From f19ef47bdbf79dbccfdaee8115e81e060e7b5238 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 14 May 2024 00:40:34 +0000 Subject: [PATCH] Bump nghttp2 to v1.62.0 --- Dockerfile | 13 +++++----- ...-stateless-reset-stack-buffer-overfl.patch | 25 ------------------- 2 files changed, 6 insertions(+), 32 deletions(-) delete mode 100644 patches/0001-nghttpx-Fix-QUIC-stateless-reset-stack-buffer-overfl.patch diff --git a/Dockerfile b/Dockerfile index 88d7021e..804cfcf1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,7 @@ FROM debian:12 as build -COPY --link patches/extra-mrbgem.patch patches/0001-nghttpx-Fix-QUIC-stateless-reset-stack-buffer-overfl.patch / +COPY --link patches/extra-mrbgem.patch / # Inspired by clean-install https://github.com/kubernetes/kubernetes/blob/73641d35c7622ada9910be6fb212d40755cc1f78/build/debian-base/clean-install RUN apt-get update && \ @@ -27,7 +27,7 @@ RUN apt-get update && \ git clang gcc make binutils autoconf automake autotools-dev libtool pkg-config cmake cmake-data \ zlib1g-dev libev-dev libjemalloc-dev ruby-dev libc-ares-dev bison libelf-dev patch libbrotli-dev -RUN git clone --depth 1 -b v1.23.0 https://github.com/aws/aws-lc && \ +RUN git clone --depth 1 -b v1.26.0 https://github.com/aws/aws-lc && \ cd aws-lc && \ cmake -B build -DCMAKE_BUILD_TYPE=RelWithDebInfo -DDISABLE_GO=ON && \ make -j$(nproc) -C build && \ @@ -35,7 +35,7 @@ RUN git clone --depth 1 -b v1.23.0 https://github.com/aws/aws-lc && \ cd .. && \ rm -rf aws-lc -RUN git clone --recursive --shallow-submodules --depth 1 -b v1.2.0 https://github.com/ngtcp2/nghttp3 && \ +RUN git clone --recursive --shallow-submodules --depth 1 -b v1.3.0 https://github.com/ngtcp2/nghttp3 && \ cd nghttp3 && \ autoreconf -i && \ ./configure --enable-lib-only && \ @@ -44,7 +44,7 @@ RUN git clone --recursive --shallow-submodules --depth 1 -b v1.2.0 https://githu cd .. && \ rm -rf nghttp3 -RUN git clone --recursive --shallow-submodules --depth 1 -b v1.4.0 https://github.com/ngtcp2/ngtcp2 && \ +RUN git clone --recursive --shallow-submodules --depth 1 -b v1.5.0 https://github.com/ngtcp2/ngtcp2 && \ cd ngtcp2 && \ autoreconf -i && \ ./configure --enable-lib-only --with-boringssl \ @@ -56,16 +56,15 @@ RUN git clone --recursive --shallow-submodules --depth 1 -b v1.4.0 https://githu cd .. && \ rm -rf ngtcp2 -RUN git clone --depth 1 -b v1.3.0 https://github.com/libbpf/libbpf && \ +RUN git clone --depth 1 -b v1.4.2 https://github.com/libbpf/libbpf && \ cd libbpf && \ PREFIX=/usr/local make -C src install && \ cd .. && \ rm -rf libbpf -RUN git clone --recursive --shallow-submodules --depth 1 -b v1.61.0 https://github.com/nghttp2/nghttp2.git && \ +RUN git clone --recursive --shallow-submodules --depth 1 -b v1.62.0 https://github.com/nghttp2/nghttp2.git && \ cd nghttp2 && \ patch -p1 < /extra-mrbgem.patch && \ - patch -p1 < /0001-nghttpx-Fix-QUIC-stateless-reset-stack-buffer-overfl.patch && \ autoreconf -i && \ ./configure --disable-examples --disable-hpack-tools --with-mruby \ --enable-http3 --with-libbpf \ diff --git a/patches/0001-nghttpx-Fix-QUIC-stateless-reset-stack-buffer-overfl.patch b/patches/0001-nghttpx-Fix-QUIC-stateless-reset-stack-buffer-overfl.patch deleted file mode 100644 index 8f1f0a73..00000000 --- a/patches/0001-nghttpx-Fix-QUIC-stateless-reset-stack-buffer-overfl.patch +++ /dev/null @@ -1,25 +0,0 @@ -From dcc5d44094e798bd313bec859da809bad65d0416 Mon Sep 17 00:00:00 2001 -From: Tatsuhiro Tsujikawa -Date: Fri, 5 Apr 2024 16:47:17 +0900 -Subject: [PATCH] nghttpx: Fix QUIC stateless reset stack buffer overflow - ---- - src/shrpx_quic_connection_handler.cc | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/shrpx_quic_connection_handler.cc b/src/shrpx_quic_connection_handler.cc -index b810aa68..44da6260 100644 ---- a/src/shrpx_quic_connection_handler.cc -+++ b/src/shrpx_quic_connection_handler.cc -@@ -590,7 +590,7 @@ int QUICConnectionHandler::send_stateless_reset( - - // SCID + minimum expansion - NGTCP2_STATELESS_RESET_TOKENLEN - constexpr size_t max_rand_byteslen = -- SHRPX_QUIC_SCIDLEN + 22 - NGTCP2_STATELESS_RESET_TOKENLEN; -+ NGTCP2_MAX_CIDLEN + 22 - NGTCP2_STATELESS_RESET_TOKENLEN; - - size_t rand_byteslen; - --- -2.34.1 -