuhiro-t in #2117
* nghttp: Support SSLKEYLOGFILE by @tatsuhiro-t in #2119
* No rfc7540 priority fix by @tatsuhiro-t in #2120
* Further reduce Stateless reset emission by @tatsuhiro-t in #2122
* nghttpx: Rework Connection ID construction by @tatsuhiro-t in #2124
* Nghttpx faster worker lookup by @tatsuhiro-t in #2125
* nghttpx: Split thread into worker_process and thread by @tatsuhiro-t in #2126
* bpf: Drop bad QUIC packet by @tatsuhiro-t in #2127
* cmake: check SSL_provide_quic_data when ENABLE_HTTP3 is ON by @jimmy-park in #2128
* nghttpx: Allocate 3 bits for QUIC configuration in Connection ID by @tatsuhiro-t in #2129
* nghttpx: Migrate to ares_getaddrinfo by @tatsuhiro-t in #2132
* Bump munit by @tatsuhiro-t in #2131
* nghttpx: Fix error message by @tatsuhiro-t in #2133
* nghttpd: Fix read stall by @tatsuhiro-t in #2134
-------------------------------------------------------------------
Wed Apr 3 10:31:13 UTC 2024 - Adam Majer <adam.majer@suse.de>
- gcc7.patch: Fix compilation for SLE-15 (jsc#PED-8206)
-------------------------------------------------------------------
Mon Mar 18 12:59:00 UTC 2024 - Martin Pluskal <mpluskal@suse.com>
- Update keyring with current key
-------------------------------------------------------------------
Mon Mar 18 08:35:17 UTC 2024 - pgajdos@suse.com
- version update to 1.60.0
* makerelease.sh: Speed up git submodule
* Speed up git clone
* build(deps): bump actions/cache from 3 to 4
* Fixing the build and install trees
* build(deps): bump microsoft/setup-msbuild from 1 to 2
* nghttpx: Set ocsp response to SSL in case of boringssl
* Run with python3
* src: Certificate Compression with boringssl
* Fix missing newline
* Switch to aws lc
* Libbrotli fixup
* Deprecate RFC 7540 priorities (aka stream dependencies)
* Let dependabot manage go modules
* build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0
* integration-tests: Omit unused parameters
* Munit
* Introduce nghttp2_ssize API
* Move deprecated warning upfront
* Describe RFC 7540 priorities deprecation plan
* Apps migrate nghttp2 ssize
* src: Remove unused functions
* Reconsider ssize t usage in src
* Use GitHub private vulnerability reporting
* Move security policy to GitHub standard location
* Bump mruby to 3.3.0
* Bump llhttp to 48588093ca4219b5f689acfc9ebea9e4c8c37663
* h2load: Add --sni option
* Bump ngtcp2 dependencies
* mruby: Adopt deprecation of mrbc_ prefix
* neverbleed: Define _GNU_SOURCE for pthread_setaffinity_np
* bpf: Pre-expand aes key
* mruby: Exclude mrdb gem which causes nghttpx to crash
* nghttpx: Reuse EVP_CIPHER_CTX for QUIC connection ID encryption
* Run apt-get update before install
* src: Deal with the case that send_quantum < max_udp_payload_size
* nghttpx: Remove SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE
* Fix build when AI_NUMERICSERV is undefined
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang_path macro, [bsc#1212476]
-------------------------------------------------------------------
Sun Jan 28 17:01:52 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 1.59.0:
* Update bash_completion
* h2load: Fix bug that ttfb is not recorded if h3 stream
has no data
* h2load: Consider all h2 HEADERS when counting bytes and
recording ttfb
* h2load: Ignore 1xx status code
* nghttpd: Free SSL_CTX on exit
* nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data
* nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data
* cmake: Require OpenSSL >= 1.1.1
* Add nghttp2_select_alpn and deprecate
nghttp2_select_next_protocol
* nghttpx: Add --alpn-list and deprecate --npn-list
* h2load: Add --alpn-list and deprecate --npn-list
* Remove NPN
* src: Support building with aws-lc
* Avoid detecting OpenSSL 3.2 as quictls
* Use nghttp3_pri_parse_priority added since nghttp3 v1.1.0
* h2load: Fix IPv6 address in :authority
* h2load: Fix IPv6 address in :authority
* nghttpx: Propagate stream priority from backend to
frontend
* nghttpx: Propagate stream priority from backend to
frontend
* Merge pull request #1991 from nghttp2/get-and-parse-
extpri
* Add API to get and parse RFC 9218 priority
* nghttpx: Prefer __FILE_NAME__ if defined
-------------------------------------------------------------------
Sat Nov 25 22:23:00 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.58.0:
* Update manual pages
* Bump neverbleed
* Bump ngtcp2
* Prefer clock_gettime if __CYGWIN__ defined
* Do not require strict c++ mode
* nghttpx: Stricter transfer-encoding checks
* Refactor character comparison
* Integration servertester h3
* integration: Enable http3 test with cmake
-------------------------------------------------------------------
Tue Nov 21 11:53:04 UTC 2023 - Dirk Müller <dmueller@suse.com>
- fix unversioned provides to be in sync with nghttp3
-------------------------------------------------------------------
Tue Nov 7 12:54:09 UTC 2023 - Dirk Müller <dmueller@suse.com>
- add keyring for gpg validation
- spec file cleanups
-------------------------------------------------------------------
Mon Oct 16 10:24:50 UTC 2023 - pgajdos@suse.com
- version update to 1.57.0 [bsc#1216174]
1.57.0
* Fixes CVE-2023-44487
* Bump ngtcp2 by @tatsuhiro-t in #1944
* Add dependabot to update actions by @tatsuhiro-t in #1946
* Bump golang.org/x/net to v0.15.0 by @tatsuhiro-t in #1950
* Bump actions/setup-go from 3 to 4 by @dependabot in #1948
* Bump actions/checkout from 3 to 4 by @dependabot in #1949
* Bump actions/upload-artifact from 1 to 3 by @dependabot in #1947
* docker: Bump base image to debian 12 by @tatsuhiro-t in #1951
* nghttpx: Header field name must be lowercase by @tatsuhiro-t in #1953
* Bump quictls by @tatsuhiro-t in #1945
* Apps fix by @tatsuhiro-t in #1957
* nghttpx: Fix bug that --single-process does not work by @tatsuhiro-t in #1958
* Fix clang-format by @tatsuhiro-t in #1959
* Rework session management by @tatsuhiro-t in #1961
1.56.0
* doc: Bump boringssl by @tatsuhiro-t in #1928
* Fix memory leak by @tatsuhiro-t in #1930
* Return void by @tatsuhiro-t in #1931
* nghttpx: Rework sending and receiving ECN bits by @tatsuhiro-t in #1934
* CMSG_DATA does not necessarily return an aligned pointer by @tatsuhiro-t in #1935
* Bump quictls by @tatsuhiro-t in #1937
* Bump ngtcp2 and its dependencies by @tatsuhiro-t in #1939
* nghttpx: Simplify std::unique_ptr get and release by @tatsuhiro-t in #1940
* Bump llhttp to 926c982942eb53a13f01c1e9e6b19bd3b196e7dd by @tatsuhiro-t in #1941
* Bump libbpf to v1.2.2 by @tatsuhiro-t in #1942
* Update Dockerfile by @tatsuhiro-t in #1943
-------------------------------------------------------------------
Sat Jul 15 15:11:52 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.55.1:
* Fix memory leak
This commit fixes memory leak that happens when
PUSH_PROMISE or HEADERS frame cannot be sent, and
nghttp2_on_stream_close_callback fails with a fatal error.
For example, if GOAWAY frame has been received, a
HEADERS frame that opens new stream cannot be sent.
This issue has already been made public via CVE-2023-35945
by envoyproxy/envoy project. During embargo period, the
patch to fix this bug was accidentally submitted to
nghttp2/nghttp2 repository [2]. And they decided to
disclose CVE early. I was notified just 1.5 hours
before disclosure. I had no time to respond.
PoC described in [1] is quite simple, but I think it is
not enough to trigger this bug. While it is true that
receiving GOAWAY prevents a client from opening new stream,
and nghttp2 enters error handling branch, in order to cause
the memory leak, nghttp2_session_close_stream function
must return a fatal error.
NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of
memory. It is unlikely that a process gets short of
memory with this simple PoC scenario unless application
does something memory heavy processing.
* NGHTTP2_ERR_CALLBACK_FAILURE is returned from application
defined callback function (nghttp2_on_stream_close_callback, in
this case), which indicates something fatal happened inside a
callback, and a connection must be closed immediately without
any further action. As nghttp2_on_stream_close_error_callback
documentation says, any error code other than 0 or
NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
error code. More specifically, it is treated as if
NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that
envoy returns
NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is
translated into NGHTTP2_ERR_CALLBACK_FAILURE.
https://github.com/envoyproxy/envoy/security/advisories/GHSA-
jfxv-29pc-x22r
-------------------------------------------------------------------
Tue Jun 20 20:48:11 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.54.0:
* nghttpx: Consistent error handling and use of high-level API
* h2load: Fix http3 upload stall
* h2load: Use std::chrono::steady_clock for quic timestamp
-------------------------------------------------------------------
Thu May 18 04:53:42 UTC 2023 - Martin Pluskal <mpluskal@suse.com>
- Update to version 1.53.0:
* https://nghttp2.org/blog/2023/05/10/nghttp2-v1-53-0/
-------------------------------------------------------------------
Tue Mar 14 09:33:48 UTC 2023 - Dirk Müller <dmueller@suse.com>
- update to 1.52.0:
* https://nghttp2.org/blog/2023/02/13/nghttp2-v1-52-0/
* sphinx_rtd_theme has been removed from the repository
and archive.
* The deprecated Python bindings has been removed.
* The deprecated libnghttp2_asio has been removed.
* llhttp and neverbleed have been updated.
* This release fixes the bug that stalls TLS connection.
* This release adds more http3 integration tests.
- drop nghttp2-remove-python-build.patch: obsolete as the code got removed
-------------------------------------------------------------------
Thu Nov 17 16:35:21 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.51.0:
* https://nghttp2.org/blog/2022/11/13/nghttp2-v1-51-0/
This release fixes affinity-cookie-stickiness parameter handling.
-------------------------------------------------------------------
Sat Sep 24 11:21:43 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.50.0:
* https://nghttp2.org/blog/2022/09/21/nghttp2-v1-50-0/
This release adds
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation which disables
checking leading and trailing white spaces against HTTP field value.
-------------------------------------------------------------------
Fri Sep 23 15:38:24 UTC 2022 - Dirk Müller <dmueller@suse.com>
- disable asio by default as it is deprecated by upstream and
will be removed in the next release
-------------------------------------------------------------------
Mon Aug 22 21:23:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.49.0:
* https://nghttp2.org/blog/2022/08/22/nghttp2-v1-49-0/
-------------------------------------------------------------------
Mon Jul 11 19:43:07 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.48.0:
* lib: Allow server to override RFC 9218 stream priority
* lib: Add a server option to fallback to RFC 7540 priorities
* lib: Add PRIORITY_UPDATE frame support
* lib: Implement RFC 9218 extensible prioritization scheme
* lib: Do not verify host field specific characters for response field
* lib: No rfc7540 priorities
* lib: Fix stream stall when initial window size is decreased
* doc: Document how to change stream prioritization scheme
* build: Compile with libressl 3.5
* build: EXTRA_DIST: List mruby files explicitly
* build: Bump ngtcp2 and nghttp3
* build: Do not check application libraries if --enable-lib-only is given
* src: Update default TLS cipher suites
* nghttpx, h2load: Better pack UDP packets in one GSO write
* nghttpx, h2load: Quic error handling
* nghttpx, h2load: Fix QUIC performance regression
* nghttp, nghttpd, nghttpx: Add ktls support
* h2load: Send more packets without GSO per event loop
* h2load: Add ktls support
* nghttpd: Fix TLS read stall
* nghttpx: Disable RFC 7540 priorities
* nghttpx: Client always uses simpler TLS handshake
* nghttpx: Add affinity-cookie-stickiness backend parameter
* nghttpx: Fix broken session affinity
* nghttpx: Limit CONNECTION_CLOSE and Retry under server amplification limit
* integration: Go update
* integration: Add go.mod
* third-party: Bump llhttp to 75b45129db961e1fb3c56044e1b8f7721bfaee5d
* third-party: Bump libbpf to v0.8.0
* third-party: Bump mruby to 3.1.0
* third-party: Bump neverbleed based on the latest head (GH-1708)
-------------------------------------------------------------------
Sun Mar 20 21:13:42 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 1.47.0:
* see https://nghttp2.org/blog/2022/02/23/nghttp2-v1-47-0/
-------------------------------------------------------------------
Sat Dec 18 19:24:21 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 1.46.0:
* see https://nghttp2.org/blog/2021/07/18/nghttp2-v1-44-0/
* see https://nghttp2.org/blog/2021/09/20/nghttp2-v1-45-0/
* see https://nghttp2.org/blog/2021/10/19/nghttp2-v1-46-0/
-------------------------------------------------------------------
Thu Feb 4 11:22:06 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 1.43.0:
* doc: Make doc generation work with sphinx v3.3
* python: Require python3 for python bindings
* python: Require python3 for python scripts
* nghttpx: Make sure that Pool gets cleared when all buffers are returned
* nghttpx: Choose ECDSA cert if compatible signature algorithm available
* nghttpx: Add workaround to include ':' in backend pattern
-------------------------------------------------------------------
Wed Jan 6 12:22:21 UTC 2021 - Dirk Müller <dmueller@suse.com>
- update to 1.42.0:
* lib: fix ubsan errors (Patch from Asra Ali) (GH-1468)
* lib: Don't send RST_STREAM to idle stream (GH-1477)
* lib: nghttp2_map backed by nghttp2_ksl
* doc: Update sphinx_rtd_theme
* doc: nghttp2_session_send is also affected by max concurrent streams (Patch from Tomas Krizek) (GH-1489)
* doc: clarify flow control behaviour for nghttp2_session_send() (Patch from Tomas Krizek) (GH-1488)
* build: Add missing cmake/FindSystemd.cmake to dist (GH-1526)
* third-party: Bump llhttp to 2.2.0
* third-party: Bump mruby to 2.1.2
* nghttpx: Deal with the case when h2 backend is retired before it is initialized
* nghttpx: Add accesslog variables to record request path without query (GH-1511)
* nghttpx: Fix stall when TLS follows after proxy protocol
* nghttpx: Fix logging integer
-------------------------------------------------------------------
Wed Jun 3 11:45:25 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
- Update to 1.41.0
* Fix CVE-2020-11080
* lib: Implement max settings option (Patch from James M Snell)
* lib: Earlier check for settings flood (Patch from James M Snell)
* lib: Fix receiving stream data stall (GH-1444)
* build: cmake: Make hard-coded static lib suffix optional (Patch from Viktor Szakats) (GH-1418)
* third-party: Bump llhttp to 2.0.4 (GH-1442)
* nghttpx: Add PROXY-protocol v2 support (GH-1452)
* nghttpx: Fix get_x509_serial for long serial numbers (Patch from Jacky Tian) (GH-1455)
* h2load: Allow port in --connect-to
* h2load: add --connect-to option (Patch from Lucas Pardue) (GH-1426)
-------------------------------------------------------------------
Tue Jan 14 18:01:52 UTC 2020 - Michał Rostecki <mrostecki@opensuse.org>
- Update to version 1.40.0
* lib: Add nghttp2_check_authority as public API
* lib: Fix the bug that stream is closed with wrong error code
* lib: Faster huffman encoding and decoding
* build: Avoid filename collision of static and dynamic lib
* build: Add new flag ENABLE_STATIC_CRT for Windows
* build: cmake: Support building nghttpx with systemd
* third-party: Update neverbleed to fix memory leak
* nghttpx: Fix bug that mruby is incorrectly shared between
backends
* nghttpx: Reconnect h1 backend if it lost connection before
sending headers
* nghttpx: Returns 408 if backend timed out before sending
headers
* nghttpx: Fix request stal
-------------------------------------------------------------------
Fri Aug 30 02:45:32 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Conditionally remove dependecy on jemalloc for SLE-12
-------------------------------------------------------------------
Mon Aug 19 12:27:38 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Require correct library from devel package - boo#1125689
-------------------------------------------------------------------
Mon Aug 19 12:02:09 UTC 2019 - Adam Majer <adam.majer@suse.de>
- Update to version 1.39.2 (bsc#1146184, bsc#1146182):
* This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for details. For nghttpx, additionally limiting inbound traffic by
--read-rate and --read-burst options is quite effective against
this kind of attack.
* Add nghttp2_option_set_max_outbound_ack API function
* nghttpx: Fix request stall
-------------------------------------------------------------------
Tue Aug 13 13:22:01 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Update to version 1.39.1:
* This release fixes the bug that log-level is not set with
cmd-line or configuration file. It also fixes FPE with default
backend.
- Changes for version 1.39.0:
* libnghttp2 now ignores content-length in 200 response to
CONNECT request as per RFC 7230.
* mruby has been upgraded to 2.0.1.
* libnghttp2-asio now supports boost-1.70.
* http-parser has been replaced with llhttp.
* nghttpx now ignores Content-Length and Transfer-Encoding in 1xx
or 200 to CONNECT.
- Drop no longer needed boost170.patch
-------------------------------------------------------------------
Fri May 10 08:24:23 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.38.0:
* This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry.
* It also fixes the bug that HTTP/1.1 chunked request stalls.
* Now nghttpx does not log authorization request header field value with -LINFO.
* This release fixes possible backend stall when header and request body are sent in their own packets.
* The backend option gets weight parameter to influence backend selection.
* This release fixes compile error with BoringSSL.
- Add patch from upstream to build with new boost bsc#1134616:
* boost170.patch
-------------------------------------------------------------------
Fri Jan 18 16:42:34 UTC 2019 - seanlew@opensuse.org
- Update to 1.36.0
* build: disable shared library if ENABLE_SHARED_LIB is off
* third-party: use http-parser to v2.9.0 (GH-1294)
* third-party: Update mruby to 2.0.0
* nghttpx: Pool h1 backend connection per address (GH-1292)
* nghttpx: Randomize backend address round robin order per thread
(GH-1291)
* nghttpx: Fix getting long SNs for openssl < 1.1 (GH-1287)
* h2load: add an option to write per-request logs (GH-1256)
* asio: added access to # of the current server port (GH-1257)
-------------------------------------------------------------------
Fri Jan 18 14:35:14 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Use multibuild to not pull in python3 in first build, nghttp2
is low in the system
-------------------------------------------------------------------
Fri Jan 11 14:24:40 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Update to version 1.35.1:
* nghttpx: Fix broken trailing slash handling (GH-1276)
- Changes for version 1.35:
* build: cmake: Fix libevent version detection (Patch from Jan Kundrát) (GH-1238)
* lib: Use __has_declspec_attribute for shared builds (Patch from Don) (GH-1222)
* src: Require C++14 language feature
* nghttpx: Write mruby send_info early
* nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend
* h2load: Handle HTTP/1 non-final response (GH-1259)
* h2load: Clarify that time for connect includes TLS handshake
-------------------------------------------------------------------
Mon Oct 8 19:46:51 UTC 2018 - adam.majer@suse.de
- Update to version 1.34.0: (bsc#1112438, FATE#326776)
* lib: Implement RFC 8441 :protocol support
* nghttpx: Add read/write-timeout parameters to backend option
* nghttpx: Fix mruby parameter validation in backend option
* nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
* nghttpx: Update neverbleed to fix OpenSSL 1.1.1 issues
* nghttpx: Update mruby 1.4.1
* nghttpx: Add mruby env.tls_handshake_finished
* nghttpx: Add --tls13-ciphers and --tls-client-ciphers options
* nghttpx: Add RFC 8470 Early-Data header field support
* nghttpx: Add RFC 8446 TLSv1.3 0-RTT early data support
-------------------------------------------------------------------
Wed Sep 26 08:00:27 UTC 2018 - adam.majer@suse.de
- Update to version 1.33.0:
* lib: Tweak nghttp2_session_set_stream_user_data
* lib: Fix handling of SETTINGS_MAX_CONCURRENT_STREAMS.
* lib: Implement ORIGIN frame
* asio: support definition of local endpoint for cleartext
client session
* integration: Remove remaining SPDY code from the integration tests
* nghttpx: Fix worker process crash with neverbleed write error
* nghttpx: Support per-backend mruby script
* nghttpx: Fix stream reset if data from client is arrived before
dconn is attached
-------------------------------------------------------------------
Mon Jul 9 15:04:12 UTC 2018 - mpluskal@suse.com
- Update to version 1.32.0:
* lib: Ignore all input after calling session_terminate_session
* lib: Fix treatment of padding
* lib: Don't allow 101 HTTP status code because HTTP/2 removes
HTTP Upgrade
* build: add ENABLE_STATIC_LIB option to build static lib
* third-party: Upgrade neverbleed to the latest master
* asio: Support client side SNI
* src: Compile with libressl 2.7.2
* src: Allow building without NPN
* h2load: -r and --duration are mutually exclusive
-------------------------------------------------------------------
Fri Apr 13 08:40:38 UTC 2018 - tchvatal@suse.com
- Version umpdate to 1.31.1:
* Fix bsc#1088639 CVE-2018-1000168
* https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/
-------------------------------------------------------------------
Mon Apr 9 10:16:47 UTC 2018 - tchvatal@suse.com
- Version update to 1.31.0:
* lib: Add nghttp2_session_set_user_data() public API function (GH-1137)
* src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro (GH-1128)
* nghttpx: Close listening socket on graceful shutdown
* nghttpx: Add an option to accept expired client certificate (GH-1126)
* nghttpx: Add mruby tls_client_not_before, and tls_client_not_after (GH-1123)
* nghttpx: Fix potential memory leak
* lib: Allow PING frame to be sent after GOAWAY (GH-1103)
* nghttpx: Fix bug that h1 backend idle timeout expires sooner
* nghttpx: Stop overwrite of first header on mruby call to env.req.set_header(..) (Patch from Dylan Plecki) (GH-1119)
* nghttpx: Add upgrade-scheme parameter to backend option (GH-1099)
* nghttpx: Fix missing ALPN validation (--npn-list) (GH-1094)
* nghttpx: Remember which resource is pushed for RFC 8297 (GH-1101)
-------------------------------------------------------------------
Mon Apr 9 08:59:52 UTC 2018 - tchvatal@suse.com
- Drop spdylay dependency as it is deprecated since version 1.28.0
and removed from cofnigure.ac since 1.29.0
-------------------------------------------------------------------
Thu Feb 22 15:10:41 UTC 2018 - fvogt@suse.com
- Use %license (boo#1082318)
-------------------------------------------------------------------
Fri Jan 5 13:21:33 UTC 2018 - mpluskal@suse.com
- Update to version 1.29.0:
* lib: Use NGHTTP2_REFUSED_STREAM for streams which are closed by
GOAWAY
* build: Remove SPDY
* build: Fix CMAKE_MODULE_PATH
* nghttpx: Revert "nghttpx: Use an existing h2 backend connection
as much as possible"
* nghttpx: Write API request body in temporary file
* nghttpx: Increase api-max-request-body
* nghttpx: Faster configuration loading with lots of backends
* nghttpx: Fix crash with --backend-http-proxy-uri option
-------------------------------------------------------------------
Mon Dec 11 16:53:16 UTC 2017 - dimstar@opensuse.org
- Export PYTHON=/usr/bin/python3 before running configure: allow to
build without (comnplete) python2 in the buildroot. In any case
we only ship python3-bindings already.
-------------------------------------------------------------------
Wed Dec 6 16:35:46 UTC 2017 - mpluskal@suse.com
- Upodate to version 1.28.0:
* lib: Add nghttp2_error_callback2
* build: Add deprecation warning when spdylay support is enabled
* Switch to clang-format-5.0
* examples: Make client and server work with libevent-2.1.8
* third-party: Update neverbleed
* integration: Fix issues reported by the go vet tool.
* nghttpx: Fix affinity retry
* nghttpx: Fix stalled backend connection on retry
* nghttpx: Cookie based session affinity
* nghttpx: Expose additional TLS related variables to mruby and
accesslog
-------------------------------------------------------------------
Wed Nov 8 16:54:59 UTC 2017 - mpluskal@suse.com
- Drop forgotten python2 build dependency
-------------------------------------------------------------------
Thu Oct 26 10:28:19 UTC 2017 - mpluskal@suse.com
- Update to version 1.27.0:
* h2load: Print out h2 header fields with --verbose option
* nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client
only
- Changes for version 1.26.0:
* docs: Fix some typos in the nghttpx how-to
* h2load: Fix bug that timing script stalls with -m1
* h2load: Reservoir sampling (GH-984)
* h2load: Add timing-based load-testing in h2load
- Switch to python3 support
-------------------------------------------------------------------
Mon Oct 9 10:14:26 UTC 2017 - schwab@suse.de
- Don't use jemalloc on ppc or %arm, where it is broken.
-------------------------------------------------------------------
Mon Aug 28 10:58:52 UTC 2017 - mpluskal@suse.com
- Update to version 1.25.0:
* lib: add nghttp2_rcbuf_is_static() (Patch from Anna Henningsen) (GH-983)
* nghttpx: Fix bug that forwarded for is not affected by proxy protocol (GH-979)
* nghttpx: Update mruby to 1.3.0 (GH-957)
-------------------------------------------------------------------
Mon Jul 17 19:45:59 UTC 2017 - mpluskal@suse.com
- Drop doc building
- Rename python subpackage to python2
-------------------------------------------------------------------
Mon Jul 10 14:35:59 UTC 2017 - mpluskal@suse.com
- Update to version 1.24.0:
* doc: README.rst: fix typo (Patch from Simone Basso) (GH-947)
* doc: fix up grammar in submit_trailer docs (Patch from Benjamin Peterson) (GH-945)
* doc: fix cleaning in out-of-tree builds (Patch from Benjamin Peterson) (GH-938)
* nghttp: Fix bug that upgrade fails if reason-phrase is missing (GH-949)
* nghttpx: Verify OCSP response using trusted CA certificates (GH-943)
* nghttpx: Set default minimum TLS version to TLSv1.2 (GH-937)
- Changes for version 1.23.1:
* nghttpx: Fix crash in OCSP response verification
- Changes for version 1.23.0:
* lib: nghttp2_session: Allow for compiling library with -DNDEBUG set (Patch from Angus Gratton) (GH-919)
* lib: Treat incoming invalid regular header field as stream error (GH-900)
* lib: Call nghttp2_on_invalid_frame_callback if altsvc validation fails (GH-904)
* doc: spelling mistake in arguments to build nghttp apps (Patch from Soham Sinha) (GH-925)
* doc: Add notes for installation on linux systems (Patch from Tapanito) (GH-917)
* doc: Clarify the effect of nghttp2_option_set_no_http_messaging
* nghttpx: Verify OCSP response (GH-929)
* nghttpx: Fix certificate selection based on pub key algorithm (GH-924)
* nghttpx: Fix certificate indexing bug
* nghttpx: Run OCSP at startup (GH-922)
* nghttpx: Wildcard path matching (GH-914)
* nghttpx: Forward multiple via, xff, and xfp header fields (GH-903)
* nghttp: Add -y, --no-verify-peer option to suppress peer verify warn (GH-906)
-------------------------------------------------------------------
Wed May 10 12:03:35 UTC 2017 - mpluskal@suse.com
- Update to version 1.22.0:
* lib: Add missing free call on error in inflight_settings_new() (Patch from lstefani) (GH-884)
* asio: Support specifying stream priority via session::submit() (Patch from Matt Way) (GH-881)
* nghttpx: Clarify --conf option behaviour
* nghttpx: Add $tls_sni access log variable (GH-896)
* nghttpx: Rename ssl_* log variables as tls_* (GH-895)
* nghttpx: Fix path matching bug (GH-894)
* nghttpx: SNI based backend server selection (GH-892)
* nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3 (GH-878)
* nghttpx: Add options for X-Forwarded-Proto header field (GH-872)
* nghttpx: Add --single-process option (GH-869)
* nghttpx: Use 502 as server error code
* nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
* nghttp: Verify server certificate and show warning if it fails (GH-870)
* integration: Use nip.io instead of xip.io
-------------------------------------------------------------------
Fri Apr 21 10:27:41 UTC 2017 - mpluskal@suse.com
- Update to version 1.21.1:
* asio: Fix crash if connect takes longer time than ping interval (GH-866)
* nghttpx: Fix bug that 204 from h1 backend is always treated as error (GH-871)
- Changes for version 1.21.0:
* lib: Fix nghttp2_session_want_write (GH-832)
* doc: Document pkg-config path usage
* build: Eliminate U macro; Instead use (void)VAR for better compiler compatibility.
* src: BoringSSL supports SSL_CTX_set_{min,max}_proto_version. (Patch from Piotr Sikora) (GH-853)
* src: Use Mozilla's "Modern compatibility" ciphers by default
* src: nghttp2_gzip: fix this statement may fall through [-Werror=implicit-fallthrough=] found by gcc7 (Patch from Alexis La Goutte) (GH-823)
* nghttpx: Print version number with -v option
* nghttpx: Enable X25519 with boringssl
* nghttpx: Retry getaddrinfo without AI_ADDRCONFIG (GH-858)
* nghttpx: Failing to listen on server socket is fatal error
* nghttpx: Escape certain characters in access log (GH-856)
* nghttpx: Ignore further input if connection is going to close
* nghttpx: Don't call functions which are not async-signal-safe after fork but before execv in multithreaded process.
* nghttpx: Enable backend pattern matching with http2-proxy (GH-733)
* asio: client: Send PING after 30 seconds idle (GH-847)
-------------------------------------------------------------------
Thu Mar 23 18:53:19 UTC 2017 - mpluskal@suse.com
- Update to version 1.20.0:
* lib: nghttp2_session: fix The 'then' statement is equivalent to the subsequent code fragment found by PVS Studio (V523) (Patch from Alexis La Goutte) (GH-814)
* lib: Add nghttp2_option_set_no_closed_streams (GH-810)
* build: Disable spdylay detection by default
* build: Add --with-systemd option to configure
* fuzz: Add fuzzer for oss-fuzz (GH-799)
* src: Enable TLSv1.3 if it is supported by OpenSSL (or BoringSSL) (GH-816)
* src: h2 requires >= TLSv1.2
* asio: More graceful stop of nghttp2::asio_http2::server::http2 (Patch from Amir Pakdel) (GH-805)
* asio: Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted. (Patch from clemahieu)
* asio: Fix infinite loop in acceptor handler (Patch from clemahieu) (GH-794)
* asio: close_stream erases from streams_ while it's being iterated over. (Patch from clemahieu) (GH-795)
* nghttpx: Strip version number from server header field
* nghttpx: Add --single-worker option
* nghttpx: Fix bug that send_reply does not participate graceful shutdown
* nghttpx: Add --frontend-max-requests option
* nghttpx: Enable stream-write-timeout by default
* nghttpx: Fix stream write timer handling
* nghttpx: Add configrevision API endpoint (GH-820)
* nghttpx: Redirect to HTTPS URI with redirect-if-not-tls parameter (GH-819)
* nghttpx: Update log time stamp in millisecond interval
* nghttpx: Better error message when private key and certificate are missing
* nghttpx: Fix bug that old config is used during reloading configuration
* nghttpx: Specify TLS protocol by version range (GH-809)
* nghttpx: Send SIGQUIT to the original master process (GH-807)
* nghttpx: Restrict HTTP major and minor in 0 or 1
* nghttpx: Drop privilege of neverbleed daemon first
* nghttpx: add systemd support (Patch from Tomasz Torcz) (GH-802)
* nghttpx: Fix crash on SIGHUP with multi thread configuration (GH-801)
* nghttpx: Send 1xx non-final response using mruby script (GH-800)
* nghttpx: Select certificate by client's supported signature algorithm (GH-792)
* nghttpx: Recommend POST for backendconfig API request
* nghttpx: Don't build PSK features with LibreSSL (Patch from Bernard Spil) (GH-789)
* nghttp: add support for link rel="preload" for --get-assets (Patch from Benedikt Christoph Wolters) (GH-791)
* h2load: Fix wrong req_stat updates
* h2load: Explicitly count the number of requests left and inflight
* integration: Fix deprecation warnings
* integration: Redirect nghttpx stdout/stderr to test driver's stdout/stderr
- Changes for version 1.19.0:
* lib: Fix memory leak of nghttp2_stream object in server side nghttp2_session object
* Fix issues found by PVS Studio (Patch from Alexis La Goutte) (GH-769)
* doc: Update README file to write about the issue of Alpine Linux's inability to replace malloc (Patch from makovich) (GH-768)
* build: Compile with Android NDK r13b using clang
* src: Fix assertion error with boringssl
* nghttp: Take into account scheme and port when parsing HTML links
* nghttp: Fix authority for --get-assets if IP address is used in conjunction with user-defined :authority header (Patch from Benedikt Christoph Wolters) (GH-783)
* nghttpx: Add --accesslog-write-early option (GH-777)
* nghttpx: Fix access.log timestamp (GH-778)
* nghttpx: Show default cipher list in -h
* nghttpx: Add client-ciphers option
* nghttpx: Add client-no-http2-cipher-black-list option
* nghttpx: Fix the bug that no-http2-cipher-black-list does not work on backend HTTP/2 connections.
* nghttpx: Add --client-psk-secret option to enable PSK in backend (GH-612)
* nghttpx: Add --psk-secret option to enable PSK in frontend connection (GH-612)
* nghttpx: Enable SCT with OpenSSL 1.1.0
* nghttpx: Add proxyproto to frontend option to accept PROXY protocol (GH-765)
* h2load: Show default cipher list in -h
* h2load: Show custom server temp key such as X25519
* h2load: Fix incorrect return value from spdylay_send_callback
- Changes for version 1.18.1:
* nghttpx: Fix assertion error in libev ev_io_start (GH-759)
* nghttpx: Handle c-ares success without result
* nghttpx: Fix bug that DNS timeout was erroneously disabled (GH-763)
* nghttpx: Fix bug that DNS timeout was ignored (GH-763)
-------------------------------------------------------------------
Thu Feb 2 10:21:27 UTC 2017 - adam.majer@suse.de
- use individual libboost-*-devel packages instead of boost-devel
-------------------------------------------------------------------
Tue Jan 3 10:39:12 UTC 2017 - mpluskal@suse.com
- Update to version 1.18.0:
* lib: Accept and ignore content-length: 0 in 204 response for now
* build: Use pkg-config to detect libxml2
* build: Require c-ares to compile applications under src
* build: Add Windows CI via AppVeyor (Patch from Alexis La Goutte)
* examples: Delete tiny-nghttpd
* nghttpx: Retry h1 backend request if first write fails (GH-757)
* nghttpx: Keep reading after backend write failed (GH-756)
* nghttpx: Add frontend-keep-alive-timeout option (GH-755)
* nghttpx: New error log format (GH-749)
* nghttpx: Fix bug that fetch-ocsp-response does not work with OpenSSL 1.1.0 (GH-742)
* nghttpx: Backend API call allows non-numeric host with dns parameter (GH-731)
* nghttpx: Lookup backend host name dynamically (GH-721)
* nghttpx: Accept and ignore content-length: 0 in 204 response for now (GH-735)
* nghttpx: Wait for child process to exit
-------------------------------------------------------------------
Wed Dec 14 10:19:51 UTC 2016 - mpluskal@suse.com
- Update to version 1.17.0:
* lib: Disallow content-length in 1xx, 204, or 200 to a CONNECT request (GH-722)
* lib: Avoid memcpy against NULL src
* build: MSVC version resource support (Patch from Remo E) (GH-718)
* asio: server: Call on_close callback on connection close (GH-729)
* nghttpx: Fix frequent crash with --backend-http-proxy-uri
* nghttpx: Robust backend read timeout
* nghttpx: Fix bug that mishandles response header from h1 backend
* nghttpx: Fix bug that zero-length POST is not forwarded (GH-726)
* nghttpx: Remove optional reason-phrase from SPDY :status
* nghttpx: Header key and value must be string in mruby script
* nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby (GH-722)
* nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1 (GH-722)
* nghttpx: Fix compilation with BoringSSL (Patch from dalf) (GH-717)
* nghttpd, nghttpx, asio: Add missing mandatory SP after status code
-------------------------------------------------------------------
Thu Nov 24 09:44:32 UTC 2016 - mpluskal@suse.com
- Update to version 1.16.1:
* lib: Prevent undefined behavior in decode_length
* nghttpx: Fix bug which may crash nghttpx if non-final response
is forwarded from origin server to HTTP/1.1 client
- Changes for version 1.16.0:
* lib: Add nghttp2_set_debug_vprintf_callback to take advantage
of DEBUGF statements in when building DEBUGBUILD.
* Update .clang-format for clang-format-3.9
* build: Make it possible to include nghttp2/CMakeLists.txt in
another project using add_subdirectory.
* third-party: Update http-parser to
feae95a3a69f111bc1897b9048d9acbc290992f9
* asio: Fix crash when end() is called outside nghttp2 callback
* nghttpx: Add --backend-connect-timeout option
* nghttpx: Add TLS signed_certificate_timestamp extension support
* nghttpx: Add --ecdh-curves option to specify list of named
curves
* h2load: Add --header-table-size and --encoder-header-table-size
options
-------------------------------------------------------------------
Sun Sep 25 09:01:48 UTC 2016 - mpluskal@suse.com
- Update to version 1.15.0:
* lib: Add nghttp2_option_set_max_deflate_dynamic_table_size()
API function (GH-684)
* lib: Allow NGHTTP2_ERR_PAUSE from
nghttp2_data_source_read_callback (GH-671)
* lib: Add nghttp2_session_get_hd_deflate_dynamic_table_size()
and nghttp2_session_get_hd_inflate_dynamic_table_size() API
functions to get current HPACK dynamic table size (GH-664)
* lib: Add nghttp2_session_get_local_settings() API function
* lib: Add nghttp2_session_get_local_window_size() and
nghttp2_session_get_stream_local_window_size() API functions
* build: Add -lsocket -lnsl to APPLDFLAGS for solaris build
* neverbleed: Update neverbleed to support ECDSA certificate
* doc: Mention --enable-lib-only configure option in README
* integration: Fix test failure with go1.7.1
* src: Fix compile error with openssl 1.1.0
* nghttpx: Improve performance with HTTP/1.1 backend when
request body is involved
* nghttpx: Use std::atomic_* overloads for std::shared_ptr if
available
* nghttpx: Migrate backend stream to another h2 session on
graceful shutdown
* nghttpx: Add option to specify HPACK encoder/decoder dynamic
table size
* nghttpx: Log client address
* nghttpx: Add tls_sni to mruby Nghttpx::Env class
* nghttpx: Add --frontend-http2-window-size option, and its
family functions
* nghttpx: Add experimental TCP optimization for h2 frontend
* nghttpx: Workaround for std::make_shared bug in Xcode7, 7.1,
and 7.2 (GH-670)
* nghttpx: Fix bug that bytes are doubly counted to rate limit
for TLS connections
* nghttpx: Add --no-server-rewrite option not to rewrite server
header field (GH-667)
* nghttpx: Retry if backend h1 connection cannot be established
due to timeout
* nghttpx: Reset stream if invalid header field is received in h2
* nghttpx: Add --server-name option to change server response
header field (GH-667)
* nghttpd: Add --encoder-header-table-size option
* nghttp: Add --encoder-header-table-size option
* python: Support ALPN, require Python 3.5
-------------------------------------------------------------------
Thu Sep 8 08:35:52 UTC 2016 - idonmez@suse.com
- Update to version 1.14.0:
* lib: Make emit_header() return void since it always succeed
* lib: Add nghttp2_hd_deflate_hd_vec() deflate API to support
multiple buffer input
* lib: since hd_inflate_commit_indexed() always return 0,
remove the return value check in nghttp2_hd_inflate_hd_nv()
* lib: Use memeq() instead of lstreq() in lookup_token()
* lib: More strict stream state handling
* lib: Modify genlibtokenlookup.py to remove redundant header
comparisons and remove inline qualifier of lookup_token()
in genlibtokenlookup.py
* lib: Fix wrong tree operation to avoid cycle
* lib: Make get_max_index() return the max index in frame,
so we don't need to do extra calculation
* lib: Add nghttp2_on_invalid_header_callback
* lib: Log frame's stream ID for header debug logging
* doc: Remove old doc about differential encoding in HPACK
* doc: Document about ALPN in nghttpx howto
* nghttpx: Log error code from getsockopt(SO_ERROR) on first
write event
* nghttpx: Don't change pushed stream's priority
* nghttpx: Log backend connection failure in WARN level
* nghttpx: Fix bug that api and healthmon parameters do not work
with http2 proxy
* nghttpx: Add access log variable for backend host and port
* nghttpx: Use copy instead of const reference of backend group
* nghttpx: Reload configuration with SIGHUP
* nghttp: Adjust weight according to Firefox stable
* nghttp: Call error callback when invalid header field is
received and ignored
* nghttp: Allow multiple -p option
* deflatehd: Call nghttp2_hd_deflate_change_table_size only
if table size is changed from default
-------------------------------------------------------------------
Sun Aug 7 17:23:20 UTC 2016 - mpluskal@suse.com
- Update to version 1.13.0:
* lib: Cancel non-DATA frame transmission from
nghttp2_before_frame_send_callback
* doc: Fix warning with Sphinx 1.4
* build: Work with Android NDK r12b
* nghttpx: Use consistent hashing for client IP based session
affinity
* nghttpx: Fix FTBFS on armel by explicitly including the header
* nghttpx: Cast to double to fix build with gcc 4.8 on Solaris 11
* nghttpx: Fix build error with libressl
* examples: Fix compile error with OpenSSL v1.1.0-beta2
-------------------------------------------------------------------
Thu Jul 14 13:08:52 UTC 2016 - mpluskal@suse.com
- Update to version 1.12.0:
* Add nghttp2_session_set_local_window_size API function
* Add nghttp2_option_set_max_send_header_block_length API
function (GH-613)
* Fix warning: declaration of 'free' shadows a global declaration
(Patch from Alexis La Goutte)
* examples: Add ALPN support to tutorial client/server (GH-614)
* nghttpx: Reduce TTFB with large number of incoming connections
* nghttpx: Rewrite read timer handling
* nghttpx: Clean up neverbleed AF_UNIX socket
* nghttpx: Add --backend-max-backoff option
* nghttpx: Use 16KiB buffer for reading to match TLS record size
* nghttpx: Add healthmon parameter to -f option to enable health
monitor mode
* nghttpx: Receive reference of std::mt19937, not making a copy
* nghttpx: Fix bug that backend never return to online (GH-615)
* nghttpx: Implement client IP based session affinity
* nghttpx: Add --api-max-request-body option to set maximum API
request body size
* nghttpx: Add api parameter to --frontend option to mark API
endpoint
* h2load: Add content-length header field for HTTP/2 and SPDY as
well
* h2load: Implement HTTP/1 upload (GH-611)
-------------------------------------------------------------------
Wed Jun 8 09:03:04 UTC 2016 - idonmez@suse.com
- Update to 1.11.1
* lib: Add nghttp2_hd_inflate_hd2() and deprecate
nghttp2_hd_inflate_hd()
* lib: Avoid 0-length DATA if NGHTTP2_DATA_FLAG_NO_END_STREAM is set
* lib: Fix bug that PING flags are ignored in nghttp2_submit_ping
* integration: Workaround runtime error: cgo argument has Go pointer
to Go pointer
* nghttp: Eliminate zero length DATA frame at the end if possible
* nghttpd: Set content-length in status response
* nghttpx: Add sni keyword to --backend option
* nghttpx: Allow mixed protocol and TLS settings among backends under
same pattern
* nghttpx: Don't add 0-length DATA when response HEADERS bears
END_STREAM flag
* nghttpx: Don't add chunked encoded response body for HEAD request
* nghttpx: Don't use CN if we have dNSName or iPAddress field
* nghttpx: Just call execv instead of execve to pass environ
* nghttpx: Make SETTINGS timeout value configurable
* nghttpx: Save PID file after it is ready to accept connections
* nghttpx: Treat backend failure if SETTINGS is not received within
timeout
* nghttpx: Wait for SETTINGS ACK to make sure that backend h2 server
is alive
-------------------------------------------------------------------
Wed Apr 27 10:04:48 UTC 2016 - mpluskal@suse.com
- Update to 1.10.0
* Pass unknown SETTINGS values to nghttp2_on_frame_recv_callback
* Add ALTSVC frame support
* Run error callback when peer does not send initial SETTINGS
frame
* Update http-parser
* Update sphinx_rtd_theme
* nghttp: add an --expect-continue option
* nghttpx: Fix downstream connect callback called early
* nghttpx: Truncate too long -b option signature
* nghttpx: Fix bug that server push from mruby script did not
work
* nghttpx: Try next HTTP/1 backend address when connection
cannot be made
* nghttpx: Retry next HTTP/2 backend address when connection
cannot be made
* nghttpx: Enable link header field based push for non-final
response
* nghttpx: Detect online/offline state of backend servers
* nghttpx: Better load balancing between backend HTTP/2 servers
* nghttpx: Fix crash with backend failure
-------------------------------------------------------------------
Wed Apr 13 18:31:20 UTC 2016 - mpluskal@suse.com
- Update to 1.9.2
* nghttpx: Fix crash with backend failure
* nghttpx: Better distribute load to backend h2 servers
* nghttpx: Fix error messages on deprecated mode
* nghttpx: Fix bug that logger wrote string which was not
NULL-terminated
* nghttpx: Fix bug that proxy with HTTP/1.1 CONNECT did not work
-------------------------------------------------------------------
Sun Mar 27 16:57:17 UTC 2016 - mpluskal@suse.com
- Update to 1.9.1
* nghttpx: Fix bug that backend tls keyword did not work with -s
option
* nghttpx: Fix handing stream after connection check was failed
- Changes for 1.9.0
* lib: Add nghttp2_error_callback to tell application human
readable error message
* lib: Reference counted HPACK name/value pair, adding
* nghttp2_on_header_callback2
* lib: Add nghttp2_option_set_no_auto_ping_ack() option
* lib: Add nghttp2_http2_strerror() to return HTTP/2 error code
string
* build: Makefile.msvc enhancements (Patch from Jan-E)
* build: Lower libev version requirement (Patch from Peter Wu)
* build: cmake build support (Patch from Peter Wu)
* asio: Fix bug that server event loop breaks with exception
* integration: Disable tests that sometimes break randomly on
travis
* integration: do not use recursive target (Patch from Peter Wu)
* h2load: Fix bug that it did not try to connect to server again
* h2load: Fix bug that initial max concurrent streams was too
large
* nghttpx: Memcached connection encryption with tls keyword
* nghttpx: Enable/disable TLS per frontend address
* nghttpx: Configure TLS per backend routing pattern
* nghttpx: Workaround for Ubuntu 15.04 which does not
value-initialize on std::make_shared.
* nghttpx: Add --error-page option to set custom error pages
* nghttpx: Add wildcard host routing
* nghttpx: Change read timeout reset timing
* nghttpx: Don't push if Link header field includes nopush
* nghttpx: Deprecate backend-http1-connections-per-host in favor
of backend-connections-per-host
* nghttpx: Restructure mode settings, removing --http2-bridge,
--client, and --client-proxy options
* nghttpx: Deprecate backend-http1-connections-per-frontend in
favor of backend-connections-per-frontend
* nghttpx: Don't share session which is already in draining
state
* nghttpx: Effectively disable backend HTTP/2 connection flow
control
* nghttpx: Add --frontend-http2-max-concurrent-streams and
--backend-http2-max-concurrent-streams, and deprecate
--http2-max-concurrent-streams option
* nghttpx: Deprecate --backend-http2-connections-per-worker
option
* nghttpx: Share TLS session cache between HTTP/2 and HTTP/1
backend
* nghttpx: Rewrite backend HTTP/2 connection coalesce strategy
-------------------------------------------------------------------
Fri Feb 26 13:00:38 UTC 2016 - mpluskal@suse.com
- Update to 1.8.0
* Add Architecture documents (work in progress)
* List all contributors in AUTHORS
* doc: fix out-of-tree doc builds (Patch from Peter Wu)
* Wrap AM_PATH_XML2 by m4_ifdef to handle the case when
_PATH_XML2 is not found
* Fix configure script for non-gcc, clang build
* Document compiling apps and include h2load in configure (Patch
from David Beitey)
* Don't check for dlopen/libdl on *BSD (Patch from Bernard Spil)
* Don't taint CXXFLAGS from AX_CXX_COMPILE_STDCXX_11
* Fixing Windows Makefile version detection (Patch from Reza
Tavakoli)
* lib: Tokenize extra HTTP header fields
* lib: Fix typo in HAVE_CONFIG_H name (Patch from Peter Wu)
* lib: Add HTTP/2 extension framework to send and receive
non-critical frames
* tests: remove unused macros (Patch from Peter Wu)
* src: Update default cipher list
* src: Fix compile error with gcc-6 which enables C++14 by default
* asio: client: Fix connect timeout does not work, return from cb
if session stopped, removing client::session::connect_timeout()
functon
* nghttpd: Start SETTINGS timer after it is written to output
buffer
* nghttpd: Add trailer header field to status responses
* nghttpd: Add -w and -W options to change window size
* nghttpx: Worker wide blocker which is used when socket(2) is
failed
* nghttpx: ConnectBlocker per backend address
* nghttpx: Interleave text/html pushed resources with associated
resource
* nghttpx: Add headers given in add-response-headers for mruby
response
* nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor
of --backend-address-family
* nghttpx: Add options to specify address family of memcached
connections
* nghttpx: Add encryption support for TLS ticket key retrieval
* nghttpx: Add TLS support for session cache memcached connection
* nghttpx: Refactor blacklisted cipher suite check (Patch from
Jay Satiro)
* nghttpx: Add TLS support for HTTP/1 backend
* nghttpx: Add request-header-field-buffer and
max-request-header-fields options, deprecating
header-field-buffer and max-header-fields options.
* nghttpx: Add --no-http2-cipher-black-list to allow black listed
cipher suite
* nghttpx: Limit header fields from backend
* nghttpx: Fix bug that IPv6 address in Forwarded "for" is not
quoted-string
* nghttpx: Support multiple frontend addresses
* integration-tests: support out-of-tree tests (Patch from Peter
Wu)
* examples: fix compile warnings (Patch from Peter Wu)
- Drop upstreamed nghttp2-c++14.patch
-------------------------------------------------------------------
Fri Feb 12 17:21:54 UTC 2016 - mpluskal@suse.com
- Update to 1.7.1
* Fix CVE-2016-1544 (boo#966514)
-------------------------------------------------------------------
Thu Jan 28 14:43:56 UTC 2016 - rguenther@suse.com
- Add nghttp2-c++14.patch to properly guard make_unique templates.
[bsc#964140]
-------------------------------------------------------------------
Tue Jan 26 20:02:00 UTC 2016 - mpluskal@suse.com
- Update to 1.7.0
* Reset (RST_STREAM) stream if flow control window gets overflow
* Validate :authroity, host, and :scheme value more strictly
* Check request/response submission error based side of session
* Strict outgoing idle stream detection
* Return error from nghttp2_submit_{headers,request} when self
dependency is made
* Add -ldl to APPLDFLAGS for static openssl linking
* asio: Stop acceptor on server::http2::stop
* asio: Rename http2::get_io_services() as http2::io_services()
* h2load: Support UNIX domain socket
* h2load: Improve readability of traffic numbers
* h2load: Remove "auto" for -m option
* h2load: Show progress in rate mode
* h2load: Perform sampling for request and connection timings to
reduce memory consumption
* nghttpd: Add --no-content-length option to omit content-length
in response
* nghttpx: Interleave pushed streams with the associated stream
if pushed streams are javascript and CSS resources
* nghttpx: The initial value of request/response buffer is
increased to 128K
* nghttpx: Fix bug that --listener-disable-timeout option is not
used
* nghttpx: Don't emit :authority if request does not contain
authority information
* nghttpx: Add clarification of quotes in configuration file
* nghttpx: Don't allow certain characters in host and :scheme
header field
* nghttpx: Add RFC 7239 Forwarded header field support
* nghttpx: Fix crash when running on IPv6 only (Patch from Vernon
Tang)
* nghttpx: Take into account of trailers when applying
max_header_fields
* nghttpx: Don't apply max_header_fields and header_field_buffer
limit to response
* nghttpx: Strict validation for header fields given in
configuration
* nghttpx: header value should not be lower-cased (Patch from
ayanamist)
-------------------------------------------------------------------
Thu Jan 21 08:28:51 UTC 2016 - pgajdos@suse.com
- fixed typo in libnghttp2_asio1 [bsc#962914]
-------------------------------------------------------------------
Wed Dec 23 17:48:47 UTC 2015 - mpluskal@suse.com
- Update to 1.6.0
* Fix heap-use-after-free bug when handling idle streams
* Strict error handling for frames which are not allowed after
closed (remote)
* Set max number of outgoing concurrent streams to 100 by
default
* Keep incoming streams only at server side
* Create stream object for pushed resource during
nghttp2_submit_push_promise()
* Add nghttp2_session_create_idle_stream() API
* Handle response in nghttp2_on_begin_frame_callback
* Add --lib-only configure option
* Compile with OpenSSL 1.1.0-pre1
* Fix build when OpenSSL 1.0.2 is not available (patch from
Sunpoet Po-Chuan Hsieh)
* asio: Add connect and read timeout to client API
* asio: Add TLS handshake and read timeout to server API
* asio: Added access to a requests remote endpoint (patch from
Andreas Pohl)
* asio: libnghttp2_asio: Added io_service accessors (patch from
Andreas Pohl)
* h2load: Add req/s min, max, mean and sd for clients
* h2load: Fix broken connection times
-------------------------------------------------------------------
Tue Dec 1 14:13:15 UTC 2015 - mpluskal@suse.com
- Update to 1.5.0
* Fix bug that nghttp2_session_find_stream(session, 0) returned
NULL
* Add nghttp2_session_change_stream_priority() to change stream
priority without sending PRIORITY frame
* Add nghttp2_session_check_server_session() API
* Consider to use CANCEL error code when closing streams with
GOAWAY
* Don't send push response if GOAWAY has been received
* Use error code CANCEL to reset pushed reserved stream from
remote
* Add nghttp2_session_upgrade2(), deprecate
nghttp2_session_upgrade()
* Workaround HTTP upgrade with HEAD request in
nghttp2_session_upgrade()
* Introduce NGHTTP2_NV_FLAG_NO_COPY_NAME and
NGHTTP2_NV_FLAG_NO_COPY_VALUE
* Add nghttp2_session_check_request_allowed() API function
* Switch to clang-format-3.6
* Update mruby to 1.2.0
* tests: fix broken linkage with --disable-static (Patch from
Kamil Dudka)
* python: Send RST_STREAM if remote side is not closed and
response finished
* asio: client: call on_error when connection is dropped
* asio: ALPN support
* h2load: Add --h1 option to force http/1.1 for both http and
https URI
* h2load: Fix crash when dealing with "connection: close" form
HTTP/1.1 server
* h2load: h2load goes into infinite loop when timing script file
starts with 0.0 in first line (Patch from Kit Chan)
* h2load: Override user-agent with -H option
* h2load: Print "space savings" to measure header compression
efficiency
* h2load: Stream error should be counted toward errored
* h2load: Show application protocol with OpenSSL < 1.0.2
* nghttpx: Don't send RST_STREAM to h2 backend if backend is
disconnected state
* nghttpx: Support server push from HTTP/2 backend
* nghttpx: Fix bug that causes connection failure with backend
proxy URI
* nghttpx: Use --backend-tls-sni-field to verify certificate
hostname
* nghttpx: Log :authority as $http_host if available
* nghttpd: Fix crash with CONNECT request
* nghttpd: Defered eviction of cached fd using timer
* nghttpd: Read /etc/mime.types to set content-type header field
* nghttp: Record request method to output it in har correctly
* nghttp: Use method given in -H with ":method" in HTTP Upgrade
- Drop nghttp2-1.4.0-fix-tests.patch (now in upstream)
-------------------------------------------------------------------
Mon Nov 16 17:21:15 UTC 2015 - mpluskal@suse.com
- Enable spdy and more example applications
-------------------------------------------------------------------
Sat Oct 31 10:21:56 UTC 2015 - sor.alexei@meowr.ru
- Update to 1.4.0:
* lib: Don't always expect dynamic table size update.
* lib: Shrink to the minimum table size seen in local SETTINGS.
* lib: Add new error code NGHTTP2_ERR_PAUSE to send_data_callback.
* lib: Avoid excessive WINDOW_UPDATE queuing.
* lib: Return fatal error if flooding is detected to close
session immediately.
* lib: Return type of nghttp2_submit_trailer is int.
* lib: Don't send WINDOW_UPDATE with 0 increment.
* lib: Fix bug that headers in CONTINUATION were ignored after
HEADERS with padding.
* package: Use -fvisibility=hidden for internal functions.
* package: Show more information in configure summary.
* package: Add PIDFile directive to systemd service.
* package: Fix daemon upgrade when running under systemd.
* app: Compile with BoringSSL.
* nghttp: Allow multiple -c option occurrence, and take min and
last value.
* nghttpd: Fix leak when server failed to listen to given port.
* nghttpx: Add TLS dynamic record size behaviour command line
options.
* nghttpx: Reduce default timeouts for read sockets to 1m.
* nghttpx: Fix bug that PUT is replaced with POST.
* nghttpx: Change mruby script handling.
* nghttpx: Added support for RFC 7413 (TCP Fast Open) on nghttpx
proxy listening connections.
* nghttpx: Add neverbleed support.
* h2load: Don't DOS our server!
* h2load: Use duration syntax for timeouts.
* h2load: Support subsecond rate period.
* h2load: Simplify rate mode.
* h2load: Add option for user-definable rate period.
* h2load: Reuse SSL/TLS session.
* h2load: Reconnect server on connection: close.
* h2load: Don't exit in the case of no ALPN protocol overlap.
* integration: Update go's http2 package URI.
- Add missing baselibs.conf.
- Add nghttp2-1.4.0-fix-tests.patch from commit 4825009.
- Small spec cleanup.
-------------------------------------------------------------------
Sun Sep 27 12:38:17 UTC 2015 - mpluskal@suse.com
- Update to 1.3.4
* Make traditional init script fail if new config file is broken
(Patch from Janusz Dziemidowicz)
* nghttpx-logrotate: Don't use killall since we have multiple
processes
* nghttpx: Fix improper signal handling
- Changes for 1.3.3
* Fix bug in padding handling of DATA frame
* Use hash table for dynamic table lookup
* More warning flags for --enable-werror
* Update mruby
* h2load: HTTP/1.1 support (Patch from Lucas Pardue)
* nghttpx: Do not try to set TCP_NODELAY when frontend is an
UNIX socket (Patch from Janusz Dziemidowicz)
* nghttpx: Chown UNIX domain socket to user specified as --user
* nghttpx: Split monolithic one process into control and worker
processes
* nghttpx: Handle SSL/TLS data following PROXY protocol line
- Changes for 1.3.2
* Check header block limit after new stream is opened
* nghttp: Show error if HEADERS frame cannot be sent for
whatever reason
* nghttpx: Fix assertion failure on TLS handshake
* nghttpx: Add x-http2-push header field for pushed resource
* nghttpx: Fix compile error with --disable-threads
-------------------------------------------------------------------
Mon Sep 14 13:33:16 UTC 2015 - mpluskal@suse.com
- Update to 1.3.1
* Avoid usage of typeof and replace __builtin_offsetof with
offsetof
* Honor stream->weight even if stream->last_writelen is 0
* Compile third-party libraries if hpack-tools is enabled
* nghttpx-init: Start nghttpx with --daemon
* Bundle sphinxcontrib.rubydomain https://bitbucket.org/birkenfeld/sphinx-contrib/src/default/rubydomain/
* Bundle mruby
* h2load: Record TTFB on first byte of response body, rather
than first socket read
* h2load: Improve checking for timing script input, prevent
false positive in certain situations
* nghttpx: Implement PROXY protocol version 1
(--accept-proxy-protocol option)
* nghttpx: Allow link header server push for HTTP/2 backend
as well
* nghttpx: Don't initiate push if client disabled push
* nghttpx: Allow absolute URI in Link header field for push
* nghttpx: Fix crash with multi workers and QUIT signal
* nghttpx: Add mruby support which is disabled by default
(use --with-mruby configure option to enable it)
* nghttpx: Drop connection before TLS finish if h2 requirement
is not fulfilled
- Fix typo in previous changelog entry
-------------------------------------------------------------------
Tue Sep 1 06:59:43 UTC 2015 - mpluskal@suse.com
- Update to 1.3.1
* Limit the number of incoming reserved (remote) streams
* Add stream public API
* Rewrite priority tree handling
* Fix parallel make distcheck
* Define it and itprep recursive target if
AM_EXTRA_RECURSIVE_TARGETS is defined
* fetch-ocsp-response: Handle spurious openssl exist status 0
* nghttpx: Use nghttp2::ssl::DEFAULT_CIPHER_LIST for backend TLS
connection
* nghttpx: Don't allow blacked listed cipher suites for HTTP/2
connection
* nghttpx: better handle /dev/stderr and /dev/stdout (Patch from
Tomasz Buchert)
* nghttpd: GOAWAY if SSL/TLS requirements for HTTP/2 are not met
* nghttpd: Return date header field for 304
* nghttpd: Support HEAD request
* h2load: Add Timing-script and base URI support (Patch from
Lucas Pardue)
* h2load: Add timeout options (Patch from Nora)
- Fix typo in changelog
-------------------------------------------------------------------
Mon Aug 17 10:51:27 UTC 2015 - mpluskal@suse.com
- Update to 1.2.1
* doc: Reword the HPACK tutorial (Patch from Tom Harwood)
* nghttpx: Fix stability issues
* h2load: Fix crash if -r > -n
-------------------------------------------------------------------
Mon Aug 10 14:10:20 UTC 2015 - mpluskal@suse.com
- Update to 1.2.0
* Fix crash if response or data is submitted to closing stream
* Header table size UINT32_MAX must be accepted
* Use PROTOCOL_ERROR against DATA sent to idle stream
* Allow multiple in-flight SETTINGS
* Strictly check occurrence of dynamic table size update
* Fix configure warning that 'missing' is missing or too old
* Fix rm: cannot remove *.rst: No such file or directory when
"make clean" (Patch from Alexis La Goutte)
* doc: Reword some of the server and client tutorial (Patch
from Tom Harwood)
* src: Remove monotonic_clock replacement macro for gcc-4.6
* nghttpx: Add TLS ticket key sharing among nghttpx instances
using memcached
* nghttpx: Add shared session cache using memcached
* nghttpx: Set SSL/TLS session timeout to 12 hours
* nghttpx: Enable session resumption on HTTP/2 backend
* nghttpx: Don't rewrite host header field by default
* nghttpx: Generate new ticket key every 1hr and its life time
is now 12hrs
* nghttpx: Don't reuse backend connection if it is not clean
* nghttpx: Add AES-256-CBC encryption for TLS session ticket
* nghttpd: Fix the bug that 304 response has non-empty body
* h2load: Add -r and -C options to h2load (Patch from
Nora Shoemaker)
- Changes for 1.1.2
* Fix linker error with libnghttp2_asio
* Allow custom installation location for Python bindings
- Drop no longer needed missing_nghttp2_timegm.patch
-------------------------------------------------------------------
Thu Jul 16 06:58:40 UTC 2015 - mpluskal@suse.com
- Update to 1.1.1
* nghttpx: Fix various stability issues and memory leak bug
- Changes for 1.1.0
* Fix DATA is not consumed if nghttp2_http_on_data_chunk failed
* nghttp2_submit_response and nghttp2_submit_headers may return
* NGHTTP2_ERR_DATA_EXIST
* msvc build fixes and enchantments (Patch from Gabi Davar)
* Compile with IRIX gcc-4.7 (Patch from Klaus Ziegler)
* nghttp: Add --max-concurrent-streams option
* nghttp: Add comment on HAR on pushed objects (Patch from
acesso)
* nghttpx: Add --include option to read additional configuration
from given file
* nghttpx: Add backend routing based on request host and path by
extending -b option
* nghttpx: Allow log variable to be enclosed by curly braces for
disambiguation
* nghttpx: Add log variables related to SSL/TLS connection
* h2load: Add --ciphers option
- Add patches
* missing_nghttp2_timegm.patch to fix building of asio library
* nghttp2-remove-python-build.patch to fix python bindings
installation when autotools are used
-------------------------------------------------------------------
Tue Jun 30 11:54:06 UTC 2015 - mpluskal@suse.com
- Update to 1.0.5
* Add STREAM_DEP_DEBUG macro switch to enable runtime validation
of depedency tree
* Fix another bug in priority handling; sibling's item is not
queued when ancestor's item is detached
* nghttpx: Fix crash with --http2-bridge and both frontend and
backend TLS
-------------------------------------------------------------------
Wed Jun 24 10:52:12 UTC 2015 - mpluskal@suse.com
- Update to 1.0.4
* Fix assertion failure in stream_update_dep_on_detach_item
(GH-264)
- Changes for 1.0.3
* Fix bug that idle self-depending PRIORITY is not handled
gracefully
* Optimize dependency based priority code to Firefox style tree
* enable third-party for asio_lib too (Patch from Mike
Frysinger)
* fetch-ocsp-response: Support LibreSSL, and include port in
ocsp_host
* src: Support compile with LibreSSL
* nghttpx: Fix bug that x-forwarded-proto header field does not
reflect frontend scheme on HTTP/2 backend
* nghttpx: Validate :path on SPDY frontend
-------------------------------------------------------------------
Tue Jun 16 08:27:32 UTC 2015 - mpluskal@suse.com
- Update to 1.0.2
* Fix bug that data are not consumed for connection in race
condition (GH-253)
* Define NGHTTP2_EXTERN to __declspec(dllimport) when using
nghttp2 for Windows build
* Translate fetch-ocsp-response into Python
* libevent-client: Fix bug that path is broken if URI does not
contain path part
* python: Call on_close callback when connection is lost for
server session
* python: Expose client certificate, if available (Patch from
Fabian Wiesel)
* python: Catch and log failure to set TCP_NODELAY (Patch from
Fabian Wiesel)
* nghttpx: Add --add-request-header option
* nghttpx: Make WebSocket upgrade work
* nghttpx: Fix bug that END_STREAM is not set in backend for
POST with Upgrade
* nghttpx: Don't send "Expect" header field twice
-------------------------------------------------------------------
Mon May 25 15:13:45 UTC 2015 - mpluskal@suse.com
- Update to 1.0.1
* Include stdint.h instead of inttypes.h when compiled with MSVC
< 2013
* Fix invalid memory free on out-of-memory handling
* integration: Use our own copy of golang spdy package
* android: Don't link zlib bundled with android NDK
* Dockerfile.android: Update NDK ver, and ubuntu; build and link
zlib
* src, examples: Fix up OpenSSL initialization
* nghttpx: Allow HTTP Upgrade from POST request if response
header has not been sent to the client
* nghttpx: Fix bug that PUSH_PROMISE is sent after associated
response HEADERS
* nghttpd: Close connection after settings timeout and GOAWAY
was sent
* h2load: Fix bug that NPN fails if ALPN is enabled
-------------------------------------------------------------------
Thu May 21 06:50:36 UTC 2015 - mpluskal@suse.com
- Update to 1.0.0
* v1.0.0 introduced backward incompatible changes from 0.7
series. Read https://nghttp2.org/documentation/package_README.html#migration-from-v0-7-15-or-earlier
to migrate from older version to this latest version.
- Changes for 0.7.15
* Hopefully, this is the last release for 0.7.x series.
Development continues in 1.x series.
* Access violation in buffers (GH-232) (Patch from Etienne Cimon)
* Retry finding jemalloc lib by je_malloc_stats_print (GH-233)
* inflatehd: Fix crash if 'wire' value is not string (GH-235)
* nghttpx: Revert 585af93 to fix crash with TLS (GH-234)
* nghttpd: Add --echo-upload option to send back request body
-------------------------------------------------------------------
Wed May 13 13:07:14 UTC 2015 - mpluskal@suse.com
- Update to 0.7.14
* Fix global-buffer-overflow in HPACK code
* Fix doc for nghttp2_select_next_protocol
* Fix bug that promised stream was not reset on decompression
error
* Add systemd and upstart configuration file for nghttpx
(Patch from Zhuoyun Wei)
* Improve nghttpx logrotate configuration file (Patch from
Zhuoyun Wei)
* Update sphinx_rtd_theme
* h2load: Update h2load to give connect time and ttfb stats
(Patch from ericcarlschwartz)
* nghttpd: Add -m, --max-concurrent-streams option
* nghttpx: Log absolute URI for HTTP/2 or client proxy request
* nghttpx: Add --header-field-buffer and --max-header-fields
options
* nghttp: Fix assertion error if very large value is given to -t
-------------------------------------------------------------------
Fri May 1 13:47:12 UTC 2015 - mpluskal@suse.com
- Update to 0.7.13
* Fix bug that promised stream was not reset by returning
NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from
nghttp2_on_header_callback. Instead, associated stream was reset.
* Allow NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from
nghttp2_on_begin_headers_callback
* h2load: Effectively disable flow control by setting large
window size
* asio: Graceful shutdown and joinable server (Patch from
Xiaoguang Sun)
-------------------------------------------------------------------
Mon Apr 20 08:40:33 UTC 2015 - mpluskal@suse.com
- Update to 0.7.12
* Fix bug that nghttp2_session_set_next_stream_id accepts invalid
stream_id
* HPACK: Rewrite static header table handling
* HPACK: Never index authorization and small cookie header field
* Don't install libnghttp2_asio headers if they are disabled
* doc: Specify program directive so that hyperlink to option is
correctly pointed to the intended location
* asio: client: Call error_cb on error occurred in do_read and
do_write (Fixes GH-207)
* nghttp: Add --no-push option to disable server push
* nghttp: Show stream ID in statistics output
* nghttp: Remove --dep-idle option
* nghttp: Use same priority anchor nodes as Firefox does
* nghttpx: Don't push resource if link header has non empty
loadpolicy
* nghttpx: Add logging for somewhat important events (logs,
tickets, and ocsp)
* nghttpx: Set Downstream to stream user data on HTTP Upgrade
to h2
-------------------------------------------------------------------
Sun Apr 12 17:38:36 UTC 2015 - mpluskal@suse.com
- Update to 0.7.11
* nghttpx: Fix waitpid race condition in ocsp response update
* nghttp: Consider user-provided :authority header field for SNI
as well as host header field
- Changes for 0.7.10
* Make sure that nghttp2 license is MIT license
* Add nghttp2_session_consume_{connection,stream} to consume
bytes independent
* Add nghttp2_send_data_callback to send DATA payload without
copying "static inline" fix for build with VS2013 (Patch from
Remo E)
* Update lib/Makefile.msvc (Patch from Remo E)
* Remove dependency on libws2_32 on Windows build
* Define NGHTTP2_EXTERN macro to export function for Windows
build
* doc: Generate API doc per function
* python: Add async body generation support
* python: Fix pseudo-header field ordering bug
* nghttpx: Redirect stderr to errorlog file
* nghttpx: Fix bug that data buffered in SSL object are not
read
* nghttpx: Remove --tls-ctx-per-worker option
* nghttpx: Add OCSP stapling feature
-------------------------------------------------------------------
Sat Apr 4 16:55:55 UTC 2015 - mpluskal@suse.com
- Enable python bindings
- Update to 0.7.9
* Implements h2-14 protocol (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14)
* Implements HPACK 09 (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09)
* h2load: Fix crash if -t > -c
* h2load: Add -d option to upload data to server
* nghttpx: Forward only "trailers" keyword in te when forwarding HTTP/2 backend
* nghttpx: Fix PUSH_PROMISE header field corruption [GH-194]
* nghttpx: Fix te header field is duplicated when forwarding HTTP/2 backend
* nghttp, nghttpd: Add --hexdump option to hexdump incoming traffic.
* examples: Place AM_CPPFLAGS first to use in-package header files first [GH-192]
- Changes for 0.7.8
* Implements h2-14 protocol (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14)
* Implements HPACK 09 (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09)
* Validate :path header field for http or https URI scheme
* NULL-terminate header field name and value presented by callback
* README.rst: Cleaned up the grammar a bit (Patch from Ross Smith II)
* h2load: fix for segfault by reserving correct worker count (Patch from Stefan Eissing)
-------------------------------------------------------------------
Wed Mar 18 21:29:49 UTC 2015 - jengelh@inai.de
- Avoid shipping documentation redundantly. Set RPM groups.
-------------------------------------------------------------------
Fri Mar 6 18:19:47 UTC 2015 - mpluskal@suse.com
- Fix rpm group
-------------------------------------------------------------------
Tue Mar 3 22:15:13 UTC 2015 - mpluskal@suse.com
- Update to 0.7.5
* Implements h2-14 protocol
(http://tools.ietf.org/html/draft-ietf-httpbis-http2-14)
* Implements HPACK 09
(http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09)
* Validate HTTP semantics by default
* Add nghttp2_option_set_no_http_messaging() API function
* Update http-parser
* nghttp, nghttpd, nghttpx: Use "sensitive" to indicate
"never indexed" header field
* nghttp, nghttpd, nghttpx, h2load: Select/announce h2 in
ALPN/NPN
* nghttp: Fix unaligned field output in --stat
* nghttp: Fix -H does not work with -u upgrade request
* nghttp: Update resource timing terminology according to
Resource Timing TR
* nghttpd: Add -a option which takes an address parameter that
allows nghttpd to bind to a non-default address. Patch
from Brian Card
* nghttpx: Use omit minor version in case of HTTP/2 in via
header and access log
* nghttpx: Support UNIX domain socket on both frontend and backend
* nghttpx: Fix crash in http/1 backend when backend returns more
bytes than CL
* nghttpx: Cast configuration value to rlim_t to avoid compile
error on 32bit
* nghttpx: Fix 1 second delay in HTTP/2 backend connection
* nghttpx: Fix request re-submission bug in HTTP/2 backend
* asio-sv2: Fix compile error with OS X
-------------------------------------------------------------------
Sun Feb 15 11:00:12 UTC 2015 - mpluskal@suse.com
- Initial packaging of 0.7.4