File nghttp2.changes of Package nghttp2.19915
-------------------------------------------------------------------
Fri Mar 12 14:25:02 UTC 2021 - pgajdos@suse.com
- security update
- added patches
fix CVE-2020-11080 [bsc#1181358], HTTP/2 Large Settings Frame DoS
+ nghttp2-CVE-2020-11080.patch
-------------------------------------------------------------------
Tue Jan 14 18:01:52 UTC 2020 - Michał Rostecki <mrostecki@opensuse.org>
- Update to version 1.40.0 to fix CVE-2019-18802 in envoy-proxy and
cilium-proxy (bsc#1166481)
* lib: Add nghttp2_check_authority as public API
* lib: Fix the bug that stream is closed with wrong error code
* lib: Faster huffman encoding and decoding
* build: Avoid filename collision of static and dynamic lib
* build: Add new flag ENABLE_STATIC_CRT for Windows
* build: cmake: Support building nghttpx with systemd
* third-party: Update neverbleed to fix memory leak
* nghttpx: Fix bug that mruby is incorrectly shared between
backends
* nghttpx: Reconnect h1 backend if it lost connection before
sending headers
* nghttpx: Returns 408 if backend timed out before sending
headers
* nghttpx: Fix request stal
-------------------------------------------------------------------
Fri Aug 30 02:45:32 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Conditionally remove dependecy on jemalloc for SLE-12
-------------------------------------------------------------------
Mon Aug 19 12:27:38 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Require correct library from devel package - boo#1125689
-------------------------------------------------------------------
Mon Aug 19 12:02:09 UTC 2019 - Adam Majer <adam.majer@suse.de>
- Update to version 1.39.2 (bsc#1146184, bsc#1146182):
* This release fixes CVE-2019-9511 “Data Dribble” and CVE-2019-9513
“Resource Loop” vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2
frames cause Denial of Service by consuming CPU time. Check out
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for details. For nghttpx, additionally limiting inbound traffic by
--read-rate and --read-burst options is quite effective against
this kind of attack.
* Add nghttp2_option_set_max_outbound_ack API function
* nghttpx: Fix request stall
-------------------------------------------------------------------
Tue Aug 13 13:22:01 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Update to version 1.39.1:
* This release fixes the bug that log-level is not set with
cmd-line or configuration file. It also fixes FPE with default
backend.
- Changes for version 1.39.0:
* libnghttp2 now ignores content-length in 200 response to
CONNECT request as per RFC 7230.
* mruby has been upgraded to 2.0.1.
* libnghttp2-asio now supports boost-1.70.
* http-parser has been replaced with llhttp.
* nghttpx now ignores Content-Length and Transfer-Encoding in 1xx
or 200 to CONNECT.
- Drop no longer needed boost170.patch
-------------------------------------------------------------------
Fri May 10 08:24:23 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 1.38.0:
* This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry.
* It also fixes the bug that HTTP/1.1 chunked request stalls.
* Now nghttpx does not log authorization request header field value with -LINFO.
* This release fixes possible backend stall when header and request body are sent in their own packets.
* The backend option gets weight parameter to influence backend selection.
* This release fixes compile error with BoringSSL.
- Add patch from upstream to build with new boost bsc#1134616:
* boost170.patch
-------------------------------------------------------------------
Fri Jan 18 16:42:34 UTC 2019 - seanlew@opensuse.org
- Update to 1.36.0
* build: disable shared library if ENABLE_SHARED_LIB is off
* third-party: use http-parser to v2.9.0 (GH-1294)
* third-party: Update mruby to 2.0.0
* nghttpx: Pool h1 backend connection per address (GH-1292)
* nghttpx: Randomize backend address round robin order per thread
(GH-1291)
* nghttpx: Fix getting long SNs for openssl < 1.1 (GH-1287)
* h2load: add an option to write per-request logs (GH-1256)
* asio: added access to # of the current server port (GH-1257)
-------------------------------------------------------------------
Fri Jan 18 14:35:14 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Use multibuild to not pull in python3 in first build, nghttp2
is low in the system
-------------------------------------------------------------------
Fri Jan 11 14:24:40 UTC 2019 - Martin Pluskal <mpluskal@suse.com>
- Update to version 1.35.1:
* nghttpx: Fix broken trailing slash handling (GH-1276)
- Changes for version 1.35:
* build: cmake: Fix libevent version detection (Patch from Jan Kundrát) (GH-1238)
* lib: Use __has_declspec_attribute for shared builds (Patch from Don) (GH-1222)
* src: Require C++14 language feature
* nghttpx: Write mruby send_info early
* nghttpx: Fix assertion failure on mruby send_info with HTTP/1 frontend
* h2load: Handle HTTP/1 non-final response (GH-1259)
* h2load: Clarify that time for connect includes TLS handshake
-------------------------------------------------------------------
Mon Oct 8 19:46:51 UTC 2018 - adam.majer@suse.de
- Update to version 1.34.0: (bsc#1112438, FATE#326776)
* lib: Implement RFC 8441 :protocol support
* nghttpx: Add read/write-timeout parameters to backend option
* nghttpx: Fix mruby parameter validation in backend option
* nghttpx: Implement RFC 8441 Bootstrapping WebSocket with HTTP/2
* nghttpx: Update neverbleed to fix OpenSSL 1.1.1 issues
* nghttpx: Update mruby 1.4.1
* nghttpx: Add mruby env.tls_handshake_finished
* nghttpx: Add --tls13-ciphers and --tls-client-ciphers options
* nghttpx: Add RFC 8470 Early-Data header field support
* nghttpx: Add RFC 8446 TLSv1.3 0-RTT early data support
-------------------------------------------------------------------
Wed Sep 26 08:00:27 UTC 2018 - adam.majer@suse.de
- Update to version 1.33.0:
* lib: Tweak nghttp2_session_set_stream_user_data
* lib: Fix handling of SETTINGS_MAX_CONCURRENT_STREAMS.
* lib: Implement ORIGIN frame
* asio: support definition of local endpoint for cleartext
client session
* integration: Remove remaining SPDY code from the integration tests
* nghttpx: Fix worker process crash with neverbleed write error
* nghttpx: Support per-backend mruby script
* nghttpx: Fix stream reset if data from client is arrived before
dconn is attached
-------------------------------------------------------------------
Mon Jul 9 15:04:12 UTC 2018 - mpluskal@suse.com
- Update to version 1.32.0:
* lib: Ignore all input after calling session_terminate_session
* lib: Fix treatment of padding
* lib: Don't allow 101 HTTP status code because HTTP/2 removes
HTTP Upgrade
* build: add ENABLE_STATIC_LIB option to build static lib
* third-party: Upgrade neverbleed to the latest master
* asio: Support client side SNI
* src: Compile with libressl 2.7.2
* src: Allow building without NPN
* h2load: -r and --duration are mutually exclusive
-------------------------------------------------------------------
Fri Apr 13 08:40:38 UTC 2018 - tchvatal@suse.com
- Version umpdate to 1.31.1:
* Fix bsc#1088639 CVE-2018-1000168
* https://nghttp2.org/blog/2018/04/12/nghttp2-v1-31-1/
-------------------------------------------------------------------
Mon Apr 9 10:16:47 UTC 2018 - tchvatal@suse.com
- Version update to 1.31.0:
* lib: Add nghttp2_session_set_user_data() public API function (GH-1137)
* src: Define nghttp2_inet_pton wrapper to avoid inet_pton macro (GH-1128)
* nghttpx: Close listening socket on graceful shutdown
* nghttpx: Add an option to accept expired client certificate (GH-1126)
* nghttpx: Add mruby tls_client_not_before, and tls_client_not_after (GH-1123)
* nghttpx: Fix potential memory leak
* lib: Allow PING frame to be sent after GOAWAY (GH-1103)
* nghttpx: Fix bug that h1 backend idle timeout expires sooner
* nghttpx: Stop overwrite of first header on mruby call to env.req.set_header(..) (Patch from Dylan Plecki) (GH-1119)
* nghttpx: Add upgrade-scheme parameter to backend option (GH-1099)
* nghttpx: Fix missing ALPN validation (--npn-list) (GH-1094)
* nghttpx: Remember which resource is pushed for RFC 8297 (GH-1101)
-------------------------------------------------------------------
Mon Apr 9 08:59:52 UTC 2018 - tchvatal@suse.com
- Drop spdylay dependency as it is deprecated since version 1.28.0
and removed from cofnigure.ac since 1.29.0
-------------------------------------------------------------------
Thu Feb 22 15:10:41 UTC 2018 - fvogt@suse.com
- Use %license (boo#1082318)
-------------------------------------------------------------------
Fri Jan 5 13:21:33 UTC 2018 - mpluskal@suse.com
- Update to version 1.29.0:
* lib: Use NGHTTP2_REFUSED_STREAM for streams which are closed by
GOAWAY
* build: Remove SPDY
* build: Fix CMAKE_MODULE_PATH
* nghttpx: Revert "nghttpx: Use an existing h2 backend connection
as much as possible"
* nghttpx: Write API request body in temporary file
* nghttpx: Increase api-max-request-body
* nghttpx: Faster configuration loading with lots of backends
* nghttpx: Fix crash with --backend-http-proxy-uri option
-------------------------------------------------------------------
Mon Dec 11 16:53:16 UTC 2017 - dimstar@opensuse.org
- Export PYTHON=/usr/bin/python3 before running configure: allow to
build without (comnplete) python2 in the buildroot. In any case
we only ship python3-bindings already.
-------------------------------------------------------------------
Wed Dec 6 16:35:46 UTC 2017 - mpluskal@suse.com
- Upodate to version 1.28.0:
* lib: Add nghttp2_error_callback2
* build: Add deprecation warning when spdylay support is enabled
* Switch to clang-format-5.0
* examples: Make client and server work with libevent-2.1.8
* third-party: Update neverbleed
* integration: Fix issues reported by the go vet tool.
* nghttpx: Fix affinity retry
* nghttpx: Fix stalled backend connection on retry
* nghttpx: Cookie based session affinity
* nghttpx: Expose additional TLS related variables to mruby and
accesslog
-------------------------------------------------------------------
Wed Nov 8 16:54:59 UTC 2017 - mpluskal@suse.com
- Drop forgotten python2 build dependency
-------------------------------------------------------------------
Thu Oct 26 10:28:19 UTC 2017 - mpluskal@suse.com
- Update to version 1.27.0:
* h2load: Print out h2 header fields with --verbose option
* nghttpx: Send non-final response to HTTP/1.1 or HTTP/2 client
only
- Changes for version 1.26.0:
* docs: Fix some typos in the nghttpx how-to
* h2load: Fix bug that timing script stalls with -m1
* h2load: Reservoir sampling (GH-984)
* h2load: Add timing-based load-testing in h2load
- Switch to python3 support
-------------------------------------------------------------------
Mon Oct 9 10:14:26 UTC 2017 - schwab@suse.de
- Don't use jemalloc on ppc or %arm, where it is broken.
-------------------------------------------------------------------
Mon Aug 28 10:58:52 UTC 2017 - mpluskal@suse.com
- Update to version 1.25.0:
* lib: add nghttp2_rcbuf_is_static() (Patch from Anna Henningsen) (GH-983)
* nghttpx: Fix bug that forwarded for is not affected by proxy protocol (GH-979)
* nghttpx: Update mruby to 1.3.0 (GH-957)
-------------------------------------------------------------------
Mon Jul 17 19:45:59 UTC 2017 - mpluskal@suse.com
- Drop doc building
- Rename python subpackage to python2
-------------------------------------------------------------------
Mon Jul 10 14:35:59 UTC 2017 - mpluskal@suse.com
- Update to version 1.24.0:
* doc: README.rst: fix typo (Patch from Simone Basso) (GH-947)
* doc: fix up grammar in submit_trailer docs (Patch from Benjamin Peterson) (GH-945)
* doc: fix cleaning in out-of-tree builds (Patch from Benjamin Peterson) (GH-938)
* nghttp: Fix bug that upgrade fails if reason-phrase is missing (GH-949)
* nghttpx: Verify OCSP response using trusted CA certificates (GH-943)
* nghttpx: Set default minimum TLS version to TLSv1.2 (GH-937)
- Changes for version 1.23.1:
* nghttpx: Fix crash in OCSP response verification
- Changes for version 1.23.0:
* lib: nghttp2_session: Allow for compiling library with -DNDEBUG set (Patch from Angus Gratton) (GH-919)
* lib: Treat incoming invalid regular header field as stream error (GH-900)
* lib: Call nghttp2_on_invalid_frame_callback if altsvc validation fails (GH-904)
* doc: spelling mistake in arguments to build nghttp apps (Patch from Soham Sinha) (GH-925)
* doc: Add notes for installation on linux systems (Patch from Tapanito) (GH-917)
* doc: Clarify the effect of nghttp2_option_set_no_http_messaging
* nghttpx: Verify OCSP response (GH-929)
* nghttpx: Fix certificate selection based on pub key algorithm (GH-924)
* nghttpx: Fix certificate indexing bug
* nghttpx: Run OCSP at startup (GH-922)
* nghttpx: Wildcard path matching (GH-914)
* nghttpx: Forward multiple via, xff, and xfp header fields (GH-903)
* nghttp: Add -y, --no-verify-peer option to suppress peer verify warn (GH-906)
-------------------------------------------------------------------
Wed May 10 12:03:35 UTC 2017 - mpluskal@suse.com
- Update to version 1.22.0:
* lib: Add missing free call on error in inflight_settings_new() (Patch from lstefani) (GH-884)
* asio: Support specifying stream priority via session::submit() (Patch from Matt Way) (GH-881)
* nghttpx: Clarify --conf option behaviour
* nghttpx: Add $tls_sni access log variable (GH-896)
* nghttpx: Rename ssl_* log variables as tls_* (GH-895)
* nghttpx: Fix path matching bug (GH-894)
* nghttpx: SNI based backend server selection (GH-892)
* nghttpx: Enable signed_certificate_timestamp extension for TLSv1.3 (GH-878)
* nghttpx: Add options for X-Forwarded-Proto header field (GH-872)
* nghttpx: Add --single-process option (GH-869)
* nghttpx: Use 502 as server error code
* nghttpx: Use SSL_CTX_set_early_data_enabled with boringssl
* nghttp: Verify server certificate and show warning if it fails (GH-870)
* integration: Use nip.io instead of xip.io
-------------------------------------------------------------------
Fri Apr 21 10:27:41 UTC 2017 - mpluskal@suse.com
- Update to version 1.21.1:
* asio: Fix crash if connect takes longer time than ping interval (GH-866)
* nghttpx: Fix bug that 204 from h1 backend is always treated as error (GH-871)
- Changes for version 1.21.0:
* lib: Fix nghttp2_session_want_write (GH-832)
* doc: Document pkg-config path usage
* build: Eliminate U macro; Instead use (void)VAR for better compiler compatibility.
* src: BoringSSL supports SSL_CTX_set_{min,max}_proto_version. (Patch from Piotr Sikora) (GH-853)
* src: Use Mozilla's "Modern compatibility" ciphers by default
* src: nghttp2_gzip: fix this statement may fall through [-Werror=implicit-fallthrough=] found by gcc7 (Patch from Alexis La Goutte) (GH-823)
* nghttpx: Print version number with -v option
* nghttpx: Enable X25519 with boringssl
* nghttpx: Retry getaddrinfo without AI_ADDRCONFIG (GH-858)
* nghttpx: Failing to listen on server socket is fatal error
* nghttpx: Escape certain characters in access log (GH-856)
* nghttpx: Ignore further input if connection is going to close
* nghttpx: Don't call functions which are not async-signal-safe after fork but before execv in multithreaded process.
* nghttpx: Enable backend pattern matching with http2-proxy (GH-733)
* asio: client: Send PING after 30 seconds idle (GH-847)
-------------------------------------------------------------------
Thu Mar 23 18:53:19 UTC 2017 - mpluskal@suse.com
- Update to version 1.20.0:
* lib: nghttp2_session: fix The 'then' statement is equivalent to the subsequent code fragment found by PVS Studio (V523) (Patch from Alexis La Goutte) (GH-814)
* lib: Add nghttp2_option_set_no_closed_streams (GH-810)
* build: Disable spdylay detection by default
* build: Add --with-systemd option to configure
* fuzz: Add fuzzer for oss-fuzz (GH-799)
* src: Enable TLSv1.3 if it is supported by OpenSSL (or BoringSSL) (GH-816)
* src: h2 requires >= TLSv1.2
* asio: More graceful stop of nghttp2::asio_http2::server::http2 (Patch from Amir Pakdel) (GH-805)
* asio: Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted. (Patch from clemahieu)
* asio: Fix infinite loop in acceptor handler (Patch from clemahieu) (GH-794)
* asio: close_stream erases from streams_ while it's being iterated over. (Patch from clemahieu) (GH-795)
* nghttpx: Strip version number from server header field
* nghttpx: Add --single-worker option
* nghttpx: Fix bug that send_reply does not participate graceful shutdown
* nghttpx: Add --frontend-max-requests option
* nghttpx: Enable stream-write-timeout by default
* nghttpx: Fix stream write timer handling
* nghttpx: Add configrevision API endpoint (GH-820)
* nghttpx: Redirect to HTTPS URI with redirect-if-not-tls parameter (GH-819)
* nghttpx: Update log time stamp in millisecond interval
* nghttpx: Better error message when private key and certificate are missing
* nghttpx: Fix bug that old config is used during reloading configuration
* nghttpx: Specify TLS protocol by version range (GH-809)
* nghttpx: Send SIGQUIT to the original master process (GH-807)
* nghttpx: Restrict HTTP major and minor in 0 or 1
* nghttpx: Drop privilege of neverbleed daemon first
* nghttpx: add systemd support (Patch from Tomasz Torcz) (GH-802)
* nghttpx: Fix crash on SIGHUP with multi thread configuration (GH-801)
* nghttpx: Send 1xx non-final response using mruby script (GH-800)
* nghttpx: Select certificate by client's supported signature algorithm (GH-792)
* nghttpx: Recommend POST for backendconfig API request
* nghttpx: Don't build PSK features with LibreSSL (Patch from Bernard Spil) (GH-789)
* nghttp: add support for link rel="preload" for --get-assets (Patch from Benedikt Christoph Wolters) (GH-791)
* h2load: Fix wrong req_stat updates
* h2load: Explicitly count the number of requests left and inflight
* integration: Fix deprecation warnings
* integration: Redirect nghttpx stdout/stderr to test driver's stdout/stderr
- Changes for version 1.19.0:
* lib: Fix memory leak of nghttp2_stream object in server side nghttp2_session object
* Fix issues found by PVS Studio (Patch from Alexis La Goutte) (GH-769)
* doc: Update README file to write about the issue of Alpine Linux's inability to replace malloc (Patch from makovich) (GH-768)
* build: Compile with Android NDK r13b using clang
* src: Fix assertion error with boringssl
* nghttp: Take into account scheme and port when parsing HTML links
* nghttp: Fix authority for --get-assets if IP address is used in conjunction with user-defined :authority header (Patch from Benedikt Christoph Wolters) (GH-783)
* nghttpx: Add --accesslog-write-early option (GH-777)
* nghttpx: Fix access.log timestamp (GH-778)
* nghttpx: Show default cipher list in -h
* nghttpx: Add client-ciphers option
* nghttpx: Add client-no-http2-cipher-black-list option
* nghttpx: Fix the bug that no-http2-cipher-black-list does not work on backend HTTP/2 connections.
* nghttpx: Add --client-psk-secret option to enable PSK in backend (GH-612)
* nghttpx: Add --psk-secret option to enable PSK in frontend connection (GH-612)
* nghttpx: Enable SCT with OpenSSL 1.1.0
* nghttpx: Add proxyproto to frontend option to accept PROXY protocol (GH-765)
* h2load: Show default cipher list in -h
* h2load: Show custom server temp key such as X25519
* h2load: Fix incorrect return value from spdylay_send_callback
- Changes for version 1.18.1:
* nghttpx: Fix assertion error in libev ev_io_start (GH-759)
* nghttpx: Handle c-ares success without result
* nghttpx: Fix bug that DNS timeout was erroneously disabled (GH-763)
* nghttpx: Fix bug that DNS timeout was ignored (GH-763)
-------------------------------------------------------------------
Thu Feb 2 10:21:27 UTC 2017 - adam.majer@suse.de
- use individual libboost-*-devel packages instead of boost-devel
-------------------------------------------------------------------
Tue Jan 3 10:39:12 UTC 2017 - mpluskal@suse.com
- Update to version 1.18.0:
* lib: Accept and ignore content-length: 0 in 204 response for now
* build: Use pkg-config to detect libxml2
* build: Require c-ares to compile applications under src
* build: Add Windows CI via AppVeyor (Patch from Alexis La Goutte)
* examples: Delete tiny-nghttpd
* nghttpx: Retry h1 backend request if first write fails (GH-757)
* nghttpx: Keep reading after backend write failed (GH-756)
* nghttpx: Add frontend-keep-alive-timeout option (GH-755)
* nghttpx: New error log format (GH-749)
* nghttpx: Fix bug that fetch-ocsp-response does not work with OpenSSL 1.1.0 (GH-742)
* nghttpx: Backend API call allows non-numeric host with dns parameter (GH-731)
* nghttpx: Lookup backend host name dynamically (GH-721)
* nghttpx: Accept and ignore content-length: 0 in 204 response for now (GH-735)
* nghttpx: Wait for child process to exit
-------------------------------------------------------------------
Wed Dec 14 10:19:51 UTC 2016 - mpluskal@suse.com
- Update to version 1.17.0:
* lib: Disallow content-length in 1xx, 204, or 200 to a CONNECT request (GH-722)
* lib: Avoid memcpy against NULL src
* build: MSVC version resource support (Patch from Remo E) (GH-718)
* asio: server: Call on_close callback on connection close (GH-729)
* nghttpx: Fix frequent crash with --backend-http-proxy-uri
* nghttpx: Robust backend read timeout
* nghttpx: Fix bug that mishandles response header from h1 backend
* nghttpx: Fix bug that zero-length POST is not forwarded (GH-726)
* nghttpx: Remove optional reason-phrase from SPDY :status
* nghttpx: Header key and value must be string in mruby script
* nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby (GH-722)
* nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1 (GH-722)
* nghttpx: Fix compilation with BoringSSL (Patch from dalf) (GH-717)
* nghttpd, nghttpx, asio: Add missing mandatory SP after status code
-------------------------------------------------------------------
Thu Nov 24 09:44:32 UTC 2016 - mpluskal@suse.com
- Update to version 1.16.1:
* lib: Prevent undefined behavior in decode_length
* nghttpx: Fix bug which may crash nghttpx if non-final response
is forwarded from origin server to HTTP/1.1 client
- Changes for version 1.16.0:
* lib: Add nghttp2_set_debug_vprintf_callback to take advantage
of DEBUGF statements in when building DEBUGBUILD.
* Update .clang-format for clang-format-3.9
* build: Make it possible to include nghttp2/CMakeLists.txt in
another project using add_subdirectory.
* third-party: Update http-parser to
feae95a3a69f111bc1897b9048d9acbc290992f9
* asio: Fix crash when end() is called outside nghttp2 callback
* nghttpx: Add --backend-connect-timeout option
* nghttpx: Add TLS signed_certificate_timestamp extension support
* nghttpx: Add --ecdh-curves option to specify list of named
curves
* h2load: Add --header-table-size and --encoder-header-table-size
options
-------------------------------------------------------------------
Sun Sep 25 09:01:48 UTC 2016 - mpluskal@suse.com
- Update to version 1.15.0:
* lib: Add nghttp2_option_set_max_deflate_dynamic_table_size()
API function (GH-684)
* lib: Allow NGHTTP2_ERR_PAUSE from
nghttp2_data_source_read_callback (GH-671)
* lib: Add nghttp2_session_get_hd_deflate_dynamic_table_size()
and nghttp2_session_get_hd_inflate_dynamic_table_size() API
functions to get current HPACK dynamic table size (GH-664)
* lib: Add nghttp2_session_get_local_settings() API function
* lib: Add nghttp2_session_get_local_window_size() and
nghttp2_session_get_stream_local_window_size() API functions
* build: Add -lsocket -lnsl to APPLDFLAGS for solaris build
* neverbleed: Update neverbleed to support ECDSA certificate
* doc: Mention --enable-lib-only configure option in README
* integration: Fix test failure with go1.7.1
* src: Fix compile error with openssl 1.1.0
* nghttpx: Improve performance with HTTP/1.1 backend when
request body is involved
* nghttpx: Use std::atomic_* overloads for std::shared_ptr if
available
* nghttpx: Migrate backend stream to another h2 session on
graceful shutdown
* nghttpx: Add option to specify HPACK encoder/decoder dynamic
table size
* nghttpx: Log client address
* nghttpx: Add tls_sni to mruby Nghttpx::Env class
* nghttpx: Add --frontend-http2-window-size option, and its
family functions
* nghttpx: Add experimental TCP optimization for h2 frontend
* nghttpx: Workaround for std::make_shared bug in Xcode7, 7.1,
and 7.2 (GH-670)
* nghttpx: Fix bug that bytes are doubly counted to rate limit
for TLS connections
* nghttpx: Add --no-server-rewrite option not to rewrite server
header field (GH-667)
* nghttpx: Retry if backend h1 connection cannot be established
due to timeout
* nghttpx: Reset stream if invalid header field is received in h2
* nghttpx: Add --server-name option to change server response
header field (GH-667)
* nghttpd: Add --encoder-header-table-size option
* nghttp: Add --encoder-header-table-size option
* python: Support ALPN, require Python 3.5
-------------------------------------------------------------------
Thu Sep 8 08:35:52 UTC 2016 - idonmez@suse.com
- Update to version 1.14.0:
* lib: Make emit_header() return void since it always succeed
* lib: Add nghttp2_hd_deflate_hd_vec() deflate API to support
multiple buffer input
* lib: since hd_inflate_commit_indexed() always return 0,
remove the return value check in nghttp2_hd_inflate_hd_nv()
* lib: Use memeq() instead of lstreq() in lookup_token()
* lib: More strict stream state handling
* lib: Modify genlibtokenlookup.py to remove redundant header
comparisons and remove inline qualifier of lookup_token()
in genlibtokenlookup.py
* lib: Fix wrong tree operation to avoid cycle
* lib: Make get_max_index() return the max index in frame,
so we don't need to do extra calculation
* lib: Add nghttp2_on_invalid_header_callback
* lib: Log frame's stream ID for header debug logging
* doc: Remove old doc about differential encoding in HPACK
* doc: Document about ALPN in nghttpx howto
* nghttpx: Log error code from getsockopt(SO_ERROR) on first
write event
* nghttpx: Don't change pushed stream's priority
* nghttpx: Log backend connection failure in WARN level
* nghttpx: Fix bug that api and healthmon parameters do not work
with http2 proxy
* nghttpx: Add access log variable for backend host and port
* nghttpx: Use copy instead of const reference of backend group
* nghttpx: Reload configuration with SIGHUP
* nghttp: Adjust weight according to Firefox stable
* nghttp: Call error callback when invalid header field is
received and ignored
* nghttp: Allow multiple -p option
* deflatehd: Call nghttp2_hd_deflate_change_table_size only
if table size is changed from default
-------------------------------------------------------------------
Sun Aug 7 17:23:20 UTC 2016 - mpluskal@suse.com
- Update to version 1.13.0:
* lib: Cancel non-DATA frame transmission from
nghttp2_before_frame_send_callback
* doc: Fix warning with Sphinx 1.4
* build: Work with Android NDK r12b
* nghttpx: Use consistent hashing for client IP based session
affinity
* nghttpx: Fix FTBFS on armel by explicitly including the header
* nghttpx: Cast to double to fix build with gcc 4.8 on Solaris 11
* nghttpx: Fix build error with libressl
* examples: Fix compile error with OpenSSL v1.1.0-beta2
-------------------------------------------------------------------
Thu Jul 14 13:08:52 UTC 2016 - mpluskal@suse.com
- Update to version 1.12.0:
* Add nghttp2_session_set_local_window_size API function
* Add nghttp2_option_set_max_send_header_block_length API
function (GH-613)
* Fix warning: declaration of 'free' shadows a global declaration
(Patch from Alexis La Goutte)
* examples: Add ALPN support to tutorial client/server (GH-614)
* nghttpx: Reduce TTFB with large number of incoming connections
* nghttpx: Rewrite read timer handling
* nghttpx: Clean up neverbleed AF_UNIX socket
* nghttpx: Add --backend-max-backoff option
* nghttpx: Use 16KiB buffer for reading to match TLS record size
* nghttpx: Add healthmon parameter to -f option to enable health
monitor mode
* nghttpx: Receive reference of std::mt19937, not making a copy
* nghttpx: Fix bug that backend never return to online (GH-615)
* nghttpx: Implement client IP based session affinity
* nghttpx: Add --api-max-request-body option to set maximum API
request body size
* nghttpx: Add api parameter to --frontend option to mark API
endpoint
* h2load: Add content-length header field for HTTP/2 and SPDY as
well
* h2load: Implement HTTP/1 upload (GH-611)
-------------------------------------------------------------------
Wed Jun 8 09:03:04 UTC 2016 - idonmez@suse.com
- Update to 1.11.1
* lib: Add nghttp2_hd_inflate_hd2() and deprecate
nghttp2_hd_inflate_hd()
* lib: Avoid 0-length DATA if NGHTTP2_DATA_FLAG_NO_END_STREAM is set
* lib: Fix bug that PING flags are ignored in nghttp2_submit_ping
* integration: Workaround runtime error: cgo argument has Go pointer
to Go pointer
* nghttp: Eliminate zero length DATA frame at the end if possible
* nghttpd: Set content-length in status response
* nghttpx: Add sni keyword to --backend option
* nghttpx: Allow mixed protocol and TLS settings among backends under
same pattern
* nghttpx: Don't add 0-length DATA when response HEADERS bears
END_STREAM flag
* nghttpx: Don't add chunked encoded response body for HEAD request
* nghttpx: Don't use CN if we have dNSName or iPAddress field
* nghttpx: Just call execv instead of execve to pass environ
* nghttpx: Make SETTINGS timeout value configurable
* nghttpx: Save PID file after it is ready to accept connections
* nghttpx: Treat backend failure if SETTINGS is not received within
timeout
* nghttpx: Wait for SETTINGS ACK to make sure that backend h2 server
is alive
-------------------------------------------------------------------
Wed Apr 27 10:04:48 UTC 2016 - mpluskal@suse.com
- Update to 1.10.0
* Pass unknown SETTINGS values to nghttp2_on_frame_recv_callback
* Add ALTSVC frame support
* Run error callback when peer does not send initial SETTINGS
frame
* Update http-parser
* Update sphinx_rtd_theme
* nghttp: add an --expect-continue option
* nghttpx: Fix downstream connect callback called early
* nghttpx: Truncate too long -b option signature
* nghttpx: Fix bug that server push from mruby script did not
work
* nghttpx: Try next HTTP/1 backend address when connection
cannot be made
* nghttpx: Retry next HTTP/2 backend address when connection
cannot be made
* nghttpx: Enable link header field based push for non-final
response
* nghttpx: Detect online/offline state of backend servers
* nghttpx: Better load balancing between backend HTTP/2 servers
* nghttpx: Fix crash with backend failure
-------------------------------------------------------------------
Wed Apr 13 18:31:20 UTC 2016 - mpluskal@suse.com
- Update to 1.9.2
* nghttpx: Fix crash with backend failure
* nghttpx: Better distribute load to backend h2 servers
* nghttpx: Fix error messages on deprecated mode
* nghttpx: Fix bug that logger wrote string which was not
NULL-terminated
* nghttpx: Fix bug that proxy with HTTP/1.1 CONNECT did not work
-------------------------------------------------------------------
Sun Mar 27 16:57:17 UTC 2016 - mpluskal@suse.com
- Update to 1.9.1
* nghttpx: Fix bug that backend tls keyword did not work with -s
option
* nghttpx: Fix handing stream after connection check was failed
- Changes for 1.9.0
* lib: Add nghttp2_error_callback to tell application human
readable error message
* lib: Reference counted HPACK name/value pair, adding
* nghttp2_on_header_callback2
* lib: Add nghttp2_option_set_no_auto_ping_ack() option
* lib: Add nghttp2_http2_strerror() to return HTTP/2 error code
string
* build: Makefile.msvc enhancements (Patch from Jan-E)
* build: Lower libev version requirement (Patch from Peter Wu)
* build: cmake build support (Patch from Peter Wu)
* asio: Fix bug that server event loop breaks with exception
* integration: Disable tests that sometimes break randomly on
travis
* integration: do not use recursive target (Patch from Peter Wu)
* h2load: Fix bug that it did not try to connect to server again
* h2load: Fix bug that initial max concurrent streams was too
large
* nghttpx: Memcached connection encryption with tls keyword
* nghttpx: Enable/disable TLS per frontend address
* nghttpx: Configure TLS per backend routing pattern
* nghttpx: Workaround for Ubuntu 15.04 which does not
value-initialize on std::make_shared.
* nghttpx: Add --error-page option to set custom error pages
* nghttpx: Add wildcard host routing
* nghttpx: Change read timeout reset timing
* nghttpx: Don't push if Link header field includes nopush
* nghttpx: Deprecate backend-http1-connections-per-host in favor
of backend-connections-per-host
* nghttpx: Restructure mode settings, removing --http2-bridge,
--client, and --client-proxy options
* nghttpx: Deprecate backend-http1-connections-per-frontend in
favor of backend-connections-per-frontend
* nghttpx: Don't share session which is already in draining
state
* nghttpx: Effectively disable backend HTTP/2 connection flow
control
* nghttpx: Add --frontend-http2-max-concurrent-streams and
--backend-http2-max-concurrent-streams, and deprecate
--http2-max-concurrent-streams option
* nghttpx: Deprecate --backend-http2-connections-per-worker
option
* nghttpx: Share TLS session cache between HTTP/2 and HTTP/1
backend
* nghttpx: Rewrite backend HTTP/2 connection coalesce strategy
-------------------------------------------------------------------
Fri Feb 26 13:00:38 UTC 2016 - mpluskal@suse.com
- Update to 1.8.0
* Add Architecture documents (work in progress)
* List all contributors in AUTHORS
* doc: fix out-of-tree doc builds (Patch from Peter Wu)
* Wrap AM_PATH_XML2 by m4_ifdef to handle the case when
_PATH_XML2 is not found
* Fix configure script for non-gcc, clang build
* Document compiling apps and include h2load in configure (Patch
from David Beitey)
* Don't check for dlopen/libdl on *BSD (Patch from Bernard Spil)
* Don't taint CXXFLAGS from AX_CXX_COMPILE_STDCXX_11
* Fixing Windows Makefile version detection (Patch from Reza
Tavakoli)
* lib: Tokenize extra HTTP header fields
* lib: Fix typo in HAVE_CONFIG_H name (Patch from Peter Wu)
* lib: Add HTTP/2 extension framework to send and receive
non-critical frames
* tests: remove unused macros (Patch from Peter Wu)
* src: Update default cipher list
* src: Fix compile error with gcc-6 which enables C++14 by default
* asio: client: Fix connect timeout does not work, return from cb
if session stopped, removing client::session::connect_timeout()
functon
* nghttpd: Start SETTINGS timer after it is written to output
buffer
* nghttpd: Add trailer header field to status responses
* nghttpd: Add -w and -W options to change window size
* nghttpx: Worker wide blocker which is used when socket(2) is
failed
* nghttpx: ConnectBlocker per backend address
* nghttpx: Interleave text/html pushed resources with associated
resource
* nghttpx: Add headers given in add-response-headers for mruby
response
* nghttpx: Deprecate --backend-ipv4 and --backend-ipv6 in favor
of --backend-address-family
* nghttpx: Add options to specify address family of memcached
connections
* nghttpx: Add encryption support for TLS ticket key retrieval
* nghttpx: Add TLS support for session cache memcached connection
* nghttpx: Refactor blacklisted cipher suite check (Patch from
Jay Satiro)
* nghttpx: Add TLS support for HTTP/1 backend
* nghttpx: Add request-header-field-buffer and
max-request-header-fields options, deprecating
header-field-buffer and max-header-fields options.
* nghttpx: Add --no-http2-cipher-black-list to allow black listed
cipher suite
* nghttpx: Limit header fields from backend
* nghttpx: Fix bug that IPv6 address in Forwarded "for" is not
quoted-string
* nghttpx: Support multiple frontend addresses
* integration-tests: support out-of-tree tests (Patch from Peter
Wu)
* examples: fix compile warnings (Patch from Peter Wu)
- Drop upstreamed nghttp2-c++14.patch
-------------------------------------------------------------------
Fri Feb 12 17:21:54 UTC 2016 - mpluskal@suse.com
- Update to 1.7.1
* Fix CVE-2016-1544 (boo#966514)
-------------------------------------------------------------------
Thu Jan 28 14:43:56 UTC 2016 - rguenther@suse.com
- Add nghttp2-c++14.patch to properly guard make_unique templates.
[bsc#964140]
-------------------------------------------------------------------
Tue Jan 26 20:02:00 UTC 2016 - mpluskal@suse.com
- Update to 1.7.0
* Reset (RST_STREAM) stream if flow control window gets overflow
* Validate :authroity, host, and :scheme value more strictly
* Check request/response submission error based side of session
* Strict outgoing idle stream detection
* Return error from nghttp2_submit_{headers,request} when self
dependency is made
* Add -ldl to APPLDFLAGS for static openssl linking
* asio: Stop acceptor on server::http2::stop
* asio: Rename http2::get_io_services() as http2::io_services()
* h2load: Support UNIX domain socket
* h2load: Improve readability of traffic numbers
* h2load: Remove "auto" for -m option
* h2load: Show progress in rate mode
* h2load: Perform sampling for request and connection timings to
reduce memory consumption
* nghttpd: Add --no-content-length option to omit content-length
in response
* nghttpx: Interleave pushed streams with the associated stream
if pushed streams are javascript and CSS resources
* nghttpx: The initial value of request/response buffer is
increased to 128K
* nghttpx: Fix bug that --listener-disable-timeout option is not
used
* nghttpx: Don't emit :authority if request does not contain
authority information
* nghttpx: Add clarification of quotes in configuration file
* nghttpx: Don't allow certain characters in host and :scheme
header field
* nghttpx: Add RFC 7239 Forwarded header field support
* nghttpx: Fix crash when running on IPv6 only (Patch from Vernon
Tang)
* nghttpx: Take into account of trailers when applying
max_header_fields
* nghttpx: Don't apply max_header_fields and header_field_buffer
limit to response
* nghttpx: Strict validation for header fields given in
configuration
* nghttpx: header value should not be lower-cased (Patch from
ayanamist)
-------------------------------------------------------------------
Thu Jan 21 08:28:51 UTC 2016 - pgajdos@suse.com
- fixed typo in libnghttp2_asio1 [bsc#962914]
-------------------------------------------------------------------
Wed Dec 23 17:48:47 UTC 2015 - mpluskal@suse.com
- Update to 1.6.0
* Fix heap-use-after-free bug when handling idle streams
* Strict error handling for frames which are not allowed after
closed (remote)
* Set max number of outgoing concurrent streams to 100 by
default
* Keep incoming streams only at server side
* Create stream object for pushed resource during
nghttp2_submit_push_promise()
* Add nghttp2_session_create_idle_stream() API
* Handle response in nghttp2_on_begin_frame_callback
* Add --lib-only configure option
* Compile with OpenSSL 1.1.0-pre1
* Fix build when OpenSSL 1.0.2 is not available (patch from
Sunpoet Po-Chuan Hsieh)
* asio: Add connect and read timeout to client API
* asio: Add TLS handshake and read timeout to server API
* asio: Added access to a requests remote endpoint (patch from
Andreas Pohl)
* asio: libnghttp2_asio: Added io_service accessors (patch from
Andreas Pohl)
* h2load: Add req/s min, max, mean and sd for clients
* h2load: Fix broken connection times
-------------------------------------------------------------------
Tue Dec 1 14:13:15 UTC 2015 - mpluskal@suse.com
- Update to 1.5.0
* Fix bug that nghttp2_session_find_stream(session, 0) returned
NULL
* Add nghttp2_session_change_stream_priority() to change stream
priority without sending PRIORITY frame
* Add nghttp2_session_check_server_session() API
* Consider to use CANCEL error code when closing streams with
GOAWAY
* Don't send push response if GOAWAY has been received
* Use error code CANCEL to reset pushed reserved stream from
remote
* Add nghttp2_session_upgrade2(), deprecate
nghttp2_session_upgrade()
* Workaround HTTP upgrade with HEAD request in
nghttp2_session_upgrade()
* Introduce NGHTTP2_NV_FLAG_NO_COPY_NAME and
NGHTTP2_NV_FLAG_NO_COPY_VALUE
* Add nghttp2_session_check_request_allowed() API function
* Switch to clang-format-3.6
* Update mruby to 1.2.0
* tests: fix broken linkage with --disable-static (Patch from
Kamil Dudka)
* python: Send RST_STREAM if remote side is not closed and
response finished
* asio: client: call on_error when connection is dropped
* asio: ALPN support
* h2load: Add --h1 option to force http/1.1 for both http and
https URI
* h2load: Fix crash when dealing with "connection: close" form
HTTP/1.1 server
* h2load: h2load goes into infinite loop when timing script file
starts with 0.0 in first line (Patch from Kit Chan)
* h2load: Override user-agent with -H option
* h2load: Print "space savings" to measure header compression
efficiency
* h2load: Stream error should be counted toward errored
* h2load: Show application protocol with OpenSSL < 1.0.2
* nghttpx: Don't send RST_STREAM to h2 backend if backend is
disconnected state
* nghttpx: Support server push from HTTP/2 backend
* nghttpx: Fix bug that causes connection failure with backend
proxy URI
* nghttpx: Use --backend-tls-sni-field to verify certificate
hostname
* nghttpx: Log :authority as $http_host if available
* nghttpd: Fix crash with CONNECT request
* nghttpd: Defered eviction of cached fd using timer
* nghttpd: Read /etc/mime.types to set content-type header field
* nghttp: Record request method to output it in har correctly
* nghttp: Use method given in -H with ":method" in HTTP Upgrade
- Drop nghttp2-1.4.0-fix-tests.patch (now in upstream)
-------------------------------------------------------------------
Mon Nov 16 17:21:15 UTC 2015 - mpluskal@suse.com
- Enable spdy and more example applications
-------------------------------------------------------------------
Sat Oct 31 10:21:56 UTC 2015 - sor.alexei@meowr.ru
- Update to 1.4.0:
* lib: Don't always expect dynamic table size update.
* lib: Shrink to the minimum table size seen in local SETTINGS.
* lib: Add new error code NGHTTP2_ERR_PAUSE to send_data_callback.
* lib: Avoid excessive WINDOW_UPDATE queuing.
* lib: Return fatal error if flooding is detected to close
session immediately.
* lib: Return type of nghttp2_submit_trailer is int.
* lib: Don't send WINDOW_UPDATE with 0 increment.
* lib: Fix bug that headers in CONTINUATION were ignored after
HEADERS with padding.
* package: Use -fvisibility=hidden for internal functions.
* package: Show more information in configure summary.
* package: Add PIDFile directive to systemd service.
* package: Fix daemon upgrade when running under systemd.
* app: Compile with BoringSSL.
* nghttp: Allow multiple -c option occurrence, and take min and
last value.
* nghttpd: Fix leak when server failed to listen to given port.
* nghttpx: Add TLS dynamic record size behaviour command line
options.
* nghttpx: Reduce default timeouts for read sockets to 1m.
* nghttpx: Fix bug that PUT is replaced with POST.
* nghttpx: Change mruby script handling.
* nghttpx: Added support for RFC 7413 (TCP Fast Open) on nghttpx
proxy listening connections.
* nghttpx: Add neverbleed support.
* h2load: Don't DOS our server!
* h2load: Use duration syntax for timeouts.
* h2load: Support subsecond rate period.
* h2load: Simplify rate mode.
* h2load: Add option for user-definable rate period.
* h2load: Reuse SSL/TLS session.
* h2load: Reconnect server on connection: close.
* h2load: Don't exit in the case of no ALPN protocol overlap.
* integration: Update go's http2 package URI.
- Add missing baselibs.conf.
- Add nghttp2-1.4.0-fix-tests.patch from commit 4825009.
- Small spec cleanup.
-------------------------------------------------------------------
Sun Sep 27 12:38:17 UTC 2015 - mpluskal@suse.com
- Update to 1.3.4
* Make traditional init script fail if new config file is broken
(Patch from Janusz Dziemidowicz)
* nghttpx-logrotate: Don't use killall since we have multiple
processes
* nghttpx: Fix improper signal handling
- Changes for 1.3.3
* Fix bug in padding handling of DATA frame
* Use hash table for dynamic table lookup
* More warning flags for --enable-werror
* Update mruby
* h2load: HTTP/1.1 support (Patch from Lucas Pardue)
* nghttpx: Do not try to set TCP_NODELAY when frontend is an
UNIX socket (Patch from Janusz Dziemidowicz)
* nghttpx: Chown UNIX domain socket to user specified as --user
* nghttpx: Split monolithic one process into control and worker
processes
* nghttpx: Handle SSL/TLS data following PROXY protocol line
- Changes for 1.3.2
* Check header block limit after new stream is opened
* nghttp: Show error if HEADERS frame cannot be sent for
whatever reason
* nghttpx: Fix assertion failure on TLS handshake
* nghttpx: Add x-http2-push header field for pushed resource
* nghttpx: Fix compile error with --disable-threads
-------------------------------------------------------------------
Mon Sep 14 13:33:16 UTC 2015 - mpluskal@suse.com
- Update to 1.3.1
* Avoid usage of typeof and replace __builtin_offsetof with
offsetof
* Honor stream->weight even if stream->last_writelen is 0
* Compile third-party libraries if hpack-tools is enabled
* nghttpx-init: Start nghttpx with --daemon
* Bundle sphinxcontrib.rubydomain https://bitbucket.org/birkenfeld/sphinx-contrib/src/default/rubydomain/
* Bundle mruby
* h2load: Record TTFB on first byte of response body, rather
than first socket read
* h2load: Improve checking for timing script input, prevent
false positive in certain situations
* nghttpx: Implement PROXY protocol version 1
(--accept-proxy-protocol option)
* nghttpx: Allow link header server push for HTTP/2 backend
as well
* nghttpx: Don't initiate push if client disabled push
* nghttpx: Allow absolute URI in Link header field for push
* nghttpx: Fix crash with multi workers and QUIT signal
* nghttpx: Add mruby support which is disabled by default
(use --with-mruby configure option to enable it)
* nghttpx: Drop connection before TLS finish if h2 requirement
is not fulfilled
- Fix typo in previous changelog entry
-------------------------------------------------------------------
Tue Sep 1 06:59:43 UTC 2015 - mpluskal@suse.com
- Update to 1.3.1
* Limit the number of incoming reserved (remote) streams
* Add stream public API
* Rewrite priority tree handling
* Fix parallel make distcheck
* Define it and itprep recursive target if
AM_EXTRA_RECURSIVE_TARGETS is defined
* fetch-ocsp-response: Handle spurious openssl exist status 0
* nghttpx: Use nghttp2::ssl::DEFAULT_CIPHER_LIST for backend TLS
connection
* nghttpx: Don't allow blacked listed cipher suites for HTTP/2
connection
* nghttpx: better handle /dev/stderr and /dev/stdout (Patch from
Tomasz Buchert)
* nghttpd: GOAWAY if SSL/TLS requirements for HTTP/2 are not met
* nghttpd: Return date header field for 304
* nghttpd: Support HEAD request
* h2load: Add Timing-script and base URI support (Patch from
Lucas Pardue)
* h2load: Add timeout options (Patch from Nora)
- Fix typo in changelog
-------------------------------------------------------------------
Mon Aug 17 10:51:27 UTC 2015 - mpluskal@suse.com
- Update to 1.2.1
* doc: Reword the HPACK tutorial (Patch from Tom Harwood)
* nghttpx: Fix stability issues
* h2load: Fix crash if -r > -n
-------------------------------------------------------------------
Mon Aug 10 14:10:20 UTC 2015 - mpluskal@suse.com
- Update to 1.2.0
* Fix crash if response or data is submitted to closing stream
* Header table size UINT32_MAX must be accepted
* Use PROTOCOL_ERROR against DATA sent to idle stream
* Allow multiple in-flight SETTINGS
* Strictly check occurrence of dynamic table size update
* Fix configure warning that 'missing' is missing or too old
* Fix rm: cannot remove ‘*.rst’: No such file or directory when
"make clean" (Patch from Alexis La Goutte)
* doc: Reword some of the server and client tutorial (Patch
from Tom Harwood)
* src: Remove monotonic_clock replacement macro for gcc-4.6
* nghttpx: Add TLS ticket key sharing among nghttpx instances
using memcached
* nghttpx: Add shared session cache using memcached
* nghttpx: Set SSL/TLS session timeout to 12 hours
* nghttpx: Enable session resumption on HTTP/2 backend
* nghttpx: Don't rewrite host header field by default
* nghttpx: Generate new ticket key every 1hr and its life time
is now 12hrs
* nghttpx: Don't reuse backend connection if it is not clean
* nghttpx: Add AES-256-CBC encryption for TLS session ticket
* nghttpd: Fix the bug that 304 response has non-empty body
* h2load: Add -r and -C options to h2load (Patch from
Nora Shoemaker)
- Changes for 1.1.2
* Fix linker error with libnghttp2_asio
* Allow custom installation location for Python bindings
- Drop no longer needed missing_nghttp2_timegm.patch
-------------------------------------------------------------------
Thu Jul 16 06:58:40 UTC 2015 - mpluskal@suse.com
- Update to 1.1.1
* nghttpx: Fix various stability issues and memory leak bug
- Changes for 1.1.0
* Fix DATA is not consumed if nghttp2_http_on_data_chunk failed
* nghttp2_submit_response and nghttp2_submit_headers may return
* NGHTTP2_ERR_DATA_EXIST
* msvc build fixes and enchantments (Patch from Gabi Davar)
* Compile with IRIX gcc-4.7 (Patch from Klaus Ziegler)
* nghttp: Add --max-concurrent-streams option
* nghttp: Add comment on HAR on pushed objects (Patch from
acesso)
* nghttpx: Add --include option to read additional configuration
from given file
* nghttpx: Add backend routing based on request host and path by
extending -b option
* nghttpx: Allow log variable to be enclosed by curly braces for
disambiguation
* nghttpx: Add log variables related to SSL/TLS connection
* h2load: Add --ciphers option
- Add patches
* missing_nghttp2_timegm.patch to fix building of asio library
* nghttp2-remove-python-build.patch to fix python bindings
installation when autotools are used
-------------------------------------------------------------------
Tue Jun 30 11:54:06 UTC 2015 - mpluskal@suse.com
- Update to 1.0.5
* Add STREAM_DEP_DEBUG macro switch to enable runtime validation
of depedency tree
* Fix another bug in priority handling; sibling's item is not
queued when ancestor's item is detached
* nghttpx: Fix crash with --http2-bridge and both frontend and
backend TLS
-------------------------------------------------------------------
Wed Jun 24 10:52:12 UTC 2015 - mpluskal@suse.com
- Update to 1.0.4
* Fix assertion failure in stream_update_dep_on_detach_item
(GH-264)
- Changes for 1.0.3
* Fix bug that idle self-depending PRIORITY is not handled
gracefully
* Optimize dependency based priority code to Firefox style tree
* enable third-party for asio_lib too (Patch from Mike
Frysinger)
* fetch-ocsp-response: Support LibreSSL, and include port in
ocsp_host
* src: Support compile with LibreSSL
* nghttpx: Fix bug that x-forwarded-proto header field does not
reflect frontend scheme on HTTP/2 backend
* nghttpx: Validate :path on SPDY frontend
-------------------------------------------------------------------
Tue Jun 16 08:27:32 UTC 2015 - mpluskal@suse.com
- Update to 1.0.2
* Fix bug that data are not consumed for connection in race
condition (GH-253)
* Define NGHTTP2_EXTERN to __declspec(dllimport) when using
nghttp2 for Windows build
* Translate fetch-ocsp-response into Python
* libevent-client: Fix bug that path is broken if URI does not
contain path part
* python: Call on_close callback when connection is lost for
server session
* python: Expose client certificate, if available (Patch from
Fabian Wiesel)
* python: Catch and log failure to set TCP_NODELAY (Patch from
Fabian Wiesel)
* nghttpx: Add --add-request-header option
* nghttpx: Make WebSocket upgrade work
* nghttpx: Fix bug that END_STREAM is not set in backend for
POST with Upgrade
* nghttpx: Don't send "Expect" header field twice
-------------------------------------------------------------------
Mon May 25 15:13:45 UTC 2015 - mpluskal@suse.com
- Update to 1.0.1
* Include stdint.h instead of inttypes.h when compiled with MSVC
< 2013
* Fix invalid memory free on out-of-memory handling
* integration: Use our own copy of golang spdy package
* android: Don't link zlib bundled with android NDK
* Dockerfile.android: Update NDK ver, and ubuntu; build and link
zlib
* src, examples: Fix up OpenSSL initialization
* nghttpx: Allow HTTP Upgrade from POST request if response
header has not been sent to the client
* nghttpx: Fix bug that PUSH_PROMISE is sent after associated
response HEADERS
* nghttpd: Close connection after settings timeout and GOAWAY
was sent
* h2load: Fix bug that NPN fails if ALPN is enabled
-------------------------------------------------------------------
Thu May 21 06:50:36 UTC 2015 - mpluskal@suse.com
- Update to 1.0.0
* v1.0.0 introduced backward incompatible changes from 0.7
series. Read https://nghttp2.org/documentation/package_README.html#migration-from-v0-7-15-or-earlier
to migrate from older version to this latest version.
- Changes for 0.7.15
* Hopefully, this is the last release for 0.7.x series.
Development continues in 1.x series.
* Access violation in buffers (GH-232) (Patch from Etienne Cimon)
* Retry finding jemalloc lib by je_malloc_stats_print (GH-233)
* inflatehd: Fix crash if 'wire' value is not string (GH-235)
* nghttpx: Revert 585af93 to fix crash with TLS (GH-234)
* nghttpd: Add --echo-upload option to send back request body
-------------------------------------------------------------------
Wed May 13 13:07:14 UTC 2015 - mpluskal@suse.com
- Update to 0.7.14
* Fix global-buffer-overflow in HPACK code
* Fix doc for nghttp2_select_next_protocol
* Fix bug that promised stream was not reset on decompression
error
* Add systemd and upstart configuration file for nghttpx
(Patch from Zhuoyun Wei)
* Improve nghttpx logrotate configuration file (Patch from
Zhuoyun Wei)
* Update sphinx_rtd_theme
* h2load: Update h2load to give connect time and ttfb stats
(Patch from ericcarlschwartz)
* nghttpd: Add -m, --max-concurrent-streams option
* nghttpx: Log absolute URI for HTTP/2 or client proxy request
* nghttpx: Add --header-field-buffer and --max-header-fields
options
* nghttp: Fix assertion error if very large value is given to -t
-------------------------------------------------------------------
Fri May 1 13:47:12 UTC 2015 - mpluskal@suse.com
- Update to 0.7.13
* Fix bug that promised stream was not reset by returning
NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from
nghttp2_on_header_callback. Instead, associated stream was reset.
* Allow NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE from
nghttp2_on_begin_headers_callback
* h2load: Effectively disable flow control by setting large
window size
* asio: Graceful shutdown and joinable server (Patch from
Xiaoguang Sun)
-------------------------------------------------------------------
Mon Apr 20 08:40:33 UTC 2015 - mpluskal@suse.com
- Update to 0.7.12
* Fix bug that nghttp2_session_set_next_stream_id accepts invalid
stream_id
* HPACK: Rewrite static header table handling
* HPACK: Never index authorization and small cookie header field
* Don't install libnghttp2_asio headers if they are disabled
* doc: Specify program directive so that hyperlink to option is
correctly pointed to the intended location
* asio: client: Call error_cb on error occurred in do_read and
do_write (Fixes GH-207)
* nghttp: Add --no-push option to disable server push
* nghttp: Show stream ID in statistics output
* nghttp: Remove --dep-idle option
* nghttp: Use same priority anchor nodes as Firefox does
* nghttpx: Don't push resource if link header has non empty
loadpolicy
* nghttpx: Add logging for somewhat important events (logs,
tickets, and ocsp)
* nghttpx: Set Downstream to stream user data on HTTP Upgrade
to h2
-------------------------------------------------------------------
Sun Apr 12 17:38:36 UTC 2015 - mpluskal@suse.com
- Update to 0.7.11
* nghttpx: Fix waitpid race condition in ocsp response update
* nghttp: Consider user-provided :authority header field for SNI
as well as host header field
- Changes for 0.7.10
* Make sure that nghttp2 license is MIT license
* Add nghttp2_session_consume_{connection,stream} to consume
bytes independent
* Add nghttp2_send_data_callback to send DATA payload without
copying "static inline" fix for build with VS2013 (Patch from
Remo E)
* Update lib/Makefile.msvc (Patch from Remo E)
* Remove dependency on libws2_32 on Windows build
* Define NGHTTP2_EXTERN macro to export function for Windows
build
* doc: Generate API doc per function
* python: Add async body generation support
* python: Fix pseudo-header field ordering bug
* nghttpx: Redirect stderr to errorlog file
* nghttpx: Fix bug that data buffered in SSL object are not
read
* nghttpx: Remove --tls-ctx-per-worker option
* nghttpx: Add OCSP stapling feature
-------------------------------------------------------------------
Sat Apr 4 16:55:55 UTC 2015 - mpluskal@suse.com
- Enable python bindings
- Update to 0.7.9
* Implements h2-14 protocol (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14)
* Implements HPACK 09 (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09)
* h2load: Fix crash if -t > -c
* h2load: Add -d option to upload data to server
* nghttpx: Forward only "trailers" keyword in te when forwarding HTTP/2 backend
* nghttpx: Fix PUSH_PROMISE header field corruption [GH-194]
* nghttpx: Fix te header field is duplicated when forwarding HTTP/2 backend
* nghttp, nghttpd: Add --hexdump option to hexdump incoming traffic.
* examples: Place AM_CPPFLAGS first to use in-package header files first [GH-192]
- Changes for 0.7.8
* Implements h2-14 protocol (http://tools.ietf.org/html/draft-ietf-httpbis-http2-14)
* Implements HPACK 09 (http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09)
* Validate :path header field for http or https URI scheme
* NULL-terminate header field name and value presented by callback
* README.rst: Cleaned up the grammar a bit (Patch from Ross Smith II)
* h2load: fix for segfault by reserving correct worker count (Patch from Stefan Eissing)
-------------------------------------------------------------------
Wed Mar 18 21:29:49 UTC 2015 - jengelh@inai.de
- Avoid shipping documentation redundantly. Set RPM groups.
-------------------------------------------------------------------
Fri Mar 6 18:19:47 UTC 2015 - mpluskal@suse.com
- Fix rpm group
-------------------------------------------------------------------
Tue Mar 3 22:15:13 UTC 2015 - mpluskal@suse.com
- Update to 0.7.5
* Implements h2-14 protocol
(http://tools.ietf.org/html/draft-ietf-httpbis-http2-14)
* Implements HPACK 09
(http://tools.ietf.org/html/draft-ietf-httpbis-header-compression-09)
* Validate HTTP semantics by default
* Add nghttp2_option_set_no_http_messaging() API function
* Update http-parser
* nghttp, nghttpd, nghttpx: Use "sensitive" to indicate
"never indexed" header field
* nghttp, nghttpd, nghttpx, h2load: Select/announce h2 in
ALPN/NPN
* nghttp: Fix unaligned field output in --stat
* nghttp: Fix -H does not work with -u upgrade request
* nghttp: Update resource timing terminology according to
Resource Timing TR
* nghttpd: Add -a option which takes an address parameter that
allows nghttpd to bind to a non-default address. Patch
from Brian Card
* nghttpx: Use omit minor version in case of HTTP/2 in via
header and access log
* nghttpx: Support UNIX domain socket on both frontend and backend
* nghttpx: Fix crash in http/1 backend when backend returns more
bytes than CL
* nghttpx: Cast configuration value to rlim_t to avoid compile
error on 32bit
* nghttpx: Fix 1 second delay in HTTP/2 backend connection
* nghttpx: Fix request re-submission bug in HTTP/2 backend
* asio-sv2: Fix compile error with OS X
-------------------------------------------------------------------
Sun Feb 15 11:00:12 UTC 2015 - mpluskal@suse.com
- Initial packaging of 0.7.4
