nghttp2: fix CVE-2024-28182

update to v1.61.0 CVE-2024-28182: Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
2024-04-10 12:55:02 +09:00 · 2024-04-10 12:55:02 +09:00 · 50810923da
parent a5557a2a47
commit 50810923da
1 changed files with 3 additions and 3 deletions
--- a/libs/nghttp2/Makefile
+++ b/libs/nghttp2/Makefile
@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=nghttp2
-PKG_VERSION:=1.57.0
+PKG_VERSION:=1.61.0
 PKG_RELEASE:=1

-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/nghttp2/nghttp2/releases/download/v$(PKG_VERSION)
-PKG_HASH:=9210b0113109f43be526ac5835d58a701411821a4d39e155c40d67c40f47a958
+PKG_HASH:=aa7594c846e56a22fbf3d6e260e472268808d3b49d5e0ed339f589e9cc9d484c

 PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
 PKG_LICENSE:=MIT