Hello community, here is the log from the commit of package libupnp for openSUSE:Factory checked in at 2013-02-18 13:54:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libupnp (Old) and /work/SRC/openSUSE:Factory/.libupnp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libupnp", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/libupnp/libupnp.changes 2012-07-20 10:24:13.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libupnp.new/libupnp.changes 2013-02-18 13:54:44.000000000 +0100 @@ -1,0 +2,73 @@ +Tue Feb 5 21:10:59 UTC 2013 - [email protected] + +- Update to version 1.6.18: + + Security fix for CERT issue VU#922681. + + CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf + + CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN + + CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN + + Notice that the following issues have already been dealt by + previous work: + - CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN + - CVE-2012-5962 Issue #3: Stack buffer overflow of + Evt->DeviceType + - CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN + - CVE-2012-5964 Issue #6: Stack buffer overflow of + Event->DeviceType + - CVE-2012-5965 Issue #7: Stack buffer overflow of + Event->DeviceType + + Fix memory leak and access violation in + UpnpSendAction(Ex)Async. + + Disable SetGenaCallback call if device is disabled. + + Fix problems detected as dead assignment warning by clang + scan-build. + + Fix condition for allocation failure in get_content_type(). + + Avoid dereference of null pointer in + ixmlNode_setNodeProperties. + + Avoid access violation after parser_parse_chunky_headers call. + + Remove possibility of access violation. + + Fix type of local variable stopSock in RunMiniServer(). + + Compilation optimisation. + + Use of thread-unsafe gmtime() in httpreadwrite.c sf#3507819. +- Changes from version 1.6.17: + + Remove implicit casts. + + Add --enable-unspecified_server + + Removing implicit casts in miniserver.c + + Bugs fixed: sf#3512833, sf#3510693, sf#3511149, sf#3514145. +- Changes from version 1.6.16: + + Replace sprintf by snprintf in http_WriteHttpPost to avoid + buffer overflow. + + Add infoSize parameter to get_sdk_info + + Check return code in ixml. + + Add --disable-optssdp option + + Add more explicit casts and remove dead code. + + Bug fix in ixmlNode_allowChildren. + + Improve upnp/genlib/net. + + Improve ssdp part. Do not compile + CreateClientRequestPacketUlaGua if IPv6 is disabled. + + Bugs fixed: sf#3502958, sf#3499781, sf#3499878, sf#3175217, + sf#3496993, sf#3497714, sf#3498442, sf#3498439, sf#3498436, + sf#3497714, sf#2989399, sf#3325246, sf#3417134, sf#3497159, + sf#3497140, sf#3497126, sf#3497034, sf#3497033, sf#3497027, + sf#3497009, sf#3496703, sf#3496702, sf#3496942, sf#3496938, + sf#3496934, sf#3496933, sf#3496581, sf#3495616, sf#3495286, + sf#3495280, sf#3494865, sf#3489999, sf#3489990, sf#3489999. +- Changes from version 1.6.15: + + Bug fix on M-SEARCH for IPv6 CPs. + + Retrieve IPv6 addresses in Upnp_Discovery. + + Fix bug sf#3469344. +- Changes from version 1.6.14: + + UPnP Low Power Support. + + Bug fix in IN6_IS_ADDR_GLOBAL. + + Bug Fix on M-SEARCH. + + Fixes for compilation under Windows. + + Several fixes to correctly use SOCKET (and related) types + instead of non-portable variations. +- Rebase libupnp-configure.patch. + +------------------------------------------------------------------- +Sun Feb 3 17:15:23 UTC 2013 - [email protected] + +- Previous patch was incomplete and did not consider files + in the upnp directory. (updates libupnp-configure.patch) + +------------------------------------------------------------------- Old: ---- libupnp-1.6.13.tar.bz2 New: ---- libupnp-1.6.18.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libupnp.spec ++++++ --- /var/tmp/diff_new_pack.xUsVRA/_old 2013-02-18 13:54:45.000000000 +0100 +++ /var/tmp/diff_new_pack.xUsVRA/_new 2013-02-18 13:54:45.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libupnp # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2011, Sascha Peilicke <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -20,7 +20,7 @@ %define lname libupnp6 Name: libupnp -Version: 1.6.13 +Version: 1.6.18 Release: 0 Summary: Portable Universal Plug and Play (UPnP) SDK License: BSD-3-Clause ++++++ libupnp-1.6.13.tar.bz2 -> libupnp-1.6.18.tar.bz2 ++++++ ++++ 44281 lines of diff (skipped) ++++++ libupnp-configure.patch ++++++ --- /var/tmp/diff_new_pack.xUsVRA/_old 2013-02-18 13:54:45.000000000 +0100 +++ /var/tmp/diff_new_pack.xUsVRA/_new 2013-02-18 13:54:45.000000000 +0100 @@ -1,5 +1,5 @@ ---- configure.ac.orig -+++ configure.ac +--- configure.ac 2013-01-29 16:39:56.000000000 +0100 ++++ configure.ac 2013-02-17 10:40:53.680021913 +0100 @@ -7,9 +7,9 @@ # (C) Copyright 2005-2007 RĂ©mi Turboult <[email protected]> # @@ -7,12 +7,12 @@ -AC_PREREQ(2.60) +AC_PREREQ([2.60]) --AC_INIT([libupnp], [1.6.13], [[email protected]]) -+AC_INIT([libupnp],[1.6.13],[[email protected]]) +-AC_INIT([libupnp], [1.6.18], [[email protected]]) ++AC_INIT([libupnp],[1.6.18],[[email protected]]) dnl ############################################################################ dnl # *Independently* of the above libupnp package version, the libtool version dnl # of the 3 libraries need to be updated whenever there is a change released: -@@ -293,7 +293,6 @@ AC_CANONICAL_HOST +@@ -366,7 +366,6 @@ # installed libraries. # AC_CONFIG_HEADERS([autoconfig.h upnp/inc/upnpconfig.h]) @@ -20,7 +20,7 @@ AC_REVISION([$Revision: 1.11 $]) -@@ -405,9 +404,12 @@ AC_MSG_RESULT($docdir) +@@ -506,9 +505,12 @@ # # Checks for programs # @@ -35,22 +35,24 @@ AC_PROG_INSTALL AC_PROG_MAKE_SET AC_PROG_EGREP -@@ -431,9 +433,6 @@ freebsd*) +@@ -532,9 +534,7 @@ #: # Use -O0 in debug so that variables do not get optimized out AX_CFLAGS_GCC_OPTION([-O0, -g]) - else - # add optimise for size - AX_CFLAGS_GCC_OPTION([-Os]) ++ fi ;; esac -@@ -447,8 +446,6 @@ echo "---------------------------------- +@@ -548,8 +548,7 @@ # AC_TYPE_SIZE_T AC_TYPE_OFF_T -AC_DEFINE([_LARGE_FILE_SOURCE], [], [Large files support]) -AC_DEFINE([_FILE_OFFSET_BITS], [64], [File Offset size]) ++ # @@ -78,20 +80,23 @@ AM_CPPFLAGS += -DDEBUG -DSTATS --- upnp/src/api/UpnpString.c.orig +++ upnp/src/api/UpnpString.c -@@ -28,33 +28,6 @@ +@@ -28,38 +28,6 @@ /* Other systems have strncasecmp */ #endif --/* strnlen() is a GNU extension. */ --#if HAVE_STRNLEN -- extern size_t strnlen(const char *s, size_t maxlen); --#else /* HAVE_STRNLEN */ -- static size_t strnlen(const char *s, size_t n) -- { -- const char *p = (const char *)memchr(s, 0, n); -- return p ? p - s : n; -- } --#endif /* HAVE_STRNLEN */ +-#ifndef UPNP_USE_MSVCPP +- /* VC has strnlen which is already included but with (potentially) different linkage */ +- /* strnlen() is a GNU extension. */ +- #if HAVE_STRNLEN +- extern size_t strnlen(const char *s, size_t maxlen); +- #else /* HAVE_STRNLEN */ +- static size_t strnlen(const char *s, size_t n) +- { +- const char *p = (const char *)memchr(s, 0, n); +- return p ? p - s : n; +- } +- #endif /* HAVE_STRNLEN */ +-#endif /* WIN32 */ - -/* strndup() is a GNU extension. */ -#if HAVE_STRNDUP && !defined(WIN32) @@ -101,6 +106,8 @@ - { - size_t strsize = strnlen(__string, __n); - char *newstr = (char *)malloc(strsize + 1); +- if (newstr == NULL) +- return NULL; - - strncpy(newstr, __string, strsize); - newstr[strsize] = 0; @@ -112,3 +119,14 @@ /*! * \brief Internal implementation of the class UpnpString. * +--- upnp/Makefile.am.orig ++++ upnp/Makefile.am +@@ -6,7 +6,7 @@ + + SUBDIRS = doc . sample + +-AM_CPPFLAGS = \ ++AM_CPPFLAGS = -include $(top_builddir)/autoconfig.h \ + -I$(srcdir)/inc \ + -I$(top_srcdir)/threadutil/inc \ + -I$(top_srcdir)/ixml/inc -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
