Accepting request 155633 from home:Zaitor:branches:devel:libraries:c_c++

Update to libupnp-1.6.18. Maintainers: Take a long and good look at the rebased patch. For one I don't understand why it's needed, since the package builds fine without it + I have no knowledge of the code....

OBS-URL: https://build.opensuse.org/request/show/155633
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libupnp?expand=0&rev=10
This commit is contained in:
Cristian Rodríguez 2013-02-17 18:03:12 +00:00 committed by Git OBS Bridge
parent 39b48a57bd
commit c7eb1f99fa
5 changed files with 97 additions and 23 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:5c1dd7f4c13ab321685063e25b874e44bf31d6e170fe51ddae47abe4f41523ee
size 1191882

3
libupnp-1.6.18.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b21bc676365622d3ace1b25292dab8d4d23f6e6a80ddc8f029b765d39797e934
size 1201056

View File

@ -1,5 +1,5 @@
--- configure.ac.orig --- configure.ac 2013-01-29 16:39:56.000000000 +0100
+++ configure.ac +++ configure.ac 2013-02-17 10:40:53.680021913 +0100
@@ -7,9 +7,9 @@ @@ -7,9 +7,9 @@
# (C) Copyright 2005-2007 Rémi Turboult <r3mi@users.sourceforge.net> # (C) Copyright 2005-2007 Rémi Turboult <r3mi@users.sourceforge.net>
# #
@ -7,12 +7,12 @@
-AC_PREREQ(2.60) -AC_PREREQ(2.60)
+AC_PREREQ([2.60]) +AC_PREREQ([2.60])
-AC_INIT([libupnp], [1.6.13], [mroberto@users.sourceforge.net]) -AC_INIT([libupnp], [1.6.18], [mroberto@users.sourceforge.net])
+AC_INIT([libupnp],[1.6.13],[mroberto@users.sourceforge.net]) +AC_INIT([libupnp],[1.6.18],[mroberto@users.sourceforge.net])
dnl ############################################################################ dnl ############################################################################
dnl # *Independently* of the above libupnp package version, the libtool version dnl # *Independently* of the above libupnp package version, the libtool version
dnl # of the 3 libraries need to be updated whenever there is a change released: dnl # of the 3 libraries need to be updated whenever there is a change released:
@@ -293,7 +293,6 @@ AC_CANONICAL_HOST @@ -366,7 +366,6 @@
# installed libraries. # installed libraries.
# #
AC_CONFIG_HEADERS([autoconfig.h upnp/inc/upnpconfig.h]) AC_CONFIG_HEADERS([autoconfig.h upnp/inc/upnpconfig.h])
@ -20,7 +20,7 @@
AC_REVISION([$Revision: 1.11 $]) AC_REVISION([$Revision: 1.11 $])
@@ -405,9 +404,12 @@ AC_MSG_RESULT($docdir) @@ -506,9 +505,12 @@
# #
# Checks for programs # Checks for programs
# #
@ -35,22 +35,24 @@
AC_PROG_INSTALL AC_PROG_INSTALL
AC_PROG_MAKE_SET AC_PROG_MAKE_SET
AC_PROG_EGREP AC_PROG_EGREP
@@ -431,9 +433,6 @@ freebsd*) @@ -532,9 +534,7 @@
#: #:
# Use -O0 in debug so that variables do not get optimized out # Use -O0 in debug so that variables do not get optimized out
AX_CFLAGS_GCC_OPTION([-O0, -g]) AX_CFLAGS_GCC_OPTION([-O0, -g])
- else - else
- # add optimise for size - # add optimise for size
- AX_CFLAGS_GCC_OPTION([-Os]) - AX_CFLAGS_GCC_OPTION([-Os])
+
fi fi
;; ;;
esac esac
@@ -447,8 +446,6 @@ echo "---------------------------------- @@ -548,8 +548,7 @@
# #
AC_TYPE_SIZE_T AC_TYPE_SIZE_T
AC_TYPE_OFF_T AC_TYPE_OFF_T
-AC_DEFINE([_LARGE_FILE_SOURCE], [], [Large files support]) -AC_DEFINE([_LARGE_FILE_SOURCE], [], [Large files support])
-AC_DEFINE([_FILE_OFFSET_BITS], [64], [File Offset size]) -AC_DEFINE([_FILE_OFFSET_BITS], [64], [File Offset size])
+
# #
@ -78,10 +80,12 @@
AM_CPPFLAGS += -DDEBUG -DSTATS AM_CPPFLAGS += -DDEBUG -DSTATS
--- upnp/src/api/UpnpString.c.orig --- upnp/src/api/UpnpString.c.orig
+++ upnp/src/api/UpnpString.c +++ upnp/src/api/UpnpString.c
@@ -28,33 +28,6 @@ @@ -28,38 +28,6 @@
/* Other systems have strncasecmp */ /* Other systems have strncasecmp */
#endif #endif
-#ifndef UPNP_USE_MSVCPP
- /* VC has strnlen which is already included but with (potentially) different linkage */
- /* strnlen() is a GNU extension. */ - /* strnlen() is a GNU extension. */
- #if HAVE_STRNLEN - #if HAVE_STRNLEN
- extern size_t strnlen(const char *s, size_t maxlen); - extern size_t strnlen(const char *s, size_t maxlen);
@ -92,6 +96,7 @@
- return p ? p - s : n; - return p ? p - s : n;
- } - }
- #endif /* HAVE_STRNLEN */ - #endif /* HAVE_STRNLEN */
-#endif /* WIN32 */
- -
-/* strndup() is a GNU extension. */ -/* strndup() is a GNU extension. */
-#if HAVE_STRNDUP && !defined(WIN32) -#if HAVE_STRNDUP && !defined(WIN32)
@ -101,6 +106,8 @@
- { - {
- size_t strsize = strnlen(__string, __n); - size_t strsize = strnlen(__string, __n);
- char *newstr = (char *)malloc(strsize + 1); - char *newstr = (char *)malloc(strsize + 1);
- if (newstr == NULL)
- return NULL;
- -
- strncpy(newstr, __string, strsize); - strncpy(newstr, __string, strsize);
- newstr[strsize] = 0; - newstr[strsize] = 0;

View File

@ -1,3 +1,70 @@
-------------------------------------------------------------------
Tue Feb 5 21:10:59 UTC 2013 - zaitor@opensuse.org
- Update to version 1.6.18:
+ Security fix for CERT issue VU#922681.
+ CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf
+ CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN
+ CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN
+ Notice that the following issues have already been dealt by
previous work:
- CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN
- CVE-2012-5962 Issue #3: Stack buffer overflow of
Evt->DeviceType
- CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN
- CVE-2012-5964 Issue #6: Stack buffer overflow of
Event->DeviceType
- CVE-2012-5965 Issue #7: Stack buffer overflow of
Event->DeviceType
+ Fix memory leak and access violation in
UpnpSendAction(Ex)Async.
+ Disable SetGenaCallback call if device is disabled.
+ Fix problems detected as dead assignment warning by clang
scan-build.
+ Fix condition for allocation failure in get_content_type().
+ Avoid dereference of null pointer in
ixmlNode_setNodeProperties.
+ Avoid access violation after parser_parse_chunky_headers call.
+ Remove possibility of access violation.
+ Fix type of local variable stopSock in RunMiniServer().
+ Compilation optimisation.
+ Use of thread-unsafe gmtime() in httpreadwrite.c sf#3507819.
- Changes from version 1.6.17:
+ Remove implicit casts.
+ Add --enable-unspecified_server
+ Removing implicit casts in miniserver.c
+ Bugs fixed: sf#3512833, sf#3510693, sf#3511149, sf#3514145.
- Changes from version 1.6.16:
+ Replace sprintf by snprintf in http_WriteHttpPost to avoid
buffer overflow.
+ Add infoSize parameter to get_sdk_info
+ Check return code in ixml.
+ Add --disable-optssdp option
+ Add more explicit casts and remove dead code.
+ Bug fix in ixmlNode_allowChildren.
+ Improve upnp/genlib/net.
+ Improve ssdp part. Do not compile
CreateClientRequestPacketUlaGua if IPv6 is disabled.
+ Bugs fixed: sf#3502958, sf#3499781, sf#3499878, sf#3175217,
sf#3496993, sf#3497714, sf#3498442, sf#3498439, sf#3498436,
sf#3497714, sf#2989399, sf#3325246, sf#3417134, sf#3497159,
sf#3497140, sf#3497126, sf#3497034, sf#3497033, sf#3497027,
sf#3497009, sf#3496703, sf#3496702, sf#3496942, sf#3496938,
sf#3496934, sf#3496933, sf#3496581, sf#3495616, sf#3495286,
sf#3495280, sf#3494865, sf#3489999, sf#3489990, sf#3489999.
- Changes from version 1.6.15:
+ Bug fix on M-SEARCH for IPv6 CPs.
+ Retrieve IPv6 addresses in Upnp_Discovery.
+ Fix bug sf#3469344.
- Changes from version 1.6.14:
+ UPnP Low Power Support.
+ Bug fix in IN6_IS_ADDR_GLOBAL.
+ Bug Fix on M-SEARCH.
+ Fixes for compilation under Windows.
+ Several fixes to correctly use SOCKET (and related) types
instead of non-portable variations.
- Rebase libupnp-configure.patch.
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Feb 3 17:15:23 UTC 2013 - crrodriguez@opensuse.org Sun Feb 3 17:15:23 UTC 2013 - crrodriguez@opensuse.org

View File

@ -20,7 +20,7 @@
%define lname libupnp6 %define lname libupnp6
Name: libupnp Name: libupnp
Version: 1.6.13 Version: 1.6.18
Release: 0 Release: 0
Summary: Portable Universal Plug and Play (UPnP) SDK Summary: Portable Universal Plug and Play (UPnP) SDK
License: BSD-3-Clause License: BSD-3-Clause