CVS commit: pkgsrc/www/nghttp2

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Tue Oct 10 15:24:36 UTC 2023

Modified Files:
        pkgsrc/www/nghttp2: Makefile.common distinfo

Log Message:
nghttp2 nghttp2-tools: updated to 1.57.0

Nghttp2 v1.57.0

Security Advisory

CVE-2023-44487: HTTP/2 Rapid Reset

For more information, read the security advisory.

lib

This release has a fix to mitigate CVE-2023-44487: HTTP/2 Rapid Reset. It has reasonable amount of default budgets for incoming RST_STREAM frames. Application can tune the rate limit by using 
nghttp2_option_set_stream_reset_rate_limit. It can also implement its own rate limit by implementing nghttp2_on_frame_recv_callback and check RST_STREAM frame.

nghttpx

This release fixes the bug that --single-process does not work. It also fixes the bug that TLS connection is not rate limited.


To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/nghttp2/Makefile.common
cvs rdiff -u -r1.64 -r1.65 pkgsrc/www/nghttp2/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/nghttp2/Makefile.common
diff -u pkgsrc/www/nghttp2/Makefile.common:1.18 pkgsrc/www/nghttp2/Makefile.common:1.19
--- pkgsrc/www/nghttp2/Makefile.common:1.18     Wed Sep  6 18:03:32 2023
+++ pkgsrc/www/nghttp2/Makefile.common  Tue Oct 10 15:24:36 2023
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile.common,v 1.18 2023/09/06 18:03:32 adam Exp $
+# $NetBSD: Makefile.common,v 1.19 2023/10/10 15:24:36 adam Exp $
 # used by www/nghttp2/Makefile
 # used by www/nghttp2-tools/Makefile
 
-DISTNAME=      nghttp2-1.56.0
+DISTNAME=      nghttp2-1.57.0
 CATEGORIES=    www
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=tatsuhiro-t/}
 EXTRACT_SUFX=  .tar.xz

Index: pkgsrc/www/nghttp2/distinfo
diff -u pkgsrc/www/nghttp2/distinfo:1.64 pkgsrc/www/nghttp2/distinfo:1.65
--- pkgsrc/www/nghttp2/distinfo:1.64    Wed Sep  6 18:03:32 2023
+++ pkgsrc/www/nghttp2/distinfo Tue Oct 10 15:24:36 2023
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.64 2023/09/06 18:03:32 adam Exp $
+$NetBSD: distinfo,v 1.65 2023/10/10 15:24:36 adam Exp $
 
-BLAKE2s (nghttp2-1.56.0.tar.xz) = 5e8799c0997d6c967bf3eb4c47576ed8a27997fbe51c4d0bb4354fcbca4cbf06
-SHA512 (nghttp2-1.56.0.tar.xz) = 9754bd637705400cc4c3488d6dd1fc217c765a0925d2a5edfd83d380db0ad9e9a05974afa4fcda40b07287e8e8261b9d8009892cb1c2cc417ce4232a01b0011d
-Size (nghttp2-1.56.0.tar.xz) = 1541712 bytes
+BLAKE2s (nghttp2-1.57.0.tar.xz) = 220346e42e48475b6760360db0b63c91357696265522377069109d423cf4f570
+SHA512 (nghttp2-1.57.0.tar.xz) = d914eb48afd1ea182c1b2a454bf5e7963a7e28165f1d6d29bb83dd61a1b611c8c469e72a7a22daf23b8037f6e5ae9d4e791150b7d135746c1a5ec71ceb777f92
+Size (nghttp2-1.57.0.tar.xz) = 1543568 bytes
 SHA1 (patch-Makefile.in) = a8b55c4e477ea285a9ba005a20e244b762968f3e