diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:34:16 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:34:16 +0000 |
| commit | 6552fe980a10f9117d6f3cf26d2b439dc9a2954d (patch) | |
| tree | 9bd56b1184cdf466a10acfa541956a566f77b9e9 /debian | |
| parent | Adding upstream version 1.52.0. (diff) | |
| download | nghttp2-6552fe980a10f9117d6f3cf26d2b439dc9a2954d.tar.xz nghttp2-6552fe980a10f9117d6f3cf26d2b439dc9a2954d.zip | |
Adding debian version 1.52.0-1+deb12u1.debian/1.52.0-1+deb12u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian')
36 files changed, 2261 insertions, 0 deletions
diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..150311d --- /dev/null +++ b/debian/README @@ -0,0 +1,9 @@ +Possible extra dependencies - already packaged + libcunit1-dev / libcunit1 (optional): for testing >= 2.1 + python 2.7+ / cython 0.19+ : for python bindings + libjansson4-dev 2.5+ (optional): for testing hdtest/deflatehd and hdtest/inflatehd + +Not packaged for debian + failmalloc: for testing + libssl-dev: 1.0.3+ (not yet released) needed for ALPN support + spdylay: for SPDY support >= 1.3.0 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..64174d4 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,679 @@ +nghttp2 (1.52.0-1+deb12u1) bookworm-security; urgency=medium + + * CVE-2023-44487 (Closes: #1053769) + + -- Moritz Mühlenhoff <jmm@debian.org> Fri, 24 Nov 2023 15:57:26 +0100 + +nghttp2 (1.52.0-1) unstable; urgency=medium + + * New upstream release 1.52.0 + * Update standards version to 4.6.2, no changes needed. + + -- Tomasz Buchert <tomasz@debian.org> Mon, 20 Feb 2023 19:18:10 +0100 + +nghttp2 (1.51.0-1) unstable; urgency=medium + + [ Debian Janitor ] + * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, + Repository-Browse. + * Remove unused license definitions for SIL-OFL-1.1. + + [ Tomasz Buchert ] + * New upstream release 1.51.0 + + -- Tomasz Buchert <tomasz@debian.org> Sun, 11 Dec 2022 11:07:43 +0100 + +nghttp2 (1.50.0-1) unstable; urgency=medium + + * New upstream release 1.50.0 + + -- Tomasz Buchert <tomasz@debian.org> Sun, 25 Sep 2022 16:20:38 +0200 + +nghttp2 (1.49.0-1) unstable; urgency=medium + + * New upstream release 1.49.0 + + -- Tomasz Buchert <tomasz@debian.org> Thu, 25 Aug 2022 11:45:41 +0200 + +nghttp2 (1.48.0-2) unstable; urgency=medium + + [ Helmut Grohne ] + * Mark libnghttp2-dev Multi-Arch: same. (Closes: #996415) + * Mark nghttp2 Multi-Arch: foreign. + * Drop unused Build-Depends: libevent-dev. (Closes: #981602) + + -- Tomasz Buchert <tomasz@debian.org> Sat, 20 Aug 2022 23:49:45 +0200 + +nghttp2 (1.48.0-1) unstable; urgency=medium + + * New upstream release 1.48.0 + + -- Tomasz Buchert <tomasz@debian.org> Sat, 23 Jul 2022 13:03:05 +0200 + +nghttp2 (1.47.0-1) unstable; urgency=medium + + * New upstream release 1.47.0 + * Update symbols file + + -- Tomasz Buchert <tomasz@debian.org> Sat, 30 Apr 2022 14:30:08 +0200 + +nghttp2 (1.43.0-1) unstable; urgency=medium + + * New upstream release 1.43.0 + + -- Tomasz Buchert <tomasz@debian.org> Sat, 13 Feb 2021 18:47:24 +0100 + +nghttp2 (1.42.0-1) unstable; urgency=medium + + * New upstream release 1.42.0 + * Refresh patches + + -- Tomasz Buchert <tomasz@debian.org> Sat, 28 Nov 2020 16:41:28 +0100 + +nghttp2 (1.41.0-3) unstable; urgency=medium + + [ Jérémy Lal ] + * not-installed with wildcard arch + + [ Tomasz Buchert ] + * workaround for #963648 + + -- Tomasz Buchert <tomasz@debian.org> Sun, 16 Aug 2020 13:01:37 +0200 + +nghttp2 (1.41.0-2) unstable; urgency=medium + + * Fix FTBFS of arch-indep packages (Closes: #962137) + * Fix FTBFS on non-x86 archs (Closes: #962136) + * Use debhelper 13 + + -- Tomasz Buchert <tomasz@debian.org> Thu, 04 Jun 2020 08:13:51 +0200 + +nghttp2 (1.41.0-1) unstable; urgency=medium + + [ Tomasz Buchert ] + * New upstream release 1.41.0 + + [ Janusz Dziemidowicz ] + * Perform graceful upgrade of nghttpx + * fix systemd restart on debhelper >= 12 + + [ Debian Janitor ] + * debian/copyright: use spaces rather than tabs to start continuation + lines. + * Set upstream metadata fields: Bug-Database, Bug-Submit, Repository, + Repository-Browse. + * Update standards version to 4.5.0, no changes needed. + + -- Tomasz Buchert <tomasz@debian.org> Wed, 03 Jun 2020 17:03:54 +0200 + +nghttp2 (1.40.0-1) unstable; urgency=medium + + * New upstream release 1.40.0 + + -- Tomasz Buchert <tomasz@debian.org> Tue, 19 Nov 2019 09:15:49 +0100 + +nghttp2 (1.39.2-1) unstable; urgency=medium + + * New upstream release 1.39.2 (Closes: #934762) + + -- Tomasz Buchert <tomasz@debian.org> Thu, 15 Aug 2019 21:14:38 +0200 + +nghttp2 (1.39.1-1) experimental; urgency=medium + + * New upstream release 1.39.1 + + -- Tomasz Buchert <tomasz@debian.org> Sat, 22 Jun 2019 13:14:11 +0200 + +nghttp2 (1.38.0-1) experimental; urgency=medium + + * New upstream release 1.38.0 + + -- Tomasz Buchert <tomasz@debian.org> Sun, 05 May 2019 16:45:50 +0200 + +nghttp2 (1.37.0-1) unstable; urgency=medium + + * New upstream release 1.37.0 + + -- Tomasz Buchert <tomasz@debian.org> Sun, 17 Mar 2019 12:41:37 +0100 + +nghttp2 (1.36.0-2) unstable; urgency=medium + + * d/*: drop support for spdy (Closes: #920988) + + -- Tomasz Buchert <tomasz@debian.org> Sun, 03 Feb 2019 10:53:17 -0800 + +nghttp2 (1.36.0-1) unstable; urgency=medium + + * Packaging refresh (debhelper 12, std-ver 4.3.0) + * New upstream release 1.36.0 + + -- Tomasz Buchert <tomasz@debian.org> Wed, 23 Jan 2019 09:32:13 +0100 + +nghttp2 (1.35.1-1) unstable; urgency=medium + + * New upstream version 1.35.1 + + -- Tomasz Buchert <tomasz@debian.org> Fri, 14 Dec 2018 10:03:56 +0100 + +nghttp2 (1.35.0-1) unstable; urgency=medium + + * New upstream version 1.35.0 + + -- Tomasz Buchert <tomasz@debian.org> Mon, 26 Nov 2018 00:35:43 +0100 + +nghttp2 (1.34.0-1) unstable; urgency=medium + + * Imported upstream version 1.34.0 + + -- Tomasz Buchert <tomasz@debian.org> Thu, 11 Oct 2018 08:04:01 +0200 + +nghttp2 (1.33.0-1) unstable; urgency=medium + + * Imported upstream version 1.33.0 + + -- Tomasz Buchert <tomasz@debian.org> Fri, 07 Sep 2018 00:49:22 +0200 + +nghttp2 (1.32.1-1) unstable; urgency=medium + + * Imported upstream version 1.32.1 + * Update debian control with "cme fix dpkg-control" + + -- Tomasz Buchert <tomasz@debian.org> Sat, 01 Sep 2018 12:02:10 +0200 + +nghttp2 (1.32.0-1) unstable; urgency=medium + + * Imported upstream version 1.32.0 + + -- Tomasz Buchert <tomasz@debian.org> Sat, 19 May 2018 15:01:25 +0200 + +nghttp2 (1.31.1-1) unstable; urgency=medium + + * Imported upstream version 1.31.1 (fixes CVE-2018-1000168) + + -- Tomasz Buchert <tomasz@debian.org> Sat, 21 Apr 2018 19:35:33 +0200 + +nghttp2 (1.31.0-1) unstable; urgency=medium + + * Imported upstream version 1.31.0 + * Update symbols of libnghttp2 + + -- Tomasz Buchert <tomasz@debian.org> Tue, 06 Mar 2018 00:06:34 +0100 + +nghttp2 (1.30.0-1) unstable; urgency=medium + + * Imported upstream version 1.30.0 + + -- Tomasz Buchert <tomasz@debian.org> Mon, 12 Feb 2018 13:44:16 +0100 + +nghttp2 (1.29.0-1) unstable; urgency=medium + + * Imported upstream version 1.29.0 + * Bumped Standards-Version to 4.1.2 (no changes needed) + * Updated debhelper compat to 11 + * d/patches: use python3 for fetch-ocsp-response + + -- Tomasz Buchert <tomasz@debian.org> Tue, 02 Jan 2018 12:43:09 +0100 + +nghttp2 (1.28.0-1) unstable; urgency=medium + + * Imported upstream version 1.28.0 + * Bumped Standards-Version to 4.1.1 (no changes needed) + + -- Tomasz Buchert <tomasz@debian.org> Sun, 03 Dec 2017 13:34:25 +0100 + +nghttp2 (1.27.0-1) unstable; urgency=medium + + * Imported upstream version 1.27.0 + * Bumped Standards-Version to 4.1.0 (no changes needed) + + -- Tomasz Buchert <tomasz@debian.org> Fri, 27 Oct 2017 22:12:09 +0200 + +nghttp2 (1.26.0-1) unstable; urgency=medium + + * Imported upstream version 1.26.0 + + -- Tomasz Buchert <tomasz@debian.org> Thu, 21 Sep 2017 09:34:29 +0200 + +nghttp2 (1.25.0-1) unstable; urgency=medium + + * Imported upstream version 1.25.0 + + -- Tomasz Buchert <tomasz@debian.org> Wed, 23 Aug 2017 23:21:44 +0200 + +nghttp2 (1.24.0-1) unstable; urgency=medium + + * Imported upstream version 1.24.0 + * Bumped Standards-Version to 4.0.0 (no changes needed) + + -- Tomasz Buchert <tomasz@debian.org> Wed, 05 Jul 2017 08:31:03 +0200 + +nghttp2 (1.23.1-1) unstable; urgency=medium + + * Imported upstream version 1.23.1 + + -- Tomasz Buchert <tomasz@debian.org> Sat, 03 Jun 2017 10:32:36 +0200 + +nghttp2 (1.23.0-1) unstable; urgency=medium + + * Imported upstream version 1.23.0 + + -- Tomasz Buchert <tomasz@debian.org> Tue, 30 May 2017 08:49:22 +0200 + +nghttp2 (1.22.0-1) unstable; urgency=medium + + * Import upstream version 1.22.0 + + -- Tomasz Buchert <tomasz@debian.org> Mon, 01 May 2017 12:55:59 +0200 + +nghttp2 (1.21.1-1) unstable; urgency=medium + + * Import upstream version 1.21.1 + + -- Tomasz Buchert <tomasz@debian.org> Fri, 14 Apr 2017 09:19:37 +0200 + +nghttp2 (1.21.0-1) unstable; urgency=medium + + * Import upstream version 1.21.0 (Closes: #858744) + + -- Tomasz Buchert <tomasz@debian.org> Sun, 02 Apr 2017 11:22:17 +0200 + +nghttp2 (1.20.0-1) unstable; urgency=medium + + * Import upstream version 1.20.0 + * Revamp the systemd service + * Make sure spdylay is used + + -- Tomasz Buchert <tomasz@debian.org> Sun, 19 Mar 2017 14:32:34 +0100 + +nghttp2 (1.19.0-2) unstable; urgency=medium + + * Add h2load to nghttp2-client (Closes: #853860) + + -- Tomasz Buchert <tomasz@debian.org> Sat, 04 Feb 2017 11:39:34 +0100 + +nghttp2 (1.19.0-1) unstable; urgency=medium + + * Imported upstream version 1.19.0 + + -- Tomasz Buchert <tomasz@debian.org> Mon, 30 Jan 2017 22:00:27 +0100 + +nghttp2 (1.18.1-1) unstable; urgency=medium + + * Imported upstream version 1.18.1 + + -- Tomasz Buchert <tomasz@debian.org> Sun, 08 Jan 2017 12:26:25 +0100 + +nghttp2 (1.18.0-1) unstable; urgency=medium + + * Imported upstream version 1.18.0 + * debian/*: use debhelper v10 and watch v4 + * Add build dependency on libc-ares-dev + + -- Tomasz Buchert <tomasz@debian.org> Thu, 29 Dec 2016 09:34:38 +0100 + +nghttp2 (1.17.0-1) unstable; urgency=medium + + * Imported upstream version 1.17.0 + + -- Tomasz Buchert <tomasz@debian.org> Sun, 27 Nov 2016 15:55:57 +0100 + +nghttp2 (1.16.0-1) unstable; urgency=medium + + * Imported upstream version 1.16.0 + + -- Tomasz Buchert <tomasz@debian.org> Tue, 25 Oct 2016 20:45:10 +0200 + +nghttp2 (1.15.0-1) unstable; urgency=medium + + * Imported upstream version 1.15.0 + + -- Tomasz Buchert <tomasz@debian.org> Thu, 29 Sep 2016 08:21:30 +0200 + +nghttp2 (1.14.1-1) unstable; urgency=medium + + * Imported upstream version 1.14.1 + + -- Tomasz Buchert <tomasz@debian.org> Sun, 11 Sep 2016 08:34:01 +0200 + +nghttp2 (1.14.0-1) unstable; urgency=medium + + * Imported upstream version 1.14.0 + + -- Tomasz Buchert <tomasz@debian.org> Mon, 29 Aug 2016 20:42:10 +0200 + +nghttp2 (1.13.0-1) unstable; urgency=medium + + * Imported upstream version 1.13.0 + * Drop merged upstream patches + * Update URLs + + -- Tomasz Buchert <tomasz@debian.org> Sun, 24 Jul 2016 09:06:27 +0200 + +nghttp2 (1.12.0-2) unstable; urgency=medium + + * d/patches: fix FTBFS on armel + + -- Tomasz Buchert <tomasz@debian.org> Sun, 03 Jul 2016 23:18:42 +0200 + +nghttp2 (1.12.0-1) unstable; urgency=medium + + * Imported upstream version 1.12.0 + + -- Tomasz Buchert <tomasz@debian.org> Sat, 02 Jul 2016 10:59:57 +0200 + +nghttp2 (1.11.1-1) unstable; urgency=medium + + * Imported upstream version 1.11.1 + + -- Tomasz Buchert <tomasz@debian.org> Tue, 31 May 2016 23:28:27 +0200 + +nghttp2 (1.11.0-1) unstable; urgency=medium + + * Imported upstream version 1.11.0 + * d/control: bump std-ver to 3.9.8 (no changes needed) + * d/symbols: update symbol list + + -- Tomasz Buchert <tomasz@debian.org> Sun, 29 May 2016 14:49:29 +0200 + +nghttp2 (1.10.0-1) unstable; urgency=medium + + * Imported upstream version 1.10.0 + * Fix broken default config for nghttp2-proxy + * d/symbols: update the list of symbols + + -- Tomasz Buchert <tomasz@debian.org> Tue, 26 Apr 2016 23:29:25 +0200 + +nghttp2 (1.9.2-1) unstable; urgency=medium + + * Imported upstream version 1.9.2 + + -- Tomasz Buchert <tomasz@debian.org> Tue, 05 Apr 2016 07:33:05 +0200 + +nghttp2 (1.9.1-1) unstable; urgency=medium + + * Imported upstream version 1.9.1 + + -- Tomasz Buchert <tomasz@debian.org> Mon, 28 Mar 2016 11:17:23 +0200 + +nghttp2 (1.8.0-1) unstable; urgency=medium + + * Imported upstream version 1.8.0 (Closes: #811995) + * d/symbols: update symbol list + * d/control: bump std-ver to 3.9.7 (no changes needed) + + -- Tomasz Buchert <tomasz@debian.org> Mon, 29 Feb 2016 13:28:57 +0100 + +nghttp2 (1.7.1-2) unstable; urgency=medium + + * Add missing script for OCSP stapling (Closes: #815226) + + -- Tomasz Buchert <tomasz@debian.org> Sun, 21 Feb 2016 21:22:54 +0100 + +nghttp2 (1.7.1-1) unstable; urgency=high + + * Imported upstream version 1.7.1 (fixes CVE-2016-1544) + + -- Tomasz Buchert <tomasz@debian.org> Sat, 13 Feb 2016 10:17:19 +0100 + +nghttp2 (1.7.0-1) unstable; urgency=medium + + * Imported upstream version 1.7.0 + + -- Tomasz Buchert <tomasz@debian.org> Wed, 27 Jan 2016 18:10:34 +0100 + +nghttp2 (1.6.0-1) unstable; urgency=medium + + * Imported upstream version 1.6.0 + + -- Tomasz Buchert <tomasz@debian.org> Sat, 26 Dec 2015 11:15:01 +0100 + +nghttp2 (1.5.0-2) unstable; urgency=medium + + * Update Build-Depends for cross compilation (Closes: #807849) + Patch provided by Helmut Grohne (with some minor changes) + * Split build into -arch and -indep packages + * Fix two Lintian warnings + + -- Tomasz Buchert <tomasz@debian.org> Tue, 15 Dec 2015 11:39:36 +0100 + +nghttp2 (1.5.0-1) unstable; urgency=medium + + * Imported upstream version 1.5.0 + + -- Tomasz Buchert <tomasz@debian.org> Sat, 05 Dec 2015 09:00:48 +0100 + +nghttp2 (1.4.0-2) unstable; urgency=medium + + * Fix systemd service + + -- Tomasz Buchert <tomasz@debian.org> Sat, 07 Nov 2015 14:17:48 +0100 + +nghttp2 (1.4.0-1) unstable; urgency=medium + + * Imported Upstream version 1.4.0 + + -- Tomasz Buchert <tomasz@debian.org> Sat, 31 Oct 2015 18:41:18 +0100 + +nghttp2 (1.3.4-2) unstable; urgency=medium + + * Split into subpackages: nghttp2-{client,proxy,server} (Closes: #802206) + + -- Tomasz Buchert <tomasz@debian.org> Fri, 23 Oct 2015 17:39:22 +0200 + +nghttp2 (1.3.4-1) unstable; urgency=medium + + * Imported Upstream version 1.3.4 (Closes: #801957) + * Adding myself as Uploader + + -- Tomasz Buchert <tomasz@debian.org> Thu, 01 Oct 2015 10:47:15 +0200 + +nghttp2 (1.3.2-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * Imported Upstream version 1.3.2 + * d/patches: drop patches + + -- Tomasz Buchert <tomasz@debian.org> Sat, 19 Sep 2015 21:39:17 +0200 + +nghttp2 (1.3.1-0.4) unstable; urgency=medium + + * Non-maintainer upload. + * Fix build problem on armel + + -- Tomasz Buchert <tomasz@debian.org> Sun, 13 Sep 2015 09:37:02 +0200 + +nghttp2 (1.3.1-0.3) unstable; urgency=medium + + * Non-maintainer upload. + * Imported Upstream version 1.3.1 (Closes: #798598) + * d/copyright: add license for mruby + * d/conf: send errorlog to syslog + + -- Tomasz Buchert <tomasz@debian.org> Sat, 12 Sep 2015 22:34:22 +0200 + +nghttp2 (1.3.0-0.2) unstable; urgency=medium + + * Non-maintainer upload. + * Upload to unstable (Closes: #784666, #793571) + * d/*: dropping dbg package (ddebs are coming) + + -- Tomasz Buchert <tomasz@debian.org> Tue, 08 Sep 2015 12:38:55 +0200 + +nghttp2 (1.3.0-0.1) experimental; urgency=medium + + * Non-maintainer upload + * Imported Upstream version 1.3.0 + * Switch to dh + + -- Tomasz Buchert <tomasz@debian.org> Wed, 02 Sep 2015 18:22:19 +0200 + +nghttp2 (0.6.7-1) unstable; urgency=medium + + * New upstream release + + -- Dave Beckett <dajobe@debian.org> Sun, 30 Nov 2014 13:45:03 -0800 + +nghttp2 (0.6.6-1) unstable; urgency=medium + + * New upstream release + + -- Dave Beckett <dajobe@debian.org> Sat, 08 Nov 2014 14:02:38 -0800 + +nghttp2 (0.6.5-2) unstable; urgency=medium + + * Fix nghttpx init script path. + + -- Dave Beckett <dajobe@debian.org> Fri, 31 Oct 2014 11:44:14 -0700 + +nghttp2 (0.6.5-1) unstable; urgency=medium + + * New upstream release + * Install init file and logrotate files for nghttpx daemon into + the nghttp2 package. Add sample config file. + + -- Dave Beckett <dajobe@debian.org> Thu, 30 Oct 2014 11:57:27 -0700 + +nghttp2 (0.6.4-2) unstable; urgency=medium + + * debian/rules: Fix test for jemalloc configure arg so hurd may build + + -- Dave Beckett <dajobe@debian.org> Sun, 19 Oct 2014 08:36:26 -0700 + +nghttp2 (0.6.4-1) unstable; urgency=medium + + * New upstream release + + -- Dave Beckett <dajobe@debian.org> Tue, 14 Oct 2014 10:55:00 -0700 + +nghttp2 (0.6.3-2) unstable; urgency=medium + + * Standards-Version: 3.9.6 + * Disable dependency and use of jemalloc on hurd since it's broken + there, and an upstream recommendation not requirement. + + -- Dave Beckett <dajobe@debian.org> Sun, 12 Oct 2014 13:21:05 -0700 + +nghttp2 (0.6.3-1) unstable; urgency=medium + + * New upstream release (Closes: #763906, #750616) + * Removed debian/patches/path_max.patch applied upstream + + -- Dave Beckett <dajobe@debian.org> Fri, 10 Oct 2014 09:12:15 -0700 + +nghttp2 (0.6.2-2) unstable; urgency=medium + + * debian/rules: Add quilt for patching + * debian/patches/path_max.patch Added to remove use of PATH_MAX; + also applied upstream (Closes: #762696) + + -- Dave Beckett <dajobe@debian.org> Fri, 03 Oct 2014 07:00:49 -0700 + +nghttp2 (0.6.2-1) unstable; urgency=medium + + * New upstream release + * Add the recommended jemalloc + + -- Dave Beckett <dajobe@debian.org> Sun, 28 Sep 2014 08:41:32 -0700 + +nghttp2 (0.6.1-1) unstable; urgency=medium + + * New upstream release + * debian/copyright: Fix some lintian deb5 warnings + + -- Dave Beckett <dajobe@debian.org> Wed, 10 Sep 2014 13:30:14 -0700 + +nghttp2 (0.6.0-1) unstable; urgency=medium + + * New upstream release + * Major soname bumped so rename packages to libnghttp2-5* + * Switch dev package to libnghttp2-dev from ftpmaster suggestion + + -- Dave Beckett <dajobe@debian.org> Sat, 30 Aug 2014 11:34:33 -0700 + +nghttp2 (0.5.1-1) unstable; urgency=medium + + * New upstream release + + -- Dave Beckett <dajobe@debian.org> Wed, 23 Jul 2014 13:51:09 -0700 + +nghttp2 (0.5.0-1) unstable; urgency=medium + + * New upstream release + * Major soname bumped so rename packages to libnghttp2-4* + + -- Dave Beckett <dajobe@debian.org> Fri, 18 Jul 2014 12:34:34 -0700 + +nghttp2 (0.4.1-1) unstable; urgency=medium + + * New upstream release + + -- Dave Beckett <dajobe@debian.org> Tue, 03 Jun 2014 20:50:26 -0700 + +nghttp2 (0.4.0-1) unstable; urgency=medium + + * New upstream release + * Major soname bumped so rename packages to libnghttp2-3* + + -- Dave Beckett <dajobe@debian.org> Sat, 17 May 2014 09:35:36 -0700 + +nghttp2 (0.3.2-3) experimental; urgency=medium + + * Add symbols + + -- Dave Beckett <dajobe@debian.org> Sat, 08 Mar 2014 15:35:32 -0800 + +nghttp2 (0.3.2-2) experimental; urgency=medium + + * Explicitly set to install AUTHORS and README.rst (not README + which is a pointer). (Closes: #741102) + * Remove useless objects.inv from libnghttp2-doc + + -- Dave Beckett <dajobe@debian.org> Sat, 08 Mar 2014 10:36:48 -0800 + +nghttp2 (0.3.2-1) experimental; urgency=medium + + * New upstream release + * Added doc-base file for libnghttp2-doc + * Mark libnghttp2-2-dbg as Multi-Arch: same + + -- Dave Beckett <dajobe@debian.org> Sun, 02 Mar 2014 10:24:19 -0800 + +nghttp2 (0.3.1-1) experimental; urgency=medium + + * New upstream release + * Use the new upstream manpages + * Remove debian/sphinx.tar.bz2 now upstream ships it + * debian/README.source: removed since upstream source is good + + -- Dave Beckett <dajobe@debian.org> Mon, 17 Feb 2014 13:14:09 -0800 + +nghttp2 (0.3.0-3) experimental; urgency=medium + + * Update debian/sphinx.tar.bz2 from latest git upstream + * debian/copyright: Updated to describe above + + -- Dave Beckett <dajobe@debian.org> Fri, 14 Feb 2014 09:53:50 -0800 + +nghttp2 (0.3.0-2) experimental; urgency=medium + + * Build-Depends: pkg-config, libpython-dev + + -- Dave Beckett <dajobe@debian.org> Mon, 10 Feb 2014 19:09:47 -0800 + +nghttp2 (0.3.0-1) experimental; urgency=medium + + * New upstream release + * Major soname bumped so rename packages to libnghttp2-2* + * Added libnghttp2-2-dbg package + * Added libnghttp2-2.shlibs to manage changing ABI + * debian/copyright: updated for new files + * debian/watch: added debian and uupdate + * Added debian/sphinx.tar.bz2 from upstream so 'make html' works. + + -- Dave Beckett <dajobe@debian.org> Fri, 07 Feb 2014 14:45:39 -0800 + +nghttp2 (0.2.0-1) experimental; urgency=low + + * Initial release. (Closes: #737261) + + -- Dave Beckett <dajobe@debian.org> Fri, 31 Jan 2014 23:18:41 -0800 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..dae16c5 --- /dev/null +++ b/debian/control @@ -0,0 +1,117 @@ +Source: nghttp2 +Maintainer: Tomasz Buchert <tomasz@debian.org> +Uploaders: Ondřej Surý <ondrej@debian.org> +Section: httpd +Priority: optional +Build-Depends: debhelper (>= 13), + debhelper-compat (= 13), + libc-ares-dev, + libcunit1-dev <!nocheck>, + libev-dev, + libjansson-dev, + libjemalloc-dev [!hurd-i386], + libssl-dev, + libsystemd-dev, + libxml2-dev, + pkg-config, + zlib1g-dev +Build-Depends-Indep: python3-sphinx, python3-sphinx-rtd-theme +Standards-Version: 4.6.2 +Vcs-Browser: https://salsa.debian.org/debian/nghttp2 +Vcs-Git: https://salsa.debian.org/debian/nghttp2.git +Homepage: https://nghttp2.org/ +Rules-Requires-Root: no + +Package: libnghttp2-dev +Architecture: any +Multi-Arch: same +Section: libdevel +Depends: libnghttp2-14 (= ${binary:Version}), pkg-config, ${misc:Depends} +Suggests: libnghttp2-doc +Conflicts: libnghttp2-3-dev, libnghttp2-4-dev, libnghttp2-5-dev +Replaces: libnghttp2-3-dev, libnghttp2-4-dev, libnghttp2-5-dev +Description: library implementing HTTP/2 protocol (development files) + This is an implementation of the Hypertext Transfer Protocol version + 2 in C. The framing layer of HTTP/2 is implemented as a reusable C + library. + . + This package installs development files. + +Package: libnghttp2-doc +Architecture: all +Section: doc +Depends: libjs-jquery, libjs-underscore, lynx | www-browser, ${misc:Depends} +Description: library implementing HTTP/2 protocol (documentation) + This is an implementation of the Hypertext Transfer Protocol version + 2 in C. The framing layer of HTTP/2 is implemented as a reusable C + library. + . + This package installs documentation. + +Package: libnghttp2-14 +Architecture: any +Multi-Arch: same +Section: libs +Depends: ${misc:Depends}, ${shlibs:Depends} +Pre-Depends: ${misc:Pre-Depends} +Description: library implementing HTTP/2 protocol (shared library) + This is an implementation of the Hypertext Transfer Protocol version + 2 in C. The framing layer of HTTP/2 is implemented as a reusable C + library. + . + This package installs a shared library. + +Package: nghttp2-client +Architecture: any +Multi-Arch: foreign +Depends: libnghttp2-14 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: nghttp2 (<< 1.3.4-2~) +Replaces: nghttp2 (<< 1.3.4-2~) +Description: client implementing HTTP/2 protocol + This is a command line client implementing the HTTP/2 protocol. It + gives access to many low-level and advanced aspects of the protocol + and therefore is useful for debugging. + +Package: nghttp2-proxy +Architecture: any +Multi-Arch: foreign +Depends: libnghttp2-14 (= ${binary:Version}), + openssl, + python3, + ${misc:Depends}, + ${shlibs:Depends} +Pre-Depends: ${misc:Pre-Depends} +Breaks: nghttp2 (<< 1.3.4-2~) +Replaces: nghttp2 (<< 1.3.4-2~) +Description: reverse proxy implementing HTTP/2 protocol + This is a standalone server implementing the HTTP/2 protocol with + HTTP/1.1 fallback for clients that do not support it. It can be used + as a frontend in front of web servers that do not support HTTP/2. + +Package: nghttp2-server +Architecture: any +Multi-Arch: foreign +Depends: libnghttp2-14 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Breaks: nghttp2 (<< 1.3.4-2~) +Replaces: nghttp2 (<< 1.3.4-2~) +Description: server implementing HTTP/2 protocol + This is a standalone server implementing the HTTP/2 protocol with + HTTP/1.1 fallback for clients that do not support it. It can be used + to serve files from a local directory. + +Package: nghttp2 +Architecture: all +Multi-Arch: foreign +Depends: nghttp2-client (>= ${binary:Version}), + nghttp2-proxy (>= ${binary:Version}), + nghttp2-server (>= ${binary:Version}), + ${misc:Depends} +Description: server, proxy and client implementing HTTP/2 + This package will install a set of programs implementing the HTTP/2 + protocol: a standalone server (nghttp2-server), a reverse proxy + (nghttp2-proxy) and a client (nghttp2-client). It provides no files + on its own and is not necessary for these programs to work. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..e55bbed --- /dev/null +++ b/debian/copyright @@ -0,0 +1,138 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: nghttp2 +Upstream-Contact: Tatsuhiro Tsujikawa <t-tujikawa@users.sourceforge.net> +Source: https://github.com/tatsuhiro-t/nghttp2 + +Files: * +Copyright: 2012, 2013, 2014 Tatsuhiro Tsujikawa +License: Expat + +Files: tests/nghttp2_npn_test.* +Copyright: 2012, Twist Inc. +License: Expat + +Files: m4/ax_cxx_compile_stdcxx.m4 +Copyright: 2008, Benjamin Kosnik <bkoz@redhat.com>, + 2012, Zack Weinberg <zackw@panix.com>, + 2013, Roy Stogner <roystgnr@ices.utexas.edu> +License: all-permissive + +Files: m4/ax_python_devel.m4 +Copyright: 2009 Sebastian Huber <sebastian-huber@web.de>, + 2009 Alan W. Irwin, + 2009 Rafael Laboissiere <rafael@laboissiere.net>, + 2009 Andrew Collier, + 2009 Matteo Settenvini <matteo@member.fsf.org>, + 2009 Horst Knorr <hk_classes@knoda.org>, + 2013 Daniel Mullner <muellner@math.stanford.edu> +License: GPL-3+ with autoconf exception + +Files: doc/_themes/sphinx_rtd_theme/* +Copyright: 2013 Dave Snider +License: MIT + +Files: doc/_themes/sphinx_rtd_theme/search.html +Copyright: 2007-2013 by the Sphinx team +License: BSD-2-clause +Comment: License details from https://bitbucket.org/birkenfeld/sphinx/src file LICENSE + + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining + a copy of this software and associated documentation files (the + "Software"), to deal in the Software without restriction, including + without limitation the rights to use, copy, modify, merge, publish, + distribute, sublicense, and/or sell copies of the Software, and to + permit persons to whom the Software is furnished to do so, subject to + the following conditions: + . + The above copyright notice and this permission notice shall be + included in all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +License: MIT + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to + deal in the Software without restriction, including without limitation the + rights to use, copy, modify, merge, publish, distribute, sublicense, and/or + sell copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in + all copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS + IN THE SOFTWARE. + +License: GPL-3+ with autoconf exception + This program is free software: you can redistribute it and/or modify it + under the terms of the GNU General Public License as published by the + Free Software Foundation, either version 3 of the License, or (at your + option) any later version. + . + This program is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General + Public License for more details. + . + You should have received a copy of the GNU General Public License along + with this program. If not, see <http://www.gnu.org/licenses/>. + . + As a special exception, the respective Autoconf Macro's copyright owner + gives unlimited permission to copy, distribute and modify the configure + scripts that are the output of Autoconf when processing the Macro. You + need not follow the terms of the GNU General Public License when using + or distributing such scripts, even though portions of the text of the + Macro appear in them. The GNU General Public License (GPL) does govern + all other use of the material that constitutes the Autoconf Macro. + . + This special exception to the GPL applies to versions of the Autoconf + Macro released by the Autoconf Archive. When you make and distribute a + modified version of the Autoconf Macro, you may extend this special + exception to the GPL to apply to your modified version as well. + . + On Debian systems, the full text of the GNU General Public + License version 3 can be found in the file + `/usr/share/common-licenses/GPL-3'. + +License: all-permissive + Copying and distribution of this file, with or without modification, are + permitted in any medium without royalty provided the copyright notice + and this notice are preserved. This file is offered as-is, without any + warranty. + +License: BSD-2-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/debian/libnghttp2-14.docs b/debian/libnghttp2-14.docs new file mode 120000 index 0000000..5737ab0 --- /dev/null +++ b/debian/libnghttp2-14.docs @@ -0,0 +1 @@ +nghttp2.docs
\ No newline at end of file diff --git a/debian/libnghttp2-14.install b/debian/libnghttp2-14.install new file mode 100644 index 0000000..77df405 --- /dev/null +++ b/debian/libnghttp2-14.install @@ -0,0 +1 @@ +debian/tmp/usr/lib/*/libnghttp2*.so.* diff --git a/debian/libnghttp2-14.symbols b/debian/libnghttp2-14.symbols new file mode 100644 index 0000000..9dc6682 --- /dev/null +++ b/debian/libnghttp2-14.symbols @@ -0,0 +1,161 @@ +libnghttp2.so.14 libnghttp2-14 #MINVER# + nghttp2_check_authority@Base 1.40.0 + nghttp2_check_header_name@Base 1.3.0 + nghttp2_check_header_value@Base 1.3.0 + nghttp2_check_header_value_rfc9113@Base 1.49.0 + nghttp2_check_method@Base 1.47.0 + nghttp2_check_path@Base 1.47.0 + nghttp2_hd_deflate_bound@Base 1.3.0 + nghttp2_hd_deflate_change_table_size@Base 1.3.0 + nghttp2_hd_deflate_del@Base 1.3.0 + nghttp2_hd_deflate_get_dynamic_table_size@Base 1.4.0 + nghttp2_hd_deflate_get_max_dynamic_table_size@Base 1.4.0 + nghttp2_hd_deflate_get_num_table_entries@Base 1.4.0 + nghttp2_hd_deflate_get_table_entry@Base 1.4.0 + nghttp2_hd_deflate_hd@Base 1.3.0 + nghttp2_hd_deflate_hd_vec@Base 1.14.0 + nghttp2_hd_deflate_new2@Base 1.3.0 + nghttp2_hd_deflate_new@Base 1.3.0 + nghttp2_hd_inflate_change_table_size@Base 1.3.0 + nghttp2_hd_inflate_del@Base 1.3.0 + nghttp2_hd_inflate_end_headers@Base 1.3.0 + nghttp2_hd_inflate_get_dynamic_table_size@Base 1.4.0 + nghttp2_hd_inflate_get_max_dynamic_table_size@Base 1.4.0 + nghttp2_hd_inflate_get_num_table_entries@Base 1.4.0 + nghttp2_hd_inflate_get_table_entry@Base 1.4.0 + nghttp2_hd_inflate_hd@Base 1.3.0 + nghttp2_hd_inflate_hd2@Base 1.11.0 + nghttp2_hd_inflate_new2@Base 1.3.0 + nghttp2_hd_inflate_new@Base 1.3.0 + nghttp2_http2_strerror@Base 1.9.1 + nghttp2_is_fatal@Base 1.3.0 + nghttp2_nv_compare_name@Base 1.3.0 + nghttp2_option_del@Base 1.3.0 + nghttp2_option_new@Base 1.3.0 + nghttp2_option_set_builtin_recv_extension_type@Base 1.10.0 + nghttp2_option_set_max_deflate_dynamic_table_size@Base 1.15.0 + nghttp2_option_set_max_outbound_ack@Base 1.39.2 + nghttp2_option_set_max_reserved_remote_streams@Base 1.3.0 + nghttp2_option_set_max_send_header_block_length@Base 1.12.0 + nghttp2_option_set_max_settings@Base 1.41.0 + nghttp2_option_set_no_auto_ping_ack@Base 1.9.1 + nghttp2_option_set_no_auto_window_update@Base 1.3.0 + nghttp2_option_set_no_closed_streams@Base 1.20.0 + nghttp2_option_set_no_http_messaging@Base 1.3.0 + nghttp2_option_set_no_recv_client_magic@Base 1.3.0 + nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation@Base 1.50.0 + nghttp2_option_set_peer_max_concurrent_streams@Base 1.3.0 + nghttp2_option_set_server_fallback_rfc7540_priorities@Base 1.48.0 + nghttp2_option_set_user_recv_extension_type@Base 1.8.0 + nghttp2_pack_settings_payload@Base 1.3.0 + nghttp2_priority_spec_check_default@Base 1.3.0 + nghttp2_priority_spec_default_init@Base 1.3.0 + nghttp2_priority_spec_init@Base 1.3.0 + nghttp2_rcbuf_decref@Base 1.9.1 + nghttp2_rcbuf_get_buf@Base 1.9.1 + nghttp2_rcbuf_incref@Base 1.9.1 + nghttp2_rcbuf_is_static@Base 1.25.0 + nghttp2_select_next_protocol@Base 1.3.0 + nghttp2_session_callbacks_del@Base 1.3.0 + nghttp2_session_callbacks_new@Base 1.3.0 + nghttp2_session_callbacks_set_before_frame_send_callback@Base 1.3.0 + nghttp2_session_callbacks_set_data_source_read_length_callback@Base 1.3.0 + nghttp2_session_callbacks_set_error_callback2@Base 1.28.0 + nghttp2_session_callbacks_set_error_callback@Base 1.9.1 + nghttp2_session_callbacks_set_on_begin_frame_callback@Base 1.3.0 + nghttp2_session_callbacks_set_on_begin_headers_callback@Base 1.3.0 + nghttp2_session_callbacks_set_on_data_chunk_recv_callback@Base 1.3.0 + nghttp2_session_callbacks_set_on_extension_chunk_recv_callback@Base 1.8.0 + nghttp2_session_callbacks_set_on_frame_not_send_callback@Base 1.3.0 + nghttp2_session_callbacks_set_on_frame_recv_callback@Base 1.3.0 + nghttp2_session_callbacks_set_on_frame_send_callback@Base 1.3.0 + nghttp2_session_callbacks_set_on_header_callback@Base 1.3.0 + nghttp2_session_callbacks_set_on_header_callback2@Base 1.9.1 + nghttp2_session_callbacks_set_on_invalid_frame_recv_callback@Base 1.3.0 + nghttp2_session_callbacks_set_on_invalid_header_callback2@Base 1.14.0 + nghttp2_session_callbacks_set_on_invalid_header_callback@Base 1.14.0 + nghttp2_session_callbacks_set_on_stream_close_callback@Base 1.3.0 + nghttp2_session_callbacks_set_pack_extension_callback@Base 1.8.0 + nghttp2_session_callbacks_set_recv_callback@Base 1.3.0 + nghttp2_session_callbacks_set_select_padding_callback@Base 1.3.0 + nghttp2_session_callbacks_set_send_callback@Base 1.3.0 + nghttp2_session_callbacks_set_send_data_callback@Base 1.3.0 + nghttp2_session_callbacks_set_unpack_extension_callback@Base 1.8.0 + nghttp2_session_change_extpri_stream_priority@Base 1.48.0 + nghttp2_session_change_stream_priority@Base 1.5.0 + nghttp2_session_check_request_allowed@Base 1.5.0 + nghttp2_session_check_server_session@Base 1.5.0 + nghttp2_session_client_new2@Base 1.3.0 + nghttp2_session_client_new3@Base 1.3.0 + nghttp2_session_client_new@Base 1.3.0 + nghttp2_session_consume@Base 1.3.0 + nghttp2_session_consume_connection@Base 1.3.0 + nghttp2_session_consume_stream@Base 1.3.0 + nghttp2_session_create_idle_stream@Base 1.6.0 + nghttp2_session_del@Base 1.3.0 + nghttp2_session_find_stream@Base 1.3.0 + nghttp2_session_get_effective_local_window_size@Base 1.3.0 + nghttp2_session_get_effective_recv_data_length@Base 1.3.0 + nghttp2_session_get_hd_deflate_dynamic_table_size@Base 1.15.0 + nghttp2_session_get_hd_inflate_dynamic_table_size@Base 1.15.0 + nghttp2_session_get_last_proc_stream_id@Base 1.3.0 + nghttp2_session_get_local_settings@Base 1.15.0 + nghttp2_session_get_local_window_size@Base 1.15.0 + nghttp2_session_get_next_stream_id@Base 1.3.0 + nghttp2_session_get_outbound_queue_size@Base 1.3.0 + nghttp2_session_get_remote_settings@Base 1.3.0 + nghttp2_session_get_remote_window_size@Base 1.3.0 + nghttp2_session_get_root_stream@Base 1.3.0 + nghttp2_session_get_stream_effective_local_window_size@Base 1.3.0 + nghttp2_session_get_stream_effective_recv_data_length@Base 1.3.0 + nghttp2_session_get_stream_local_close@Base 1.3.0 + nghttp2_session_get_stream_local_window_size@Base 1.15.0 + nghttp2_session_get_stream_remote_close@Base 1.3.0 + nghttp2_session_get_stream_remote_window_size@Base 1.3.0 + nghttp2_session_get_stream_user_data@Base 1.3.0 + nghttp2_session_mem_recv@Base 1.3.0 + nghttp2_session_mem_send@Base 1.3.0 + nghttp2_session_recv@Base 1.3.0 + nghttp2_session_resume_data@Base 1.3.0 + nghttp2_session_send@Base 1.3.0 + nghttp2_session_server_new2@Base 1.3.0 + nghttp2_session_server_new3@Base 1.3.0 + nghttp2_session_server_new@Base 1.3.0 + nghttp2_session_set_local_window_size@Base 1.12.0 + nghttp2_session_set_next_stream_id@Base 1.3.0 + nghttp2_session_set_stream_user_data@Base 1.3.0 + nghttp2_session_set_user_data@Base 1.31.0 + nghttp2_session_terminate_session2@Base 1.3.0 + nghttp2_session_terminate_session@Base 1.3.0 + nghttp2_session_upgrade2@Base 1.5.0 + nghttp2_session_upgrade@Base 1.3.0 + nghttp2_session_want_read@Base 1.3.0 + nghttp2_session_want_write@Base 1.3.0 + nghttp2_set_debug_vprintf_callback@Base 1.16.0 + nghttp2_stream_get_first_child@Base 1.3.0 + nghttp2_stream_get_next_sibling@Base 1.3.0 + nghttp2_stream_get_parent@Base 1.3.0 + nghttp2_stream_get_previous_sibling@Base 1.3.0 + nghttp2_stream_get_state@Base 1.3.0 + nghttp2_stream_get_stream_id@Base 1.3.0 + nghttp2_stream_get_sum_dependency_weight@Base 1.3.0 + nghttp2_stream_get_weight@Base 1.3.0 + nghttp2_strerror@Base 1.3.0 + nghttp2_submit_altsvc@Base 1.10.0 + nghttp2_submit_data@Base 1.3.0 + nghttp2_submit_extension@Base 1.8.0 + nghttp2_submit_goaway@Base 1.3.0 + nghttp2_submit_headers@Base 1.3.0 + nghttp2_submit_origin@Base 1.33.0 + nghttp2_submit_ping@Base 1.3.0 + nghttp2_submit_priority@Base 1.3.0 + nghttp2_submit_priority_update@Base 1.48.0 + nghttp2_submit_push_promise@Base 1.3.0 + nghttp2_submit_request@Base 1.3.0 + nghttp2_submit_response@Base 1.3.0 + nghttp2_submit_rst_stream@Base 1.3.0 + nghttp2_submit_settings@Base 1.3.0 + nghttp2_submit_shutdown_notice@Base 1.3.0 + nghttp2_submit_trailer@Base 1.3.0 + nghttp2_submit_window_update@Base 1.3.0 + nghttp2_version@Base 1.3.0 diff --git a/debian/libnghttp2-dev.docs b/debian/libnghttp2-dev.docs new file mode 120000 index 0000000..5737ab0 --- /dev/null +++ b/debian/libnghttp2-dev.docs @@ -0,0 +1 @@ +nghttp2.docs
\ No newline at end of file diff --git a/debian/libnghttp2-dev.install b/debian/libnghttp2-dev.install new file mode 100644 index 0000000..ca15c18 --- /dev/null +++ b/debian/libnghttp2-dev.install @@ -0,0 +1,4 @@ +debian/tmp/usr/include/nghttp2/*.h +debian/tmp/usr/lib/*/libnghttp2.a +debian/tmp/usr/lib/*/libnghttp2.so +debian/tmp/usr/lib/*/pkgconfig/libnghttp2.pc diff --git a/debian/libnghttp2-doc.doc-base b/debian/libnghttp2-doc.doc-base new file mode 100644 index 0000000..8fb0cc0 --- /dev/null +++ b/debian/libnghttp2-doc.doc-base @@ -0,0 +1,10 @@ +Document: nghttp2 +Title: nghttp2 HTTP 2.0 library Reference Manual +Author: Tatsuhiro Tsujikawa +Abstract: A library providing an experimental implementation of the + Hypertext Transfer Protocol version 2.0. +Section: Programming/C + +Format: HTML +Index: /usr/share/doc/libnghttp2-doc/index.html +Files: /usr/share/doc/libnghttp2-doc/*.html diff --git a/debian/nghttp2-client.docs b/debian/nghttp2-client.docs new file mode 120000 index 0000000..5737ab0 --- /dev/null +++ b/debian/nghttp2-client.docs @@ -0,0 +1 @@ +nghttp2.docs
\ No newline at end of file diff --git a/debian/nghttp2-client.install b/debian/nghttp2-client.install new file mode 100644 index 0000000..bd8beaa --- /dev/null +++ b/debian/nghttp2-client.install @@ -0,0 +1,2 @@ +debian/tmp/usr/bin/h2load /usr/bin +debian/tmp/usr/bin/nghttp usr/bin diff --git a/debian/nghttp2-client.manpages b/debian/nghttp2-client.manpages new file mode 100644 index 0000000..4bfa910 --- /dev/null +++ b/debian/nghttp2-client.manpages @@ -0,0 +1,2 @@ +usr/share/man/man1/h2load.1 +usr/share/man/man1/nghttp.1 diff --git a/debian/nghttp2-proxy.docs b/debian/nghttp2-proxy.docs new file mode 120000 index 0000000..5737ab0 --- /dev/null +++ b/debian/nghttp2-proxy.docs @@ -0,0 +1 @@ +nghttp2.docs
\ No newline at end of file diff --git a/debian/nghttp2-proxy.install b/debian/nghttp2-proxy.install new file mode 100644 index 0000000..261449f --- /dev/null +++ b/debian/nghttp2-proxy.install @@ -0,0 +1,2 @@ +debian/tmp/usr/bin/nghttpx usr/sbin +debian/tmp/usr/share/nghttp2/fetch-ocsp-response usr/share/nghttp2 diff --git a/debian/nghttp2-proxy.manpages b/debian/nghttp2-proxy.manpages new file mode 100644 index 0000000..94bd746 --- /dev/null +++ b/debian/nghttp2-proxy.manpages @@ -0,0 +1 @@ +usr/share/man/man1/nghttpx.1 diff --git a/debian/nghttp2-proxy.postinst b/debian/nghttp2-proxy.postinst new file mode 100755 index 0000000..a28f72e --- /dev/null +++ b/debian/nghttp2-proxy.postinst @@ -0,0 +1,15 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +if [ -x /etc/init.d/nghttpx ]; then + if [ -f /run/nghttpx.pid ] && pidof /usr/sbin/nghttpx >/dev/null; then + invoke-rc.d nghttpx upgrade || invoke-rc.d nghttpx restart + exit $? + else + invoke-rc.d nghttpx start || exit $? + fi +fi + +exit 0 diff --git a/debian/nghttp2-server.docs b/debian/nghttp2-server.docs new file mode 120000 index 0000000..5737ab0 --- /dev/null +++ b/debian/nghttp2-server.docs @@ -0,0 +1 @@ +nghttp2.docs
\ No newline at end of file diff --git a/debian/nghttp2-server.install b/debian/nghttp2-server.install new file mode 100644 index 0000000..18f6d3f --- /dev/null +++ b/debian/nghttp2-server.install @@ -0,0 +1 @@ +debian/tmp/usr/bin/nghttpd usr/sbin diff --git a/debian/nghttp2-server.manpages b/debian/nghttp2-server.manpages new file mode 100644 index 0000000..f3620b6 --- /dev/null +++ b/debian/nghttp2-server.manpages @@ -0,0 +1 @@ +usr/share/man/man1/nghttpd.1 diff --git a/debian/nghttp2.NEWS b/debian/nghttp2.NEWS new file mode 100644 index 0000000..3cbc5b2 --- /dev/null +++ b/debian/nghttp2.NEWS @@ -0,0 +1,9 @@ +nghttp2 (1.3.4-2) unstable; urgency=medium + + This release introduces a split into 3 subpackages: nghttp2-client, + nghttp2-server and nghttp2-proxy. The nghttp2 package depends on all + of them, but provides no files on its own. You can customize your + nghttp2 installation by removing nghttp2-* packages that you don't + use and/or removing the generic nghttp2 package. + + -- Tomasz Buchert <tomasz@debian.org> Fri, 23 Oct 2015 17:39:22 +0200 diff --git a/debian/nghttp2.docs b/debian/nghttp2.docs new file mode 100644 index 0000000..508e3e8 --- /dev/null +++ b/debian/nghttp2.docs @@ -0,0 +1,2 @@ +AUTHORS +doc/README.rst diff --git a/debian/nghttpx.conf b/debian/nghttpx.conf new file mode 100644 index 0000000..9aec111 --- /dev/null +++ b/debian/nghttpx.conf @@ -0,0 +1,40 @@ +# +# Sample configuration file for nghttpx. +# +# * Line staring '#' is treated as comment. +# +# * The option name in the configuration file is the long command-line +# option name with leading '--' stripped (e.g., frontend). Put '=' +# between option name and value. Don't put extra leading or trailing +# spaces. +# +# * The options which do not take argument in the command-line *take* +# argument in the configuration file. Specify 'yes' as argument +# (e.g., http2-proxy=yes). If other string is given, it disables the +# option. +# +# * To specify private key and certificate file, use private-key-file +# and certificate-file. See the examples below. +# +# * conf option cannot be used in the configuration file. It will be +# ignored. +# +# Examples: + +# Example 1 +# Proxying an HTTP server on localhost:80 to localhost:3000 (no TLS) +frontend=127.0.0.1,3000;no-tls +backend=127.0.0.1,80 +errorlog-syslog=yes +workers=1 + +# Example 2 +# Proxying localhost:80 on all interfaces, port 3000 (TLS enabled) +# frontend=0.0.0.0,3000 +# backend=127.0.0.1,80 +# private-key-file=/path/to/server.key +# certificate-file=/path/to/server.crt +# http2-proxy=no +# workers=1 + +# For comprehensive list of configuration options see "man nghttpx" diff --git a/debian/nghttpx.service b/debian/nghttpx.service new file mode 100644 index 0000000..76c9115 --- /dev/null +++ b/debian/nghttpx.service @@ -0,0 +1,17 @@ +[Unit] +Description=HTTP/2 proxy +Documentation=man:nghttpx +After=network.target + +[Service] +Type=notify +ExecStart=/usr/sbin/nghttpx --conf=/etc/nghttpx/nghttpx.conf +ExecReload=/bin/kill --signal HUP $MAINPID +KillSignal=SIGQUIT +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=full +Restart=always + +[Install] +WantedBy=multi-user.target diff --git a/debian/not-installed b/debian/not-installed new file mode 100644 index 0000000..d2d3134 --- /dev/null +++ b/debian/not-installed @@ -0,0 +1,4 @@ +usr/bin/deflatehd +usr/bin/inflatehd +usr/lib/*/libnghttp2.la +usr/share/doc/nghttp2/README.rst
\ No newline at end of file diff --git a/debian/patches/0001-Make-fetch-ocsp-response-use-python3.patch b/debian/patches/0001-Make-fetch-ocsp-response-use-python3.patch new file mode 100644 index 0000000..319ed21 --- /dev/null +++ b/debian/patches/0001-Make-fetch-ocsp-response-use-python3.patch @@ -0,0 +1,18 @@ +From: Tomasz Buchert <tomasz@debian.org> +Date: Tue, 2 Jan 2018 11:09:26 +0100 +Subject: Make fetch-ocsp-response use python3 + +--- + script/fetch-ocsp-response | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/script/fetch-ocsp-response b/script/fetch-ocsp-response +index 0ff7461..185116b 100755 +--- a/script/fetch-ocsp-response ++++ b/script/fetch-ocsp-response +@@ -1,4 +1,4 @@ +-#!/usr/bin/env python ++#!/usr/bin/env python3 + # -*- coding: utf-8 -*- + + # nghttp2 - HTTP/2 C Library diff --git a/debian/patches/0002-Workaround-for-963648.patch b/debian/patches/0002-Workaround-for-963648.patch new file mode 100644 index 0000000..7837346 --- /dev/null +++ b/debian/patches/0002-Workaround-for-963648.patch @@ -0,0 +1,22 @@ +From: Tomasz Buchert <tomasz@debian.org> +Date: Sun, 16 Aug 2020 12:56:51 +0200 +Subject: Workaround for #963648. + +--- + doc/_exts/rubydomain/rubydomain.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/doc/_exts/rubydomain/rubydomain.py b/doc/_exts/rubydomain/rubydomain.py +index db35233..105467b 100644 +--- a/doc/_exts/rubydomain/rubydomain.py ++++ b/doc/_exts/rubydomain/rubydomain.py +@@ -24,6 +24,9 @@ from sphinx.directives import ObjectDescription + from sphinx.util.nodes import make_refnode + from sphinx.util.docfields import Field, GroupedField, TypedField + ++# NOTE(#963648): Fix for sphinx >= 3. ++l_ = _ ++ + # REs for Ruby signatures + rb_sig_re = re.compile( + r'''^ ([\w.]*\.)? # class name(s) diff --git a/debian/patches/CVE-2023-44487.patch b/debian/patches/CVE-2023-44487.patch new file mode 100644 index 0000000..d0e1bc8 --- /dev/null +++ b/debian/patches/CVE-2023-44487.patch @@ -0,0 +1,903 @@ +From 72b4af6143681f528f1d237b21a9a7aee1738832 Mon Sep 17 00:00:00 2001 +From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +Date: Sun, 1 Oct 2023 00:05:01 +0900 +Subject: [PATCH] Rework session management + +--- nghttp2-1.52.0.orig/.github/workflows/build.yml ++++ nghttp2-1.52.0/.github/workflows/build.yml +@@ -265,7 +265,8 @@ jobs: + run: | + autoreconf -i && \ + ./configure --enable-werror --enable-lib-only --with-cunit \ +- --host="$HOST" PKG_CONFIG_PATH="$PWD/CUnit-2.1-3/build/lib/pkgconfig" ++ --host="$HOST" PKG_CONFIG_PATH="$PWD/CUnit-2.1-3/build/lib/pkgconfig" \ ++ CFLAGS="-g -O2 -D_WIN32_WINNT=0x0600" + - name: Build nghttp2 + run: | + make -j$(nproc) +--- nghttp2-1.52.0.orig/CMakeLists.txt ++++ nghttp2-1.52.0/CMakeLists.txt +@@ -276,6 +276,7 @@ check_include_file("netinet/in.h" HAVE + check_include_file("pwd.h" HAVE_PWD_H) + check_include_file("sys/socket.h" HAVE_SYS_SOCKET_H) + check_include_file("sys/time.h" HAVE_SYS_TIME_H) ++check_include_file("sysinfoapi.h" HAVE_SYSINFOAPI_H) + check_include_file("syslog.h" HAVE_SYSLOG_H) + check_include_file("time.h" HAVE_TIME_H) + check_include_file("unistd.h" HAVE_UNISTD_H) +@@ -316,8 +317,11 @@ check_type_size("time_t" SIZEOF_TIME_T) + include(CheckFunctionExists) + check_function_exists(_Exit HAVE__EXIT) + check_function_exists(accept4 HAVE_ACCEPT4) ++check_function_exists(clock_gettime HAVE_CLOCK_GETTIME) + check_function_exists(mkostemp HAVE_MKOSTEMP) + ++check_symbol_exists(GetTickCount64 sysinfoapi.h HAVE_GETTICKCOUNT64) ++ + include(CheckSymbolExists) + # XXX does this correctly detect initgroups (un)availability on cygwin? + check_symbol_exists(initgroups grp.h HAVE_DECL_INITGROUPS) +--- nghttp2-1.52.0.orig/cmakeconfig.h.in ++++ nghttp2-1.52.0/cmakeconfig.h.in +@@ -31,9 +31,15 @@ + /* Define to 1 if you have the `accept4` function. */ + #cmakedefine HAVE_ACCEPT4 1 + ++/* Define to 1 if you have the `clock_gettime` function. */ ++#cmakedefine HAVE_CLOCK_GETTIME 1 ++ + /* Define to 1 if you have the `mkostemp` function. */ + #cmakedefine HAVE_MKOSTEMP 1 + ++/* Define to 1 if you have the `GetTickCount64` function. */ ++#cmakedefine HAVE_GETTICKCOUNT64 1 ++ + /* Define to 1 if you have the `initgroups` function. */ + #cmakedefine01 HAVE_DECL_INITGROUPS + +@@ -70,6 +76,9 @@ + /* Define to 1 if you have the <sys/time.h> header file. */ + #cmakedefine HAVE_SYS_TIME_H 1 + ++/* Define to 1 if you have the <sysinfoapi.h> header file. */ ++#cmakedefine HAVE_SYSINFOAPI_H 1 ++ + /* Define to 1 if you have the <syslog.h> header file. */ + #cmakedefine HAVE_SYSLOG_H 1 + +--- nghttp2-1.52.0.orig/configure.ac ++++ nghttp2-1.52.0/configure.ac +@@ -850,6 +850,7 @@ AC_CHECK_HEADERS([ \ + string.h \ + sys/socket.h \ + sys/time.h \ ++ sysinfoapi.h \ + syslog.h \ + time.h \ + unistd.h \ +@@ -924,6 +925,7 @@ AC_FUNC_STRNLEN + AC_CHECK_FUNCS([ \ + _Exit \ + accept4 \ ++ clock_gettime \ + dup2 \ + getcwd \ + getpwnam \ +@@ -949,6 +951,25 @@ AC_CHECK_FUNCS([ \ + AC_CHECK_FUNC([timerfd_create], + [have_timerfd_create=yes], [have_timerfd_create=no]) + ++AC_MSG_CHECKING([checking for GetTickCount64]) ++AC_LINK_IFELSE([AC_LANG_PROGRAM( ++[[ ++#include <sysinfoapi.h> ++]], ++[[ ++GetTickCount64(); ++]])], ++[have_gettickcount64=yes], ++[have_gettickcount64=no]) ++ ++if test "x${have_gettickcount64}" = "xyes"; then ++ AC_MSG_RESULT([yes]) ++ AC_DEFINE([HAVE_GETTICKCOUNT64], [1], ++ [Define to 1 if you have `GetTickCount64` function.]) ++else ++ AC_MSG_RESULT([no]) ++fi ++ + # For cygwin: we can link initgroups, so AC_CHECK_FUNCS succeeds, but + # cygwin disables initgroups due to feature test macro magic with our + # configuration. FreeBSD declares initgroups() in unistd.h. +--- nghttp2-1.52.0.orig/doc/Makefile.am ++++ nghttp2-1.52.0/doc/Makefile.am +@@ -75,6 +75,7 @@ APIDOCS= \ + nghttp2_option_set_user_recv_extension_type.rst \ + nghttp2_option_set_max_outbound_ack.rst \ + nghttp2_option_set_max_settings.rst \ ++ nghttp2_option_set_stream_reset_rate_limit.rst \ + nghttp2_pack_settings_payload.rst \ + nghttp2_priority_spec_check_default.rst \ + nghttp2_priority_spec_default_init.rst \ +--- nghttp2-1.52.0.orig/lib/CMakeLists.txt ++++ nghttp2-1.52.0/lib/CMakeLists.txt +@@ -24,6 +24,8 @@ set(NGHTTP2_SOURCES + nghttp2_http.c + nghttp2_rcbuf.c + nghttp2_extpri.c ++ nghttp2_ratelim.c ++ nghttp2_time.c + nghttp2_debug.c + ) + +--- nghttp2-1.52.0.orig/lib/Makefile.am ++++ nghttp2-1.52.0/lib/Makefile.am +@@ -51,6 +51,8 @@ OBJECTS = nghttp2_pq.c nghttp2_map.c ngh + nghttp2_http.c \ + nghttp2_rcbuf.c \ + nghttp2_extpri.c \ ++ nghttp2_ratelim.c \ ++ nghttp2_time.c \ + nghttp2_debug.c + + HFILES = nghttp2_pq.h nghttp2_int.h nghttp2_map.h nghttp2_queue.h \ +@@ -68,6 +70,8 @@ HFILES = nghttp2_pq.h nghttp2_int.h nght + nghttp2_http.h \ + nghttp2_rcbuf.h \ + nghttp2_extpri.h \ ++ nghttp2_ratelim.h \ ++ nghttp2_time.h \ + nghttp2_debug.h + + libnghttp2_la_SOURCES = $(HFILES) $(OBJECTS) +--- nghttp2-1.52.0.orig/lib/includes/nghttp2/nghttp2.h ++++ nghttp2-1.52.0/lib/includes/nghttp2/nghttp2.h +@@ -2759,6 +2759,23 @@ nghttp2_option_set_no_rfc9113_leading_an + /** + * @function + * ++ * This function sets the rate limit for the incoming stream reset ++ * (RST_STREAM frame). It is server use only. It is a token-bucket ++ * based rate limiter. |burst| specifies the number of tokens that is ++ * initially available. The maximum number of tokens is capped to ++ * this value. |rate| specifies the number of tokens that are ++ * regenerated per second. An incoming RST_STREAM consumes one token. ++ * If there is no token available, GOAWAY is sent to tear down the ++ * connection. |burst| and |rate| default to 1000 and 33 ++ * respectively. ++ */ ++NGHTTP2_EXTERN void ++nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, ++ uint64_t burst, uint64_t rate); ++ ++/** ++ * @function ++ * + * Initializes |*session_ptr| for client use. The all members of + * |callbacks| are copied to |*session_ptr|. Therefore |*session_ptr| + * does not store |callbacks|. The |user_data| is an arbitrary user +--- nghttp2-1.52.0.orig/lib/nghttp2_option.c ++++ nghttp2-1.52.0/lib/nghttp2_option.c +@@ -143,3 +143,10 @@ void nghttp2_option_set_no_rfc9113_leadi + NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION; + option->no_rfc9113_leading_and_trailing_ws_validation = val; + } ++ ++void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, ++ uint64_t burst, uint64_t rate) { ++ option->opt_set_mask |= NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT; ++ option->stream_reset_burst = burst; ++ option->stream_reset_rate = rate; ++} +--- nghttp2-1.52.0.orig/lib/nghttp2_option.h ++++ nghttp2-1.52.0/lib/nghttp2_option.h +@@ -70,6 +70,7 @@ typedef enum { + NGHTTP2_OPT_MAX_SETTINGS = 1 << 12, + NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13, + NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14, ++ NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15, + } nghttp2_option_flag; + + /** +@@ -77,6 +78,11 @@ typedef enum { + */ + struct nghttp2_option { + /** ++ * NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT ++ */ ++ uint64_t stream_reset_burst; ++ uint64_t stream_reset_rate; ++ /** + * NGHTTP2_OPT_MAX_SEND_HEADER_BLOCK_LENGTH + */ + size_t max_send_header_block_length; +--- /dev/null ++++ nghttp2-1.52.0/lib/nghttp2_ratelim.c +@@ -0,0 +1,75 @@ ++/* ++ * nghttp2 - HTTP/2 C Library ++ * ++ * Copyright (c) 2023 nghttp2 contributors ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining ++ * a copy of this software and associated documentation files (the ++ * "Software"), to deal in the Software without restriction, including ++ * without limitation the rights to use, copy, modify, merge, publish, ++ * distribute, sublicense, and/or sell copies of the Software, and to ++ * permit persons to whom the Software is furnished to do so, subject to ++ * the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE ++ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION ++ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION ++ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ++ */ ++#include "nghttp2_ratelim.h" ++#include "nghttp2_helper.h" ++ ++void nghttp2_ratelim_init(nghttp2_ratelim *rl, uint64_t burst, uint64_t rate) { ++ rl->val = rl->burst = burst; ++ rl->rate = rate; ++ rl->tstamp = 0; ++} ++ ++void nghttp2_ratelim_update(nghttp2_ratelim *rl, uint64_t tstamp) { ++ uint64_t d, gain; ++ ++ if (tstamp == rl->tstamp) { ++ return; ++ } ++ ++ if (tstamp > rl->tstamp) { ++ d = tstamp - rl->tstamp; ++ } else { ++ d = 1; ++ } ++ ++ rl->tstamp = tstamp; ++ ++ if (UINT64_MAX / d < rl->rate) { ++ rl->val = rl->burst; ++ ++ return; ++ } ++ ++ gain = rl->rate * d; ++ ++ if (UINT64_MAX - gain < rl->val) { ++ rl->val = rl->burst; ++ ++ return; ++ } ++ ++ rl->val += gain; ++ rl->val = nghttp2_min(rl->val, rl->burst); ++} ++ ++int nghttp2_ratelim_drain(nghttp2_ratelim *rl, uint64_t n) { ++ if (rl->val < n) { ++ return -1; ++ } ++ ++ rl->val -= n; ++ ++ return 0; ++} +--- /dev/null ++++ nghttp2-1.52.0/lib/nghttp2_ratelim.h +@@ -0,0 +1,57 @@ ++/* ++ * nghttp2 - HTTP/2 C Library ++ * ++ * Copyright (c) 2023 nghttp2 contributors ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining ++ * a copy of this software and associated documentation files (the ++ * "Software"), to deal in the Software without restriction, including ++ * without limitation the rights to use, copy, modify, merge, publish, ++ * distribute, sublicense, and/or sell copies of the Software, and to ++ * permit persons to whom the Software is furnished to do so, subject to ++ * the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE ++ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION ++ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION ++ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ++ */ ++#ifndef NGHTTP2_RATELIM_H ++#define NGHTTP2_RATELIM_H ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif /* HAVE_CONFIG_H */ ++ ++#include <nghttp2/nghttp2.h> ++ ++typedef struct nghttp2_ratelim { ++ /* burst is the maximum value of val. */ ++ uint64_t burst; ++ /* rate is the amount of value that is regenerated per 1 tstamp. */ ++ uint64_t rate; ++ /* val is the amount of value available to drain. */ ++ uint64_t val; ++ /* tstamp is the last timestamp in second resolution that is known ++ to this object. */ ++ uint64_t tstamp; ++} nghttp2_ratelim; ++ ++/* nghttp2_ratelim_init initializes |rl| with the given parameters. */ ++void nghttp2_ratelim_init(nghttp2_ratelim *rl, uint64_t burst, uint64_t rate); ++ ++/* nghttp2_ratelim_update updates rl->val with the current |tstamp| ++ given in second resolution. */ ++void nghttp2_ratelim_update(nghttp2_ratelim *rl, uint64_t tstamp); ++ ++/* nghttp2_ratelim_drain drains |n| from rl->val. It returns 0 if it ++ succeeds, or -1. */ ++int nghttp2_ratelim_drain(nghttp2_ratelim *rl, uint64_t n); ++ ++#endif /* NGHTTP2_RATELIM_H */ +--- nghttp2-1.52.0.orig/lib/nghttp2_session.c ++++ nghttp2-1.52.0/lib/nghttp2_session.c +@@ -37,6 +37,7 @@ + #include "nghttp2_http.h" + #include "nghttp2_pq.h" + #include "nghttp2_extpri.h" ++#include "nghttp2_time.h" + #include "nghttp2_debug.h" + + /* +@@ -475,6 +476,10 @@ static int session_new(nghttp2_session * + (*session_ptr)->pending_enable_push = 1; + (*session_ptr)->pending_no_rfc7540_priorities = UINT8_MAX; + ++ nghttp2_ratelim_init(&(*session_ptr)->stream_reset_ratelim, ++ NGHTTP2_DEFAULT_STREAM_RESET_BURST, ++ NGHTTP2_DEFAULT_STREAM_RESET_RATE); ++ + if (server) { + (*session_ptr)->server = 1; + } +@@ -573,6 +578,12 @@ static int session_new(nghttp2_session * + (*session_ptr)->opt_flags |= + NGHTTP2_OPTMASK_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION; + } ++ ++ if (option->opt_set_mask & NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT) { ++ nghttp2_ratelim_init(&(*session_ptr)->stream_reset_ratelim, ++ option->stream_reset_burst, ++ option->stream_reset_rate); ++ } + } + + rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater, +@@ -4532,6 +4543,23 @@ static int session_process_priority_fram + return nghttp2_session_on_priority_received(session, frame); + } + ++static int session_update_stream_reset_ratelim(nghttp2_session *session) { ++ if (!session->server || (session->goaway_flags & NGHTTP2_GOAWAY_SUBMITTED)) { ++ return 0; ++ } ++ ++ nghttp2_ratelim_update(&session->stream_reset_ratelim, ++ nghttp2_time_now_sec()); ++ ++ if (nghttp2_ratelim_drain(&session->stream_reset_ratelim, 1) == 0) { ++ return 0; ++ } ++ ++ return nghttp2_session_add_goaway(session, session->last_recv_stream_id, ++ NGHTTP2_INTERNAL_ERROR, NULL, 0, ++ NGHTTP2_GOAWAY_AUX_NONE); ++} ++ + int nghttp2_session_on_rst_stream_received(nghttp2_session *session, + nghttp2_frame *frame) { + int rv; +@@ -4561,7 +4589,8 @@ int nghttp2_session_on_rst_stream_receiv + if (nghttp2_is_fatal(rv)) { + return rv; + } +- return 0; ++ ++ return session_update_stream_reset_ratelim(session); + } + + static int session_process_rst_stream_frame(nghttp2_session *session) { +@@ -7523,6 +7552,9 @@ int nghttp2_session_add_goaway(nghttp2_s + nghttp2_mem_free(mem, item); + return rv; + } ++ ++ session->goaway_flags |= NGHTTP2_GOAWAY_SUBMITTED; ++ + return 0; + } + +--- nghttp2-1.52.0.orig/lib/nghttp2_session.h ++++ nghttp2-1.52.0/lib/nghttp2_session.h +@@ -39,6 +39,7 @@ + #include "nghttp2_buf.h" + #include "nghttp2_callbacks.h" + #include "nghttp2_mem.h" ++#include "nghttp2_ratelim.h" + + /* The global variable for tests where we want to disable strict + preface handling. */ +@@ -105,6 +106,10 @@ typedef struct { + /* The default value of maximum number of concurrent streams. */ + #define NGHTTP2_DEFAULT_MAX_CONCURRENT_STREAMS 0xffffffffu + ++/* The default values for stream reset rate limiter. */ ++#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000 ++#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33 ++ + /* Internal state when receiving incoming frame */ + typedef enum { + /* Receiving frame header */ +@@ -178,7 +183,9 @@ typedef enum { + /* Flag means GOAWAY was sent */ + NGHTTP2_GOAWAY_SENT = 0x4, + /* Flag means GOAWAY was received */ +- NGHTTP2_GOAWAY_RECV = 0x8 ++ NGHTTP2_GOAWAY_RECV = 0x8, ++ /* Flag means GOAWAY has been submitted at least once */ ++ NGHTTP2_GOAWAY_SUBMITTED = 0x10 + } nghttp2_goaway_flag; + + /* nghttp2_inflight_settings stores the SETTINGS entries which local +@@ -235,6 +242,9 @@ struct nghttp2_session { + /* Queue of In-flight SETTINGS values. SETTINGS bearing ACK is not + considered as in-flight. */ + nghttp2_inflight_settings *inflight_settings_head; ++ /* Stream reset rate limiter. If receiving excessive amount of ++ stream resets, GOAWAY will be sent. */ ++ nghttp2_ratelim stream_reset_ratelim; + /* Sequential number across all streams to process streams in + FIFO. */ + uint64_t stream_seq; +--- /dev/null ++++ nghttp2-1.52.0/lib/nghttp2_time.c +@@ -0,0 +1,62 @@ ++/* ++ * nghttp2 - HTTP/2 C Library ++ * ++ * Copyright (c) 2023 nghttp2 contributors ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining ++ * a copy of this software and associated documentation files (the ++ * "Software"), to deal in the Software without restriction, including ++ * without limitation the rights to use, copy, modify, merge, publish, ++ * distribute, sublicense, and/or sell copies of the Software, and to ++ * permit persons to whom the Software is furnished to do so, subject to ++ * the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE ++ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION ++ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION ++ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ++ */ ++#include "nghttp2_time.h" ++ ++#ifdef HAVE_TIME_H ++# include <time.h> ++#endif /* HAVE_TIME_H */ ++ ++#ifdef HAVE_SYSINFOAPI_H ++# include <sysinfoapi.h> ++#endif /* HAVE_SYSINFOAPI_H */ ++ ++#ifndef HAVE_GETTICKCOUNT64 ++static uint64_t time_now_sec(void) { ++ time_t t = time(NULL); ++ ++ if (t == -1) { ++ return 0; ++ } ++ ++ return (uint64_t)t; ++} ++#endif /* HAVE_GETTICKCOUNT64 */ ++ ++#ifdef HAVE_CLOCK_GETTIME ++uint64_t nghttp2_time_now_sec(void) { ++ struct timespec tp; ++ int rv = clock_gettime(CLOCK_MONOTONIC, &tp); ++ ++ if (rv == -1) { ++ return time_now_sec(); ++ } ++ ++ return (uint64_t)tp.tv_sec; ++} ++#elif defined(HAVE_GETTICKCOUNT64) ++uint64_t nghttp2_time_now_sec(void) { return GetTickCount64() / 1000; } ++#else /* !HAVE_CLOCK_GETTIME && !HAVE_GETTICKCOUNT64 */ ++uint64_t nghttp2_time_now_sec(void) { return time_now_sec(); } ++#endif /* !HAVE_CLOCK_GETTIME && !HAVE_GETTICKCOUNT64 */ +--- /dev/null ++++ nghttp2-1.52.0/lib/nghttp2_time.h +@@ -0,0 +1,38 @@ ++/* ++ * nghttp2 - HTTP/2 C Library ++ * ++ * Copyright (c) 2023 nghttp2 contributors ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining ++ * a copy of this software and associated documentation files (the ++ * "Software"), to deal in the Software without restriction, including ++ * without limitation the rights to use, copy, modify, merge, publish, ++ * distribute, sublicense, and/or sell copies of the Software, and to ++ * permit persons to whom the Software is furnished to do so, subject to ++ * the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE ++ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION ++ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION ++ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ++ */ ++#ifndef NGHTTP2_TIME_H ++#define NGHTTP2_TIME_H ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif /* HAVE_CONFIG_H */ ++ ++#include <nghttp2/nghttp2.h> ++ ++/* nghttp2_time_now_sec returns seconds from implementation-specific ++ timepoint. If it is unable to get seconds, it returns 0. */ ++uint64_t nghttp2_time_now_sec(void); ++ ++#endif /* NGHTTP2_TIME_H */ +--- nghttp2-1.52.0.orig/tests/CMakeLists.txt ++++ nghttp2-1.52.0/tests/CMakeLists.txt +@@ -22,6 +22,7 @@ if(HAVE_CUNIT) + nghttp2_buf_test.c + nghttp2_http_test.c + nghttp2_extpri_test.c ++ nghttp2_ratelim_test.c + ) + + add_executable(main EXCLUDE_FROM_ALL +--- nghttp2-1.52.0.orig/tests/Makefile.am ++++ nghttp2-1.52.0/tests/Makefile.am +@@ -42,7 +42,8 @@ OBJECTS = main.c nghttp2_pq_test.c nghtt + nghttp2_helper_test.c \ + nghttp2_buf_test.c \ + nghttp2_http_test.c \ +- nghttp2_extpri_test.c ++ nghttp2_extpri_test.c \ ++ nghttp2_ratelim_test.c + + HFILES = nghttp2_pq_test.h nghttp2_map_test.h nghttp2_queue_test.h \ + nghttp2_session_test.h \ +@@ -51,7 +52,8 @@ HFILES = nghttp2_pq_test.h nghttp2_map_t + nghttp2_test_helper.h \ + nghttp2_buf_test.h \ + nghttp2_http_test.h \ +- nghttp2_extpri_test.h ++ nghttp2_extpri_test.h \ ++ nghttp2_ratelim_test.h + + main_SOURCES = $(HFILES) $(OBJECTS) + +--- nghttp2-1.52.0.orig/tests/main.c ++++ nghttp2-1.52.0/tests/main.c +@@ -42,6 +42,7 @@ + #include "nghttp2_buf_test.h" + #include "nghttp2_http_test.h" + #include "nghttp2_extpri_test.h" ++#include "nghttp2_ratelim_test.h" + + extern int nghttp2_enable_strict_preface; + +@@ -343,6 +344,8 @@ int main(void) { + test_nghttp2_session_no_rfc7540_priorities) || + !CU_add_test(pSuite, "session_server_fallback_rfc7540_priorities", + test_nghttp2_session_server_fallback_rfc7540_priorities) || ++ !CU_add_test(pSuite, "session_stream_reset_ratelim", ++ test_nghttp2_session_stream_reset_ratelim) || + !CU_add_test(pSuite, "http_mandatory_headers", + test_nghttp2_http_mandatory_headers) || + !CU_add_test(pSuite, "http_content_length", +@@ -452,7 +455,9 @@ int main(void) { + !CU_add_test(pSuite, "sf_parse_item", test_nghttp2_sf_parse_item) || + !CU_add_test(pSuite, "sf_parse_inner_list", + test_nghttp2_sf_parse_inner_list) || +- !CU_add_test(pSuite, "extpri_to_uint8", test_nghttp2_extpri_to_uint8)) { ++ !CU_add_test(pSuite, "extpri_to_uint8", test_nghttp2_extpri_to_uint8) || ++ !CU_add_test(pSuite, "ratelim_update", test_nghttp2_ratelim_update) || ++ !CU_add_test(pSuite, "ratelim_drain", test_nghttp2_ratelim_drain)) { + CU_cleanup_registry(); + return (int)CU_get_error(); + } +--- /dev/null ++++ nghttp2-1.52.0/tests/nghttp2_ratelim_test.c +@@ -0,0 +1,101 @@ ++/* ++ * nghttp2 - HTTP/2 C Library ++ * ++ * Copyright (c) 2023 nghttp2 contributors ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining ++ * a copy of this software and associated documentation files (the ++ * "Software"), to deal in the Software without restriction, including ++ * without limitation the rights to use, copy, modify, merge, publish, ++ * distribute, sublicense, and/or sell copies of the Software, and to ++ * permit persons to whom the Software is furnished to do so, subject to ++ * the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE ++ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION ++ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION ++ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ++ */ ++#include "nghttp2_ratelim_test.h" ++ ++#include <stdio.h> ++ ++#include <CUnit/CUnit.h> ++ ++#include "nghttp2_ratelim.h" ++ ++void test_nghttp2_ratelim_update(void) { ++ nghttp2_ratelim rl; ++ ++ nghttp2_ratelim_init(&rl, 1000, 21); ++ ++ CU_ASSERT(1000 == rl.val); ++ CU_ASSERT(1000 == rl.burst); ++ CU_ASSERT(21 == rl.rate); ++ CU_ASSERT(0 == rl.tstamp); ++ ++ nghttp2_ratelim_update(&rl, 999); ++ ++ CU_ASSERT(1000 == rl.val); ++ CU_ASSERT(999 == rl.tstamp); ++ ++ nghttp2_ratelim_drain(&rl, 100); ++ ++ CU_ASSERT(900 == rl.val); ++ ++ nghttp2_ratelim_update(&rl, 1000); ++ ++ CU_ASSERT(921 == rl.val); ++ ++ nghttp2_ratelim_update(&rl, 1002); ++ ++ CU_ASSERT(963 == rl.val); ++ ++ nghttp2_ratelim_update(&rl, 1004); ++ ++ CU_ASSERT(1000 == rl.val); ++ CU_ASSERT(1004 == rl.tstamp); ++ ++ /* timer skew */ ++ nghttp2_ratelim_init(&rl, 1000, 21); ++ nghttp2_ratelim_update(&rl, 1); ++ ++ CU_ASSERT(1000 == rl.val); ++ ++ nghttp2_ratelim_update(&rl, 0); ++ ++ CU_ASSERT(1000 == rl.val); ++ ++ /* rate * duration overflow */ ++ nghttp2_ratelim_init(&rl, 1000, 100); ++ nghttp2_ratelim_drain(&rl, 999); ++ ++ CU_ASSERT(1 == rl.val); ++ ++ nghttp2_ratelim_update(&rl, UINT64_MAX); ++ ++ CU_ASSERT(1000 == rl.val); ++ ++ /* val + rate * duration overflow */ ++ nghttp2_ratelim_init(&rl, UINT64_MAX - 1, 2); ++ nghttp2_ratelim_update(&rl, 1); ++ ++ CU_ASSERT(UINT64_MAX - 1 == rl.val); ++} ++ ++void test_nghttp2_ratelim_drain(void) { ++ nghttp2_ratelim rl; ++ ++ nghttp2_ratelim_init(&rl, 100, 7); ++ ++ CU_ASSERT(-1 == nghttp2_ratelim_drain(&rl, 101)); ++ CU_ASSERT(0 == nghttp2_ratelim_drain(&rl, 51)); ++ CU_ASSERT(0 == nghttp2_ratelim_drain(&rl, 49)); ++ CU_ASSERT(-1 == nghttp2_ratelim_drain(&rl, 1)); ++} +--- /dev/null ++++ nghttp2-1.52.0/tests/nghttp2_ratelim_test.h +@@ -0,0 +1,35 @@ ++/* ++ * nghttp2 - HTTP/2 C Library ++ * ++ * Copyright (c) 2023 nghttp2 contributors ++ * ++ * Permission is hereby granted, free of charge, to any person obtaining ++ * a copy of this software and associated documentation files (the ++ * "Software"), to deal in the Software without restriction, including ++ * without limitation the rights to use, copy, modify, merge, publish, ++ * distribute, sublicense, and/or sell copies of the Software, and to ++ * permit persons to whom the Software is furnished to do so, subject to ++ * the following conditions: ++ * ++ * The above copyright notice and this permission notice shall be ++ * included in all copies or substantial portions of the Software. ++ * ++ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, ++ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF ++ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND ++ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE ++ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION ++ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION ++ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ++ */ ++#ifndef NGHTTP2_RATELIM_TEST_H ++#define NGHTTP2_RATELIM_TEST_H ++ ++#ifdef HAVE_CONFIG_H ++# include <config.h> ++#endif /* HAVE_CONFIG_H */ ++ ++void test_nghttp2_ratelim_update(void); ++void test_nghttp2_ratelim_drain(void); ++ ++#endif /* NGHTTP2_RATELIM_TEST_H */ +--- nghttp2-1.52.0.orig/tests/nghttp2_session_test.c ++++ nghttp2-1.52.0/tests/nghttp2_session_test.c +@@ -11945,6 +11945,109 @@ void test_nghttp2_session_server_fallbac + nghttp2_bufs_free(&bufs); + } + ++void test_nghttp2_session_stream_reset_ratelim(void) { ++ nghttp2_session *session; ++ nghttp2_session_callbacks callbacks; ++ nghttp2_frame frame; ++ ssize_t rv; ++ nghttp2_bufs bufs; ++ nghttp2_buf *buf; ++ nghttp2_mem *mem; ++ size_t i; ++ nghttp2_hd_deflater deflater; ++ size_t nvlen; ++ nghttp2_nv *nva; ++ int32_t stream_id; ++ nghttp2_outbound_item *item; ++ nghttp2_option *option; ++ ++ mem = nghttp2_mem_default(); ++ frame_pack_bufs_init(&bufs); ++ ++ memset(&callbacks, 0, sizeof(nghttp2_session_callbacks)); ++ callbacks.send_callback = null_send_callback; ++ ++ nghttp2_option_new(&option); ++ nghttp2_option_set_stream_reset_rate_limit( ++ option, NGHTTP2_DEFAULT_STREAM_RESET_BURST, 0); ++ ++ nghttp2_session_server_new2(&session, &callbacks, NULL, option); ++ ++ nghttp2_frame_settings_init(&frame.settings, NGHTTP2_FLAG_NONE, NULL, 0); ++ rv = nghttp2_frame_pack_settings(&bufs, &frame.settings); ++ ++ CU_ASSERT(0 == rv); ++ ++ nghttp2_frame_settings_free(&frame.settings, mem); ++ ++ buf = &bufs.head->buf; ++ rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf)); ++ ++ CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv); ++ ++ /* Send SETTINGS ACK */ ++ rv = nghttp2_session_send(session); ++ ++ CU_ASSERT(0 == rv); ++ ++ nghttp2_hd_deflate_init(&deflater, mem); ++ ++ for (i = 0; i < NGHTTP2_DEFAULT_STREAM_RESET_BURST + 2; ++i) { ++ stream_id = (int32_t)(i * 2 + 1); ++ ++ nghttp2_bufs_reset(&bufs); ++ ++ /* HEADERS */ ++ nvlen = ARRLEN(reqnv); ++ nghttp2_nv_array_copy(&nva, reqnv, nvlen, mem); ++ nghttp2_frame_headers_init(&frame.headers, NGHTTP2_FLAG_END_HEADERS, ++ stream_id, NGHTTP2_HCAT_HEADERS, NULL, nva, ++ nvlen); ++ rv = nghttp2_frame_pack_headers(&bufs, &frame.headers, &deflater); ++ ++ CU_ASSERT(0 == rv); ++ ++ nghttp2_frame_headers_free(&frame.headers, mem); ++ ++ buf = &bufs.head->buf; ++ rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf)); ++ ++ CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv); ++ ++ nghttp2_bufs_reset(&bufs); ++ ++ /* RST_STREAM */ ++ nghttp2_frame_rst_stream_init(&frame.rst_stream, stream_id, ++ NGHTTP2_NO_ERROR); ++ nghttp2_frame_pack_rst_stream(&bufs, &frame.rst_stream); ++ nghttp2_frame_rst_stream_free(&frame.rst_stream); ++ ++ buf = &bufs.head->buf; ++ rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf)); ++ ++ CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv); ++ ++ if (i < NGHTTP2_DEFAULT_STREAM_RESET_BURST) { ++ CU_ASSERT(0 == nghttp2_outbound_queue_size(&session->ob_reg)); ++ ++ continue; ++ } ++ ++ CU_ASSERT(1 == nghttp2_outbound_queue_size(&session->ob_reg)); ++ ++ item = nghttp2_session_get_next_ob_item(session); ++ ++ CU_ASSERT(NGHTTP2_GOAWAY == item->frame.hd.type); ++ CU_ASSERT(NGHTTP2_DEFAULT_STREAM_RESET_BURST * 2 + 1 == ++ item->frame.goaway.last_stream_id); ++ } ++ ++ nghttp2_hd_deflate_free(&deflater); ++ nghttp2_session_del(session); ++ nghttp2_bufs_free(&bufs); ++ nghttp2_option_del(option); ++} ++ + static void check_nghttp2_http_recv_headers_fail( + nghttp2_session *session, nghttp2_hd_deflater *deflater, int32_t stream_id, + int stream_state, const nghttp2_nv *nva, size_t nvlen) { +--- nghttp2-1.52.0.orig/tests/nghttp2_session_test.h ++++ nghttp2-1.52.0/tests/nghttp2_session_test.h +@@ -168,6 +168,7 @@ void test_nghttp2_session_no_closed_stre + void test_nghttp2_session_set_stream_user_data(void); + void test_nghttp2_session_no_rfc7540_priorities(void); + void test_nghttp2_session_server_fallback_rfc7540_priorities(void); ++void test_nghttp2_session_stream_reset_ratelim(void); + void test_nghttp2_http_mandatory_headers(void); + void test_nghttp2_http_content_length(void); + void test_nghttp2_http_content_length_mismatch(void); diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..563e706 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,3 @@ +0001-Make-fetch-ocsp-response-use-python3.patch +0002-Workaround-for-963648.patch +CVE-2023-44487.patch diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..6a2c390 --- /dev/null +++ b/debian/rules @@ -0,0 +1,64 @@ +#!/usr/bin/make -f + +# this makes the tests fail +# LDFLAGS += -Wl,--default-symver + +override_dh_auto_configure: + dh_auto_configure -- \ + --enable-python-bindings=no --disable-failmalloc --enable-app + +override_dh_auto_build-arch: + dh_auto_build + +override_dh_auto_build-indep: + $(MAKE) html + +# don't run tests when building indep packages +override_dh_auto_test-indep: + +override_dh_auto_clean: + dh_auto_clean + rm -rf doc/manual/html doc/manual/doctrees doc/apiref.rst + +override_dh_auto_install-arch: custom_install_init_scripts custom_install_systemd + dh_auto_install + +override_dh_auto_install-indep: custom_install_manual + +override_dh_installinit: + dh_installinit -pnghttp2-proxy --onlyscripts --name=nghttpx --no-stop-on-upgrade --no-start + +override_dh_installsystemd: + dh_installsystemd --no-restart-after-upgrade --no-stop-on-upgrade --no-start + +.PHONY: custom_install_manual custom_install_init_scripts custom_install_systemd + +DOCDIR="debian/libnghttp2-doc/usr/share/doc/libnghttp2-doc" +custom_install_manual: + mkdir -p $(DOCDIR) + cp -pr doc/manual/html/* $(DOCDIR) + rm $(DOCDIR)/objects.inv + ln -sf /usr/share/javascript/jquery/jquery.js $(DOCDIR)/_static/jquery.js + ln -sf /usr/share/javascript/underscore/underscore.js $(DOCDIR)/_static/underscore.js + cp -p doc/README.rst $(DOCDIR) + +ETCDIR="debian/nghttp2-proxy/etc" +custom_install_init_scripts: + install -d $(ETCDIR)/init.d + sed -e 's,^DAEMON=.*/,DAEMON=/usr/sbin/,' contrib/nghttpx-init > $(ETCDIR)/init.d/nghttpx + chmod 755 $(ETCDIR)/init.d/nghttpx + install -d $(ETCDIR)/nghttpx + # we install our own version of config + install -m644 debian/nghttpx.conf $(ETCDIR)/nghttpx/nghttpx.conf + install -d $(ETCDIR)/logrotate.d + install -p -m644 contrib/nghttpx-logrotate $(ETCDIR)/logrotate.d/nghttpx + +# Currently we install our own systemd unit because +# the original one is slightly broken +SYSTEMD="debian/nghttp2-proxy/lib/systemd/system" +custom_install_systemd: + install -d $(SYSTEMD) + install -p -m644 debian/nghttpx.service $(SYSTEMD)/nghttpx.service + +%: + dh $@ diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides new file mode 100644 index 0000000..11d0138 --- /dev/null +++ b/debian/source/lintian-overrides @@ -0,0 +1,2 @@ +# debian distro sphinx is used +nghttp2 source: source-is-missing [doc/_themes/sphinx_rtd_theme/static/js/*] diff --git a/debian/tests/control b/debian/tests/control new file mode 100644 index 0000000..d16eec9 --- /dev/null +++ b/debian/tests/control @@ -0,0 +1,3 @@ +Tests: proxy-works +Depends: nginx, @ +Restrictions: isolation-container diff --git a/debian/tests/proxy-works b/debian/tests/proxy-works new file mode 100755 index 0000000..1e03100 --- /dev/null +++ b/debian/tests/proxy-works @@ -0,0 +1,17 @@ +#!/bin/bash + +# Nghttpx should proxy the port 80 by default. + +exec 2>&1 +set -eux + +PROXY=http://localhost:3000 + +# Verify that we can connect +nghttp ${PROXY} > /dev/null + +# Extract HTTP error code +STATUS=$(nghttp ${PROXY} -v | grep -Po '(?<=:status: )(\d+)') + +# Verify it's OK (200). +echo ${STATUS} | grep 200 diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 0000000..2abdeb1 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,5 @@ +--- +Bug-Database: https://github.com/nghttp2/nghttp2/issues +Bug-Submit: https://github.com/nghttp2/nghttp2/issues/new +Repository: https://github.com/nghttp2/nghttp2.git +Repository-Browse: https://github.com/nghttp2/nghttp2 diff --git a/debian/watch b/debian/watch new file mode 100644 index 0000000..ed3757d --- /dev/null +++ b/debian/watch @@ -0,0 +1,3 @@ +version=4 +opts=filenamemangle=s/.+\/v?(\d\S+)\.tar\.gz/nghttp2-$1\.tar\.gz/ \ + https://github.com/nghttp2/nghttp2/tags .*/v?(\d\S+)\.tar\.gz
\ No newline at end of file |