@@ -146,6 +146,16 @@ endif
comment "Legacy options removed in 2021.02"
+config BR2_PACKAGE_LIBUPNP18
+ bool "libupnp18 package removed"
+ select BR2_LEGACY
+ select BR2_PACKAGE_LIBUPNP
+ help
+ Version 1.8.x of libupnp (i.e. libupnp18) has been removed
+ because it will never be fixed against CallStranger a.k.a.
+ CVE-2020-12695. The libupnp package (which has been updated to
+ version 1.14.x) has been selected instead.
+
config BR2_PACKAGE_BOA
bool "boa package removed"
select BR2_LEGACY
@@ -862,7 +862,6 @@ F: package/librsync/
F: package/libsoup/
F: package/libsoxr/
F: package/libupnp/
-F: package/libupnp18/
F: package/libv4l/
F: package/libxslt/
F: package/mbedtls/
@@ -1791,7 +1791,6 @@ menu "Networking"
source "package/libuev/Config.in"
source "package/libuhttpd/Config.in"
source "package/libupnp/Config.in"
- source "package/libupnp18/Config.in"
source "package/libupnpp/Config.in"
source "package/liburiparser/Config.in"
source "package/libuwsc/Config.in"
deleted file mode 100644
@@ -1,16 +0,0 @@
-config BR2_PACKAGE_LIBUPNP18
- bool "libupnp18"
- depends on BR2_TOOLCHAIN_HAS_THREADS
- depends on !BR2_PACKAGE_LIBUPNP
- help
- The portable SDK for UPnP(tm) Devices (libupnp) provides
- developers with an API and open source code for building
- control points, devices, and bridges that are compliant with
- Version 1.0 of the Universal Plug and Play Device Architecture
- Specification
-
- http://pupnp.sourceforge.net/
-
-comment "libupnp18 needs a toolchain w/ threads"
- depends on !BR2_PACKAGE_LIBUPNP
- depends on !BR2_TOOLCHAIN_HAS_THREADS
deleted file mode 100644
@@ -1,5 +0,0 @@
-# From https://sourceforge.net/projects/pupnp/files/pupnp/libupnp-1.8.7/libupnp-1.8.7.tar.bz2.sha1
-sha1 2ea3011180c58b0584f0cb73cc8e685a0a1c4ec8 libupnp-1.8.7.tar.bz2
-# Locally computed:
-sha256 e38c69b2b67322e67cd53680db9b02c7c1f720a47a3cd626fd89d57d2dca93b8 libupnp-1.8.7.tar.bz2
-sha256 c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3 COPYING
deleted file mode 100644
@@ -1,26 +0,0 @@
-################################################################################
-#
-# libupnp18
-#
-################################################################################
-
-LIBUPNP18_VERSION = 1.8.7
-LIBUPNP18_SOURCE = libupnp-$(LIBUPNP18_VERSION).tar.bz2
-LIBUPNP18_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP18_VERSION)
-LIBUPNP18_CONF_ENV = ac_cv_lib_compat_ftime=no
-LIBUPNP18_INSTALL_STAGING = YES
-LIBUPNP18_LICENSE = BSD-3-Clause
-LIBUPNP18_LICENSE_FILES = COPYING
-LIBUPNP18_DEPENDENCIES = host-pkgconf
-
-# Bind the internal miniserver socket with reuseaddr to allow clean restarts.
-LIBUPNP18_CONF_OPTS += --enable-reuseaddr
-
-ifeq ($(BR2_PACKAGE_OPENSSL),y)
-LIBUPNP18_CONF_OPTS += --enable-open-ssl
-LIBUPNP18_DEPENDENCIES += openssl
-else
-LIBUPNP18_CONF_OPTS += --disable-open-ssl
-endif
-
-$(eval $(autotools-package))
@@ -404,7 +404,7 @@ config BR2_PACKAGE_MPD_TCP
config BR2_PACKAGE_MPD_UPNP
bool "UPnP"
select BR2_PACKAGE_EXPAT
- select BR2_PACKAGE_LIBUPNP18 if !BR2_PACKAGE_LIBUPNP
+ select BR2_PACKAGE_LIBUPNP
select BR2_PACKAGE_MPD_CURL
help
Enable MPD UPnP client support.
@@ -321,7 +321,7 @@ endif
ifeq ($(BR2_PACKAGE_MPD_UPNP),y)
MPD_DEPENDENCIES += \
expat \
- $(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18)
+ libupnp
MPD_CONF_OPTS += -Dupnp=enabled
else
MPD_CONF_OPTS += -Dupnp=disabled
@@ -378,9 +378,9 @@ else
VLC_CONF_OPTS += --disable-theora
endif
-ifeq ($(BR2_PACKAGE_LIBUPNP)$(BR2_PACKAGE_LIBUPNP18),y)
+ifeq ($(BR2_PACKAGE_LIBUPNP),y)
VLC_CONF_OPTS += --enable-upnp
-VLC_DEPENDENCIES += $(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18)
+VLC_DEPENDENCIES += libupnp
else
VLC_CONF_OPTS += --disable-upnp
endif
Drop libupnp18 as libupnp has been bumped to 1.14.x and 1.8.x will not been fixed against CallStranger a.k.a. CVE-2020-12695 mpd and vlc are already compliant with libupnp 1.14.x (i.e those packages use UpnpInit2 instead of the deprecated UpnpInit) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- Config.in.legacy | 10 ++++++++++ DEVELOPERS | 1 - package/Config.in | 1 - package/libupnp18/Config.in | 16 ---------------- package/libupnp18/libupnp18.hash | 5 ----- package/libupnp18/libupnp18.mk | 26 -------------------------- package/mpd/Config.in | 2 +- package/mpd/mpd.mk | 2 +- package/vlc/vlc.mk | 4 ++-- 9 files changed, 14 insertions(+), 53 deletions(-) delete mode 100644 package/libupnp18/Config.in delete mode 100644 package/libupnp18/libupnp18.hash delete mode 100644 package/libupnp18/libupnp18.mk