update to the latest upstream release (1.61.0)

(cherry picked from commit db27141a3b6c80960a24939c8607a0ced25a3d6f) Resolves: RHEL-32301
2024-04-04 11:38:57 +02:00 · 2024-04-04 11:38:57 +02:00 · a314e22a24
parent 3af9eeee41
commit a314e22a24
3 changed files with 9 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,3 @@
+/nghttp2-[0-9]*
 /nghttp2-[0-9]*.tar.xz
 /nghttp2-[0-9]*.tar.xz.asc
--- a/nghttp2.spec
+++ b/nghttp2.spec
@ -6,8 +6,8 @@

 Summary: Experimental HTTP/2 client, server and proxy
 Name: nghttp2
-Version: 1.60.0
-Release: 2%{?dist}
+Version: 1.61.0
+Release: 1%{?dist}

 # Parts of ruby bindings are additionally under GPL-2.0-or-later, MIT and
 # HPND-Kevlin-Henney but they are NOT shipped.
@ -212,6 +212,10 @@ popd


 %changelog
+* Thu Apr 04 2024 Jan Macku <jamacku@redhat.com> 1.61.0-1
+- update to the latest upstream release
+- fixes CVE-2024-28182 - HTTP/2 CONTINUATION frames can be utilized for DoS attacks
+
 * Wed Mar 06 2024 Yaakov Selkowitz <yselkowi@redhat.com> - 1.60.0-2
 - Fix shebang of fetch-ocsp-response

--- a/4
+++ b/4
@ -1,2 +1,2 @@
-SHA512 (nghttp2-1.60.0.tar.xz) = 5e6365d9118596d41848930de70f4a918d72463920184df60a7e1678c3a6c9cf1416236888e7e34395c87f41bba00a114994ba5a6e73f6a389769abf1b5cc842
-SHA512 (nghttp2-1.60.0.tar.xz.asc) = 99b1be512f1e3f98c989f24c5f0135b42280c07cd59afb5b6895ee373927acbcd40592cd2a2ffdb2aeedecda2d5a7bb85e754b23c9604804c8d1673ef746c94f
+SHA512 (nghttp2-1.61.0.tar.xz) = 01e930d7caf464699505f92b76e2bc8192d168612dc564d2546812c42afea2fb81d552d70e8a5fed35e2bf5deadbec8eda095af94a2484bca41542988afce52a
+SHA512 (nghttp2-1.61.0.tar.xz.asc) = cdc6cf1e01f9020a4e0823f7e1cec70c68e1942fbdf0ffbf8493dea185472f5777032a8bffcedff77b00e0df18f3d86718b308e9732bf0ee686f07add0d37d64