From patchwork Tue Sep 1 06:10:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1354745 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=gmdnOfCE; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BgcBW41xpz9sTN for ; Tue, 1 Sep 2020 16:10:41 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id E90A980CDD; Tue, 1 Sep 2020 06:10:38 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id swODgr-_owEE; Tue, 1 Sep 2020 06:10:38 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id 48358850E1; Tue, 1 Sep 2020 06:10:38 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 2C3971BF39F for ; Tue, 1 Sep 2020 06:10:37 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 0AC482036C for ; Tue, 1 Sep 2020 06:10:37 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gJzNARDFTyiF for ; Tue, 1 Sep 2020 06:10:35 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by silver.osuosl.org (Postfix) with ESMTPS id A23BF20345 for ; Tue, 1 Sep 2020 06:10:35 +0000 (UTC) Received: by mail-wr1-f65.google.com with SMTP id j2so97084wrx.7 for ; Mon, 31 Aug 2020 23:10:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=gnUj5yHfir/pjDR6/vFEMikhcm1aM0uzRLR5JgaTSas=; b=gmdnOfCE751vwjZamyq0YLC94AcKAu5ipb/CK+NeH80hTXXWxRdnBXcEqV/H1MJc5z Jagsbq08KDrWRp1ewW25XayY9rCf77S7aBIUDM0nkPfKKS9pj3v7/aacy+S8pObGLcmX rVnImuv7dMtXmcsMTNn5EIofu2NSBJjucPqFsUNeJ4IHqWHkkS7/oFXsnxOoDdSXO3i+ EdhaUpnRhLdeWIc3hP1cZP63cDsSr1oYKUaHVA6ud9Sb1mbUnXbs8AWFVJ6k5XjgCkRb fUmW3BwkhtN6g37iVZEw66n9uUNR9ueVr5h4MlTVP0Spa01bWu/4DxR9ZG/9nXR1938j EHMg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=gnUj5yHfir/pjDR6/vFEMikhcm1aM0uzRLR5JgaTSas=; b=M9R/xwi0umWIiVEonz7p4ri4CgHXYFQbhjE88liD5VI1WojqgSj4hGyypfLpzEGAgR MO0TBgCO2cHwTUketn9tJkwVa2saQfpLDlSnr2hWu6bLlEG8DpdhBigJEGh2SYrhLoCg Wh76WFsDEE5UUSusDFooN1Pf+A/lmJ4CrcizGxNn1G7TXS2JUlkCwVNUxNzSpLmuiaTT JszVzEVgTyjCylwFCjbLPtyQ7lOFBxnX7YaSVyHRx9S3nln01X6YQVN7ZGvfBs+hODaJ nbhoel+QQUSqkjCWoMkkoqAX7XvS92ZVLda4N/IuSgKSvRWuMAI0W9i6O2Q6Mo5CoBRp b3Uw== X-Gm-Message-State: AOAM533WjdyaQwttXXKYYFnhBlJHFjwRMYIvt1fk46s6ZRb3ErKrrfDq tJ/6CvuQHPheWau/kWiKLRIF0dALmtM= X-Google-Smtp-Source: ABdhPJwEiK2HhfuY8ocsTTjdsk6jQ4VUhdlq5kFr6yWIXtJtpMd7wJ/GVuEYr4Rg6qPv0gtPj2jlNw== X-Received: by 2002:a5d:4910:: with SMTP id x16mr48238wrq.204.1598940633739; Mon, 31 Aug 2020 23:10:33 -0700 (PDT) Received: from kali.home (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr. [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9]) by smtp.gmail.com with ESMTPSA id v7sm969907wma.1.2020.08.31.23.10.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Aug 2020 23:10:33 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Tue, 1 Sep 2020 08:10:22 +0200 Message-Id: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Subject: [Buildroot] [PATCH/next v2, 1/6] package/libupnp: security bump to version 1.14.0 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bernd Kuhls , Hiroshi Kawashima , Simon Dawson , Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" - Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848 - Update indentation in hash file (two spaces) - Backport all changes from libupnp18 to libupnp: - Use COPYING instead of LICENSE (no license change) - Add host-pkgconf dependency - Add --enable-reuseaddr - Add openssl optional dependency Signed-off-by: Fabrice Fontaine --- Changes v1 -> v2: - Bump libupnp instead of libupnp18 and drop libupnp18 - Update ushare and igd2-for-linux - Drop libupnp18 package/libupnp/libupnp.hash | 4 ++-- package/libupnp/libupnp.mk | 18 +++++++++++++++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/package/libupnp/libupnp.hash b/package/libupnp/libupnp.hash index e52b7ea9d7..6b16eff3c8 100644 --- a/package/libupnp/libupnp.hash +++ b/package/libupnp/libupnp.hash @@ -1,3 +1,3 @@ # Locally computed: -sha256 c5a300b86775435c076d58a79cc0d5a977d76027d2a7d721590729b7f369fa43 libupnp-1.6.25.tar.bz2 -sha256 0375955c8a79d6e8fa0792d45d00fc4e7710d7ac95bcbd27f9225a83f5c946fd LICENSE +sha256 ecb23d4291968c8a7bdd4eb16fc2250dbacc16b354345a13342d67f571d35ceb libupnp-1.14.0.tar.bz2 +sha256 c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3 COPYING diff --git a/package/libupnp/libupnp.mk b/package/libupnp/libupnp.mk index 8831885ba4..d44abe2794 100644 --- a/package/libupnp/libupnp.mk +++ b/package/libupnp/libupnp.mk @@ -4,12 +4,24 @@ # ################################################################################ -LIBUPNP_VERSION = 1.6.25 +LIBUPNP_VERSION = 1.14.0 LIBUPNP_SOURCE = libupnp-$(LIBUPNP_VERSION).tar.bz2 -LIBUPNP_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libUPnP%20$(LIBUPNP_VERSION) +LIBUPNP_SITE = \ + http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP_VERSION) LIBUPNP_CONF_ENV = ac_cv_lib_compat_ftime=no LIBUPNP_INSTALL_STAGING = YES LIBUPNP_LICENSE = BSD-3-Clause -LIBUPNP_LICENSE_FILES = LICENSE +LIBUPNP_LICENSE_FILES = COPYING +LIBUPNP_DEPENDENCIES = host-pkgconf + +# Bind the internal miniserver socket with reuseaddr to allow clean restarts. +LIBUPNP_CONF_OPTS += --enable-reuseaddr + +ifeq ($(BR2_PACKAGE_OPENSSL),y) +LIBUPNP_CONF_OPTS += --enable-open-ssl +LIBUPNP_DEPENDENCIES += openssl +else +LIBUPNP_CONF_OPTS += --disable-open-ssl +endif $(eval $(autotools-package)) From patchwork Tue Sep 1 06:10:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1354746 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.137; helo=fraxinus.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=EfwJrdil; dkim-atps=neutral Received: from fraxinus.osuosl.org (smtp4.osuosl.org [140.211.166.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BgcBY6R6kz9sTN for ; Tue, 1 Sep 2020 16:10:45 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by fraxinus.osuosl.org (Postfix) with ESMTP id 419D7861C7; Tue, 1 Sep 2020 06:10:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from fraxinus.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KN5l1PXjHW_5; Tue, 1 Sep 2020 06:10:40 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by fraxinus.osuosl.org (Postfix) with ESMTP id CB60D86204; Tue, 1 Sep 2020 06:10:40 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 6E8991BF39F for ; Tue, 1 Sep 2020 06:10:39 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 6847D86EB5 for ; Tue, 1 Sep 2020 06:10:39 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SRfgVoresSJB for ; Tue, 1 Sep 2020 06:10:38 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by whitealder.osuosl.org (Postfix) with ESMTPS id D295386EAD for ; Tue, 1 Sep 2020 06:10:37 +0000 (UTC) Received: by mail-wm1-f67.google.com with SMTP id z9so212015wmk.1 for ; Mon, 31 Aug 2020 23:10:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=w/mTh0nxqf20g1fV4hFJWIQOY3dSKQQXwivDZJU6RiA=; b=EfwJrdil2ooqwqR7KVjkRouCTFbx0nj6Qbs2fwSmbE+6PsmOteyQVOshp53KnjliA8 0lvBAAXDU6pUJGGcDz8EJ8gIeBUVzF/jM8KJr/urI/w2J4q9FJeOA9pSbfizGA6DBzBA 9T5oZ5YxZ7eUgpeJ0G5XMCJv3kolVErGfXAm7P49Zh8VsAtHQrxHvDc5diiVpk4dSIcR m4YHYMgMB5lF/xBJzxddQAcZL0NYmWy0kqENagt9//wzqBR1pnoAyfzC8hKN1vG+ylMA x81TCJH1MYTmLOwney7MxcofBxTlCm60KxAoTDpzuSfXfJHY3b6rDMDlvav+Sk7GBCOx YmeA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=w/mTh0nxqf20g1fV4hFJWIQOY3dSKQQXwivDZJU6RiA=; b=ZQ8v56rg/gQ2nO7qB6gvqkax2RgFSpLNAknFCVWJ4JWWTRWlswz5DtBu5/XNRXhCLq SdfSh8xXIRfg7Rp+VpyQG6nTKawaa8srBFuNCtyr53+gQidfZgN/USlFaHTor1S32a2N HXSv8TTeWjeuiO41H2jwZ9Nm7J1vXppMhRK97GMjXCZbYjlz+92DkOe5/jstQcWux9WQ jaW/OYI9H1mO0pnshkJ3BZ9LME5A7iP1V1aX3hMU2TaDlkN6RkX174hAShbDTT0T+kDc jiL3UfgjP8Akz2L8JC2+DC9ktzW8EHnVIPD32RmFxoWljHt9KnSEWqMS0Xux7q63G3a/ v2NA== X-Gm-Message-State: AOAM533GOQa2+Coe2GXDDTlk+o9JSw1pgrJTEt4lqTumWzdFnSfzsreU y29injLtepDGZVSfnBSjXqc5TsPC9ww= X-Google-Smtp-Source: ABdhPJwasTaJvmBEJb3Kh0EDfDokfCTvkrkcCHpOUyxI/6FlEC/kZb4FzdxH60FLecc5C7WqvqO3Aw== X-Received: by 2002:a7b:c769:: with SMTP id x9mr122688wmk.65.1598940635746; Mon, 31 Aug 2020 23:10:35 -0700 (PDT) Received: from kali.home (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr. [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9]) by smtp.gmail.com with ESMTPSA id v7sm969907wma.1.2020.08.31.23.10.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Aug 2020 23:10:35 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Tue, 1 Sep 2020 08:10:23 +0200 Message-Id: <20200901061027.2294973-2-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> References: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH/next v2, 2/6] package/gerbera: security bump to version 1.6.0 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bernd Kuhls , Hiroshi Kawashima , Simon Dawson , Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" - This version is compatible with libupnp 1.14.x which fix CallStranger a.k.a. CVE-2020-12695 - Drop all patches (already in version) - expat is not needed since version 1.5.0 and https://github.com/gerbera/gerbera/commit/a4f0cccd6a1f741c55ca69b06cff3a964eebc1f3 - fmt is a mandatory dependency since version 1.5.0 and https://github.com/gerbera/gerbera/commit/fe81e5fc8898d6e3a53ce30ddaafb8439683f46f - spdlog is a mandatory dependency since version 1.5.0 and https://github.com/gerbera/gerbera/commit/615d698fe4dce9d7462022a00c74af1fac7a1003 - pugixml is a mandatory dependency since version 1.5.0 and https://github.com/gerbera/gerbera/commit/c244006aa04ab2e4c5f3e7003ca727e05440238d - Set CXX_FILESYSTEM_NO_LINK_NEEDED to ON to avoid a build failure due to check_cxx_source_runs which has been added with https://github.com/gerbera/gerbera/commit/8ea0fce24ce9b1cf870837c3be984fed50581dfb - Update indentation in hash file (two spaces) Signed-off-by: Fabrice Fontaine --- ...build-without-js-taglib-or-atrailers.patch | 51 --------------- ...indLibMagic-cmake-fix-static-linking.patch | 63 ------------------- ...make-FindMatroska-fix-static-linking.patch | 37 ----------- package/gerbera/Config.in | 13 ++-- package/gerbera/gerbera.hash | 4 +- package/gerbera/gerbera.mk | 11 ++-- 6 files changed, 16 insertions(+), 163 deletions(-) delete mode 100644 package/gerbera/0001-fix-matroska-build-without-js-taglib-or-atrailers.patch delete mode 100644 package/gerbera/0002-cmake-FindLibMagic-cmake-fix-static-linking.patch delete mode 100644 package/gerbera/0003-cmake-FindMatroska-fix-static-linking.patch diff --git a/package/gerbera/0001-fix-matroska-build-without-js-taglib-or-atrailers.patch b/package/gerbera/0001-fix-matroska-build-without-js-taglib-or-atrailers.patch deleted file mode 100644 index 6898e8ebee..0000000000 --- a/package/gerbera/0001-fix-matroska-build-without-js-taglib-or-atrailers.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 0ac781b0b0deef5c02c32a70ac484f882c3f4dd0 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Tue, 24 Dec 2019 18:55:57 +0100 -Subject: [PATCH] fix matroska build without js, taglib or atrailers -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -i2i function is used in matroska_handler.cc but this function is defined -only if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS) -as a result compilation fails if HAVE_MATROSKA is set but HAVE_JS, -HAVE_TAGLIG or ATRAILERS are not. - -Backported from: 0ac781b0b0deef5c02c32a70ac484f882c3f4dd0 - -Signed-off-by: Fabrice Fontaine -Signed-off-by: Jörg Krause ---- - src/string_converter.cc | 2 +- - src/string_converter.h | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/src/string_converter.cc b/src/string_converter.cc -index f669c661..7a3c55d7 100644 ---- a/src/string_converter.cc -+++ b/src/string_converter.cc -@@ -218,7 +218,7 @@ Ref StringConverter::p2i() - } - #endif - --#if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS) -+#if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS) || defined(HAVE_MATROSKA) - - Ref StringConverter::i2i() - { -diff --git a/src/string_converter.h b/src/string_converter.h -index 58495430..f75bf833 100644 ---- a/src/string_converter.h -+++ b/src/string_converter.h -@@ -65,7 +65,7 @@ public: - static zmm::Ref p2i(); - - #endif --#if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS) -+#if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS) || defined(HAVE_MATROSKA) - /// \brief safeguard - internal to internal - needed to catch some - /// scenarious where the user may have forgotten to add proper conversion - /// in the script. --- -2.26.1 - diff --git a/package/gerbera/0002-cmake-FindLibMagic-cmake-fix-static-linking.patch b/package/gerbera/0002-cmake-FindLibMagic-cmake-fix-static-linking.patch deleted file mode 100644 index f6cc276e70..0000000000 --- a/package/gerbera/0002-cmake-FindLibMagic-cmake-fix-static-linking.patch +++ /dev/null @@ -1,63 +0,0 @@ -From 7fdcabd80c823694d190e5baa8c657ffcae5e777 Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Fri, 31 Jan 2020 17:14:11 +0100 -Subject: [PATCH] cmake/FindLibMagic.cmake: fix static linking - -libmagic can optionally depends on xz (for lzma) or bzip2 since version -5.38 and -https://github.com/file/file/commit/b259a07ea95827f565faa20f0316e5b2704064f7 -so use pkg-config to retrieve those static dependencies and avoid the -following build failure: - -[100%] Linking CXX executable gerbera -/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /home/br-user/autobuild/run/instance-0/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libmagic.a(compress.o): in function `uncompressbuf': -compress.c:(.text+0x69c): undefined reference to `BZ2_bzDecompressInit' -/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x710): undefined reference to `BZ2_bzDecompress' -/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x730): undefined reference to `BZ2_bzDecompressEnd' -/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x7bc): undefined reference to `lzma_auto_decoder' -/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x828): undefined reference to `lzma_code' -/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x848): undefined reference to `lzma_end' - -It should be noted that libmagic.pc is not currently provided in the -official file package (which provides libmagic), an issue has been -opened to add libmagic.pc: https://bugs.astron.com/view.php?id=136 - -Fixes: - - http://autobuild.buildroot.org/results/37b1ef54dc41100689f311fbc31fc9300dc6ae63 - -Signed-off-by: Fabrice Fontaine -[Retrieved from: -https://github.com/gerbera/gerbera/commit/7fdcabd80c823694d190e5baa8c657ffcae5e777] ---- - cmake/FindLibMagic.cmake | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) - -diff --git a/cmake/FindLibMagic.cmake b/cmake/FindLibMagic.cmake -index f68ab923..04995af4 100644 ---- a/cmake/FindLibMagic.cmake -+++ b/cmake/FindLibMagic.cmake -@@ -1,11 +1,22 @@ - INCLUDE (FindPackageHandleStandardArgs) - --FIND_PATH(MAGIC_INCLUDE_DIR magic.h) --FIND_LIBRARY(MAGIC_LIBRARIES NAMES magic) -+find_package(PkgConfig QUIET) -+ -+pkg_check_modules(PC_MAGIC QUIET libmagic) -+ -+FIND_PATH(MAGIC_INCLUDE_DIR magic.h -+ HINTS ${PC_MAGIC_INCLUDEDIR} ${PC_MAGIC_INCLUDE_DIRS}) -+FIND_LIBRARY(MAGIC_LIBRARIES NAMES magic -+ HINTS ${PC_MAGIC_LIBDIR} ${PC_MAGIC_LIBRARY_DIRS}) - - # handle the QUIETLY and REQUIRED arguments and set MAGIC_FOUND to TRUE - find_package_handle_standard_args(MAGIC DEFAULT_MSG MAGIC_LIBRARIES) - -+if (MAGIC_FOUND) -+ set (MAGIC_LIBRARIES ${MAGIC_LIBRARY} ${PC_MAGIC_LIBRARIES}) -+ set (MAGIC_INCLUDE_DIRS ${MAGIC_INCLUDE_DIR} ) -+endif () -+ - MARK_AS_ADVANCED( - MAGIC_LIBRARIES - MAGIC_INCLUDE_DIRS ) diff --git a/package/gerbera/0003-cmake-FindMatroska-fix-static-linking.patch b/package/gerbera/0003-cmake-FindMatroska-fix-static-linking.patch deleted file mode 100644 index 128d617045..0000000000 --- a/package/gerbera/0003-cmake-FindMatroska-fix-static-linking.patch +++ /dev/null @@ -1,37 +0,0 @@ -From aab2eacbaad10759294f4fd74bbb5ecef3cf3a8d Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Tue, 24 Dec 2019 22:57:18 +0100 -Subject: [PATCH] cmake/FindMatroska: fix static linking - -Fix static linking with libmatrasoka by adding PC_EBM_LIBRARIES to -EBML_LIBRARIES and PC_MAT_LIBRARIES to MATROSKA_LIBRARIES - -Signed-off-by: Fabrice Fontaine -[Retrieved from: -https://github.com/gerbera/gerbera/commit/aab2eacbaad10759294f4fd74bbb5ecef3cf3a8d] ---- - cmake/FindMatroska.cmake | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/cmake/FindMatroska.cmake b/cmake/FindMatroska.cmake -index 4b09a5ec..12ca593d 100644 ---- a/cmake/FindMatroska.cmake -+++ b/cmake/FindMatroska.cmake -@@ -23,7 +23,7 @@ FIND_LIBRARY(EBML_LIBRARY ebml - FIND_PACKAGE_HANDLE_STANDARD_ARGS(EBML - REQUIRED_VARS EBML_LIBRARY EBML_INCLUDE_DIR) - if (EBML_FOUND) -- set (EBML_LIBRARIES ${EBML_LIBRARY}) -+ set (EBML_LIBRARIES ${EBML_LIBRARY} ${PC_EBM_LIBRARIES}) - set (EBML_INCLUDE_DIRS ${EBML_INCLUDE_DIR} ) - endif () - MARK_AS_ADVANCED( -@@ -41,7 +41,7 @@ find_library(MATROSKA_LIBRARY matroska - FIND_PACKAGE_HANDLE_STANDARD_ARGS(MATROSKA - REQUIRED_VARS MATROSKA_LIBRARY MATROSKA_INCLUDE_DIR) - if (MATROSKA_FOUND) -- set (MATROSKA_LIBRARIES ${MATROSKA_LIBRARY}) -+ set (MATROSKA_LIBRARIES ${MATROSKA_LIBRARY} ${PC_MAT_LIBRARIES}) - set (MATROSKA_INCLUDE_DIRS ${MATROSKA_INCLUDE_DIR} ) - endif () - MARK_AS_ADVANCED( diff --git a/package/gerbera/Config.in b/package/gerbera/Config.in index e10f78b77e..7192f9caee 100644 --- a/package/gerbera/Config.in +++ b/package/gerbera/Config.in @@ -5,10 +5,12 @@ config BR2_PACKAGE_GERBERA depends on BR2_TOOLCHAIN_HAS_THREADS depends on BR2_TOOLCHAIN_GCC_AT_LEAST_7 # C++17 optional depends on BR2_INSTALL_LIBSTDCPP - depends on !BR2_PACKAGE_LIBUPNP # libupnp18 - select BR2_PACKAGE_EXPAT + depends on BR2_USE_WCHAR # fmt + select BR2_PACKAGE_FMT select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE - select BR2_PACKAGE_LIBUPNP18 + select BR2_PACKAGE_LIBUPNP + select BR2_PACKAGE_PUGIXML + select BR2_PACKAGE_SPDLOG select BR2_PACKAGE_SQLITE select BR2_PACKAGE_UTIL_LINUX select BR2_PACKAGE_UTIL_LINUX_LIBUUID @@ -19,9 +21,8 @@ config BR2_PACKAGE_GERBERA https://gerbera.io -comment "gerbera needs a toolchain w/ C++, threads, gcc >= 7" +comment "gerbera needs a toolchain w/ C++, threads, wchar, gcc >= 7" depends on BR2_USE_MMU depends on BR2_TOOLCHAIN_HAS_ATOMIC - depends on !BR2_PACKAGE_LIBUPNP depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS || \ - !BR2_TOOLCHAIN_GCC_AT_LEAST_7 + !BR2_USE_WCHAR || !BR2_TOOLCHAIN_GCC_AT_LEAST_7 diff --git a/package/gerbera/gerbera.hash b/package/gerbera/gerbera.hash index b1fdcbf2d0..0ade0fd3af 100644 --- a/package/gerbera/gerbera.hash +++ b/package/gerbera/gerbera.hash @@ -1,3 +1,3 @@ # Locally computed: -sha256 904a9031c85ac805e4c139f363510226952683d7257acd1dee25ba1e97fd7651 gerbera-1.4.0.tar.gz -sha256 cae4138373be41fd2be75faf41ce7efbcf49fb17d0e05ad1c51cc01ac335b9b6 LICENSE.md +sha256 3a4956ec5fea1101e8daa32d9cfb985db908a49e2ac6137a1b2bf509e2684a6c gerbera-1.6.0.tar.gz +sha256 cae4138373be41fd2be75faf41ce7efbcf49fb17d0e05ad1c51cc01ac335b9b6 LICENSE.md diff --git a/package/gerbera/gerbera.mk b/package/gerbera/gerbera.mk index 7f0ac664fe..66a46e3938 100644 --- a/package/gerbera/gerbera.mk +++ b/package/gerbera/gerbera.mk @@ -4,20 +4,23 @@ # ################################################################################ -GERBERA_VERSION = 1.4.0 +GERBERA_VERSION = 1.6.0 GERBERA_SITE = $(call github,gerbera,gerbera,v$(GERBERA_VERSION)) GERBERA_LICENSE = GPL-2.0 GERBERA_LICENSE_FILES = LICENSE.md GERBERA_DEPENDENCIES = \ - expat \ + fmt \ host-pkgconf \ - libupnp18 \ + libupnp \ + pugixml \ + spdlog \ sqlite \ util-linux \ zlib GERBERA_CONF_OPTS = \ -DWITH_DEBUG=OFF \ - -DWITH_JS=OFF + -DWITH_JS=OFF \ + -DCXX_FILESYSTEM_NO_LINK_NEEDED=ON # Uses __atomic_fetch_add_4 ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y) From patchwork Tue Sep 1 06:10:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1354747 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=QSTN9ve7; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BgcBn5W6Kz9sTS for ; Tue, 1 Sep 2020 16:10:57 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 658C52284F; Tue, 1 Sep 2020 06:10:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MtfOGdXQEkLT; Tue, 1 Sep 2020 06:10:44 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 4267C203BB; Tue, 1 Sep 2020 06:10:43 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id A56321BF39F for ; Tue, 1 Sep 2020 06:10:40 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 9C04F86EAD for ; Tue, 1 Sep 2020 06:10:40 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NekiwGiBeRlo for ; Tue, 1 Sep 2020 06:10:39 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by whitealder.osuosl.org (Postfix) with ESMTPS id 428AF86EB4 for ; Tue, 1 Sep 2020 06:10:39 +0000 (UTC) Received: by mail-wm1-f53.google.com with SMTP id a65so206351wme.5 for ; Mon, 31 Aug 2020 23:10:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=r8blxhe6iOJgp6OIhoGd2rs0+60VVQ0SAoaCgS9dekk=; b=QSTN9ve7qtlwuLWc8C7/GIRka6sGGNppy4edH9JswdrbBJnAyloJ+PBJOE1ArEqPk6 mOtBO+opeD2hojNm6Wxbw39a6GNWpNt9odsIxz0QhaE7U/NCYe4uLsjq6xIfxw0Lihhj cyU/Fj397UHwVrA7r/MFIxOPrabrV1qn4f5Hq/wb3UUQr6FBhnQFUA3IzlRZVOxh89id Q0iUop7LgnxLsrPn/yj2fnsKD5yIYSr1xDXyHlcEtnZiS57ebeLZ+fcCZSo2Eq8r4nfv gtXQw0xg9ieOgBYgpZNorgR1DKKXmOmwMqj0HmDtsM4/prZa310WTug96UBdCMnan/5E KSOg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=r8blxhe6iOJgp6OIhoGd2rs0+60VVQ0SAoaCgS9dekk=; b=HAvac0az8nFOgiJEpd0bi9GFv2acM8BNWndITUKYsu1/e4iZeMvOLF/hhhM4XRrVk0 jH0QgcyqDPtwqu2TzGp8r7cMtjzoqsbVZONM5HKvW50ihB3TJT1viLrdUBFaDe47MoqA 4SFMFYB1WONciPmUTokkWA+coHSjbhiEaR4ShkI0dCvv5BgSyFzoJ9W3j/gjzesZNheA 93vVLlDz4D2Vieb9klcNRHqWNwdspXdx81H0bsjUbcjf0Zpc2yGAbgApbylqhEykiN4T wCzgWTG3RMOaVuXlz6wyNbvIMDWtHP4RT8cp8xqTTQsmZKt6ay/UF35M1wp9uWWzOxqi TeAw== X-Gm-Message-State: AOAM533y3SjGftiT22sMe0KiTGe3tQLL8BFfY/dgBez0PYOuL0v39smU c4/iMry1OxXAnFKQ8yEkVVHuwryz1ro= X-Google-Smtp-Source: ABdhPJxFxdZ0q6FsSBYBMrvFyuXBjzvQ9b1cpV08sGR/CAwf3aq6WD7E03pYhTj6btB6S2Ze41QMeg== X-Received: by 2002:a7b:cbd4:: with SMTP id n20mr116908wmi.105.1598940637210; Mon, 31 Aug 2020 23:10:37 -0700 (PDT) Received: from kali.home (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr. [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9]) by smtp.gmail.com with ESMTPSA id v7sm969907wma.1.2020.08.31.23.10.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Aug 2020 23:10:36 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Tue, 1 Sep 2020 08:10:24 +0200 Message-Id: <20200901061027.2294973-3-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> References: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH/next v2, 3/6] package/igd2-for-linux: security bump to version 2.0 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bernd Kuhls , Hiroshi Kawashima , Simon Dawson , Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" - Move site to Orange-OpenSource - Drop patch (already in version) - This version is compatible with libupnp 1.14.x to fix CallStranger a.k.a. CVE-2020-12695 - Add threadutil license (BSD-3-Clause) - Update hash in license file (two spaces) Signed-off-by: Fabrice Fontaine --- .../0001-fix-build-with-gcc-10.patch | 199 ------------------ package/igd2-for-linux/Config.in | 2 +- package/igd2-for-linux/igd2-for-linux.hash | 5 +- package/igd2-for-linux/igd2-for-linux.mk | 9 +- 4 files changed, 9 insertions(+), 206 deletions(-) delete mode 100644 package/igd2-for-linux/0001-fix-build-with-gcc-10.patch diff --git a/package/igd2-for-linux/0001-fix-build-with-gcc-10.patch b/package/igd2-for-linux/0001-fix-build-with-gcc-10.patch deleted file mode 100644 index 32474a3adb..0000000000 --- a/package/igd2-for-linux/0001-fix-build-with-gcc-10.patch +++ /dev/null @@ -1,199 +0,0 @@ -From 23ed73623810a0894c8efd9eb79dd38483794a3b Mon Sep 17 00:00:00 2001 -From: Fabrice Fontaine -Date: Thu, 20 Aug 2020 18:17:03 +0200 -Subject: [PATCH] fix build with gcc 10 - -This will fix build failures with -fno-common which is enabled by -default with gcc 10 - -Fixes: - - http://autobuild.buildroot.org/results/f296984c3851fc28341210e36ef1b55b2edac209 - -Signed-off-by: Fabrice Fontaine -[Retrieved from: -https://github.com/Orange-OpenSource/igd2-for-linux/commit/23ed73623810a0894c8efd9eb79dd38483794a3b] -Signed-off-by: Fabrice Fontaine ---- - linuxigd2/src/gatedevice.c | 37 +++++++++++++++++++++++++++++++++ - linuxigd2/src/gatedevice.h | 42 +++++++++----------------------------- - linuxigd2/src/pinholev6.c | 2 ++ - linuxigd2/src/pinholev6.h | 2 +- - linuxigd2/src/pmlist.c | 5 +++++ - linuxigd2/src/pmlist.h | 2 +- - linuxigd2/src/wanipv6fw.h | 3 --- - 7 files changed, 56 insertions(+), 37 deletions(-) - -diff --git a/linuxigd2/src/gatedevice.c b/linuxigd2/src/gatedevice.c -index 8be53e5..a50525d 100644 ---- a/linuxigd2/src/gatedevice.c -+++ b/linuxigd2/src/gatedevice.c -@@ -41,6 +41,43 @@ - #include "wanipv6fw.h" - #include "config.h" - -+// Thread which contains all kind of timers and threads used in gatedevice.c and deviceprotection.c -+TimerThread gExpirationTimerThread; -+ -+// IGD Device Globals -+UpnpDevice_Handle deviceHandle; -+UpnpDevice_Handle deviceHandleIPv6; -+UpnpDevice_Handle deviceHandleIPv6UlaGua; -+char *gateUDN; -+char *wanUDN; -+char *wanConnectionUDN; -+char *lanUDN; -+long int startup_time; -+unsigned long connection_stats[STATS_LIMIT]; // this is used for defining if connection is in idling -+long int idle_time; -+ -+// State Variables -+char ConnectionType[50]; -+char PossibleConnectionTypes[50]; -+char ConnectionStatus[20]; -+char LastConnectionError[35]; -+long int AutoDisconnectTime; -+long int IdleDisconnectTime; -+long int WarnDisconnectDelay; -+int RSIPAvailable; -+int NATEnabled; -+char ExternalIPAddress[INET6_ADDRSTRLEN]; -+int PortMappingNumberOfEntries; -+int PortMappingEnabled; -+char RemoteHost[INET6_ADDRSTRLEN]; // updated IPv6 addrss length 16 -> 46 -+long int SystemUpdateID; -+ -+// WANEthLinkConfig state variables -+char EthernetLinkStatus[12]; -+ -+char FirewallEnabled[2]; -+char InboundPinholeAllowed[2]; -+ - //Definitions for mapping expiration timer thread - static ThreadPool gExpirationThreadPool; - static ThreadPoolJob gEventUpdateJob; -diff --git a/linuxigd2/src/gatedevice.h b/linuxigd2/src/gatedevice.h -index 28d6b21..dbaa0c2 100644 ---- a/linuxigd2/src/gatedevice.h -+++ b/linuxigd2/src/gatedevice.h -@@ -33,42 +33,20 @@ - #include "util.h" - - // Thread which contains all kind of timers and threads used in gatedevice.c and deviceprotection.c --TimerThread gExpirationTimerThread; -+extern TimerThread gExpirationTimerThread; - - // IGD Device Globals --UpnpDevice_Handle deviceHandle; --UpnpDevice_Handle deviceHandleIPv6; --UpnpDevice_Handle deviceHandleIPv6UlaGua; --char *gateUDN; --char *wanUDN; --char *wanConnectionUDN; --char *lanUDN; --long int startup_time; --unsigned long connection_stats[STATS_LIMIT]; // this is used for defining if connection is in idling --long int idle_time; -- --// State Variables --char ConnectionType[50]; --char PossibleConnectionTypes[50]; --char ConnectionStatus[20]; --char LastConnectionError[35]; --long int AutoDisconnectTime; --long int IdleDisconnectTime; --long int WarnDisconnectDelay; --int RSIPAvailable; --int NATEnabled; --char ExternalIPAddress[INET6_ADDRSTRLEN]; --int PortMappingNumberOfEntries; --int PortMappingEnabled; --char RemoteHost[INET6_ADDRSTRLEN]; // updated IPv6 addrss length 16 -> 46 --long int SystemUpdateID; -- --// WANEthLinkConfig state variables --char EthernetLinkStatus[12]; -+extern UpnpDevice_Handle deviceHandle; -+extern UpnpDevice_Handle deviceHandleIPv6; -+extern UpnpDevice_Handle deviceHandleIPv6UlaGua; -+extern char *gateUDN; -+extern char *wanUDN; -+extern char *wanConnectionUDN; -+extern char *lanUDN; - - // Linked list for portmapping entries --struct portMap *pmlist_Head; --struct portMap *pmlist_Current; -+extern struct portMap *pmlist_Head; -+extern struct portMap *pmlist_Current; - - // WanIPConnection Actions - int EventHandler(Upnp_EventType EventType, void *Event, void *Cookie); -diff --git a/linuxigd2/src/pinholev6.c b/linuxigd2/src/pinholev6.c -index 44e8a19..78f886d 100644 ---- a/linuxigd2/src/pinholev6.c -+++ b/linuxigd2/src/pinholev6.c -@@ -41,6 +41,8 @@ extern "C" { - #include "gatedevice.h" - #include "pinholev6.h" - -+struct pinholev6 *ph_first; -+ - static const char * add_rule_str = "ip6tables -I %s " //upnp forward chain - "-i %s " //input interface - "-o %s " //output interface -diff --git a/linuxigd2/src/pinholev6.h b/linuxigd2/src/pinholev6.h -index 295b9f9..353ae27 100644 ---- a/linuxigd2/src/pinholev6.h -+++ b/linuxigd2/src/pinholev6.h -@@ -37,7 +37,7 @@ struct pinholev6 { - - struct pinholev6 *next; - --} *ph_first; -+}; - - struct phv6_expirationEvent - { -diff --git a/linuxigd2/src/pmlist.c b/linuxigd2/src/pmlist.c -index 1b3fe05..95d0c61 100644 ---- a/linuxigd2/src/pmlist.c -+++ b/linuxigd2/src/pmlist.c -@@ -41,6 +41,11 @@ - #include "iptc.h" - #endif - -+// Linked list for portmapping entries -+struct portMap *pmlist_Head; -+struct portMap *pmlist_Current; -+struct portMap *pmlist_Tail; -+ - /** - * Create new portMap struct of rule to add iptables. - * portMap-struct is internal presentation of iptables rule in IGD. -diff --git a/linuxigd2/src/pmlist.h b/linuxigd2/src/pmlist.h -index 436d228..017500d 100644 ---- a/linuxigd2/src/pmlist.h -+++ b/linuxigd2/src/pmlist.h -@@ -57,7 +57,7 @@ struct portMap - - struct portMap* next; - struct portMap* prev; --} *pmlist_Head, *pmlist_Tail, *pmlist_Current; -+}; - - //struct portMap* pmlist_NewNode(void); - struct portMap* pmlist_NewNode(int enabled, long int duration, char *remoteHost, -diff --git a/linuxigd2/src/wanipv6fw.h b/linuxigd2/src/wanipv6fw.h -index 55419fe..a50d267 100644 ---- a/linuxigd2/src/wanipv6fw.h -+++ b/linuxigd2/src/wanipv6fw.h -@@ -46,9 +46,6 @@ extern "C" { - #define ERR_SRC_ADD_WILDCARD 708 - #define ERR_NO_TRAFFIC 709 - --char FirewallEnabled[2]; --char InboundPinholeAllowed[2]; -- - //----------------------------------------------------------------------------- - - int InitFirewallv6(void); diff --git a/package/igd2-for-linux/Config.in b/package/igd2-for-linux/Config.in index 157cc6f30b..f1658d3aa6 100644 --- a/package/igd2-for-linux/Config.in +++ b/package/igd2-for-linux/Config.in @@ -18,7 +18,7 @@ config BR2_PACKAGE_IGD2_FOR_LINUX Please edit /etc/upnpd.conf before using upnpd! - https://github.com/ffontaine/igd2-for-linux + https://github.com/Orange-OpenSource/igd2-for-linux comment "igd2-for-linux needs a toolchain w/ threads, wchar" depends on BR2_USE_MMU diff --git a/package/igd2-for-linux/igd2-for-linux.hash b/package/igd2-for-linux/igd2-for-linux.hash index ecde4b51c2..fc215727d7 100644 --- a/package/igd2-for-linux/igd2-for-linux.hash +++ b/package/igd2-for-linux/igd2-for-linux.hash @@ -1,3 +1,4 @@ # Locally computed: -sha256 523545a26b0d662e9f6913bec2518df6e70f4d497935d88983d994336a1b0ea9 igd2-for-linux-1.2.tar.gz -sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 linuxigd2/doc/LICENSE +sha256 e3fcc7c9da4ad1ca16227b3b1b3712bcfb3f6ec922685eee7ae4a76edfa32bb4 igd2-for-linux-2.0.tar.gz +sha256 204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994 linuxigd2/doc/LICENSE +sha256 c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3 linuxigd2/src/threadutil/COPYING diff --git a/package/igd2-for-linux/igd2-for-linux.mk b/package/igd2-for-linux/igd2-for-linux.mk index 478c353997..85119a14b5 100644 --- a/package/igd2-for-linux/igd2-for-linux.mk +++ b/package/igd2-for-linux/igd2-for-linux.mk @@ -4,11 +4,12 @@ # ################################################################################ -IGD2_FOR_LINUX_VERSION = 1.2 -IGD2_FOR_LINUX_SITE = $(call github,ffontaine,igd2-for-linux,v$(IGD2_FOR_LINUX_VERSION)) +IGD2_FOR_LINUX_VERSION = 2.0 +IGD2_FOR_LINUX_SITE = \ + $(call github,Orange-OpenSource,igd2-for-linux,v$(IGD2_FOR_LINUX_VERSION)) -IGD2_FOR_LINUX_LICENSE = GPL-2.0 -IGD2_FOR_LINUX_LICENSE_FILES = linuxigd2/doc/LICENSE +IGD2_FOR_LINUX_LICENSE = GPL-2.0, BSD-3-Clause +IGD2_FOR_LINUX_LICENSE_FILES = linuxigd2/doc/LICENSE linuxigd2/src/threadutil/COPYING IGD2_FOR_LINUX_DEPENDENCIES = libupnp From patchwork Tue Sep 1 06:10:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1354748 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=egZlwlYw; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BgcCG5tGmz9sTN for ; Tue, 1 Sep 2020 16:11:22 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 23C9E20408; Tue, 1 Sep 2020 06:11:20 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PRu0wlfUR06i; Tue, 1 Sep 2020 06:10:54 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id F2F0520409; Tue, 1 Sep 2020 06:10:45 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id F31321BF39F for ; Tue, 1 Sep 2020 06:10:42 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id D9440203BB for ; Tue, 1 Sep 2020 06:10:42 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ipcKICtDkWSf for ; Tue, 1 Sep 2020 06:10:41 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f51.google.com (mail-wm1-f51.google.com [209.85.128.51]) by silver.osuosl.org (Postfix) with ESMTPS id 96A3B20345 for ; Tue, 1 Sep 2020 06:10:40 +0000 (UTC) Received: by mail-wm1-f51.google.com with SMTP id v4so205759wmj.5 for ; Mon, 31 Aug 2020 23:10:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=zRZ7ng8PhcferkMUh/tYok9S4gIyhyQrCWVgRnlRyB0=; b=egZlwlYwfvNIyJ/eAzi9spPPikRqzuZz52xSroNhfEbFmzgkwscSpsNGpwCYjIPj8c 19+bwA3gDimLmK7Rsz5jPHCe2pfHw8iM58sW82cUHMkxlejHUnYa30oS9siI6n9ATG1D p1Zj4eamngVs8UW9jNc+X7rGJ647Iwp01p6HfmvNo2aRMMW/sk2nSWgzl4yJBjLnY1+X DKwFupBfaMENwuB/u/r/o61dxlnD0pVplo3AGwemT7uJ9EaDDfNe7gb+CLai3ul4EfiS 7K9wnlXgHoeFOjq6Y5NHZnO1Ohn0/8mDMvUMEglkZVhGaVNl+D0LfW6G4moIsrfJkYq3 6tZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zRZ7ng8PhcferkMUh/tYok9S4gIyhyQrCWVgRnlRyB0=; b=ifVWuFxUcuwF/p5VnmOh4JzhkURcjsvlvD5meO/b2SIFvH/7lbtknN+lBkc+KdvpeJ voCGcHMwecv2PskQydocSBeq01zFSVYLvbY6FA1suKC1d430WN4URG5t3mMQJoOCVdJS 0ihGRvmoCD7vZqh2GyNz6tVr6rb/h1CDc4F8X1wNt1MOXw6O/5Tnk5qSHsWzzziNXqYv 8SdEHWB+dOqrMXWzDCQHAdHYeGreUJGnuJnc7YJQRyK5Vf1VDrVGrT3r4FI4fsORzoiH 1Ua6l5WTFwovsLDGoHgl83132OdRXTXEQhQdxpV08nsm4X8eLZwJNgd/T8LE3y7geRkO NeYA== X-Gm-Message-State: AOAM530xgXfVFkT+Z3DIs2Ik8++Io9QgV3sOEWYvBlQz1uDYbevlbXwV 52gjtlXiwdVJNENdhI4m8KGughoHmcY= X-Google-Smtp-Source: ABdhPJz4nP0qhFWYnV6f/z35tp0VPHvGPboYkEmWMgZYjzOHz2o0M4Fz6JkghX9lUcJ/yl+PYJ7svA== X-Received: by 2002:a7b:cb4e:: with SMTP id v14mr138062wmj.140.1598940638616; Mon, 31 Aug 2020 23:10:38 -0700 (PDT) Received: from kali.home (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr. [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9]) by smtp.gmail.com with ESMTPSA id v7sm969907wma.1.2020.08.31.23.10.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Aug 2020 23:10:38 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Tue, 1 Sep 2020 08:10:25 +0200 Message-Id: <20200901061027.2294973-4-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> References: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH/next v2, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bernd Kuhls , Hiroshi Kawashima , Simon Dawson , Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Using libupnp 1.14.x is needed to fix CallStranger a.k.a. CVE-2020-12695 Signed-off-by: Fabrice Fontaine --- .../0001-Drop-UpnpInit.patch | 175 ++++++++++++++++++ package/gmrender-resurrect/Config.in | 2 +- .../gmrender-resurrect/gmrender-resurrect.mk | 2 +- 3 files changed, 177 insertions(+), 2 deletions(-) create mode 100644 package/gmrender-resurrect/0001-Drop-UpnpInit.patch diff --git a/package/gmrender-resurrect/0001-Drop-UpnpInit.patch b/package/gmrender-resurrect/0001-Drop-UpnpInit.patch new file mode 100644 index 0000000000..18ec7bb515 --- /dev/null +++ b/package/gmrender-resurrect/0001-Drop-UpnpInit.patch @@ -0,0 +1,175 @@ +From dc8c4d4dc234311b3099e7f1efadf5d9733c81e9 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Fri, 21 Aug 2020 21:29:00 +0200 +Subject: [PATCH] Drop UpnpInit + +UpnpInit has been dropped from libupnp 1.14.x as it can't be fixed +against CallStranger a.k.a. CVE-2020-12695 so replace it by UpnpInit2 +which is available since version 1.6.7 and +https://github.com/pupnp/pupnp/commit/2bcbdffd89a70364147d345ec5e70a3fce5cbc29 + +Signed-off-by: Fabrice Fontaine +[Upstream status: +https://github.com/hzeller/gmrender-resurrect/pull/214] +--- + dist-scripts/centos7/README.md | 2 +- + dist-scripts/debian/gmediarender.1 | 8 ++------ + dist-scripts/fedora/README.md | 2 +- + src/main.c | 13 ++++--------- + src/upnp_device.c | 18 +++++++++--------- + src/upnp_device.h | 2 +- + 6 files changed, 18 insertions(+), 27 deletions(-) + +diff --git a/dist-scripts/centos7/README.md b/dist-scripts/centos7/README.md +index 278d777..ed82fb6 100644 +--- a/dist-scripts/centos7/README.md ++++ b/dist-scripts/centos7/README.md +@@ -45,7 +45,7 @@ Additional configuration is also recommended, sice there's no configuration file + # vi /etc/systemd/system/gmediarender.service.d/customize.conf # or nano, or emacs, or whatever editor you like + [Service] + ExecStart= +- ExecStart=/usr/bin/gmediarender --port=49494 --ip-address= -f "DLNA Renderer GMediaRender" ++ ExecStart=/usr/bin/gmediarender --port=49494 --interface-name= -f "DLNA Renderer GMediaRender" + + # systemctl daemon-reload + # systemctl start gmediarender.service +diff --git a/dist-scripts/debian/gmediarender.1 b/dist-scripts/debian/gmediarender.1 +index 96123ff..b2b1359 100644 +--- a/dist-scripts/debian/gmediarender.1 ++++ b/dist-scripts/debian/gmediarender.1 +@@ -50,12 +50,8 @@ Usually, it is desirable for the renderer + to show up on controllers under a recognisable and unique name. This is + the option to set that name. + .TP +-.B \-I, \-\-ip\-address \fI\\fP +-The local IP address the service is running and advertised on. +- +-This can +-only be a single address, and must be explicitly specified (i.e. not +-0.0.0.0). ++.B \-I, \-\-interface\-name \fI\\fP ++The local interface name the service is running and advertised on. + .TP + .B \-p, \-\-port \fI\\fP + Port to listen to. [49152..65535]. +diff --git a/dist-scripts/fedora/README.md b/dist-scripts/fedora/README.md +index 7b9ea4b..45aa536 100644 +--- a/dist-scripts/fedora/README.md ++++ b/dist-scripts/fedora/README.md +@@ -43,7 +43,7 @@ Additional configuration is also recommended, sice there's no configuration file + # vi /etc/systemd/system/gmediarender.service.d/customize.conf # or nano, or emacs, or whatever editor you like + [Service] + ExecStart= +- ExecStart=/usr/bin/gmediarender --port=49494 --ip-address= -f "DLNA Renderer GMediaRender" ++ ExecStart=/usr/bin/gmediarender --port=49494 --interface-name= -f "DLNA Renderer GMediaRender" + + # systemctl daemon-reload + # systemctl start gmediarender.service +diff --git a/src/main.c b/src/main.c +index ef720e3..2030c49 100644 +--- a/src/main.c ++++ b/src/main.c +@@ -69,11 +69,7 @@ static gboolean show_transport_scpd = FALSE; + static gboolean show_outputs = FALSE; + static gboolean daemon_mode = FALSE; + +-// IP-address seems strange in libupnp: they actually don't bind to +-// that address, but to INADDR_ANY (miniserver.c in upnp library). +-// Apparently they just use this for the advertisement ? Anyway, 0.0.0.0 would +-// not work. +-static const gchar *ip_address = NULL; ++static const gchar *interface_name = NULL; + static int listen_port = 49494; + + #ifdef GMRENDER_UUID +@@ -92,9 +88,8 @@ static const gchar *mime_filter = NULL; + static GOptionEntry option_entries[] = { + { "version", 0, 0, G_OPTION_ARG_NONE, &show_version, + "Output version information and exit", NULL }, +- { "ip-address", 'I', 0, G_OPTION_ARG_STRING, &ip_address, +- "The local IP address the service is running and advertised " +- "(only one, 0.0.0.0 won't work)", NULL }, ++ { "interface-name", 'I', 0, G_OPTION_ARG_STRING, &interface_name, ++ "The local interface name the service is running and advertised", NULL }, + // The following is not very reliable, as libupnp does not set + // SO_REUSEADDR by default, so it might increment (sending patch). + { "port", 'p', 0, G_OPTION_ARG_INT, &listen_port, +@@ -302,7 +297,7 @@ int main(int argc, char **argv) + listen_port); + return EXIT_FAILURE; + } +- device = upnp_device_init(upnp_renderer, ip_address, listen_port); ++ device = upnp_device_init(upnp_renderer, interface_name, listen_port); + if (device == NULL) { + Log_error("main", "ERROR: Failed to initialize UPnP device"); + return EXIT_FAILURE; +diff --git a/src/upnp_device.c b/src/upnp_device.c +index db65e4f..3151238 100644 +--- a/src/upnp_device.c ++++ b/src/upnp_device.c +@@ -416,13 +416,13 @@ static UPNP_CALLBACK(event_handler, EventType, event, userdata) + + static gboolean initialize_device(struct upnp_device_descriptor *device_def, + struct upnp_device *result_device, +- const char *ip_address, ++ const char *interface_name, + unsigned short port) + { + int rc; + char *buf; + +- rc = UpnpInit(ip_address, port); ++ rc = UpnpInit2(interface_name, port); + /* There have been situations reported in which UPNP had issues + * initializing right after network came up. #129 + */ +@@ -430,13 +430,13 @@ static gboolean initialize_device(struct upnp_device_descriptor *device_def, + static const int kRetryTimeMs = 1000; + while (rc != UPNP_E_SUCCESS && retries_left--) { + usleep(kRetryTimeMs * 1000); +- Log_error("upnp", "UpnpInit(ip=%s, port=%d) Error: %s (%d). Retrying... (%ds)", +- ip_address, port, UpnpGetErrorMessage(rc), rc, retries_left); +- rc = UpnpInit(ip_address, port); ++ Log_error("upnp", "UpnpInit2(interface=%s, port=%d) Error: %s (%d). Retrying... (%ds)", ++ interface_name, port, UpnpGetErrorMessage(rc), rc, retries_left); ++ rc = UpnpInit2(interface_name, port); + } + if (UPNP_E_SUCCESS != rc) { +- Log_error("upnp", "UpnpInit(ip=%s, port=%d) Error: %s (%d). Giving up.", +- ip_address, port, UpnpGetErrorMessage(rc), rc); ++ Log_error("upnp", "UpnpInit2(interface=%s, port=%d) Error: %s (%d). Giving up.", ++ interface_name, port, UpnpGetErrorMessage(rc), rc); + return FALSE; + } + Log_info("upnp", "Registered IP=%s port=%d\n", +@@ -483,7 +483,7 @@ static gboolean initialize_device(struct upnp_device_descriptor *device_def, + } + + struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def, +- const char *ip_address, ++ const char *interface_name, + unsigned short port) + { + int rc; +@@ -516,7 +516,7 @@ struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def, + webserver_register_buf(srv->scpd_url, buf, "text/xml"); + } + +- if (!initialize_device(device_def, result_device, ip_address, port)) { ++ if (!initialize_device(device_def, result_device, interface_name, port)) { + UpnpFinish(); + free(result_device); + return NULL; +diff --git a/src/upnp_device.h b/src/upnp_device.h +index 3e635e1..8c8e783 100644 +--- a/src/upnp_device.h ++++ b/src/upnp_device.h +@@ -49,7 +49,7 @@ struct upnp_device; + struct action_event; + + struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def, +- const char *ip_address, ++ const char *interface_name, + unsigned short port); + + void upnp_device_shutdown(struct upnp_device *device); diff --git a/package/gmrender-resurrect/Config.in b/package/gmrender-resurrect/Config.in index e7424e3b22..db655ad7f4 100644 --- a/package/gmrender-resurrect/Config.in +++ b/package/gmrender-resurrect/Config.in @@ -5,7 +5,7 @@ config BR2_PACKAGE_GMRENDER_RESURRECT depends on BR2_USE_MMU # gstreamer1 select BR2_PACKAGE_GSTREAMER1 select BR2_PACKAGE_GST1_PLUGINS_BASE # run-time only - select BR2_PACKAGE_LIBUPNP18 if !BR2_PACKAGE_LIBUPNP + select BR2_PACKAGE_LIBUPNP help UPnP (DLNA) media renderer based on gstreamer diff --git a/package/gmrender-resurrect/gmrender-resurrect.mk b/package/gmrender-resurrect/gmrender-resurrect.mk index e25be39493..3500ab3760 100644 --- a/package/gmrender-resurrect/gmrender-resurrect.mk +++ b/package/gmrender-resurrect/gmrender-resurrect.mk @@ -13,6 +13,6 @@ GMRENDER_RESURRECT_LICENSE = GPL-2.0+ GMRENDER_RESURRECT_LICENSE_FILES = COPYING GMRENDER_RESURRECT_DEPENDENCIES = \ gstreamer1 \ - $(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18) + libupnp $(eval $(autotools-package)) From patchwork Tue Sep 1 06:10:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1354750 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=UIxyUQU6; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BgcDJ1jtyz9sTN for ; Tue, 1 Sep 2020 16:12:16 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 7D2D922CCE; Tue, 1 Sep 2020 06:12:14 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tjPb7Rgb5-re; Tue, 1 Sep 2020 06:11:41 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id A185422DEC; Tue, 1 Sep 2020 06:10:56 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 00BC11BF39F for ; Tue, 1 Sep 2020 06:10:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 48D8622E6E for ; Tue, 1 Sep 2020 06:10:54 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VGKOIvYj4ZO0 for ; Tue, 1 Sep 2020 06:10:42 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by silver.osuosl.org (Postfix) with ESMTPS id 25BCF2036C for ; Tue, 1 Sep 2020 06:10:42 +0000 (UTC) Received: by mail-wm1-f41.google.com with SMTP id e11so210458wme.0 for ; Mon, 31 Aug 2020 23:10:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=c3PndcgCLl+WPcGCg2SmWpSfWoMEc7T4NJj76BRBE3M=; b=UIxyUQU6Ib3t5yv4E4a17a1glorXIRoVMhqSJXX92kFPOuZlgsSWpMGeUTPvU/qePZ ZVcZ+VBZ488M6JXPZreIVuDZeHuQ83G/Xj8TYiwqyjEWYWMc261CBGAs1/y2+kRjFgob U6Pmftmr2ljfNwNPzortH/aHTamAR7xhz6i/f2+dqSNhqvY4mhN0Bn790YFFDCLxUl8R QrGwvx11PvnUOMSeUNVTCialqS4qYCDKWxQ76aen/nMkjG/Rsgl36+hqijBUcuqJD+02 7NS/HIYf59fEGMdAdCgHB+EBz4H8uUN1hY8Fvr8Kkz588GnkHr7fariQNBjy2ThBj3ay cnKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=c3PndcgCLl+WPcGCg2SmWpSfWoMEc7T4NJj76BRBE3M=; b=SmDzMgt1CD7eW/BVF8mychfsSBx+l/3BZeVc7LHplrbMKR1YL4v/hA90SqFLcWyfzT NTK+J3a7dIqcO1f01VuVXr5uXNrfqRRHpkHclWv1G5MKs5VgfOMZ4mkwJv1+TFe4lKF8 QiOM+sHnvOKdumkPp/Hzgw5p6dGzC7r4YE0ILwxCg0nH+5plqkpR+YiRk1AAuOEgI5nw cDBYNrnQDgIxRfm8gJvA7JCQvpvvkW4hjTMldwYwDAgcEJ1yQo2wSXDjzCNL1/Fx6TU2 qDjrew/twRnWeBMtIaHxGbL6pBTneFYNVQGmQURo0aTo6VdP/em1b3c9eU433lPRjmPc yZKw== X-Gm-Message-State: AOAM533priZHO/U92aZg05Z68WuYwYROuEmu2w77ygnE1x84gUKrQ2SI zsRR31a76FPtPvAJjlNY7uSwXiWlJSI= X-Google-Smtp-Source: ABdhPJxdVvK6G7SWs9YJDdwTyt5KfduPk95oqLLHhem1khqwmBJBdHhGeSppKP9gSUY3W8PcMCzxuw== X-Received: by 2002:a1c:4e01:: with SMTP id g1mr145905wmh.112.1598940639970; Mon, 31 Aug 2020 23:10:39 -0700 (PDT) Received: from kali.home (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr. [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9]) by smtp.gmail.com with ESMTPSA id v7sm969907wma.1.2020.08.31.23.10.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Aug 2020 23:10:39 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Tue, 1 Sep 2020 08:10:26 +0200 Message-Id: <20200901061027.2294973-5-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> References: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH/next v2, 5/6] package/ushare: add libupnp 1.14.x support X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bernd Kuhls , Hiroshi Kawashima , Simon Dawson , Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" This switch is needed to fix CallStranger a.k.a. CVE-2020-12695 Signed-off-by: Fabrice Fontaine --- .../0004-switch-to-libupnp-1.14.x-API.patch | 433 ++++++++++++++++++ 1 file changed, 433 insertions(+) create mode 100644 package/ushare/0004-switch-to-libupnp-1.14.x-API.patch diff --git a/package/ushare/0004-switch-to-libupnp-1.14.x-API.patch b/package/ushare/0004-switch-to-libupnp-1.14.x-API.patch new file mode 100644 index 0000000000..e200bb1926 --- /dev/null +++ b/package/ushare/0004-switch-to-libupnp-1.14.x-API.patch @@ -0,0 +1,433 @@ +From 4643b9cb9e6c0331fd663437a7ed8061b9edf971 Mon Sep 17 00:00:00 2001 +From: Fabrice Fontaine +Date: Mon, 24 Aug 2020 19:26:03 +0200 +Subject: [PATCH] switch to libupnp 1.14.x API + +Use the new libupnp 1.14.x API (i.e. UpnpInit2) to allow ushare to be +protected against CallStranger a.k.a. CVE-2020-12695 + +Signed-off-by: Fabrice Fontaine +[Retrieved from: +https://github.com/ddugovic/uShare/commit/4643b9cb9e6c0331fd663437a7ed8061b9edf971] +--- + configure | 2 -- + src/http.c | 50 +++++++++++++++++++++++++++++++------------------- + src/http.h | 24 ++++++++++++++++++------ + src/services.c | 28 ++++++++++++++++++---------- + src/services.h | 6 +++--- + src/ushare.c | 36 ++++++++++++++++++------------------ + src/ushare.h | 2 +- + 7 files changed, 89 insertions(+), 59 deletions(-) + +diff --git a/configure b/configure +index 20a08ed..4a3efe0 100755 +--- a/configure ++++ b/configure +@@ -638,8 +638,6 @@ fi + echolog "Checking for libixml ..." + check_lib upnp/ixml.h ixmlRelaxParser -lixml || die "Error, can't find libixml !" + +-echolog "Checking for libthreadutil ..." +-check_lib upnp/ThreadPool.h ThreadPoolAdd "-lthreadutil -lpthread" || die "Error, can't find libthreadutil !" + add_extralibs -lpthread + + libupnp_min_version="1.4.2" +diff --git a/src/http.c b/src/http.c +index 8a4e67d..1e5b350 100644 +--- a/src/http.c ++++ b/src/http.c +@@ -68,17 +68,19 @@ struct web_file_t { + + + static inline void +-set_info_file (struct File_Info *info, const size_t length, ++set_info_file (UpnpFileInfo *info, const size_t length, + const char *content_type) + { +- info->file_length = length; +- info->last_modified = 0; +- info->is_directory = 0; +- info->is_readable = 1; +- info->content_type = ixmlCloneDOMString (content_type); ++ UpnpFileInfo_set_FileLength(info, length); ++ UpnpFileInfo_set_LastModified(info, 0); ++ UpnpFileInfo_set_IsDirectory(info, 0); ++ UpnpFileInfo_set_IsReadable(info, 1); ++ UpnpFileInfo_set_ContentType(info, ixmlCloneDOMString (content_type)); + } + +-int http_get_info (const char *filename, struct File_Info *info) ++int http_get_info (const char *filename, UpnpFileInfo *info, ++ const void* cookie __attribute__((unused)), ++ const void** requestCookie __attribute__((unused))) + { + extern struct ushare_t *ut; + struct upnp_entry_t *entry = NULL; +@@ -143,15 +145,15 @@ int http_get_info (const char *filename, struct File_Info *info) + { + if (errno != EACCES) + return -1; +- info->is_readable = 0; ++ UpnpFileInfo_set_IsReadable(info, 0); + } + else +- info->is_readable = 1; ++ UpnpFileInfo_set_IsReadable(info, 1); + + /* file exist and can be read */ +- info->file_length = st.st_size; +- info->last_modified = st.st_mtime; +- info->is_directory = S_ISDIR (st.st_mode); ++ UpnpFileInfo_set_FileLength(info, st.st_size); ++ UpnpFileInfo_set_LastModified(info, st.st_mtime); ++ UpnpFileInfo_set_IsDirectory(info, S_ISDIR (st.st_mode)); + + protocol = + #ifdef HAVE_DLNA +@@ -172,11 +174,11 @@ int http_get_info (const char *filename, struct File_Info *info) + + if (content_type) + { +- info->content_type = ixmlCloneDOMString (content_type); ++ UpnpFileInfo_set_ContentType(info, ixmlCloneDOMString (content_type)); + free (content_type); + } + else +- info->content_type = ixmlCloneDOMString (""); ++ UpnpFileInfo_set_ContentType(info, ixmlCloneDOMString ("")); + + return 0; + } +@@ -197,7 +199,9 @@ get_file_memory (const char *fullpath, const char *description, + return ((UpnpWebFileHandle) file); + } + +-UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode) ++UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode, ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))) + { + extern struct ushare_t *ut; + struct upnp_entry_t *entry = NULL; +@@ -250,7 +254,9 @@ UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode) + return ((UpnpWebFileHandle) file); + } + +-int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen) ++int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen, ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))) + { + struct web_file_t *file = (struct web_file_t *) fh; + ssize_t len = -1; +@@ -285,14 +291,18 @@ int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen) + + int http_write (UpnpWebFileHandle fh __attribute__((unused)), + char *buf __attribute__((unused)), +- size_t buflen __attribute__((unused))) ++ size_t buflen __attribute__((unused)), ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))) + { + log_verbose ("http write\n"); + + return 0; + } + +-int http_seek (UpnpWebFileHandle fh, off_t offset, int origin) ++int http_seek (UpnpWebFileHandle fh, off_t offset, int origin, ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))) + { + struct web_file_t *file = (struct web_file_t *) fh; + off_t newpos = -1; +@@ -366,7 +376,9 @@ int http_seek (UpnpWebFileHandle fh, off_t offset, int origin) + return 0; + } + +-int http_close (UpnpWebFileHandle fh) ++int http_close (UpnpWebFileHandle fh, ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))) + { + struct web_file_t *file = (struct web_file_t *) fh; + +diff --git a/src/http.h b/src/http.h +index 32d6bcc..c912a7b 100644 +--- a/src/http.h ++++ b/src/http.h +@@ -25,18 +25,30 @@ + #include + #include + +-int http_get_info (const char *filename, struct File_Info *info); ++int http_get_info (const char *filename, UpnpFileInfo *info, ++ const void* cookie __attribute__((unused)), ++ const void** requestCookie __attribute__((unused))); + +-UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode); ++UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode, ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))); + +-int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen); ++int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen, ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))); + +-int http_seek (UpnpWebFileHandle fh, off_t offset, int origin); ++int http_seek (UpnpWebFileHandle fh, off_t offset, int origin, ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))); + + int http_write (UpnpWebFileHandle fh __attribute__((unused)), + char *buf __attribute__((unused)), +- size_t buflen __attribute__((unused))); ++ size_t buflen __attribute__((unused)), ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))); + +-int http_close (UpnpWebFileHandle fh); ++int http_close (UpnpWebFileHandle fh, ++ const void* cookie __attribute__((unused)), ++ const void* requestCookie __attribute__((unused))); + + #endif /* _HTTP_H_ */ +diff --git a/src/services.c b/src/services.c +index aec9cf8..287df55 100644 +--- a/src/services.c ++++ b/src/services.c +@@ -62,25 +62,28 @@ static struct service_t services[] = { + }; + + bool +-find_service_action (struct Upnp_Action_Request *request, ++find_service_action (UpnpActionRequest *request, + struct service_t **service, + struct service_action_t **action) + { + int c, d; ++ const char *actionName = NULL; + + *service = NULL; + *action = NULL; ++ ++ actionName = UpnpActionRequest_get_ActionName_cstr(request); + +- if (!request || !request->ActionName) ++ if (!request || !actionName) + return false; + + for (c = 0; services[c].id != NULL; c++) +- if (!strcmp (services[c].id, request->ServiceID)) ++ if (!strcmp (services[c].id, UpnpActionRequest_get_ServiceID_cstr(request))) + { + *service = &services[c]; + for (d = 0; services[c].actions[d].name; d++) + { +- if (!strcmp (services[c].actions[d].name, request->ActionName)) ++ if (!strcmp (services[c].actions[d].name, actionName)) + { + *action = &services[c].actions[d]; + return true; +@@ -97,6 +100,7 @@ upnp_add_response (struct action_event_t *event, char *key, const char *value) + { + char *val; + int res; ++ IXML_Document* actionResult = NULL; + + if (!event || !event->status || !key || !value) + return false; +@@ -105,8 +109,9 @@ upnp_add_response (struct action_event_t *event, char *key, const char *value) + if (!val) + return false; + +- res = UpnpAddToActionResponse (&event->request->ActionResult, +- event->request->ActionName, ++ actionResult = UpnpActionRequest_get_ActionResult(event->request); ++ res = UpnpAddToActionResponse (&actionResult, ++ UpnpActionRequest_get_ActionName_cstr(event->request), + event->service->type, key, val); + + if (res != UPNP_E_SUCCESS) +@@ -120,14 +125,17 @@ upnp_add_response (struct action_event_t *event, char *key, const char *value) + } + + char * +-upnp_get_string (struct Upnp_Action_Request *request, const char *key) ++upnp_get_string (UpnpActionRequest *request, const char *key) + { + IXML_Node *node = NULL; ++ IXML_Document *actionRequest = NULL; + +- if (!request || !request->ActionRequest || !key) ++ actionRequest = UpnpActionRequest_get_ActionRequest(request); ++ ++ if (!request || !actionRequest || !key) + return NULL; + +- node = (IXML_Node *) request->ActionRequest; ++ node = (IXML_Node *) actionRequest; + if (!node) + { + log_verbose ("Invalid action request document\n"); +@@ -157,7 +165,7 @@ upnp_get_string (struct Upnp_Action_Request *request, const char *key) + } + + int +-upnp_get_ui4 (struct Upnp_Action_Request *request, const char *key) ++upnp_get_ui4 (UpnpActionRequest *request, const char *key) + { + char *value; + int val; +diff --git a/src/services.h b/src/services.h +index 89c072e..d5726b4 100644 +--- a/src/services.h ++++ b/src/services.h +@@ -39,15 +39,15 @@ struct service_t { + + #define SERVICE_CONTENT_TYPE "text/xml" + +-bool find_service_action (struct Upnp_Action_Request *request, ++bool find_service_action (UpnpActionRequest *request, + struct service_t **service, + struct service_action_t **action); + + bool upnp_add_response (struct action_event_t *event, + char *key, const char *value); + +-char * upnp_get_string (struct Upnp_Action_Request *request, const char *key); ++char * upnp_get_string (UpnpActionRequest *request, const char *key); + +-int upnp_get_ui4 (struct Upnp_Action_Request *request, const char *key); ++int upnp_get_ui4 (UpnpActionRequest *request, const char *key); + + #endif /* _SERVICES_H_ */ +diff --git a/src/ushare.c b/src/ushare.c +index 28fd67e..92e2345 100644 +--- a/src/ushare.c ++++ b/src/ushare.c +@@ -177,7 +177,7 @@ ushare_signal_exit (void) + } + + static void +-handle_action_request (struct Upnp_Action_Request *request) ++handle_action_request (UpnpActionRequest *request) + { + struct service_t *service; + struct service_action_t *action; +@@ -187,25 +187,25 @@ handle_action_request (struct Upnp_Action_Request *request) + if (!request || !ut) + return; + +- if (request->ErrCode != UPNP_E_SUCCESS) ++ if (UpnpActionRequest_get_ErrCode(request) != UPNP_E_SUCCESS) + return; + +- if (strcmp (request->DevUDN + 5, ut->udn)) ++ if (strcmp (UpnpActionRequest_get_DevUDN_cstr(request) + 5, ut->udn)) + return; + +- ip = (*(struct sockaddr_in *)&request->CtrlPtIPAddr).sin_addr.s_addr; ++ ip = (*(struct sockaddr_in *)UpnpActionRequest_get_CtrlPtIPAddr(request)).sin_addr.s_addr; + ip = ntohl (ip); + sprintf (val, "%d.%d.%d.%d", + (ip >> 24) & 0xFF, (ip >> 16) & 0xFF, (ip >> 8) & 0xFF, ip & 0xFF); + + if (ut->verbose) + { +- DOMString str = ixmlPrintDocument (request->ActionRequest); ++ DOMString str = ixmlPrintDocument (UpnpActionRequest_get_ActionRequest(request)); + log_verbose ("***************************************************\n"); + log_verbose ("** New Action Request **\n"); + log_verbose ("***************************************************\n"); +- log_verbose ("ServiceID: %s\n", request->ServiceID); +- log_verbose ("ActionName: %s\n", request->ActionName); ++ log_verbose ("ServiceID: %s\n", UpnpActionRequest_get_ServiceID_cstr(request)); ++ log_verbose ("ActionName: %s\n", UpnpActionRequest_get_ActionName_cstr(request)); + log_verbose ("CtrlPtIP: %s\n", val); + log_verbose ("Action Request:\n%s\n", str); + ixmlFreeDOMString (str); +@@ -220,11 +220,11 @@ handle_action_request (struct Upnp_Action_Request *request) + event.service = service; + + if (action->function (&event) && event.status) +- request->ErrCode = UPNP_E_SUCCESS; ++ UpnpActionRequest_set_ErrCode(request, UPNP_E_SUCCESS); + + if (ut->verbose) + { +- DOMString str = ixmlPrintDocument (request->ActionResult); ++ DOMString str = ixmlPrintDocument (UpnpActionRequest_get_ActionResult(request)); + log_verbose ("Action Result:\n%s", str); + log_verbose ("***************************************************\n"); + log_verbose ("\n"); +@@ -235,22 +235,22 @@ handle_action_request (struct Upnp_Action_Request *request) + } + + if (service) /* Invalid Action name */ +- strcpy (request->ErrStr, "Unknown Service Action"); ++ UpnpActionRequest_strcpy_ErrStr(request, "Unknown Service Action"); + else /* Invalid Service name */ +- strcpy (request->ErrStr, "Unknown Service ID"); ++ UpnpActionRequest_strcpy_ErrStr(request, "Unknown Service ID"); + +- request->ActionResult = NULL; +- request->ErrCode = UPNP_SOAP_E_INVALID_ACTION; ++ UpnpActionRequest_set_ActionResult(request, NULL); ++ UpnpActionRequest_set_ErrCode(request, UPNP_SOAP_E_INVALID_ACTION); + } + + static int +-device_callback_event_handler (Upnp_EventType type, void *event, ++device_callback_event_handler (Upnp_EventType type, const void *event, + void *cookie __attribute__((unused))) + { + switch (type) + { + case UPNP_CONTROL_ACTION_REQUEST: +- handle_action_request ((struct Upnp_Action_Request *) event); ++ handle_action_request ((UpnpActionRequest *) event); + break; + case UPNP_CONTROL_ACTION_COMPLETE: + case UPNP_EVENT_SUBSCRIPTION_REQUEST: +@@ -323,7 +323,7 @@ init_upnp (struct ushare_t *ut) + #endif /* HAVE_DLNA */ + + log_info (_("Initializing UPnP subsystem ...\n")); +- res = UpnpInit (ut->ip, ut->port); ++ res = UpnpInit2 (ut->interface, ut->port); + if (res != UPNP_E_SUCCESS) + { + log_error (_("Cannot initialize UPnP subsystem\n")); +@@ -351,7 +351,7 @@ init_upnp (struct ushare_t *ut) + log_info (_("UPnP MediaServer listening on %s:%d\n"), + UpnpGetServerIpAddress (), ut->port); + +- UpnpEnableWebserver (TRUE); ++ UpnpEnableWebserver (1); + + #define upnp_set_callback(cb, func) \ + do { \ +@@ -371,7 +371,7 @@ init_upnp (struct ushare_t *ut) + upnp_set_callback(Write, http_write); + upnp_set_callback(Close, http_close); + +- res = UpnpAddVirtualDir (VIRTUAL_DIR); ++ res = UpnpAddVirtualDir (VIRTUAL_DIR, NULL, NULL); + if (res != UPNP_E_SUCCESS) + { + log_error (_("Cannot add virtual directory for web server\n")); +diff --git a/src/ushare.h b/src/ushare.h +index a29da01..cd86cef 100644 +--- a/src/ushare.h ++++ b/src/ushare.h +@@ -125,7 +125,7 @@ struct ushare_t { + }; + + struct action_event_t { +- struct Upnp_Action_Request *request; ++ UpnpActionRequest *request; + bool status; + struct service_t *service; + }; From patchwork Tue Sep 1 06:10:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fabrice Fontaine X-Patchwork-Id: 1354749 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=KGVHmmoD; dkim-atps=neutral Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4BgcCV1N9Fz9sTN for ; Tue, 1 Sep 2020 16:11:34 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 0DF6C20345; Tue, 1 Sep 2020 06:11:32 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvt7W8TTo-hX; Tue, 1 Sep 2020 06:11:11 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id ABCDD204E7; Tue, 1 Sep 2020 06:10:51 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 014481BF39F for ; Tue, 1 Sep 2020 06:10:50 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id EF423204E7 for ; Tue, 1 Sep 2020 06:10:49 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id asP5MAz6M1No for ; Tue, 1 Sep 2020 06:10:43 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by silver.osuosl.org (Postfix) with ESMTPS id 77104203C4 for ; Tue, 1 Sep 2020 06:10:43 +0000 (UTC) Received: by mail-wm1-f54.google.com with SMTP id z9so212165wmk.1 for ; Mon, 31 Aug 2020 23:10:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=D+S5W79THnAqZGYTg/laDLoEIvUSwgP2nQAxU12phac=; b=KGVHmmoD/hLO4MPxY5SAqAsoTqTj/OWGiZATwFkY7mcoBfkOmr+o7+L60xqWLZUniz QmUuvvh+6UL9blbcBdETj/+JLVIjkKRjH2qtDg2CrhT72sTShC3622n0JxEezaXBN1dj 8lBxdjegxND5lUVq2XbVSrLdL2ye6XFUqpcjhOKFODwKIEUmnNMtgq3NyMIjpn9zM1XN kGBVg/jIeAr/Cd1joru2suRx4//qPpX7+MPpHWuXd2aKjQ5xz9qDE46gcBKT4m61d2bq skzKpbpiTzMUkXAGAuAbXTsyUkWXUlsQoSZQH4hIMI1JuUn84d21sOr5XRgrrz14GHRP TztQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=D+S5W79THnAqZGYTg/laDLoEIvUSwgP2nQAxU12phac=; b=uB5z7p6jTrgYuLHTcl0wiQlI7WlFclDSZkd4uxqewHBcBmkbCVR0OmrASgSUzD7pCV 7n6dJCkRM6AmKCqMBkKyfek9Stf02w1fQ43jUUwo00XMohVmahg/apLwZCZJKVV9VTrR pZIlL+D88J8PAP3bRRc7uMiJlzcqUozRRHWhfGTJAShmGVH9hGDOuawOuNNij7Em0Bf8 1tZVdjarfw0f17YvN1kNHiA3CW5Wv+ceR4rujLJ0xZpCP3YhnhpBLvP7o1jSGm431slg rM09edRRRYfSYceQar2oemtVOeb0i507vaaKxgtyUXCKl3kXrW1qrWUL37Ual+Jydsja eI9g== X-Gm-Message-State: AOAM5309mLCe8vgm3jiTu/ZzOhAaSFQzzmZxI7lovjboCmM4V7+v+XKC wZOmJl2oVc8r2pztOta5EkQKcP9iz7k= X-Google-Smtp-Source: ABdhPJwX6D/dsMLx1GITYBa/aDb6yDrFaEpUkEoW9yzI+oF6vCpEfRlhgPyqJL2ZRYlHt2yXe+GXOg== X-Received: by 2002:a1c:7707:: with SMTP id t7mr152204wmi.82.1598940641368; Mon, 31 Aug 2020 23:10:41 -0700 (PDT) Received: from kali.home (2a01cb0881b76d00c2afd0dfa851d2b9.ipv6.abo.wanadoo.fr. [2a01:cb08:81b7:6d00:c2af:d0df:a851:d2b9]) by smtp.gmail.com with ESMTPSA id v7sm969907wma.1.2020.08.31.23.10.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 31 Aug 2020 23:10:40 -0700 (PDT) From: Fabrice Fontaine To: buildroot@buildroot.org Date: Tue, 1 Sep 2020 08:10:27 +0200 Message-Id: <20200901061027.2294973-6-fontaine.fabrice@gmail.com> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> References: <20200901061027.2294973-1-fontaine.fabrice@gmail.com> MIME-Version: 1.0 Subject: [Buildroot] [PATCH/next v2,6/6] package/libupnp18: drop package X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bernd Kuhls , Hiroshi Kawashima , Simon Dawson , Fabrice Fontaine Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Drop libupnp18 as libupnp has been bumped to 1.14.x and 1.8.x will not been fixed against CallStranger a.k.a. CVE-2020-12695 mpd and vlc are already compliant with libupnp 1.14.x (i.e those packages use UpnpInit2 instead of the deprecated UpnpInit) Signed-off-by: Fabrice Fontaine --- Config.in.legacy | 10 ++++++++++ DEVELOPERS | 1 - package/Config.in | 1 - package/libupnp18/Config.in | 16 ---------------- package/libupnp18/libupnp18.hash | 5 ----- package/libupnp18/libupnp18.mk | 26 -------------------------- package/mpd/Config.in | 2 +- package/mpd/mpd.mk | 2 +- package/vlc/vlc.mk | 4 ++-- 9 files changed, 14 insertions(+), 53 deletions(-) delete mode 100644 package/libupnp18/Config.in delete mode 100644 package/libupnp18/libupnp18.hash delete mode 100644 package/libupnp18/libupnp18.mk diff --git a/Config.in.legacy b/Config.in.legacy index 4e2809b562..1134e97159 100644 --- a/Config.in.legacy +++ b/Config.in.legacy @@ -146,6 +146,16 @@ endif comment "Legacy options removed in 2020.08" +config BR2_PACKAGE_LIBUPNP18 + bool "libupnp18 package removed" + select BR2_LEGACY + select BR2_PACKAGE_LIBUPNP + help + Version 1.8.x of libupnp (i.e. libupnp18) has been removed + because it will never be fixed against CallStranger a.k.a. + CVE-2020-12695. The libupnp package (which has been updated to + version 1.14.x) has been selected instead. + config BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_AMD64 bool "toolchain-external-codesourcery-amd64 removed" select BR2_LEGACY diff --git a/DEVELOPERS b/DEVELOPERS index 721cec05f6..8a73fdcaee 100644 --- a/DEVELOPERS +++ b/DEVELOPERS @@ -879,7 +879,6 @@ F: package/librsync/ F: package/libsoup/ F: package/libsoxr/ F: package/libupnp/ -F: package/libupnp18/ F: package/libv4l/ F: package/libxslt/ F: package/mbedtls/ diff --git a/package/Config.in b/package/Config.in index 9e9b6a83bd..8236b6d55d 100644 --- a/package/Config.in +++ b/package/Config.in @@ -1739,7 +1739,6 @@ menu "Networking" source "package/libtorrent-rasterbar/Config.in" source "package/libuhttpd/Config.in" source "package/libupnp/Config.in" - source "package/libupnp18/Config.in" source "package/libupnpp/Config.in" source "package/liburiparser/Config.in" source "package/libuwsc/Config.in" diff --git a/package/libupnp18/Config.in b/package/libupnp18/Config.in deleted file mode 100644 index 58508e4e26..0000000000 --- a/package/libupnp18/Config.in +++ /dev/null @@ -1,16 +0,0 @@ -config BR2_PACKAGE_LIBUPNP18 - bool "libupnp18" - depends on BR2_TOOLCHAIN_HAS_THREADS - depends on !BR2_PACKAGE_LIBUPNP - help - The portable SDK for UPnP(tm) Devices (libupnp) provides - developers with an API and open source code for building - control points, devices, and bridges that are compliant with - Version 1.0 of the Universal Plug and Play Device Architecture - Specification - - http://pupnp.sourceforge.net/ - -comment "libupnp18 needs a toolchain w/ threads" - depends on !BR2_PACKAGE_LIBUPNP - depends on !BR2_TOOLCHAIN_HAS_THREADS diff --git a/package/libupnp18/libupnp18.hash b/package/libupnp18/libupnp18.hash deleted file mode 100644 index ba9ce1bcdf..0000000000 --- a/package/libupnp18/libupnp18.hash +++ /dev/null @@ -1,5 +0,0 @@ -# From https://sourceforge.net/projects/pupnp/files/pupnp/libupnp-1.8.7/libupnp-1.8.7.tar.bz2.sha1 -sha1 2ea3011180c58b0584f0cb73cc8e685a0a1c4ec8 libupnp-1.8.7.tar.bz2 -# Locally computed: -sha256 e38c69b2b67322e67cd53680db9b02c7c1f720a47a3cd626fd89d57d2dca93b8 libupnp-1.8.7.tar.bz2 -sha256 c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3 COPYING diff --git a/package/libupnp18/libupnp18.mk b/package/libupnp18/libupnp18.mk deleted file mode 100644 index f17a1a720d..0000000000 --- a/package/libupnp18/libupnp18.mk +++ /dev/null @@ -1,26 +0,0 @@ -################################################################################ -# -# libupnp18 -# -################################################################################ - -LIBUPNP18_VERSION = 1.8.7 -LIBUPNP18_SOURCE = libupnp-$(LIBUPNP18_VERSION).tar.bz2 -LIBUPNP18_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP18_VERSION) -LIBUPNP18_CONF_ENV = ac_cv_lib_compat_ftime=no -LIBUPNP18_INSTALL_STAGING = YES -LIBUPNP18_LICENSE = BSD-3-Clause -LIBUPNP18_LICENSE_FILES = COPYING -LIBUPNP18_DEPENDENCIES = host-pkgconf - -# Bind the internal miniserver socket with reuseaddr to allow clean restarts. -LIBUPNP18_CONF_OPTS += --enable-reuseaddr - -ifeq ($(BR2_PACKAGE_OPENSSL),y) -LIBUPNP18_CONF_OPTS += --enable-open-ssl -LIBUPNP18_DEPENDENCIES += openssl -else -LIBUPNP18_CONF_OPTS += --disable-open-ssl -endif - -$(eval $(autotools-package)) diff --git a/package/mpd/Config.in b/package/mpd/Config.in index 85e12b1be9..e6db1fa268 100644 --- a/package/mpd/Config.in +++ b/package/mpd/Config.in @@ -404,7 +404,7 @@ config BR2_PACKAGE_MPD_TCP config BR2_PACKAGE_MPD_UPNP bool "UPnP" select BR2_PACKAGE_EXPAT - select BR2_PACKAGE_LIBUPNP18 if !BR2_PACKAGE_LIBUPNP + select BR2_PACKAGE_LIBUPNP select BR2_PACKAGE_MPD_CURL help Enable MPD UPnP client support. diff --git a/package/mpd/mpd.mk b/package/mpd/mpd.mk index e8255f5146..9ed54f8df0 100644 --- a/package/mpd/mpd.mk +++ b/package/mpd/mpd.mk @@ -321,7 +321,7 @@ endif ifeq ($(BR2_PACKAGE_MPD_UPNP),y) MPD_DEPENDENCIES += \ expat \ - $(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18) + libupnp MPD_CONF_OPTS += -Dupnp=enabled else MPD_CONF_OPTS += -Dupnp=disabled diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk index ccaaa6cd6d..23bd695e02 100644 --- a/package/vlc/vlc.mk +++ b/package/vlc/vlc.mk @@ -380,9 +380,9 @@ else VLC_CONF_OPTS += --disable-theora endif -ifeq ($(BR2_PACKAGE_LIBUPNP)$(BR2_PACKAGE_LIBUPNP18),y) +ifeq ($(BR2_PACKAGE_LIBUPNP),y) VLC_CONF_OPTS += --enable-upnp -VLC_DEPENDENCIES += $(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18) +VLC_DEPENDENCIES += libupnp else VLC_CONF_OPTS += --disable-upnp endif