Commit Graph

11 Commits

Author SHA1 Message Date
Yann E. MORIN c19cca0452 package: switch to _CPE_ID_VALID
Now that we document _CPE_ID_VALID, and that it shall be used instead of
setting a default value to one of the other _CPE_ID_* variables, change
all of the existing packages to use it, to avoid any error when we later
extend check-package to validate the sanity ofthe _CPE_ID_* variables.

Mechanical change done within the reference container, running the new
check in check-package, to report the CPE_ID errors:

    $ make check-package 2>/dev/null \
    |awk '{
            split($(1), a, ":"); fname = a[1]
            split($(2), a, "'\''"); val = a[2]
            new_var = $(8); gsub("_CPE_ID_.*", "_CPE_ID_VALID", new_var)
            printf("%s %s %s %s\n", fname, $(8), val, new_var)
    }' \
    |while read fname var val new_var; do
        sed -r -i -e "s/${var}[[:space:]]*=[[:space:]]*${val}/${new_var} = YES/" "${fname}"
    done

    $ git diff -I'CPE_ID_(VENDOR|VALID)'
    [empty]

Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Cc: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2024-02-11 16:30:06 +01:00
Peter Korsgaard 0c7fd35947 package/darkhttpd: security bump to version 1.15
Fixes the following security issues:

CVE-2024-23770: Local Leak of Authentication Parameter in Process List

CVE-2024-23771: Basic Auth Timing Attack

https://security.opensuse.org/2024/01/22/darkhttpd-basic-auth-issues.html

Notice that CVE-2024-23770 is only documented as a known weakness, not
fixed.

Also change the license logic to use the dedicated COPYING file available
since 1.14:

a8ae2b1de0

This license is ISC, not MIT - So adjust DARKHTTPD_LICENSE to match.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2024-01-27 21:15:44 +01:00
Fabrice Fontaine cced5b68ac package/darkhttpd: security bump to version 1.14
- Drop patch (already in version)
- Fix CVE-2020-25691: https://github.com/emikulic/darkhttpd/issues/21

https://github.com/emikulic/darkhttpd/releases/tag/v1.14

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-10-06 19:57:02 +02:00
Fabrice Fontaine b27b4adaa4 package/darkhttpd: add DARKHTTPD_CPE_ID_VENDOR
cpe:2.3🅰️darkhttpd_project:darkhttpd is a valid CPE identifier for this
package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Adarkhttpd_project%3Adarkhttpd

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-06-28 00:33:27 +02:00
Fabrice Fontaine 6dfde38c71 package/darkhttpd: fix legal info
Commit 9ca64820db forgot to update hash of
darkhttpd.c

Fixes:
 - http://autobuild.buildroot.org/results/a1503d8d6f67a3742350b0188b0b2621afe5c476

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-21 09:25:52 +02:00
Fabrice Fontaine 9ca64820db package/darkhttpd: fix build with gcc 4.8
Fix the following build failure which is raised since bump to version
0.13 in commit 88705a8c248e566f2c9ca71a8ee5353b33e368c2:

darkhttpd.c:966:5: error: 'for' loop initial declarations are only allowed in C99 mode
     for (int i = 0, j = 0; i < input_length;) {
     ^

Fixes:
 - http://autobuild.buildroot.org/results/ffc/ffcb627c44d2b7202d641129b67af2dc7865c618/build-end.log

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-20 23:41:54 +02:00
Fabrice Fontaine 88705a8c24 package/darkhttpd: bump to version 0.13
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-07-18 23:34:31 +02:00
Fabrice Fontaine 1906912a04 package/darkhttpd: add license file
Add license file and, while at it, update indentation to two spaces

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-11-07 14:18:26 +01:00
Jérémy Rosen 3e092163e5 package: rely on systemctl preset-all for buildroot-provided services
All the packages in this list have the following properties
* units are provided by buildroot in the package directory
* the SYSTEMD_INSTALL_INIT_HOOK is exactly equivalent to what the
  [Install] section of the unit does

The fix removes the soflinking in the .mk file

Signed-off-by: Jérémy Rosen <jeremy.rosen@smile.fr>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2019-12-18 18:27:41 +01:00
Matt Weber 590e9e05b6 packages: update sysv S* scripts to 644
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-02-08 11:35:22 +01:00
Eric Le Bihan 9c9de1e2b5 darkhttpd: new package
This new package provides darkhttpd, a simple, fast HTTP 1.1 web server
for static content.

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
2016-12-11 15:09:27 +01:00