On 4/14/21 1:27 AM, Andrej Kozemcak wrote: > Signed-off-by: Andrej Kozemcak <[email protected]> > --- > .../libupnp/files/CVE-2020-13848.patch | 56 +++++++++++++++++++ > .../libupnp/libupnp_git.bb | 3 +- > 2 files changed, 58 insertions(+), 1 deletion(-) > create mode 100644 > meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch > > diff --git > a/meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch > b/meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch > new file mode 100644 > index 000000000..8a90942fa > --- /dev/null > +++ b/meta-multimedia/recipes-connectivity/libupnp/files/CVE-2020-13848.patch
Patch missing all the needful as defined in the Patch Guidelines https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines - armin > @@ -0,0 +1,56 @@ > +diff --git a/ChangeLog b/ChangeLog > +index 4a956fc..265d268 100644 > +--- a/ChangeLog > ++++ b/ChangeLog > +@@ -2,6 +2,12 @@ > + Version 1.8.4 > + > ******************************************************************************* > + > ++2020-06-04 Patrik Lantz pjlantz(at)github > ++ > ++ Fixes #177 > ++ > ++ NULL pointer dereference in FindServiceControlURLPath > ++ > + 2017-11-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net> > + > + GitHub #57 - 1.8.3 broke ABI without changing SONAME > +diff --git a/upnp/src/genlib/service_table/service_table.c > b/upnp/src/genlib/service_table/service_table.c > +index 98c2c0f..f3ee4e5 100644 > +--- a/upnp/src/genlib/service_table/service_table.c > ++++ b/upnp/src/genlib/service_table/service_table.c > +@@ -300,12 +300,11 @@ FindServiceEventURLPath( service_table * table, > + uri_type parsed_url; > + uri_type parsed_url_in; > + > +- if( ( table ) > +- && > +- ( parse_uri( eventURLPath, > +- strlen( eventURLPath ), > +- &parsed_url_in ) == HTTP_SUCCESS ) ) { > +- > ++ if (!table || !eventURLPath) { > ++ return NULL; > ++ } > ++ if (parse_uri(eventURLPath, strlen(eventURLPath), &parsed_url_in) == > ++ HTTP_SUCCESS) { > + finger = table->serviceList; > + while( finger ) { > + if( finger->eventURL ) > +@@ -352,11 +351,11 @@ FindServiceControlURLPath( service_table * table, > + uri_type parsed_url; > + uri_type parsed_url_in; > + > +- if( ( table ) > +- && > +- ( parse_uri > +- ( controlURLPath, strlen( controlURLPath ), > +- &parsed_url_in ) == HTTP_SUCCESS ) ) { > ++ if (!table || !controlURLPath) { > ++ return NULL; > ++ } > ++ if (parse_uri(controlURLPath, strlen(controlURLPath), &parsed_url_in) == > ++ HTTP_SUCCESS) { > + finger = table->serviceList; > + while( finger ) { > + if( finger->controlURL ) > diff --git a/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb > b/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb > index 339c07cd9..828e351be 100644 > --- a/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb > +++ b/meta-multimedia/recipes-connectivity/libupnp/libupnp_git.bb > @@ -12,7 +12,8 @@ LIC_FILES_CHKSUM = > "file://COPYING;md5=394a0f17b97f33426275571e15920434" > PV = "1.8.4+git${SRCPV}" > # release-1.8.4 > SRCREV = "d5a01fc9895daae98a0c5a8c7d3afce46add529d" > -SRC_URI = "git://github.com/mrjimenez/pupnp.git;protocol=https" > +SRC_URI = "git://github.com/mrjimenez/pupnp.git;protocol=https \ > + file://CVE-2020-13848.patch" > > S="${WORKDIR}/git" > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#91000): https://lists.openembedded.org/g/openembedded-devel/message/91000 Mute This Topic: https://lists.openembedded.org/mt/82086446/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
