Comments (11)
Applying the first patch to v1.60 would be probably the easiest way for old distros.
from nghttp2.
@tatsuhiro-t I also tried reverting Pull Request #2132 and it works fine. Do you feel including this as a patch will add additional pain for supporting it in next versions?
Can I ask you to add c-ares version test and something like HAVE_CARES_116 and use this code under this condition in next release?
Thanks!
from nghttp2.
ares_gethostbyname has been deprecated, and it would be difficult to support old distros forever. At the moment, I do not plan to revert the #2132.
from nghttp2.
Thanks! For now for EL7 and EL8 I will add the patch reverting #2132 and look if it breaks something in next nghttp2 releases.
from nghttp2.
Also Cygwin still only supports c-ares
1.14 and config test is only libcares >= 1.7.5
, so should be bumped to 1.16.0; will also revert #2132 for now and look at upgrading Cygwin c-ares
port.
from nghttp2.
Thanks! For now for EL7 and EL8 I will add the patch reverting #2132 and look if it breaks something in next nghttp2 releases.
@xl32 do you have this in any public patch repos as we try to use other distros' where possible e.g. Debian, Fedora, OpenSuse, Pagure, etc. as Cygwin project leads are volunteers (but still work for RedHat) and prefer Fedora and RedHat patches and guidelines.
I am currently watching:
https://access.redhat.com/security/cve/CVE-2024-28182
https://bugzilla.redhat.com/show_bug.cgi?id=2268639 CVE
https://bugzilla.redhat.com/show_bug.cgi?id=2273036 Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=2273388 EPEL
from nghttp2.
@BrianInglis yes, this is a rpm/sprm public repo at https://codeit.guru/ (see installation instructions), feel free to use EL8 version.
Sources dir: https://repo.codeit.guru/packages/centos/8/SRPMS/
from nghttp2.
Thanks @xl32 but I was looking for individual raw patch source files, as in distro repos or bugzilla attachments.
I generated my own by viewing the GitHub commit, and suffixing the address URI with .patch
to generate and download:
https://github.com/nghttp2/nghttp2/pull/2132/commits/d32324658a05fae40fa435021f3340c77413c7c1.patch
renamed to:
https://cygwin.com/cgit/cygwin-packages/nghttp2/tree/nghttp2-1.61-nghttpx-migrate-to-ares_getaddrinfo.patch
Then ran patchutils interdiff -q *migrate*.patch /dev/null
to more or less reverse it, except that interdiff just flips the source file paths, and keeps the source lines in each hunk in the same order as the original patch, but just flips each source line's -
+
prefix e.g. output from interdiff is like:
--- b/src/shrpx_dns_resolver.cc
+++ a/src/shrpx_dns_resolver.cc
@@ -55,11 +55,9 @@
} // namespace
namespace {
+void host_cb(void *arg, int status, int timeouts, hostent *hostent) {
-void addrinfo_cb(void *arg, int status, int timeouts, ares_addrinfo *result) {
auto resolv = static_cast<DNSResolver *>(arg);
+ resolv->on_result(status, hostent);
- resolv->on_result(status, result);
-
- ares_freeaddrinfo(result);
}
} // namespace
...
so I moved the original old, now new, prefix +
lines after that hunk's original new, now old, prefix -
lines if any, so the fixed up reversion patches look like:
https://cygwin.com/cgit/cygwin-packages/nghttp2/tree/nghttp2-1.61-revert-nghttpx-migrate-to-ares_getaddrinfo.patch
https://cygwin.com/cgit/cygwin-packages/mingw64-x86_64-nghttp2/tree/nghttp2-1.61-revert-nghttpx-migrate-to-ares_getaddrinfo.patch
from nghttp2.
@BrianInglis sorry for the misunderstanding, I have the same patch in src.rpm in mentioned repository.
What I would suggest, is to have a conditional define like HAVE_CARES_116 (autodetection if c-ares is >= 1.16) and use new code in this case.
This solves all the issues:
- No deprecation warnings for ares_gethostbyname in distros with c-ares >= 1.16;
- Support for current distributions and Cygwin with c-ares < 1.16 (@tatsuhiro-t calls them "old" distros, but they are not, full support till Jun 2029).
from nghttp2.
Great idea, but I'll work on a better patch with the alternatives for future releases, and wait until we see a new release to finalize that.
Currently the symbol check failure just fails the config and defines nothing used after that I can find.
We may also have to modify the configure.ac check to not fail.
I would prefer to see official changes that check for libcares and also >= 1.16 then provide the alternatives.
from nghttp2.
Been watching Fedora and so far they have only released CVE backports for old nghttp2
releases in 38-40, nothing yet in main/rawhide.
from nghttp2.
Related Issues (20)
- applications were requested (--enable-app) but dependencies are not met HOT 5
- Symbol Lookup Error - nghttp: undefined symbol: nghttp2_submit_request2 HOT 3
- Compilation error redefinition of typedef 'nghttp2_data_provider_wrap' in 1.60.0 for old gcc HOT 4
- Possibly memory leak and assertion failure in nghttp2_session_pack_data HOT 5
- Add SSLKEYLOGFILE support (nghttp client)
- Upcoming security release HOT 3
- Not able to bundle apache with nghttp2 1.60.0 version HOT 3
- zip 1.60.0 package munit missing HOT 4
- Use nghttp2 to decode response only HOT 2
- SegFault while loading config after upgrade from 1.57.0 to 1.61.0 HOT 3
- CVE-2023-45288 HOT 2
- Report "http2: server sent GOAWAY and closed the connection; LastStreamID=33695, ErrCode=INTERNAL_ERROR, debug=""" HOT 3
- PrivateKey / Certificate files not found even though they are there HOT 2
- have error which can't find span when building the latest load HOT 2
- Documentation link for Huffman decoding algorithm in code comments has become invalid
- Does the nghttp client support TLS 1.3 Early Data? If not, is this something on the roadmap? HOT 2
- nghttp2 1.62.0: Multiple errors in template.h HOT 2
- FTBFS/Regression in nghttp2 1.61.0 => 1.62.0 with gcc 11 HOT 6
- Compiling nghttp2 with GCC 14 fails HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nghttp2.