NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/darkhttpd: security bump to version 1.15

Browse Source 
Fixes the following security issues:

CVE-2024-23770: Local Leak of Authentication Parameter in Process List

CVE-2024-23771: Basic Auth Timing Attack

https://security.opensuse.org/2024/01/22/darkhttpd-basic-auth-issues.html

Notice that CVE-2024-23770 is only documented as a known weakness, not
fixed.

Also change the license logic to use the dedicated COPYING file available
since 1.14:

a8ae2b1de0

This license is ISC, not MIT - So adjust DARKHTTPD_LICENSE to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0c7fd35947)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard 2024-01-26 14:57:47 +01:00
parent 72a06fb11d
commit e6a1759858
2 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/darkhttpd/darkhttpd.hash
View File

@ -1,3 +1,3 @@
# Locally generated
sha256 e063de9efa5635260c8def00a4d41ec6145226a492d53fa1dac436967670d195 darkhttpd-1.14.tar.gz
sha256 f002944c9a8516e3346002d39c3e13681306833358c0f3c7781dff1fdb639710 darkhttpd.c
sha256 ea48cedafbf43186f4a8d1afc99b33b671adee99519658446022e6f63bd9eda9 darkhttpd-1.15.tar.gz
sha256 1ecf63e8f84fd60ac7215e04195b9a61dcb47176ea65df26547582027f6c1dee COPYING

6
package/darkhttpd/darkhttpd.mk
View File

@ -4,10 +4,10 @@
#
################################################################################
DARKHTTPD_VERSION = 1.14
DARKHTTPD_VERSION = 1.15
DARKHTTPD_SITE = $(call github,emikulic,darkhttpd,v$(DARKHTTPD_VERSION))
DARKHTTPD_LICENSE = MIT
DARKHTTPD_LICENSE_FILES = darkhttpd.c
DARKHTTPD_LICENSE = ISC
DARKHTTPD_LICENSE_FILES = COPYING
DARKHTTPD_CPE_ID_VENDOR = darkhttpd_project
define DARKHTTPD_BUILD_CMDS