Security update for nghttp2 (moderate)

An update that solves one vulnerability and has one errata
is now available.

Description:

This update for nghttp2 fixes the following issues:

nghttp2 was update to version 1.40.0 (bsc#1166481)

• lib: Add nghttp2_check_authority as public API
• lib: Fix the bug that stream is closed with wrong error code
• lib: Faster huffman encoding and decoding
• build: Avoid filename collision of static and dynamic lib
• build: Add new flag ENABLE_STATIC_CRT for Windows
• build: cmake: Support building nghttpx with systemd
• third-party: Update neverbleed to fix memory leak
• nghttpx: Fix bug that mruby is incorrectly shared between backends
• nghttpx: Reconnect h1 backend if it lost connection before sending
  headers
• nghttpx: Returns 408 if backend timed out before sending headers
• nghttpx: Fix request stal

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.1:

  zypper in -t patch openSUSE-2020-379=1