Summary: | [PATCH] net/miniupnpd: Update to 1.9.20150922 | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Bernard Spil <brnrd> | ||||
Component: | Individual Port(s) | Assignee: | Renato Botelho <garga> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Only Me | CC: | garga, junovitch, koobs, ports-secteam, squat | ||||
Priority: | --- | Keywords: | easy, needs-qa, patch | ||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(squat) koobs: merge-quarterly? |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203705 | ||||||
Attachments: |
|
Description
Bernard Spil
![]() ![]() As maintainer I approve this update. (But I do not think the Talos note for miniupnpc is relevant for miniupnpd?) The changelog states these commit messages: 2015/09/22: cleanup UPNP_VERSION macro / add UPNP_VERSION_MAJOR, UPNP_VERSION_MINOR Dont use packed structs anymore to read/write PCP messages 2015/09/15: use name server from query in SOAP responses 2015/08/25: better bind socket to right interface(s), using struct ip_mreqn, SO_BINDTODEVICE Bernard, Thanks for the report. According to the Talos document "Buffer overflow is present in client-side, miniupnpc, part of the library". I did a git clone of https://github.com/miniupnp/miniupnp and only see the function/variable referenced as being vulnerable in the miniupnpc directory and not in miniupnpd. The change for the fix in https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78 is only for miniupnpc. If you see something I didn't then I would appreciate the pointer. Otherwise I'm going to go ahead and remove the 'security' tag and considered this a routine update. A commit references this bug: Author: garga Date: Wed Nov 11 10:08:48 UTC 2015 New revision: 401232 URL: https://svnweb.freebsd.org/changeset/ports/401232 Log: Update net/miniupnpd to 1.9.20150922 PR: 204015 Submitted by: brnd Approved by: Tor Halvard Furulund (maintainer) Changes: head/net/miniupnpd/Makefile head/net/miniupnpd/distinfo |