From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support
Date: Mon, 25 Jan 2021 22:31:20 +0100 [thread overview]
Message-ID: <20210125213120.GQ2325@scaer> (raw)
In-Reply-To: <20210125194949.1173139-4-fontaine.fabrice@gmail.com>
Fabrice, All,
On 2021-01-25 20:49 +0100, Fabrice Fontaine spake thusly:
> Using libupnp 1.14.x is needed to fix CallStranger a.k.a. CVE-2020-12695
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> .../0001-Drop-UpnpInit.patch | 175 ++++++++++++++++++
> package/gmrender-resurrect/Config.in | 2 +-
> .../gmrender-resurrect/gmrender-resurrect.mk | 2 +-
> 3 files changed, 177 insertions(+), 2 deletions(-)
> create mode 100644 package/gmrender-resurrect/0001-Drop-UpnpInit.patch
>
> diff --git a/package/gmrender-resurrect/0001-Drop-UpnpInit.patch b/package/gmrender-resurrect/0001-Drop-UpnpInit.patch
> new file mode 100644
> index 0000000000..18ec7bb515
> --- /dev/null
> +++ b/package/gmrender-resurrect/0001-Drop-UpnpInit.patch
> @@ -0,0 +1,175 @@
> +From dc8c4d4dc234311b3099e7f1efadf5d9733c81e9 Mon Sep 17 00:00:00 2001
> +From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +Date: Fri, 21 Aug 2020 21:29:00 +0200
> +Subject: [PATCH] Drop UpnpInit
> +
> +UpnpInit has been dropped from libupnp 1.14.x as it can't be fixed
> +against CallStranger a.k.a. CVE-2020-12695 so replace it by UpnpInit2
> +which is available since version 1.6.7 and
> +https://github.com/pupnp/pupnp/commit/2bcbdffd89a70364147d345ec5e70a3fce5cbc29
> +
> +Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> +[Upstream status:
> +https://github.com/hzeller/gmrender-resurrect/pull/214]
That patch has been applied to upstream master, thanks. I just forgot to
change that when applying. Oh well...
Applied to master, thanks.
Regards,
Yann E. MORIN.
> +---
> + dist-scripts/centos7/README.md | 2 +-
> + dist-scripts/debian/gmediarender.1 | 8 ++------
> + dist-scripts/fedora/README.md | 2 +-
> + src/main.c | 13 ++++---------
> + src/upnp_device.c | 18 +++++++++---------
> + src/upnp_device.h | 2 +-
> + 6 files changed, 18 insertions(+), 27 deletions(-)
> +
> +diff --git a/dist-scripts/centos7/README.md b/dist-scripts/centos7/README.md
> +index 278d777..ed82fb6 100644
> +--- a/dist-scripts/centos7/README.md
> ++++ b/dist-scripts/centos7/README.md
> +@@ -45,7 +45,7 @@ Additional configuration is also recommended, sice there's no configuration file
> + # vi /etc/systemd/system/gmediarender.service.d/customize.conf # or nano, or emacs, or whatever editor you like
> + [Service]
> + ExecStart=
> +- ExecStart=/usr/bin/gmediarender --port=49494 --ip-address=<your_IP_address> -f "DLNA Renderer GMediaRender"
> ++ ExecStart=/usr/bin/gmediarender --port=49494 --interface-name=<your_interface_name> -f "DLNA Renderer GMediaRender"
> +
> + # systemctl daemon-reload
> + # systemctl start gmediarender.service
> +diff --git a/dist-scripts/debian/gmediarender.1 b/dist-scripts/debian/gmediarender.1
> +index 96123ff..b2b1359 100644
> +--- a/dist-scripts/debian/gmediarender.1
> ++++ b/dist-scripts/debian/gmediarender.1
> +@@ -50,12 +50,8 @@ Usually, it is desirable for the renderer
> + to show up on controllers under a recognisable and unique name. This is
> + the option to set that name.
> + .TP
> +-.B \-I, \-\-ip\-address \fI\<ip-address\>\fP
> +-The local IP address the service is running and advertised on.
> +-
> +-This can
> +-only be a single address, and must be explicitly specified (i.e. not
> +-0.0.0.0).
> ++.B \-I, \-\-interface\-name \fI\<interface-name\>\fP
> ++The local interface name the service is running and advertised on.
> + .TP
> + .B \-p, \-\-port \fI\<port>\fP
> + Port to listen to. [49152..65535].
> +diff --git a/dist-scripts/fedora/README.md b/dist-scripts/fedora/README.md
> +index 7b9ea4b..45aa536 100644
> +--- a/dist-scripts/fedora/README.md
> ++++ b/dist-scripts/fedora/README.md
> +@@ -43,7 +43,7 @@ Additional configuration is also recommended, sice there's no configuration file
> + # vi /etc/systemd/system/gmediarender.service.d/customize.conf # or nano, or emacs, or whatever editor you like
> + [Service]
> + ExecStart=
> +- ExecStart=/usr/bin/gmediarender --port=49494 --ip-address=<your_IP_address> -f "DLNA Renderer GMediaRender"
> ++ ExecStart=/usr/bin/gmediarender --port=49494 --interface-name=<your_interface_name> -f "DLNA Renderer GMediaRender"
> +
> + # systemctl daemon-reload
> + # systemctl start gmediarender.service
> +diff --git a/src/main.c b/src/main.c
> +index ef720e3..2030c49 100644
> +--- a/src/main.c
> ++++ b/src/main.c
> +@@ -69,11 +69,7 @@ static gboolean show_transport_scpd = FALSE;
> + static gboolean show_outputs = FALSE;
> + static gboolean daemon_mode = FALSE;
> +
> +-// IP-address seems strange in libupnp: they actually don't bind to
> +-// that address, but to INADDR_ANY (miniserver.c in upnp library).
> +-// Apparently they just use this for the advertisement ? Anyway, 0.0.0.0 would
> +-// not work.
> +-static const gchar *ip_address = NULL;
> ++static const gchar *interface_name = NULL;
> + static int listen_port = 49494;
> +
> + #ifdef GMRENDER_UUID
> +@@ -92,9 +88,8 @@ static const gchar *mime_filter = NULL;
> + static GOptionEntry option_entries[] = {
> + { "version", 0, 0, G_OPTION_ARG_NONE, &show_version,
> + "Output version information and exit", NULL },
> +- { "ip-address", 'I', 0, G_OPTION_ARG_STRING, &ip_address,
> +- "The local IP address the service is running and advertised "
> +- "(only one, 0.0.0.0 won't work)", NULL },
> ++ { "interface-name", 'I', 0, G_OPTION_ARG_STRING, &interface_name,
> ++ "The local interface name the service is running and advertised", NULL },
> + // The following is not very reliable, as libupnp does not set
> + // SO_REUSEADDR by default, so it might increment (sending patch).
> + { "port", 'p', 0, G_OPTION_ARG_INT, &listen_port,
> +@@ -302,7 +297,7 @@ int main(int argc, char **argv)
> + listen_port);
> + return EXIT_FAILURE;
> + }
> +- device = upnp_device_init(upnp_renderer, ip_address, listen_port);
> ++ device = upnp_device_init(upnp_renderer, interface_name, listen_port);
> + if (device == NULL) {
> + Log_error("main", "ERROR: Failed to initialize UPnP device");
> + return EXIT_FAILURE;
> +diff --git a/src/upnp_device.c b/src/upnp_device.c
> +index db65e4f..3151238 100644
> +--- a/src/upnp_device.c
> ++++ b/src/upnp_device.c
> +@@ -416,13 +416,13 @@ static UPNP_CALLBACK(event_handler, EventType, event, userdata)
> +
> + static gboolean initialize_device(struct upnp_device_descriptor *device_def,
> + struct upnp_device *result_device,
> +- const char *ip_address,
> ++ const char *interface_name,
> + unsigned short port)
> + {
> + int rc;
> + char *buf;
> +
> +- rc = UpnpInit(ip_address, port);
> ++ rc = UpnpInit2(interface_name, port);
> + /* There have been situations reported in which UPNP had issues
> + * initializing right after network came up. #129
> + */
> +@@ -430,13 +430,13 @@ static gboolean initialize_device(struct upnp_device_descriptor *device_def,
> + static const int kRetryTimeMs = 1000;
> + while (rc != UPNP_E_SUCCESS && retries_left--) {
> + usleep(kRetryTimeMs * 1000);
> +- Log_error("upnp", "UpnpInit(ip=%s, port=%d) Error: %s (%d). Retrying... (%ds)",
> +- ip_address, port, UpnpGetErrorMessage(rc), rc, retries_left);
> +- rc = UpnpInit(ip_address, port);
> ++ Log_error("upnp", "UpnpInit2(interface=%s, port=%d) Error: %s (%d). Retrying... (%ds)",
> ++ interface_name, port, UpnpGetErrorMessage(rc), rc, retries_left);
> ++ rc = UpnpInit2(interface_name, port);
> + }
> + if (UPNP_E_SUCCESS != rc) {
> +- Log_error("upnp", "UpnpInit(ip=%s, port=%d) Error: %s (%d). Giving up.",
> +- ip_address, port, UpnpGetErrorMessage(rc), rc);
> ++ Log_error("upnp", "UpnpInit2(interface=%s, port=%d) Error: %s (%d). Giving up.",
> ++ interface_name, port, UpnpGetErrorMessage(rc), rc);
> + return FALSE;
> + }
> + Log_info("upnp", "Registered IP=%s port=%d\n",
> +@@ -483,7 +483,7 @@ static gboolean initialize_device(struct upnp_device_descriptor *device_def,
> + }
> +
> + struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def,
> +- const char *ip_address,
> ++ const char *interface_name,
> + unsigned short port)
> + {
> + int rc;
> +@@ -516,7 +516,7 @@ struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def,
> + webserver_register_buf(srv->scpd_url, buf, "text/xml");
> + }
> +
> +- if (!initialize_device(device_def, result_device, ip_address, port)) {
> ++ if (!initialize_device(device_def, result_device, interface_name, port)) {
> + UpnpFinish();
> + free(result_device);
> + return NULL;
> +diff --git a/src/upnp_device.h b/src/upnp_device.h
> +index 3e635e1..8c8e783 100644
> +--- a/src/upnp_device.h
> ++++ b/src/upnp_device.h
> +@@ -49,7 +49,7 @@ struct upnp_device;
> + struct action_event;
> +
> + struct upnp_device *upnp_device_init(struct upnp_device_descriptor *device_def,
> +- const char *ip_address,
> ++ const char *interface_name,
> + unsigned short port);
> +
> + void upnp_device_shutdown(struct upnp_device *device);
> diff --git a/package/gmrender-resurrect/Config.in b/package/gmrender-resurrect/Config.in
> index e7424e3b22..db655ad7f4 100644
> --- a/package/gmrender-resurrect/Config.in
> +++ b/package/gmrender-resurrect/Config.in
> @@ -5,7 +5,7 @@ config BR2_PACKAGE_GMRENDER_RESURRECT
> depends on BR2_USE_MMU # gstreamer1
> select BR2_PACKAGE_GSTREAMER1
> select BR2_PACKAGE_GST1_PLUGINS_BASE # run-time only
> - select BR2_PACKAGE_LIBUPNP18 if !BR2_PACKAGE_LIBUPNP
> + select BR2_PACKAGE_LIBUPNP
> help
> UPnP (DLNA) media renderer based on gstreamer
>
> diff --git a/package/gmrender-resurrect/gmrender-resurrect.mk b/package/gmrender-resurrect/gmrender-resurrect.mk
> index e25be39493..3500ab3760 100644
> --- a/package/gmrender-resurrect/gmrender-resurrect.mk
> +++ b/package/gmrender-resurrect/gmrender-resurrect.mk
> @@ -13,6 +13,6 @@ GMRENDER_RESURRECT_LICENSE = GPL-2.0+
> GMRENDER_RESURRECT_LICENSE_FILES = COPYING
> GMRENDER_RESURRECT_DEPENDENCIES = \
> gstreamer1 \
> - $(if $(BR2_PACKAGE_LIBUPNP),libupnp,libupnp18)
> + libupnp
>
> $(eval $(autotools-package))
> --
> 2.29.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2021-01-25 21:31 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-25 19:49 [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Fabrice Fontaine
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 2/6] package/gerbera: security bump to version 1.6.4 Fabrice Fontaine
2021-01-25 21:29 ` Yann E. MORIN
2021-01-28 19:15 ` Peter Korsgaard
2021-01-29 8:23 ` Peter Korsgaard
2021-01-29 8:56 ` Fabrice Fontaine
2021-01-29 9:06 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 3/6] package/igd2-for-linux: security bump to version 2.0 Fabrice Fontaine
2021-01-28 19:15 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 4/6] package/gmrender-resurrect: add libupnp 1.14.x support Fabrice Fontaine
2021-01-25 21:31 ` Yann E. MORIN [this message]
2021-01-28 19:15 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3, 5/6] package/ushare: " Fabrice Fontaine
2021-01-25 21:34 ` Yann E. MORIN
2021-01-28 19:16 ` Peter Korsgaard
2021-01-25 19:49 ` [Buildroot] [PATCH v3,6/6] package/libupnp18: drop package Fabrice Fontaine
2021-01-28 19:54 ` Peter Korsgaard
2021-01-25 21:26 ` [Buildroot] [PATCH v3, 1/6] package/libupnp: security bump to version 1.14.0 Yann E. MORIN
2021-01-28 19:13 ` Peter Korsgaard
2021-01-29 8:09 ` Peter Korsgaard
2021-01-30 9:28 ` Fabrice Fontaine
2021-01-30 9:37 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210125213120.GQ2325@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox