aboutsummaryrefslogtreecommitdiffstats
path: root/meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-Fix-build-with-hardened-security-flags.patch
diff options
context:
space:
mode:
authorAndreas Müller <schnitzeltony@gmail.com>2021-05-31 18:10:59 +0200
committerKhem Raj <raj.khem@gmail.com>2021-06-01 07:49:06 -0700
commitb85b58a467edda82c894a8877520a58f9aeabc39 (patch)
tree41b67dff7ea7e775f54033e8a0a03a813e18f9ef /meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-Fix-build-with-hardened-security-flags.patch
parentd4734330cf549d2b296d90f0423019529b3e08fe (diff)
downloadmeta-openembedded-b85b58a467edda82c894a8877520a58f9aeabc39.tar.gz
meta-openembedded-b85b58a467edda82c894a8877520a58f9aeabc39.tar.bz2
meta-openembedded-b85b58a467edda82c894a8877520a58f9aeabc39.zip
gupnp: upgrade 1.2.4 -> 1.2.6
In their mail announcement they stated out clearly: GUPnP 1.0.7 and GUPnP 1.2.5 fix a potential DNS rebind issue. An impact of this would be that for example a user could be tricked into opening a malicious web page that could scan the local network for UPnP media servers and download the user's shared files, or, if enabled, even delete them. Upgrade to 1.2.5 (or where that is not possible, 1.0.7) is strongly recommended. At repo side: 1.2.6 ===== - Fix wrong dependency on GSSDP 1.2.4 Bugs fixed in this release: - https://gitlab.gnome.org/GNOME/gupnp/issues/48 All contributors to this release: - Jens Georg <mail@jensge.org> 1.2.5 ===== - Fix introspection annotation for send_action_list - Fix potential fd leak in linux CM - Fix potential NULL pointer dereference when evaluating unset ServiceProxyActions - Fix leaking the message string if an action is never sent - Fix leaking the ServiceProxyAction if sending fails in call_action - Fix introspection annotation for send_action and call_action_finish to prevent a double-free - Make ServiceIntrospection usable from gobject-introspection - Add Python examle - Add C example - Fix JavaScript example - Fix potential use-after-free if service proxy is destroxed before libsoup request finishes in control point - Fix potential data leak due to being vulnerable to DNS rebind attacs Bugs fixed in this release: - https://gitlab.gnome.org/GNOME/gupnp/issues/47 - https://gitlab.gnome.org/GNOME/gupnp/issues/46 - https://gitlab.gnome.org/GNOME/gupnp/issues/23 - https://gitlab.gnome.org/GNOME/gupnp/issues/24 All contributors to this release: - Jens Georg <mail@jensge.org> - Doug Nazar <nazard@nazar.ca> - Andre Klapper <a9016009@gmx.de> Signed-off-by: Andreas Müller <schnitzeltony@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-Fix-build-with-hardened-security-flags.patch')
-rw-r--r--meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-Fix-build-with-hardened-security-flags.patch61
1 files changed, 61 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-Fix-build-with-hardened-security-flags.patch b/meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-Fix-build-with-hardened-security-flags.patch
new file mode 100644
index 000000000..ef0c945d0
--- /dev/null
+++ b/meta-multimedia/recipes-connectivity/gupnp/gupnp/0001-Fix-build-with-hardened-security-flags.patch
@@ -0,0 +1,61 @@
+From 6eba07bd195e0a1199a0fc62d7cc31ec376bc3dd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Andreas=20M=C3=BCller?= <schnitzeltony@gmail.com>
+Date: Mon, 31 May 2021 17:44:29 +0200
+Subject: [PATCH] Fix build with hardened security flags
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+| ../gupnp-1.2.6/examples/get-volume.c: In function 'on_introspection':
+| ../gupnp-1.2.6/examples/get-volume.c:53:17: error: format not a string literal and no format arguments [-Werror=format-security]
+| 53 | g_critical (error->message);
+| | ^~~~~~~~~~
+| ../gupnp-1.2.6/examples/get-volume.c:114:17: error: format not a string literal and no format arguments [-Werror=format-security]
+| 114 | g_critical (error->message);
+| | ^~~~~~~~~~
+| ../gupnp-1.2.6/examples/get-volume.c: In function 'main':
+| ../gupnp-1.2.6/examples/get-volume.c:150:17: error: format not a string literal and no format arguments [-Werror=format-security]
+| 150 | g_error (error->message);
+| | ^~~~~~~
+
+Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
+
+Upstream-Status: Submitted [https://gitlab.gnome.org/GNOME/gupnp/-/merge_requests/17]
+---
+ examples/get-volume.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/examples/get-volume.c b/examples/get-volume.c
+index 4601014..923581c 100644
+--- a/examples/get-volume.c
++++ b/examples/get-volume.c
+@@ -50,7 +50,7 @@ on_introspection (GObject *object, GAsyncResult *res, gpointer user_data)
+ &error);
+
+ if (error != NULL) {
+- g_critical (error->message);
++ g_critical ("%s", error->message);
+ g_clear_error (&error);
+ }
+
+@@ -111,7 +111,7 @@ on_introspection (GObject *object, GAsyncResult *res, gpointer user_data)
+ g_list_free (out_names);
+
+ if (error != NULL) {
+- g_critical (error->message);
++ g_critical ("%s", error->message);
+ g_clear_error (&error);
+ } else {
+ g_print ("Current volume: %s\n",
+@@ -147,7 +147,7 @@ int main(int argc, char *argv[])
+ GUPnPContext *context = gupnp_context_new ("wlp3s0", 0, &error);
+
+ if (error != NULL) {
+- g_error (error->message);
++ g_error ("%s", error->message);
+ }
+
+ GUPnPControlPoint *cp = gupnp_control_point_new (context, CONTENT_DIR);
+--
+2.31.1
+