From 6d27a1cd56ababc6c72d5d781e2116300ff2aa3a Mon Sep 17 00:00:00 2001 From: Muhammad Falak R Wani Date: Fri, 8 Sep 2023 12:46:14 +0530 Subject: [PATCH] Upgrade libmicrohttpd 0.9.71 -> 0.9.76 to address CVE-2023-27371 (#6161) Signed-off-by: Muhammad Falak R Wani --- .../libmicrohttpd.signatures.json | 6 ++-- .../libmicrohttpd/libmicrohttpd.spec | 35 +++++++++++-------- cgmanifest.json | 4 +-- 3 files changed, 26 insertions(+), 19 deletions(-) diff --git a/SPECS-EXTENDED/libmicrohttpd/libmicrohttpd.signatures.json b/SPECS-EXTENDED/libmicrohttpd/libmicrohttpd.signatures.json index 9cd0214df0..ba03ebd7e7 100644 --- a/SPECS-EXTENDED/libmicrohttpd/libmicrohttpd.signatures.json +++ b/SPECS-EXTENDED/libmicrohttpd/libmicrohttpd.signatures.json @@ -1,5 +1,5 @@ { - "Signatures": { - "libmicrohttpd-0.9.71.tar.gz": "e8f445e85faf727b89e9f9590daea4473ae00ead38b237cf1eda55172b89b182" - } + "Signatures": { + "libmicrohttpd-0.9.76.tar.gz": "f0b1547b5a42a6c0f724e8e1c1cb5ce9c4c35fb495e7d780b9930d35011ceb4c" + } } \ No newline at end of file diff --git a/SPECS-EXTENDED/libmicrohttpd/libmicrohttpd.spec b/SPECS-EXTENDED/libmicrohttpd/libmicrohttpd.spec index f0c8873ede..1c79d069a3 100644 --- a/SPECS-EXTENDED/libmicrohttpd/libmicrohttpd.spec +++ b/SPECS-EXTENDED/libmicrohttpd/libmicrohttpd.spec @@ -1,18 +1,21 @@ -Name: libmicrohttpd -Version: 0.9.71 -Release: 3%{?dist} Summary: Lightweight library for embedding a webserver in applications +Name: libmicrohttpd +Version: 0.9.76 +Release: 1%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner -URL: http://www.gnu.org/software/libmicrohttpd/ +URL: https://www.gnu.org/software/libmicrohttpd/ Source0: https://ftp.gnu.org/gnu/libmicrohttpd/%{name}-%{version}.tar.gz Patch0: gnutls-utilize-system-crypto-policy.patch - -BuildRequires: autoconf, automake, libtool, gettext-devel -BuildRequires: texinfo +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: doxygen +BuildRequires: gettext-devel BuildRequires: gnutls-devel -BuildRequires: doxygen graphviz +BuildRequires: graphviz +BuildRequires: libtool +BuildRequires: texinfo Requires(post): info Requires(preun): info @@ -66,7 +69,7 @@ make -C doc/doxygen full %install %make_install -rm -f %{buildroot}%{_libdir}/*.la +find %{buildroot} -type f -name "*.la" -delete -print rm -f %{buildroot}%{_infodir}/dir rm -f %{buildroot}%{_bindir}/demo @@ -78,13 +81,13 @@ install -m 644 doc/examples/*.c examples cp -R doc/doxygen/html html %post doc -/usr/bin/install-info %{_infodir}/libmicrohttpd.info.gz %{_infodir}/dir || : -/usr/bin/install-info %{_infodir}/libmicrohttpd-tutorial.info.gz %{_infodir}/dir || : +%{_bindir}/install-info %{_infodir}/libmicrohttpd.info.gz %{_infodir}/dir || : +%{_bindir}/install-info %{_infodir}/libmicrohttpd-tutorial.info.gz %{_infodir}/dir || : %preun doc if [ $1 = 0 ] ; then -/usr/bin/install-info --delete %{_infodir}/libmicrohttpd.info.gz %{_infodir}/dir || : -/usr/bin/install-info --delete %{_infodir}/libmicrohttpd-tutorial.info.gz %{_infodir}/dir || : +%{_bindir}/install-info --delete %{_infodir}/libmicrohttpd.info.gz %{_infodir}/dir || : +%{_bindir}/install-info --delete %{_infodir}/libmicrohttpd-tutorial.info.gz %{_infodir}/dir || : fi %files @@ -107,6 +110,11 @@ fi %doc html %changelog +* Thu Sep 05 2023 Muhammad Falak R Wani - 0.9.76-1 +- Upgrade to 0.9.76 to address CVE-2023-27371 +- Lint spec +- License verified + * Mon Nov 01 2021 Muhammad Falak - 0.9.71-3 - Remove epoch @@ -359,4 +367,3 @@ fi * Tue Aug 5 2008 Erik van Pienbroek - 0.3.1-1 - Initial release - diff --git a/cgmanifest.json b/cgmanifest.json index 37448acdb9..e439c59314 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -10031,8 +10031,8 @@ "type": "other", "other": { "name": "libmicrohttpd", - "version": "0.9.71", - "downloadUrl": "https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.71.tar.gz" + "version": "0.9.76", + "downloadUrl": "https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-0.9.76.tar.gz" } } },