GNU bug report logs - #74035
[PATCH 00/24] [security fixes] for near-leaf packages

Previous Next

Package: guix-patches;

Reported by: Nicolas Graves <ngraves <at> ngraves.fr>

Date: Sat, 26 Oct 2024 22:34:02 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #29 received at 74035 <at> debbugs.gnu.org (full text, mbox):

From: Nicolas Graves <ngraves <at> ngraves.fr>
To: 74035 <at> debbugs.gnu.org
Cc: Nicolas Graves <ngraves <at> ngraves.fr>
Subject: [PATCH 08/24] gnu: darkhttpd: Update to 1.16. [security fixes]
Date: Sun, 27 Oct 2024 00:42:29 +0200

This fixes CVE-2024-23770 and CVE-2024-23771.

* gnu/packages/web.scm (darkhttpd): Update to 1.16.
[arguments]: Improve style.
---
 gnu/packages/web.scm | 24 +++++++++++-------------
 1 file changed, 11 insertions(+), 13 deletions(-)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 34739bf088..eb27d3448c 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -6417,7 +6417,7 @@ (define-public surfraw
 (define-public darkhttpd
   (package
     (name "darkhttpd")
-    (version "1.13")
+    (version "1.16")
     (source
      (origin
        (method git-fetch)
@@ -6426,20 +6426,18 @@ (define-public darkhttpd
              (commit (string-append "v" version))))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "0w11xq160q9yyffv4mw9ncp1n0dl50d9plmwxb0yijaaxls9i4sk"))))
+        (base32 "15mmq1v8p50mm9wx5w6g4rlr40b7d044lw7rs1wyzdiw9lcnihvm"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:make-flags
-       (list (string-append "CC=" ,(cc-for-target)))
-       #:tests? #f ; No test suite
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure)            ; no configure script
-         (replace 'install
-           (lambda* (#:key outputs #:allow-other-keys)
-             (install-file "darkhttpd"
-                           (string-append (assoc-ref outputs "out")
-                                          "/bin")))))))
+     (list
+      #:make-flags #~(list (string-append "CC=" #$(cc-for-target)))
+      #:tests? #f ; No test suite
+      #:phases
+      #~(modify-phases %standard-phases
+          (delete 'configure)            ; no configure script
+          (replace 'install
+            (lambda _
+              (install-file "darkhttpd" (string-append #$output "/bin")))))))
     (synopsis "Simple static web server")
     (description "darkhttpd is a simple static web server.  It is
 standalone and does not need inetd or ucspi-tcp.  It does not need any
-- 
2.46.0
This bug report was last modified 192 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.