| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
ALTERNATIVES; bump revision
|
|
Update bind914 to 9.14.5 (BIND 9.14.5).
--- 9.14.5 released ---
5277. [bug] Cache DB statistics could underflow when serve-stale
was in use, because of a bug in counter maintenance
when RRsets become stale.
Functions for dumping statistics have been updated
to dump active, stale, and ancient statistic
counters. Ancient RRset counters are prefixed
with '~'; stale RRset counters are still prefixed
with '#'. [GL #602]
5275. [bug] Mark DS records included in referral messages
with trust level "pending" so that they can be
validated and cached immediately, with no need to
re-query. [GL #964]
5274. [bug] Address potential use after free race when shutting
down rpz. [GL #1175]
5273. [bug] Check that bits [64..71] of a dns64 prefix are zero.
[GL #1159]
5269. [port] cygwin: can return ETIMEDOUT on connect() with a
non-blocking socket. [GL #1133]
5268. [bug] named could crash during configuration if
configured to use "geoip continent" ACLs with
legacy GeoIP. [GL #1163]
5266. [bug] named-checkconf failed to report dnstap-output
missing from named.conf when dnstap was specified.
[GL #1136]
5265. [bug] DNS64 and RPZ nodata (CNAME *.) rules interacted badly
[GL #1106]
5264. [func] New DNS Cookie algorithm - siphash24 - has been added
to BIND 9. [GL #605]
5236. [func] Add SipHash 2-4 implementation in lib/isc/siphash.c
and switch isc_hash_function() to use SipHash 2-4.
[GL #605]
|
|
Update bind911 to 9.11.10 (BIND 9.11.10).
--- 9.11.10 released ---
5275. [bug] Mark DS records included in referral messages
with trust level "pending" so that they can be
validated and cached immediately, with no need to
re-query. [GL #964]
5273. [bug] Check that bits [64..71] of a dns64 prefix are zero.
[GL #1159]
5269. [port] cygwin: can return ETIMEDOUT on connect() with a
non-blocking socket. [GL #1133]
5268. [bug] named could crash during configuration if
configured to use "geoip continent" ACLs with
legacy GeoIP. [GL #1163]
5266. [bug] named-checkconf failed to report dnstap-output
missing from named.conf when dnstap was specified.
[GL #1136]
5265. [bug] DNS64 and RPZ nodata (CNAME *.) rules interacted badly
[GL #1106]
5264. [func] New DNS Cookie algorithm - siphash24 - has been added to
BIND 9. [GL #605]
|
|
|
|
upstream changes are:
security bugfix (no CVE yet)
|
|
|
|
|
|
|
|
Switch from GTK2 to GTK3.
|
|
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP),
released under the Apache license.
This package contains major version 2 of the library.
|
|
2019/09/13 : 2.0.6
- MINOR: debug: indicate the applet name when the task is task_run_applet()
- MINOR: tools: add append_prefixed_str()
- MINOR: lua: export applet and task handlers
- MEDIUM: debug: make the thread dump code show Lua backtraces
- BUG/MEDIUM: mux-h1: do not truncate trailing 0CRLF on buffer boundary
- BUG/MEDIUM: mux-h1: do not report errors on transfers ending on buffer full
- DOC: fixed typo in management.txt
- BUG/MINOR: mworker: disable SIGPROF on re-exec
- BUG/MEDIUM: listener/threads: fix an AB/BA locking issue in delete_listener()
- BUG/MEDIUM: url32 does not take the path part into account in the returned hash.
- BUG/MEDIUM: proto-http: Always start the parsing if there is no outgoing data
- BUG/MEDIUM: peers: local peer socket not bound.
- BUG/MINOR: http-ana: Reset response flags when 1xx messages are handled
- BUG/MINOR: h1: Properly reset h1m when parsing is restarted
- BUG/MINOR: mux-h1: Fix size evaluation of HTX messages after headers parsing
- BUG/MINOR: mux-h1: Don't stop anymore input processing when the max is reached
- BUG/MINOR: mux-h1: Be sure to update the count before adding EOM after trailers
- BUG/MEDIUM: cache: Properly copy headers splitted on several shctx blocks
- BUG/MEDIUM: cache: Don't cache objects if the size of headers is too big
- BUG/MINOR: checks: stop polling for write when we have nothing left to send
- BUG/MINOR: checks: start sending the request right after connect()
- BUG/MINOR: checks: make __event_chk_srv_r() report success before closing
- BUG/MINOR: checks: do not uselessly poll for reads before the connection is up
- MINOR: contrib/prometheus-exporter: Report DRAIN/MAINT/NOLB status for servers
- BUG/MINOR: lb/leastconn: ignore the server weights for empty servers
- BUG/MAJOR: ssl: ssl_sock was not fully initialized.
- BUG/MEDIUM: connection: don't keep more idle connections than ever needed
- MINOR: stats: report the number of idle connections for each server
- BUG/MINOR: listener: Fix a possible null pointer dereference
- BUG/MINOR: ssl: always check for ssl connection before getting its XPRT context
- BUG/MEDIUM: http: also reject messages where "chunked" is missing from transfer-enoding
- BUG/MINOR: filters: Properly set the HTTP status code on analysis error
- BUG/MINOR: acl: Fix memory leaks when an ACL expression is parsed
- BUG/MINOR: backend: Fix a possible null pointer dereference
- BUG/MINOR: Missing stat_field_names (since f21d17bb)
- MINOR: sample: Add UUID-fetch
|
|
"This project has been superseded by Remmina".
-- https://sourceforge.net/projects/tsclient/
|
|
Not much point reporting bugs in GNOME 2 any more...
|
|
Bump PKGREVISION.
|
|
* DHCP: Ensure we have enough data to checksum IP and UDP (really fixed)
|
|
* inet6: Fix default route not being installed
* DHCP: If root fs is network mounted, enable last lease extend
* man: Fix lint errors.
* BSD: avoid RTF_WASCLONED routes
* DHCP: Give a better message when packet validation fails
* DHCP: Ensure we have enough data to checksum IP and UDP
The last change fixes a potential DoS attack introduced in dhcpcd-8.0.3 when
the checksuming code was changed to accomodate variable length IP headers.
|
|
Note: this now supports OpenSSL 1.1.
Version 4.10 - 7/10/2019
Allow specifying transmission rates of up to 1 Tbps. This involved changing
a number of variables tracking the rate from 32 bit to 64 bit types. It
also changed the tracking of wait times between data packet transmissions
from microseconds to nanoseconds.
Fixed a bug when getting the list of network interfaces in the event that
an interface does not have an interface index number.
Version 4.9.11 - 5/13/2019
The error check added in 4.9.10 on chdir wasn't checking the correct value,
causing the client and proxy to not start in background mode. Bug fixed.
Version 4.9.10 - 5/9/2019
The initial CLR selection was picking the receiver with the lowest RTT
instead of the higest. Fixed to select the receiver with the highest RTT.
While the server is sending, check for CTRL-C by the user at least once a
second instead of waiting for a GRTT cycle if it is longer.
Fixed rate calculation bug when TFMCC is specified with -R -1.
Minor error checking / log format fixes
Version 4.9.9 - 2/17/2019
Fixed handling of min_time in TFMCC mode
Version 4.9.8 - 8/29/2018
When compiling with MSVC 2017, the IP_MTU_DISCOVER flag is defined but not
implemented, resulting in errors when attempting to set it. Added check
for the case if the flag is not implemented.
Machines with a blank IP address for the first interface were getting a
default UID of 0. When this happens, check for a non-blank interface
to derive the UID from.
Cleaned up setting of key exchange random numbers to avoid aliasing violation
Version 4.9.7 - 5/27/2018
Fixed delay in server sending thread causing transfer of large files to
time out. The block number to send was being incremented once per
iteration of the main sending loop. This main loop also locks and unlocks
a mutex to update data shared by the receiving thread. When a large
number of consecutive blocks do not need to be sent, the lock/unlock
cycles resulted in delays where no data was sent. Changed to increment
the block number until a block to send is found without reiterating
the main loop.
Version 4.9.6 - 4/17/2018
When a response proxy sends a PROXY_KEY message, send it on all public
multicast addresses, not just the first one
Version 4.9.5 - 12/16/2017
Upated encryption module to support OpenSSL 1.1.x and 1.0.x.
Removed support for OpenSSL 0.9.8
Changed install directory of uftpd uftpproxyd to /usr/bin
Added CPPFLAGS to makefile for build hardening as requested by Debian
Version 4.9.4 - 10/7/2017
When initializing TFMCC loss history, use datapacketsize if no recent packets
found or if counter wraps. This fixes a divide-by-zero bug.
Only run postreceive script when the incoming file has not yet been closed.
This prevents the script from running twice if a duplicate DONE is received.
Clarified documentation regarding incompatibility of temp dir and sync mode.
Version 4.9.3 - 1/21/2017
Fixed a race condition in the server between the sending and receiving
threads when building CONG_CTRL messages. The receiving thread was
not locking when placing messages on a queue. Added proper locking.
Minor updates to includes and typedefs to support 64-bit Windows builds.
Now requires Visual Studio 2015 or higher.
Changed manpage formatting and makefile options as suggested by Debian team.
Added missing include for sys/time.h
Version 4.9.2 - 4/3/2016
Under TFMCC when a client first experiences loss, it calculates the average
packet size of the packets received either in the last GRTT or the last
64K packets, whichever is less. In the event the sequence number of the
first lost packet is the same as the first packet received (which can
happen due to wraparound), this wasn't being captures properly resulting
in a divide by zero bug. Made a fix to properly account for sequence
number wraparound.
When calculating the average packet size above, a cast was used that could
result in a negative number being returned for this value. Removed the
offending cast.
Fixed off-by-one bug when counting the number of DONE messages sent by the
server before declaring clients as lost.
Version 4.9.1 - 3/15/2016
A bug was introduced in 4.8.1 when a fix was made for received files having
extra bytes appended when packets were received out of order. When a
file's size is an exact multiple of the block size, the last block was
getting truncated. Made a fix to account for this case.
Version 4.9 - 2/28/2016
Added the -a option to the server, which specifies the maximum number of
passes through transmitting a file before aborting any clients that have
not yet received the entire file.
When specifying TFMCC mode, the initial, minimum, and maximum rates were
being read as bytes per second instead of the documented Kbps. These
fields are now being properly read as Kbps.
In TFMCC mode, when the CLR received a CONG_CTRL message, it was responding
with a CC_ACK before updating its RTT value, resulting in the CLR reporting
an outdated RTT. Made a fix to first update the RTT, then send the CC_ACK.
Version 4.8.1 - 2/4/2016
When the last data block in the file arrived at the receiver out-of-order,
additional null bytes were being appended to the end of the file. This
was due to a bug in calculating the current cache size. Bug fixed.
Clients normally check for sufficient free space before attempting to receive
a file. This was not working correctly when -t was specified. Bug fixed.
Version 4.8 - 1/5/2016
Added support for initial and minimum rates for TFMCC as well as a max rate.
These may be specified as follows:
-C tfmcc:min=min_rate:init=init_rate:max=max_rate
See the man page for more details.
Changed logging level for "invalid message" messages from level 1 to level 4.
This should cut down on unnecessary log messages at lower levels.
Fixed man page typos.
Version 4.7 - 5/16/2015
Added group instance ID (i.e. restart number) to all log messages.
Make sure that the client flushes the disk cache when a session is aborted.
This wasn't being done previously, resulting in unnecessary retransmissions
on the subsequent restart session.
Previously, when a client registers via a proxy, the server added that client
to the list of clients serviced by that proxy. There was a bug that
allowed a client sending back multiple registers to be added to this list
multiple times, resulting in a buffer overrun if there are a large number
of clients registering via a given proxy. Fixed the bug by removing the
list altogether, since the server doesn't really care which proxy a
client registers via.
Version 4.6.1 - 3/15/2015
At the start of the transfer phase with congestion control enabled, the
server would sometimes select a client that had dropped out earlier in
the session as the initial CLR, slowing down the file transfer. Fixed.
In restart mode for a partially sent file, the server sends a DONE right
away before sending data to get NAKs from the clients. The clients
normally have a short delay before responding to a DONE to ensure that
out of order data packets arrive. In this case, since no data has been
sent yet, the clients will now respond right away to avoid the unneeded
delay.
When the clients joins or leaves a multicast group, it checks to see if any
other active sessions are using that group before doing so. Fixed a bug
that prevented the client from searching the whole list.
Version 4.6 - 12/30/2014
Added the -F option to the client to print status info to a file. Like
the server's -s option, passing in @LOG mixes this info with the regular
logging output.
The client now prints the hostname/IP address where an ANNOUNCE originates
from, which may be either the server itself or a proxy. The -q option
was added to prevent DNS lookups in the event it causes delays.
Several spelling fixes in documentation and code comments.
Fixed a memory leak in the fingerprint parsing routine.
Version 4.5.1 - 9/14/2014
On the rare occasion a seek call made by the client errors or returns a
file offset that was unexpected, a second call to seek is made to set the
destination file offset to the proper place. However, this second seek
was jumping to the wrong place in the file. This has been fixed, and
a similar fix was made on the server as well.
Allow the -s (status file) option on the server to take a special value of
@LOG, which allows status info to be mixed with the regular logging output.
This behavior is consistent with older versions that did this when sync
mode was enabled.
Version 4.5 - 8/26/2014
Added disk caching on the client, greatly improving high speed throughput.
The cache size is controlled via the -c option.
Changed logging levels on several log statements so that effectively
level 0 is "error" and level 1 is "warning". The default log level of 2
will continue to contain semi-detailed logging.
Increased client timeout for REG_CONF and DONE_CONF to 4*robust*grtt.
This helps to prevent client from timing out too early.
When the server receives a REGISTER or FILEINFO_ACK from a client and
calculates its round trip time, enforce a lower limit of 0.01 seconds.
This prevent client from timing out too quickly.
Occurrences of SIGPIPE while writing to a log could result in an infinite
loop. SIGPIPE is now ignored, relying on normal error handling instead.
Version 4.4 - 7/22/2014
Added max rate option to TFMCC implementation
Added -U option to server to specify the server's UID
Removed stale UFTP3 congestion control code
Version 4.3.1 - 7/3/2014
Have clients send an ABORT for all active sessions on shutdown
Fixed #ifs that enable dual mode sockets
Removed -O0 from BSD section of makefile
Version 4.3 - 5/27/2014
Added support for ECN (Explicit Congestion Notification) in the TFMCC
implementation in the server and client. Proxy support is forthcoming.
See the man pages for known supported systems.
Fixed warning in encrypt_openssl.c when compiling under FreeBSD x64.
Explicitly enable dual mode IPv4/IPv6 sockets when IPv6 is used on systems
that support it.
Version 4.2 - 5/12/2014
Added distinct exit codes for various error conditions
In client and proxy, check if private address is already in use before joining
Fixed log rolling under Windows
Version 4.1.5 - 3/1/2014
Fixed casting bug in server TFMCC operations when calculating client rate.
Fixed server proxy bug where group round trip time was being read from
client messages when it should only be read from server messages.
Version 4.1.4 - 12/5/2013
During a restart session, a bug caused the full file to be resent on the
first pass, and client wouldn't send back NAKs for the first session.
This has been fixed.
Fixed incorrect reading of client ID lists in DONE, DONE_CONF, and CONG_CTRL
messages.
Added group ID and file ID to server logging when timestamps are enabled.
Added more warning checks for Linux and corrected warnings.
Cleaned up error checking code for malloc and calloc calls.
Version 4.1.3 - 10/13/2013
Since 4.0, compilation failed on MacOSX. This has been fixed.
|
|
Upstream changes are bug fixes and minor improvements
|
|
|
|
- Fix GlobalProtect ESP stall (#55).
- Fix HTTP chunked encoding buffer overflow (CVE-2019-16239).
|
|
Wireshark 3.0.4 Release Notes
What’s New
• The Windows installers now ship with Npcap 0.9983. They previously
shipped with Npcap 0.996.
• The macOS installer now ships with Qt 5.12.3. It previously
shipped with Qt 5.12.4.
The following vulnerabilities have been fixed:
• wnpa-sec-2019-21[1] Gryphon dissector infinite loop.
The following bugs have been fixed:
• Coloring Rules dialog - enable/disable coloring rule issues.
• Enabling Time-Of-Day in IO Graph causes the x-axis origin to be
set to 01.01.1970.
• Wireshark GUI crashes when attempting to DnD multiple (possibly
corrupted) pcapng files.
• Buildbot crash output: randpkt-2019-06-14-14291.pcap.
• 802.11 RSN IE may be shorter than 18 bytes.
• Tshark outputs two data rate instead of one.
• Typo in checkbox label at bottom of sshdump configuration screen
(save parameters).
• Invalid pkcs11_libs entry crashes on Windows.
• Add additional text output for DNS types (DNSSEC).
• LSD bittorent.
• dfilter_macros is missing from Configuration Files article.
• Pane configuration inconsistencies.
• Packet list is sorted in reverse order after applying a display
filter in Qt 5.13.
• EAP-TLS fragments are repeatedly displayed.
• Broken TLS handshake reassembly in EAP-TTLS with multiple TLS
sessions.
• Wireshark does not support USB packets with size greater than 256
KiB.
• "Unable to drop files during capture." when drag’n’drop entry to
create display filter or filter button.
• Packet Bytes highlight for dns.qry.name.len and dns.count.labels
off by one.
• Segmentation fault in nfs_name_snoop_fh.
• Changing the protocol preferences caused a crash.
• DCERPC dissector broken for functions with only scalar variables.
Updated Protocol Support
BACnet, DCERPC, DNS, EAP, FC-dNS, Gryphon, IEEE 802.11, LSD, NFS, and
Radiotap
|
|
Changes:
2019.09.12.1
------------
Extractors
* [youtube] Remove quality and tbr for itag 43 (#22372)
2019.09.12
----------
Extractors
* [youtube] Quick extraction tempfix (#22367, #22163)
|
|
|
|
Changes:
2019.09.01
----------
Core
+ [extractor/generic] Add support for squarespace embeds (#21294, #21802,
#21859)
+ [downloader/external] Respect mtime option for aria2c (#22242)
Extractors
+ [xhamster:user] Add support for user pages (#16330, #18454)
+ [xhamster] Add support for more domains
+ [verystream] Add support for woof.tube (#22217)
+ [dailymotion] Add support for lequipe.fr (#21328, #22152)
+ [openload] Add support for oload.vip (#22205)
+ [bbccouk] Extend URL regular expression (#19200)
+ [youtube] Add support for invidious.nixnet.xyz and yt.elukerio.org (#22223)
* [safari] Fix authentication (#22161, #22184)
* [usanetwork] Fix extraction (#22105)
+ [einthusan] Add support for einthusan.ca (#22171)
* [youtube] Improve unavailable message extraction (#22117)
+ [piksel] Extract subtitles (#20506)
|
|
Pkgsrc changes:
* The hosting of radsecproxy has changed to github.com.
* Add dependency on nettle.
* Update LICENSE, now only modified-bsd.
* Use gmake to build to avoid a couple of warnings.
* Relinquish exclusive maintainership.
Upstream changes:
20190704 1.8.0
New features:
- Rewrite: supplement attribute (add attribute if not present) (#19)
- Rewrite: modify vendor attribute
- Rewrite whitelist mode
- Autodetect status-server capability of servers
- Minimalistic status-server
- Explicit SubjectAltName:DNS and :IP match on certificates
Misc:
- No longer require docbook2x tools, but include plain manpages
- Fail on startup if overlapping clients with different tls blocks
Compile fixes:
- Fix compile issues on bsd
Bug fixes:
- Handle %00 in config correctly (#31)
- Fix server selection when udp were unreachable for long periods
2018-09-03 1.7.2
Misc:
- Always copy proxy-state attributes in own responses
- Authenticate own access-reject responses
- Retry outstanding requests after connection reset
Compile fixes:
- Fix compile issues on some platforms (#14)
- Fix compile issue when dtls disabled (#16)
- Fix compile issue on Cygwin (#18)
- Fix radsecproxy.conf manpage not installed when docbook2x
not available
Bug fixes:
- Fix request might be dropped if udp client uses multiple source ports
- Fix tls output might drop requests under high load
- Check for IP literals in Certificate SubjectAltName:DNS records
- Fix tls connection might hang during SSL_connect and SSL_accept
2018-07-05 1.7.1
License and copyright changes:
- Copyright SWITCH
- 3-clause BSD license only, no GPL.
Enhancements:
- Support the use of OpenSSL version 1.1 and 1.0 series
(RADSECPROXY-66, RADSECPROXY-74).
- Reload TLS certificate CRLs on SIGHUP (RADSECPROXY-78).
- Make use of SO_KEEPALIVE for tcp sockets (RADSECPROXY-12).
- Optionally include the thread-id in log messages
- Allow hashing MAC addresses in the log (same as for F-Ticks)
- Log certificate subject if rejected
- Log own responses (RADSECPROXY-61)
- Allow f-ticks prefix to be configured
- radsecproxy-hash: allow MAC addresses to be passed on command line
Misc:
- libnettle is now an unconditional dependency.
- FTicks support is now on by default and not optional.
- Experimental code for dynamic discovery has been removed.
- Replace several server status bits with a single state enum.
(RADSECPROXY-71)
- Use poll instead of select to allow > 1000 concurrent connections.
- Implement locking for all SSL objects (openssl states it
is not thread-safe)
- Rework DTLS code.
Bug fixes:
- Detect the presence of docbook2x-man correctly.
- Make clang less unhappy.
- Don't use a smaller pthread stack size than what's allowed.
- Avoid a deadlock situation with dynamic servers (RADSECPROXY-73).
- Don't forget about good dynamically discovered (TLS) connections
(RADSECPROXY-69).
- Fix refcounting in error cases when loading configuration
(RADSECPROXY-42)
- Fix potential crash when rewriting malformed vendor attributes.
- Properly cleanup expired requests from server output-queue.
- Fix crash when dynamic discovered server doesn't resolve.
|
|
|
|
* Version 2.0.27
- The X25519 implementation was changed from using the Go standard
implementation to using Cloudflare's CIRCL library. Unfortunately,
CIRCL appears to be broken on big-endian systems. That change has been
reverted.
- All the dependencies have been updated.
* Version 2.0.26
- A new plugin was added to prevent Firefox from bypassing the system
DNS settings.
- New configuration parameter to set how to respond to blocked
queries: `blocked_query_response`. Responses can now be empty record
sets, REFUSED response codes, or predefined IPv4 and/or IPv6 addresses.
- The `refused_code_in_responses` and `blocked_query_response` options
have been folded into a new `blocked_query_response` option.
- The fallback resolver is now accessed using TCP if `force_tcp` has
been set to `true`.
- CPU usage when enabling DNSCrypt ephemeral keys has been reduced.
- New command-line option: `-show-certs` to print DoH certificate
hashes.
- Solaris packages are now provided.
- DoH servers on a non-standard port, with stamps that don't include
IP addresses, and without working system resolvers can now be properly
bootstrapped.
- A new option, `query_meta`, is now available to add optional records
to client queries.
|
|
Revert remove of a blank line. There should be blank line.
Thanks to wiz@ noted via private mail.
|
|
* dnsmasq: clear cache after updating servers via dbus
* pdns_recursor: Fix global forwards (thus now installed by default)
* man: layout and misc fixes
|
|
Changes:
1.10.4
------
### Additions
- Support for
- `lineblog` (#404)
- `fuskator` (#407)
- `ugoira` option for `danbooru` to download pre-rendered ugoira
animations (#406)
### Fixes
- Download the correct files from `twitter` replies (#403)
- Prevent crash when trying to use unavailable downloader modules (#405)
- Fix `pixiv` authentication (#411)
- Improve `exhentai` image limit checks
- Miscellaneous fixes for `hentaicafe`, `simplyhentai`, `tumblr`
|
|
- Rework DTLS MTU detection. (#10)
- Add Pulse Connect Secure support.
- OpenSSL build fixes (#51).
- Add HMAC-SHA256-128 (RFC4868) support for ESP.
- Support IPv6 in ESP.
- Translate user-visible strings from openconnect_get_supported_protocols().
- Fix proxy username/password handling to allow special characters
and escaping.
|
|
|
|
|
|
The NSCA-ng package provides a client-server pair that makes the Nagios
command file accessible to remote systems. This allows for submitting
passive check results, downtimes, and many other commands to Nagios or
compatible monitoring solutions.
It can also be used for implementing distributed setups. The submitted
data is queued by the NSCA-ng server if Nagios goes down. Multiple check
results or commands can be submitted in one go, and multiline plugin
output is fully supported.
From Timo Buhrmester in PR pkg/51407
PR pkg/51406
My changes: fixed pkglint warnings (didn't run 'make distinfo'),
unified the server and client packages because they installed extra man
pages for me, and patched for building with OpenSSL 1.1.1.
I had to get the distfile from another place because the website hosting
this package is currently down.
|
|
Jesse Smith <jessefrgsmith@yahoo.ca> -> 5.2
- Make sure we do not send extra newline when DENY message
is sent to the client.
- Fixed some build dependencies in the Makefile so fresh
build is triggered by updating config.h.
Change provided by Vemake.
|
|
Submitted by kayront in joyent/pkgsrc#218.
|
|
|
|
out, unlike the Linux implementation, which upstream mainly
targets. This leads to "tdb_open_ex: tdb_mutex_init failed for
/var/samba/lock/gencache.tdb: Device busy" errors, described in
<https://illumos.topicbox.com/groups/developer/T28dcabf2f69cac04>.
Illumos kernel code attempted to mitigate the problem as of
<https://www.illumos.org/issues/9959>, but the changes have yet to
show up in releases.
The patches originate from
<https://github.com/oposs/pkg.oetiker.ch-build/blob/master/build/samba4/patches/pthread_mutex_init>,
modified appropriately.
Tested on omniosce r151030.
|
|
Changes:
- Fixed schedule page parsing used for cache updates. This was broken by BBC changes and manifested as a series of “WARNING: Got 0 programmes...” messages during cache updates. Your cache will not update without this fix. If you find that some programmes are still missing from your cache, use `--cache-rebuild` to perform a full rebuild.
- get_iplayer now recognises previously-unknown programme versions (e.g., "legal") when the "default" pseudo-version is specified in the value of the `--versionlist` option.
- The `--pid-recursive-type` option is now applied when only downloading auxiliary resources (e.g., `--subtitles-only`).
- Fixed programme title extraction with `--pid-recursive` to prevent unwanted extra text being appended to title in episode listing (e.g., for Proms programmes).
|
|
* BSD: Fixed router reachability tests
* inet6: If router unreachable, just solicit a new one
* inet6: Fon't install a default route if only lladdresses
* build: New make target import-src, only imports the bare essentials
* inet6: Stop listening to NA messages
* BSD: Listen to RTM_MISS messages
* DHCP: Fix in_cksum for Big Endian
* DHCP{,6}: Don't log an error if the lease file is truncated
* Solaris: Now fully supported!
|
|
Bug fixes:
6546 Filtered out self assigned ip addresses from being displayed
6541 Fixed connected info text to include without TLS encryption
6527 Config app renders incorrectly on high DPI screens
6526 New TLS/SSL socket handled when no socket
6525 Race condition on disconnecting TLS/SSL socket
6521 Access violation in TLS/SSL socket close
6409 Server freezes when clipboard contains an image
3705 Hotkeys not working on Mac server
Enhancements:
6535 Version URL and added stage check to version check
6529 Cleaner redistributable use in Windows installer
6528 More verbose message for Linux display errors
6524 Minimize config app to system tray
6523 Restore auto hide on startup for config app
6522 Double click Windows tray icon to show and hide
6520 Support for 32-bit Linux for legacy users
6519 Support for Ubuntu 14.04 LTS for legacy users
6390 Support for OpenSSL 1.1.1 for better security
|
|
Update MASTER_SITES switching to https URL. And remove extra empty line.
|
|
Samba 4.10.8:
This is a security release in order to address the following defect:
o CVE-2019-10197: Combination of parameters and permissions can allow user
to escape from the share path definition.
|
|
future Python 3.8
|
|
future Python 3.8
|
|
*******************************************************************************
Version 1.8.4
*******************************************************************************
2017-11-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
GitHub #57 - 1.8.3 broke ABI without changing SONAME
Opened by jcowgill
This change in 1.8.3 broke the ABI and therefore the SONAME should have
been changed (ie: age reset to 0):
EXPORT_SPEC int UpnpAddVirtualDir(
/*! [in] The name of the new directory mapping to add. */
- const char *dirName);
+ const char *dirName,
+ /*! [in] The cookie to associated with this virtual directory */
+ const void *cookie,
+ /*! [out] The cookie previously associated, if mapping is already present */
+ const void **oldcookie);
If only the cookie argument was added, you could probably get away with
this because all that would happen is that a garbage value is passed
around without being used. With the addition of oldcookie, any old
programs will not initialise this value and will probably segfault when
libupnp tries to write to it.
*******************************************************************************
Version 1.8.3
*******************************************************************************
2017-09-07 Dave Overton <david(at)insomniavisions.com>
Add userdata/cookie to virtualDir callbacks
As with the main Device APIs (UpnpRegisterRootDevice etc), it is useful
to have a userdata/cookie pointer returned with each callback.
This patch allows one cookie per registered path which enables a variety
of functionality in client apps.
2017-09-03 Uwe Kleine-König <uwe@kleine-koenig.org>
Fix large file system support
libupnp uses large file support (if available). If a program linking to
libupnp does not however it creates mismatches in callframes. See
Issue #51 for the results.
This simplifies LFS support by using AC_SYS_LARGEFILE_SENSITIVE instead of
manually defining _LARGE_FILE_SOURCE and _FILE_OFFSET_BITS (which is
useless on architectures where the size of off_t is fixed).
Furthermore additional logic is introduced to catch a library user without
64 bit wide off_t on such a platform.
upnp.h also makes use of off_t, but as this file includes FileInfo.h, the
latter is the single right place for this check.
This fixes #52 which is a generalized variant of #51.
2017-08-19 Uwe Kleine-König <uwe@kleine-koenig.org>
configure.ac: Drop copying of include files
The comment suggests this is for windows compilation. It should be easily
possible to add the source directory as an include path to the windows
compiler, too, so drop this. (Otherwise this should better be done using
AC_CONFIG_COMMANDS.)
2017-09-03 Uwe Kleine-König <uwe@kleine-koenig.org>
Let source code use autoconfig.h not the public upnpconfig.h
The former is the one supposed to be used for internal code. upnpconfig.h is only
for public stuff.
2017-08-19 Uwe Kleine-König <uwe@kleine-koenig.org>
configure.ac: Fix typo s/optionnal/optional/
2017-08-08 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Fix broken samples when configured with --disable-ipv6.
*******************************************************************************
Version 1.8.2
*******************************************************************************
2017-07-24 Michael Osipov
Initialize in_addr and in6_addr to avoid garbage output if never written
If any of the address families isn't available in UpnpGetIfInfo(),
especially IPv6, always init both structs with zero to avoid garbage
output with inet_ntop() to gIF_IPV4 and gIF_IPV6.
See v00d00/gerbera#112 (https://github.com/v00d00/gerbera/issues/112)
for consequences: bind for IPv6 will fail.
2013-10-28 Vladimir Fedoseev <va-dos(at)users.sourceforge.net>
Attached patch allows to register multiple clients from single app.
2014-11-14 Philippe <philippe44ca(at)users.sourceforge.net>
Hi - I recently compiled libupnp on C++ Builder XE7 and had to do a few
changes to make it work. In thase this helps, I've generated a small
patch file.
2015-04-30 Hugo Beauzée-Luyssen <chouquette(at)users.sourceforge.net>
When building using a strict mode (-std=c++11 instead of -std=gnu++11,
for instance), the WIN32 macro isn't defined. The attached patch fixes
it by using _WIN32 instead.
2015-02-06 Jean-Francois Dockes <jf@dockes.org>
Queue events on their subscription object instead of adding them to the
thread pool immediately.
Events destined for a non-responding control point would flood the
thread pool and prevent correct dispatching to other clients, sometimes
to the point of disabling the device. Events are now queued without
allocating thread resources and properly discarded when a client is not
accepting them.
2015-02-03 Jean-Francois Dockes <jf@dockes.org>
genaInitNotify()/genaInitNotifyExt() and
genaNotifyAll()/genaNotifyAllExt() are relatively complicated methods
which only differ by the format of an input parameter. This update
extracts the common code for easier maintenance, esp. relating to the
queueing modifications to follow.
*******************************************************************************
Version 1.8.1
*******************************************************************************
2017-04-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Fix some compiler warning messages on md5.c
2017-03-07 Fabrice Fontaine <fontaine.fabrice(at)gmail.com>
Enable IPv6 by default
2017-03-07 Fabrice Fontaine <fontaine.fabrice(at)gmail.com>
Move threadutil source code to libupnp
With this patch, threadutil library is removed as the only public
header that has been kept in 1.8.x is ithread.h which is mainly a
wrapper to pthread with inline functions.
threadutil source code will now be a part of libupnp library.
*******************************************************************************
Version 1.8.0
*******************************************************************************
2014-01-15 Peng <howtofly(at)gmail.com>
Fix memory leaks.
2013-04-27 Thijs Schreijer <thijs(at)thijsschreijer.nl>
Renamed SCRIPTSUPPORT to IXML_HAVE_SCRIPTSUPPORT for consistency. Also
updated autoconfig and automake files, so it also works on non-windows.
Option is enabled by default, because it adds an element to the node
structure. Not using an available field is better than accidentally
using an unavailable field.
2012-07-11 Thijs Schreijer <thijs(at)thijsschreijer.nl>
Changed param to const UpnpAcceptSubscriptionExt() for consistency
2012-06-07 Thijs Schreijer <thijs(at)thijsschreijer.nl>
updated ixmlDocument_createAttributeEx() and ixmlDocument_createAttribute()
to use parameter DOMString instead of char * (same but now consistent)
2012-05-06 Thijs Schreijer <thijs(at)thijsschreijer.nl>
Added script support (directive SCRIPTSUPPORT) for better support of
garbage collected script languages. The node element gets a custom tag
through ixmlNode_setCTag() and ixmlNode_getCTag(). And a callback upon
releasing the node resources can be set using ixmlSetBeforeFree()
See updated readme for usage.
2012-03-24 Fabrice Fontaine <fabrice.fontaine(at)orange.com>
SF Bug Tracker id 3510595 - UpnpDownloadXmlDoc : can't get the file
Submitted: Marco Virgulti ( mvirg83 ) - 2012-03-23 10:08:08 PDT
There is a problem, perhaps, during downloading a document by
UpnpDownloadXmlDoc. During debugging i've found that in an not exported
api (unfortunately i forgot the code line...) where it is setted a
local variable "int timeout" to -1 then passed directly to another
function for sending data through tcp socket. I patched this setting it
to 0 (there is an IF section that exits if timeout < 0). It is normal
behavior or it is a bug?
2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>
Check for NULL pointer in TemplateSource.h
calloc can return NULL so check for NULL pointer in CLASS##_new and
CLASS##_dup.
2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>
Replace strcpy with strncpy in get_hoststr
Replace strcpy with strncpy to avoid buffer overflow.
2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>
Memory leak fix in handle_query_variable
variable was never freed.
2011-02-07 Chandra Penke <chandrapenke(at)mcntech.com>
Add HTTPS support using OpenSSL. HTTPS support is optional and can
be enabled by passing the --enable-open-ssl argument to the
configure script.
The following methods are introduced to the public API:
UpnpInitOpenSslContext
When enabled, HTTPS can be used by using "https://" instead of
"http://" when passing URLs to the HTTP Client API.
2011-02-07 Chandra Penke <chandrapenke(at)mcntech.com>
Refactor HTTP Client API to be more generic.
The following features are added:
- Support for persistent HTTP connections (reusing HTTP
connections). Tthis is still a work in progress and relies on
applications to interpret the 'Connection' header
appropriately.
- Support for specifying request headers when making
requests. Useful for interacting with web services that require
custom headers.
- Support for retrieving response headers (this is a API only
change, some more work needs to be done to implement the actual
functionality. Specifically copy_msg_headers in httpreadwrite.c
needs to be implemented)
- Common API for all HTTP methods.
- Support for PUT, and DELETE methods.
The following methods are introduced to the public HTTP Client API
UpnpOpenHttpConnection, UpnpCloseHttpConnection, UpnpMakeHttpRequest,
UpnpWriteHttpRequest, UpnpEndHttpRequest, UpnpGetHttpResponse,
UpnpReadHttpResponse.
Removed a lot of duplicate code in httpreadwrite.c
2011-01-17 Chandra Penke <chandrapenke(at)mcntech.com>
Include upnpconfig.h in FileInfo.h to automatically include large
file macros
2011-01-17 Chandra Penke <chandrapenke(at)mcntech.com>
Fix for warnings Apple systems related to macros defined in list.h.
In list.h, in apple systems, undefine the macros prior to defining them.
2011-01-16 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Fix for UpnpFileInfo_get_LastModified() in http_MakeMessage().
UpnpFileInfo_get_LastModified() returns time_t, and http_MakeMessage()
takes a "time_t *". Thanks to Chandra Penke for pointing the bug.
2010-11-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Template object for ssdp_ResultData.
2010-11-10 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>
Support for "polling" select in sock_read_write.
Currently, in sock_read_write function, if the timeout is 0, pupnp
realizes a "blocking" select (with an infinite timeout). With this
patch, if timeout is set to 0, pupnp will realize a "polling" select
and returns immediately if it can not read or write on the socket. This
is very useful for GENA notifications when pupnp is trying to send
events to a disconnected Control Point. "Blocking" select can now be
done by putting a negative timeout value.
2010-09-18 Chandra Penke <chandrapenke(at)mcntech.com>
This is a minor build fix. The new Template*.h files added in the latest
code need to be exported. Patch against the latest sources is attached.
2010-08-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* upnp/src/api/Discovery.c: Fix a serious bug and memory leak in
UpnpDiscovery_strcpy_DeviceType(). Thanks to David Blanchet for the
patch.
2010-04-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Separation of the ClientSubscription object.
2010-04-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Protect the object destructors agains null pointers on deletion, which
should be something valid.
2010-03-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
SF Patch Tracker [ 2987390 ] upnp_debug vs. ixml_debug
Thanks for the load of updates, I'm still assimilating them ! Could I make
a suggestion though? The addition of printNodes(IXML_Node) to upnpdebug a
dds a new dependency on ixml.h for anything using upnpdebug.h. I'm making
quite a bit of use of upnpdebug in porting things to version 1.8.0, and I'd
prefer it if printNodes could be added to ixmldebug.h instead. I'm attach
ing a patch, what do you think ?
Nick
2010-03-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Forward port of svn revision 505:
SF Patch Tracker [ 2836704 ] Patch for Solaris10 compilation and usage.
Submitted By: zephyrus ( zephyrus00jp )
2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2969188 ] 1.8.0: patch for FreeBSD compilation
Submitted By: Nick Leverton (leveret)
Fix the order of header inclusion for FreeBSD.
2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Forward port of svn revision 502:
SF Patch Tracker [ 2836704 ] Search for nested serviceList (not
stopping at the first lis
Submitted By: zephyrus ( zephyrus00jp )
Internet Gateway Device description contains nested serviceList (rootdevice
-> servicelist, subdevice
and subdevice has the lower-level serviceList, etc..)
Unfrotunately, the sample code sample_util.c used by tv_device sample,
etc.
has a code that looks for only the first top-level serviceList.
This results in the failure to read all the services of an IGD xml
description.
Attached patch modifies this behavior and looks for the service by
visiting all the serviceList in xml document in turn.
With the modified patch (ad additional modification), I could
simulate an IGD device and created a modified control program for that.
Patch against 1.6.6
TIA.
2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2973319 ] Problem in commit 499
Submitted By: Nick Leverton (leveret)
Afraid that this doesn't compile, it seems retval should be retVal in two
places.
2010-03-16 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Fix for the ithread_mutex_unlock() logic in UpnpInit().
Thanks for Nicholas Kraft.
2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2962606 ] Autorenewal errors: invalid SID,
too-short renewal interval
Submitted By: Nick Leverton (leveret)
Auto-renewals send an invalid SID due to a missing UpnpString_get_String
call. They also send a renewal interval of 0 instead of copying it from
the original subscription.
2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2964685 ] patch for avoiding inet_ntoa (1.8.0)
Submitted By: Nick Leverton (leveret)
Seems like SF's tracker won't let me add a patch to someone else's issue ?!
This refers to https://sourceforge.net/support/tracker.php?aid=2724578
The calls to inet_ntoa are in getlocalhostname(), which is called from
UpnpInit when it is returning the bound IP address.
UpnpInit/getlocalhostname hasn't been updated to IPv6, I presume this is
deliberate so that it doesn't start returning IPv6 addresses and
overwriting the caller's IPv4-sized allocation.
The attached patch just updates getlocalhostname to use inet_ntop instead
of inet_ntoa, and also documents the fact that UpnpInit is IPv4 only whilst
UpnpInnit2 is both IPv4 and IPv6.
A fuller solution might be to change UpnpInit to use some variant on
UpnpGetIfInfo. UpnpInit could still be left as IPv4 only if desired -
perhaps UpnpGetIfInfo could take an option for the desired address family.
getlocalhostname and its own copy of the interface scanning code would then
be redundant. I don't have IPv6 capability here though so I'm reluctant to
change the IPv6 code, as I have no way to test it.
2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2724578 ] patch for avoiding memory leaks when
add devices
each time a device been added, UpnpInit() is called, on exit, UpnpFinish()
is called, but the memories allocated by ThreadPoolInit() may lost because
there's no code to call ThreadPoolShutdown() to release the memories. And
inet_ntoa() is not thread safe, so in my patch, I substitute inet_ntoa()
with inet_ntop().
2010-03-14 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2964687 ] Add new string based accessors to upnp
object API
As per email to pupnp-devel, this is the patch to add the _strget_
accessors for string-like objects in the interface.
Will add a further patch shortly to udpate the sample programs.
2008-06-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Nicholas Kraft's patch to fix some IPv6 copy/paste issues. He
reported to be getting infinite loops with the svn code.
2008-06-13 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Bug Tracker [ 1984541 ]
ixmlDocumenttoString does not render the namespace tag.
Submitted By: Beliveau - belivo
Undoing the patch that fixed this problem. In fact, there was no
problem and the patch was wrong.
2008-06-11 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Ingo Hofmann's patch for "Content-Type in Subscription responses".
Adds charset="utf-8" attribute to the CONTENT-TYPE header line.
Hi,
I have found an inconsistency regarding the text/xml content-type
returned by libupnp. It looks like only subscription responses send
"text/xml" where all other messages contain "text/xml; charset="utf-8"".
Since I'm working on an DLNA device the latter behaviour is mandatory.
I changed the according lines in gena_device.c (see attached patch).
I'm not sure if it would be ok for other device to have the charset
field but it would help me a lot :)
Best regards,
Ingo
2008-06-04 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Bug Tracker [ 1984541 ]
ixmlDocumenttoString does not render the namespace tag.
Submitted By: Beliveau - belivo
The problem occurs when converting a xml document using
ixmlDocumenttoString containing a namespace tag created with
ixmlDocument_createElementNS. The namespace tag doesn't get rendered.
example: The following code fragment prints:
<?xml version="1.0"?>
<root></root>
instead of:
<?xml version="1.0"?>
<root xmlns="urn:schemas-upnp-org:device-1-0"></root>
Code:
#include <stdlib.h>
#include <upnp/ixml.h>
int main()
{
IXML_Document* wDoc = ixmlDocument_createDocument();
IXML_Element* wRoot = ixmlDocument_createElementNS(wDoc,
"urn:schemas-upnp-org:device-1-0", "root");
ixmlNode_appendChild((IXML_Node *)wDoc,(IXML_Node *)wRoot);
DOMString wString = ixmlDocumenttoString(wDoc);
printf(wString);
free(wString);
ixmlDocument_free(wDoc);
return 0;
}
The problem was in the printing routine, not in the library data
structure.
2008-05-31 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Charles Nepveu's suggestion of not allocating a thread for
MiniServer when it is not compiled.
2008-05-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Ported Peter Hartley's patch to compile with mingw.
2008-05-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Added some debug capability to ixml.
2008-05-02 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Merged Charles Nepveu's IPv6 work. libupnp now is IPv6 enabled.
2008-02-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Breaking API so that we now hide internal data structures.
2008-02-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Rewrote Peter Hartley's patch to include a new extra header field in
FileInfo.
*******************************************************************************
Version 1.6.22
*******************************************************************************
2017-07-07 James Cowgill <james410(at)cowgill.org.uk>
Replace MD5 impmplementation with public-domain version
Currently the RSA MD5 implementation is used. Unfortunately the license
has some potential issues:
* The license does not explicitly allow distributing derivative works.
This was the original argument used in
[Debian #459516](https://bugs.debian.org/459516).
* The license contains an advertising clause similar to the BSD 4-clause
license. This is incompatible with the GPL and if it were enforced,
would require RSA to be mentioned by pretty much everyone who uses pupnp.
The simple solution is to replace it with a public domain
implementation. I've taken OpenBSDs implementation and tweaked it
slightly for use by pupnp by:
- Adjusting the includes.
- Removing the __bounded__ attributes which are specific to OpenBSD.
- Using the standard integer types from stdint.h.
- Using memset instead of explicit_bzero.
2016-12-16 Peter Pramberger <peterpramb(at)users.sf.net>
ixml/test/test_document.c is missing the string.h include, therefore
the compiler complains about an implicit declaration.
*******************************************************************************
Version 1.6.21
*******************************************************************************
2016-12-16 Gabriel Burca <gburca(at)github>
If the error or info log files can not be created, use stderr and
stdout instead.
2016-12-08 Uwe Kleine-König <uwe(at)kleine-koenig.org>
Fix out-of-bound access in create_url_list() (CVE-2016-8863)
If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access
Bug: https://sourceforge.net/p/pupnp/bugs/133/
Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
Bug-Debian: https://bugs.debian.org/842093
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771
2016-11-30 Uwe Kleine-König <uwe(at)kleine-koenig.org>
miniserver: fix binding to ipv6 link-local addresses
Linux requires to have sin6_scope_id hold the interface id when binding to
link-local addresses. This is already in use in other parts of upnp, so
portability shouldn't be in the way here. Without this bind(2) fails with
errno=EINVAL (although ipv6(7) from manpages 4.08 specifies ENODEV in this
case).
Fixes: https://bugs.debian.org/813249
2016-09-15 Mathew Garret <(at)mjg59 (twitter)>
SF Bug Tracker #132 CVE-2016-6255: write files via POST
Submitted by: Balint Reczey in 2016-08-02
From Debian's BTS https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831857 :
From: Salvatore Bonaccorso carnil@debian.org
To: Debian Bug Tracking System submit@bugs.debian.org
Subject: libupnp: write files via POST
Date: Wed, 20 Jul 2016 11:03:34 +0200
Source: libupnp
Version: 1:1.6.17-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
See http://www.openwall.com/lists/oss-security/2016/07/18/13 and
https://twitter.com/mjg59/status/755062278513319936 .
Proposed fix:
https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
Regards,
Salvatore
From Mathew Garret's commit: Don't allow unhandled POSTs to write to the filesystem by default
*******************************************************************************
Version 1.6.20
*******************************************************************************
2016-02-22 Jean-Francois Dockes <medoc(at)users.sf.net>
SF Bugs #131, Creator: Jean-Francois Dockes
I know it sounds crazy that nobody ever saw this, but the CONTENT-LENGTH
value in GENA NOTIFY messages is too small by one.
It appears that most current control points don't notice the extra
character (an LF, which is validly there but not included in
Content-Length), probably because their protocol handler is reasonably
lenient, and because the missing body LF does not prevent parsing the
XML. But there is a least one anal CP (Linn Kazoo) which barfs, because
it reads all data until connection close and the size mismatch triggers
a bug.
"Proof":
In gena_device.c:217 (notify_send_and_recv())
ret_code = http_SendMessage(&info, &timeout,
"bbb",
start_msg.buf, start_msg.length,
propertySet, strlen(propertySet),
CRLF, strlen(CRLF));
start_msg has all the headers, including the empty line.
Content-length should be strlen(propertySet) + strlen(CRLF) (2)
In gena_device.c:433 (AllocGenaHeaders())
rc = snprintf(headers, headers_size, "%s%s%"PRIzu"%s%s%s",
HEADER_LINE_1,
HEADER_LINE_2A,
strlen(propertySet) + 1,
HEADER_LINE_2B,
HEADER_LINE_3,
HEADER_LINE_4);
HEADER_LINE_2A is "CONTENT-LENGTH: ".
The following value should be strlen(propertySet) + 2
2016-01-07 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
Fix for a reported integer overflow
2016-01-07 Jean-Francois Dockes <medoc(at)users.sf.net>
2016-01-07 Nick Leverton <nick(at)leverton.org>
SF Patches #60, Creator: Jean-Francois Dockes
When libupnp is configured with --enable-ipv6 but ipv6 is not available
on the system (for example because the ipv6 code is not loaded in a Linux
kernel as is the case by default on Raspbian), the ipv6 socket creation
call will fail in miniserver.c and the library init will fail, even if
the ipv4 initialisation would have succeeded.
Let a library configured with --enable-ipv6 initialize in ipv4-only
mode if ipv6 is not available instead of failing. This can happen
if no ipv6 code is configured or loaded in the kernel.
Don't fail if IPv6 is unavailable.
We might be an IPv6 enabled distro build running on an IPv4-only custom kernel.
2016-01-07 Nick Leverton <nick(at)leverton.org>
SF Bug Tracker #128, Creator: Nick Leverton
redefining strndup causes "error: expected identifier or '(' before '__extension__'"
Fix redefinition of strnlen and strndup
These are available when HAVE_STRNDUP and HAVE_STRNLEN are defined, but
libupnp provides an extern prototype anyway. Recent versions of glibc
define this prototype differently, causing the following compile error:
src/api/UpnpString.c:47:15: error: expected identifier or '(' before '__extension__'
extern char *strndup(__const char *__string, size_t __n);
2016-01-07 Nick Leverton <nick(at)leverton.org>
SF Bug Tracker #129, Creator: Nick Leverton
shutdown() on UDP sockets logs ENOTCONN message.
https://sourceforge.net/p/pupnp/bugs/129/
Fix ENOTCONN "Error in shutdown: Transport endpoint is not connected"
When logging is enabled, ssdpserver logs bursts of
"Error in shutdown: Transport endpoint is not connected"
This is because shutdown() is not supported for UDP sockets and under
recent UNIX specifications it returns ENOTCONN if used.
2016-01-07 Nick Leverton <nick(at)leverton.org>
SF Bug Tracker #127, Creator: Klaus Fischer
Miniserver uses INADDR_ANY instead of HostIP
https://sourceforge.net/p/pupnp/bugs/127/
The internal miniserver.c uses INADDR_ANY instead of the HostIP/IfName
provided when initializing libupnp. But, this HostIP/IfName gets used
for the UDP socket when multicasting SSDP messages. Because of this,
miniserver may end up sending from different IP address than ssdpserver.
This patch causes miniserver to use the already known interface address.
2016-01-07 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>
SF Bug Tracker #130, Creator: Shaddy Baddah
infinite loop in UpnpGetIfInfo() under WIN32
Original code makes no sense. This patch should fix it.
2015-02-04 Shaun Marko <semarko@users.sf.net>
Bug tracker #124 Build fails with --enable-debug
Build environment
Fedora 21
X86-64
* gcc 4.9.2
How to repeat
$ ./configure --enable debug
$ make
libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../upnp/inc -I./inc -I../threadutil/inc
-I../ixml/inc -I./src/inc -pthread -g -O2 -Wall -MT src/api/libupnp_la-UpnpString.lo
-MD -MP -MF src/api/.deps/libupnp_la-UpnpString.Tpo -c src/api/UpnpString.c
-fPIC -DPIC -o src/api .libs/libupnp_la-UpnpString.o src/api/UpnpString.c:47:16:
error: expected identifier or '(' before 'extension'
extern char *strndup(const char *string, size_t __n);
^
Makefile:1016: recipe for target 'src/api/libupnp_la-UpnpString.lo' failed
Reason for failure
Build enables -O2 optimization flags which causes the inclusion of a
macro implementation of strndup from include/bits/string2.h.
Workarounds
Disable optimization when configuring or making:
$ configure CFLAGS='-g -pthread -O0' --enable-debug
$ make
or
$ configure --enable-debug
$ make CFLAGS='-g -pthread -O0' Define NO_STRING_INLINES
$ export CFLAGS="-DNO_STRING_INLINES -O2"
$ ./configure --enagble-debug
$ make
Fix
* Don't declare strndup in src/api/UpnpString.c if it exists
2015-02-01 Jean-Francois Dockes <medoc@users.sf.net>
Out-of-tree builds seem to be currently broken, because ixml and
threadutil files need an include path to include UpnpGlobal.h, and
configure tries to copy files into a directory which it does not create.
The patch fixes both issues.
2014-01-03 Peng <howtofly(at)gmail.com>
rewrite soap_device.c
1) separate HTTP handling from SOAP handling
2) remove repeated validity check, each check is performed exactly once
3) fix HTTP status code per UPnP spec, SOAP spec and RFC 2774
|
|
|
|
4.6.4
- Use importlib-metadata instead of pkg_resources for better performance
- Allow users to switch URLs while omitting the resource identifier
- Don't stop receiving tasks on 503 SQS error.
- Fix maybe declare
- Revert "Revert "Use SIMEMBERS instead of SMEMBERS to check for queue (Redis Broker)
- Fix MongoDB backend to work properly with TTL
- Make sure that max_retries=0 is treated differently than None
- Bump py-amqp to 2.5.1
|
|
2.5.1
- Ignore all methods except Close and Close-OK when channel/connection is closing
- Fix faulty ssl sni intiation parameters
- Undeprecate auto_delete flag for exchanges.
- Improved tests and testing environments
|
|
* Prevent warnings on Python3.8
* Fix proxy support
* Fix --single to ensure threads are not started until a position in the queue is available
|
