Home Explore Help
Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Browse Source

package/darkhttpd: security bump to version 1.15

Fixes the following security issues:

CVE-2024-23770: Local Leak of Authentication Parameter in Process List

CVE-2024-23771: Basic Auth Timing Attack

https://security.opensuse.org/2024/01/22/darkhttpd-basic-auth-issues.html

Notice that CVE-2024-23770 is only documented as a known weakness, not
fixed.

Also change the license logic to use the dedicated COPYING file available
since 1.14:

https://github.com/emikulic/darkhttpd/commit/a8ae2b1de069588cad23d79a5392445ee9590fcd

This license is ISC, not MIT - So adjust DARKHTTPD_LICENSE to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0c7fd35947d91f84cff994bfb5c85b31b956d006)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Peter Korsgaard 1 year ago
parent
72a06fb11d
commit
e6a1759858
2 changed files with 5 additions and 5 deletions
Split View Show Diff Stats
  1. 2 2
      package/darkhttpd/darkhttpd.hash
  2. 3 3
      package/darkhttpd/darkhttpd.mk

+ 2 - 2
package/darkhttpd/darkhttpd.hash
View File 

@@ -1,3 +1,3 @@
 
 # Locally generated
 
-sha256  e063de9efa5635260c8def00a4d41ec6145226a492d53fa1dac436967670d195  darkhttpd-1.14.tar.gz
 
-sha256  f002944c9a8516e3346002d39c3e13681306833358c0f3c7781dff1fdb639710  darkhttpd.c
 
+sha256  ea48cedafbf43186f4a8d1afc99b33b671adee99519658446022e6f63bd9eda9  darkhttpd-1.15.tar.gz
 
+sha256  1ecf63e8f84fd60ac7215e04195b9a61dcb47176ea65df26547582027f6c1dee  COPYING

+ 3 - 3
package/darkhttpd/darkhttpd.mk
View File 

@@ -4,10 +4,10 @@
 
 #
 
 ################################################################################
 
 
-DARKHTTPD_VERSION = 1.14
 
+DARKHTTPD_VERSION = 1.15
 
 DARKHTTPD_SITE = $(call github,emikulic,darkhttpd,v$(DARKHTTPD_VERSION))
 
-DARKHTTPD_LICENSE = MIT
 
-DARKHTTPD_LICENSE_FILES = darkhttpd.c
 
+DARKHTTPD_LICENSE = ISC
 
+DARKHTTPD_LICENSE_FILES = COPYING
 
 DARKHTTPD_CPE_ID_VENDOR = darkhttpd_project
 
 
 define DARKHTTPD_BUILD_CMDS