projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bbedc2a) | patch
package/haserl: security bump to version 0.9.36
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 29 Mar 2021 20:10:26 +0000 (22:10 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Tue, 30 Mar 2021 06:16:49 +0000 (08:16 +0200)
commit661ce9aac94acbd00412fba81ce65e3ae2e8ba45
tree66e7294270549230b5394c9dbe0c69f7da68cf18tree
parentbbedc2a96b10e1f0134fa619c825bda6d3e53bb0commit | diff
package/haserl: security bump to version 0.9.36

2021-03-07 0.9.36
* Fix sf.net issue #5 - its possible to issue a PUT request
without a CONTENT-TYPE.   Assume an octet-stream in that case.
* Change the Prefix for variables to be the REQUEST_METHOD
(PUT/DELETE/GET/POST)
**** THIS IS A BREAKING CHANGE vs 0.9.33 ****
* Mitigations vs running haserl to get access to files not
available to the user.

- Fix CVE-2021-29133: Lack of verification in haserl, a component of
  Alpine Linux Configuration Framework, before 0.9.36 allows local users
  to read the contents of any file on the filesystem.
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/haserl/haserl.hash diff | blob | history
package/haserl/haserl.mk diff | blob | history