www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691)

ChangeLog: https://github.com/emikulic/darkhttpd/releases/tag/v1.14 * Add support for logging with syslog. * Fix hung connection from consecutive keep-alive requests. * Fix high CPU usage when timeout is disabled. * Add --forward-https. * Make header parsing case insensitive, to work behind an HTTP2 reverse proxy. * Add trailing slash to links for directories. * Fix crash when a file has a large (year 10,000+) mtime. A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability. PR: 267507 Reported by: henrichhartzer@tuta.io MFH: 2022Q4 (security update) Security: CVE-2020-25691
2022-11-07 20:17:19 +01:00 · 2022-11-07 20:17:19 +01:00 · 1de880e0f6
parent bbe3b93c5d
commit 1de880e0f6
2 changed files with 5 additions and 6 deletions
--- a/www/darkhttpd/Makefile
+++ b/www/darkhttpd/Makefile
@ -1,10 +1,9 @@
 PORTNAME=	darkhttpd
 DISTVERSIONPREFIX=	v
-DISTVERSION=	1.13
-PORTREVISION=	1
+DISTVERSION=	1.14
 CATEGORIES=	www

-MAINTAINER=	henrichartzer@tuta.io
+MAINTAINER=	henrichhartzer@tuta.io
 COMMENT=	Simple, static web server
 WWW=		https://unix4lyfe.org/darkhttpd/

--- a/www/darkhttpd/distinfo
+++ b/www/darkhttpd/distinfo
@ -1,3 +1,3 @@
-TIMESTAMP = 1646208775
-SHA256 (emikulic-darkhttpd-v1.13_GH0.tar.gz) = 1d88c395ac79ca9365aa5af71afe4ad136a4ed45099ca398168d4a2014dc0fc2
-SIZE (emikulic-darkhttpd-v1.13_GH0.tar.gz) = 37708
+TIMESTAMP = 1667334612
+SHA256 (emikulic-darkhttpd-v1.14_GH0.tar.gz) = e063de9efa5635260c8def00a4d41ec6145226a492d53fa1dac436967670d195
+SIZE (emikulic-darkhttpd-v1.14_GH0.tar.gz) = 37662