mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2024-09-20 11:23:16 +00:00
main/lighttpd: security upgrade to 1.4.76
* detect VU#421644 HTTP/2 CONTINUATION Flood * avoid CVE-2024-3094 xz supply chain attack Ref https://www.lighttpd.net/2024/4/12/1.4.76/
This commit is contained in:
parent
2ae4ac5ddb
commit
438bf8e758
2 changed files with 9 additions and 5 deletions
|
@ -1,7 +1,7 @@
|
|||
# Contributor: Valery Kartel <valery.kartel@gmail.com>
|
||||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
pkgname=lighttpd
|
||||
pkgver=1.4.73
|
||||
pkgver=1.4.76
|
||||
pkgrel=0
|
||||
pkgdesc="Secure, fast, compliant and very flexible web-server"
|
||||
url="https://www.lighttpd.net"
|
||||
|
@ -13,9 +13,10 @@ pkggroups="lighttpd"
|
|||
makedepends="
|
||||
automake
|
||||
autoconf
|
||||
libtool
|
||||
m4
|
||||
brotli-dev
|
||||
bsd-compat-headers
|
||||
flex
|
||||
libdbi-dev
|
||||
libxml2-dev
|
||||
lua5.4-dev
|
||||
|
@ -40,6 +41,8 @@ source="https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-$pkgver.t
|
|||
"
|
||||
|
||||
# secfixes:
|
||||
# 1.4.76-r0:
|
||||
# - CVE-2024-3094
|
||||
# 1.4.73-r0:
|
||||
# - CVE-2023-44487
|
||||
# 1.4.67-r0:
|
||||
|
@ -48,6 +51,7 @@ source="https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-$pkgver.t
|
|||
# - CVE-2022-22707
|
||||
|
||||
build() {
|
||||
./autogen.sh
|
||||
./configure \
|
||||
--build=$CBUILD \
|
||||
--host=$CHOST \
|
||||
|
@ -120,8 +124,8 @@ mod_webdav() {
|
|||
}
|
||||
|
||||
sha512sums="
|
||||
ee41a72b09614d630174ef832b08c050708f62c0b6299e82b0a5f91a63d62702d31237ae5bb1850f0160b94e36a66af38a2d7abdaa920235265d416d2b0b4015 lighttpd-1.4.73.tar.xz
|
||||
f2f3c5c7731550237fd75a8de66275f427eaf897cffff7ac7ef44178328ad8fad6c4ec6654759bfc665cbaf7991ddcdf0aaa916831c8b6aa440192d57b242038 lighttpd.initd
|
||||
940f00f2d84e3424c389108d09756a0af41db3559474135b6c502deccd08ad051b5184f3f7907436384964d2b05045e27dca463af98c889cee69b0ae6e202782 lighttpd-1.4.76.tar.xz
|
||||
a74fb8394fb77fca2a08bdcfc79d4e13de6aca7bc4ed842b7e05f7f3a9cc85dccaa4971ba8fd0edfaa19da8d3870a743b713d9e51f1cbfe5b8e2843bb7fe5346 lighttpd.initd
|
||||
9d2ab5deb7353ebf290e90936b511941df440859c78589d0bcf130ef69a5e9c79e4d318548b6b118df002083c46f7476230a28954b7a10a9dbd05040e02b1291 lighttpd.confd
|
||||
0536b4f21d2e8659f7831b45998c13d9f6051ae7ecde13be01f372f837d255bfc4e211de48a7686cc743d53aa9c08ab3f10ec19788896dcf8356b90053ca7a16 lighttpd.logrotate
|
||||
4cd896cde71e477f8c32a7210b7f2b09755108a7126c5e9706af4fa2e9104fef91c635aa470144e0bd8ffca6d6ff6acc2b656d9eb4a998260dd2532e77264bd3 lighttpd.conf
|
||||
|
|
|
@ -25,7 +25,7 @@ checkconfig() {
|
|||
ewarn "is not set. Falling back to lighttpd.pid"
|
||||
LIGHTTPD_PID="/run/lighttpd.pid"
|
||||
fi
|
||||
/usr/sbin/lighttpd -t -f ${LIGHTTPD_CONF} >/dev/null
|
||||
/usr/sbin/lighttpd -tt -f ${LIGHTTPD_CONF}
|
||||
}
|
||||
|
||||
start() {
|
||||
|
|
Loading…
Reference in a new issue