Diffusion FreeBSD ports repository 2f5b21e40a83

www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691)
2f5b21e40a83
Actions

Description

www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691)

ChangeLog: https://github.com/emikulic/darkhttpd/releases/tag/v1.14

Add support for logging with syslog.
Fix hung connection from consecutive keep-alive requests.
Fix high CPU usage when timeout is disabled.
Add --forward-https.
Make header parsing case insensitive, to work behind an HTTP2 reverse proxy.
Add trailing slash to links for directories.
Fix crash when a file has a large (year 10,000+) mtime.

A flaw was found in darkhttpd. Invalid error handling allows remote attackers
to cause denial-of-service by accessing a file with a large modification date.
The highest threat from this vulnerability is to system availability.

PR: 267507
Reported by: henrichhartzer@tuta.io
MFH: 2022Q4 (security update)
Security: CVE-2020-25691

(cherry picked from commit 1de880e0f6277e22d81d68cba532656dc58b207a)

Details

Provenance

henrichhartzer_tuta.io	Authored on Nov 7 2022, 7:17 PM
fernape	Committed on Nov 8 2022, 4:34 PM

Parents

R11:aab16c4bda52: benchmarks/fio: Update to 3.33

Branches

Unknown

Tags

Unknown

Event Timeline

fernape committed R11:2f5b21e40a83: www/darkhttpd: Update to 1.14 (Fixes CVE-2020-25691) (authored by henrichhartzer_tuta.io).Nov 8 2022, 4:34 PM

Changes (2)

Path

Size

www/

darkhttpd/

Makefile

distinfo

R11:2f5b21e40a83

View Options

www/darkhttpd/Makefile