aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLeo <thinkabit.ukim@gmail.com>2020-12-15 10:42:09 -0300
committerLeo <thinkabit.ukim@gmail.com>2020-12-15 11:00:07 -0300
commitc94343a5dc5bd0cfc7942ff40e49e79b37186500 (patch)
treea9063c66f60b27c0d867b2d36898817f5e4d3db4
parent3fb286ae2a900f87a21fcfbfefbb640c5359e07e (diff)
downloadaports-c94343a5dc5bd0cfc7942ff40e49e79b37186500.tar.gz
aports-c94343a5dc5bd0cfc7942ff40e49e79b37186500.tar.bz2
aports-c94343a5dc5bd0cfc7942ff40e49e79b37186500.tar.xz
community/minidlna: fix CVE-2020-12695 and CVE-2020-28926
See: #12198
-rw-r--r--community/minidlna/APKBUILD16
-rw-r--r--community/minidlna/CVE-2020-12695.patch68
-rw-r--r--community/minidlna/CVE-2020-28926.patch29
3 files changed, 110 insertions, 3 deletions
diff --git a/community/minidlna/APKBUILD b/community/minidlna/APKBUILD
index ced9db5209..6bbc5780e2 100644
--- a/community/minidlna/APKBUILD
+++ b/community/minidlna/APKBUILD
@@ -2,7 +2,7 @@
# Maintainer: Francesco Colista <francesco.colista@gmail.com>
pkgname=minidlna
pkgver=1.2.1
-pkgrel=1
+pkgrel=2
pkgdesc="A small dlna server"
url="https://sourceforge.net/projects/minidlna/"
arch="all"
@@ -25,10 +25,18 @@ pkggroups="$pkgname"
source="https://downloads.sourceforge.net/project/minidlna/minidlna/$pkgver/minidlna-$pkgver.tar.gz
$pkgname.initd
$pkgname.confd
- 10-minidlna-nfo.patch"
+ 10-minidlna-nfo.patch
+ CVE-2020-28926.patch
+ CVE-2020-12695.patch
+ "
builddir="$srcdir/$pkgname-$pkgver"
+# secfixes:
+# 1.2.1-r2:
+# - CVE-2020-28926
+# - CVE-2020-12695
+
build() {
cd "$builddir"
./configure \
@@ -67,4 +75,6 @@ package() {
sha512sums="17827155bfbfd2b51939bc86080e8724dcded138af8fede9c7715c225524e86d3c21bfd8d40dbf201861ef154189d9c5e223b719bf7695251212b26ec290462b minidlna-1.2.1.tar.gz
e16961bb68c004297f1e26422b1d15bd8583ba2e0e36c88902a45573b685993fff88d2d0dae8c624eaeddb0deca614dbc13b8345f34b4c348961c00b05c0df30 minidlna.initd
e209848af0d79069ac989ad61d3be610b4c0c2783a207a50463a25ec3811b04d1da3a2acde54749878bec44e1567874ede827b978d5472c00f6a855663e5cbf8 minidlna.confd
-59a97ef0a36d3ae44dd2e182a0b106f84ce5c17e7dc14ee0459b17430b57ddc59a74e8e67fc0a90326fa451a505b97a0b719b438475efac144028dd012b44af1 10-minidlna-nfo.patch"
+59a97ef0a36d3ae44dd2e182a0b106f84ce5c17e7dc14ee0459b17430b57ddc59a74e8e67fc0a90326fa451a505b97a0b719b438475efac144028dd012b44af1 10-minidlna-nfo.patch
+883d06ba860264502b29bbdbbf469b145a97f59e6fc11d46fc199955696202b66f7ba1dc0708ef65cc3987ff5942024216b5274cbbf136558581e6a0cdac2750 CVE-2020-28926.patch
+a8a5428c83ed8b2abe2c340ebc9d558417c4e8980f36d9dd19ff437025f9ec056caf58e606275fa3d74c4fc81342e7fec313353d50d70d1d787db2abc808542b CVE-2020-12695.patch"
diff --git a/community/minidlna/CVE-2020-12695.patch b/community/minidlna/CVE-2020-12695.patch
new file mode 100644
index 0000000000..4588ff4c74
--- /dev/null
+++ b/community/minidlna/CVE-2020-12695.patch
@@ -0,0 +1,68 @@
+--- a/upnphttp.c
++++ b/upnphttp.c
+@@ -699,7 +699,7 @@
+ static int
+ check_event(struct upnphttp *h)
+ {
+- enum event_type type;
++ enum event_type type = E_INVALID;
+
+ if (h->req_Callback)
+ {
+@@ -707,7 +707,6 @@
+ {
+ BuildResp2_upnphttp(h, 400, "Bad Request",
+ "<html><body>Bad request</body></html>", 37);
+- type = E_INVALID;
+ }
+ else if (strncmp(h->req_Callback, "http://", 7) != 0 ||
+ strncmp(h->req_NT, "upnp:event", h->req_NTLen) != 0)
+@@ -716,10 +715,30 @@
+ * If CALLBACK header is missing or does not contain a valid HTTP URL,
+ * the publisher must respond with HTTP error 412 Precondition Failed*/
+ BuildResp2_upnphttp(h, 412, "Precondition Failed", 0, 0);
+- type = E_INVALID;
+ }
+ else
+- type = E_SUBSCRIBE;
++ {
++ /* Make sure callback URL points to the originating IP */
++ struct in_addr addr;
++ char addrstr[16];
++ int i = 0;
++ const char *p = h->req_Callback + 7;
++ while (!strchr("/:>", *p) && i < sizeof(addrstr) - 1 &&
++ p < (h->req_Callback + h->req_CallbackLen))
++ {
++ addrstr[i++] = *(p++);
++ }
++ addrstr[i] = '\0';
++
++ if (inet_pton(AF_INET, addrstr, &addr) <= 0 ||
++ memcmp(&addr, &h->clientaddr, sizeof(struct in_addr)))
++ {
++ DPRINTF(E_ERROR, L_HTTP, "Bad callback IP (%s)\n", addrstr);
++ BuildResp2_upnphttp(h, 412, "Precondition Failed", 0, 0);
++ }
++ else
++ type = E_SUBSCRIBE;
++ }
+ }
+ else if (h->req_SID)
+ {
+@@ -728,7 +747,6 @@
+ {
+ BuildResp2_upnphttp(h, 400, "Bad Request",
+ "<html><body>Bad request</body></html>", 37);
+- type = E_INVALID;
+ }
+ else
+ type = E_RENEW;
+@@ -736,7 +754,6 @@
+ else
+ {
+ BuildResp2_upnphttp(h, 412, "Precondition Failed", 0, 0);
+- type = E_INVALID;
+ }
+
+ return type;
diff --git a/community/minidlna/CVE-2020-28926.patch b/community/minidlna/CVE-2020-28926.patch
new file mode 100644
index 0000000000..50f8d5a8d1
--- /dev/null
+++ b/community/minidlna/CVE-2020-28926.patch
@@ -0,0 +1,29 @@
+--- a/upnphttp.c
++++ b/upnphttp.c
+@@ -420,14 +420,14 @@
+ return;
+ line += 2;
+ }
+- if( h->reqflags & FLAG_CHUNKED )
++ if (h->reqflags & FLAG_CHUNKED)
+ {
+ char *endptr;
+ h->req_chunklen = -1;
+- if( h->req_buflen <= h->req_contentoff )
++ if (h->req_buflen <= h->req_contentoff)
+ return;
+ while( (line < (h->req_buf + h->req_buflen)) &&
+- (h->req_chunklen = strtol(line, &endptr, 16)) &&
++ (h->req_chunklen = strtol(line, &endptr, 16) > 0) &&
+ (endptr != line) )
+ {
+ endptr = strstr(endptr, "\r\n");
+@@ -888,7 +888,7 @@
+ char *chunkstart, *chunk, *endptr, *endbuf;
+ chunk = endbuf = chunkstart = h->req_buf + h->req_contentoff;
+
+- while( (h->req_chunklen = strtol(chunk, &endptr, 16)) && (endptr != chunk) )
++ while ((h->req_chunklen = strtol(chunk, &endptr, 16)) > 0 && (endptr != chunk) )
+ {
+ endptr = strstr(endptr, "\r\n");
+ if (!endptr)