[Buildroot] [PATCH 1/1] package/darkhttpd: security bump to version 1.14

* [Buildroot] [PATCH 1/1] package/darkhttpd: security bump to version 1.14
@ 2022-10-02 21:19 Fabrice Fontaine
  2022-10-06 17:57 ` Peter Korsgaard
  2022-10-15 15:03 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Fabrice Fontaine @ 2022-10-02 21:19 UTC (permalink / raw)
  To: buildroot; +Cc: Eric Le Bihan, Fabrice Fontaine

- Drop patch (already in version)
- Fix CVE-2020-25691: https://github.com/emikulic/darkhttpd/issues/21

https://github.com/emikulic/darkhttpd/releases/tag/v1.14

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 ...vars-outside-of-for-loop-for-std-c90.patch | 39 -------------------
 package/darkhttpd/darkhttpd.hash              |  4 +-
 package/darkhttpd/darkhttpd.mk                |  2 +-
 3 files changed, 3 insertions(+), 42 deletions(-)
 delete mode 100644 package/darkhttpd/0001-Declare-vars-outside-of-for-loop-for-std-c90.patch

diff --git a/package/darkhttpd/0001-Declare-vars-outside-of-for-loop-for-std-c90.patch b/package/darkhttpd/0001-Declare-vars-outside-of-for-loop-for-std-c90.patch
deleted file mode 100644
index 7584bff98e..0000000000
--- a/package/darkhttpd/0001-Declare-vars-outside-of-for-loop-for-std-c90.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 81b491e60affd67f4ec2feccbee1cdf98dc57b81 Mon Sep 17 00:00:00 2001
-From: Emil Mikulic <emikulic@gmail.com>
-Date: Sun, 21 Mar 2021 15:03:14 +1100
-Subject: [PATCH] Declare vars outside of for() loop for -std=c90.
-
-Fixes #2.
-
-[Retrieved from:
-https://github.com/emikulic/darkhttpd/commit/81b491e60affd67f4ec2feccbee1cdf98dc57b81]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- darkhttpd.c | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/darkhttpd.c b/darkhttpd.c
-index 219a8a3..268628a 100644
---- a/darkhttpd.c
-+++ b/darkhttpd.c
-@@ -966,8 +966,9 @@ static char *base64_encode(char *str) {
-     char *encoded_data = malloc(output_length+1);
-     if (encoded_data == NULL) return NULL;
- 
--    for (int i = 0, j = 0; i < input_length;) {
--
-+    int i;
-+    int j;
-+    for (i = 0, j = 0; i < input_length;) {
-         uint32_t octet_a = i < input_length ? (unsigned char)str[i++] : 0;
-         uint32_t octet_b = i < input_length ? (unsigned char)str[i++] : 0;
-         uint32_t octet_c = i < input_length ? (unsigned char)str[i++] : 0;
-@@ -981,7 +982,7 @@ static char *base64_encode(char *str) {
-     }
- 
-     const int mod_table[] = {0, 2, 1};
--    for (int i = 0; i < mod_table[input_length % 3]; i++)
-+    for (i = 0; i < mod_table[input_length % 3]; i++)
-         encoded_data[output_length - 1 - i] = '=';
-     encoded_data[output_length] = '\0';
- 
diff --git a/package/darkhttpd/darkhttpd.hash b/package/darkhttpd/darkhttpd.hash
index af5a2bf8c9..188afff767 100644
--- a/package/darkhttpd/darkhttpd.hash
+++ b/package/darkhttpd/darkhttpd.hash
@@ -1,3 +1,3 @@
 # Locally generated
-sha256  1d88c395ac79ca9365aa5af71afe4ad136a4ed45099ca398168d4a2014dc0fc2  darkhttpd-1.13.tar.gz
-sha256  44e784df460954c7760e2eeae69aecb12a3d23ca1c0a4f6047c3c6452b2e2f49  darkhttpd.c
+sha256  e063de9efa5635260c8def00a4d41ec6145226a492d53fa1dac436967670d195  darkhttpd-1.14.tar.gz
+sha256  f002944c9a8516e3346002d39c3e13681306833358c0f3c7781dff1fdb639710  darkhttpd.c
diff --git a/package/darkhttpd/darkhttpd.mk b/package/darkhttpd/darkhttpd.mk
index bc68d43ef9..bda08899b8 100644
--- a/package/darkhttpd/darkhttpd.mk
+++ b/package/darkhttpd/darkhttpd.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DARKHTTPD_VERSION = 1.13
+DARKHTTPD_VERSION = 1.14
 DARKHTTPD_SITE = $(call github,emikulic,darkhttpd,v$(DARKHTTPD_VERSION))
 DARKHTTPD_LICENSE = MIT
 DARKHTTPD_LICENSE_FILES = darkhttpd.c
-- 
2.35.1

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread