Package: libupnp / 1:1.6.19+git20160116-1.2

Metadata

Package Version Patches format
libupnp 1:1.6.19+git20160116-1.2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01 debian md5 licence.patch | (download)

configure.ac | 3 3 + 0 - 0 !
upnp/src/inc/md5.h | 76 42 + 34 - 0 !
upnp/src/uuid/md5.c | 506 197 + 309 - 0 !
upnp/src/uuid/sysdep.c | 4 2 + 2 - 0 !
upnp/src/uuid/uuid.c | 2 1 + 1 - 0 !
5 files changed, 245 insertions(+), 346 deletions(-)

 replace rsa inc copyright md5 functions by public domain implementation.
Bug-Debian: http://bugs.debian.org/459516

07 neaten debug.patch | (download)

upnp/src/api/upnpdebug.c | 140 53 + 87 - 0 !
upnp/src/gena/gena_ctrlpt.c | 10 5 + 5 - 0 !
upnp/src/gena/gena_device.c | 36 18 + 18 - 0 !
upnp/src/genlib/net/http/httpparser.c | 34 0 + 34 - 0 !
upnp/src/genlib/net/http/httpreadwrite.c | 11 4 + 7 - 0 !
upnp/src/genlib/net/http/webserver.c | 2 0 + 2 - 0 !
upnp/src/inc/gena.h | 8 4 + 4 - 0 !
upnp/src/inc/httpparser.h | 15 0 + 15 - 0 !
upnp/src/inc/upnpapi.h | 12 6 + 6 - 0 !
upnp/src/ssdp/ssdp_server.c | 4 2 + 2 - 0 !
10 files changed, 92 insertions(+), 180 deletions(-)

 neaten debugging so it's safe to leave it compiled in:
 * Don't keep pointers to passed-in filenames, they might have been temporaries.
 * Replace some anonymous comparisons by the appropriate enum name.
 * Replace big file+line banner by a line-based format including timestamp,
   and add/remove newlines or white space where appropriate.
 * Comment out the noisy "Adding a string" prints from the debug.
 * Remove print_http_headers() which wrote to stdout, they are already
   logged via UpnpPrintf from everywhere that called print_http_headers().
09 update doc.patch | (download)

Doxyfile | 12 6 + 6 - 0 !
1 file changed, 6 insertions(+), 6 deletions(-)

 mung the upstream doxyfile to generate meaningful documentation for debian
12 debian always debug.patch | (download)

upnp/src/api/upnpdebug.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 don't write debug files by default if debug is compiled in.
18 url upnpstrings.patch | (download)

upnp/inc/upnp.h | 7 4 + 3 - 0 !
upnp/src/api/upnpapi.c | 90 57 + 33 - 0 !
upnp/src/gena/gena_ctrlpt.c | 4 2 + 2 - 0 !
upnp/src/inc/soaplib.h | 4 2 + 2 - 0 !
upnp/src/inc/upnpapi.h | 2 1 + 1 - 0 !
upnp/src/soap/soap_ctrlpt.c | 12 6 + 6 - 0 !
6 files changed, 72 insertions(+), 47 deletions(-)

 convert to upnpstrings for libupnp4 or greater.
19_fix_tests.patch | (download)

configure.ac | 5 5 + 0 - 0 !
ixml/Makefile.am | 2 2 + 0 - 0 !
ixml/test/test_document.c | 1 1 + 0 - 0 !
upnp/Makefile.am | 2 2 + 0 - 0 !
upnp/test/test_url.c | 20 10 + 10 - 0 !
5 files changed, 20 insertions(+), 10 deletions(-)

 fix the build tests in git so that they work but can be omitted for debuild
22 update_doxyfile.patch | (download)

Doxyfile | 8 8 + 0 - 0 !
1 file changed, 8 insertions(+)

 do not write timestamps in documentation generated by doxygen
 In order to make the build reproducible, we configure Doxygen to skip
 writing timestamps in the HTML documentation it generates.
24 miniserver_IPV4_INADDR_ANY.patch | (download)

upnp/src/genlib/miniserver/miniserver.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 miniserver uses inaddr_any instead of hostip
 The internal miniserver.c uses INADDR_ANY instead of the HostIP/IfName
 provided when initializing libupnp. But, this HostIP/IfName gets used
 for the UDP socket when multicasting SSDP messages.  Because of this,
27 LFS fix 32bit large_files.patch | (download)

configure.ac | 11 3 + 8 - 0 !
ixml/Makefile.am | 3 0 + 3 - 0 !
ixml/src/inc/ixmlmembuf.h | 2 2 + 0 - 0 !
ixml/src/inc/ixmlparser.h | 2 2 + 0 - 0 !
ixml/src/ixmlparser.c | 8 4 + 4 - 0 !
5 files changed, 11 insertions(+), 15 deletions(-)

 build libixml with large file system (64-bit inodes) support.
28 fix git version.patch | (download)

configure.ac | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 git version, 1.6.20 is not yet released.
CVE 2016 6255.patch | (download)

configure.ac | 4 4 + 0 - 0 !
upnp/inc/upnpconfig.h.in | 5 5 + 0 - 0 !
upnp/src/genlib/net/http/webserver.c | 4 4 + 0 - 0 !
3 files changed, 13 insertions(+)

 [patch] don't allow unhandled posts to write to the filesystem by
 default

If there's no registered handler for a POST request, the default behaviour
is to write it to the filesystem. Several million deployed devices appear
to have this behaviour, making it possible to (at least) store arbitrary
data on them. Add a configure option that enables this behaviour, and change
the default to just drop POSTs that aren't directly handled.

Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net>

CVE 2016 8863.patch | (download)

upnp/src/gena/gena_device.c | 17 12 + 5 - 0 !
1 file changed, 12 insertions(+), 5 deletions(-)

 [patch] fix out-of-bound access in create_url_list() (cve-2016-8863)

If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access

Bug: https://sourceforge.net/p/pupnp/bugs/133/
Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
Bug-Debian: https://bugs.debian.org/842093
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771
miniserver fix binding to ipv6 link local addresses.patch | (download)

upnp/src/genlib/miniserver/miniserver.c | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] miniserver: fix binding to ipv6 link-local addresses

Linux requires to have sin6_scope_id hold the interface id when binding to
link-local addresses. This is already in use in other parts of upnp, so
portability shouldn't be in the way here. Without this bind(2) fails with
errno=EINVAL (although ipv6(7) from manpages 4.08 specifies ENODEV in this
case).

Bug-Debian: https://bugs.debian.org/813249