aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrancesco Colista <fcolista@alpinelinux.org>2020-06-10 06:09:23 +0000
committerFrancesco Colista <fcolista@alpinelinux.org>2020-06-10 06:09:23 +0000
commit7fd82612488f2e64932e0f691b9e8f15562a0af5 (patch)
tree79bc3f1111a599f3f2c9805cec77f1722207ac0e
parenta6aa0ed429367e9125b72d7642fd2c2dc35d92dc (diff)
downloadaports-7fd82612488f2e64932e0f691b9e8f15562a0af5.tar.gz
aports-7fd82612488f2e64932e0f691b9e8f15562a0af5.tar.bz2
aports-7fd82612488f2e64932e0f691b9e8f15562a0af5.tar.xz
community/libupnp: security fix for CVE-2020-13848
-rw-r--r--community/libupnp/APKBUILD12
-rw-r--r--community/libupnp/CVE-2020-13848.patch39
2 files changed, 48 insertions, 3 deletions
diff --git a/community/libupnp/APKBUILD b/community/libupnp/APKBUILD
index b09a9280c6..214951a42c 100644
--- a/community/libupnp/APKBUILD
+++ b/community/libupnp/APKBUILD
@@ -3,14 +3,19 @@
# Contributor: Mike Crute <mike@crute.us>
pkgname=libupnp
pkgver=1.12.1
-pkgrel=0
+pkgrel=1
pkgdesc="Portable Open Source UPnP Development Kit"
url="http://pupnp.sourceforge.net"
arch="all"
license="BSD-3-Clause"
makedepends="automake autoconf libtool"
subpackages="$pkgname-dev"
-source="https://github.com/pupnp/pupnp/releases/download/release-$pkgver/libupnp-$pkgver.tar.bz2"
+source="https://github.com/pupnp/pupnp/releases/download/release-$pkgver/libupnp-$pkgver.tar.bz2
+CVE-2020-13848.patch"
+
+# secfixes:
+# 1.12.1-r1:
+# - CVE-2020-13848
prepare() {
default_prepare
@@ -34,4 +39,5 @@ package() {
make DESTDIR="$pkgdir" install
}
-sha512sums="f13833118d08fc05273dc65a12596854b937c505b20d82e58eb1c2e1fa35dba0cafd5799475e030f3c698069046cc5256e6ef5afe398680e7ea881df953b95e6 libupnp-1.12.1.tar.bz2"
+sha512sums="f13833118d08fc05273dc65a12596854b937c505b20d82e58eb1c2e1fa35dba0cafd5799475e030f3c698069046cc5256e6ef5afe398680e7ea881df953b95e6 libupnp-1.12.1.tar.bz2
+ece4d1a27fec40b9714200d66013c105b50dedf41f5435df9122be763b78c74ec419ffc60e75088f9706ab6d8f01afa07f8262c3b9af9134ba42cfe9b5f2fb59 CVE-2020-13848.patch"
diff --git a/community/libupnp/CVE-2020-13848.patch b/community/libupnp/CVE-2020-13848.patch
new file mode 100644
index 0000000000..ec4e762812
--- /dev/null
+++ b/community/libupnp/CVE-2020-13848.patch
@@ -0,0 +1,39 @@
+diff --git a/upnp/src/genlib/service_table/service_table.c b/upnp/src/genlib/service_table/service_table.c
+index 98c2c0f..c2c4545 100644
+--- a/upnp/src/genlib/service_table/service_table.c
++++ b/upnp/src/genlib/service_table/service_table.c
+@@ -300,12 +300,12 @@ FindServiceEventURLPath( service_table * table,
+ uri_type parsed_url;
+ uri_type parsed_url_in;
+
+- if( ( table )
+- &&
+- ( parse_uri( eventURLPath,
+- strlen( eventURLPath ),
+- &parsed_url_in ) == HTTP_SUCCESS ) ) {
++ if (!table || !eventURLPath) {
++ return NULL;
++ }
+
++ if (parse_uri(eventURLPath, strlen(eventURLPath), &parsed_url_in) ==
++ HTTP_SUCCESS) {
+ finger = table->serviceList;
+ while( finger ) {
+ if( finger->eventURL )
+@@ -352,11 +352,11 @@ FindServiceControlURLPath( service_table * table,
+ uri_type parsed_url;
+ uri_type parsed_url_in;
+
+- if( ( table )
+- &&
+- ( parse_uri
+- ( controlURLPath, strlen( controlURLPath ),
+- &parsed_url_in ) == HTTP_SUCCESS ) ) {
++ if (!table || !controlURLPath) {
++ return NULL;
++ }
++ if (parse_uri(controlURLPath, strlen(controlURLPath), &parsed_url_in) ==
++ HTTP_SUCCESS) {
+ finger = table->serviceList;
+ while( finger ) {
+ if( finger->controlURL )