Hardening fix was applied
1.2.7
=====
- Fix build with -Wformat-security=error
- Bump required GLib version to 2.66
- Fix some introspection annotations
- Add missing varargs functions to vapi
- Revert fix from 1.2.5 which causes managed control points to
live too long
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
In their mail announcement they stated out clearly:
GUPnP 1.0.7 and GUPnP 1.2.5 fix a potential DNS rebind issue.
An impact of this would be that for example a user could be tricked
into opening a malicious web page that could scan the local network for
UPnP media servers and download the user's shared files, or, if
enabled, even delete them.
Upgrade to 1.2.5 (or where that is not possible, 1.0.7) is strongly
recommended.
At repo side:
1.2.6
=====
- Fix wrong dependency on GSSDP 1.2.4
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp/issues/48
All contributors to this release:
- Jens Georg <mail@jensge.org>
1.2.5
=====
- Fix introspection annotation for send_action_list
- Fix potential fd leak in linux CM
- Fix potential NULL pointer dereference when evaluating
unset ServiceProxyActions
- Fix leaking the message string if an action is never
sent
- Fix leaking the ServiceProxyAction if sending fails
in call_action
- Fix introspection annotation for send_action and
call_action_finish to prevent a double-free
- Make ServiceIntrospection usable from
gobject-introspection
- Add Python examle
- Add C example
- Fix JavaScript example
- Fix potential use-after-free if service proxy is
destroxed before libsoup request finishes in control
point
- Fix potential data leak due to being vulnerable to DNS
rebind attacs
Bugs fixed in this release:
- https://gitlab.gnome.org/GNOME/gupnp/issues/47
- https://gitlab.gnome.org/GNOME/gupnp/issues/46
- https://gitlab.gnome.org/GNOME/gupnp/issues/23
- https://gitlab.gnome.org/GNOME/gupnp/issues/24
All contributors to this release:
- Jens Georg <mail@jensge.org>
- Doug Nazar <nazard@nazar.ca>
- Andre Klapper <a9016009@gmx.de>
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Add missing dep on glib-2.0-native
inherit gtk-icon-cache
Convert to use meson
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andreas Müller <schnitzeltony@gmail.com>
This makes is specific to gupnp-dlna alone since thats only recipe using
the patches inside files
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andreas Müller <schnitzeltony@gmail.com>
Switch to using meson
Depend on py3 since its now supported
Relax packaging to include version number in gupnp-binding-tool
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Cc: Andreas Müller <schnitzeltony@gmail.com>
Fixes errors ( qemuarm/thumb )
../../../git/upnp/inc/FileInfo.h:22:2: error: #error libupnp uses large file support, so users must do that, too
Signed-off-by: Khem Raj <raj.khem@gmail.com>
License-Update: Renamed and deleted empty line
License file is now called COPYING
d3a04002e5 (diff-7116ef0705885343c9e1b2171a06be0e)
This is 3 Clause BSD license so make it accurate
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Not only was uuid removed as a build dependency of Rygel in 0.27.1, but
oe-core's ossp-uuid has always renamed the library to libossp-uuid so it was
never used (as util-linux provides libuuid.so).
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix the warning below and set proper license according to the
content of file COPYING in Rygel:
WARNING: rygel-0.34.0-r0 do_populate_lic: rygel: \
No generic license file exists for: LGPL1.1 in any provider
According to a git commit in Rygel made two years ago by Jens
Georg: "all: Update license text to LGPLv2.1 proper We always
claimed being LGPLv2.1 but the license text said differently."
In the same time the tag for Rygel 0.34 has been created on
20 March 2017, aka after this git commit. For more details:
cdcb6bd55e
Furthermore, the changelog of Rygel 0.34.0 also indicates
that the license is LGPLv2.1+ (after a fix in release 0.29.1):
https://abi-laboratory.pro/tracker/changelog/rygel/0.34.0/log.html
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
1.6 was kept for mpd only (see commit d56f417498e5b582973117479f53eec458ab911b)
Signed-off-by: Andreas Müller <schnitzeltony@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This version is needed for gerbera (and possibly vlc), however
this version break mpd, so keep old version as libupnp1.6 and
use it for mpd until there is new version of mpd supporting 1.8
version.
Signed-off-by: Fabien Lahoudere <fabien.lahoudere@collabora.co.uk>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Fix build without X
Licence is more consistent now see
cdcb6bd55e
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
- Produce a clean download tarball
- ./genconfig.sh is not necessary as it is called by make if necessary
- Enable the possible to do vendor configuration in the supplied .conf file
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
* based on discussion in pndeprecated thread:
https://patchwork.openembedded.org/patch/137573/
update the messages to warn possible users that the
recipe will be removed before the end of the next development
cycle (before Yocto 2.4 is released).
* updated with:
sed -i 's/^\(PNBLACKLIST.*".*\)"/\1 - the recipe will be removed on 2017-09-01 unless the issue is fixed"/g' `git grep PNBLACKLIST | sed 's/:.*//g' | sort -u | xargs`
* then noticed couple recipes being blacklisted only based on
DISTRO_FEATURES, so removed those:
meta-networking/recipes-support/lksctp-tools/lksctp-tools_1.0.17.bb
meta-oe/recipes-connectivity/bluez/bluez-hcidump_2.5.bb
meta-oe/recipes-connectivity/bluez/bluez4_4.101.bb
meta-oe/recipes-connectivity/bluez/gst-plugin-bluetooth_4.101.bb
meta-oe/recipes-navigation/foxtrotgps/foxtrotgps_1.1.1.bb
meta-oe/recipes-navigation/gypsy/gypsy.inc
meta-oe/recipes-navigation/navit/navit.inc
meta-oe/recipes-support/opensync/libsyncml_0.5.4.bb
* if it isn't fixed by this date, it's fair game to be removed
whenever someone gets around to i
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access
Signed-off-by: Andrej Valek <andrej.valek@siemens.com>
Signed-off-by: Pascal Bach <pascal.bach@siemens.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
base_contains() is a compatibility wrapper and may warn in the future, so
replace all instances with bb.utils.contains().
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Update to latest version. This mainly fixes file uploading,
which did not work in previous version (see upstream commit
"1d45866a3fd7ca47bdbea60156bd18b994710662" among others).
sqlite3 is now required to build whole rygel, as some
media-export plugin routines have been centralized ;
libunistring also improves collation logic if present.
Rygel will not keep running anymore when its "plugins"
folder is absent or empty. Thus, to avoid disappointments,
we now RRECOMMEND at least the media-export plugin.
Signed-off-by: Manuel Bachmann <mbc@iot.bzh>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Update to latest version (required for latest Rygel).
As the unique executable provided by "gupnp-dev" cannot
work without python, switch from RRECOMMENDS to RDEPENDS
for it, and also be more precise in its required modules.
Signed-off-by: Manuel Bachmann <manuel.bachmann@iot.bzh>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
