libupnp 1.6.20

- Don't write to the filesystem on unhandled POST requests
9 years ago · db62387596
parent adc99b1fcc
commit db62387596
4 changed files with 35 additions and 3 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,3 +3,4 @@ libupnp-1.6.6.tar.bz2
 /libupnp-1.6.17.tar.bz2
 /libupnp-1.6.18.tar.bz2
 /libupnp-1.6.19.tar.bz2
+/libupnp-1.6.20.tar.bz2
--- a/0001-Don-t-allow-unhandled-POSTs-to-write-to-the-filesyst.patch
+++ b/0001-Don-t-allow-unhandled-POSTs-to-write-to-the-filesyst.patch
@ -0,0 +1,24 @@
+Originally:
+
+https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
+
+But without the configure bits, because we're just going to leave it disabled
+anyway, and I don't feel like making autoreconf work.
+
+diff -up libupnp-1.6.20/upnp/src/genlib/net/http/webserver.c.jx libupnp-1.6.20/upnp/src/genlib/net/http/webserver.c
+--- libupnp-1.6.20/upnp/src/genlib/net/http/webserver.c.jx	2016-07-07 13:05:30.000000000 -0400
+++ libupnp-1.6.20/upnp/src/genlib/net/http/webserver.c	2016-07-18 14:02:23.920747068 -0400
+@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage(
+ 		if (Fp == NULL)
+ 			return HTTP_INTERNAL_SERVER_ERROR;
+ 	} else {
+#ifdef UPNP_ENABLE_POST_WRITE
+ 		Fp = fopen(filename, "wb");
+ 		if (Fp == NULL)
+ 			return HTTP_UNAUTHORIZED;
+#else
+		return HTTP_NOT_FOUND;
+#endif
+ 	}
+ 	parser->position = POS_ENTITY;
+ 	do {
--- a/libupnp.spec
+++ b/libupnp.spec
@ -1,7 +1,7 @@
-Version: 1.6.19
+Version: 1.6.20
 Summary: Universal Plug and Play (UPnP) SDK
 Name: libupnp
-Release: 5%{?dist}
+Release: 1%{?dist}
 License: BSD
 Group: System Environment/Libraries
 URL: http://www.libupnp.org/
@ -10,6 +10,8 @@ Source: http://downloads.sourceforge.net/pupnp/%{name}-%{version}.tar.bz2
 %define docdeveldir %{_docdir}/%{name}-devel-%{version}
 %define docdir %{_docdir}/%{name}-%{version}

+Patch0: 0001-Don-t-allow-unhandled-POSTs-to-write-to-the-filesyst.patch
+
 %description
 The Universal Plug and Play (UPnP) SDK for Linux provides 
 support for building UPnP-compliant control points, devices, 
@ -26,6 +28,7 @@ the UPnP SDK libraries.

 %prep
 %setup -q
+%patch0 -p1

 %build
 %configure --enable-static=no --enable-ipv6
@ -61,6 +64,10 @@ make install DESTDIR=$RPM_BUILD_ROOT
 rm -rf %{buildroot}

 %changelog
+* Mon Jul 18 2016 Adam Jackson <ajax@redhat.com> - 1.6.20-1
+- libupnp 1.6.20
+- Don't write to the filesystem on unhandled POST requests
+
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.6.19-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild

--- a/2
+++ b/2
@ -1 +1 @@
-ee16e5d33a3ea7506f38d71facc057dd  libupnp-1.6.19.tar.bz2
+6839c376b5ec71d2d56f7b64e829c438  libupnp-1.6.20.tar.bz2