Signed-off-by: Andrej Kozemcak <[email protected]>
---
.../libupnp/files/CVE-2020-13848.patch | 56 +++++++++++++++++++
.../libupnp/libupnp_git.bb | 3 +-
2 files changed, 58 insertions(+), 1 deletion(-)
create mode 100644
meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch
diff --git
a/meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch
b/meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch
new file mode 100644
index 000000000..8a90942fa
--- /dev/null
+++ b/meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch
@@ -0,0 +1,56 @@
+diff --git a/ChangeLog b/ChangeLog
+index 4a956fc..265d268 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -2,6 +2,12 @@
+ Version 1.8.4
+
*******************************************************************************
+
++2020-06-04 Patrik Lantz pjlantz(at)github
++
++ Fixes #177
++
++ NULL pointer dereference in FindServiceControlURLPath
++
+ 2017-11-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
+
+ GitHub #57 - 1.8.3 broke ABI without changing SONAME
+diff --git a/upnp/src/genlib/service_table/service_table.c
b/upnp/src/genlib/service_table/service_table.c
+index 98c2c0f..f3ee4e5 100644
+--- a/upnp/src/genlib/service_table/service_table.c
++++ b/upnp/src/genlib/service_table/service_table.c
+@@ -300,12 +300,11 @@ FindServiceEventURLPath( service_table * table,
+ uri_type parsed_url;
+ uri_type parsed_url_in;
+
+- if( ( table )
+- &&
+- ( parse_uri( eventURLPath,
+- strlen( eventURLPath ),
+- &parsed_url_in ) == HTTP_SUCCESS ) ) {
+-
++ if (!table || !eventURLPath) {
++ return NULL;
++ }
++ if (parse_uri(eventURLPath, strlen(eventURLPath), &parsed_url_in) ==
++ HTTP_SUCCESS) {
+ finger = table->serviceList;
+ while( finger ) {
+ if( finger->eventURL )
+@@ -352,11 +351,11 @@ FindServiceControlURLPath( service_table * table,
+ uri_type parsed_url;
+ uri_type parsed_url_in;
+
+- if( ( table )
+- &&
+- ( parse_uri
+- ( controlURLPath, strlen( controlURLPath ),
+- &parsed_url_in ) == HTTP_SUCCESS ) ) {
++ if (!table || !controlURLPath) {
++ return NULL;
++ }
++ if (parse_uri(controlURLPath, strlen(controlURLPath), &parsed_url_in) ==
++ HTTP_SUCCESS) {
+ finger = table->serviceList;
+ while( finger ) {
+ if( finger->controlURL )
diff --git a/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb
b/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb
index 339c07cd9..828e351be 100644
--- a/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb
+++ b/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb
@@ -12,7 +12,8 @@ LIC_FILES_CHKSUM =
"file://COPYING;md5=394a0f17b97f33426275571e15920434"
PV = "1.8.4+git${SRCPV}"
# release-1.8.4
SRCREV = "d5a01fc9895daae98a0c5a8c7d3afce46add529d"
-SRC_URI = "git://github.com/mrjimenez/pupnp.git;protocol=https"
+SRC_URI = "git://github.com/mrjimenez/pupnp.git;protocol=https \
+ file://CVE-2020-13848.patch"
S="${WORKDIR}/git"
--
2.20.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#90811):
https://lists.openembedded.org/g/openembedded-devel/message/90811
Mute This Topic: https://lists.openembedded.org/mt/82086446/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
