package/nghttp2: security bump to 1.64.0

Changelog: * https://github.com/nghttp2/nghttp2/releases/tag/v1.59.0 * https://github.com/nghttp2/nghttp2/releases/tag/v1.60.0 * https://github.com/nghttp2/nghttp2/releases/tag/v1.61.0 * https://github.com/nghttp2/nghttp2/releases/tag/v1.62.0 * https://github.com/nghttp2/nghttp2/releases/tag/v1.63.0 * https://github.com/nghttp2/nghttp2/releases/tag/v1.64.0 Fixes: CVE-2024-28182 [1] - Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage [1] https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57q Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2024-11-26 15:03:27 +08:00 · 2024-10-29 16:49:10 +01:00 · 2024-10-29 16:49:10 +01:00 · 55d48e866e
commit 55d48e866e
parent 8c0e4c8a07
2 changed files with 2 additions and 2 deletions
--- a/package/nghttp2/nghttp2.hash
+++ b/package/nghttp2/nghttp2.hash
@ -1,3 +1,3 @@
 # Locally calculated
-sha256  4a68a3040da92fd9872c056d0f6b0cd60de8410de10b578f8ade9ecc14d297e0  nghttp2-1.58.0.tar.xz
+sha256  88bb94c9e4fd1c499967f83dece36a78122af7d5fb40da2019c56b9ccc6eb9dd  nghttp2-1.64.0.tar.xz
 sha256  6b94f3abc1aabd0c72a7c7d92a77f79dda7c8a0cb3df839a97890b4116a2de2a  COPYING
--- a/package/nghttp2/nghttp2.mk
+++ b/package/nghttp2/nghttp2.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-NGHTTP2_VERSION = 1.58.0
+NGHTTP2_VERSION = 1.64.0
 NGHTTP2_SOURCE =  nghttp2-$(NGHTTP2_VERSION).tar.xz
 NGHTTP2_SITE = https://github.com/nghttp2/nghttp2/releases/download/v$(NGHTTP2_VERSION)
 NGHTTP2_LICENSE = MIT