Created attachment 161922 [details] svn diff for net/miniupnp{c,d} Hi, There have been security related updates to miniupnp based on some Talos finds (http://talosintel.com/reports/TALOS-2015-0035/) Haven't created a vuxml entry, don't know if that's necessary here. Kind regards, Bernard.
A commit references this bug: Author: dinoex Date: Tue Oct 13 18:39:46 UTC 2015 New revision: 399209 URL: https://svnweb.freebsd.org/changeset/ports/399209 Log: - Security update to miniupnpc-1.9.20151008 Security: http://talosintel.com/reports/TALOS-2015-0035/ PR: 203705 Submitted by: Bernard Spil Changes: head/net/miniupnpc/Makefile head/net/miniupnpc/distinfo head/net/miniupnpc/files/patch-Makefile head/net/miniupnpc/pkg-plist
please create a seperate PR for net/miniupnpd
Seems that the ABI has changed? ``` CC upnp.o upnp.c:91:51: error: too few arguments to function call, expected 7, have 6 ret = upnpDiscover (msec, NULL, NULL, 0, 0, &err); ~~~~~~~~~~~~ ^ /usr/local/include/miniupnpc/miniupnpc.h:61:1: note: 'upnpDiscover' declared here MINIUPNP_LIBSPEC struct UPNPDev * ^ /usr/local/include/miniupnpc/miniupnpc_declspec.h:14:28: note: expanded from macro 'MINIUPNP_LIBSPEC' #define MINIUPNP_LIBSPEC __attribute__ ((visibility ("default"))) ^ 1 error generated. Makefile:1124: recipe for target 'upnp.o' failed gmake[2]: *** [upnp.o] Error 1 ```
(In reply to Bernard Spil from comment #3) I just found that out, too. See the patch for https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203761 for a fix. Basically, add "2," before "&err", as they have added a 'ttl' field in the function definition.
Fix for net-p2p/transmission-cli in https://bugs.freebsd.org/203768 Fix for net-p2p/bitcoin in https://bugs.freebsd.org/203761
A commit references this bug: Author: feld Date: Wed Oct 14 16:21:20 UTC 2015 New revision: 399275 URL: https://svnweb.freebsd.org/changeset/ports/399275 Log: net/miniupnpc: Document buffer overflow PR: 203705 Security: TALOS-2015-0035 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: jbeich Date: Wed Oct 14 17:05:18 UTC 2015 New revision: 399281 URL: https://svnweb.freebsd.org/changeset/ports/399281 Log: net/miniupnpc: reference TALOS-2015-0035 fix It maybe easier to backport to the quaterly branch than the development snapshot that caused fallout in most consumers. PR: 203705 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: jbeich Date: Wed Oct 14 18:57:45 UTC 2015 New revision: 399288 URL: https://svnweb.freebsd.org/changeset/ports/399288 Log: net/miniupnpc: backport TALOS-2015-0035 (aka CVE-2015-6031) fix Direct commit as /head in r399209 updated miniupnpc to a snapshot instead. PR: 203705 Approved by: portmgr (bapt) Security: 06fefd2f-728f-11e5-a371-14dae9d210b8 Differential Revision: https://reviews.freebsd.org/D3895 Changes: branches/2015Q4/net/miniupnpc/Makefile branches/2015Q4/net/miniupnpc/files/patch-CVE-2015-6031
A commit references this bug: Author: jbeich Date: Wed Oct 14 19:02:29 UTC 2015 New revision: 399289 URL: https://svnweb.freebsd.org/changeset/ports/399289 Log: net/miniupnpc: improve TALOS-2015-0035 entry in VuXML - Add "reserved" CVE link - Adjust version range to include a few previous snapshots and different fix in /branches/2015Q4 PR: 203705 Changes: head/security/vuxml/vuln.xml