c-ares 1.16 requirement: Cannot build nghttp2 1.61.0 on *EL8, EL7 about nghttp2 HOT 11 CLOSED

Applying the first patch to v1.60 would be probably the easiest way for old distros.

from nghttp2.

@tatsuhiro-t I also tried reverting Pull Request #2132 and it works fine. Do you feel including this as a patch will add additional pain for supporting it in next versions?

Can I ask you to add c-ares version test and something like HAVE_CARES_116 and use this code under this condition in next release?
Thanks!

from nghttp2.

ares_gethostbyname has been deprecated, and it would be difficult to support old distros forever. At the moment, I do not plan to revert the #2132.

from nghttp2.

Thanks! For now for EL7 and EL8 I will add the patch reverting #2132 and look if it breaks something in next nghttp2 releases.

from nghttp2.

Also Cygwin still only supports c-ares 1.14 and config test is only libcares >= 1.7.5, so should be bumped to 1.16.0; will also revert #2132 for now and look at upgrading Cygwin c-ares port.

from nghttp2.

Thanks! For now for EL7 and EL8 I will add the patch reverting #2132 and look if it breaks something in next nghttp2 releases.

@xl32 do you have this in any public patch repos as we try to use other distros' where possible e.g. Debian, Fedora, OpenSuse, Pagure, etc. as Cygwin project leads are volunteers (but still work for RedHat) and prefer Fedora and RedHat patches and guidelines.
I am currently watching:
https://access.redhat.com/security/cve/CVE-2024-28182
https://bugzilla.redhat.com/show_bug.cgi?id=2268639 CVE
https://bugzilla.redhat.com/show_bug.cgi?id=2273036 Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=2273388 EPEL

from nghttp2.

@BrianInglis yes, this is a rpm/sprm public repo at https://codeit.guru/ (see installation instructions), feel free to use EL8 version.

Sources dir: https://repo.codeit.guru/packages/centos/8/SRPMS/

from nghttp2.

Thanks @xl32 but I was looking for individual raw patch source files, as in distro repos or bugzilla attachments.
I generated my own by viewing the GitHub commit, and suffixing the address URI with .patch to generate and download:
https://github.com/nghttp2/nghttp2/pull/2132/commits/d32324658a05fae40fa435021f3340c77413c7c1.patch
renamed to:
https://cygwin.com/cgit/cygwin-packages/nghttp2/tree/nghttp2-1.61-nghttpx-migrate-to-ares_getaddrinfo.patch
Then ran patchutils interdiff -q *migrate*.patch /dev/null to more or less reverse it, except that interdiff just flips the source file paths, and keeps the source lines in each hunk in the same order as the original patch, but just flips each source line's - + prefix e.g. output from interdiff is like:

--- b/src/shrpx_dns_resolver.cc
+++ a/src/shrpx_dns_resolver.cc
@@ -55,11 +55,9 @@
 } // namespace

 namespace {
+void host_cb(void *arg, int status, int timeouts, hostent *hostent) {
-void addrinfo_cb(void *arg, int status, int timeouts, ares_addrinfo *result) {
   auto resolv = static_cast<DNSResolver *>(arg);
+  resolv->on_result(status, hostent);
-  resolv->on_result(status, result);
-
-  ares_freeaddrinfo(result);
 }
 } // namespace
...

so I moved the original old, now new, prefix + lines after that hunk's original new, now old, prefix - lines if any, so the fixed up reversion patches look like:
https://cygwin.com/cgit/cygwin-packages/nghttp2/tree/nghttp2-1.61-revert-nghttpx-migrate-to-ares_getaddrinfo.patch
https://cygwin.com/cgit/cygwin-packages/mingw64-x86_64-nghttp2/tree/nghttp2-1.61-revert-nghttpx-migrate-to-ares_getaddrinfo.patch

from nghttp2.

@BrianInglis sorry for the misunderstanding, I have the same patch in src.rpm in mentioned repository.

What I would suggest, is to have a conditional define like HAVE_CARES_116 (autodetection if c-ares is >= 1.16) and use new code in this case.

This solves all the issues:

1. No deprecation warnings for ares_gethostbyname in distros with c-ares >= 1.16;
2. Support for current distributions and Cygwin with c-ares < 1.16 (@tatsuhiro-t calls them "old" distros, but they are not, full support till Jun 2029).

from nghttp2.

Great idea, but I'll work on a better patch with the alternatives for future releases, and wait until we see a new release to finalize that.
Currently the symbol check failure just fails the config and defines nothing used after that I can find.
We may also have to modify the configure.ac check to not fail.
I would prefer to see official changes that check for libcares and also >= 1.16 then provide the alternatives.

from nghttp2.

Been watching Fedora and so far they have only released CVE backports for old nghttp2 releases in 38-40, nothing yet in main/rawhide.

from nghttp2.