274402 – www/libnghttp2: Update to 1.59.0

Bug 274402 - www/libnghttp2: Update to 1.59.0

Summary: www/libnghttp2: Update to 1.59.0

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Daniel Engberg

URL:	https://github.com/nghttp2/nghttp2/re...
Keywords:

Depends on:
Blocks:	274403
	Show dependency tree / graph

Reported:	2023-10-10 20:17 UTC by Daniel Engberg
Modified:	2024-02-05 00:26 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (sunpoet)

Attachments
Patch for libnghttp2 (3.50 KB, patch) 2023-10-10 20:17 UTC, Daniel Engberg	no flags	Details \| Diff
Patch for libnghttp2 v2 (3.50 KB, patch) 2023-10-27 21:24 UTC, Daniel Engberg	no flags	Details \| Diff
Patch for libnghttp2 v3 (3.50 KB, patch) 2024-01-21 22:18 UTC, Daniel Engberg	no flags	Details \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Engberg freebsd_committer

2023-10-10 20:17:33 UTC

Created attachment 245556 [details]
Patch for libnghttp2

Use CMake for consistency and faster builds

Fixes CVE-2023-44487

Compile tested on FreeBSD 13.2-RELEASE (amd64) (make, make check-plist)
Poudriere testport OK 12.4-RELEASE (amd64)
Poudriere testport OK 13.2-RELEASE (amd64)

Tested with following consumers in Poudriere (13.2-RELEASE amd64):
biology/ncbi-blast+
devel/aws-sdk-cpp
devel/libsoup3
dns/bind-tools
dns/bind9-devel
dns/bind918
dns/dnsperf
dns/flamethrower
dns/knot-resolver
dns/knot3
dns/unbound
ftp/curl
lang/julia
net/sakisafecli
net/wireshark
science/lammps
security/bitwarden-cli
security/wazuh-agent
security/wazuh-manager
sysutils/libdnf
www/apache24
www/envoy (marked BROKEN) - unrelated
www/mod_http2
www/nghttp2
www/node16
www/node18
www/node20
www/wget2
devel/clixon

Comment 1 Daniel Engberg freebsd_committer

2023-10-27 21:24:24 UTC

Created attachment 245929 [details]
Patch for libnghttp2 v2

Compile tested on FreeBSD 13.2-RELEASE (amd64) (make, make check-plist)
Poudriere testport OK 12.4-RELEASE (amd64)
Poudriere testport OK 13.2-RELEASE (amd64)

Tested with following consumers in Poudriere (13.2-RELEASE amd64):
biology/ncbi-blast+
devel/libsoup3
dns/bind-tools
dns/bind9-devel
dns/bind918
dns/dnsperf
dns/flamethrower
dns/knot-resolver
dns/knot3
dns/unbound
ftp/curl
lang/julia
net/sakisafecli
net/wireshark
science/lammps
security/bitwarden-cli (skipped due to license)
security/wazuh-agent
security/wazuh-manager
sysutils/libdnf
www/apache24
www/envoy (fails, unrelated)
www/mod_http2
www/nghttp2
www/node16
www/node18
www/node20
www/wget2
devel/clixon

Comment 2 Daniel Engberg freebsd_committer

2024-01-21 22:18:56 UTC

Created attachment 247830 [details]
Patch for libnghttp2 v3

biology/ncbi-blast+
devel/clixon
devel/libsoup3
dns/bind-tools
dns/bind9-devel
dns/bind918
dns/dnsperf
dns/flamethrower
dns/knot-resolver
dns/knot3
dns/unbound
ftp/curl
lang/julia
net/sakisafecli
net/wireshark
science/lammps
security/bitwarden-cli (Skipped due to license)
security/wazuh-agent
security/wazuh-manager
sysutils/libdnf
www/apache24
www/envoy (marked BROKEN) - unrelated
www/mod_http2
www/nghttp2
www/node16
www/node18
www/node20
www/node21
www/wget2

Comment 3 commit-hook freebsd_committer

2024-02-05 00:10:22 UTC

A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=6f26e08fc9b753a86b46d827e3bb3618304cce39

commit 6f26e08fc9b753a86b46d827e3bb3618304cce39
Author:     Daniel Engberg <diizzy@FreeBSD.org>
AuthorDate: 2024-02-04 23:05:48 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2024-02-05 00:09:53 +0000

    www/libnghttp2: Update to 1.59.0

    * Use CMake for consistency and faster builds
    * Fixes CVE-2023-44487

    Changelog: https://github.com/nghttp2/nghttp2/releases/tag/v1.59.0

    PR:             274402
    Approved by:    portmgr (maintainer timeout, 2+ weeks)

 www/libnghttp2/Makefile                         | 26 +++++++++++++++++--------
 www/libnghttp2/distinfo                         |  6 +++---
 www/libnghttp2/files/patch-CMakeLists.txt (new) | 11 +++++++++++
 www/libnghttp2/files/patch-Makefile.in (gone)   | 16 ---------------
 www/libnghttp2/pkg-plist                        |  2 +-
 5 files changed, 33 insertions(+), 28 deletions(-)