All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0
@ 2021-01-25 19:49 Fabrice Fontaine
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4 Fabrice Fontaine
                   ` (6 more replies)
  0 siblings, 7 replies; 22+ messages in thread
From: Fabrice Fontaine @ 2021-01-25 19:49 UTC (permalink / raw)
  To: buildroot

- Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
- Update indentation in hash file (two spaces)
- Backport all changes from libupnp18 to libupnp:
  - Use COPYING instead of LICENSE (no license change)
  - Add host-pkgconf dependency
  - Add --enable-reuseaddr
  - Add openssl optional dependency

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
Changes v2 -> v3:
 - Rebase on current master

Changes v1 -> v2:
 - Bump libupnp instead of libupnp18 and drop libupnp18
 - Update ushare and igd2-for-linux
 - Drop libupnp18

 package/libupnp/libupnp.hash |  4 ++--
 package/libupnp/libupnp.mk   | 18 +++++++++++++++---
 2 files changed, 17 insertions(+), 5 deletions(-)

diff --git a/package/libupnp/libupnp.hash b/package/libupnp/libupnp.hash
index e52b7ea9d7..6b16eff3c8 100644
--- a/package/libupnp/libupnp.hash
+++ b/package/libupnp/libupnp.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256	c5a300b86775435c076d58a79cc0d5a977d76027d2a7d721590729b7f369fa43	libupnp-1.6.25.tar.bz2
-sha256	0375955c8a79d6e8fa0792d45d00fc4e7710d7ac95bcbd27f9225a83f5c946fd	LICENSE
+sha256  ecb23d4291968c8a7bdd4eb16fc2250dbacc16b354345a13342d67f571d35ceb  libupnp-1.14.0.tar.bz2
+sha256  c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3  COPYING
diff --git a/package/libupnp/libupnp.mk b/package/libupnp/libupnp.mk
index b7836590c2..ebc5e83765 100644
--- a/package/libupnp/libupnp.mk
+++ b/package/libupnp/libupnp.mk
@@ -4,13 +4,25 @@
 #
 ################################################################################
 
-LIBUPNP_VERSION = 1.6.25
+LIBUPNP_VERSION = 1.14.0
 LIBUPNP_SOURCE = libupnp-$(LIBUPNP_VERSION).tar.bz2
-LIBUPNP_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libUPnP%20$(LIBUPNP_VERSION)
+LIBUPNP_SITE = \
+	http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP_VERSION)
 LIBUPNP_CONF_ENV = ac_cv_lib_compat_ftime=no
 LIBUPNP_INSTALL_STAGING = YES
 LIBUPNP_LICENSE = BSD-3-Clause
-LIBUPNP_LICENSE_FILES = LICENSE
+LIBUPNP_LICENSE_FILES = COPYING
 LIBUPNP_CPE_ID_VALID = YES
+LIBUPNP_DEPENDENCIES = host-pkgconf
+
+# Bind the internal miniserver socket with reuseaddr to allow clean restarts.
+LIBUPNP_CONF_OPTS += --enable-reuseaddr
+
+ifeq ($(BR2_PACKAGE_OPENSSL),y)
+LIBUPNP_CONF_OPTS += --enable-open-ssl
+LIBUPNP_DEPENDENCIES += openssl
+else
+LIBUPNP_CONF_OPTS += --disable-open-ssl
+endif
 
 $(eval $(autotools-package))
-- 
2.29.2

^ permalink raw reply related	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4
  2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
@ 2021-01-25 19:49 ` Fabrice Fontaine
  2021-01-25 21:29   ` Yann E. MORIN
  2021-01-28 19:15   ` Peter Korsgaard
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 3/6] package/igd2-for-linux: security bump to version 2.0 Fabrice Fontaine
                   ` (5 subsequent siblings)
  6 siblings, 2 replies; 22+ messages in thread
From: Fabrice Fontaine @ 2021-01-25 19:49 UTC (permalink / raw)
  To: buildroot

- This version is compatible with libupnp 1.14.x which fix
  CallStranger a.k.a. CVE-2020-12695
- Drop all patches (already in version)
- expat is not needed since version 1.5.0 and
  https://github.com/gerbera/gerbera/commit/a4f0cccd6a1f741c55ca69b06cff3a964eebc1f3
- fmt is a mandatory dependency since version 1.5.0 and
  https://github.com/gerbera/gerbera/commit/fe81e5fc8898d6e3a53ce30ddaafb8439683f46f
- spdlog is a mandatory dependency since version 1.5.0 and
  https://github.com/gerbera/gerbera/commit/615d698fe4dce9d7462022a00c74af1fac7a1003
- pugixml is a mandatory dependency since version 1.5.0 and
  https://github.com/gerbera/gerbera/commit/c244006aa04ab2e4c5f3e7003ca727e05440238d
- libnpupnp can be used instead of libupnp since version 1.6.2 and
  https://github.com/gerbera/gerbera/commit/e648763626e3c2512801bd127a0a3b96c8716faf
- Set CXX_FILESYSTEM_NO_LINK_NEEDED to ON to avoid a build failure
  due to check_cxx_source_runs which has been added with
  https://github.com/gerbera/gerbera/commit/8ea0fce24ce9b1cf870837c3be984fed50581dfb
- Update indentation in hash file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
Changes v2 -> v3:
 - Bump to version 1.6.4 and add libnpupnp dependency

 ...build-without-js-taglib-or-atrailers.patch | 51 ---------------
 ...indLibMagic-cmake-fix-static-linking.patch | 63 -------------------
 ...make-FindMatroska-fix-static-linking.patch | 37 -----------
 package/gerbera/Config.in                     | 13 ++--
 package/gerbera/gerbera.hash                  |  4 +-
 package/gerbera/gerbera.mk                    | 18 ++++--
 6 files changed, 23 insertions(+), 163 deletions(-)
 delete mode 100644 package/gerbera/0001-fix-matroska-build-without-js-taglib-or-atrailers.patch
 delete mode 100644 package/gerbera/0002-cmake-FindLibMagic-cmake-fix-static-linking.patch
 delete mode 100644 package/gerbera/0003-cmake-FindMatroska-fix-static-linking.patch

diff --git a/package/gerbera/0001-fix-matroska-build-without-js-taglib-or-atrailers.patch b/package/gerbera/0001-fix-matroska-build-without-js-taglib-or-atrailers.patch
deleted file mode 100644
index 6898e8ebee..0000000000
--- a/package/gerbera/0001-fix-matroska-build-without-js-taglib-or-atrailers.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 0ac781b0b0deef5c02c32a70ac484f882c3f4dd0 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Tue, 24 Dec 2019 18:55:57 +0100
-Subject: [PATCH] fix matroska build without js, taglib or atrailers
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-i2i function is used in matroska_handler.cc but this function is defined
-only if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS)
-as a result compilation fails if HAVE_MATROSKA is set but HAVE_JS,
-HAVE_TAGLIG or ATRAILERS are not.
-
-Backported from: 0ac781b0b0deef5c02c32a70ac484f882c3f4dd0
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Signed-off-by: J?rg Krause <joerg.krause@embedded.rocks>
----
- src/string_converter.cc | 2 +-
- src/string_converter.h  | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/string_converter.cc b/src/string_converter.cc
-index f669c661..7a3c55d7 100644
---- a/src/string_converter.cc
-+++ b/src/string_converter.cc
-@@ -218,7 +218,7 @@ Ref<StringConverter> StringConverter::p2i()
- }
- #endif
- 
--#if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS)
-+#if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS) || defined(HAVE_MATROSKA)
- 
- Ref<StringConverter> StringConverter::i2i()
- {
-diff --git a/src/string_converter.h b/src/string_converter.h
-index 58495430..f75bf833 100644
---- a/src/string_converter.h
-+++ b/src/string_converter.h
-@@ -65,7 +65,7 @@ public:
-     static zmm::Ref<StringConverter> p2i();
- 
- #endif
--#if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS)
-+#if defined(HAVE_JS) || defined(HAVE_TAGLIB) || defined(ATRAILERS) || defined(HAVE_MATROSKA)
-     /// \brief safeguard - internal to internal - needed to catch some
-     /// scenarious where the user may have forgotten to add proper conversion
-     /// in the script.
--- 
-2.26.1
-
diff --git a/package/gerbera/0002-cmake-FindLibMagic-cmake-fix-static-linking.patch b/package/gerbera/0002-cmake-FindLibMagic-cmake-fix-static-linking.patch
deleted file mode 100644
index f6cc276e70..0000000000
--- a/package/gerbera/0002-cmake-FindLibMagic-cmake-fix-static-linking.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 7fdcabd80c823694d190e5baa8c657ffcae5e777 Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Fri, 31 Jan 2020 17:14:11 +0100
-Subject: [PATCH] cmake/FindLibMagic.cmake: fix static linking
-
-libmagic can optionally depends on xz (for lzma) or bzip2 since version
-5.38 and
-https://github.com/file/file/commit/b259a07ea95827f565faa20f0316e5b2704064f7
-so use pkg-config to retrieve those static dependencies and avoid the
-following build failure:
-
-[100%] Linking CXX executable gerbera
-/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: /home/br-user/autobuild/run/instance-0/output-1/host/arm-buildroot-linux-uclibcgnueabi/sysroot/usr/lib/libmagic.a(compress.o): in function `uncompressbuf':
-compress.c:(.text+0x69c): undefined reference to `BZ2_bzDecompressInit'
-/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x710): undefined reference to `BZ2_bzDecompress'
-/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x730): undefined reference to `BZ2_bzDecompressEnd'
-/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x7bc): undefined reference to `lzma_auto_decoder'
-/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x828): undefined reference to `lzma_code'
-/home/br-user/autobuild/run/instance-0/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabi/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabi/bin/ld: compress.c:(.text+0x848): undefined reference to `lzma_end'
-
-It should be noted that libmagic.pc is not currently provided in the
-official file package (which provides libmagic), an issue has been
-opened to add libmagic.pc: https://bugs.astron.com/view.php?id=136
-
-Fixes:
- - http://autobuild.buildroot.org/results/37b1ef54dc41100689f311fbc31fc9300dc6ae63
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Retrieved from:
-https://github.com/gerbera/gerbera/commit/7fdcabd80c823694d190e5baa8c657ffcae5e777]
----
- cmake/FindLibMagic.cmake | 15 +++++++++++++--
- 1 file changed, 13 insertions(+), 2 deletions(-)
-
-diff --git a/cmake/FindLibMagic.cmake b/cmake/FindLibMagic.cmake
-index f68ab923..04995af4 100644
---- a/cmake/FindLibMagic.cmake
-+++ b/cmake/FindLibMagic.cmake
-@@ -1,11 +1,22 @@
- INCLUDE (FindPackageHandleStandardArgs)
- 
--FIND_PATH(MAGIC_INCLUDE_DIR magic.h)
--FIND_LIBRARY(MAGIC_LIBRARIES NAMES magic)
-+find_package(PkgConfig QUIET)
-+
-+pkg_check_modules(PC_MAGIC QUIET libmagic)
-+
-+FIND_PATH(MAGIC_INCLUDE_DIR magic.h
-+    HINTS ${PC_MAGIC_INCLUDEDIR} ${PC_MAGIC_INCLUDE_DIRS})
-+FIND_LIBRARY(MAGIC_LIBRARIES NAMES magic
-+    HINTS ${PC_MAGIC_LIBDIR} ${PC_MAGIC_LIBRARY_DIRS})
- 
- # handle the QUIETLY and REQUIRED arguments and set MAGIC_FOUND to TRUE
- find_package_handle_standard_args(MAGIC DEFAULT_MSG MAGIC_LIBRARIES)
- 
-+if (MAGIC_FOUND)
-+    set (MAGIC_LIBRARIES ${MAGIC_LIBRARY} ${PC_MAGIC_LIBRARIES})
-+    set (MAGIC_INCLUDE_DIRS ${MAGIC_INCLUDE_DIR} )
-+endif ()
-+
- MARK_AS_ADVANCED(
-     MAGIC_LIBRARIES
-     MAGIC_INCLUDE_DIRS )
diff --git a/package/gerbera/0003-cmake-FindMatroska-fix-static-linking.patch b/package/gerbera/0003-cmake-FindMatroska-fix-static-linking.patch
deleted file mode 100644
index 128d617045..0000000000
--- a/package/gerbera/0003-cmake-FindMatroska-fix-static-linking.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From aab2eacbaad10759294f4fd74bbb5ecef3cf3a8d Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Tue, 24 Dec 2019 22:57:18 +0100
-Subject: [PATCH] cmake/FindMatroska: fix static linking
-
-Fix static linking with libmatrasoka by adding PC_EBM_LIBRARIES to
-EBML_LIBRARIES and PC_MAT_LIBRARIES to MATROSKA_LIBRARIES
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Retrieved from:
-https://github.com/gerbera/gerbera/commit/aab2eacbaad10759294f4fd74bbb5ecef3cf3a8d]
----
- cmake/FindMatroska.cmake | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/cmake/FindMatroska.cmake b/cmake/FindMatroska.cmake
-index 4b09a5ec..12ca593d 100644
---- a/cmake/FindMatroska.cmake
-+++ b/cmake/FindMatroska.cmake
-@@ -23,7 +23,7 @@ FIND_LIBRARY(EBML_LIBRARY ebml
- FIND_PACKAGE_HANDLE_STANDARD_ARGS(EBML
-     REQUIRED_VARS EBML_LIBRARY EBML_INCLUDE_DIR)
- if (EBML_FOUND)
--    set (EBML_LIBRARIES ${EBML_LIBRARY})
-+    set (EBML_LIBRARIES ${EBML_LIBRARY} ${PC_EBM_LIBRARIES})
-     set (EBML_INCLUDE_DIRS ${EBML_INCLUDE_DIR} )
- endif ()
- MARK_AS_ADVANCED(
-@@ -41,7 +41,7 @@ find_library(MATROSKA_LIBRARY matroska
- FIND_PACKAGE_HANDLE_STANDARD_ARGS(MATROSKA
-     REQUIRED_VARS MATROSKA_LIBRARY MATROSKA_INCLUDE_DIR)
- if (MATROSKA_FOUND)
--    set (MATROSKA_LIBRARIES ${MATROSKA_LIBRARY})
-+    set (MATROSKA_LIBRARIES ${MATROSKA_LIBRARY} ${PC_MAT_LIBRARIES})
-     set (MATROSKA_INCLUDE_DIRS ${MATROSKA_INCLUDE_DIR} )
- endif ()
- MARK_AS_ADVANCED(
diff --git a/package/gerbera/Config.in b/package/gerbera/Config.in
index e10f78b77e..5025b3753f 100644
--- a/package/gerbera/Config.in
+++ b/package/gerbera/Config.in
@@ -5,10 +5,12 @@ config BR2_PACKAGE_GERBERA
 	depends on BR2_TOOLCHAIN_HAS_THREADS
 	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_7 # C++17 optional
 	depends on BR2_INSTALL_LIBSTDCPP
-	depends on !BR2_PACKAGE_LIBUPNP # libupnp18
-	select BR2_PACKAGE_EXPAT
+	depends on BR2_USE_WCHAR # fmt
+	select BR2_PACKAGE_FMT
 	select BR2_PACKAGE_LIBICONV if !BR2_ENABLE_LOCALE
-	select BR2_PACKAGE_LIBUPNP18
+	select BR2_PACKAGE_LIBUPNP if !BR2_PACKAGE_LIBNPUPNP
+	select BR2_PACKAGE_PUGIXML
+	select BR2_PACKAGE_SPDLOG
 	select BR2_PACKAGE_SQLITE
 	select BR2_PACKAGE_UTIL_LINUX
 	select BR2_PACKAGE_UTIL_LINUX_LIBUUID
@@ -19,9 +21,8 @@ config BR2_PACKAGE_GERBERA
 
 	  https://gerbera.io
 
-comment "gerbera needs a toolchain w/ C++, threads, gcc >= 7"
+comment "gerbera needs a toolchain w/ C++, threads, wchar, gcc >= 7"
 	depends on BR2_USE_MMU
 	depends on BR2_TOOLCHAIN_HAS_ATOMIC
-	depends on !BR2_PACKAGE_LIBUPNP
 	depends on !BR2_INSTALL_LIBSTDCPP || !BR2_TOOLCHAIN_HAS_THREADS || \
-		!BR2_TOOLCHAIN_GCC_AT_LEAST_7
+		!BR2_USE_WCHAR || !BR2_TOOLCHAIN_GCC_AT_LEAST_7
diff --git a/package/gerbera/gerbera.hash b/package/gerbera/gerbera.hash
index b1fdcbf2d0..e584db1354 100644
--- a/package/gerbera/gerbera.hash
+++ b/package/gerbera/gerbera.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256	904a9031c85ac805e4c139f363510226952683d7257acd1dee25ba1e97fd7651  gerbera-1.4.0.tar.gz
-sha256	cae4138373be41fd2be75faf41ce7efbcf49fb17d0e05ad1c51cc01ac335b9b6  LICENSE.md
+sha256  cbe7ea78977db8c02fcca1759ed149f199a590afaf4a6d21ffcca8623d1a0cc5  gerbera-1.6.4.tar.gz
+sha256  cae4138373be41fd2be75faf41ce7efbcf49fb17d0e05ad1c51cc01ac335b9b6  LICENSE.md
diff --git a/package/gerbera/gerbera.mk b/package/gerbera/gerbera.mk
index 7f0ac664fe..f26615a8f8 100644
--- a/package/gerbera/gerbera.mk
+++ b/package/gerbera/gerbera.mk
@@ -4,20 +4,23 @@
 #
 ################################################################################
 
-GERBERA_VERSION = 1.4.0
+GERBERA_VERSION = 1.6.4
 GERBERA_SITE = $(call github,gerbera,gerbera,v$(GERBERA_VERSION))
 GERBERA_LICENSE = GPL-2.0
 GERBERA_LICENSE_FILES = LICENSE.md
 GERBERA_DEPENDENCIES = \
-	expat \
+	fmt \
 	host-pkgconf \
-	libupnp18 \
+	$(if $(BR2_PACKAGE_LIBUPNP),libupnp) \
+	pugixml \
+	spdlog \
 	sqlite \
 	util-linux \
 	zlib
 GERBERA_CONF_OPTS = \
 	-DWITH_DEBUG=OFF \
-	-DWITH_JS=OFF
+	-DWITH_JS=OFF \
+	-DCXX_FILESYSTEM_NO_LINK_NEEDED=ON
 
 # Uses __atomic_fetch_add_4
 ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
@@ -70,6 +73,13 @@ else
 GERBERA_CONF_OPTS += -DWITH_MATROSKA=OFF
 endif
 
+ifeq ($(BR2_PACKAGE_LIBNPUNP),y)
+GERBERA_DEPENDENCIES += libnpupnp
+GERBERA_CONF_OPTS += -DWITH_NPUPNP=ON
+else
+GERBERA_CONF_OPTS += -DWITH_NPUPNP=OFF
+endif
+
 ifeq ($(BR2_PACKAGE_MYSQL),y)
 GERBERA_DEPENDENCIES += mysql
 GERBERA_CONF_OPTS += -DWITH_MYSQL=ON
-- 
2.29.2

^ permalink raw reply related	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 3/6] package/igd2-for-linux: security bump to version 2.0
  2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4 Fabrice Fontaine
@ 2021-01-25 19:49 ` Fabrice Fontaine
  2021-01-28 19:15   ` Peter Korsgaard
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support Fabrice Fontaine
                   ` (4 subsequent siblings)
  6 siblings, 1 reply; 22+ messages in thread
From: Fabrice Fontaine @ 2021-01-25 19:49 UTC (permalink / raw)
  To: buildroot

- Move site to Orange-OpenSource
- Drop patch (already in version)
- This version is compatible with libupnp 1.14.x to fix
  CallStranger a.k.a. CVE-2020-12695
- Add threadutil license (BSD-3-Clause)
- Update hash in license file (two spaces)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 .../0001-fix-build-with-gcc-10.patch          | 199 ------------------
 package/igd2-for-linux/Config.in              |   2 +-
 package/igd2-for-linux/igd2-for-linux.hash    |   5 +-
 package/igd2-for-linux/igd2-for-linux.mk      |   9 +-
 4 files changed, 9 insertions(+), 206 deletions(-)
 delete mode 100644 package/igd2-for-linux/0001-fix-build-with-gcc-10.patch

diff --git a/package/igd2-for-linux/0001-fix-build-with-gcc-10.patch b/package/igd2-for-linux/0001-fix-build-with-gcc-10.patch
deleted file mode 100644
index 32474a3adb..0000000000
--- a/package/igd2-for-linux/0001-fix-build-with-gcc-10.patch
+++ /dev/null
@@ -1,199 +0,0 @@
-From 23ed73623810a0894c8efd9eb79dd38483794a3b Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fabrice.fontaine@orange.com>
-Date: Thu, 20 Aug 2020 18:17:03 +0200
-Subject: [PATCH] fix build with gcc 10
-
-This will fix build failures with -fno-common which is enabled by
-default with gcc 10
-
-Fixes:
- - http://autobuild.buildroot.org/results/f296984c3851fc28341210e36ef1b55b2edac209
-
-Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
-[Retrieved from:
-https://github.com/Orange-OpenSource/igd2-for-linux/commit/23ed73623810a0894c8efd9eb79dd38483794a3b]
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
----
- linuxigd2/src/gatedevice.c | 37 +++++++++++++++++++++++++++++++++
- linuxigd2/src/gatedevice.h | 42 +++++++++-----------------------------
- linuxigd2/src/pinholev6.c  |  2 ++
- linuxigd2/src/pinholev6.h  |  2 +-
- linuxigd2/src/pmlist.c     |  5 +++++
- linuxigd2/src/pmlist.h     |  2 +-
- linuxigd2/src/wanipv6fw.h  |  3 ---
- 7 files changed, 56 insertions(+), 37 deletions(-)
-
-diff --git a/linuxigd2/src/gatedevice.c b/linuxigd2/src/gatedevice.c
-index 8be53e5..a50525d 100644
---- a/linuxigd2/src/gatedevice.c
-+++ b/linuxigd2/src/gatedevice.c
-@@ -41,6 +41,43 @@
- #include "wanipv6fw.h"
- #include "config.h"
- 
-+// Thread which contains all kind of timers and threads used in gatedevice.c and deviceprotection.c
-+TimerThread gExpirationTimerThread;
-+
-+// IGD Device Globals
-+UpnpDevice_Handle deviceHandle;
-+UpnpDevice_Handle deviceHandleIPv6;
-+UpnpDevice_Handle deviceHandleIPv6UlaGua;
-+char *gateUDN;
-+char *wanUDN;
-+char *wanConnectionUDN;
-+char *lanUDN;
-+long int startup_time;
-+unsigned long connection_stats[STATS_LIMIT]; // this is used for defining if connection is in idling
-+long int idle_time;
-+
-+// State Variables
-+char ConnectionType[50];
-+char PossibleConnectionTypes[50];
-+char ConnectionStatus[20];
-+char LastConnectionError[35];
-+long int AutoDisconnectTime;
-+long int IdleDisconnectTime;
-+long int WarnDisconnectDelay;
-+int RSIPAvailable;
-+int NATEnabled;
-+char ExternalIPAddress[INET6_ADDRSTRLEN];
-+int PortMappingNumberOfEntries;
-+int PortMappingEnabled;
-+char RemoteHost[INET6_ADDRSTRLEN];    // updated IPv6 addrss length 16 -> 46
-+long int SystemUpdateID;
-+
-+// WANEthLinkConfig state variables
-+char EthernetLinkStatus[12];
-+
-+char FirewallEnabled[2];
-+char InboundPinholeAllowed[2];
-+
- //Definitions for mapping expiration timer thread
- static ThreadPool gExpirationThreadPool;
- static ThreadPoolJob gEventUpdateJob;
-diff --git a/linuxigd2/src/gatedevice.h b/linuxigd2/src/gatedevice.h
-index 28d6b21..dbaa0c2 100644
---- a/linuxigd2/src/gatedevice.h
-+++ b/linuxigd2/src/gatedevice.h
-@@ -33,42 +33,20 @@
- #include "util.h"
- 
- // Thread which contains all kind of timers and threads used in gatedevice.c and deviceprotection.c
--TimerThread gExpirationTimerThread;
-+extern TimerThread gExpirationTimerThread;
- 
- // IGD Device Globals
--UpnpDevice_Handle deviceHandle;
--UpnpDevice_Handle deviceHandleIPv6;
--UpnpDevice_Handle deviceHandleIPv6UlaGua;
--char *gateUDN;
--char *wanUDN;
--char *wanConnectionUDN;
--char *lanUDN;
--long int startup_time;
--unsigned long connection_stats[STATS_LIMIT]; // this is used for defining if connection is in idling
--long int idle_time;
--
--// State Variables
--char ConnectionType[50];
--char PossibleConnectionTypes[50];
--char ConnectionStatus[20];
--char LastConnectionError[35];
--long int AutoDisconnectTime;
--long int IdleDisconnectTime;
--long int WarnDisconnectDelay;
--int RSIPAvailable;
--int NATEnabled;
--char ExternalIPAddress[INET6_ADDRSTRLEN];
--int PortMappingNumberOfEntries;
--int PortMappingEnabled;
--char RemoteHost[INET6_ADDRSTRLEN];    // updated IPv6 addrss length 16 -> 46
--long int SystemUpdateID;
--
--// WANEthLinkConfig state variables
--char EthernetLinkStatus[12];
-+extern UpnpDevice_Handle deviceHandle;
-+extern UpnpDevice_Handle deviceHandleIPv6;
-+extern UpnpDevice_Handle deviceHandleIPv6UlaGua;
-+extern char *gateUDN;
-+extern char *wanUDN;
-+extern char *wanConnectionUDN;
-+extern char *lanUDN;
- 
- // Linked list for portmapping entries
--struct portMap *pmlist_Head;
--struct portMap *pmlist_Current;
-+extern struct portMap *pmlist_Head;
-+extern struct portMap *pmlist_Current;
- 
- // WanIPConnection Actions
- int EventHandler(Upnp_EventType EventType, void *Event, void *Cookie);
-diff --git a/linuxigd2/src/pinholev6.c b/linuxigd2/src/pinholev6.c
-index 44e8a19..78f886d 100644
---- a/linuxigd2/src/pinholev6.c
-+++ b/linuxigd2/src/pinholev6.c
-@@ -41,6 +41,8 @@ extern "C" {
- #include "gatedevice.h"
- #include "pinholev6.h"
- 
-+struct pinholev6 *ph_first;
-+
- static const char * add_rule_str = "ip6tables -I %s " //upnp forward chain
-         "-i %s "        //input interface
-         "-o %s "        //output interface
-diff --git a/linuxigd2/src/pinholev6.h b/linuxigd2/src/pinholev6.h
-index 295b9f9..353ae27 100644
---- a/linuxigd2/src/pinholev6.h
-+++ b/linuxigd2/src/pinholev6.h
-@@ -37,7 +37,7 @@ struct pinholev6 {
- 
-     struct pinholev6 *next;
- 
--} *ph_first;
-+};
- 
- struct phv6_expirationEvent
- {
-diff --git a/linuxigd2/src/pmlist.c b/linuxigd2/src/pmlist.c
-index 1b3fe05..95d0c61 100644
---- a/linuxigd2/src/pmlist.c
-+++ b/linuxigd2/src/pmlist.c
-@@ -41,6 +41,11 @@
- #include "iptc.h"
- #endif
- 
-+// Linked list for portmapping entries
-+struct portMap *pmlist_Head;
-+struct portMap *pmlist_Current;
-+struct portMap *pmlist_Tail;
-+
- /**
-  * Create new portMap struct of rule to add iptables. 
-  * portMap-struct is internal presentation of iptables rule in IGD. 
-diff --git a/linuxigd2/src/pmlist.h b/linuxigd2/src/pmlist.h
-index 436d228..017500d 100644
---- a/linuxigd2/src/pmlist.h
-+++ b/linuxigd2/src/pmlist.h
-@@ -57,7 +57,7 @@ struct portMap
- 
-     struct portMap* next;
-     struct portMap* prev;
--} *pmlist_Head, *pmlist_Tail, *pmlist_Current;
-+};
- 
- //struct portMap* pmlist_NewNode(void);
- struct portMap* pmlist_NewNode(int enabled, long int duration, char *remoteHost,
-diff --git a/linuxigd2/src/wanipv6fw.h b/linuxigd2/src/wanipv6fw.h
-index 55419fe..a50d267 100644
---- a/linuxigd2/src/wanipv6fw.h
-+++ b/linuxigd2/src/wanipv6fw.h
-@@ -46,9 +46,6 @@ extern "C" {
- #define ERR_SRC_ADD_WILDCARD        708
- #define ERR_NO_TRAFFIC              709
- 
--char FirewallEnabled[2];
--char InboundPinholeAllowed[2];
--
- //-----------------------------------------------------------------------------
- 
- int InitFirewallv6(void);
diff --git a/package/igd2-for-linux/Config.in b/package/igd2-for-linux/Config.in
index 157cc6f30b..f1658d3aa6 100644
--- a/package/igd2-for-linux/Config.in
+++ b/package/igd2-for-linux/Config.in
@@ -18,7 +18,7 @@ config BR2_PACKAGE_IGD2_FOR_LINUX
 
 	  Please edit /etc/upnpd.conf before using upnpd!
 
-	  https://github.com/ffontaine/igd2-for-linux
+	  https://github.com/Orange-OpenSource/igd2-for-linux
 
 comment "igd2-for-linux needs a toolchain w/ threads, wchar"
 	depends on BR2_USE_MMU
diff --git a/package/igd2-for-linux/igd2-for-linux.hash b/package/igd2-for-linux/igd2-for-linux.hash
index ecde4b51c2..fc215727d7 100644
--- a/package/igd2-for-linux/igd2-for-linux.hash
+++ b/package/igd2-for-linux/igd2-for-linux.hash
@@ -1,3 +1,4 @@
 # Locally computed:
-sha256	523545a26b0d662e9f6913bec2518df6e70f4d497935d88983d994336a1b0ea9	igd2-for-linux-1.2.tar.gz
-sha256	204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994	linuxigd2/doc/LICENSE
+sha256  e3fcc7c9da4ad1ca16227b3b1b3712bcfb3f6ec922685eee7ae4a76edfa32bb4  igd2-for-linux-2.0.tar.gz
+sha256  204d8eff92f95aac4df6c8122bc1505f468f3a901e5a4cc08940e0ede1938994  linuxigd2/doc/LICENSE
+sha256  c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3  linuxigd2/src/threadutil/COPYING
diff --git a/package/igd2-for-linux/igd2-for-linux.mk b/package/igd2-for-linux/igd2-for-linux.mk
index 478c353997..85119a14b5 100644
--- a/package/igd2-for-linux/igd2-for-linux.mk
+++ b/package/igd2-for-linux/igd2-for-linux.mk
@@ -4,11 +4,12 @@
 #
 ################################################################################
 
-IGD2_FOR_LINUX_VERSION = 1.2
-IGD2_FOR_LINUX_SITE = $(call github,ffontaine,igd2-for-linux,v$(IGD2_FOR_LINUX_VERSION))
+IGD2_FOR_LINUX_VERSION = 2.0
+IGD2_FOR_LINUX_SITE = \
+	$(call github,Orange-OpenSource,igd2-for-linux,v$(IGD2_FOR_LINUX_VERSION))
 
-IGD2_FOR_LINUX_LICENSE = GPL-2.0
-IGD2_FOR_LINUX_LICENSE_FILES = linuxigd2/doc/LICENSE
+IGD2_FOR_LINUX_LICENSE = GPL-2.0, BSD-3-Clause
+IGD2_FOR_LINUX_LICENSE_FILES = linuxigd2/doc/LICENSE linuxigd2/src/threadutil/COPYING
 
 IGD2_FOR_LINUX_DEPENDENCIES = libupnp
 
-- 
2.29.2

^ permalink raw reply related	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support
  2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4 Fabrice Fontaine
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 3/6] package/igd2-for-linux: security bump to version 2.0 Fabrice Fontaine
@ 2021-01-25 19:49 ` Fabrice Fontaine
  2021-01-25 21:31   ` Yann E. MORIN
  2021-01-28 19:15   ` Peter Korsgaard
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 5/6] package/ushare: " Fabrice Fontaine
                   ` (3 subsequent siblings)
  6 siblings, 2 replies; 22+ messages in thread
From: Fabrice Fontaine @ 2021-01-25 19:49 UTC (permalink / raw)
  To: buildroot

Using libupnp 1.14.x is needed to fix CallStranger a.k.a. CVE-2020-12695

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 .../0001-Drop-UpnpInit.patch                  | 175 ++++++++++++++++++
 package/gmrender-resurrect/Config.in          |   2 +-
 .../gmrender-resurrect/gmrender-resurrect.mk  |   2 +-
 3 files changed, 177 insertions(+), 2 deletions(-)
 create mode 100644 package/gmrender-resurrect/0001-Drop-UpnpInit.patch

diff --git a/package/gmrender-resurrect/0001-Drop-UpnpInit.patch b/package/gmrender-resurrect/0001-Drop-UpnpInit.patch
new file mode 100644
index 0000000000..18ec7bb515
--- /dev/null
+++ b/package/gmrender-resurrect/0001-Drop-UpnpInit.patch
@@ -0,0 +1,175 @@
+From dc8c4d4dc234311b3099e7f1efadf5d9733c81e9 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Fri, 21 Aug 2020 21:29:00 +0200
+Subject: [PATCH] Drop UpnpInit
+
+UpnpInit has been dropped from libupnp 1.14.x as it can't be fixed
+against CallStranger a.k.a. CVE-2020-12695 so replace it by UpnpInit2
+which is available since version 1.6.7 and
+https://github.com/pupnp/pupnp/commit/2bcbdffd89a70364147d345ec5e70a3fce5cbc29
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Upstream status:
+https://github.com/hzeller/gmrender-resurrect/pull/214]
+---
+ dist-scripts/centos7/README.md     |  2 +-
+ dist-scripts/debian/gmediarender.1 |  8 ++------
+ dist-scripts/fedora/README.md      |  2 +-
+ src/main.c                         | 13 ++++---------
+ src/upnp_device.c                  | 18 +++++++++---------
+ src/upnp_device.h                  |  2 +-
+ 6 files changed, 18 insertions(+), 27 deletions(-)
+
+diff --git a/dist-scripts/centos7/README.md b/dist-scripts/centos7/README.md
+index 278d777..ed82fb6 100644
+--- a/dist-scripts/centos7/README.md
++++ b/dist-scripts/centos7/README.md
+@@ -45,7 +45,7 @@ Additional configuration is also recommended, sice there's no configuration file
+     # vi /etc/systemd/system/gmediarender.service.d/customize.conf   # or nano, or emacs, or whatever editor you like
+     [Service]
+     ExecStart=
+-    ExecStart=/usr/bin/gmediarender --port=49494 --ip-address=<your_IP_address> -f "DLNA Renderer GMediaRender"
++    ExecStart=/usr/bin/gmediarender --port=49494 --interface-name=<your_interface_name> -f "DLNA Renderer GMediaRender"
+ 
+     # systemctl daemon-reload
+     # systemctl start gmediarender.service
+diff --git a/dist-scripts/debian/gmediarender.1 b/dist-scripts/debian/gmediarender.1
+index 96123ff..b2b1359 100644
+--- a/dist-scripts/debian/gmediarender.1
++++ b/dist-scripts/debian/gmediarender.1
+@@ -50,12 +50,8 @@ Usually, it is desirable for the renderer
+ to show up on controllers under a recognisable and unique name. This is 
+ the option to set that name.
+ .TP
+-.B \-I, \-\-ip\-address \fI\<ip-address\>\fP
+-The local IP address the service is running and advertised on.  
+-
+-This can 
+-only be a single address, and must be explicitly specified (i.e. not 
+-0.0.0.0).
++.B \-I, \-\-interface\-name \fI\<interface-name\>\fP
++The local interface name the service is running and advertised on.
+ .TP
+ .B \-p, \-\-port \fI\<port>\fP
+ Port to listen to. [49152..65535].
+diff --git a/dist-scripts/fedora/README.md b/dist-scripts/fedora/README.md
+index 7b9ea4b..45aa536 100644
+--- a/dist-scripts/fedora/README.md
++++ b/dist-scripts/fedora/README.md
+@@ -43,7 +43,7 @@ Additional configuration is also recommended, sice there's no configuration file
+     # vi /etc/systemd/system/gmediarender.service.d/customize.conf   # or nano, or emacs, or whatever editor you like
+     [Service]
+     ExecStart=
+-    ExecStart=/usr/bin/gmediarender --port=49494 --ip-address=<your_IP_address> -f "DLNA Renderer GMediaRender"
++    ExecStart=/usr/bin/gmediarender --port=49494 --interface-name=<your_interface_name> -f "DLNA Renderer GMediaRender"
+ 
+     # systemctl daemon-reload
+     # systemctl start gmediarender.service
+diff --git a/src/main.c b/src/main.c
+index ef720e3..2030c49 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -69,11 +69,7 @@ static gboolean show_transport_scpd = FALSE;
+ static gboolean show_outputs = FALSE;
+ static gboolean daemon_mode = FALSE;
+ 
+-// IP-address seems strange in libupnp: they actually don't bind to
+-// that address, but to INADDR_ANY (miniserver.c in upnp library).
+-// Apparently they just use this for the advertisement ? Anyway, 0.0.0.0 would
+-// not work.
+-static const gchar *ip_address = NULL;
++static const gchar *interface_name = NULL;
+ static int listen_port = 49494;
+ 
+ #ifdef GMRENDER_UUID
+@@ -92,9 +88,8 @@ static const gchar *mime_filter = NULL;
+ static GOptionEntry option_entries[] = {
+ 	{ "version", 0, 0, G_OPTION_ARG_NONE, &show_version,
+ 	  "Output version information and exit", NULL },
+-	{ "ip-address", 'I', 0, G_OPTION_ARG_STRING, &ip_address,
+-	  "The local IP address the service is running and advertised "
+-	  "(only one, 0.0.0.0 won't work)", NULL },
++	{ "interface-name", 'I', 0, G_OPTION_ARG_STRING, &interface_name,
++	  "The local interface name the service is running and advertised", NULL },
+ 	// The following is not very reliable, as libupnp does not set
+ 	// SO_REUSEADDR by default, so it might increment (sending patch).
+ 	{ "port", 'p', 0, G_OPTION_ARG_INT, &listen_port,
+@@ -302,7 +297,7 @@ int main(int argc, char **argv)
+ 			  listen_port);
+ 		return EXIT_FAILURE;
+ 	}
+-	device = upnp_device_init(upnp_renderer, ip_address, listen_port);
++	device = upnp_device_init(upnp_renderer, interface_name, listen_port);
+ 	if (device == NULL) {
+ 		Log_error("main", "ERROR: Failed to initialize UPnP device");
+ 		return EXIT_FAILURE;
+diff --git a/src/upnp_device.c b/src/upnp_device.c
+index db65e4f..3151238 100644
+--- a/src/upnp_device.c
++++ b/src/upnp_device.c
+@@ -416,13 +416,13 @@ static UPNP_CALLBACK(event_handler, EventType, event, userdata)
+ 
+ static gboolean initialize_device(struct upnp_device_descriptor *device_def,
+ 				  struct upnp_device *result_device,
+-				  const char *ip_address,
++				  const char *interface_name,
+ 				  unsigned short port)
+ {
+ 	int rc;
+ 	char *buf;
+ 
+-	rc = UpnpInit(ip_address, port);
++	rc = UpnpInit2(interface_name, port);
+ 	/* There have been situations reported in which UPNP had issues
+ 	 * initializing right after network came up. #129
+ 	 */
+@@ -430,13 +430,13 @@ static gboolean initialize_device(struct upnp_device_descriptor *device_def,
+ 	static const int kRetryTimeMs = 1000;
+ 	while (rc != UPNP_E_SUCCESS && retries_left--) {
+ 		usleep(kRetryTimeMs * 1000);
+-		Log_error("upnp", "UpnpInit(ip=%s, port=%d) Error: %s (%d). Retrying... (%ds)",
+-			  ip_address, port, UpnpGetErrorMessage(rc), rc, retries_left);
+-		rc = UpnpInit(ip_address, port);
++		Log_error("upnp", "UpnpInit2(interface=%s, port=%d) Error: %s (%d). Retrying... (%ds)",
++			  interface_name, port, UpnpGetErrorMessage(rc), rc, retries_left);
++		rc = UpnpInit2(interface_name, port);
+ 	}
+ 	if (UPNP_E_SUCCESS != rc) {
+-		Log_error("upnp", "UpnpInit(ip=%s, port=%d) Error: %s (%d). Giving up.",
+-			  ip_address, port, UpnpGetErrorMessage(rc), rc);
++		Log_error("upnp", "UpnpInit2(interface=%s, port=%d) Error: %s (%d). Giving up.",
++			  interface_name, port, UpnpGetErrorMessage(rc), rc);
+ 		return FALSE;
+ 	}
+ 	Log_info("upnp", "Registered IP=%s port=%d\n",
+@@ -483,7 +483,7 @@ static gboolean initialize_device(struct upnp_device_descriptor *device_def,
+ }
+ 
+ struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def,
+-				     const char *ip_address,
++				     const char *interface_name,
+ 				     unsigned short port)
+ {
+ 	int rc;
+@@ -516,7 +516,7 @@ struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def,
+ 		webserver_register_buf(srv->scpd_url, buf, "text/xml");
+ 	}
+ 
+-	if (!initialize_device(device_def, result_device, ip_address, port)) {
++	if (!initialize_device(device_def, result_device, interface_name, port)) {
+ 		UpnpFinish();
+ 		free(result_device);
+ 		return NULL;
+diff --git a/src/upnp_device.h b/src/upnp_device.h
+index 3e635e1..8c8e783 100644
+--- a/src/upnp_device.h
++++ b/src/upnp_device.h
+@@ -49,7 +49,7 @@ struct upnp_device;
+ struct action_event;
+ 
+ struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def,
+-				     const char *ip_address,
++				     const char *interface_name,
+ 				     unsigned short port);
+ 
+ void upnp_device_shutdown(struct upnp_device *device);
diff --git a/package/gmrender-resurrect/Config.in b/package/gmrender-resurrect/Config.in
index e7424e3b22..db655ad7f4 100644
--- a/package/gmrender-resurrect/Config.in
+++ b/package/gmrender-resurrect/Config.in
@@ -5,7 +5,7 @@ config BR2_PACKAGE_GMRENDER_RESURRECT
 	depends on BR2_USE_MMU # gstreamer1
 	select BR2_PACKAGE_GSTREAMER1
 	select BR2_PACKAGE_GST1_PLUGINS_BASE # run-time only
-	select BR2_PACKAGE_LIBUPNP18 if !BR2_PACKAGE_LIBUPNP
+	select BR2_PACKAGE_LIBUPNP
 	help
 	  UPnP (DLNA) media renderer based on gstreamer
 
diff --git a/package/gmrender-resurrect/gmrender-resurrect.mk b/package/gmrender-resurrect/gmrender-resurrect.mk
index e25be39493..3500ab3760 100644
--- a/package/gmrender-resurrect/gmrender-resurrect.mk
+++ b/package/gmrender-resurrect/gmrender-resurrect.mk
@@ -13,6 +13,6 @@ GMRENDER_RESURRECT_LICENSE = GPL-2.0+
 GMRENDER_RESURRECT_LICENSE_FILES = COPYING
 GMRENDER_RESURRECT_DEPENDENCIES = \
 	gstreamer1 \
-	$(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18)
+	libupnp
 
 $(eval $(autotools-package))
-- 
2.29.2

^ permalink raw reply related	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 5/6] package/ushare: add libupnp 1.14.x support
  2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
                   ` (2 preceding siblings ...)
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support Fabrice Fontaine
@ 2021-01-25 19:49 ` Fabrice Fontaine
  2021-01-25 21:34   ` Yann E. MORIN
  2021-01-28 19:16   ` Peter Korsgaard
  2021-01-25 19:49 ` [Buildroot] [PATCH v3,6/6] package/libupnp18: drop package Fabrice Fontaine
                   ` (2 subsequent siblings)
  6 siblings, 2 replies; 22+ messages in thread
From: Fabrice Fontaine @ 2021-01-25 19:49 UTC (permalink / raw)
  To: buildroot

This switch is needed to fix CallStranger a.k.a. CVE-2020-12695

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 .../0004-switch-to-libupnp-1.14.x-API.patch   | 433 ++++++++++++++++++
 1 file changed, 433 insertions(+)
 create mode 100644 package/ushare/0004-switch-to-libupnp-1.14.x-API.patch

diff --git a/package/ushare/0004-switch-to-libupnp-1.14.x-API.patch b/package/ushare/0004-switch-to-libupnp-1.14.x-API.patch
new file mode 100644
index 0000000000..e200bb1926
--- /dev/null
+++ b/package/ushare/0004-switch-to-libupnp-1.14.x-API.patch
@@ -0,0 +1,433 @@
+From 4643b9cb9e6c0331fd663437a7ed8061b9edf971 Mon Sep 17 00:00:00 2001
+From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+Date: Mon, 24 Aug 2020 19:26:03 +0200
+Subject: [PATCH] switch to libupnp 1.14.x API
+
+Use the new libupnp 1.14.x API (i.e. UpnpInit2) to allow ushare to be
+protected against CallStranger a.k.a. CVE-2020-12695
+
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
+[Retrieved from:
+https://github.com/ddugovic/uShare/commit/4643b9cb9e6c0331fd663437a7ed8061b9edf971]
+---
+ configure      |  2 --
+ src/http.c     | 50 +++++++++++++++++++++++++++++++-------------------
+ src/http.h     | 24 ++++++++++++++++++------
+ src/services.c | 28 ++++++++++++++++++----------
+ src/services.h |  6 +++---
+ src/ushare.c   | 36 ++++++++++++++++++------------------
+ src/ushare.h   |  2 +-
+ 7 files changed, 89 insertions(+), 59 deletions(-)
+
+diff --git a/configure b/configure
+index 20a08ed..4a3efe0 100755
+--- a/configure
++++ b/configure
+@@ -638,8 +638,6 @@ fi
+ echolog "Checking for libixml ..."
+ check_lib upnp/ixml.h ixmlRelaxParser -lixml || die "Error, can't find libixml !"
+ 
+-echolog "Checking for libthreadutil ..."
+-check_lib upnp/ThreadPool.h ThreadPoolAdd "-lthreadutil -lpthread" || die "Error, can't find libthreadutil !"
+ add_extralibs -lpthread
+ 
+ libupnp_min_version="1.4.2"
+diff --git a/src/http.c b/src/http.c
+index 8a4e67d..1e5b350 100644
+--- a/src/http.c
++++ b/src/http.c
+@@ -68,17 +68,19 @@ struct web_file_t {
+ 
+ 
+ static inline void
+-set_info_file (struct File_Info *info, const size_t length,
++set_info_file (UpnpFileInfo *info, const size_t length,
+                const char *content_type)
+ {
+-  info->file_length = length;
+-  info->last_modified = 0;
+-  info->is_directory = 0;
+-  info->is_readable = 1;
+-  info->content_type = ixmlCloneDOMString (content_type);
++  UpnpFileInfo_set_FileLength(info, length);
++  UpnpFileInfo_set_LastModified(info, 0);
++  UpnpFileInfo_set_IsDirectory(info, 0);
++  UpnpFileInfo_set_IsReadable(info, 1);
++  UpnpFileInfo_set_ContentType(info, ixmlCloneDOMString (content_type));
+ }
+ 
+-int http_get_info (const char *filename, struct File_Info *info)
++int http_get_info (const char *filename, UpnpFileInfo *info,
++                   const void* cookie __attribute__((unused)),
++                   const void** requestCookie __attribute__((unused)))
+ {
+   extern struct ushare_t *ut;
+   struct upnp_entry_t *entry = NULL;
+@@ -143,15 +145,15 @@ int http_get_info (const char *filename, struct File_Info *info)
+   {
+     if (errno != EACCES)
+       return -1;
+-    info->is_readable = 0;
++    UpnpFileInfo_set_IsReadable(info, 0);
+   }
+   else
+-    info->is_readable = 1;
++    UpnpFileInfo_set_IsReadable(info, 1);
+ 
+   /* file exist and can be read */
+-  info->file_length = st.st_size;
+-  info->last_modified = st.st_mtime;
+-  info->is_directory = S_ISDIR (st.st_mode);
++  UpnpFileInfo_set_FileLength(info, st.st_size);
++  UpnpFileInfo_set_LastModified(info, st.st_mtime);
++  UpnpFileInfo_set_IsDirectory(info, S_ISDIR (st.st_mode));
+ 
+   protocol = 
+ #ifdef HAVE_DLNA
+@@ -172,11 +174,11 @@ int http_get_info (const char *filename, struct File_Info *info)
+ 
+   if (content_type)
+   {
+-    info->content_type = ixmlCloneDOMString (content_type);
++    UpnpFileInfo_set_ContentType(info, ixmlCloneDOMString (content_type));
+     free (content_type);
+   }
+   else
+-    info->content_type = ixmlCloneDOMString ("");
++    UpnpFileInfo_set_ContentType(info, ixmlCloneDOMString (""));
+ 
+   return 0;
+ }
+@@ -197,7 +199,9 @@ get_file_memory (const char *fullpath, const char *description,
+   return ((UpnpWebFileHandle) file);
+ }
+ 
+-UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode)
++UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode,
++                             const void* cookie __attribute__((unused)),
++                             const void* requestCookie __attribute__((unused)))
+ {
+   extern struct ushare_t *ut;
+   struct upnp_entry_t *entry = NULL;
+@@ -250,7 +254,9 @@ UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode)
+   return ((UpnpWebFileHandle) file);
+ }
+ 
+-int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen)
++int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen,
++               const void* cookie __attribute__((unused)),
++               const void* requestCookie __attribute__((unused)))
+ {
+   struct web_file_t *file = (struct web_file_t *) fh;
+   ssize_t len = -1;
+@@ -285,14 +291,18 @@ int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen)
+ 
+ int http_write (UpnpWebFileHandle fh __attribute__((unused)),
+             char *buf __attribute__((unused)),
+-            size_t buflen __attribute__((unused)))
++            size_t buflen __attribute__((unused)),
++            const void* cookie __attribute__((unused)),
++            const void* requestCookie __attribute__((unused)))
+ {
+   log_verbose ("http write\n");
+ 
+   return 0;
+ }
+ 
+-int http_seek (UpnpWebFileHandle fh, off_t offset, int origin)
++int http_seek (UpnpWebFileHandle fh, off_t offset, int origin,
++               const void* cookie __attribute__((unused)),
++               const void* requestCookie __attribute__((unused)))
+ {
+   struct web_file_t *file = (struct web_file_t *) fh;
+   off_t newpos = -1;
+@@ -366,7 +376,9 @@ int http_seek (UpnpWebFileHandle fh, off_t offset, int origin)
+   return 0;
+ }
+ 
+-int http_close (UpnpWebFileHandle fh)
++int http_close (UpnpWebFileHandle fh,
++                const void* cookie __attribute__((unused)),
++                const void* requestCookie __attribute__((unused)))
+ {
+   struct web_file_t *file = (struct web_file_t *) fh;
+ 
+diff --git a/src/http.h b/src/http.h
+index 32d6bcc..c912a7b 100644
+--- a/src/http.h
++++ b/src/http.h
+@@ -25,18 +25,30 @@
+ #include <upnp/upnp.h>
+ #include <upnp/upnptools.h>
+ 
+-int http_get_info (const char *filename, struct File_Info *info);
++int http_get_info (const char *filename, UpnpFileInfo *info,
++	const void* cookie __attribute__((unused)),
++	const void** requestCookie __attribute__((unused)));
+ 
+-UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode);
++UpnpWebFileHandle http_open (const char *filename, enum UpnpOpenFileMode mode,
++	const void* cookie __attribute__((unused)),
++	const void* requestCookie __attribute__((unused)));
+ 
+-int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen);
++int http_read (UpnpWebFileHandle fh, char *buf, size_t buflen,
++	const void* cookie __attribute__((unused)),
++	const void* requestCookie __attribute__((unused)));
+ 
+-int http_seek (UpnpWebFileHandle fh, off_t offset, int origin);
++int http_seek (UpnpWebFileHandle fh, off_t offset, int origin,
++	const void* cookie __attribute__((unused)),
++	const void* requestCookie __attribute__((unused)));
+ 
+ int http_write (UpnpWebFileHandle fh __attribute__((unused)),
+ 	char *buf __attribute__((unused)),
+-	size_t buflen __attribute__((unused)));
++	size_t buflen __attribute__((unused)),
++	const void* cookie __attribute__((unused)),
++	const void* requestCookie __attribute__((unused)));
+ 
+-int http_close (UpnpWebFileHandle fh);
++int http_close (UpnpWebFileHandle fh,
++ 	const void* cookie __attribute__((unused)),
++	const void* requestCookie __attribute__((unused)));
+ 
+ #endif /* _HTTP_H_ */
+diff --git a/src/services.c b/src/services.c
+index aec9cf8..287df55 100644
+--- a/src/services.c
++++ b/src/services.c
+@@ -62,25 +62,28 @@ static struct service_t services[] = {
+ };
+ 
+ bool
+-find_service_action (struct Upnp_Action_Request *request,
++find_service_action (UpnpActionRequest *request,
+                      struct service_t **service,
+                      struct service_action_t **action)
+ {
+   int c, d;
++  const char *actionName = NULL;
+ 
+   *service = NULL;
+   *action = NULL;
++  
++  actionName = UpnpActionRequest_get_ActionName_cstr(request);
+ 
+-  if (!request || !request->ActionName)
++  if (!request || !actionName)
+     return false;
+ 
+   for (c = 0; services[c].id != NULL; c++)
+-    if (!strcmp (services[c].id, request->ServiceID))
++    if (!strcmp (services[c].id, UpnpActionRequest_get_ServiceID_cstr(request)))
+     {
+       *service = &services[c];
+       for (d = 0; services[c].actions[d].name; d++)
+       {
+-        if (!strcmp (services[c].actions[d].name, request->ActionName))
++        if (!strcmp (services[c].actions[d].name, actionName))
+         {
+           *action = &services[c].actions[d];
+           return true;
+@@ -97,6 +100,7 @@ upnp_add_response (struct action_event_t *event, char *key, const char *value)
+ {
+   char *val;
+   int res;
++  IXML_Document* actionResult = NULL;
+ 
+   if (!event || !event->status || !key || !value)
+     return false;
+@@ -105,8 +109,9 @@ upnp_add_response (struct action_event_t *event, char *key, const char *value)
+   if (!val)
+     return false;
+ 
+-  res = UpnpAddToActionResponse (&event->request->ActionResult,
+-                                 event->request->ActionName,
++  actionResult = UpnpActionRequest_get_ActionResult(event->request);
++  res = UpnpAddToActionResponse (&actionResult,
++                                 UpnpActionRequest_get_ActionName_cstr(event->request),
+                                  event->service->type, key, val);
+ 
+   if (res != UPNP_E_SUCCESS)
+@@ -120,14 +125,17 @@ upnp_add_response (struct action_event_t *event, char *key, const char *value)
+ }
+ 
+ char *
+-upnp_get_string (struct Upnp_Action_Request *request, const char *key)
++upnp_get_string (UpnpActionRequest *request, const char *key)
+ {
+   IXML_Node *node = NULL;
++  IXML_Document *actionRequest = NULL;
+ 
+-  if (!request || !request->ActionRequest || !key)
++  actionRequest = UpnpActionRequest_get_ActionRequest(request);
++
++  if (!request || !actionRequest || !key)
+     return NULL;
+ 
+-  node = (IXML_Node *) request->ActionRequest;
++  node = (IXML_Node *) actionRequest;
+   if (!node)
+   {
+     log_verbose ("Invalid action request document\n");
+@@ -157,7 +165,7 @@ upnp_get_string (struct Upnp_Action_Request *request, const char *key)
+ }
+ 
+ int
+-upnp_get_ui4 (struct Upnp_Action_Request *request, const char *key)
++upnp_get_ui4 (UpnpActionRequest *request, const char *key)
+ {
+   char *value;
+   int val;
+diff --git a/src/services.h b/src/services.h
+index 89c072e..d5726b4 100644
+--- a/src/services.h
++++ b/src/services.h
+@@ -39,15 +39,15 @@ struct service_t {
+ 
+ #define SERVICE_CONTENT_TYPE "text/xml"
+ 
+-bool find_service_action (struct Upnp_Action_Request *request,
++bool find_service_action (UpnpActionRequest *request,
+                           struct service_t **service,
+                           struct service_action_t **action);
+ 
+ bool upnp_add_response (struct action_event_t *event,
+                         char *key, const char *value);
+ 
+-char * upnp_get_string (struct Upnp_Action_Request *request, const char *key);
++char * upnp_get_string (UpnpActionRequest *request, const char *key);
+ 
+-int upnp_get_ui4 (struct Upnp_Action_Request *request, const char *key);
++int upnp_get_ui4 (UpnpActionRequest *request, const char *key);
+ 
+ #endif /* _SERVICES_H_ */
+diff --git a/src/ushare.c b/src/ushare.c
+index 28fd67e..92e2345 100644
+--- a/src/ushare.c
++++ b/src/ushare.c
+@@ -177,7 +177,7 @@ ushare_signal_exit (void)
+ }
+ 
+ static void
+-handle_action_request (struct Upnp_Action_Request *request)
++handle_action_request (UpnpActionRequest *request)
+ {
+   struct service_t *service;
+   struct service_action_t *action;
+@@ -187,25 +187,25 @@ handle_action_request (struct Upnp_Action_Request *request)
+   if (!request || !ut)
+     return;
+ 
+-  if (request->ErrCode != UPNP_E_SUCCESS)
++  if (UpnpActionRequest_get_ErrCode(request) != UPNP_E_SUCCESS)
+     return;
+ 
+-  if (strcmp (request->DevUDN + 5, ut->udn))
++  if (strcmp (UpnpActionRequest_get_DevUDN_cstr(request) + 5, ut->udn))
+     return;
+ 
+-  ip = (*(struct sockaddr_in *)&request->CtrlPtIPAddr).sin_addr.s_addr;
++  ip = (*(struct sockaddr_in *)UpnpActionRequest_get_CtrlPtIPAddr(request)).sin_addr.s_addr;
+   ip = ntohl (ip);
+   sprintf (val, "%d.%d.%d.%d",
+            (ip >> 24) & 0xFF, (ip >> 16) & 0xFF, (ip >> 8) & 0xFF, ip & 0xFF);
+ 
+   if (ut->verbose)
+   {
+-    DOMString str = ixmlPrintDocument (request->ActionRequest);
++    DOMString str = ixmlPrintDocument (UpnpActionRequest_get_ActionRequest(request));
+     log_verbose ("***************************************************\n");
+     log_verbose ("**             New Action Request                **\n");
+     log_verbose ("***************************************************\n");
+-    log_verbose ("ServiceID: %s\n", request->ServiceID);
+-    log_verbose ("ActionName: %s\n", request->ActionName);
++    log_verbose ("ServiceID: %s\n", UpnpActionRequest_get_ServiceID_cstr(request));
++    log_verbose ("ActionName: %s\n", UpnpActionRequest_get_ActionName_cstr(request));
+     log_verbose ("CtrlPtIP: %s\n", val);
+     log_verbose ("Action Request:\n%s\n", str);
+     ixmlFreeDOMString (str);
+@@ -220,11 +220,11 @@ handle_action_request (struct Upnp_Action_Request *request)
+       event.service = service;
+ 
+       if (action->function (&event) && event.status)
+-        request->ErrCode = UPNP_E_SUCCESS;
++        UpnpActionRequest_set_ErrCode(request, UPNP_E_SUCCESS);
+ 
+       if (ut->verbose)
+       {
+-        DOMString str = ixmlPrintDocument (request->ActionResult);
++        DOMString str = ixmlPrintDocument (UpnpActionRequest_get_ActionResult(request));
+         log_verbose ("Action Result:\n%s", str);
+         log_verbose ("***************************************************\n");
+         log_verbose ("\n");
+@@ -235,22 +235,22 @@ handle_action_request (struct Upnp_Action_Request *request)
+     }
+ 
+   if (service) /* Invalid Action name */
+-    strcpy (request->ErrStr, "Unknown Service Action");
++    UpnpActionRequest_strcpy_ErrStr(request, "Unknown Service Action");
+   else /* Invalid Service name */
+-    strcpy (request->ErrStr, "Unknown Service ID");
++    UpnpActionRequest_strcpy_ErrStr(request, "Unknown Service ID");
+ 
+-  request->ActionResult = NULL;
+-  request->ErrCode = UPNP_SOAP_E_INVALID_ACTION;
++  UpnpActionRequest_set_ActionResult(request, NULL);
++  UpnpActionRequest_set_ErrCode(request, UPNP_SOAP_E_INVALID_ACTION);
+ }
+ 
+ static int
+-device_callback_event_handler (Upnp_EventType type, void *event,
++device_callback_event_handler (Upnp_EventType type, const void *event,
+                                void *cookie __attribute__((unused)))
+ {
+   switch (type)
+     {
+     case UPNP_CONTROL_ACTION_REQUEST:
+-      handle_action_request ((struct Upnp_Action_Request *) event);
++      handle_action_request ((UpnpActionRequest *) event);
+       break;
+     case UPNP_CONTROL_ACTION_COMPLETE:
+     case UPNP_EVENT_SUBSCRIPTION_REQUEST:
+@@ -323,7 +323,7 @@ init_upnp (struct ushare_t *ut)
+ #endif /* HAVE_DLNA */
+ 
+   log_info (_("Initializing UPnP subsystem ...\n"));
+-  res = UpnpInit (ut->ip, ut->port);
++  res = UpnpInit2 (ut->interface, ut->port);
+   if (res != UPNP_E_SUCCESS)
+   {
+     log_error (_("Cannot initialize UPnP subsystem\n"));
+@@ -351,7 +351,7 @@ init_upnp (struct ushare_t *ut)
+   log_info (_("UPnP MediaServer listening on %s:%d\n"),
+             UpnpGetServerIpAddress (), ut->port);
+ 
+-  UpnpEnableWebserver (TRUE);
++  UpnpEnableWebserver (1);
+ 
+ #define upnp_set_callback(cb, func) \
+   do {                                                            \
+@@ -371,7 +371,7 @@ init_upnp (struct ushare_t *ut)
+   upnp_set_callback(Write,   http_write);
+   upnp_set_callback(Close,   http_close);
+ 
+-  res = UpnpAddVirtualDir (VIRTUAL_DIR);
++  res = UpnpAddVirtualDir (VIRTUAL_DIR, NULL, NULL);
+   if (res != UPNP_E_SUCCESS)
+   {
+     log_error (_("Cannot add virtual directory for web server\n"));
+diff --git a/src/ushare.h b/src/ushare.h
+index a29da01..cd86cef 100644
+--- a/src/ushare.h
++++ b/src/ushare.h
+@@ -125,7 +125,7 @@ struct ushare_t {
+ };
+ 
+ struct action_event_t {
+-  struct Upnp_Action_Request *request;
++  UpnpActionRequest *request;
+   bool status;
+   struct service_t *service;
+ };
-- 
2.29.2

^ permalink raw reply related	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3,6/6] package/libupnp18: drop package
  2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
                   ` (3 preceding siblings ...)
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 5/6] package/ushare: " Fabrice Fontaine
@ 2021-01-25 19:49 ` Fabrice Fontaine
  2021-01-28 19:54   ` Peter Korsgaard
  2021-01-25 21:26 ` [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Yann E. MORIN
  2021-01-28 19:13 ` Peter Korsgaard
  6 siblings, 1 reply; 22+ messages in thread
From: Fabrice Fontaine @ 2021-01-25 19:49 UTC (permalink / raw)
  To: buildroot

Drop libupnp18 as libupnp has been bumped to 1.14.x and 1.8.x will not
been fixed against CallStranger a.k.a. CVE-2020-12695

mpd and vlc are already compliant with libupnp 1.14.x (i.e those
packages use UpnpInit2 instead of the deprecated UpnpInit)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
 Config.in.legacy                 | 10 ++++++++++
 DEVELOPERS                       |  1 -
 package/Config.in                |  1 -
 package/libupnp18/Config.in      | 16 ----------------
 package/libupnp18/libupnp18.hash |  5 -----
 package/libupnp18/libupnp18.mk   | 26 --------------------------
 package/mpd/Config.in            |  2 +-
 package/mpd/mpd.mk               |  2 +-
 package/vlc/vlc.mk               |  4 ++--
 9 files changed, 14 insertions(+), 53 deletions(-)
 delete mode 100644 package/libupnp18/Config.in
 delete mode 100644 package/libupnp18/libupnp18.hash
 delete mode 100644 package/libupnp18/libupnp18.mk

diff --git a/Config.in.legacy b/Config.in.legacy
index e30f678234..2bf39d7175 100644
--- a/Config.in.legacy
+++ b/Config.in.legacy
@@ -146,6 +146,16 @@ endif
 
 comment "Legacy options removed in 2021.02"
 
+config BR2_PACKAGE_LIBUPNP18
+	bool "libupnp18 package removed"
+	select BR2_LEGACY
+	select BR2_PACKAGE_LIBUPNP
+	help
+	  Version 1.8.x of libupnp (i.e. libupnp18) has been removed
+	  because it will never be fixed against CallStranger a.k.a.
+	  CVE-2020-12695. The libupnp package (which has been updated to
+	  version 1.14.x) has been selected instead.
+
 config BR2_PACKAGE_BOA
 	bool "boa package removed"
 	select BR2_LEGACY
diff --git a/DEVELOPERS b/DEVELOPERS
index d3623fcec3..852d779a5b 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -862,7 +862,6 @@ F:	package/librsync/
 F:	package/libsoup/
 F:	package/libsoxr/
 F:	package/libupnp/
-F:	package/libupnp18/
 F:	package/libv4l/
 F:	package/libxslt/
 F:	package/mbedtls/
diff --git a/package/Config.in b/package/Config.in
index 494e077df5..57d77a7525 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -1791,7 +1791,6 @@ menu "Networking"
 	source "package/libuev/Config.in"
 	source "package/libuhttpd/Config.in"
 	source "package/libupnp/Config.in"
-	source "package/libupnp18/Config.in"
 	source "package/libupnpp/Config.in"
 	source "package/liburiparser/Config.in"
 	source "package/libuwsc/Config.in"
diff --git a/package/libupnp18/Config.in b/package/libupnp18/Config.in
deleted file mode 100644
index 58508e4e26..0000000000
--- a/package/libupnp18/Config.in
+++ /dev/null
@@ -1,16 +0,0 @@
-config BR2_PACKAGE_LIBUPNP18
-	bool "libupnp18"
-	depends on BR2_TOOLCHAIN_HAS_THREADS
-	depends on !BR2_PACKAGE_LIBUPNP
-	help
-	  The portable SDK for UPnP(tm) Devices (libupnp) provides
-	  developers with an API and open source code for building
-	  control points, devices, and bridges that are compliant with
-	  Version 1.0 of the Universal Plug and Play Device Architecture
-	  Specification
-
-	  http://pupnp.sourceforge.net/
-
-comment "libupnp18 needs a toolchain w/ threads"
-	depends on !BR2_PACKAGE_LIBUPNP
-	depends on !BR2_TOOLCHAIN_HAS_THREADS
diff --git a/package/libupnp18/libupnp18.hash b/package/libupnp18/libupnp18.hash
deleted file mode 100644
index ba9ce1bcdf..0000000000
--- a/package/libupnp18/libupnp18.hash
+++ /dev/null
@@ -1,5 +0,0 @@
-# From https://sourceforge.net/projects/pupnp/files/pupnp/libupnp-1.8.7/libupnp-1.8.7.tar.bz2.sha1
-sha1  2ea3011180c58b0584f0cb73cc8e685a0a1c4ec8  libupnp-1.8.7.tar.bz2
-# Locally computed:
-sha256  e38c69b2b67322e67cd53680db9b02c7c1f720a47a3cd626fd89d57d2dca93b8  libupnp-1.8.7.tar.bz2
-sha256  c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3  COPYING
diff --git a/package/libupnp18/libupnp18.mk b/package/libupnp18/libupnp18.mk
deleted file mode 100644
index f17a1a720d..0000000000
--- a/package/libupnp18/libupnp18.mk
+++ /dev/null
@@ -1,26 +0,0 @@
-################################################################################
-#
-# libupnp18
-#
-################################################################################
-
-LIBUPNP18_VERSION = 1.8.7
-LIBUPNP18_SOURCE = libupnp-$(LIBUPNP18_VERSION).tar.bz2
-LIBUPNP18_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP18_VERSION)
-LIBUPNP18_CONF_ENV = ac_cv_lib_compat_ftime=no
-LIBUPNP18_INSTALL_STAGING = YES
-LIBUPNP18_LICENSE = BSD-3-Clause
-LIBUPNP18_LICENSE_FILES = COPYING
-LIBUPNP18_DEPENDENCIES = host-pkgconf
-
-# Bind the internal miniserver socket with reuseaddr to allow clean restarts.
-LIBUPNP18_CONF_OPTS += --enable-reuseaddr
-
-ifeq ($(BR2_PACKAGE_OPENSSL),y)
-LIBUPNP18_CONF_OPTS += --enable-open-ssl
-LIBUPNP18_DEPENDENCIES += openssl
-else
-LIBUPNP18_CONF_OPTS += --disable-open-ssl
-endif
-
-$(eval $(autotools-package))
diff --git a/package/mpd/Config.in b/package/mpd/Config.in
index 3343468f43..de97bbab60 100644
--- a/package/mpd/Config.in
+++ b/package/mpd/Config.in
@@ -404,7 +404,7 @@ config BR2_PACKAGE_MPD_TCP
 config BR2_PACKAGE_MPD_UPNP
 	bool "UPnP"
 	select BR2_PACKAGE_EXPAT
-	select BR2_PACKAGE_LIBUPNP18 if !BR2_PACKAGE_LIBUPNP
+	select BR2_PACKAGE_LIBUPNP
 	select BR2_PACKAGE_MPD_CURL
 	help
 	  Enable MPD UPnP client support.
diff --git a/package/mpd/mpd.mk b/package/mpd/mpd.mk
index 8a6f132ffb..5cdcc2c009 100644
--- a/package/mpd/mpd.mk
+++ b/package/mpd/mpd.mk
@@ -321,7 +321,7 @@ endif
 ifeq ($(BR2_PACKAGE_MPD_UPNP),y)
 MPD_DEPENDENCIES += \
 	expat \
-	$(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18)
+	libupnp
 MPD_CONF_OPTS += -Dupnp=enabled
 else
 MPD_CONF_OPTS += -Dupnp=disabled
diff --git a/package/vlc/vlc.mk b/package/vlc/vlc.mk
index 95eb7d39a2..020c37aa5d 100644
--- a/package/vlc/vlc.mk
+++ b/package/vlc/vlc.mk
@@ -378,9 +378,9 @@ else
 VLC_CONF_OPTS += --disable-theora
 endif
 
-ifeq ($(BR2_PACKAGE_LIBUPNP)$(BR2_PACKAGE_LIBUPNP18),y)
+ifeq ($(BR2_PACKAGE_LIBUPNP),y)
 VLC_CONF_OPTS += --enable-upnp
-VLC_DEPENDENCIES += $(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18)
+VLC_DEPENDENCIES += libupnp
 else
 VLC_CONF_OPTS += --disable-upnp
 endif
-- 
2.29.2

^ permalink raw reply related	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0
  2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
                   ` (4 preceding siblings ...)
  2021-01-25 19:49 ` [Buildroot] [PATCH v3,6/6] package/libupnp18: drop package Fabrice Fontaine
@ 2021-01-25 21:26 ` Yann E. MORIN
  2021-01-28 19:13 ` Peter Korsgaard
  6 siblings, 0 replies; 22+ messages in thread
From: Yann E. MORIN @ 2021-01-25 21:26 UTC (permalink / raw)
  To: buildroot

Fabrice, All,

On 2021-01-25 20:49 +0100, Fabrice Fontaine spake thusly:
> - Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
> - Update indentation in hash file (two spaces)
> - Backport all changes from libupnp18 to libupnp:
>   - Use COPYING instead of LICENSE (no license change)
>   - Add host-pkgconf dependency
>   - Add --enable-reuseaddr
>   - Add openssl optional dependency
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Series of 6 applied to master, thanks!

I'll further reply to some of those for additional details, but
otherwise: great job, thanks a lot!

Regards,
Yann E. MORIN.

> ---
> Changes v2 -> v3:
>  - Rebase on current master
> 
> Changes v1 -> v2:
>  - Bump libupnp instead of libupnp18 and drop libupnp18
>  - Update ushare and igd2-for-linux
>  - Drop libupnp18
> 
>  package/libupnp/libupnp.hash |  4 ++--
>  package/libupnp/libupnp.mk   | 18 +++++++++++++++---
>  2 files changed, 17 insertions(+), 5 deletions(-)
> 
> diff --git a/package/libupnp/libupnp.hash b/package/libupnp/libupnp.hash
> index e52b7ea9d7..6b16eff3c8 100644
> --- a/package/libupnp/libupnp.hash
> +++ b/package/libupnp/libupnp.hash
> @@ -1,3 +1,3 @@
>  # Locally computed:
> -sha256	c5a300b86775435c076d58a79cc0d5a977d76027d2a7d721590729b7f369fa43	libupnp-1.6.25.tar.bz2
> -sha256	0375955c8a79d6e8fa0792d45d00fc4e7710d7ac95bcbd27f9225a83f5c946fd	LICENSE
> +sha256  ecb23d4291968c8a7bdd4eb16fc2250dbacc16b354345a13342d67f571d35ceb  libupnp-1.14.0.tar.bz2
> +sha256  c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3  COPYING
> diff --git a/package/libupnp/libupnp.mk b/package/libupnp/libupnp.mk
> index b7836590c2..ebc5e83765 100644
> --- a/package/libupnp/libupnp.mk
> +++ b/package/libupnp/libupnp.mk
> @@ -4,13 +4,25 @@
>  #
>  ################################################################################
>  
> -LIBUPNP_VERSION = 1.6.25
> +LIBUPNP_VERSION = 1.14.0
>  LIBUPNP_SOURCE = libupnp-$(LIBUPNP_VERSION).tar.bz2
> -LIBUPNP_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libUPnP%20$(LIBUPNP_VERSION)
> +LIBUPNP_SITE = \
> +	http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP_VERSION)
>  LIBUPNP_CONF_ENV = ac_cv_lib_compat_ftime=no
>  LIBUPNP_INSTALL_STAGING = YES
>  LIBUPNP_LICENSE = BSD-3-Clause
> -LIBUPNP_LICENSE_FILES = LICENSE
> +LIBUPNP_LICENSE_FILES = COPYING
>  LIBUPNP_CPE_ID_VALID = YES
> +LIBUPNP_DEPENDENCIES = host-pkgconf
> +
> +# Bind the internal miniserver socket with reuseaddr to allow clean restarts.
> +LIBUPNP_CONF_OPTS += --enable-reuseaddr
> +
> +ifeq ($(BR2_PACKAGE_OPENSSL),y)
> +LIBUPNP_CONF_OPTS += --enable-open-ssl
> +LIBUPNP_DEPENDENCIES += openssl
> +else
> +LIBUPNP_CONF_OPTS += --disable-open-ssl
> +endif
>  
>  $(eval $(autotools-package))
> -- 
> 2.29.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4 Fabrice Fontaine
@ 2021-01-25 21:29   ` Yann E. MORIN
  2021-01-28 19:15   ` Peter Korsgaard
  1 sibling, 0 replies; 22+ messages in thread
From: Yann E. MORIN @ 2021-01-25 21:29 UTC (permalink / raw)
  To: buildroot


Fabrice, All,

On 2021-01-25 20:49 +0100, Fabrice Fontaine spake thusly:
> - This version is compatible with libupnp 1.14.x which fix
>   CallStranger a.k.a. CVE-2020-12695
[--SNIP--]
> diff --git a/package/gerbera/gerbera.mk b/package/gerbera/gerbera.mk
> index 7f0ac664fe..f26615a8f8 100644
> --- a/package/gerbera/gerbera.mk
> +++ b/package/gerbera/gerbera.mk
> @@ -4,20 +4,23 @@
>  #
>  ################################################################################
>  
> -GERBERA_VERSION = 1.4.0
> +GERBERA_VERSION = 1.6.4
>  GERBERA_SITE = $(call github,gerbera,gerbera,v$(GERBERA_VERSION))
>  GERBERA_LICENSE = GPL-2.0
>  GERBERA_LICENSE_FILES = LICENSE.md
>  GERBERA_DEPENDENCIES = \
> -	expat \
> +	fmt \
>  	host-pkgconf \
> -	libupnp18 \
> +	$(if $(BR2_PACKAGE_LIBUPNP),libupnp) \
> +	pugixml \
> +	spdlog \
>  	sqlite \
>  	util-linux \
>  	zlib
>  GERBERA_CONF_OPTS = \
>  	-DWITH_DEBUG=OFF \
> -	-DWITH_JS=OFF
> +	-DWITH_JS=OFF \
> +	-DCXX_FILESYSTEM_NO_LINK_NEEDED=ON
>  
>  # Uses __atomic_fetch_add_4
>  ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
> @@ -70,6 +73,13 @@ else
>  GERBERA_CONF_OPTS += -DWITH_MATROSKA=OFF
>  endif
>  
> +ifeq ($(BR2_PACKAGE_LIBNPUNP),y)
                            ^^
Typo: BR2_PACKAGE_LIBNPUPNP

> +GERBERA_DEPENDENCIES += libnpupnp
> +GERBERA_CONF_OPTS += -DWITH_NPUPNP=ON
> +else
> +GERBERA_CONF_OPTS += -DWITH_NPUPNP=OFF
> +endif

The way you wrote this means that, if both libupnp and libnpupnp
(dmaned, I see why you did that typo!) are enabled, then gerbera will
depend on both, but will only use libnpupnp.

I've changed that so only one of is in the dependency chain, with a
preference toward libnpupnp.

Applied to master, thanks.

Regards,
Yann E. MORIN.

>  ifeq ($(BR2_PACKAGE_MYSQL),y)
>  GERBERA_DEPENDENCIES += mysql
>  GERBERA_CONF_OPTS += -DWITH_MYSQL=ON
> -- 
> 2.29.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support Fabrice Fontaine
@ 2021-01-25 21:31   ` Yann E. MORIN
  2021-01-28 19:15   ` Peter Korsgaard
  1 sibling, 0 replies; 22+ messages in thread
From: Yann E. MORIN @ 2021-01-25 21:31 UTC (permalink / raw)
  To: buildroot

Fabrice, All,

On 2021-01-25 20:49 +0100, Fabrice Fontaine spake thusly:
> Using libupnp 1.14.x is needed to fix CallStranger a.k.a. CVE-2020-12695
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  .../0001-Drop-UpnpInit.patch                  | 175 ++++++++++++++++++
>  package/gmrender-resurrect/Config.in          |   2 +-
>  .../gmrender-resurrect/gmrender-resurrect.mk  |   2 +-
>  3 files changed, 177 insertions(+), 2 deletions(-)
>  create mode 100644 package/gmrender-resurrect/0001-Drop-UpnpInit.patch
> 
> diff --git a/package/gmrender-resurrect/0001-Drop-UpnpInit.patch b/package/gmrender-resurrect/0001-Drop-UpnpInit.patch
> new file mode 100644
> index 0000000000..18ec7bb515
> --- /dev/null
> +++ b/package/gmrender-resurrect/0001-Drop-UpnpInit.patch
> @@ -0,0 +1,175 @@
> +From dc8c4d4dc234311b3099e7f1efadf5d9733c81e9 Mon Sep 17 00:00:00 2001
> +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +Date: Fri, 21 Aug 2020 21:29:00 +0200
> +Subject: [PATCH] Drop UpnpInit
> +
> +UpnpInit has been dropped from libupnp 1.14.x as it can't be fixed
> +against CallStranger a.k.a. CVE-2020-12695 so replace it by UpnpInit2
> +which is available since version 1.6.7 and
> +https://github.com/pupnp/pupnp/commit/2bcbdffd89a70364147d345ec5e70a3fce5cbc29
> +
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +[Upstream status:
> +https://github.com/hzeller/gmrender-resurrect/pull/214]

That patch has been applied to upstream master, thanks. I just forgot to
change that when applying. Oh well...

Applied to master, thanks.

Regards,
Yann E. MORIN.

> +---
> + dist-scripts/centos7/README.md     |  2 +-
> + dist-scripts/debian/gmediarender.1 |  8 ++------
> + dist-scripts/fedora/README.md      |  2 +-
> + src/main.c                         | 13 ++++---------
> + src/upnp_device.c                  | 18 +++++++++---------
> + src/upnp_device.h                  |  2 +-
> + 6 files changed, 18 insertions(+), 27 deletions(-)
> +
> +diff --git a/dist-scripts/centos7/README.md b/dist-scripts/centos7/README.md
> +index 278d777..ed82fb6 100644
> +--- a/dist-scripts/centos7/README.md
> ++++ b/dist-scripts/centos7/README.md
> +@@ -45,7 +45,7 @@ Additional configuration is also recommended, sice there's no configuration file
> +     # vi /etc/systemd/system/gmediarender.service.d/customize.conf   # or nano, or emacs, or whatever editor you like
> +     [Service]
> +     ExecStart=
> +-    ExecStart=/usr/bin/gmediarender --port=49494 --ip-address=<your_IP_address> -f "DLNA Renderer GMediaRender"
> ++    ExecStart=/usr/bin/gmediarender --port=49494 --interface-name=<your_interface_name> -f "DLNA Renderer GMediaRender"
> + 
> +     # systemctl daemon-reload
> +     # systemctl start gmediarender.service
> +diff --git a/dist-scripts/debian/gmediarender.1 b/dist-scripts/debian/gmediarender.1
> +index 96123ff..b2b1359 100644
> +--- a/dist-scripts/debian/gmediarender.1
> ++++ b/dist-scripts/debian/gmediarender.1
> +@@ -50,12 +50,8 @@ Usually, it is desirable for the renderer
> + to show up on controllers under a recognisable and unique name. This is 
> + the option to set that name.
> + .TP
> +-.B \-I, \-\-ip\-address \fI\<ip-address\>\fP
> +-The local IP address the service is running and advertised on.  
> +-
> +-This can 
> +-only be a single address, and must be explicitly specified (i.e. not 
> +-0.0.0.0).
> ++.B \-I, \-\-interface\-name \fI\<interface-name\>\fP
> ++The local interface name the service is running and advertised on.
> + .TP
> + .B \-p, \-\-port \fI\<port>\fP
> + Port to listen to. [49152..65535].
> +diff --git a/dist-scripts/fedora/README.md b/dist-scripts/fedora/README.md
> +index 7b9ea4b..45aa536 100644
> +--- a/dist-scripts/fedora/README.md
> ++++ b/dist-scripts/fedora/README.md
> +@@ -43,7 +43,7 @@ Additional configuration is also recommended, sice there's no configuration file
> +     # vi /etc/systemd/system/gmediarender.service.d/customize.conf   # or nano, or emacs, or whatever editor you like
> +     [Service]
> +     ExecStart=
> +-    ExecStart=/usr/bin/gmediarender --port=49494 --ip-address=<your_IP_address> -f "DLNA Renderer GMediaRender"
> ++    ExecStart=/usr/bin/gmediarender --port=49494 --interface-name=<your_interface_name> -f "DLNA Renderer GMediaRender"
> + 
> +     # systemctl daemon-reload
> +     # systemctl start gmediarender.service
> +diff --git a/src/main.c b/src/main.c
> +index ef720e3..2030c49 100644
> +--- a/src/main.c
> ++++ b/src/main.c
> +@@ -69,11 +69,7 @@ static gboolean show_transport_scpd = FALSE;
> + static gboolean show_outputs = FALSE;
> + static gboolean daemon_mode = FALSE;
> + 
> +-// IP-address seems strange in libupnp: they actually don't bind to
> +-// that address, but to INADDR_ANY (miniserver.c in upnp library).
> +-// Apparently they just use this for the advertisement ? Anyway, 0.0.0.0 would
> +-// not work.
> +-static const gchar *ip_address = NULL;
> ++static const gchar *interface_name = NULL;
> + static int listen_port = 49494;
> + 
> + #ifdef GMRENDER_UUID
> +@@ -92,9 +88,8 @@ static const gchar *mime_filter = NULL;
> + static GOptionEntry option_entries[] = {
> + 	{ "version", 0, 0, G_OPTION_ARG_NONE, &show_version,
> + 	  "Output version information and exit", NULL },
> +-	{ "ip-address", 'I', 0, G_OPTION_ARG_STRING, &ip_address,
> +-	  "The local IP address the service is running and advertised "
> +-	  "(only one, 0.0.0.0 won't work)", NULL },
> ++	{ "interface-name", 'I', 0, G_OPTION_ARG_STRING, &interface_name,
> ++	  "The local interface name the service is running and advertised", NULL },
> + 	// The following is not very reliable, as libupnp does not set
> + 	// SO_REUSEADDR by default, so it might increment (sending patch).
> + 	{ "port", 'p', 0, G_OPTION_ARG_INT, &listen_port,
> +@@ -302,7 +297,7 @@ int main(int argc, char **argv)
> + 			  listen_port);
> + 		return EXIT_FAILURE;
> + 	}
> +-	device = upnp_device_init(upnp_renderer, ip_address, listen_port);
> ++	device = upnp_device_init(upnp_renderer, interface_name, listen_port);
> + 	if (device == NULL) {
> + 		Log_error("main", "ERROR: Failed to initialize UPnP device");
> + 		return EXIT_FAILURE;
> +diff --git a/src/upnp_device.c b/src/upnp_device.c
> +index db65e4f..3151238 100644
> +--- a/src/upnp_device.c
> ++++ b/src/upnp_device.c
> +@@ -416,13 +416,13 @@ static UPNP_CALLBACK(event_handler, EventType, event, userdata)
> + 
> + static gboolean initialize_device(struct upnp_device_descriptor *device_def,
> + 				  struct upnp_device *result_device,
> +-				  const char *ip_address,
> ++				  const char *interface_name,
> + 				  unsigned short port)
> + {
> + 	int rc;
> + 	char *buf;
> + 
> +-	rc = UpnpInit(ip_address, port);
> ++	rc = UpnpInit2(interface_name, port);
> + 	/* There have been situations reported in which UPNP had issues
> + 	 * initializing right after network came up. #129
> + 	 */
> +@@ -430,13 +430,13 @@ static gboolean initialize_device(struct upnp_device_descriptor *device_def,
> + 	static const int kRetryTimeMs = 1000;
> + 	while (rc != UPNP_E_SUCCESS && retries_left--) {
> + 		usleep(kRetryTimeMs * 1000);
> +-		Log_error("upnp", "UpnpInit(ip=%s, port=%d) Error: %s (%d). Retrying... (%ds)",
> +-			  ip_address, port, UpnpGetErrorMessage(rc), rc, retries_left);
> +-		rc = UpnpInit(ip_address, port);
> ++		Log_error("upnp", "UpnpInit2(interface=%s, port=%d) Error: %s (%d). Retrying... (%ds)",
> ++			  interface_name, port, UpnpGetErrorMessage(rc), rc, retries_left);
> ++		rc = UpnpInit2(interface_name, port);
> + 	}
> + 	if (UPNP_E_SUCCESS != rc) {
> +-		Log_error("upnp", "UpnpInit(ip=%s, port=%d) Error: %s (%d). Giving up.",
> +-			  ip_address, port, UpnpGetErrorMessage(rc), rc);
> ++		Log_error("upnp", "UpnpInit2(interface=%s, port=%d) Error: %s (%d). Giving up.",
> ++			  interface_name, port, UpnpGetErrorMessage(rc), rc);
> + 		return FALSE;
> + 	}
> + 	Log_info("upnp", "Registered IP=%s port=%d\n",
> +@@ -483,7 +483,7 @@ static gboolean initialize_device(struct upnp_device_descriptor *device_def,
> + }
> + 
> + struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def,
> +-				     const char *ip_address,
> ++				     const char *interface_name,
> + 				     unsigned short port)
> + {
> + 	int rc;
> +@@ -516,7 +516,7 @@ struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def,
> + 		webserver_register_buf(srv->scpd_url, buf, "text/xml");
> + 	}
> + 
> +-	if (!initialize_device(device_def, result_device, ip_address, port)) {
> ++	if (!initialize_device(device_def, result_device, interface_name, port)) {
> + 		UpnpFinish();
> + 		free(result_device);
> + 		return NULL;
> +diff --git a/src/upnp_device.h b/src/upnp_device.h
> +index 3e635e1..8c8e783 100644
> +--- a/src/upnp_device.h
> ++++ b/src/upnp_device.h
> +@@ -49,7 +49,7 @@ struct upnp_device;
> + struct action_event;
> + 
> + struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def,
> +-				     const char *ip_address,
> ++				     const char *interface_name,
> + 				     unsigned short port);
> + 
> + void upnp_device_shutdown(struct upnp_device *device);
> diff --git a/package/gmrender-resurrect/Config.in b/package/gmrender-resurrect/Config.in
> index e7424e3b22..db655ad7f4 100644
> --- a/package/gmrender-resurrect/Config.in
> +++ b/package/gmrender-resurrect/Config.in
> @@ -5,7 +5,7 @@ config BR2_PACKAGE_GMRENDER_RESURRECT
>  	depends on BR2_USE_MMU # gstreamer1
>  	select BR2_PACKAGE_GSTREAMER1
>  	select BR2_PACKAGE_GST1_PLUGINS_BASE # run-time only
> -	select BR2_PACKAGE_LIBUPNP18 if !BR2_PACKAGE_LIBUPNP
> +	select BR2_PACKAGE_LIBUPNP
>  	help
>  	  UPnP (DLNA) media renderer based on gstreamer
>  
> diff --git a/package/gmrender-resurrect/gmrender-resurrect.mk b/package/gmrender-resurrect/gmrender-resurrect.mk
> index e25be39493..3500ab3760 100644
> --- a/package/gmrender-resurrect/gmrender-resurrect.mk
> +++ b/package/gmrender-resurrect/gmrender-resurrect.mk
> @@ -13,6 +13,6 @@ GMRENDER_RESURRECT_LICENSE = GPL-2.0+
>  GMRENDER_RESURRECT_LICENSE_FILES = COPYING
>  GMRENDER_RESURRECT_DEPENDENCIES = \
>  	gstreamer1 \
> -	$(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18)
> +	libupnp
>  
>  $(eval $(autotools-package))
> -- 
> 2.29.2
> 
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 5/6] package/ushare: add libupnp 1.14.x support
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 5/6] package/ushare: " Fabrice Fontaine
@ 2021-01-25 21:34   ` Yann E. MORIN
  2021-01-28 19:16   ` Peter Korsgaard
  1 sibling, 0 replies; 22+ messages in thread
From: Yann E. MORIN @ 2021-01-25 21:34 UTC (permalink / raw)
  To: buildroot

Fabrice, All,

On 2021-01-25 20:49 +0100, Fabrice Fontaine spake thusly:
> This switch is needed to fix CallStranger a.k.a. CVE-2020-12695
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
>  .../0004-switch-to-libupnp-1.14.x-API.patch   | 433 ++++++++++++++++++
>  1 file changed, 433 insertions(+)
>  create mode 100644 package/ushare/0004-switch-to-libupnp-1.14.x-API.patch
> 
> diff --git a/package/ushare/0004-switch-to-libupnp-1.14.x-API.patch b/package/ushare/0004-switch-to-libupnp-1.14.x-API.patch
> new file mode 100644
> index 0000000000..e200bb1926
> --- /dev/null
> +++ b/package/ushare/0004-switch-to-libupnp-1.14.x-API.patch
> @@ -0,0 +1,433 @@
> +From 4643b9cb9e6c0331fd663437a7ed8061b9edf971 Mon Sep 17 00:00:00 2001
> +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +Date: Mon, 24 Aug 2020 19:26:03 +0200
> +Subject: [PATCH] switch to libupnp 1.14.x API
> +
> +Use the new libupnp 1.14.x API (i.e. UpnpInit2) to allow ushare to be
> +protected against CallStranger a.k.a. CVE-2020-12695
> +
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +[Retrieved from:
> +https://github.com/ddugovic/uShare/commit/4643b9cb9e6c0331fd663437a7ed8061b9edf971]

Upstream seems pretty dead, and they even acknowledge that status:

    https://ushare.geexbox.org/

    By lack of spare time, motivation and interest, uShare development
    is currently discontinued (this may change though). Don't expect
    release anytime soon :-(

So, what about switching over to the fork on https://github.com/ddugovic/uShare
which at least seems to like the patches you submit them? ;-)

Anyway: applied to master, thanks.

Regards,
Yann E. MORIN.

-- 
.-----------------.--------------------.------------------.--------------------.
|  Yann E. MORIN  | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software  Designer | \ / CAMPAIGN     |  ___               |
| +33 561 099 427 `------------.-------:  X  AGAINST      |  \e/  There is no  |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL    |   v   conspiracy.  |
'------------------------------^-------^------------------^--------------------'

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0
  2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
                   ` (5 preceding siblings ...)
  2021-01-25 21:26 ` [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Yann E. MORIN
@ 2021-01-28 19:13 ` Peter Korsgaard
  2021-01-29  8:09   ` Peter Korsgaard
  6 siblings, 1 reply; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-28 19:13 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
 > - Update indentation in hash file (two spaces)
 > - Backport all changes from libupnp18 to libupnp:
 >   - Use COPYING instead of LICENSE (no license change)
 >   - Add host-pkgconf dependency
 >   - Add --enable-reuseaddr
 >   - Add openssl optional dependency

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 > ---
 > Changes v2 -> v3:
 >  - Rebase on current master

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4 Fabrice Fontaine
  2021-01-25 21:29   ` Yann E. MORIN
@ 2021-01-28 19:15   ` Peter Korsgaard
  2021-01-29  8:23     ` Peter Korsgaard
  1 sibling, 1 reply; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-28 19:15 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - This version is compatible with libupnp 1.14.x which fix
 >   CallStranger a.k.a. CVE-2020-12695
 > - Drop all patches (already in version)
 > - expat is not needed since version 1.5.0 and
 >   https://github.com/gerbera/gerbera/commit/a4f0cccd6a1f741c55ca69b06cff3a964eebc1f3
 > - fmt is a mandatory dependency since version 1.5.0 and
 >   https://github.com/gerbera/gerbera/commit/fe81e5fc8898d6e3a53ce30ddaafb8439683f46f
 > - spdlog is a mandatory dependency since version 1.5.0 and
 >   https://github.com/gerbera/gerbera/commit/615d698fe4dce9d7462022a00c74af1fac7a1003
 > - pugixml is a mandatory dependency since version 1.5.0 and
 >   https://github.com/gerbera/gerbera/commit/c244006aa04ab2e4c5f3e7003ca727e05440238d
 > - libnpupnp can be used instead of libupnp since version 1.6.2 and
 >   https://github.com/gerbera/gerbera/commit/e648763626e3c2512801bd127a0a3b96c8716faf
 > - Set CXX_FILESYSTEM_NO_LINK_NEEDED to ON to avoid a build failure
 >   due to check_cxx_source_runs which has been added with
 >   https://github.com/gerbera/gerbera/commit/8ea0fce24ce9b1cf870837c3be984fed50581dfb
 > - Update indentation in hash file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 > ---
 > Changes v2 -> v3:
 >  - Bump to version 1.6.4 and add libnpupnp dependency

Committed to 2020.02.x and 2020.11.x, thanks.

I've also pulled the addition of the libnpupnp package for 2020.02.x.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 3/6] package/igd2-for-linux: security bump to version 2.0
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 3/6] package/igd2-for-linux: security bump to version 2.0 Fabrice Fontaine
@ 2021-01-28 19:15   ` Peter Korsgaard
  0 siblings, 0 replies; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-28 19:15 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > - Move site to Orange-OpenSource
 > - Drop patch (already in version)
 > - This version is compatible with libupnp 1.14.x to fix
 >   CallStranger a.k.a. CVE-2020-12695
 > - Add threadutil license (BSD-3-Clause)
 > - Update hash in license file (two spaces)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support Fabrice Fontaine
  2021-01-25 21:31   ` Yann E. MORIN
@ 2021-01-28 19:15   ` Peter Korsgaard
  1 sibling, 0 replies; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-28 19:15 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Using libupnp 1.14.x is needed to fix CallStranger a.k.a. CVE-2020-12695
 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 5/6] package/ushare: add libupnp 1.14.x support
  2021-01-25 19:49 ` [Buildroot] [PATCH v3, 5/6] package/ushare: " Fabrice Fontaine
  2021-01-25 21:34   ` Yann E. MORIN
@ 2021-01-28 19:16   ` Peter Korsgaard
  1 sibling, 0 replies; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-28 19:16 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > This switch is needed to fix CallStranger a.k.a. CVE-2020-12695
 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3,6/6] package/libupnp18: drop package
  2021-01-25 19:49 ` [Buildroot] [PATCH v3,6/6] package/libupnp18: drop package Fabrice Fontaine
@ 2021-01-28 19:54   ` Peter Korsgaard
  0 siblings, 0 replies; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-28 19:54 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

 > Drop libupnp18 as libupnp has been bumped to 1.14.x and 1.8.x will not
 > been fixed against CallStranger a.k.a. CVE-2020-12695

 > mpd and vlc are already compliant with libupnp 1.14.x (i.e those
 > packages use UpnpInit2 instead of the deprecated UpnpInit)

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Committed to 2020.02.x and 2020.11.x, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0
  2021-01-28 19:13 ` Peter Korsgaard
@ 2021-01-29  8:09   ` Peter Korsgaard
  2021-01-30  9:28     ` Fabrice Fontaine
  0 siblings, 1 reply; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-29  8:09 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
 >> - Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
 >> - Update indentation in hash file (two spaces)
 >> - Backport all changes from libupnp18 to libupnp:
 >> - Use COPYING instead of LICENSE (no license change)
 >> - Add host-pkgconf dependency
 >> - Add --enable-reuseaddr
 >> - Add openssl optional dependency

 >> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 >> ---
 >> Changes v2 -> v3:
 >> - Rebase on current master

 > Committed to 2020.02.x and 2020.11.x, thanks.

This unfortunately breaks the old linphone stack on 2020.02.x, so I will
bump bctoolbox/ortp/mediastreamer/linphone.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4
  2021-01-28 19:15   ` Peter Korsgaard
@ 2021-01-29  8:23     ` Peter Korsgaard
  2021-01-29  8:56       ` Fabrice Fontaine
  0 siblings, 1 reply; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-29  8:23 UTC (permalink / raw)
  To: buildroot

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
 >> - This version is compatible with libupnp 1.14.x which fix
 >> CallStranger a.k.a. CVE-2020-12695
 >> - Drop all patches (already in version)
 >> - expat is not needed since version 1.5.0 and
 >> https://github.com/gerbera/gerbera/commit/a4f0cccd6a1f741c55ca69b06cff3a964eebc1f3
 >> - fmt is a mandatory dependency since version 1.5.0 and
 >> https://github.com/gerbera/gerbera/commit/fe81e5fc8898d6e3a53ce30ddaafb8439683f46f
 >> - spdlog is a mandatory dependency since version 1.5.0 and
 >> https://github.com/gerbera/gerbera/commit/615d698fe4dce9d7462022a00c74af1fac7a1003
 >> - pugixml is a mandatory dependency since version 1.5.0 and
 >> https://github.com/gerbera/gerbera/commit/c244006aa04ab2e4c5f3e7003ca727e05440238d
 >> - libnpupnp can be used instead of libupnp since version 1.6.2 and
 >> https://github.com/gerbera/gerbera/commit/e648763626e3c2512801bd127a0a3b96c8716faf
 >> - Set CXX_FILESYSTEM_NO_LINK_NEEDED to ON to avoid a build failure
 >> due to check_cxx_source_runs which has been added with
 >> https://github.com/gerbera/gerbera/commit/8ea0fce24ce9b1cf870837c3be984fed50581dfb
 >> - Update indentation in hash file (two spaces)

 >> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 >> ---
 >> Changes v2 -> v3:
 >> - Bump to version 1.6.4 and add libnpupnp dependency

 > Committed to 2020.02.x and 2020.11.x, thanks.

 > I've also pulled the addition of the libnpupnp package for 2020.02.x.

Gerbera now unfortunately needs cmake 3.14+:

CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
  CMake 3.14 or higher is required.  You are running version 3.13.4

http://autobuild.buildroot.net/results/871/8717612ae32cc491b868f37fbbc960c16b562877/build-end.log

And we only require 3.10 on 2020.02.x / 2020.11.x. Any idea how to fix?

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4
  2021-01-29  8:23     ` Peter Korsgaard
@ 2021-01-29  8:56       ` Fabrice Fontaine
  2021-01-29  9:06         ` Peter Korsgaard
  0 siblings, 1 reply; 22+ messages in thread
From: Fabrice Fontaine @ 2021-01-29  8:56 UTC (permalink / raw)
  To: buildroot

Hi Peter,

Le ven. 29 janv. 2021 ? 09:23, Peter Korsgaard <peter@korsgaard.com> a ?crit :
>
> >>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
>
> >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
>  >> - This version is compatible with libupnp 1.14.x which fix
>  >> CallStranger a.k.a. CVE-2020-12695
>  >> - Drop all patches (already in version)
>  >> - expat is not needed since version 1.5.0 and
>  >> https://github.com/gerbera/gerbera/commit/a4f0cccd6a1f741c55ca69b06cff3a964eebc1f3
>  >> - fmt is a mandatory dependency since version 1.5.0 and
>  >> https://github.com/gerbera/gerbera/commit/fe81e5fc8898d6e3a53ce30ddaafb8439683f46f
>  >> - spdlog is a mandatory dependency since version 1.5.0 and
>  >> https://github.com/gerbera/gerbera/commit/615d698fe4dce9d7462022a00c74af1fac7a1003
>  >> - pugixml is a mandatory dependency since version 1.5.0 and
>  >> https://github.com/gerbera/gerbera/commit/c244006aa04ab2e4c5f3e7003ca727e05440238d
>  >> - libnpupnp can be used instead of libupnp since version 1.6.2 and
>  >> https://github.com/gerbera/gerbera/commit/e648763626e3c2512801bd127a0a3b96c8716faf
>  >> - Set CXX_FILESYSTEM_NO_LINK_NEEDED to ON to avoid a build failure
>  >> due to check_cxx_source_runs which has been added with
>  >> https://github.com/gerbera/gerbera/commit/8ea0fce24ce9b1cf870837c3be984fed50581dfb
>  >> - Update indentation in hash file (two spaces)
>
>  >> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>  >> ---
>  >> Changes v2 -> v3:
>  >> - Bump to version 1.6.4 and add libnpupnp dependency
>
>  > Committed to 2020.02.x and 2020.11.x, thanks.
>
>  > I've also pulled the addition of the libnpupnp package for 2020.02.x.
>
> Gerbera now unfortunately needs cmake 3.14+:
>
> CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
>   CMake 3.14 or higher is required.  You are running version 3.13.4
>
> http://autobuild.buildroot.net/results/871/8717612ae32cc491b868f37fbbc960c16b562877/build-end.log
>
> And we only require 3.10 on 2020.02.x / 2020.11.x. Any idea how to fix?
Unfortunately, I don't think there is an easy fix to remove this requirement.
gerbera requires cmake 3.14 since version 1.6.0 and
https://github.com/gerbera/gerbera/commit/0120e20cf4ae514de429e7f08d99a0a377f50553

The commit log specifies that they bumped CMake minimum to have
proper support for properties on imported targets as well as some Find modules.

We could retrieve upstream commit e5d582588904f6cacc7e4bf25104326e7b917e4d
to lower the dependency on cmake 3.13 but that won't help much.
>
> --
> Bye, Peter Korsgaard

Best Regards,

Fabrice

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4
  2021-01-29  8:56       ` Fabrice Fontaine
@ 2021-01-29  9:06         ` Peter Korsgaard
  0 siblings, 0 replies; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-29  9:06 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

Hi,

 >> > Committed to 2020.02.x and 2020.11.x, thanks.
 >> 
 >> > I've also pulled the addition of the libnpupnp package for 2020.02.x.
 >> 
 >> Gerbera now unfortunately needs cmake 3.14+:
 >> 
 >> CMake Error at CMakeLists.txt:1 (cmake_minimum_required):
 >> CMake 3.14 or higher is required.  You are running version 3.13.4
 >> 
 >> http://autobuild.buildroot.net/results/871/8717612ae32cc491b868f37fbbc960c16b562877/build-end.log
 >> 
 >> And we only require 3.10 on 2020.02.x / 2020.11.x. Any idea how to fix?
 > Unfortunately, I don't think there is an easy fix to remove this requirement.
 > gerbera requires cmake 3.14 since version 1.6.0 and
 > https://github.com/gerbera/gerbera/commit/0120e20cf4ae514de429e7f08d99a0a377f50553

 > The commit log specifies that they bumped CMake minimum to have
 > proper support for properties on imported targets as well as some Find modules.

 > We could retrieve upstream commit e5d582588904f6cacc7e4bf25104326e7b917e4d
 > to lower the dependency on cmake 3.13 but that won't help much.

Thanks for investigating. I guess the only pragmatic solution then is
the add a dependency for gerbera on host-cmake (3.15), and figure out a
way to use that for the build.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0
  2021-01-29  8:09   ` Peter Korsgaard
@ 2021-01-30  9:28     ` Fabrice Fontaine
  2021-01-30  9:37       ` Peter Korsgaard
  0 siblings, 1 reply; 22+ messages in thread
From: Fabrice Fontaine @ 2021-01-30  9:28 UTC (permalink / raw)
  To: buildroot

Le ven. 29 janv. 2021 ? 09:09, Peter Korsgaard <peter@korsgaard.com> a ?crit :
>
> >>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
>
> >>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:
>  >> - Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
>  >> - Update indentation in hash file (two spaces)
>  >> - Backport all changes from libupnp18 to libupnp:
>  >> - Use COPYING instead of LICENSE (no license change)
>  >> - Add host-pkgconf dependency
>  >> - Add --enable-reuseaddr
>  >> - Add openssl optional dependency
>
>  >> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>  >> ---
>  >> Changes v2 -> v3:
>  >> - Rebase on current master
>
>  > Committed to 2020.02.x and 2020.11.x, thanks.
>
> This unfortunately breaks the old linphone stack on 2020.02.x, so I will
> bump bctoolbox/ortp/mediastreamer/linphone.
linphone also needs belle-sip and belr, I'll send a patch to add them
in 2020.02.x.
>
> --
> Bye, Peter Korsgaard
Best Regards,

Fabrice

^ permalink raw reply	[flat|nested] 22+ messages in thread

* [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0
  2021-01-30  9:28     ` Fabrice Fontaine
@ 2021-01-30  9:37       ` Peter Korsgaard
  0 siblings, 0 replies; 22+ messages in thread
From: Peter Korsgaard @ 2021-01-30  9:37 UTC (permalink / raw)
  To: buildroot

>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice@gmail.com> writes:

Hi,

 >> > Committed to 2020.02.x and 2020.11.x, thanks.
 >> 
 >> This unfortunately breaks the old linphone stack on 2020.02.x, so I will
 >> bump bctoolbox/ortp/mediastreamer/linphone.
 > linphone also needs belle-sip and belr, I'll send a patch to add them
 > in 2020.02.x.

Ahh, thanks.

-- 
Bye, Peter Korsgaard

^ permalink raw reply	[flat|nested] 22+ messages in thread

end of thread, other threads:[~2021-01-30  9:37 UTC | newest]

Thread overview: 22+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4 Fabrice Fontaine
2021-01-25 21:29   ` Yann E. MORIN
2021-01-28 19:15   ` Peter Korsgaard
2021-01-29  8:23     ` Peter Korsgaard
2021-01-29  8:56       ` Fabrice Fontaine
2021-01-29  9:06         ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 3/6] package/igd2-for-linux: security bump to version 2.0 Fabrice Fontaine
2021-01-28 19:15   ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support Fabrice Fontaine
2021-01-25 21:31   ` Yann E. MORIN
2021-01-28 19:15   ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 5/6] package/ushare: " Fabrice Fontaine
2021-01-25 21:34   ` Yann E. MORIN
2021-01-28 19:16   ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3,6/6] package/libupnp18: drop package Fabrice Fontaine
2021-01-28 19:54   ` Peter Korsgaard
2021-01-25 21:26 ` [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Yann E. MORIN
2021-01-28 19:13 ` Peter Korsgaard
2021-01-29  8:09   ` Peter Korsgaard
2021-01-30  9:28     ` Fabrice Fontaine
2021-01-30  9:37       ` Peter Korsgaard

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.