From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0
Date: Mon, 25 Jan 2021 22:26:35 +0100 [thread overview]
Message-ID: <20210125212635.GO2325@scaer> (raw)
In-Reply-To: <20210125194949.1173139-1-fontaine.fabrice@gmail.com>
Fabrice, All,
On 2021-01-25 20:49 +0100, Fabrice Fontaine spake thusly:
> - Fix CallStranger a.k.a. CVE-2020-12695 as well as CVE-2020-13848
> - Update indentation in hash file (two spaces)
> - Backport all changes from libupnp18 to libupnp:
> - Use COPYING instead of LICENSE (no license change)
> - Add host-pkgconf dependency
> - Add --enable-reuseaddr
> - Add openssl optional dependency
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Series of 6 applied to master, thanks!
I'll further reply to some of those for additional details, but
otherwise: great job, thanks a lot!
Regards,
Yann E. MORIN.
> ---
> Changes v2 -> v3:
> - Rebase on current master
>
> Changes v1 -> v2:
> - Bump libupnp instead of libupnp18 and drop libupnp18
> - Update ushare and igd2-for-linux
> - Drop libupnp18
>
> package/libupnp/libupnp.hash | 4 ++--
> package/libupnp/libupnp.mk | 18 +++++++++++++++---
> 2 files changed, 17 insertions(+), 5 deletions(-)
>
> diff --git a/package/libupnp/libupnp.hash b/package/libupnp/libupnp.hash
> index e52b7ea9d7..6b16eff3c8 100644
> --- a/package/libupnp/libupnp.hash
> +++ b/package/libupnp/libupnp.hash
> @@ -1,3 +1,3 @@
> # Locally computed:
> -sha256 c5a300b86775435c076d58a79cc0d5a977d76027d2a7d721590729b7f369fa43 libupnp-1.6.25.tar.bz2
> -sha256 0375955c8a79d6e8fa0792d45d00fc4e7710d7ac95bcbd27f9225a83f5c946fd LICENSE
> +sha256 ecb23d4291968c8a7bdd4eb16fc2250dbacc16b354345a13342d67f571d35ceb libupnp-1.14.0.tar.bz2
> +sha256 c8b99423cad48bb44e2cf52a496361404290865eac259a82da6d1e4331ececb3 COPYING
> diff --git a/package/libupnp/libupnp.mk b/package/libupnp/libupnp.mk
> index b7836590c2..ebc5e83765 100644
> --- a/package/libupnp/libupnp.mk
> +++ b/package/libupnp/libupnp.mk
> @@ -4,13 +4,25 @@
> #
> ################################################################################
>
> -LIBUPNP_VERSION = 1.6.25
> +LIBUPNP_VERSION = 1.14.0
> LIBUPNP_SOURCE = libupnp-$(LIBUPNP_VERSION).tar.bz2
> -LIBUPNP_SITE = http://downloads.sourceforge.net/project/pupnp/pupnp/libUPnP%20$(LIBUPNP_VERSION)
> +LIBUPNP_SITE = \
> + http://downloads.sourceforge.net/project/pupnp/pupnp/libupnp-$(LIBUPNP_VERSION)
> LIBUPNP_CONF_ENV = ac_cv_lib_compat_ftime=no
> LIBUPNP_INSTALL_STAGING = YES
> LIBUPNP_LICENSE = BSD-3-Clause
> -LIBUPNP_LICENSE_FILES = LICENSE
> +LIBUPNP_LICENSE_FILES = COPYING
> LIBUPNP_CPE_ID_VALID = YES
> +LIBUPNP_DEPENDENCIES = host-pkgconf
> +
> +# Bind the internal miniserver socket with reuseaddr to allow clean restarts.
> +LIBUPNP_CONF_OPTS += --enable-reuseaddr
> +
> +ifeq ($(BR2_PACKAGE_OPENSSL),y)
> +LIBUPNP_CONF_OPTS += --enable-open-ssl
> +LIBUPNP_DEPENDENCIES += openssl
> +else
> +LIBUPNP_CONF_OPTS += --disable-open-ssl
> +endif
>
> $(eval $(autotools-package))
> --
> 2.29.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2021-01-25 21:26 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4 Fabrice Fontaine
2021-01-25 21:29 ` Yann E. MORIN
2021-01-28 19:15 ` Peter Korsgaard
2021-01-29 8:23 ` Peter Korsgaard
2021-01-29 8:56 ` Fabrice Fontaine
2021-01-29 9:06 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 3/6] package/igd2-for-linux: security bump to version 2.0 Fabrice Fontaine
2021-01-28 19:15 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support Fabrice Fontaine
2021-01-25 21:31 ` Yann E. MORIN
2021-01-28 19:15 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 5/6] package/ushare: " Fabrice Fontaine
2021-01-25 21:34 ` Yann E. MORIN
2021-01-28 19:16 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3,6/6] package/libupnp18: drop package Fabrice Fontaine
2021-01-28 19:54 ` Peter Korsgaard
2021-01-25 21:26 ` Yann E. MORIN [this message]
2021-01-28 19:13 ` [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Peter Korsgaard
2021-01-29 8:09 ` Peter Korsgaard
2021-01-30 9:28 ` Fabrice Fontaine
2021-01-30 9:37 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210125212635.GO2325@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox