From bc5da4a24423a93ca12c277c8eafb7fb94ebe8b4 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 4 Dec 2023 15:08:38 +0530 Subject: [PATCH] nghttp2: update library to v1.58.0 For detailed release notes please refer to: https://github.com/nghttp2/nghttp2/releases/tag/v1.58.0 Security related: - Release v1.57.0 fixes CVE-2023-44487 - Release v1.55.1 fixes CVE-2023-35945 --- nghttp/CMakeLists.txt | 5 ++++- nghttp/idf_component.yml | 2 +- nghttp/nghttp2 | 2 +- nghttp/port/include/nghttp2/nghttp2ver.h | 4 ++-- nghttp/port/private_include/config.h | 6 ++++++ nghttp/sbom_nghttp2.yml | 4 ++-- 6 files changed, 16 insertions(+), 7 deletions(-) diff --git a/nghttp/CMakeLists.txt b/nghttp/CMakeLists.txt index 74ee3c1a92..6205633d1b 100644 --- a/nghttp/CMakeLists.txt +++ b/nghttp/CMakeLists.txt @@ -17,11 +17,14 @@ set(srcs "nghttp2/lib/nghttp2_pq.c" "nghttp2/lib/nghttp2_priority_spec.c" "nghttp2/lib/nghttp2_queue.c" + "nghttp2/lib/nghttp2_ratelim.c" "nghttp2/lib/nghttp2_rcbuf.c" "nghttp2/lib/nghttp2_session.c" "nghttp2/lib/nghttp2_stream.c" "nghttp2/lib/nghttp2_submit.c" - "nghttp2/lib/nghttp2_version.c") + "nghttp2/lib/nghttp2_time.c" + "nghttp2/lib/nghttp2_version.c" + "nghttp2/lib/sfparse.c") idf_component_register(SRCS "${srcs}" INCLUDE_DIRS port/include nghttp2/lib/includes diff --git a/nghttp/idf_component.yml b/nghttp/idf_component.yml index 1439ba27f1..b7a1096428 100644 --- a/nghttp/idf_component.yml +++ b/nghttp/idf_component.yml @@ -1,4 +1,4 @@ -version: "1.52.0~1" +version: "1.58.0" description: "nghttp2 - HTTP/2 C Library" url: https://github.com/espressif/idf-extra-components/tree/master/nghttp dependencies: diff --git a/nghttp/nghttp2 b/nghttp/nghttp2 index be0491294a..e2bc59bec9 160000 --- a/nghttp/nghttp2 +++ b/nghttp/nghttp2 @@ -1 +1 @@ -Subproject commit be0491294a63d891bd12b6b1b7e372a45a5d0ffe +Subproject commit e2bc59bec9004bca47df961cbbad20664d7e53b2 diff --git a/nghttp/port/include/nghttp2/nghttp2ver.h b/nghttp/port/include/nghttp2/nghttp2ver.h index ac7eaa09ad..f38fe2b047 100644 --- a/nghttp/port/include/nghttp2/nghttp2ver.h +++ b/nghttp/port/include/nghttp2/nghttp2ver.h @@ -29,7 +29,7 @@ * @macro * Version number of the nghttp2 library release */ -#define NGHTTP2_VERSION "1.52.0" +#define NGHTTP2_VERSION "1.58.0" /** * @macro @@ -37,6 +37,6 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define NGHTTP2_VERSION_NUM 0x015200 +#define NGHTTP2_VERSION_NUM 0x013a00 #endif /* NGHTTP2VER_H */ diff --git a/nghttp/port/private_include/config.h b/nghttp/port/private_include/config.h index 05c7a733c0..e4eb7c0e27 100644 --- a/nghttp/port/private_include/config.h +++ b/nghttp/port/private_include/config.h @@ -9,6 +9,12 @@ #include "stdlib.h" #include "string.h" +/* Define to 1 if you have the `clock_gettime' function. */ +#define HAVE_CLOCK_GETTIME 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_TIME_H 1 + #if (!defined(nghttp_unlikely)) #define nghttp_unlikely(Expression) !!(Expression) #endif diff --git a/nghttp/sbom_nghttp2.yml b/nghttp/sbom_nghttp2.yml index 41eac95e75..5b9ca7b8b9 100644 --- a/nghttp/sbom_nghttp2.yml +++ b/nghttp/sbom_nghttp2.yml @@ -1,7 +1,7 @@ name: nghttp2 -version: 1.52.0 +version: 1.58.0 cpe: cpe:2.3:a:nghttp2:nghttp2:{}:*:*:*:*:*:*:* supplier: 'Organization: nghttp2