kumquat-buildroot/package/nghttp2/nghttp2.mk
Peter Korsgaard 4c7e7acbe4 package/nghttp2: security bump to version 1.39.2
Fixes the following security issues:

CVE-2019-9511: Data Dribble
CVE-2019-9513: Resource Loop

For details, see the advisory:
https://nghttp2.org/blog/2019/08/19/nghttp2-v1-39-2/

Notice that libnghttp2 itself is not affected by these vulnerabilities, only
nghttpx and nghttpd (which are currently not built).

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2019-09-13 22:30:03 +02:00

23 lines
686 B
Makefile

################################################################################
#
# nghttp2
#
################################################################################
NGHTTP2_VERSION = 1.39.2
NGHTTP2_SITE = https://github.com/nghttp2/nghttp2/releases/download/v$(NGHTTP2_VERSION)
NGHTTP2_LICENSE = MIT
NGHTTP2_LICENSE_FILES = COPYING
NGHTTP2_INSTALL_STAGING = YES
NGHTTP2_DEPENDENCIES = host-pkgconf
NGHTTP2_CONF_OPTS = --enable-lib-only
define NGHTTP2_INSTALL_CLEAN_HOOK
# Remove fetch-ocsp-response script unused by library
$(Q)$(RM) -rf $(TARGET_DIR)/usr/share/nghttp2
endef
NGHTTP2_POST_INSTALL_TARGET_HOOKS += NGHTTP2_INSTALL_CLEAN_HOOK
$(eval $(autotools-package))