www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691)
ChangeLog: https://github.com/emikulic/darkhttpd/releases/tag/v1.14 * Add support for logging with syslog. * Fix hung connection from consecutive keep-alive requests. * Fix high CPU usage when timeout is disabled. * Add --forward-https. * Make header parsing case insensitive, to work behind an HTTP2 reverse proxy. * Add trailing slash to links for directories. * Fix crash when a file has a large (year 10,000+) mtime. A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability. PR: 267507 Reported by: henrichhartzer@tuta.io MFH: 2022Q4 (security update) Security: CVE-2020-25691
This commit is contained in:
parent
bbe3b93c5d
commit
1de880e0f6
|
@ -1,10 +1,9 @@
|
|||
PORTNAME= darkhttpd
|
||||
DISTVERSIONPREFIX= v
|
||||
DISTVERSION= 1.13
|
||||
PORTREVISION= 1
|
||||
DISTVERSION= 1.14
|
||||
CATEGORIES= www
|
||||
|
||||
MAINTAINER= henrichartzer@tuta.io
|
||||
MAINTAINER= henrichhartzer@tuta.io
|
||||
COMMENT= Simple, static web server
|
||||
WWW= https://unix4lyfe.org/darkhttpd/
|
||||
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
TIMESTAMP = 1646208775
|
||||
SHA256 (emikulic-darkhttpd-v1.13_GH0.tar.gz) = 1d88c395ac79ca9365aa5af71afe4ad136a4ed45099ca398168d4a2014dc0fc2
|
||||
SIZE (emikulic-darkhttpd-v1.13_GH0.tar.gz) = 37708
|
||||
TIMESTAMP = 1667334612
|
||||
SHA256 (emikulic-darkhttpd-v1.14_GH0.tar.gz) = e063de9efa5635260c8def00a4d41ec6145226a492d53fa1dac436967670d195
|
||||
SIZE (emikulic-darkhttpd-v1.14_GH0.tar.gz) = 37662
|
||||
|
|
Loading…
Reference in New Issue