diff --git a/gupnp-1.2.4.tar.xz b/gupnp-1.2.4.tar.xz deleted file mode 100644 index 8e48d8a..0000000 --- a/gupnp-1.2.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:f7a0307ea51f5e44d1b832f493dd9045444a3a4e211ef85dfd9aa5dd6eaea7d1 -size 139832 diff --git a/gupnp-1.2.6.tar.xz b/gupnp-1.2.6.tar.xz new file mode 100644 index 0000000..ef8f14e --- /dev/null +++ b/gupnp-1.2.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:00b20f1e478a72deac92c34723693a2ac55789ed1e4bb4eed99eb4d62092aafd +size 142652 diff --git a/gupnp.changes b/gupnp.changes index 05665a4..080a0db 100644 --- a/gupnp.changes +++ b/gupnp.changes @@ -1,3 +1,48 @@ +------------------------------------------------------------------- +Tue Jun 1 01:19:08 UTC 2021 - Ferdinand Thiessen + +- Update to version 1.2.6 + + Fix CVE-2021-33516 ( boo#1186590 ) + + Fix potential fd leak in linux CM + + Fix potential NULL pointer dereference when evaluating unset + ServiceProxyActions + + Fix leaking the message string if an action is never sent + + Fix leaking the ServiceProxyAction if sending fails in + call_action + + Fix potential use-after-free if service proxy is + destroxed before libsoup request finishes in control point + + Fix potential data leak due to being vulnerable to DNS + rebind attacs + + Fix introspection annotation for send_action and + call_action_finish to prevent a double-free + + Fix introspection annotation for send_action_list + + Make ServiceIntrospection usable from gobject-introspection +- Fix dependencies + +------------------------------------------------------------------- +Thu May 27 17:02:15 UTC 2021 - Bjørn Lie + +- Update to version 1.2.6: + + Fix wrong dependency on GSSDP 1.2.4 +- Changes from version 1.2.5: + + Fix introspection annotation for send_action_list + + Fix potential fd leak in linux CM + + Fix potential NULL pointer dereference when evaluating unset + ServiceProxyActions + + Fix leaking the message string if an action is never sent + + Fix leaking the ServiceProxyAction if sending fails in + call_action + + Fix introspection annotation for send_action and + call_action_finish to prevent a double-free + + Make ServiceIntrospection usable from gobject-introspection + + Add Python example + + Add C example + + Fix JavaScript example + + Fix potential use-after-free if service proxy is destroxed + before libsoup request finishes in control point + + Fix potential data leak due to being vulnerable to DNS rebind + attacks + ------------------------------------------------------------------- Mon Aug 10 08:44:28 UTC 2020 - Bjørn Lie diff --git a/gupnp.spec b/gupnp.spec index 49eafc8..8f4e502 100644 --- a/gupnp.spec +++ b/gupnp.spec @@ -1,7 +1,7 @@ # # spec file for package gupnp # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -21,7 +21,7 @@ %define sover 1.2 Name: gupnp -Version: 1.2.4 +Version: 1.2.6 Release: 0 Summary: Implementation of the UPnP specification License: LGPL-2.0-or-later @@ -29,16 +29,15 @@ Group: Development/Libraries/C and C++ URL: http://www.gupnp.org/ Source0: https://download.gnome.org/sources/gupnp/1.2/%{name}-%{version}.tar.xz Source1: baselibs.conf - BuildRequires: gtk-doc BuildRequires: meson BuildRequires: pkgconfig BuildRequires: pkgconfig(gio-2.0) >= 2.58 BuildRequires: pkgconfig(glib-2.0) >= 2.58 -BuildRequires: pkgconfig(gmodule-2.0) >= 2.58 -BuildRequires: pkgconfig(gobject-2.0) >= 2.58 +BuildRequires: pkgconfig(gmodule-2.0) >= 2.44 +BuildRequires: pkgconfig(gobject-2.0) >= 2.44 BuildRequires: pkgconfig(gobject-introspection-1.0) >= 0.6.4 -BuildRequires: pkgconfig(gssdp-1.2) >= 1.1.3 +BuildRequires: pkgconfig(gssdp-1.2) >= 1.2.3 BuildRequires: pkgconfig(libsoup-2.4) >= 2.48.0 BuildRequires: pkgconfig(libxml-2.0) BuildRequires: pkgconfig(uuid) @@ -94,6 +93,7 @@ libraries utilizing the GUPnP framework. %prep %autosetup -p1 +sed -i 's|env python3|python3|' tools/gupnp-binding-tool-1.2 %build %meson \