Package: libupnp / 1:1.6.19+git20160116-1.2
Metadata
Package | Version | Patches format |
---|---|---|
libupnp | 1:1.6.19+git20160116-1.2 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01 debian md5 licence.patch | (download) |
configure.ac |
3 3 + 0 - 0 ! |
replace rsa inc copyright md5 functions by public domain implementation. Bug-Debian: http://bugs.debian.org/459516 |
07 neaten debug.patch | (download) |
upnp/src/api/upnpdebug.c |
140 53 + 87 - 0 ! |
neaten debugging so it's safe to leave it compiled in: * Don't keep pointers to passed-in filenames, they might have been temporaries. * Replace some anonymous comparisons by the appropriate enum name. * Replace big file+line banner by a line-based format including timestamp, and add/remove newlines or white space where appropriate. * Comment out the noisy "Adding a string" prints from the debug. * Remove print_http_headers() which wrote to stdout, they are already logged via UpnpPrintf from everywhere that called print_http_headers(). |
09 update doc.patch | (download) |
Doxyfile |
12 6 + 6 - 0 ! |
mung the upstream doxyfile to generate meaningful documentation for debian |
12 debian always debug.patch | (download) |
upnp/src/api/upnpdebug.c |
4 2 + 2 - 0 ! |
don't write debug files by default if debug is compiled in. |
18 url upnpstrings.patch | (download) |
upnp/inc/upnp.h |
7 4 + 3 - 0 ! |
convert to upnpstrings for libupnp4 or greater. |
19_fix_tests.patch | (download) |
configure.ac |
5 5 + 0 - 0 ! |
fix the build tests in git so that they work but can be omitted for debuild |
22 update_doxyfile.patch | (download) |
Doxyfile |
8 8 + 0 - 0 ! |
do not write timestamps in documentation generated by doxygen In order to make the build reproducible, we configure Doxygen to skip writing timestamps in the HTML documentation it generates. |
24 miniserver_IPV4_INADDR_ANY.patch | (download) |
upnp/src/genlib/miniserver/miniserver.c |
4 2 + 2 - 0 ! |
miniserver uses inaddr_any instead of hostip The internal miniserver.c uses INADDR_ANY instead of the HostIP/IfName provided when initializing libupnp. But, this HostIP/IfName gets used for the UDP socket when multicasting SSDP messages. Because of this, |
27 LFS fix 32bit large_files.patch | (download) |
configure.ac |
11 3 + 8 - 0 ! |
build libixml with large file system (64-bit inodes) support. |
28 fix git version.patch | (download) |
configure.ac |
2 1 + 1 - 0 ! |
git version, 1.6.20 is not yet released. |
CVE 2016 6255.patch | (download) |
configure.ac |
4 4 + 0 - 0 ! |
[patch] don't allow unhandled posts to write to the filesystem by default If there's no registered handler for a POST request, the default behaviour is to write it to the filesystem. Several million deployed devices appear to have this behaviour, making it possible to (at least) store arbitrary data on them. Add a configure option that enables this behaviour, and change the default to just drop POSTs that aren't directly handled. Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net> |
CVE 2016 8863.patch | (download) |
upnp/src/gena/gena_device.c |
17 12 + 5 - 0 ! |
[patch] fix out-of-bound access in create_url_list() (cve-2016-8863) If there is an invalid URL in URLS->buf after a valid one, uri_parse is called with out pointing after the allocated memory. As uri_parse writes to *out before returning an error the loop in create_url_list must be stopped early to prevent an out-of-bound access Bug: https://sourceforge.net/p/pupnp/bugs/133/ Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 Bug-Debian: https://bugs.debian.org/842093 Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771 |
miniserver fix binding to ipv6 link local addresses.patch | (download) |
upnp/src/genlib/miniserver/miniserver.c |
1 1 + 0 - 0 ! |
[patch] miniserver: fix binding to ipv6 link-local addresses Linux requires to have sin6_scope_id hold the interface id when binding to link-local addresses. This is already in use in other parts of upnp, so portability shouldn't be in the way here. Without this bind(2) fails with errno=EINVAL (although ipv6(7) from manpages 4.08 specifies ENODEV in this case). Bug-Debian: https://bugs.debian.org/813249 |