* [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID
@ 2021-01-11 20:14 Fabrice Fontaine
2021-01-11 20:37 ` Thomas Petazzoni
0 siblings, 1 reply; 4+ messages in thread
From: Fabrice Fontaine @ 2021-01-11 20:14 UTC (permalink / raw)
To: buildroot
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/libupnp/libupnp.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/libupnp/libupnp.mk b/package/libupnp/libupnp.mk
index 8831885ba4..b7836590c2 100644
--- a/package/libupnp/libupnp.mk
+++ b/package/libupnp/libupnp.mk
@@ -11,5 +11,6 @@ LIBUPNP_CONF_ENV = ac_cv_lib_compat_ftime=no
LIBUPNP_INSTALL_STAGING = YES
LIBUPNP_LICENSE = BSD-3-Clause
LIBUPNP_LICENSE_FILES = LICENSE
+LIBUPNP_CPE_ID_VALID = YES
$(eval $(autotools-package))
--
2.29.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID
2021-01-11 20:14 [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID Fabrice Fontaine
@ 2021-01-11 20:37 ` Thomas Petazzoni
2021-01-11 20:41 ` Fabrice Fontaine
0 siblings, 1 reply; 4+ messages in thread
From: Thomas Petazzoni @ 2021-01-11 20:37 UTC (permalink / raw)
To: buildroot
On Mon, 11 Jan 2021 21:14:41 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/libupnp/libupnp.mk | 1 +
> 1 file changed, 1 insertion(+)
Applied to master after adding more details to the commit log. Note
that we have a strange situation with this package: libupnp is stuck at
1.6.x, libupnp is stuck at 1.8.x, while the latest upstream version
known by the CPE dictionary is 1.12.x.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID
2021-01-11 20:37 ` Thomas Petazzoni
@ 2021-01-11 20:41 ` Fabrice Fontaine
2021-01-11 20:54 ` Thomas Petazzoni
0 siblings, 1 reply; 4+ messages in thread
From: Fabrice Fontaine @ 2021-01-11 20:41 UTC (permalink / raw)
To: buildroot
Hi Thomas,
Le lun. 11 janv. 2021 ? 21:37, Thomas Petazzoni
<thomas.petazzoni@bootlin.com> a ?crit :
>
> On Mon, 11 Jan 2021 21:14:41 +0100
> Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
>
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > ---
> > package/libupnp/libupnp.mk | 1 +
> > 1 file changed, 1 insertion(+)
>
> Applied to master after adding more details to the commit log. Note
> that we have a strange situation with this package: libupnp is stuck at
> 1.6.x, libupnp is stuck at 1.8.x, while the latest upstream version
> known by the CPE dictionary is 1.12.x.
I sent a patch serie in September to bump libupnp to the latest version:
https://patchwork.ozlabs.org/project/buildroot/list/?series=198748
I think it should be reviewed and applied especially because libupnp
1.6 and 1.8 are old and vulnerable to Call Stranger.
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Best Regards,
Fabrice
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID
2021-01-11 20:41 ` Fabrice Fontaine
@ 2021-01-11 20:54 ` Thomas Petazzoni
0 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2021-01-11 20:54 UTC (permalink / raw)
To: buildroot
On Mon, 11 Jan 2021 21:41:34 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
> I sent a patch serie in September to bump libupnp to the latest version:
> https://patchwork.ozlabs.org/project/buildroot/list/?series=198748
>
> I think it should be reviewed and applied especially because libupnp
> 1.6 and 1.8 are old and vulnerable to Call Stranger.
Ah right. I was also surprised when I saw libupnp/libupnp18, as I
remember seeing patches that were finally resolving this annoyance. But
seems like indeed those patches have not yet been reviewed/applied. We
should get to that, I guess!
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-11 20:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-11 20:14 [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID Fabrice Fontaine
2021-01-11 20:37 ` Thomas Petazzoni
2021-01-11 20:41 ` Fabrice Fontaine
2021-01-11 20:54 ` Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.