Created attachment 162444 [details] svn diff for net/miniupnpd Hi, This PR is a followup to #203705 where net/miniupnpc was updated to fix a vulnerability. This patch aligns miniupnpd to that same time. There have been security related updates to miniupnp based on some Talos finds (http://talosintel.com/reports/TALOS-2015-0035/) Kind regards, Bernard.
As maintainer I approve this update. (But I do not think the Talos note for miniupnpc is relevant for miniupnpd?) The changelog states these commit messages: 2015/09/22: cleanup UPNP_VERSION macro / add UPNP_VERSION_MAJOR, UPNP_VERSION_MINOR Dont use packed structs anymore to read/write PCP messages 2015/09/15: use name server from query in SOAP responses 2015/08/25: better bind socket to right interface(s), using struct ip_mreqn, SO_BINDTODEVICE
Bernard, Thanks for the report. According to the Talos document "Buffer overflow is present in client-side, miniupnpc, part of the library". I did a git clone of https://github.com/miniupnp/miniupnp and only see the function/variable referenced as being vulnerable in the miniupnpc directory and not in miniupnpd. The change for the fix in https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 is only for miniupnpc. If you see something I didn't then I would appreciate the pointer. Otherwise I'm going to go ahead and remove the 'security' tag and considered this a routine update.
A commit references this bug: Author: garga Date: Wed Nov 11 10:08:48 UTC 2015 New revision: 401232 URL: https://svnweb.freebsd.org/changeset/ports/401232 Log: Update net/miniupnpd to 1.9.20150922 PR: 204015 Submitted by: brnd Approved by: Tor Halvard Furulund (maintainer) Changes: head/net/miniupnpd/Makefile head/net/miniupnpd/distinfo