From a314e22a2452c4a10b9f862a66549f84f185e97f Mon Sep 17 00:00:00 2001 From: Jan Macku Date: Thu, 4 Apr 2024 11:38:57 +0200 Subject: [PATCH] update to the latest upstream release (1.61.0) (cherry picked from commit db27141a3b6c80960a24939c8607a0ced25a3d6f) Resolves: RHEL-32301 --- .gitignore | 1 + nghttp2.spec | 8 ++++++-- sources | 4 ++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index e719646..f0f846b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ +/nghttp2-[0-9]* /nghttp2-[0-9]*.tar.xz /nghttp2-[0-9]*.tar.xz.asc diff --git a/nghttp2.spec b/nghttp2.spec index ebe0abc..5e3d10e 100644 --- a/nghttp2.spec +++ b/nghttp2.spec @@ -6,8 +6,8 @@ Summary: Experimental HTTP/2 client, server and proxy Name: nghttp2 -Version: 1.60.0 -Release: 2%{?dist} +Version: 1.61.0 +Release: 1%{?dist} # Parts of ruby bindings are additionally under GPL-2.0-or-later, MIT and # HPND-Kevlin-Henney but they are NOT shipped. @@ -212,6 +212,10 @@ popd %changelog +* Thu Apr 04 2024 Jan Macku 1.61.0-1 +- update to the latest upstream release +- fixes CVE-2024-28182 - HTTP/2 CONTINUATION frames can be utilized for DoS attacks + * Wed Mar 06 2024 Yaakov Selkowitz - 1.60.0-2 - Fix shebang of fetch-ocsp-response diff --git a/sources b/sources index 6de50b8..330ae37 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (nghttp2-1.60.0.tar.xz) = 5e6365d9118596d41848930de70f4a918d72463920184df60a7e1678c3a6c9cf1416236888e7e34395c87f41bba00a114994ba5a6e73f6a389769abf1b5cc842 -SHA512 (nghttp2-1.60.0.tar.xz.asc) = 99b1be512f1e3f98c989f24c5f0135b42280c07cd59afb5b6895ee373927acbcd40592cd2a2ffdb2aeedecda2d5a7bb85e754b23c9604804c8d1673ef746c94f +SHA512 (nghttp2-1.61.0.tar.xz) = 01e930d7caf464699505f92b76e2bc8192d168612dc564d2546812c42afea2fb81d552d70e8a5fed35e2bf5deadbec8eda095af94a2484bca41542988afce52a +SHA512 (nghttp2-1.61.0.tar.xz.asc) = cdc6cf1e01f9020a4e0823f7e1cec70c68e1942fbdf0ffbf8493dea185472f5777032a8bffcedff77b00e0df18f3d86718b308e9732bf0ee686f07add0d37d64