mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-27 07:23:30 +08:00
package/haserl: security bump to version 0.9.36
2021-03-07 0.9.36 * Fix sf.net issue #5 - its possible to issue a PUT request without a CONTENT-TYPE. Assume an octet-stream in that case. * Change the Prefix for variables to be the REQUEST_METHOD (PUT/DELETE/GET/POST) **** THIS IS A BREAKING CHANGE vs 0.9.33 **** * Mitigations vs running haserl to get access to files not available to the user. - Fix CVE-2021-29133: Lack of verification in haserl, a component of Alpine Linux Configuration Framework, before 0.9.36 allows local users to read the contents of any file on the filesystem. - Update indentation in hash file (two spaces) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
parent
bbedc2a96b
commit
661ce9aac9
@ -1,5 +1,5 @@
|
||||
# From http://sourceforge.net/projects/haserl/files/haserl-devel/
|
||||
md5 918f0b4f6cec0b438c8b5c78f2989010 haserl-0.9.35.tar.gz
|
||||
sha1 9a331d41e9d47a81e81e158f9a16bf5443347cd4 haserl-0.9.35.tar.gz
|
||||
md5 b94cd201a82b410b7f93fe3a31416cff haserl-0.9.36.tar.gz
|
||||
sha1 a6244b496f06e1fea70581cb02c04bc1f0ffcbc3 haserl-0.9.36.tar.gz
|
||||
# Locally computed
|
||||
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
||||
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
HASERL_VERSION = 0.9.35
|
||||
HASERL_VERSION = 0.9.36
|
||||
HASERL_SITE = http://downloads.sourceforge.net/project/haserl/haserl-devel
|
||||
HASERL_LICENSE = GPL-2.0
|
||||
HASERL_LICENSE_FILES = COPYING
|
||||
|
Loading…
Reference in New Issue
Block a user