From 50810923da4373c9a6e997e2c2ce7b1d453f5ac9 Mon Sep 17 00:00:00 2001
From: Hirokazu MORIKAWA <morikw2@gmail.com>
Date: Wed, 10 Apr 2024 12:55:02 +0900
Subject: [PATCH] nghttp2: fix CVE-2024-28182

update to v1.61.0
CVE-2024-28182: Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
---
 libs/nghttp2/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libs/nghttp2/Makefile b/libs/nghttp2/Makefile
index 19a4ab6c02..312835ba88 100644
--- a/libs/nghttp2/Makefile
+++ b/libs/nghttp2/Makefile
@@ -1,12 +1,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nghttp2
-PKG_VERSION:=1.57.0
+PKG_VERSION:=1.61.0
 PKG_RELEASE:=1
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://github.com/nghttp2/nghttp2/releases/download/v$(PKG_VERSION)
-PKG_HASH:=9210b0113109f43be526ac5835d58a701411821a4d39e155c40d67c40f47a958
+PKG_HASH:=aa7594c846e56a22fbf3d6e260e472268808d3b49d5e0ed339f589e9cc9d484c
 
 PKG_MAINTAINER:=Hans Dedecker <dedeckeh@gmail.com>
 PKG_LICENSE:=MIT