-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New release? #21
Comments
Here is the port, if you are curious: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=262234 |
That's a nice and concise Makefile. I'll do a release soon. |
Great, thank you! |
FYI, it seems that CVE-2020-25691 was assigned to darkhttpd. It would be great to fix this issue before making a new release (if it is not already fixed). |
I'm assuming this was fixed given the age of the CVE, but can't tell for sure. @emikulic would you be able to confirm? |
I can't find a patch or repro instructions for the CVE. I tried to come up with a reproducer so I passed time=9223372036854775807 to strftime, and that crashes inside glibc:
|
- Drop patch (already in version) - Fix CVE-2020-25691: emikulic/darkhttpd#21 https://github.com/emikulic/darkhttpd/releases/tag/v1.14 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patch (already in version) - Fix CVE-2020-25691: emikulic/darkhttpd#21 https://github.com/emikulic/darkhttpd/releases/tag/v1.14 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit cced5b6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
- Drop patch (already in version) - Fix CVE-2020-25691: emikulic/darkhttpd#21 https://github.com/emikulic/darkhttpd/releases/tag/v1.14 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit cced5b6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This is very cool. I'm looking to make a FreeBSD port for this. Looks like there's some useful new features since 1.13. Are you planning on releasing a new version that I can use in the port?
Thank you!
The text was updated successfully, but these errors were encountered: