Fixes the following security issues:
CVE-2024-23770: Local Leak of Authentication Parameter in Process List
CVE-2024-23771: Basic Auth Timing Attack
https://security.opensuse.org/2024/01/22/darkhttpd-basic-auth-issues.html
Notice that CVE-2024-23770 is only documented as a known weakness, not
fixed.
Also change the license logic to use the dedicated COPYING file available
since 1.14:
a8ae2b1de0
This license is ISC, not MIT - So adjust DARKHTTPD_LICENSE to match.
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 0c7fd35947)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
e6a1759858