Accepting request 896638 from GNOME:Factory

Update to version 1.2.6 Fix CVE-2021-33516 ( boo#1186590 ) (forwarded request 896477 from susnux) OBS-URL: https://build.opensuse.org/request/show/896638 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/gupnp?expand=0&rev=64
2021-06-05 21:30:52 +00:00 · 2021-06-05 21:30:52 +00:00 · a230f95dab
commit a230f95dab
parent 55850dd520 8ad159cee3
4 changed files with 54 additions and 9 deletions
--- a/gupnp-1.2.4.tar.xz
+++ b/gupnp-1.2.4.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f7a0307ea51f5e44d1b832f493dd9045444a3a4e211ef85dfd9aa5dd6eaea7d1
-size 139832
--- a/gupnp-1.2.6.tar.xz
+++ b/gupnp-1.2.6.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:00b20f1e478a72deac92c34723693a2ac55789ed1e4bb4eed99eb4d62092aafd
+size 142652
--- a/gupnp.changes
+++ b/gupnp.changes
@ -1,3 +1,48 @@
+-------------------------------------------------------------------
+Tue Jun  1 01:19:08 UTC 2021 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update to version 1.2.6
+  + Fix CVE-2021-33516 ( boo#1186590 )
+  + Fix potential fd leak in linux CM
+  + Fix potential NULL pointer dereference when evaluating unset
+    ServiceProxyActions
+  + Fix leaking the message string if an action is never sent
+  + Fix leaking the ServiceProxyAction if sending fails in
+    call_action
+  + Fix potential use-after-free if service proxy is
+    destroxed before libsoup request finishes in control point
+  + Fix potential data leak due to being vulnerable to DNS
+    rebind attacs
+  + Fix introspection annotation for send_action and
+    call_action_finish to prevent a double-free
+  + Fix introspection annotation for send_action_list
+  + Make ServiceIntrospection usable from gobject-introspection
+- Fix dependencies
+
+-------------------------------------------------------------------
+Thu May 27 17:02:15 UTC 2021 - Bjørn Lie <bjorn.lie@gmail.com>
+
+- Update to version 1.2.6:
+  + Fix wrong dependency on GSSDP 1.2.4
+- Changes from version 1.2.5:
+  + Fix introspection annotation for send_action_list
+  + Fix potential fd leak in linux CM
+  + Fix potential NULL pointer dereference when evaluating unset
+    ServiceProxyActions
+  + Fix leaking the message string if an action is never sent
+  + Fix leaking the ServiceProxyAction if sending fails in
+    call_action
+  + Fix introspection annotation for send_action and
+    call_action_finish to prevent a double-free
+  + Make ServiceIntrospection usable from gobject-introspection
+  + Add Python example
+  + Add C example
+  + Fix JavaScript example
+  + Fix potential use-after-free if service proxy is destroxed
+    before libsoup request finishes in control point
+  + Fix potential data leak due to being vulnerable to DNS rebind
+    attacks
+
 -------------------------------------------------------------------
 Mon Aug 10 08:44:28 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>

--- a/gupnp.spec
+++ b/gupnp.spec
@ -1,7 +1,7 @@
 #
 # spec file for package gupnp
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -21,7 +21,7 @@
 %define sover 1.2

 Name:           gupnp
-Version:        1.2.4
+Version:        1.2.6
 Release:        0
 Summary:        Implementation of the UPnP specification
 License:        LGPL-2.0-or-later
@ -29,16 +29,15 @@ Group:          Development/Libraries/C and C++
 URL:            http://www.gupnp.org/
 Source0:        https://download.gnome.org/sources/gupnp/1.2/%{name}-%{version}.tar.xz
 Source1:        baselibs.conf
-
 BuildRequires:  gtk-doc
 BuildRequires:  meson
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(gio-2.0) >= 2.58
 BuildRequires:  pkgconfig(glib-2.0) >= 2.58
-BuildRequires:  pkgconfig(gmodule-2.0) >= 2.58
-BuildRequires:  pkgconfig(gobject-2.0) >= 2.58
+BuildRequires:  pkgconfig(gmodule-2.0) >= 2.44
+BuildRequires:  pkgconfig(gobject-2.0) >= 2.44
 BuildRequires:  pkgconfig(gobject-introspection-1.0) >= 0.6.4
-BuildRequires:  pkgconfig(gssdp-1.2) >= 1.1.3
+BuildRequires:  pkgconfig(gssdp-1.2) >= 1.2.3
 BuildRequires:  pkgconfig(libsoup-2.4) >= 2.48.0
 BuildRequires:  pkgconfig(libxml-2.0)
 BuildRequires:  pkgconfig(uuid)
@ -94,6 +93,7 @@ libraries utilizing the GUPnP framework.

 %prep
 %autosetup -p1
+sed -i 's|env python3|python3|' tools/gupnp-binding-tool-1.2

 %build
 %meson \