From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0
Date: Mon, 25 Jan 2021 22:26:35 +0100 [thread overview]
Message-ID: <20210125212635.GO2325@scaer> (raw)
In-Reply-To: <20210125194949.1173139-1-fontaine.fabrice@gmail.com>
Fabrice, All,
On 2021-01-25 20:49 +0100, Fabrice Fontaine spake thusly:
> - Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
> - Update indentation in hash file (two spaces)
> - Backport all changes from libupnp18 to libupnp:
> - Use COPYING instead of LICENSE (no license change)
> - Add host-pkgconf dependency
> - Add --enable-reuseaddr
> - Add openssl optional dependency
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Series of 6 applied to master, thanks!
I'll further reply to some of those for additional details, but
otherwise: great job, thanks a lot!
Regards,
Yann E. MORIN.
> ---
> Changes v2 -> v3:
> - Rebase on current master
>
> Changes v1 -> v2:
> - Bump libupnp instead of libupnp18 and drop libupnp18
> - Update ushare and igd2-for-linux
> - Drop libupnp18
>
> package/libupnp/libupnp.hash | 4 ++--
> package/libupnp/libupnp.mk | 18 +++++++++++++++---
> 2 files changed, 17 insertions(+), 5 deletions(-)
>
> diff --git a/package/libupnp/libupnp.hash b/package/libupnp/libupnp.hash
> index e52b7ea9d7..6b16eff3c8 100644
> --- a/package/libupnp/libupnp.hash
> +++ b/package/libupnp/libupnp.hash
> @@ -1,3 +1,3 @@
> # Locally computed:
> -sha256 c5a300b86775435c076d58a79cc0d5a977d76027d2a7d721590729b7f369fa43 libupnp-1.6.25.tar.bz2
> -sha256 0375955c8a79d6e8fa0792d45d00fc4e7710d7ac95bcbd27f9225a83f5c946fd LICENSE
> +sha256 ecb23d4291968c8a7bdd4eb16fc2250dbacc16b354345a13342d67f571d35ceb libupnp-1.14.0.tar.bz2
> +sha256 c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3 COPYING
> diff --git a/package/libupnp/libupnp.mk b/package/libupnp/libupnp.mk
> index b7836590c2..ebc5e83765 100644
> --- a/package/libupnp/libupnp.mk
> +++ b/package/libupnp/libupnp.mk
> @@ -4,13 +4,25 @@
> #
> ################################################################################
>
> -LIBUPNP_VERSION = 1.6.25
> +LIBUPNP_VERSION = 1.14.0
> LIBUPNP_SOURCE = libupnp-$(LIBUPNP_VERSION).tar.bz2
> -LIBUPNP_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libUPnP%20$(LIBUPNP_VERSION)
> +LIBUPNP_SITE = \
> + http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP_VERSION)
> LIBUPNP_CONF_ENV = ac_cv_lib_compat_ftime=no
> LIBUPNP_INSTALL_STAGING = YES
> LIBUPNP_LICENSE = BSD-3-Clause
> -LIBUPNP_LICENSE_FILES = LICENSE
> +LIBUPNP_LICENSE_FILES = COPYING
> LIBUPNP_CPE_ID_VALID = YES
> +LIBUPNP_DEPENDENCIES = host-pkgconf
> +
> +# Bind the internal miniserver socket with reuseaddr to allow clean restarts.
> +LIBUPNP_CONF_OPTS += --enable-reuseaddr
> +
> +ifeq ($(BR2_PACKAGE_OPENSSL),y)
> +LIBUPNP_CONF_OPTS += --enable-open-ssl
> +LIBUPNP_DEPENDENCIES += openssl
> +else
> +LIBUPNP_CONF_OPTS += --disable-open-ssl
> +endif
>
> $(eval $(autotools-package))
> --
> 2.29.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2021-01-25 21:26 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4 Fabrice Fontaine
2021-01-25 21:29 ` Yann E. MORIN
2021-01-28 19:15 ` Peter Korsgaard
2021-01-29 8:23 ` Peter Korsgaard
2021-01-29 8:56 ` Fabrice Fontaine
2021-01-29 9:06 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 3/6] package/igd2-for-linux: security bump to version 2.0 Fabrice Fontaine
2021-01-28 19:15 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support Fabrice Fontaine
2021-01-25 21:31 ` Yann E. MORIN
2021-01-28 19:15 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 5/6] package/ushare: " Fabrice Fontaine
2021-01-25 21:34 ` Yann E. MORIN
2021-01-28 19:16 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3,6/6] package/libupnp18: drop package Fabrice Fontaine
2021-01-28 19:54 ` Peter Korsgaard
2021-01-25 21:26 ` Yann E. MORIN [this message]
2021-01-28 19:13 ` [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Peter Korsgaard
2021-01-29 8:09 ` Peter Korsgaard
2021-01-30 9:28 ` Fabrice Fontaine
2021-01-30 9:37 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210125212635.GO2325@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.