All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID
@ 2021-01-11 20:14 Fabrice Fontaine
  2021-01-11 20:37 ` Thomas Petazzoni
  0 siblings, 1 reply; 4+ messages in thread
From: Fabrice Fontaine @ 2021-01-11 20:14 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 package/libupnp/libupnp.mk | 1 +
 1 file changed, 1 insertion(+)

diff --git a/package/libupnp/libupnp.mk b/package/libupnp/libupnp.mk
index 8831885ba4..b7836590c2 100644
--- a/package/libupnp/libupnp.mk
+++ b/package/libupnp/libupnp.mk
@@ -11,5 +11,6 @@ LIBUPNP_CONF_ENV = ac_cv_lib_compat_ftime=no
 LIBUPNP_INSTALL_STAGING = YES
 LIBUPNP_LICENSE = BSD-3-Clause
 LIBUPNP_LICENSE_FILES = LICENSE
+LIBUPNP_CPE_ID_VALID = YES
 
 $(eval $(autotools-package))
-- 
2.29.2

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID
  2021-01-11 20:14 [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID Fabrice Fontaine
@ 2021-01-11 20:37 ` Thomas Petazzoni
  2021-01-11 20:41   ` Fabrice Fontaine
  0 siblings, 1 reply; 4+ messages in thread
From: Thomas Petazzoni @ 2021-01-11 20:37 UTC (permalink / raw)
  To: buildroot

On Mon, 11 Jan 2021 21:14:41 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  package/libupnp/libupnp.mk | 1 +
>  1 file changed, 1 insertion(+)

Applied to master after adding more details to the commit log. Note
that we have a strange situation with this package: libupnp is stuck at
1.6.x, libupnp is stuck at 1.8.x, while the latest upstream version
known by the CPE dictionary is 1.12.x.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID
  2021-01-11 20:37 ` Thomas Petazzoni
@ 2021-01-11 20:41   ` Fabrice Fontaine
  2021-01-11 20:54     ` Thomas Petazzoni
  0 siblings, 1 reply; 4+ messages in thread
From: Fabrice Fontaine @ 2021-01-11 20:41 UTC (permalink / raw)
  To: buildroot

Hi Thomas,

Le lun. 11 janv. 2021 ? 21:37, Thomas Petazzoni
<thomas.petazzoni@bootlin.com> a ?crit :
>
> On Mon, 11 Jan 2021 21:14:41 +0100
> Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:
>
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > ---
> >  package/libupnp/libupnp.mk | 1 +
> >  1 file changed, 1 insertion(+)
>
> Applied to master after adding more details to the commit log. Note
> that we have a strange situation with this package: libupnp is stuck at
> 1.6.x, libupnp is stuck at 1.8.x, while the latest upstream version
> known by the CPE dictionary is 1.12.x.
I sent a patch serie in September to bump libupnp to the latest version:
https://patchwork.ozlabs.org/project/buildroot/list/?series=198748

I think it should be reviewed and applied especially because libupnp
1.6 and 1.8 are old and vulnerable to Call Stranger.
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
Best Regards,

Fabrice

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID
  2021-01-11 20:41   ` Fabrice Fontaine
@ 2021-01-11 20:54     ` Thomas Petazzoni
  0 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni @ 2021-01-11 20:54 UTC (permalink / raw)
  To: buildroot

On Mon, 11 Jan 2021 21:41:34 +0100
Fabrice Fontaine <fontaine.fabrice@gmail.com> wrote:

> I sent a patch serie in September to bump libupnp to the latest version:
> https://patchwork.ozlabs.org/project/buildroot/list/?series=198748
> 
> I think it should be reviewed and applied especially because libupnp
> 1.6 and 1.8 are old and vulnerable to Call Stranger.

Ah right. I was also surprised when I saw libupnp/libupnp18, as I
remember seeing patches that were finally resolving this annoyance. But
seems like indeed those patches have not yet been reviewed/applied. We
should get to that, I guess!

Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-11 20:54 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-11 20:14 [Buildroot] [PATCH 1/1] package/libupnp: set LIBUPNP_CPE_ID_VALID Fabrice Fontaine
2021-01-11 20:37 ` Thomas Petazzoni
2021-01-11 20:41   ` Fabrice Fontaine
2021-01-11 20:54     ` Thomas Petazzoni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.