import UBI nghttp2-1.68.0-3.el10_2.1

This commit is contained in:
AlmaLinux RelEng Bot 2026-05-19 18:39:19 -04:00
parent c7a11e34a2
commit 0f655ecd72
9 changed files with 344 additions and 169 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
nghttp2-1.64.0.tar.xz
nghttp2-1.68.0.tar.xz

View File

@ -1,144 +0,0 @@
From 824299d70585afb2fdf7b87ac144343529ee32ae Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 18 Feb 2026 22:40:57 +0900
Subject: [PATCH] CVE-2026-27135
Check nghttp2_is_fatal first
(cherry picked from commit 68f77a347544c207eeff7ff7457284697ccf7f7d)
Fix missing iframe->state validations to avoid assertion failure
(cherry picked from commit 5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1)
---
lib/nghttp2_session.c | 48 +++++++++++++++++++++++++++++++++++--------
1 file changed, 40 insertions(+), 8 deletions(-)
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
index df33a89e..01ed39fb 100644
--- a/lib/nghttp2_session.c
+++ b/lib/nghttp2_session.c
@@ -5980,6 +5980,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
busy = 1;
rv = session_on_data_received_fail_fast(session);
+ if (nghttp2_is_fatal(rv)) {
+ return rv;
+ }
+
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
@@ -5990,10 +5994,6 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
break;
}
- if (nghttp2_is_fatal(rv)) {
- return rv;
- }
-
rv = inbound_frame_handle_pad(iframe, &iframe->frame.hd);
if (rv < 0) {
rv = nghttp2_session_terminate_session_with_reason(
@@ -6063,6 +6063,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
on_begin_frame_called = 1;
rv = session_process_headers_frame(session);
@@ -6429,6 +6433,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
if (nghttp2_is_fatal(rv)) {
return rv;
}
+
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
}
}
@@ -6684,6 +6692,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
session_inbound_frame_reset(session);
break;
@@ -6986,6 +6998,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
if (nghttp2_is_fatal(rv)) {
return rv;
}
+
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
} else {
iframe->state = NGHTTP2_IB_IGN_HEADER_BLOCK;
}
@@ -7151,13 +7167,17 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
rv = session->callbacks.on_data_chunk_recv_callback(
session, iframe->frame.hd.flags, iframe->frame.hd.stream_id,
in - readlen, (size_t)data_readlen, session->user_data);
- if (rv == NGHTTP2_ERR_PAUSE) {
- return (nghttp2_ssize)(in - first);
- }
-
if (nghttp2_is_fatal(rv)) {
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
+
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
+ if (rv == NGHTTP2_ERR_PAUSE) {
+ return (nghttp2_ssize)(in - first);
+ }
}
}
}
@@ -7237,6 +7257,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
if (rv != 0) {
busy = 1;
@@ -7255,6 +7279,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
session_inbound_frame_reset(session);
break;
@@ -7283,6 +7311,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
session_inbound_frame_reset(session);
break;
--
2.53.0

View File

@ -0,0 +1,57 @@
From 76ff93e618a763501dfa136a8aef16fd7ba51d62 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 18 Feb 2026 22:40:57 +0900
Subject: [PATCH 1/2] Check nghttp2_is_fatal first
(cherry picked from commit 68f77a347544c207eeff7ff7457284697ccf7f7d)
---
lib/nghttp2_session.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
index 1f4ea54c..bcea5473 100644
--- a/lib/nghttp2_session.c
+++ b/lib/nghttp2_session.c
@@ -5466,6 +5466,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
busy = 1;
rv = session_on_data_received_fail_fast(session);
+ if (nghttp2_is_fatal(rv)) {
+ return rv;
+ }
+
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
return (nghttp2_ssize)inlen;
}
@@ -5486,10 +5490,6 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
break;
}
- if (nghttp2_is_fatal(rv)) {
- return rv;
- }
-
rv = inbound_frame_handle_pad(iframe, &iframe->frame.hd);
if (rv < 0) {
rv = nghttp2_session_terminate_session_with_reason(
@@ -6771,13 +6771,13 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
rv = session->callbacks.on_data_chunk_recv_callback(
session, iframe->frame.hd.flags, iframe->frame.hd.stream_id,
in - readlen, (size_t)data_readlen, session->user_data);
- if (rv == NGHTTP2_ERR_PAUSE) {
- return (nghttp2_ssize)(in - first);
- }
-
if (nghttp2_is_fatal(rv)) {
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
+
+ if (rv == NGHTTP2_ERR_PAUSE) {
+ return (nghttp2_ssize)(in - first);
+ }
}
}
}
--
2.53.0

View File

@ -0,0 +1,106 @@
From b21342258a0674686627e98aa2c76e53b2da723b Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 18 Feb 2026 18:04:30 +0900
Subject: [PATCH 2/2] Fix missing iframe->state validations to avoid assertion
failure
(cherry picked from commit 5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1)
---
lib/nghttp2_session.c | 32 ++++++++++++++++++++++++++++++++
1 file changed, 32 insertions(+)
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
index bcea5473..0fbcc930 100644
--- a/lib/nghttp2_session.c
+++ b/lib/nghttp2_session.c
@@ -5573,6 +5573,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
on_begin_frame_called = 1;
rv = session_process_headers_frame(session);
@@ -6041,6 +6045,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
if (nghttp2_is_fatal(rv)) {
return rv;
}
+
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
}
}
@@ -6293,6 +6301,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
session_inbound_frame_reset(session);
break;
@@ -6599,6 +6611,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
if (nghttp2_is_fatal(rv)) {
return rv;
}
+
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
} else {
iframe->state = NGHTTP2_IB_IGN_HEADER_BLOCK;
}
@@ -6775,6 +6791,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return NGHTTP2_ERR_CALLBACK_FAILURE;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
if (rv == NGHTTP2_ERR_PAUSE) {
return (nghttp2_ssize)(in - first);
}
@@ -6861,6 +6881,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
if (rv != 0) {
busy = 1;
@@ -6879,6 +6903,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
session_inbound_frame_reset(session);
break;
@@ -6907,6 +6935,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
return rv;
}
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
+ return (nghttp2_ssize)inlen;
+ }
+
session_inbound_frame_reset(session);
break;
--
2.53.0

View File

@ -0,0 +1,145 @@
From baad2c45f30e31566c08d393779e4e9517ce7c80 Mon Sep 17 00:00:00 2001
From: Jan Macku <jamacku@redhat.com>
Date: Tue, 10 Feb 2026 13:06:41 +0100
Subject: [PATCH] pqc: add X25519MLKEM768 as the default TLS key exchange group
Prioritize X25519MLKEM768 (post-quantum hybrid key exchange) in the
default groups configuration for enhanced security against future
quantum computing threats.
The new default groups order is:
X25519MLKEM768:X25519:P-256:P-384:P-521
Signed-off-by: Jan Macku <jamacku@redhat.com>
---
doc/h2load.1 | 2 +-
doc/h2load.1.rst | 2 +-
doc/nghttpd.1 | 2 +-
doc/nghttpd.1.rst | 2 +-
doc/nghttpx.1 | 2 +-
doc/nghttpx.1.rst | 2 +-
src/HttpServer.cc | 2 +-
src/h2load.cc | 2 +-
src/shrpx.cc | 2 +-
9 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/doc/h2load.1 b/doc/h2load.1
index 9a86e51..e202b4b 100644
--- a/doc/h2load.1
+++ b/doc/h2load.1
@@ -325,7 +325,7 @@ Specify request per second for each client. \fI\%\-\-rps\fP and
.B \-\-groups=<GROUPS>
Specify the supported groups.
.sp
-Default: \fBX25519:P\-256:P\-384:P\-521\fP
+Default: \fBX25519MLKEM768:X25519:P\-256:P\-384:P\-521\fP
.UNINDENT
.INDENT 0.0
.TP
diff --git a/doc/h2load.1.rst b/doc/h2load.1.rst
index 5f98ec4..4ab9494 100644
--- a/doc/h2load.1.rst
+++ b/doc/h2load.1.rst
@@ -276,7 +276,7 @@ OPTIONS
Specify the supported groups.
- Default: ``X25519:P-256:P-384:P-521``
+ Default: ``X25519MLKEM768:X25519:P-256:P-384:P-521``
.. option:: --no-udp-gso
diff --git a/doc/nghttpd.1 b/doc/nghttpd.1
index 2153208..a9e9328 100644
--- a/doc/nghttpd.1
+++ b/doc/nghttpd.1
@@ -207,7 +207,7 @@ Don\(aqt send content\-length header field.
.B \-\-groups=<GROUPS>
Specify the supported groups.
.sp
-Default: \fBX25519:P\-256:P\-384:P\-521\fP
+Default: \fBX25519MLKEM768:X25519:P\-256:P\-384:P\-521\fP
.UNINDENT
.INDENT 0.0
.TP
diff --git a/doc/nghttpd.1.rst b/doc/nghttpd.1.rst
index a4b07a4..2271a00 100644
--- a/doc/nghttpd.1.rst
+++ b/doc/nghttpd.1.rst
@@ -163,7 +163,7 @@ OPTIONS
Specify the supported groups.
- Default: ``X25519:P-256:P-384:P-521``
+ Default: ``X25519MLKEM768:X25519:P-256:P-384:P-521``
.. option:: --ktls
diff --git a/doc/nghttpx.1 b/doc/nghttpx.1
index 05b1db6..6b45562 100644
--- a/doc/nghttpx.1
+++ b/doc/nghttpx.1
@@ -731,7 +731,7 @@ in the preference order. The supported curves depend on
the linked OpenSSL library. This function requires
OpenSSL >= 1.0.2.
.sp
-Default: \fBX25519:P\-256:P\-384:P\-521\fP
+Default: \fBX25519MLKEM768:X25519:P\-256:P\-384:P\-521\fP
.UNINDENT
.INDENT 0.0
.TP
diff --git a/doc/nghttpx.1.rst b/doc/nghttpx.1.rst
index 825bd9f..7d5621f 100644
--- a/doc/nghttpx.1.rst
+++ b/doc/nghttpx.1.rst
@@ -683,7 +683,7 @@ SSL/TLS
the linked OpenSSL library. This function requires
OpenSSL >= 1.0.2.
- Default: ``X25519:P-256:P-384:P-521``
+ Default: ``X25519MLKEM768:X25519:P-256:P-384:P-521``
.. option:: -k, --insecure
diff --git a/src/HttpServer.cc b/src/HttpServer.cc
index 47cb4c4..60bcacd 100644
--- a/src/HttpServer.cc
+++ b/src/HttpServer.cc
@@ -102,7 +102,7 @@ void print_session_id(int64_t id) { std::cout << "[id=" << id << "] "; }
Config::Config()
: mime_types_file("/etc/mime.types"),
- groups("X25519:P-256:P-384:P-521"sv),
+ groups("X25519MLKEM768:X25519:P-256:P-384:P-521"sv),
stream_read_timeout(1_min),
stream_write_timeout(1_min),
data_ptr(nullptr),
diff --git a/src/h2load.cc b/src/h2load.cc
index a8db23b..6b0ed7d 100644
--- a/src/h2load.cc
+++ b/src/h2load.cc
@@ -106,7 +106,7 @@ Config::Config()
: ciphers(tls::DEFAULT_CIPHER_LIST),
tls13_ciphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_"
"CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256"),
- groups("X25519:P-256:P-384:P-521"),
+ groups("X25519MLKEM768:X25519:P-256:P-384:P-521"),
data_length(-1),
data(nullptr),
addrs(nullptr),
diff --git a/src/shrpx.cc b/src/shrpx.cc
index f92c825..d5f1f61 100644
--- a/src/shrpx.cc
+++ b/src/shrpx.cc
@@ -1662,7 +1662,7 @@ void fill_default_config(Config *config) {
tlsconf.max_proto_version =
tls::proto_version_from_string(DEFAULT_TLS_MAX_PROTO_VERSION);
tlsconf.max_early_data = 16_k;
- tlsconf.groups = "X25519:P-256:P-384:P-521"sv;
+ tlsconf.groups = "X25519MLKEM768:X25519:P-256:P-384:P-521"sv;
auto &httpconf = config->http;
httpconf.server_name = "nghttpx"sv;
--
2.53.0

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmcWQzsACgkQUzmivoLg
fexT6w/9Eo6PuvGWcYn0e8CbTHDi+BhyCs3AQHPKmuJi19yIeknZd7qcQE1xYryJ
Xef5W1q5+p06kDgFH56Y7wORwCWmtzx5gZLVYNY7qNCCJ0CsMLI2/ypf2L06MLWe
c8dS8DFsvqrSTe3QzPHCP+T7FDp7bfH7gKLoEobhU9v299MseLMUdw06fBTLGqKs
KWhuQ0gD2r1zJfGdX+O5zf97pLYtR/Ch+YGHqcNYCmiIguKpZX+Vg3pHr1vJhqnT
P6LiFVeokI6zeW1YWB0DQNBrGXEx3AZWzR9d9IlA2ijobtItc/lTTUn0zpmqNFiv
E95D29wEQ2MtbCJd/nolIz0YiDn0JpwHBBfkWRNLj7+LqBlebyVwig8nMO453sE9
vxklm7yONLJDDiU3o8lmUf8IVTX+FpZ3nbbeQkDwTPKU7hvcTojasPMegS4Laiok
sfKIKaMTeYokSD4M++ikyb8c2+Vt4genVIyeUAohlSUhUr4I8E/O36JvfPaA4nTe
S2oNl5iv/0pPQpuXTMcf/MGR3b8HmN0bH4tkowV3sRWLNHeBn6hnlY1sq1ZcegMs
vAqum1CyReyhLfThvXAV7ImjsplNVmshQK4IaXNDYYJyr/wNAgnw41RiO01W+NgX
KbPvx4H1actquW04yYCAAvDcBHfERM71Ye17oTFjoOEeDoQsMJg=
=aykV
-----END PGP SIGNATURE-----

16
nghttp2-1.68.0.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmj8jucACgkQUzmivoLg
fezLZRAAmmSMRcYHElTg8oauwfGSZMxtGfrGEQIAbyFWWWln7pErZ45NZKqTTb6f
5JDx/ZOg8Q7d+EzsEKPt2hzrPrCqeMPt8dLpCRNeAxvAO3kePVpQX/79zIbwth/W
7mjUBSz5nfyAp9soamYBfVAkaUBHKZ0YbtK8Qmn8xErCmjIVd+8X6TrgynQXUdl9
F3WeY+JaHdSfGoUHuAwG+nU6DSaKcxAyqIBPZ1wN52hAY2LE7AVYSK6cmWETizwG
0wpTJutMYUxaiFQ1ql3ztnKxcap0h2eBgUhvoa/+q7agw23dE/+N8VFg7fUhUd/7
8l3hXYHhzvVZ1ggDlqMEqIXJFV1NkFro3sO2KQyje3H1upO5oNRuI65exzRt7vCR
tKRSC2HHoThNU5T1OtDIS2CLs6+tGLBkzadBsvPFOe4ULHjUbYPCMAnva29Oozdp
h7GnsaWgwNNaE/RupK8IsoPsN7DuHwvKhEUpvxLlo0Ij7RVgJFQcRLVCLW/BJhXG
75IYsS+pq8bY6qh2Gj+vOKhS0Wgywc0IA0Q4WLT5isTr7m4uloV8ofaTLf/g0eMK
06nv2hhaup6fO81KoYg9R3i8IXEa86InRC/6HINQUJKUp1IqHn5J8pKx+jd6Vy82
lTmNr2mNtdDdqt1/WCOzaIDyCcvr5AD1lYL4YuG4nEpzWx7clvU=
=pNio
-----END PGP SIGNATURE-----

View File

@ -6,8 +6,8 @@
Summary: Experimental HTTP/2 client, server and proxy
Name: nghttp2
Version: 1.64.0
Release: 2%{?dist}.1
Version: 1.68.0
Release: 3%{?dist}.1
# Parts of ruby bindings are additionally under GPL-2.0-or-later, MIT and
# HPND-Kevlin-Henney but they are NOT shipped.
@ -19,7 +19,12 @@ Source1: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name
Source2: tatsuhiro-t.pgp
# fix Denial of service: Assertion failure due to the missing state validation (CVE-2026-27135)
Patch1: 0001-nghttp2-1.64.0-CVE-2026-27135.patch
Patch001: 0001-nghttp2-1.68.0-Check-nghttp2_is_fatal-first.patch
Patch002: 0002-nghttp2-1.68.0-Fix-missing-iframe-state-validations-to-avoid-assert.patch
# Make X25519MLKEM768 the default TLS key exchange group in nghttpd and nghttpx
# https://issues.redhat.com/browse/RHEL-103655
Patch100: 0100-nghttp2-1.64.0-pqc-add-X25519MLKEM768-as-the-default-TLS-key-exchan.patch
BuildRequires: CUnit-devel
BuildRequires: c-ares-devel
@ -175,7 +180,6 @@ popd
%{_bindir}/nghttp
%{_bindir}/nghttpd
%{_bindir}/nghttpx
%{_datadir}/nghttp2
%{_mandir}/man1/h2load.1*
%{_mandir}/man1/nghttp.1*
%{_mandir}/man1/nghttpd.1*
@ -201,7 +205,6 @@ popd
%{mingw32_libdir}/libnghttp2.dll.a
%{mingw32_libdir}/pkgconfig/libnghttp2.pc
%{mingw32_includedir}/nghttp2/
%{mingw32_datadir}/nghttp2/
%files -n mingw64-libnghttp2
%license COPYING
@ -210,14 +213,22 @@ popd
%{mingw64_libdir}/libnghttp2.dll.a
%{mingw64_libdir}/pkgconfig/libnghttp2.pc
%{mingw64_includedir}/nghttp2/
%{mingw64_datadir}/nghttp2/
%endif
%changelog
* Thu Apr 09 2026 Jan Macku <jamacku@redhat.com> 1.64.0-2.1
* Tue Mar 31 2026 Jan Macku <jamacku@redhat.com> 1.68.0-3.1
- fix Denial of service: Assertion failure due to the missing state validation (CVE-2026-27135)
* Wed Feb 11 2026 Jan Macku <jamacku@redhat.com> 1.68.0-3
- Spec bump (RHEL-103655)
* Mon Feb 09 2026 Jan Macku <jamacku@redhat.com> 1.68.0-2
- PQC: make X25519MLKEM768 the default TLS key exchange group in nghttpd and nghttpx (RHEL-103655)
* Mon Feb 09 2026 Jan Macku <jamacku@redhat.com> 1.68.0-1
- update to the latest upstream release (RHEL-143723)
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.64.0-2
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018

View File

@ -1 +1 @@
SHA512 (nghttp2-1.64.0.tar.xz) = b544196c3b7a55faacd11700d11e2fe4f16a7418282c9abb24a668544a15293580fd1a2cc5f93367c8a17c7ee45335c6d2f5c68a72dd176d516fd033f203eeec
SHA512 (nghttp2-1.68.0.tar.xz) = a5182c2c54cdff3c70bdad204bff9a573cf7951e189d68665087f047cb79e5fc2d5d5aefbb41e2dfe264e2e74fbbe10196cb596248e328c944406ca09da98344