From patchwork Tue Sep  1 06:10:27 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fabrice Fontaine <fontaine.fabrice@gmail.com>
X-Patchwork-Id: 1354749
Return-Path: <buildroot-bounces@busybox.net>
X-Original-To: incoming-buildroot@patchwork.ozlabs.org
Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net
 (client-ip=140.211.166.136; helo=silver.osuosl.org;
 envelope-from=buildroot-bounces@busybox.net; receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
 dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256
 header.s=20161025 header.b=KGVHmmoD;
	dkim-atps=neutral
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4BgcCV1N9Fz9sTN
	for <incoming-buildroot@patchwork.ozlabs.org>;
 Tue,  1 Sep 2020 16:11:34 +1000 (AEST)
Received: from localhost (localhost [127.0.0.1])
	by silver.osuosl.org (Postfix) with ESMTP id 0DF6C20345;
	Tue,  1 Sep 2020 06:11:32 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
	by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id gvt7W8TTo-hX; Tue,  1 Sep 2020 06:11:11 +0000 (UTC)
Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34])
	by silver.osuosl.org (Postfix) with ESMTP id ABCDD204E7;
	Tue,  1 Sep 2020 06:10:51 +0000 (UTC)
X-Original-To: buildroot@lists.busybox.net
Delivered-To: buildroot@osuosl.org
Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136])
 by ash.osuosl.org (Postfix) with ESMTP id 014481BF39F
 for <buildroot@lists.busybox.net>; Tue,  1 Sep 2020 06:10:50 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by silver.osuosl.org (Postfix) with ESMTP id EF423204E7
 for <buildroot@lists.busybox.net>; Tue,  1 Sep 2020 06:10:49 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
Received: from silver.osuosl.org ([127.0.0.1])
 by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id asP5MAz6M1No for <buildroot@lists.busybox.net>;
 Tue,  1 Sep 2020 06:10:43 +0000 (UTC)
X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6
Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com
 [209.85.128.54])
 by silver.osuosl.org (Postfix) with ESMTPS id 77104203C4
 for <buildroot@buildroot.org>; Tue,  1 Sep 2020 06:10:43 +0000 (UTC)
Received: by mail-wm1-f54.google.com with SMTP id z9so212165wmk.1
 for <buildroot@buildroot.org>; Mon, 31 Aug 2020 23:10:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=D+S5W79THnAqZGYTg/laDLoEIvUSwgP2nQAxU12phac=;
 b=KGVHmmoD/hLO4MPxY5SAqAsoTqTj/OWGiZATwFkY7mcoBfkOmr+o7+L60xqWLZUniz
 QmUuvvh+6UL9blbcBdETj/+JLVIjkKRjH2qtDg2CrhT72sTShC3622n0JxEezaXBN1dj
 8lBxdjegxND5lUVq2XbVSrLdL2ye6XFUqpcjhOKFODwKIEUmnNMtgq3NyMIjpn9zM1XN
 kGBVg/jIeAr/Cd1joru2suRx4//qPpX7+MPpHWuXd2aKjQ5xz9qDE46gcBKT4m61d2bq
 skzKpbpiTzMUkXAGAuAbXTsyUkWXUlsQoSZQH4hIMI1JuUn84d21sOr5XRgrrz14GHRP
 TztQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=D+S5W79THnAqZGYTg/laDLoEIvUSwgP2nQAxU12phac=;
 b=uB5z7p6jTrgYuLHTcl0wiQlI7WlFclDSZkd4uxqewHBcBmkbCVR0OmrASgSUzD7pCV
 7n6dJCkRM6AmKCqMBkKyfek9Stf02w1fQ43jUUwo00XMohVmahg/apLwZCZJKVV9VTrR
 pZIlL+D88J8PAP3bRRc7uMiJlzcqUozRRHWhfGTJAShmGVH9hGDOuawOuNNij7Em0Bf8
 1tZVdjarfw0f17YvN1kNHiA3CW5Wv+ceR4rujLJ0xZpCP3YhnhpBLvP7o1jSGm431slg
 rM09edRRRYfSYceQar2oemtVOeb0i507vaaKxgtyUXCKl3kXrW1qrWUL37Ual+Jydsja
 eI9g==
X-Gm-Message-State: AOAM5309mLCe8vgm3jiTu/ZzOhAaSFQzzmZxI7lovjboCmM4V7+v+XKC
 wZOmJl2oVc8r2pztOta5EkQKcP9iz7k=
X-Google-Smtp-Source: 
 ABdhPJwX6D/dsMLx1GITYBa/aDb6yDrFaEpUkEoW9yzI+oF6vCpEfRlhgPyqJL2ZRYlHt2yXe+GXOg==
X-Received: by 2002:a1c:7707:: with SMTP id t7mr152204wmi.82.1598940641368;
 Mon, 31 Aug 2020 23:10:41 -0700 (PDT)
Received: from kali.home
 (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr.
 [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9])
 by smtp.gmail.com with ESMTPSA id v7sm969907wma.1.2020.08.31.23.10.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 31 Aug 2020 23:10:40 -0700 (PDT)
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
To: buildroot@buildroot.org
Date: Tue,  1 Sep 2020 08:10:27 +0200
Message-Id: <20200901061027.2294973-6-fontaine.fabrice@gmail.com>
X-Mailer: git-send-email 2.28.0
In-Reply-To: <20200901061027.2294973-1-fontaine.fabrice@gmail.com>
References: <20200901061027.2294973-1-fontaine.fabrice@gmail.com>
MIME-Version: 1.0
Subject: [Buildroot] [PATCH/next v2,6/6] package/libupnp18: drop package
X-BeenThere: buildroot@busybox.net
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion and development of buildroot <buildroot.busybox.net>
List-Unsubscribe: <http://lists.busybox.net/mailman/options/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=unsubscribe>
List-Archive: <http://lists.busybox.net/pipermail/buildroot/>
List-Post: <mailto:buildroot@busybox.net>
List-Help: <mailto:buildroot-request@busybox.net?subject=help>
List-Subscribe: <http://lists.busybox.net/mailman/listinfo/buildroot>,
 <mailto:buildroot-request@busybox.net?subject=subscribe>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>,
 Hiroshi Kawashima <kei-k@ca2.so-net.ne.jp>,
 Simon Dawson <spdawson@gmail.com>,
 Fabrice Fontaine <fontaine.fabrice@gmail.com>
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Drop libupnp18 as libupnp has been bumped to 1.14.x and 1.8.x will not
been fixed against CallStranger a.k.a. CVE-2020-12695

mpd and vlc are already compliant with libupnp 1.14.x (i.e those
packages use UpnpInit2 instead of the deprecated UpnpInit)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 Config.in.legacy                 | 10 ++++++++++
 DEVELOPERS                       |  1 -
 package/Config.in                |  1 -
 package/libupnp18/Config.in      | 16 ----------------
 package/libupnp18/libupnp18.hash |  5 -----
 package/libupnp18/libupnp18.mk   | 26 --------------------------
 package/mpd/Config.in            |  2 +-
 package/mpd/mpd.mk               |  2 +-
 package/vlc/vlc.mk               |  4 ++--
 9 files changed, 14 insertions(+), 53 deletions(-)
 delete mode 100644 package/libupnp18/Config.in
 delete mode 100644 package/libupnp18/libupnp18.hash
 delete mode 100644 package/libupnp18/libupnp18.mk

diff --git a/Config.in.legacy b/Config.in.legacy
index 4e2809b562..1134e97159 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -146,6 +146,16 @@ endif
 
 comment "Legacy options removed in 2020.08"
 
+config BR2_PACKAGE_LIBUPNP18
+	bool "libupnp18 package removed"
+	select BR2_LEGACY
+	select BR2_PACKAGE_LIBUPNP
+	help
+	  Version 1.8.x of libupnp (i.e. libupnp18) has been removed
+	  because it will never be fixed against CallStranger a.k.a.
+	  CVE-2020-12695. The libupnp package (which has been updated to
+	  version 1.14.x) has been selected instead.
+
 config BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AMD64
 	bool "toolchain-external-codesourcery-amd64 removed"
 	select BR2_LEGACY
diff --git a/DEVELOPERS b/DEVELOPERS
index 721cec05f6..8a73fdcaee 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -879,7 +879,6 @@ F:	package/librsync/
 F:	package/libsoup/
 F:	package/libsoxr/
 F:	package/libupnp/
-F:	package/libupnp18/
 F:	package/libv4l/
 F:	package/libxslt/
 F:	package/mbedtls/
diff --git a/package/Config.in b/package/Config.in
index 9e9b6a83bd..8236b6d55d 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1739,7 +1739,6 @@ menu "Networking"
 	source "package/libtorrent-rasterbar/Config.in"
 	source "package/libuhttpd/Config.in"
 	source "package/libupnp/Config.in"
-	source "package/libupnp18/Config.in"
 	source "package/libupnpp/Config.in"
 	source "package/liburiparser/Config.in"
 	source "package/libuwsc/Config.in"
diff --git a/package/libupnp18/Config.in b/package/libupnp18/Config.in
deleted file mode 100644
index 58508e4e26..0000000000
--- a/package/libupnp18/Config.in
+++ /dev/null
@@ -1,16 +0,0 @@
-config BR2_PACKAGE_LIBUPNP18
-	bool "libupnp18"
-	depends on BR2_TOOLCHAIN_HAS_THREADS
-	depends on !BR2_PACKAGE_LIBUPNP
-	help
-	  The portable SDK for UPnP(tm) Devices (libupnp) provides
-	  developers with an API and open source code for building
-	  control points, devices, and bridges that are compliant with
-	  Version 1.0 of the Universal Plug and Play Device Architecture
-	  Specification
-
-	  http://pupnp.sourceforge.net/
-
-comment "libupnp18 needs a toolchain w/ threads"
-	depends on !BR2_PACKAGE_LIBUPNP
-	depends on !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/libupnp18/libupnp18.hash b/package/libupnp18/libupnp18.hash
deleted file mode 100644
index ba9ce1bcdf..0000000000
--- a/package/libupnp18/libupnp18.hash
+++ /dev/null
@@ -1,5 +0,0 @@
-# From https://sourceforge.net/projects/pupnp/files/pupnp/libupnp-1.8.7/libupnp-1.8.7.tar.bz2.sha1
-sha1  2ea3011180c58b0584f0cb73cc8e685a0a1c4ec8  libupnp-1.8.7.tar.bz2
-# Locally computed:
-sha256  e38c69b2b67322e67cd53680db9b02c7c1f720a47a3cd626fd89d57d2dca93b8  libupnp-1.8.7.tar.bz2
-sha256  c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3  COPYING
diff --git a/package/libupnp18/libupnp18.mk b/package/libupnp18/libupnp18.mk
deleted file mode 100644
index f17a1a720d..0000000000
--- a/package/libupnp18/libupnp18.mk
+++ /dev/null
@@ -1,26 +0,0 @@
-################################################################################
-#
-# libupnp18
-#
-################################################################################
-
-LIBUPNP18_VERSION = 1.8.7
-LIBUPNP18_SOURCE = libupnp-$(LIBUPNP18_VERSION).tar.bz2
-LIBUPNP18_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP18_VERSION)
-LIBUPNP18_CONF_ENV = ac_cv_lib_compat_ftime=no
-LIBUPNP18_INSTALL_STAGING = YES
-LIBUPNP18_LICENSE = BSD-3-Clause
-LIBUPNP18_LICENSE_FILES = COPYING
-LIBUPNP18_DEPENDENCIES = host-pkgconf
-
-# Bind the internal miniserver socket with reuseaddr to allow clean restarts.
-LIBUPNP18_CONF_OPTS += --enable-reuseaddr
-
-ifeq ($(BR2_PACKAGE_OPENSSL),y)
-LIBUPNP18_CONF_OPTS += --enable-open-ssl
-LIBUPNP18_DEPENDENCIES += openssl
-else
-LIBUPNP18_CONF_OPTS += --disable-open-ssl
-endif
-
-$(eval $(autotools-package))
diff --git a/package/mpd/Config.in b/package/mpd/Config.in
index 85e12b1be9..e6db1fa268 100644
--- a/package/mpd/Config.in
+++ b/package/mpd/Config.in
@@ -404,7 +404,7 @@ config BR2_PACKAGE_MPD_TCP
 config BR2_PACKAGE_MPD_UPNP
 	bool "UPnP"
 	select BR2_PACKAGE_EXPAT
-	select BR2_PACKAGE_LIBUPNP18 if !BR2_PACKAGE_LIBUPNP
+	select BR2_PACKAGE_LIBUPNP
 	select BR2_PACKAGE_MPD_CURL
 	help
 	  Enable MPD UPnP client support.
diff --git a/package/mpd/mpd.mk b/package/mpd/mpd.mk
index e8255f5146..9ed54f8df0 100644
--- a/package/mpd/mpd.mk
+++ b/package/mpd/mpd.mk
@@ -321,7 +321,7 @@ endif
 ifeq ($(BR2_PACKAGE_MPD_UPNP),y)
 MPD_DEPENDENCIES += \
 	expat \
-	$(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18)
+	libupnp
 MPD_CONF_OPTS += -Dupnp=enabled
 else
 MPD_CONF_OPTS += -Dupnp=disabled
diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
index ccaaa6cd6d..23bd695e02 100644
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -380,9 +380,9 @@ else
 VLC_CONF_OPTS += --disable-theora
 endif
 
-ifeq ($(BR2_PACKAGE_LIBUPNP)$(BR2_PACKAGE_LIBUPNP18),y)
+ifeq ($(BR2_PACKAGE_LIBUPNP),y)
 VLC_CONF_OPTS += --enable-upnp
-VLC_DEPENDENCIES += $(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18)
+VLC_DEPENDENCIES += libupnp
 else
 VLC_CONF_OPTS += --disable-upnp
 endif