SECURITY update to libupnp 1.6.18 http://www.kb.cert.org/vuls/id/922681

- at least three remotely exploitable buffer overflows in the unique_service_name() function, which is called to process incoming SSDP requests on UDP port 1900. - devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilitites to the internet. (and roll shared libs from PFRAG.shared into PLIST while there).
2013-01-29 16:14:06 +00:00 · 2013-01-29 16:14:06 +00:00 · 73cb848f4c
commit 73cb848f4c
parent 98aec6d004
4 changed files with 8 additions and 9 deletions
--- a/net/libupnp/Makefile
+++ b/net/libupnp/Makefile
@ -1,8 +1,8 @@
-# $OpenBSD: Makefile,v 1.3 2012/11/06 11:48:28 dcoppa Exp $
+# $OpenBSD: Makefile,v 1.4 2013/01/29 16:14:06 sthen Exp $

 COMMENT=	Universal Plug and Play SDK

-DISTNAME=	libupnp-1.6.17
+DISTNAME=	libupnp-1.6.18
 EXTRACT_SUFX=	.tar.bz2

 CATEGORIES=	net devel
--- a/net/libupnp/distinfo
+++ b/net/libupnp/distinfo
@ -1,2 +1,2 @@
-SHA256 (libupnp-1.6.17.tar.bz2) = ouDZqfGntni82+92EK3siVpsjLj5Zw1eH8ljz1HN0hk=
-SIZE (libupnp-1.6.17.tar.bz2) = 1187499
+SHA256 (libupnp-1.6.18.tar.bz2) = shvGdjZWItOs4bJSktq41NI/bmqA3cjwKbdl05eX6TQ=
+SIZE (libupnp-1.6.18.tar.bz2) = 1201056
--- a/net/libupnp/pkg/PFRAG.shared
+++ b/net/libupnp/pkg/PFRAG.shared
@ -1,4 +0,0 @@
-@comment $OpenBSD: PFRAG.shared,v 1.1.1.1 2010/03/22 22:25:50 ajacoutot Exp $
-@lib lib/libixml.so.${LIBixml_VERSION}
-@lib lib/libthreadutil.so.${LIBthreadutil_VERSION}
-@lib lib/libupnp.so.${LIBupnp_VERSION}
--- a/net/libupnp/pkg/PLIST
+++ b/net/libupnp/pkg/PLIST
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.2 2012/11/06 11:48:28 dcoppa Exp $
+@comment $OpenBSD: PLIST,v 1.3 2013/01/29 16:14:06 sthen Exp $
 %%SHARED%%
 include/upnp/
 include/upnp/FreeList.h
@ -20,9 +20,12 @@ include/upnp/upnpdebug.h
 include/upnp/upnptools.h
 lib/libixml.a
 lib/libixml.la
+@lib lib/libixml.so.${LIBixml_VERSION}
 lib/libthreadutil.a
 lib/libthreadutil.la
+@lib lib/libthreadutil.so.${LIBthreadutil_VERSION}
 lib/libupnp.a
 lib/libupnp.la
+@lib lib/libupnp.so.${LIBupnp_VERSION}
 lib/pkgconfig/
 lib/pkgconfig/libupnp.pc