import UBI nghttp2-1.68.0-3.el10_2.1
This commit is contained in:
parent
c7a11e34a2
commit
0f655ecd72
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
||||
nghttp2-1.64.0.tar.xz
|
||||
nghttp2-1.68.0.tar.xz
|
||||
|
||||
@ -1,144 +0,0 @@
|
||||
From 824299d70585afb2fdf7b87ac144343529ee32ae Mon Sep 17 00:00:00 2001
|
||||
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
|
||||
Date: Wed, 18 Feb 2026 22:40:57 +0900
|
||||
Subject: [PATCH] CVE-2026-27135
|
||||
|
||||
Check nghttp2_is_fatal first
|
||||
|
||||
(cherry picked from commit 68f77a347544c207eeff7ff7457284697ccf7f7d)
|
||||
|
||||
Fix missing iframe->state validations to avoid assertion failure
|
||||
|
||||
(cherry picked from commit 5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1)
|
||||
---
|
||||
lib/nghttp2_session.c | 48 +++++++++++++++++++++++++++++++++++--------
|
||||
1 file changed, 40 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
|
||||
index df33a89e..01ed39fb 100644
|
||||
--- a/lib/nghttp2_session.c
|
||||
+++ b/lib/nghttp2_session.c
|
||||
@@ -5980,6 +5980,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
busy = 1;
|
||||
|
||||
rv = session_on_data_received_fail_fast(session);
|
||||
+ if (nghttp2_is_fatal(rv)) {
|
||||
+ return rv;
|
||||
+ }
|
||||
+
|
||||
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
return (nghttp2_ssize)inlen;
|
||||
}
|
||||
@@ -5990,10 +5994,6 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
break;
|
||||
}
|
||||
|
||||
- if (nghttp2_is_fatal(rv)) {
|
||||
- return rv;
|
||||
- }
|
||||
-
|
||||
rv = inbound_frame_handle_pad(iframe, &iframe->frame.hd);
|
||||
if (rv < 0) {
|
||||
rv = nghttp2_session_terminate_session_with_reason(
|
||||
@@ -6063,6 +6063,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
on_begin_frame_called = 1;
|
||||
|
||||
rv = session_process_headers_frame(session);
|
||||
@@ -6429,6 +6433,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
if (nghttp2_is_fatal(rv)) {
|
||||
return rv;
|
||||
}
|
||||
+
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6684,6 +6692,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
session_inbound_frame_reset(session);
|
||||
|
||||
break;
|
||||
@@ -6986,6 +6998,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
if (nghttp2_is_fatal(rv)) {
|
||||
return rv;
|
||||
}
|
||||
+
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
} else {
|
||||
iframe->state = NGHTTP2_IB_IGN_HEADER_BLOCK;
|
||||
}
|
||||
@@ -7151,13 +7167,17 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
rv = session->callbacks.on_data_chunk_recv_callback(
|
||||
session, iframe->frame.hd.flags, iframe->frame.hd.stream_id,
|
||||
in - readlen, (size_t)data_readlen, session->user_data);
|
||||
- if (rv == NGHTTP2_ERR_PAUSE) {
|
||||
- return (nghttp2_ssize)(in - first);
|
||||
- }
|
||||
-
|
||||
if (nghttp2_is_fatal(rv)) {
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
+
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
+ if (rv == NGHTTP2_ERR_PAUSE) {
|
||||
+ return (nghttp2_ssize)(in - first);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -7237,6 +7257,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
if (rv != 0) {
|
||||
busy = 1;
|
||||
|
||||
@@ -7255,6 +7279,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
session_inbound_frame_reset(session);
|
||||
|
||||
break;
|
||||
@@ -7283,6 +7311,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
session_inbound_frame_reset(session);
|
||||
|
||||
break;
|
||||
--
|
||||
2.53.0
|
||||
|
||||
57
0001-nghttp2-1.68.0-Check-nghttp2_is_fatal-first.patch
Normal file
57
0001-nghttp2-1.68.0-Check-nghttp2_is_fatal-first.patch
Normal file
@ -0,0 +1,57 @@
|
||||
From 76ff93e618a763501dfa136a8aef16fd7ba51d62 Mon Sep 17 00:00:00 2001
|
||||
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
|
||||
Date: Wed, 18 Feb 2026 22:40:57 +0900
|
||||
Subject: [PATCH 1/2] Check nghttp2_is_fatal first
|
||||
|
||||
(cherry picked from commit 68f77a347544c207eeff7ff7457284697ccf7f7d)
|
||||
---
|
||||
lib/nghttp2_session.c | 16 ++++++++--------
|
||||
1 file changed, 8 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
|
||||
index 1f4ea54c..bcea5473 100644
|
||||
--- a/lib/nghttp2_session.c
|
||||
+++ b/lib/nghttp2_session.c
|
||||
@@ -5466,6 +5466,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
busy = 1;
|
||||
|
||||
rv = session_on_data_received_fail_fast(session);
|
||||
+ if (nghttp2_is_fatal(rv)) {
|
||||
+ return rv;
|
||||
+ }
|
||||
+
|
||||
if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
return (nghttp2_ssize)inlen;
|
||||
}
|
||||
@@ -5486,10 +5490,6 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
break;
|
||||
}
|
||||
|
||||
- if (nghttp2_is_fatal(rv)) {
|
||||
- return rv;
|
||||
- }
|
||||
-
|
||||
rv = inbound_frame_handle_pad(iframe, &iframe->frame.hd);
|
||||
if (rv < 0) {
|
||||
rv = nghttp2_session_terminate_session_with_reason(
|
||||
@@ -6771,13 +6771,13 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
rv = session->callbacks.on_data_chunk_recv_callback(
|
||||
session, iframe->frame.hd.flags, iframe->frame.hd.stream_id,
|
||||
in - readlen, (size_t)data_readlen, session->user_data);
|
||||
- if (rv == NGHTTP2_ERR_PAUSE) {
|
||||
- return (nghttp2_ssize)(in - first);
|
||||
- }
|
||||
-
|
||||
if (nghttp2_is_fatal(rv)) {
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
+
|
||||
+ if (rv == NGHTTP2_ERR_PAUSE) {
|
||||
+ return (nghttp2_ssize)(in - first);
|
||||
+ }
|
||||
}
|
||||
}
|
||||
}
|
||||
--
|
||||
2.53.0
|
||||
|
||||
@ -0,0 +1,106 @@
|
||||
From b21342258a0674686627e98aa2c76e53b2da723b Mon Sep 17 00:00:00 2001
|
||||
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
|
||||
Date: Wed, 18 Feb 2026 18:04:30 +0900
|
||||
Subject: [PATCH 2/2] Fix missing iframe->state validations to avoid assertion
|
||||
failure
|
||||
|
||||
(cherry picked from commit 5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1)
|
||||
---
|
||||
lib/nghttp2_session.c | 32 ++++++++++++++++++++++++++++++++
|
||||
1 file changed, 32 insertions(+)
|
||||
|
||||
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
|
||||
index bcea5473..0fbcc930 100644
|
||||
--- a/lib/nghttp2_session.c
|
||||
+++ b/lib/nghttp2_session.c
|
||||
@@ -5573,6 +5573,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
on_begin_frame_called = 1;
|
||||
|
||||
rv = session_process_headers_frame(session);
|
||||
@@ -6041,6 +6045,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
if (nghttp2_is_fatal(rv)) {
|
||||
return rv;
|
||||
}
|
||||
+
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
}
|
||||
}
|
||||
|
||||
@@ -6293,6 +6301,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
session_inbound_frame_reset(session);
|
||||
|
||||
break;
|
||||
@@ -6599,6 +6611,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
if (nghttp2_is_fatal(rv)) {
|
||||
return rv;
|
||||
}
|
||||
+
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
} else {
|
||||
iframe->state = NGHTTP2_IB_IGN_HEADER_BLOCK;
|
||||
}
|
||||
@@ -6775,6 +6791,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return NGHTTP2_ERR_CALLBACK_FAILURE;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
if (rv == NGHTTP2_ERR_PAUSE) {
|
||||
return (nghttp2_ssize)(in - first);
|
||||
}
|
||||
@@ -6861,6 +6881,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
if (rv != 0) {
|
||||
busy = 1;
|
||||
|
||||
@@ -6879,6 +6903,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
session_inbound_frame_reset(session);
|
||||
|
||||
break;
|
||||
@@ -6907,6 +6935,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
|
||||
return rv;
|
||||
}
|
||||
|
||||
+ if (iframe->state == NGHTTP2_IB_IGN_ALL) {
|
||||
+ return (nghttp2_ssize)inlen;
|
||||
+ }
|
||||
+
|
||||
session_inbound_frame_reset(session);
|
||||
|
||||
break;
|
||||
--
|
||||
2.53.0
|
||||
|
||||
@ -0,0 +1,145 @@
|
||||
From baad2c45f30e31566c08d393779e4e9517ce7c80 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Macku <jamacku@redhat.com>
|
||||
Date: Tue, 10 Feb 2026 13:06:41 +0100
|
||||
Subject: [PATCH] pqc: add X25519MLKEM768 as the default TLS key exchange group
|
||||
|
||||
Prioritize X25519MLKEM768 (post-quantum hybrid key exchange) in the
|
||||
default groups configuration for enhanced security against future
|
||||
quantum computing threats.
|
||||
|
||||
The new default groups order is:
|
||||
X25519MLKEM768:X25519:P-256:P-384:P-521
|
||||
|
||||
Signed-off-by: Jan Macku <jamacku@redhat.com>
|
||||
---
|
||||
doc/h2load.1 | 2 +-
|
||||
doc/h2load.1.rst | 2 +-
|
||||
doc/nghttpd.1 | 2 +-
|
||||
doc/nghttpd.1.rst | 2 +-
|
||||
doc/nghttpx.1 | 2 +-
|
||||
doc/nghttpx.1.rst | 2 +-
|
||||
src/HttpServer.cc | 2 +-
|
||||
src/h2load.cc | 2 +-
|
||||
src/shrpx.cc | 2 +-
|
||||
9 files changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/doc/h2load.1 b/doc/h2load.1
|
||||
index 9a86e51..e202b4b 100644
|
||||
--- a/doc/h2load.1
|
||||
+++ b/doc/h2load.1
|
||||
@@ -325,7 +325,7 @@ Specify request per second for each client. \fI\%\-\-rps\fP and
|
||||
.B \-\-groups=<GROUPS>
|
||||
Specify the supported groups.
|
||||
.sp
|
||||
-Default: \fBX25519:P\-256:P\-384:P\-521\fP
|
||||
+Default: \fBX25519MLKEM768:X25519:P\-256:P\-384:P\-521\fP
|
||||
.UNINDENT
|
||||
.INDENT 0.0
|
||||
.TP
|
||||
diff --git a/doc/h2load.1.rst b/doc/h2load.1.rst
|
||||
index 5f98ec4..4ab9494 100644
|
||||
--- a/doc/h2load.1.rst
|
||||
+++ b/doc/h2load.1.rst
|
||||
@@ -276,7 +276,7 @@ OPTIONS
|
||||
|
||||
Specify the supported groups.
|
||||
|
||||
- Default: ``X25519:P-256:P-384:P-521``
|
||||
+ Default: ``X25519MLKEM768:X25519:P-256:P-384:P-521``
|
||||
|
||||
.. option:: --no-udp-gso
|
||||
|
||||
diff --git a/doc/nghttpd.1 b/doc/nghttpd.1
|
||||
index 2153208..a9e9328 100644
|
||||
--- a/doc/nghttpd.1
|
||||
+++ b/doc/nghttpd.1
|
||||
@@ -207,7 +207,7 @@ Don\(aqt send content\-length header field.
|
||||
.B \-\-groups=<GROUPS>
|
||||
Specify the supported groups.
|
||||
.sp
|
||||
-Default: \fBX25519:P\-256:P\-384:P\-521\fP
|
||||
+Default: \fBX25519MLKEM768:X25519:P\-256:P\-384:P\-521\fP
|
||||
.UNINDENT
|
||||
.INDENT 0.0
|
||||
.TP
|
||||
diff --git a/doc/nghttpd.1.rst b/doc/nghttpd.1.rst
|
||||
index a4b07a4..2271a00 100644
|
||||
--- a/doc/nghttpd.1.rst
|
||||
+++ b/doc/nghttpd.1.rst
|
||||
@@ -163,7 +163,7 @@ OPTIONS
|
||||
|
||||
Specify the supported groups.
|
||||
|
||||
- Default: ``X25519:P-256:P-384:P-521``
|
||||
+ Default: ``X25519MLKEM768:X25519:P-256:P-384:P-521``
|
||||
|
||||
.. option:: --ktls
|
||||
|
||||
diff --git a/doc/nghttpx.1 b/doc/nghttpx.1
|
||||
index 05b1db6..6b45562 100644
|
||||
--- a/doc/nghttpx.1
|
||||
+++ b/doc/nghttpx.1
|
||||
@@ -731,7 +731,7 @@ in the preference order. The supported curves depend on
|
||||
the linked OpenSSL library. This function requires
|
||||
OpenSSL >= 1.0.2.
|
||||
.sp
|
||||
-Default: \fBX25519:P\-256:P\-384:P\-521\fP
|
||||
+Default: \fBX25519MLKEM768:X25519:P\-256:P\-384:P\-521\fP
|
||||
.UNINDENT
|
||||
.INDENT 0.0
|
||||
.TP
|
||||
diff --git a/doc/nghttpx.1.rst b/doc/nghttpx.1.rst
|
||||
index 825bd9f..7d5621f 100644
|
||||
--- a/doc/nghttpx.1.rst
|
||||
+++ b/doc/nghttpx.1.rst
|
||||
@@ -683,7 +683,7 @@ SSL/TLS
|
||||
the linked OpenSSL library. This function requires
|
||||
OpenSSL >= 1.0.2.
|
||||
|
||||
- Default: ``X25519:P-256:P-384:P-521``
|
||||
+ Default: ``X25519MLKEM768:X25519:P-256:P-384:P-521``
|
||||
|
||||
.. option:: -k, --insecure
|
||||
|
||||
diff --git a/src/HttpServer.cc b/src/HttpServer.cc
|
||||
index 47cb4c4..60bcacd 100644
|
||||
--- a/src/HttpServer.cc
|
||||
+++ b/src/HttpServer.cc
|
||||
@@ -102,7 +102,7 @@ void print_session_id(int64_t id) { std::cout << "[id=" << id << "] "; }
|
||||
|
||||
Config::Config()
|
||||
: mime_types_file("/etc/mime.types"),
|
||||
- groups("X25519:P-256:P-384:P-521"sv),
|
||||
+ groups("X25519MLKEM768:X25519:P-256:P-384:P-521"sv),
|
||||
stream_read_timeout(1_min),
|
||||
stream_write_timeout(1_min),
|
||||
data_ptr(nullptr),
|
||||
diff --git a/src/h2load.cc b/src/h2load.cc
|
||||
index a8db23b..6b0ed7d 100644
|
||||
--- a/src/h2load.cc
|
||||
+++ b/src/h2load.cc
|
||||
@@ -106,7 +106,7 @@ Config::Config()
|
||||
: ciphers(tls::DEFAULT_CIPHER_LIST),
|
||||
tls13_ciphers("TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_"
|
||||
"CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256"),
|
||||
- groups("X25519:P-256:P-384:P-521"),
|
||||
+ groups("X25519MLKEM768:X25519:P-256:P-384:P-521"),
|
||||
data_length(-1),
|
||||
data(nullptr),
|
||||
addrs(nullptr),
|
||||
diff --git a/src/shrpx.cc b/src/shrpx.cc
|
||||
index f92c825..d5f1f61 100644
|
||||
--- a/src/shrpx.cc
|
||||
+++ b/src/shrpx.cc
|
||||
@@ -1662,7 +1662,7 @@ void fill_default_config(Config *config) {
|
||||
tlsconf.max_proto_version =
|
||||
tls::proto_version_from_string(DEFAULT_TLS_MAX_PROTO_VERSION);
|
||||
tlsconf.max_early_data = 16_k;
|
||||
- tlsconf.groups = "X25519:P-256:P-384:P-521"sv;
|
||||
+ tlsconf.groups = "X25519MLKEM768:X25519:P-256:P-384:P-521"sv;
|
||||
|
||||
auto &httpconf = config->http;
|
||||
httpconf.server_name = "nghttpx"sv;
|
||||
--
|
||||
2.53.0
|
||||
|
||||
@ -1,16 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmcWQzsACgkQUzmivoLg
|
||||
fexT6w/9Eo6PuvGWcYn0e8CbTHDi+BhyCs3AQHPKmuJi19yIeknZd7qcQE1xYryJ
|
||||
Xef5W1q5+p06kDgFH56Y7wORwCWmtzx5gZLVYNY7qNCCJ0CsMLI2/ypf2L06MLWe
|
||||
c8dS8DFsvqrSTe3QzPHCP+T7FDp7bfH7gKLoEobhU9v299MseLMUdw06fBTLGqKs
|
||||
KWhuQ0gD2r1zJfGdX+O5zf97pLYtR/Ch+YGHqcNYCmiIguKpZX+Vg3pHr1vJhqnT
|
||||
P6LiFVeokI6zeW1YWB0DQNBrGXEx3AZWzR9d9IlA2ijobtItc/lTTUn0zpmqNFiv
|
||||
E95D29wEQ2MtbCJd/nolIz0YiDn0JpwHBBfkWRNLj7+LqBlebyVwig8nMO453sE9
|
||||
vxklm7yONLJDDiU3o8lmUf8IVTX+FpZ3nbbeQkDwTPKU7hvcTojasPMegS4Laiok
|
||||
sfKIKaMTeYokSD4M++ikyb8c2+Vt4genVIyeUAohlSUhUr4I8E/O36JvfPaA4nTe
|
||||
S2oNl5iv/0pPQpuXTMcf/MGR3b8HmN0bH4tkowV3sRWLNHeBn6hnlY1sq1ZcegMs
|
||||
vAqum1CyReyhLfThvXAV7ImjsplNVmshQK4IaXNDYYJyr/wNAgnw41RiO01W+NgX
|
||||
KbPvx4H1actquW04yYCAAvDcBHfERM71Ye17oTFjoOEeDoQsMJg=
|
||||
=aykV
|
||||
-----END PGP SIGNATURE-----
|
||||
16
nghttp2-1.68.0.tar.xz.asc
Normal file
16
nghttp2-1.68.0.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQIzBAABCgAdFiEEUWtiKRjRXEeKseo6UzmivoLgfewFAmj8jucACgkQUzmivoLg
|
||||
fezLZRAAmmSMRcYHElTg8oauwfGSZMxtGfrGEQIAbyFWWWln7pErZ45NZKqTTb6f
|
||||
5JDx/ZOg8Q7d+EzsEKPt2hzrPrCqeMPt8dLpCRNeAxvAO3kePVpQX/79zIbwth/W
|
||||
7mjUBSz5nfyAp9soamYBfVAkaUBHKZ0YbtK8Qmn8xErCmjIVd+8X6TrgynQXUdl9
|
||||
F3WeY+JaHdSfGoUHuAwG+nU6DSaKcxAyqIBPZ1wN52hAY2LE7AVYSK6cmWETizwG
|
||||
0wpTJutMYUxaiFQ1ql3ztnKxcap0h2eBgUhvoa/+q7agw23dE/+N8VFg7fUhUd/7
|
||||
8l3hXYHhzvVZ1ggDlqMEqIXJFV1NkFro3sO2KQyje3H1upO5oNRuI65exzRt7vCR
|
||||
tKRSC2HHoThNU5T1OtDIS2CLs6+tGLBkzadBsvPFOe4ULHjUbYPCMAnva29Oozdp
|
||||
h7GnsaWgwNNaE/RupK8IsoPsN7DuHwvKhEUpvxLlo0Ij7RVgJFQcRLVCLW/BJhXG
|
||||
75IYsS+pq8bY6qh2Gj+vOKhS0Wgywc0IA0Q4WLT5isTr7m4uloV8ofaTLf/g0eMK
|
||||
06nv2hhaup6fO81KoYg9R3i8IXEa86InRC/6HINQUJKUp1IqHn5J8pKx+jd6Vy82
|
||||
lTmNr2mNtdDdqt1/WCOzaIDyCcvr5AD1lYL4YuG4nEpzWx7clvU=
|
||||
=pNio
|
||||
-----END PGP SIGNATURE-----
|
||||
25
nghttp2.spec
25
nghttp2.spec
@ -6,8 +6,8 @@
|
||||
|
||||
Summary: Experimental HTTP/2 client, server and proxy
|
||||
Name: nghttp2
|
||||
Version: 1.64.0
|
||||
Release: 2%{?dist}.1
|
||||
Version: 1.68.0
|
||||
Release: 3%{?dist}.1
|
||||
|
||||
# Parts of ruby bindings are additionally under GPL-2.0-or-later, MIT and
|
||||
# HPND-Kevlin-Henney but they are NOT shipped.
|
||||
@ -19,7 +19,12 @@ Source1: https://github.com/%{name}/%{name}/releases/download/v%{version}/%{name
|
||||
Source2: tatsuhiro-t.pgp
|
||||
|
||||
# fix Denial of service: Assertion failure due to the missing state validation (CVE-2026-27135)
|
||||
Patch1: 0001-nghttp2-1.64.0-CVE-2026-27135.patch
|
||||
Patch001: 0001-nghttp2-1.68.0-Check-nghttp2_is_fatal-first.patch
|
||||
Patch002: 0002-nghttp2-1.68.0-Fix-missing-iframe-state-validations-to-avoid-assert.patch
|
||||
|
||||
# Make X25519MLKEM768 the default TLS key exchange group in nghttpd and nghttpx
|
||||
# https://issues.redhat.com/browse/RHEL-103655
|
||||
Patch100: 0100-nghttp2-1.64.0-pqc-add-X25519MLKEM768-as-the-default-TLS-key-exchan.patch
|
||||
|
||||
BuildRequires: CUnit-devel
|
||||
BuildRequires: c-ares-devel
|
||||
@ -175,7 +180,6 @@ popd
|
||||
%{_bindir}/nghttp
|
||||
%{_bindir}/nghttpd
|
||||
%{_bindir}/nghttpx
|
||||
%{_datadir}/nghttp2
|
||||
%{_mandir}/man1/h2load.1*
|
||||
%{_mandir}/man1/nghttp.1*
|
||||
%{_mandir}/man1/nghttpd.1*
|
||||
@ -201,7 +205,6 @@ popd
|
||||
%{mingw32_libdir}/libnghttp2.dll.a
|
||||
%{mingw32_libdir}/pkgconfig/libnghttp2.pc
|
||||
%{mingw32_includedir}/nghttp2/
|
||||
%{mingw32_datadir}/nghttp2/
|
||||
|
||||
%files -n mingw64-libnghttp2
|
||||
%license COPYING
|
||||
@ -210,14 +213,22 @@ popd
|
||||
%{mingw64_libdir}/libnghttp2.dll.a
|
||||
%{mingw64_libdir}/pkgconfig/libnghttp2.pc
|
||||
%{mingw64_includedir}/nghttp2/
|
||||
%{mingw64_datadir}/nghttp2/
|
||||
%endif
|
||||
|
||||
|
||||
%changelog
|
||||
* Thu Apr 09 2026 Jan Macku <jamacku@redhat.com> 1.64.0-2.1
|
||||
* Tue Mar 31 2026 Jan Macku <jamacku@redhat.com> 1.68.0-3.1
|
||||
- fix Denial of service: Assertion failure due to the missing state validation (CVE-2026-27135)
|
||||
|
||||
* Wed Feb 11 2026 Jan Macku <jamacku@redhat.com> 1.68.0-3
|
||||
- Spec bump (RHEL-103655)
|
||||
|
||||
* Mon Feb 09 2026 Jan Macku <jamacku@redhat.com> 1.68.0-2
|
||||
- PQC: make X25519MLKEM768 the default TLS key exchange group in nghttpd and nghttpx (RHEL-103655)
|
||||
|
||||
* Mon Feb 09 2026 Jan Macku <jamacku@redhat.com> 1.68.0-1
|
||||
- update to the latest upstream release (RHEL-143723)
|
||||
|
||||
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.64.0-2
|
||||
- Bump release for October 2024 mass rebuild:
|
||||
Resolves: RHEL-64018
|
||||
|
||||
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (nghttp2-1.64.0.tar.xz) = b544196c3b7a55faacd11700d11e2fe4f16a7418282c9abb24a668544a15293580fd1a2cc5f93367c8a17c7ee45335c6d2f5c68a72dd176d516fd033f203eeec
|
||||
SHA512 (nghttp2-1.68.0.tar.xz) = a5182c2c54cdff3c70bdad204bff9a573cf7951e189d68665087f047cb79e5fc2d5d5aefbb41e2dfe264e2e74fbbe10196cb596248e328c944406ca09da98344
|
||||
|
||||
Loading…
Reference in New Issue
Block a user