ngtcp2 1.4.0 released

ngtcp2 1.4.0 rpms released and added to all supported platforms

Erase sensitive data before freeing memory by @tatsuhiro-t in #1122
Fix compile error with libstdc++6-14 by @tatsuhiro-t in #1123
Make congestion controller use the current path MTU by @tatsuhiro-t in #1124
Reduce malloc call in conn_new by @tatsuhiro-t in #1125
Add missing FindJemalloc.cmake to EXTRA_DIST by @tatsuhiro-t in #1127
Automate release process by @tatsuhiro-t in #1130
Make Path MTU Discovery probes configurable by @tatsuhiro-t in #1128
examples: Add –pmtud-probes option by @tatsuhiro-t in #1132
Accept zero length UDP datagram payload and just return 0 by @tatsuhiro-t in #1134
Deal with the case that send_quantum < max_udp_payload_size by @tatsuhiro-t in #1135
Adjust simpleclient buffer to have default max_tx_udp_payload_size by @tatsuhiro-t in #1136
Document about outgoing UDP datagram payload size by @tatsuhiro-t in #1137
Move ngtcp2_settings_default_versioned to ngtcp2_settings.c by @tatsuhiro-t in #1138
Refactor acktr by @tatsuhiro-t in #1139
Cleanup free functions called from conn_new by @tatsuhiro-t in #1140
Make functions that discard pkns callable from the other source files by @tatsuhiro-t in #1141
Add typed ngtcp2_min and ngtcp2_max functions by @tatsuhiro-t in #1142
Avoid setting 0 after memset by @tatsuhiro-t in #1143
Move ngtcp2_transport_params functions to its own file by @tatsuhiro-t in #1144
Remove unused ngtcp2_conversion_test.c by @tatsuhiro-t in #1145
Move struct version to the last argument by @tatsuhiro-t in #1146
git clone recursive by @tatsuhiro-t in #1147
Update README.rst by @Karthikdasari0423 in #1150
ngtcp2_conn_write_connection_close: Fix assertion failure by @tatsuhiro-t in #1154
Fix assertion failure because of failing dup Connection ID check by @tatsuhiro-t in #1155
fuzz: Add read_write_pkt fuzzer by @tatsuhiro-t in #1156
Workaround llvm issue by @tatsuhiro-t in #1158
fuzz: Add missing include by @tatsuhiro-t in #1159
fuzz: Workaround llvm issue by @tatsuhiro-t in #1160
Add 2 new ngtcp2_ccerr_type values by @tatsuhiro-t in #1161
Add handshake fuzzer by @tatsuhiro-t in #1162
docker: Use copy –link by @tatsuhiro-t in #1163
Bump aws-lc to v1.23.0 by @tatsuhiro-t in #1164
Bump boringssl by @tatsuhiro-t in #1165
Bump picotls by @tatsuhiro-t in #1166
Switch to distroless/base-nossl by @tatsuhiro-t in #1167
Remove debug printf by @tatsuhiro-t in #1168
Add padding to at most 1200 bytes by @tatsuhiro-t in #1169
Add ngtcp2_ppe padding tests by @tatsuhiro-t in #1170

SSH3 0.1.7 test package added

Fast and secure SSH3 (shell over HTTP/3) 0.1.7 test packages (ssh3 client and ssh3-server) added to EL8 testing repo for aarch64 and x86_64.

Please note that name change discussion is in progress (to sshh / shs / soh3 etc).

Project page: https://github.com/francoismichel/ssh3/

These packages also can be installed to EL9 and Fedora. At the build time, Golang 1.21 is a hard requirement and only 1.20 is easily available on AlmaLinux 9 at this time.

x86_64:

https://repo.codeit.guru/packages/testing/8/x86_64/ssh3-0.1.7-1.codeit.el8.x86_64.rpm

https://repo.codeit.guru/packages/testing/8/x86_64/ssh3-server-0.1.7-1.codeit.el8.x86_64.rpm

aarch64:

https://repo.codeit.guru/packages/testing/8/aarch64/ssh3-0.1.7-1.codeit.el8.aarch64.rpm

https://repo.codeit.guru/packages/testing/8/aarch64/ssh3-server-0.1.7-1.codeit.el8.aarch64.rpm

nghttp2 1.60.0 released

nghttp2 1.60.0 rpms released and added to all supported platforms

makerelease.sh: Speed up git submodule by @tatsuhiro-t in #2043 Speed up git clone by @tatsuhiro-t in #2044 build(deps): bump actions/cache from 3 to 4 by @dependabot in #2046 Fixing the build and install trees by @anthonyalayo in #2051 build(deps): bump microsoft/setup-msbuild from 1 to 2 by @dependabot in #2052 nghttpx: Set ocsp response to SSL in case of boringssl by @tatsuhiro-t in #2055 Run with python3 by @tatsuhiro-t in #2054 src: Certificate Compression with boringssl by @tatsuhiro-t in #2056 Fix missing newline by @tatsuhiro-t in #2057 Switch to aws lc by @tatsuhiro-t in #2058 Libbrotli fixup by @tatsuhiro-t in #2059 Deprecate RFC 7540 priorities (aka stream dependencies) by @tatsuhiro-t in #2060 Let dependabot manage go modules by @tatsuhiro-t in #2061 build(deps): bump golang.org/x/net from 0.20.0 to 0.21.0 by @dependabot in #2062 integration-tests: Omit unused parameters by @tatsuhiro-t in #2065 Munit by @tatsuhiro-t in #2064 Introduce nghttp2_ssize API by @tatsuhiro-t in #2066 Move deprecated warning upfront by @tatsuhiro-t in #2067 Describe RFC 7540 priorities deprecation plan by @tatsuhiro-t in #2068 Apps migrate nghttp2 ssize by @tatsuhiro-t in #2069 src: Remove unused functions by @tatsuhiro-t in #2070 Reconsider ssize t usage in src by @tatsuhiro-t in #2071 Use GitHub private vulnerability reporting by @tatsuhiro-t in #2072 Move security policy to GitHub standard location by @tatsuhiro-t in #2073 Bump mruby to 3.3.0 by @tatsuhiro-t in #2074 Bump llhttp to 48588093ca4219b5f689acfc9ebea9e4c8c37663 by @tatsuhiro-t in #2075 h2load: Add –sni option by @tatsuhiro-t in #2076 Bump ngtcp2 dependencies by @tatsuhiro-t in #2077 mruby: Adopt deprecation of mrbc_ prefix by @tatsuhiro-t in #2078 neverbleed: Define _GNU_SOURCE for pthread_setaffinity_np by @tatsuhiro-t in #2079 bpf: Pre-expand aes key by @tatsuhiro-t in #2080 mruby: Exclude mrdb gem which causes nghttpx to crash by @tatsuhiro-t in #2081 nghttpx: Reuse EVP_CIPHER_CTX for QUIC connection ID encryption by @tatsuhiro-t in #2082 Run apt-get update before install by @tatsuhiro-t in #2083 src: Deal with the case that send_quantum < max_udp_payload_size by @tatsuhiro-t in #2084 nghttpx: Remove SHRPX_QUIC_MAX_UDP_PAYLOAD_SIZE by @tatsuhiro-t in #2085 Fix build when AI_NUMERICSERV is undefined by @barracuda156 in #2086

NGINX 1.25.4 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.13, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.25.4 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.12.

Major changes:

  • fixes for vulnerabilities in HTTP/3 (CVE-2024-24989, CVE-2024-24990)

RHEL 7 / CentOS 7:

yum upgrade -y codeit-repo-release
yum-config-manager --enable CodeIT-mainline --save
yum install nginx

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now. To install nginx with HTTP/3 support, you need to enable the appropriate stream:

dnf module reset -y nginx
dnf module enable -y nginx:codeit-mainline
dnf install nginx

We build OpenSSL+QUIC 3.0 separately since v1.21.6, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries.

Exerimental HTTP/3 support added in NGINX 1.25.0 Mainline. We build it with the corresponding module (–with-http_v3_module).

nghttp3 1.2.0, ngtcp2 1.3.0 released

nghttp3 1.2.0, ngtcp2 1.3.0 rpms released and added to all supported platforms

nghttp3 1.2.0:

Clarify the behavior when a stream is not found by @tatsuhiro-t in #181 Fix typo by @tatsuhiro-t in #183 cmake: restore ENABLE_STATIC_CRT and ENABLE_ASAN options by @vszakats in #184 Migrate to munit form cunit by @tatsuhiro-t in #187 Pull sfparse via git submodule by @tatsuhiro-t in #188 Update .gitignore by @tatsuhiro-t in #190 Update git submodule by @tatsuhiro-t in #189 Add nghttp3_conn_update_ack_offset by @tatsuhiro-t in #191 Add include path to munit directory by @tatsuhiro-t in #192 Bump munit by @tatsuhiro-t in #193 Shrink nghttp3_stream size by @tatsuhiro-t in #194 Fix typo by @tatsuhiro-t in #195 Bump munit by @tatsuhiro-t in #196 Bump submodules by @tatsuhiro-t in #198

ngtcp2 1.3.0:

Do not run docker-build on tag by @tatsuhiro-t in #1085 Speed up git clone by @tatsuhiro-t in #1086 Use cmake -B consistently by @tatsuhiro-t in #1087 Bump actions/cache from 3 to 4 by @dependabot in #1088 Optimize STOP_SENDING by @tatsuhiro-t in #1089 Fix retransmit frames on stream by @tatsuhiro-t in #1090 Set NGTCP2_STRM_FLAG_RESET_STREAM when RESET_STREAM is sent by @tatsuhiro-t in #1091 Add helper functions to encode/decode zero length transport parameter by @tatsuhiro-t in #1092 Verify decoding truncated frames by @tatsuhiro-t in #1093 Use typed frame type rather than ngtcp2_frame by @tatsuhiro-t in #1094 Verify decoding truncated packet headers by @tatsuhiro-t in #1095 Open a remote stream if RESET_STREAM is received by @tatsuhiro-t in #1096 nghttp3 now requires git submodule by @tatsuhiro-t in #1098 Migrate to munit from cunit by @tatsuhiro-t in #1099 Rewrite ngtcp2_cbrt by @tatsuhiro-t in #1100 Add missing munit header file to HFILES by @tatsuhiro-t in #1101 Bump munit by @tatsuhiro-t in #1102 Fix typo by @tatsuhiro-t in #1103 Bump microsoft/setup-msbuild from 1 to 2 by @dependabot in #1104 Remove pthread from BORINGSSL_LIBS by @tatsuhiro-t in #1105 boringssl: Add certificate compression by @tatsuhiro-t in #1106 Rewrite hexdump by @tatsuhiro-t in #1107 hexdump: Add an extra whitespace after address by @tatsuhiro-t in #1108 hexdump: Fix the last address is not shown by @tatsuhiro-t in #1110 examples: Add include in GnuTLS example by @atlesn in #1111 Use assert_stdsv_equal and print title by @tatsuhiro-t in #1112 examples: Minor fixup by @tatsuhiro-t in #1113 Bump aws-lc to v1.21.0 by @tatsuhiro-t in #1115 Add security policy by @tatsuhiro-t in #1116 Bump boringssl by @tatsuhiro-t in #1117 Bump openssl by @tatsuhiro-t in #1119 examples: Fix operator precedence error by @tatsuhiro-t in #1120 Bump munit by @tatsuhiro-t in #1121

mc 4.8.31 released

mc 4.8.31 rpms released and added to all supported platforms

Core

  • Minimal version of GLib is 2.32.0.

VFS

  • fish: drop support of native FISH server and protocol. Rename VFS to shell
  • extfs;
    • uc1541 extfs: update up to 3.6 version
    • s3+: port to Python3
  • Support for LZO/LZOP compression format

Misc

  • Skins: add color for non-printable characters in editor

Fixes

  • FTBFS on FreeBSD with ext2fs attribute support
  • Broken stickchars (-a) mode
  • Wrong timestamp after resuming of file copy operation
  • Editor: wrong deletion of marked column
  • Diff viewer: segfault when display of line numbers is enabled
  • Tar VFS: broken handling of hard links
  • Sftp VFS: failure establishing SSH session due hashed host names in ~/.ssh/known_hosts
  • Shell VFS: incorrect file names with cyrillic or diacritic symbols
  • mc.ext.ini: incorrect description of of how multiple sections and keys with same names are processed
  • mc.ext.ini: unescaped backslash \ is treated as invalid escape sequence in glib-2.77.3 and glib-2.79
  • mc.ext.ini: file “Makefile.zip” is handled as Makefile not as zip-arhive

ngtcp2 1.2.0, nghttp2 1.59.0 released

ngtcp2 1.2.0, nghttp2 1.59.0 rpms released and added to all supported platforms

ngtcp2 1.2.0:
cmake: Require nghttp3 >= v1.0.0 by @tatsuhiro-t in #1026
examples: Clarify stream limits by @tatsuhiro-t in #1032
Bump actions/stale from 8 to 9 by @dependabot in #1033
Avoid detecting OpenSSL 3.2 as quictls by @tatsuhiro-t in #1035
Clarify the behavior when a stream is not found by @tatsuhiro-t in #1036
Do not recognize boringssl as quictls by @tatsuhiro-t in #1038
Bump github/codeql-action from 2 to 3 by @dependabot in #1037
docker: Switch to bsslclient and bsslserver by @tatsuhiro-t in #1039
interop: Switch to wolfssl by @tatsuhiro-t in #1040
Revert “docker: Switch to bsslclient and bsslserver” by @tatsuhiro-t in #1041
docker: Switch to wolfssl by @tatsuhiro-t in #1042
Use wolfSSL in a README example by @tatsuhiro-t in #1043
Add aws-lc as BoringSSL alternative by @tatsuhiro-t in #1044
wolfSSL: Disable deprecated signature algorithms by @tatsuhiro-t in #1046
Remove use of SSL_set_quic_transport_version by @tatsuhiro-t in #1047
examples: Build with libressl by @tatsuhiro-t in #1048
Fix zero len file by @tatsuhiro-t in #1049
Assert that _BitScanReverse64 never fail by @tatsuhiro-t in #1051
Revert “wolfSSL: Disable deprecated signature algorithms” by @tatsuhiro-t in #1052
wolfssl: Enable –enable-keylog-export by @tatsuhiro-t in #1053
h09client: Fix display ecn bits by @tatsuhiro-t in #1054
Bump wolfSSL to v5.6.6-stable by @tatsuhiro-t in #1055
ngtcp2_pkt_adjust_pkt_num: Take bytes rather than bits by @tatsuhiro-t in #1056
Initial and Handshake packets are immediately acknowledged by @tatsuhiro-t in #1057
Refactor by @tatsuhiro-t in #1058
examples: Print remote HTTP/3 settings by @tatsuhiro-t in #1059
Fix assertion failure on immediate migration by @tatsuhiro-t in #1060
Add ngtcp2_window_filter tests by @tatsuhiro-t in #1061
Fix gcc-13 warning by @tatsuhiro-t in #1062
Fix persistent congestion by @tatsuhiro-t in #1064
Port missing changes to h09server by @tatsuhiro-t in #1065
Fix typo by @tatsuhiro-t in #1066
Update docker by @tatsuhiro-t in #1067
Fix docker build-arg by @tatsuhiro-t in #1069
Revert “Send RESET_STREAM if stream is reset by client” by @tatsuhiro-t in #1071
Return early when STOP_SENDING is received more than once by @tatsuhiro-t in #1072
Do not send STOP_SENDING if RESET_STREAM has been received by @tatsuhiro-t in #1073
Update doc by @tatsuhiro-t in #1074
wolfssl: Just use QUIC v1 transport parameter codepoint by @tatsuhiro-t in #1075
wolfssl: Disable ECH by @tatsuhiro-t in #1076
Bump boringssl by @tatsuhiro-t in #1077
Bump picotls by @tatsuhiro-t in #1078
Remove sample_offset field from ngtcp2_ppe by @tatsuhiro-t in #1079
ci: Build and verify aws-lc flavored builds by @tatsuhiro-t in #1080
Update boringssl build procedure by @tatsuhiro-t in #1081
Bump aws-lc to v1.20.0 by @tatsuhiro-t in #1082
Update doc by @tatsuhiro-t in #1083

nghttp2 1.59.0:
Bump clang to 15 by @tatsuhiro-t in #1986
Bump clang format by @tatsuhiro-t in #1987
Bump quictls to 3.1.4+quic by @tatsuhiro-t in #1988
Update ax_cxx_compile_stdcxx.m4 by @tatsuhiro-t in #1989
nghttpx: Prefer FILE_NAME if defined by @tatsuhiro-t in #1990
Add API to get and parse RFC 9218 priority by @tatsuhiro-t in #1991
nghttpx: Propagate stream priority from backend to frontend by @tatsuhiro-t in #1992
Check whether CLOCK_MONOTONIC is declared by @tatsuhiro-t in #1995
Bump go packages by @tatsuhiro-t in #2001
cmake: Remove itprep target by @tatsuhiro-t in #2002
h2load: Fix IPv6 address in :authority by @tatsuhiro-t in #2000
Bump ngtcp2 and nghttp3 by @tatsuhiro-t in #2006
Bump libbpf to v1.3.0 by @tatsuhiro-t in #2007
Use nghttp3_pri_parse_priority added since nghttp3 v1.1.0 by @tatsuhiro-t in #2008
cmake: Set minimum quic package versions by @tatsuhiro-t in #2009
Use #include <windows.h> instead of #include <sysinfoapi.h> by @hrxi in #1997
build(deps): bump actions/setup-go from 4 to 5 by @dependabot in #2010
cmake: bring back ENABLE_STATIC_CRT by @bwncp in #2011
Avoid detecting OpenSSL 3.2 as quictls by @tatsuhiro-t in #2012
build(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 by @dependabot in #2015
build(deps): bump actions/upload-artifact from 3 to 4 by @dependabot in #2014
src: Support building with aws-lc by @tatsuhiro-t in #2013
boringssl has SSL_CTX_set1_groups_list by @tatsuhiro-t in #2016
Drop old OpenSSL support by @tatsuhiro-t in #2017
Drop old OpenSSL support part 2 by @tatsuhiro-t in #2019
Remove NPN by @tatsuhiro-t in #2020
Remove end_to_end.py by @tatsuhiro-t in #2021
cmake: Require OpenSSL >= 1.1.1 by @tatsuhiro-t in #2022
nghttpx: OpenSSL needs SSL_CTX_set_recv_max_early_data by @tatsuhiro-t in #2023
App fix by @tatsuhiro-t in #2024
nghttpx: Remove a trailing whitespace by @tatsuhiro-t in #2025
H2load header ttfb fix by @tatsuhiro-t in #2026
Not finding packages when ENABLE_LIB_ONLY is set by @anthonyalayo in #2027
Have less stuff in config.h by @hrxi in #1996
Update minimum CMake version to 3.5 by @anthonyalayo in #2030
build(deps): bump github.com/quic-go/quic-go from 0.35.1 to 0.37.7 by @dependabot in #2032
Fix typo by @tatsuhiro-t in #2033
Specify DEBIAN_FRONTEND=noninteractive by @tatsuhiro-t in #2034
Revert “nghttpx: Shutdown h3 stream write if reset by a remote endpoint” by @tatsuhiro-t in #2036
ci: Add aws-lc builds by @tatsuhiro-t in #2037
Bump go modules by @tatsuhiro-t in #2038
Bump neverbleed by @tatsuhiro-t in #2039
Bump go-nghttp2 and go mod tidy by @tatsuhiro-t in #2040
Bump ngtcp2 to v1.2.0 by @tatsuhiro-t in #2041
src: Avoid copies by @tatsuhiro-t in #2042

NGINX 1.25.3 Mainline with Brotli, TLS 1.3, OpenSSL 3.0.12, HTTP/2 and HTTP/3 for Red Hat Enterprise Linux, CentOS, Rocky, Oracle, Alma Linux EL7/EL8/EL9

NGINX 1.25.3 mainline with HTTP/3 support added to EL7, EL8, EL9 repositories. brotli compression module from Google, http2, ngx cache purge and ngx http geoip2 modules added or built-in. OpenSSL built dynamically using OpenSSL+QUIC 3.0.12.

Major changes:

  • Changes and fixes in HTTP/2
  • Changes and fixes in HTTP/3

RHEL 7 / CentOS 7:

yum upgrade -y codeit-repo-release
yum-config-manager --disable CodeIT-quic --save
yum-config-manager --enable CodeIT-mainline --save

RHEL 8-9 / Alma Linux 8-9 / Rocky Linux 8-9 / CentOS 8-9 / Other EL8/EL9 repos are modular now.  To install nginx with HTTP/3 support, you need to enable the appropriate stream:

dnf module reset -y nginx
dnf module enable -y nginx:codeit-mainline

We build OpenSSL+QUIC 3.0 separately since v1.21.6, installing it separately to /lib64 with .so.81.3 suffix to ensure it won’t interfere with your system libraries.

Exerimental HTTP/3 support added in NGINX 1.25.0 Mainline. We build it with the corresponding module (–with-http_v3_module).