commit: 84d8f21cc2ca94d4f4a3146302726bd1c8fd3f47 Author: Ian Whyman <thev00d00 <AT> gentoo <DOT> org> AuthorDate: Thu Sep 15 19:50:47 2016 +0000 Commit: Ian Whyman <thev00d00 <AT> gentoo <DOT> org> CommitDate: Thu Sep 15 19:51:16 2016 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84d8f21c
net-libs/libupnp: Bump to 1.6.20, fix #546616 net-libs/libupnp/Manifest | 1 + net-libs/libupnp/files/CVE-2016-6255.patch | 65 ++++++++++++++++++++++++++++++ net-libs/libupnp/libupnp-1.6.20.ebuild | 48 ++++++++++++++++++++++ 3 files changed, 114 insertions(+) diff --git a/net-libs/libupnp/Manifest b/net-libs/libupnp/Manifest index a63cd0c..e5a9f40 100644 --- a/net-libs/libupnp/Manifest +++ b/net-libs/libupnp/Manifest @@ -1,2 +1,3 @@ DIST libupnp-1.6.18.tar.bz2 1201056 SHA256 b21bc676365622d3ace1b25292dab8d4d23f6e6a80ddc8f029b765d39797e934 SHA512 2ce9b637a7edf544ae272aea137f735b03761a7925da0578e0073cf6429389f7f2af6cb05f666a02faa839caba3e1798ad31657afd287626b88905a5c45f3cb4 WHIRLPOOL b575b517fb668c5e3af78dc1bc95c1a202404beb42966400b3b1313a1fe0e6cb8437ce392af6ad6de4ccc90715c8df7cc34bf3d0b3b828af4e14f1cc8a5e0eda DIST libupnp-1.6.19.tar.bz2 1213439 SHA256 b3142b39601243b50532eec90f4a27dba85eb86f58d4b849ac94edeb29d9b22a SHA512 97af62a7483cc19cfe80157cbc3383c1b4b7c9c39b848f4ed063784b74df0b9b0527f7b467e01451e0a44dbf9e8a9eab510619146a6ee1e3dce46f3e4af6e661 WHIRLPOOL fe3ed0115c76872b45eb3f16909e23c61b004f028b745be17346b94dffd7c90108420cf71f50f73aa4ef241403b65b9d1c72926af3044ffacdae11f9649dad68 +DIST libupnp-1.6.20.tar.bz2 1243637 SHA256 ee3537081e3ea56f66ada10387486823989210bc98002f098305551c966e3a63 SHA512 754a3f587963078fc60e8a58f6b04536dac03d053c8cd14d4fd7e505a3417484fa03b72dd09ef92150f00263f270aa19646b7aab1b8707111aff53c43f8a120a WHIRLPOOL df2702b30a9e895371ba0647bfdd017fd17b4478feb691efaf754618fa032cb8ba72317030960676584da44dfc144f8b9bd07218799b40c2afa7fdee28e8b164 diff --git a/net-libs/libupnp/files/CVE-2016-6255.patch b/net-libs/libupnp/files/CVE-2016-6255.patch new file mode 100644 index 00000000..1448ab3 --- /dev/null +++ b/net-libs/libupnp/files/CVE-2016-6255.patch @@ -0,0 +1,65 @@ +From be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd Mon Sep 17 00:00:00 2001 +From: Matthew Garrett <[email protected]> +Date: Tue, 23 Feb 2016 13:53:20 -0800 +Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by + default + +If there's no registered handler for a POST request, the default behaviour +is to write it to the filesystem. Several million deployed devices appear +to have this behaviour, making it possible to (at least) store arbitrary +data on them. Add a configure option that enables this behaviour, and change +the default to just drop POSTs that aren't directly handled. +--- + configure.ac | 4 ++++ + upnp/inc/upnpconfig.h.in | 5 +++++ + upnp/src/genlib/net/http/webserver.c | 4 ++++ + 3 files changed, 13 insertions(+) + +diff --git a/configure.ac b/configure.ac +index dd88734..ea2bc09 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -482,6 +482,10 @@ if test "x$enable_scriptsupport" = xyes ; then + AC_DEFINE(IXML_HAVE_SCRIPTSUPPORT, 1, [see upnpconfig.h]) + fi + ++RT_BOOL_ARG_ENABLE([postwrite], [no], [write to the filesystem on otherwise unhandled POST requests]) ++if test "x$enable_postwrite" = xyes ; then ++ AC_DEFINE(UPNP_ENABLE_POST_WRITE, 1, [see upnpconfig.h]) ++fi + + RT_BOOL_ARG_ENABLE([samples], [yes], [compilation of upnp/sample/ code]) + +diff --git a/upnp/inc/upnpconfig.h.in b/upnp/inc/upnpconfig.h.in +index 46ddc6e..5df8c5a 100644 +--- a/upnp/inc/upnpconfig.h.in ++++ b/upnp/inc/upnpconfig.h.in +@@ -135,5 +135,10 @@ + * (i.e. configure --enable-open_ssl) */ + #undef UPNP_ENABLE_OPEN_SSL + ++/** Defined to 1 if the library has been compiled to support filesystem writes on POST ++ * (i.e. configure --enable-postwrite) */ ++#undef UPNP_ENABLE_POST_WRITE ++ ++ + #endif /* UPNP_CONFIG_H */ + +diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c +index 8991c16..8b2ecf2 100644 +--- a/upnp/src/genlib/net/http/webserver.c ++++ b/upnp/src/genlib/net/http/webserver.c +@@ -1369,9 +1369,13 @@ static int http_RecvPostMessage( + if (Fp == NULL) + return HTTP_INTERNAL_SERVER_ERROR; + } else { ++#ifdef UPNP_ENABLE_POST_WRITE + Fp = fopen(filename, "wb"); + if (Fp == NULL) + return HTTP_UNAUTHORIZED; ++#else ++ return HTTP_NOT_FOUND; ++#endif + } + parser->position = POS_ENTITY; + do { diff --git a/net-libs/libupnp/libupnp-1.6.20.ebuild b/net-libs/libupnp/libupnp-1.6.20.ebuild new file mode 100644 index 00000000..83c50e8 --- /dev/null +++ b/net-libs/libupnp/libupnp-1.6.20.ebuild @@ -0,0 +1,48 @@ +# Copyright 1999-2016 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +inherit eutils flag-o-matic autotools + +DESCRIPTION="An Portable Open Source UPnP Development Kit" +HOMEPAGE="http://pupnp.sourceforge.net/"; +SRC_URI="mirror://sourceforge/pupnp/${P}.tar.bz2" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ppc ~ppc64 ~sparc ~x86 ~amd64-fbsd ~x86-fbsd ~amd64-linux" +IUSE="debug doc ipv6 static-libs" + +DOCS="NEWS README ChangeLog" + +PATCHES=( + "${FILESDIR}"/${PN}-1.6.19-docs-install.patch + "${FILESDIR}"/CVE-2016-6255.patch +) + +src_prepare() { + default + + # fix tests + chmod +x ixml/test/test_document.sh || die + + eautoreconf +} + +src_configure() { + use x86-fbsd && append-flags -O1 + # w/o docdir to avoid sandbox violations + econf \ + $(use_enable debug) \ + $(use_enable ipv6) \ + $(use_enable static-libs static) \ + $(use_with doc documentation "${EPREFIX}/usr/share/doc/${PF}") +} + +src_install () { + default + dobin upnp/sample/.libs/tv_{combo,ctrlpt,device} + use static-libs || prune_libtool_files +}
