[Buildroot] [git commit branch/2025.02.x] package/lighttpd: security bump to 1.4.81

Titouan Christophe titouan.christophe at mind.be
Thu Sep 4 11:57:24 UTC 2025 

commit: https://git.buildroot.net/buildroot/commit/?id=13de70b4b4bca6529d3fc617d22cf15a8fcd1797
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2025.02.x

News:
- https://www.lighttpd.net/2025/8/13/1.4.80/
  - detect and issue error trace for HTTP/2 MadeYouReset VU#767506 CVE-2025-8671
- https://www.lighttpd.net/2025/8/17/1.4.81/
  - security: fix to reject disallowed trailers

See Changes from 1.4.79:

[build] remove references to libev; no longer used

So drop here as well.

Signed-off-by: Thomas Devoogdt <thomas at devoogdt.com>
Signed-off-by: Arnout Vandecappelle <arnout at rnout.be>
(cherry picked from commit 0d643a8636420a85512aae69932bba2fbe9e5829)
Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
---
 Config.in.legacy               | 6 ++++++
 package/lighttpd/Config.in     | 6 ------
 package/lighttpd/lighttpd.hash | 8 ++++----
 package/lighttpd/lighttpd.mk   | 9 +--------
 4 files changed, 11 insertions(+), 18 deletions(-)

diff --git a/Config.in.legacy b/Config.in.legacy
index 8c534b4317..290a5257a0 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -146,6 +146,12 @@ endif
 
 comment "Legacy options removed in 2025.02.6"
 
+config BR2_PACKAGE_LIGHTTPD_LIBEV
+	bool "lighttpd removed libev support"
+	select BR2_LEGACY
+	help
+	  Lighttpd 1.4.80 removed optional libev support.
+
 config BR2_PACKAGE_THTTPD
 	bool "thttpd has been removed"
 	select BR2_LEGACY
diff --git a/package/lighttpd/Config.in b/package/lighttpd/Config.in
index 1a9a9a277d..fe2c7a2815 100644
--- a/package/lighttpd/Config.in
+++ b/package/lighttpd/Config.in
@@ -67,12 +67,6 @@ config BR2_PACKAGE_LIGHTTPD_LDAP
 comment "ldap support needs a toolchain w/ wchar"
 	depends on !BR2_USE_WCHAR
 
-config BR2_PACKAGE_LIGHTTPD_LIBEV
-	bool "libev support"
-	select BR2_PACKAGE_LIBEV
-	help
-	  Enable libev support for lighttpd fdevent handlers.
-
 config BR2_PACKAGE_LIGHTTPD_LUA
 	bool "lua support"
 	depends on BR2_PACKAGE_LUA
diff --git a/package/lighttpd/lighttpd.hash b/package/lighttpd/lighttpd.hash
index d4742b5746..a23af84c28 100644
--- a/package/lighttpd/lighttpd.hash
+++ b/package/lighttpd/lighttpd.hash
@@ -1,6 +1,6 @@
-# From https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.77.sha512sum
-sha512  696fd4fd8486a6c3fd1131c7e8a935a02b5384882b74ddc19bf79d085e2a0abed9184a30f97e3a7aafb816d3589e110e8d70115daa15cdc52cf61aa4129e3565  lighttpd-1.4.77.tar.xz
-# From https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.77.sha256sum
-sha256  acafabdbfa2267d8b6452d03d85fdd2a66525f3f05a36a79b6645c017f1562ce  lighttpd-1.4.77.tar.xz
+# From https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.81.sha512sum
+sha512  10c24b1c1ce1aa1d826a426868223393eb81d7c0fbcc0b4f032b082a14593e0364228a5275e1440ed8782a2e78f0ded7cf72bc6642e5528bc82defcefab9301b  lighttpd-1.4.81.tar.xz
+# From https://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.81.sha256sum
+sha256  d7d42c3fd2fd94b63c915aa7d18f4da3cac5937ddba33e909f81cf50842a5840  lighttpd-1.4.81.tar.xz
 # Locally calculated
 sha256  5c98cad2fbaf5c5e2562bcbab401a7c557c1bb1bac9914ecc63730925052fb13  COPYING
diff --git a/package/lighttpd/lighttpd.mk b/package/lighttpd/lighttpd.mk
index 609fe3e3be..71c860a31a 100644
--- a/package/lighttpd/lighttpd.mk
+++ b/package/lighttpd/lighttpd.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 LIGHTTPD_VERSION_MAJOR = 1.4
-LIGHTTPD_VERSION = $(LIGHTTPD_VERSION_MAJOR).77
+LIGHTTPD_VERSION = $(LIGHTTPD_VERSION_MAJOR).81
 LIGHTTPD_SOURCE = lighttpd-$(LIGHTTPD_VERSION).tar.xz
 LIGHTTPD_SITE = http://download.lighttpd.net/lighttpd/releases-$(LIGHTTPD_VERSION_MAJOR).x
 LIGHTTPD_LICENSE = BSD-3-Clause
@@ -76,13 +76,6 @@ else
 LIGHTTPD_CONF_OPTS += -Dwith_ldap=disabled
 endif
 
-ifeq ($(BR2_PACKAGE_LIGHTTPD_LIBEV),y)
-LIGHTTPD_DEPENDENCIES += libev
-LIGHTTPD_CONF_OPTS += -Dwith_libev=enabled
-else
-LIGHTTPD_CONF_OPTS += -Dwith_libev=disabled
-endif
-
 ifeq ($(BR2_PACKAGE_LIGHTTPD_LUA),y)
 LIGHTTPD_DEPENDENCIES += lua
 LIGHTTPD_CONF_OPTS += -Dwith_lua=true

More information about the buildroot mailing list