diff --git a/libupnp-1.6.13.tar.bz2 b/libupnp-1.6.13.tar.bz2 deleted file mode 100644 index 0ad88d8..0000000 --- a/libupnp-1.6.13.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5c1dd7f4c13ab321685063e25b874e44bf31d6e170fe51ddae47abe4f41523ee -size 1191882 diff --git a/libupnp-1.6.18.tar.bz2 b/libupnp-1.6.18.tar.bz2 new file mode 100644 index 0000000..efb9cb4 --- /dev/null +++ b/libupnp-1.6.18.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:b21bc676365622d3ace1b25292dab8d4d23f6e6a80ddc8f029b765d39797e934 +size 1201056 diff --git a/libupnp-configure.patch b/libupnp-configure.patch index b5c7258..4b11510 100644 --- a/libupnp-configure.patch +++ b/libupnp-configure.patch @@ -1,5 +1,5 @@ ---- configure.ac.orig -+++ configure.ac +--- configure.ac 2013-01-29 16:39:56.000000000 +0100 ++++ configure.ac 2013-02-17 10:40:53.680021913 +0100 @@ -7,9 +7,9 @@ # (C) Copyright 2005-2007 RĂ©mi Turboult # @@ -7,12 +7,12 @@ -AC_PREREQ(2.60) +AC_PREREQ([2.60]) --AC_INIT([libupnp], [1.6.13], [mroberto@users.sourceforge.net]) -+AC_INIT([libupnp],[1.6.13],[mroberto@users.sourceforge.net]) +-AC_INIT([libupnp], [1.6.18], [mroberto@users.sourceforge.net]) ++AC_INIT([libupnp],[1.6.18],[mroberto@users.sourceforge.net]) dnl ############################################################################ dnl # *Independently* of the above libupnp package version, the libtool version dnl # of the 3 libraries need to be updated whenever there is a change released: -@@ -293,7 +293,6 @@ AC_CANONICAL_HOST +@@ -366,7 +366,6 @@ # installed libraries. # AC_CONFIG_HEADERS([autoconfig.h upnp/inc/upnpconfig.h]) @@ -20,7 +20,7 @@ AC_REVISION([$Revision: 1.11 $]) -@@ -405,9 +404,12 @@ AC_MSG_RESULT($docdir) +@@ -506,9 +505,12 @@ # # Checks for programs # @@ -35,22 +35,24 @@ AC_PROG_INSTALL AC_PROG_MAKE_SET AC_PROG_EGREP -@@ -431,9 +433,6 @@ freebsd*) +@@ -532,9 +534,7 @@ #: # Use -O0 in debug so that variables do not get optimized out AX_CFLAGS_GCC_OPTION([-O0, -g]) - else - # add optimise for size - AX_CFLAGS_GCC_OPTION([-Os]) ++ fi ;; esac -@@ -447,8 +446,6 @@ echo "---------------------------------- +@@ -548,8 +548,7 @@ # AC_TYPE_SIZE_T AC_TYPE_OFF_T -AC_DEFINE([_LARGE_FILE_SOURCE], [], [Large files support]) -AC_DEFINE([_FILE_OFFSET_BITS], [64], [File Offset size]) ++ # @@ -78,20 +80,23 @@ AM_CPPFLAGS += -DDEBUG -DSTATS --- upnp/src/api/UpnpString.c.orig +++ upnp/src/api/UpnpString.c -@@ -28,33 +28,6 @@ +@@ -28,38 +28,6 @@ /* Other systems have strncasecmp */ #endif --/* strnlen() is a GNU extension. */ --#if HAVE_STRNLEN -- extern size_t strnlen(const char *s, size_t maxlen); --#else /* HAVE_STRNLEN */ -- static size_t strnlen(const char *s, size_t n) -- { -- const char *p = (const char *)memchr(s, 0, n); -- return p ? p - s : n; -- } --#endif /* HAVE_STRNLEN */ +-#ifndef UPNP_USE_MSVCPP +- /* VC has strnlen which is already included but with (potentially) different linkage */ +- /* strnlen() is a GNU extension. */ +- #if HAVE_STRNLEN +- extern size_t strnlen(const char *s, size_t maxlen); +- #else /* HAVE_STRNLEN */ +- static size_t strnlen(const char *s, size_t n) +- { +- const char *p = (const char *)memchr(s, 0, n); +- return p ? p - s : n; +- } +- #endif /* HAVE_STRNLEN */ +-#endif /* WIN32 */ - -/* strndup() is a GNU extension. */ -#if HAVE_STRNDUP && !defined(WIN32) @@ -101,6 +106,8 @@ - { - size_t strsize = strnlen(__string, __n); - char *newstr = (char *)malloc(strsize + 1); +- if (newstr == NULL) +- return NULL; - - strncpy(newstr, __string, strsize); - newstr[strsize] = 0; diff --git a/libupnp.changes b/libupnp.changes index 018a2a8..fde126c 100644 --- a/libupnp.changes +++ b/libupnp.changes @@ -1,3 +1,70 @@ +------------------------------------------------------------------- +Tue Feb 5 21:10:59 UTC 2013 - zaitor@opensuse.org + +- Update to version 1.6.18: + + Security fix for CERT issue VU#922681. + + CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf + + CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN + + CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN + + Notice that the following issues have already been dealt by + previous work: + - CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN + - CVE-2012-5962 Issue #3: Stack buffer overflow of + Evt->DeviceType + - CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN + - CVE-2012-5964 Issue #6: Stack buffer overflow of + Event->DeviceType + - CVE-2012-5965 Issue #7: Stack buffer overflow of + Event->DeviceType + + Fix memory leak and access violation in + UpnpSendAction(Ex)Async. + + Disable SetGenaCallback call if device is disabled. + + Fix problems detected as dead assignment warning by clang + scan-build. + + Fix condition for allocation failure in get_content_type(). + + Avoid dereference of null pointer in + ixmlNode_setNodeProperties. + + Avoid access violation after parser_parse_chunky_headers call. + + Remove possibility of access violation. + + Fix type of local variable stopSock in RunMiniServer(). + + Compilation optimisation. + + Use of thread-unsafe gmtime() in httpreadwrite.c sf#3507819. +- Changes from version 1.6.17: + + Remove implicit casts. + + Add --enable-unspecified_server + + Removing implicit casts in miniserver.c + + Bugs fixed: sf#3512833, sf#3510693, sf#3511149, sf#3514145. +- Changes from version 1.6.16: + + Replace sprintf by snprintf in http_WriteHttpPost to avoid + buffer overflow. + + Add infoSize parameter to get_sdk_info + + Check return code in ixml. + + Add --disable-optssdp option + + Add more explicit casts and remove dead code. + + Bug fix in ixmlNode_allowChildren. + + Improve upnp/genlib/net. + + Improve ssdp part. Do not compile + CreateClientRequestPacketUlaGua if IPv6 is disabled. + + Bugs fixed: sf#3502958, sf#3499781, sf#3499878, sf#3175217, + sf#3496993, sf#3497714, sf#3498442, sf#3498439, sf#3498436, + sf#3497714, sf#2989399, sf#3325246, sf#3417134, sf#3497159, + sf#3497140, sf#3497126, sf#3497034, sf#3497033, sf#3497027, + sf#3497009, sf#3496703, sf#3496702, sf#3496942, sf#3496938, + sf#3496934, sf#3496933, sf#3496581, sf#3495616, sf#3495286, + sf#3495280, sf#3494865, sf#3489999, sf#3489990, sf#3489999. +- Changes from version 1.6.15: + + Bug fix on M-SEARCH for IPv6 CPs. + + Retrieve IPv6 addresses in Upnp_Discovery. + + Fix bug sf#3469344. +- Changes from version 1.6.14: + + UPnP Low Power Support. + + Bug fix in IN6_IS_ADDR_GLOBAL. + + Bug Fix on M-SEARCH. + + Fixes for compilation under Windows. + + Several fixes to correctly use SOCKET (and related) types + instead of non-portable variations. +- Rebase libupnp-configure.patch. + ------------------------------------------------------------------- Sun Feb 3 17:15:23 UTC 2013 - crrodriguez@opensuse.org diff --git a/libupnp.spec b/libupnp.spec index df26df5..989febc 100644 --- a/libupnp.spec +++ b/libupnp.spec @@ -20,7 +20,7 @@ %define lname libupnp6 Name: libupnp -Version: 1.6.13 +Version: 1.6.18 Release: 0 Summary: Portable Universal Plug and Play (UPnP) SDK License: BSD-3-Clause