edge/community/thttpd-2.29-r1: switch to sthttpd-2.27.1 security fork
sthttpd - a fork of thttpd, a tiny/turbo/throttling HTTP server
version 2.27.0 Oct 3, 2014
sthttpd is a fork of Jef Poskanzer's popular thttpd server. This fork aims to simply maintain the original codebase as bugs or security issues are found.
The original version has not been patched for: CVE-2017-10671
The original version still heavily relies on strcpy()
which has been overhauled to use bounded memmove()
: https://github.com/blueness/sthttpd/commit/aa3f36c0bf2aef1ffb17f5188ccf5e8afc13d3dc#diff-fd5839f30c92090795049608bd9f55d8d2dcec8f71e613ecfcd8544a7e4e7540
Also, there is a currently open CVE that has not been fixed yet: CVE-2021-26843