Accepting request 155672 from devel:libraries:c_c++

Update to libupnp-1.6.18. Maintainers: Take a long and good look at the rebased patch. For one I don't understand why it's needed, since the package builds fine without it + I have no knowledge of the code.... (forwarded request 155633 from Zaitor)

OBS-URL: https://build.opensuse.org/request/show/155672
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libupnp?expand=0&rev=8

libupnp-1.6.13.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:5c1dd7f4c13ab321685063e25b874e44bf31d6e170fe51ddae47abe4f41523ee
-size 1191882

libupnp-1.6.18.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b21bc676365622d3ace1b25292dab8d4d23f6e6a80ddc8f029b765d39797e934
+size 1201056

libupnp-configure.patch

@@ -1,5 +1,5 @@
---- configure.ac.orig
-+++ configure.ac
+--- configure.ac	2013-01-29 16:39:56.000000000 +0100
++++ configure.ac	2013-02-17 10:40:53.680021913 +0100
 @@ -7,9 +7,9 @@
  # (C) Copyright 2005-2007 Rémi Turboult <r3mi@users.sourceforge.net>
  #
@@ -7,12 +7,12 @@
 -AC_PREREQ(2.60)
 +AC_PREREQ([2.60])
  
--AC_INIT([libupnp], [1.6.13], [mroberto@users.sourceforge.net])
-+AC_INIT([libupnp],[1.6.13],[mroberto@users.sourceforge.net])
+-AC_INIT([libupnp], [1.6.18], [mroberto@users.sourceforge.net])
++AC_INIT([libupnp],[1.6.18],[mroberto@users.sourceforge.net])
  dnl ############################################################################
  dnl # *Independently* of the above libupnp package version, the libtool version
  dnl # of the 3 libraries need to be updated whenever there is a change released:
-@@ -293,7 +293,6 @@ AC_CANONICAL_HOST
+@@ -366,7 +366,6 @@
  #    installed libraries.
  #
  AC_CONFIG_HEADERS([autoconfig.h upnp/inc/upnpconfig.h])
@@ -20,7 +20,7 @@
  
  AC_REVISION([$Revision: 1.11 $])
  
-@@ -405,9 +404,12 @@ AC_MSG_RESULT($docdir)
+@@ -506,9 +505,12 @@
  #
  # Checks for programs
  #
@@ -35,22 +35,24 @@
  AC_PROG_INSTALL
  AC_PROG_MAKE_SET
  AC_PROG_EGREP
-@@ -431,9 +433,6 @@ freebsd*)
+@@ -532,9 +534,7 @@
  		#:
  		# Use -O0 in debug so that variables do not get optimized out
  		AX_CFLAGS_GCC_OPTION([-O0, -g])
 -	else
 -		# add optimise for size
 -		AX_CFLAGS_GCC_OPTION([-Os])
++
  	fi
  	;;
  esac
-@@ -447,8 +446,6 @@ echo "----------------------------------
+@@ -548,8 +548,7 @@
  #
  AC_TYPE_SIZE_T
  AC_TYPE_OFF_T
 -AC_DEFINE([_LARGE_FILE_SOURCE], [], [Large files support])
 -AC_DEFINE([_FILE_OFFSET_BITS], [64], [File Offset size])
++
  
  
  #
@@ -78,20 +80,23 @@
      AM_CPPFLAGS		+= -DDEBUG -DSTATS
 --- upnp/src/api/UpnpString.c.orig
 +++ upnp/src/api/UpnpString.c
-@@ -28,33 +28,6 @@
+@@ -28,38 +28,6 @@
  	/* Other systems have strncasecmp */
  #endif
  
--/* strnlen() is a GNU extension. */
--#if HAVE_STRNLEN
--	extern size_t strnlen(const char *s, size_t maxlen);
--#else /* HAVE_STRNLEN */
--	static size_t strnlen(const char *s, size_t n)
--	{
--		const char *p = (const char *)memchr(s, 0, n);
--		return p ? p - s : n;
--	}
--#endif /* HAVE_STRNLEN */
+-#ifndef UPNP_USE_MSVCPP
+-	/* VC has strnlen which is already included but with (potentially) different linkage */
+-	/* strnlen() is a GNU extension. */
+-	#if HAVE_STRNLEN
+-		extern size_t strnlen(const char *s, size_t maxlen);
+-	#else /* HAVE_STRNLEN */
+-		static size_t strnlen(const char *s, size_t n)
+-		{
+-			const char *p = (const char *)memchr(s, 0, n);
+-			return p ? p - s : n;
+-		}
+-	#endif /* HAVE_STRNLEN */
+-#endif /* WIN32 */
 -
 -/* strndup() is a GNU extension. */
 -#if HAVE_STRNDUP && !defined(WIN32)
@@ -101,6 +106,8 @@
 -	{
 -		size_t strsize = strnlen(__string, __n);
 -		char *newstr = (char *)malloc(strsize + 1);
+-		if (newstr == NULL)
+-			return NULL;
 -
 -		strncpy(newstr, __string, strsize);
 -		newstr[strsize] = 0;
@@ -112,3 +119,14 @@
  /*!
   * \brief Internal implementation of the class UpnpString.
   *
+--- upnp/Makefile.am.orig
++++ upnp/Makefile.am
+@@ -6,7 +6,7 @@
+ 
+ SUBDIRS = doc . sample
+ 
+-AM_CPPFLAGS = \
++AM_CPPFLAGS = -include $(top_builddir)/autoconfig.h \
+ 	-I$(srcdir)/inc \
+ 	-I$(top_srcdir)/threadutil/inc \
+ 	-I$(top_srcdir)/ixml/inc

libupnp.changes

@@ -1,3 +1,76 @@
+-------------------------------------------------------------------
+Tue Feb  5 21:10:59 UTC 2013 - zaitor@opensuse.org
+
+- Update to version 1.6.18:
+  + Security fix for CERT issue VU#922681.
+  + CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf
+  + CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN
+  + CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN
+  + Notice that the following issues have already been dealt by
+    previous work:
+   - CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN
+   - CVE-2012-5962 Issue #3: Stack buffer overflow of
+     Evt->DeviceType
+   - CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN
+   - CVE-2012-5964 Issue #6: Stack buffer overflow of
+     Event->DeviceType
+   - CVE-2012-5965 Issue #7: Stack buffer overflow of 
+     Event->DeviceType
+  + Fix memory leak and access violation in
+    UpnpSendAction(Ex)Async.
+  + Disable SetGenaCallback call if device is disabled.
+  + Fix problems detected as dead assignment warning by clang
+    scan-build.
+  + Fix condition for allocation failure in get_content_type().
+  + Avoid dereference of null pointer in
+    ixmlNode_setNodeProperties.
+  + Avoid access violation after parser_parse_chunky_headers call.
+  + Remove possibility of access violation.
+  + Fix type of local variable stopSock in RunMiniServer().
+  + Compilation optimisation.
+  + Use of thread-unsafe gmtime() in httpreadwrite.c sf#3507819.
+- Changes from version 1.6.17:
+  + Remove implicit casts.
+  + Add --enable-unspecified_server
+  + Removing implicit casts in miniserver.c
+  + Bugs fixed: sf#3512833, sf#3510693, sf#3511149, sf#3514145.
+- Changes from version 1.6.16:
+  + Replace sprintf by snprintf in http_WriteHttpPost to avoid
+    buffer overflow.
+  + Add infoSize parameter to get_sdk_info
+  + Check return code in ixml.
+  + Add --disable-optssdp option
+  + Add more explicit casts and remove dead code.
+  + Bug fix in ixmlNode_allowChildren.
+  + Improve upnp/genlib/net.
+  + Improve ssdp part. Do not compile
+    CreateClientRequestPacketUlaGua if IPv6 is disabled.
+  + Bugs fixed: sf#3502958, sf#3499781, sf#3499878, sf#3175217,
+    sf#3496993, sf#3497714, sf#3498442, sf#3498439, sf#3498436,
+    sf#3497714, sf#2989399, sf#3325246, sf#3417134, sf#3497159,
+    sf#3497140, sf#3497126, sf#3497034, sf#3497033, sf#3497027,
+    sf#3497009, sf#3496703, sf#3496702, sf#3496942, sf#3496938,
+    sf#3496934, sf#3496933, sf#3496581, sf#3495616, sf#3495286,
+    sf#3495280, sf#3494865, sf#3489999, sf#3489990, sf#3489999.
+- Changes from version 1.6.15:
+  + Bug fix on M-SEARCH for IPv6 CPs.
+  + Retrieve IPv6 addresses in Upnp_Discovery.
+  + Fix bug sf#3469344.
+- Changes from version 1.6.14:
+  + UPnP Low Power Support.
+  + Bug fix in IN6_IS_ADDR_GLOBAL.
+  + Bug Fix on M-SEARCH.
+  + Fixes for compilation under Windows.
+  + Several fixes to correctly use SOCKET (and related) types
+    instead of non-portable variations.
+- Rebase libupnp-configure.patch.
+
+-------------------------------------------------------------------
+Sun Feb  3 17:15:23 UTC 2013 - crrodriguez@opensuse.org
+
+- Previous patch was incomplete and did not consider files 
+ in the upnp directory. (updates libupnp-configure.patch)
+
 -------------------------------------------------------------------
 Tue Jul 17 14:53:58 UTC 2012 - crrodriguez@opensuse.org
 

libupnp.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package libupnp
 #
-# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # Copyright (c) 2011, Sascha Peilicke <saschpe@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
@@ -20,7 +20,7 @@
 %define lname libupnp6
 
 Name:           libupnp
-Version:        1.6.13
+Version:        1.6.18
 Release:        0
 Summary:        Portable Universal Plug and Play (UPnP) SDK
 License:        BSD-3-Clause