Diff below updates miniupnpd to 2.3.0. Noticeable change is that
miniupnpd now uses pledge() (introduced in 2.2.0). Full changelog can be
found at [0].
Diff is big as we can drop almost all patches, issues have been
addressed upstream.
So far it works for me on amd64.
OK?
[0] https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/Changelog.txt.
diff --git Makefile Makefile
index 1c048358808..0bd731936d8 100755
--- Makefile
+++ Makefile
@@ -2,18 +2,17 @@
COMMENT= UPnP IGD daemon
-DISTNAME= miniupnpd-2.1
-REVISION= 2
+DISTNAME= miniupnpd-2.3.0
+# uses pledge()
WANTLIB += c crypto kvm ssl
-MAKE_FLAGS= INSTALLETCDIR=${PREFIX}/share/examples/miniupnpd \
- INSTALLMANDIR=${PREFIX}/man/man8
+MAKE_FLAGS= INSTALLETCDIR=${PREFIX}/share/examples/miniupnpd
FAKE_FLAGS= PREFIX=${TRUEPREFIX}
CONFIGURE_STYLE= simple
-CONFIGURE_SCRIPT= genconfig.sh
+CONFIGURE_SCRIPT= configure
post-install:
${INSTALL_MAN_DIR} ${PREFIX}/man/man8
diff --git distinfo distinfo
index a4312372784..dd69bfa3e4d 100644
--- distinfo
+++ distinfo
@@ -1,2 +1,2 @@
-SHA256 (miniupnpd-2.1.tar.gz) = lQiUd5ZhGX/gk4Vf2imnKPQ0tXVutPpstfe5v/f/4ME=
-SIZE (miniupnpd-2.1.tar.gz) = 225458
+SHA256 (miniupnpd-2.3.0.tar.gz) = /56V42DHuq51dXW1utwhqxxkPTWZVvloVAtPgCb6z5w=
+SIZE (miniupnpd-2.3.0.tar.gz) = 256069
diff --git patches/patch-Makefile patches/patch-Makefile
deleted file mode 100644
index 6ec9d0c3137..00000000000
--- patches/patch-Makefile
+++ /dev/null
@@ -1,13 +0,0 @@
-$OpenBSD: patch-Makefile,v 1.6 2019/03/11 04:06:37 bket Exp $
-Index: Makefile
---- Makefile.orig
-+++ Makefile
-@@ -176,7 +176,7 @@ clean:
- $(PFOBJS) $(IPFOBJS) $(IPFWOBJS)
- $(RM) validateupnppermissions validategetifaddr validatessdppktgen
-
--install: miniupnpd genuuid
-+install: miniupnpd
- $(STRIP) miniupnpd
- $(INSTALL) -d $(DESTDIR)$(INSTALLBINDIR)
- $(INSTALL) -m 755 miniupnpd $(DESTDIR)$(INSTALLBINDIR)
diff --git patches/patch-Makefile_bsd patches/patch-Makefile_bsd
new file mode 100644
index 00000000000..98bd2750c26
--- /dev/null
+++ patches/patch-Makefile_bsd
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: Makefile.bsd
+--- Makefile.bsd.orig
++++ Makefile.bsd
+@@ -145,7 +145,7 @@ clean:
+ $(RM) $(TESTMINISSDPOBJS)
+ $(RM) validateupnppermissions validategetifaddr validatessdppktgen
+
+-install: miniupnpd genuuid
++install: miniupnpd
+ $(STRIP) miniupnpd
+ $(INSTALL) -d $(DESTDIR)$(INSTALLBINDIR)
+ $(INSTALL) -m 755 miniupnpd $(DESTDIR)$(INSTALLBINDIR)
diff --git patches/patch-asyncsendto_c patches/patch-asyncsendto_c
deleted file mode 100644
index 6f5746d6790..00000000000
--- patches/patch-asyncsendto_c
+++ /dev/null
@@ -1,11 +0,0 @@
-$OpenBSD: patch-asyncsendto_c,v 1.1 2016/09/10 13:03:42 ajacoutot Exp $
---- asyncsendto.c.orig Sat Sep 10 12:01:40 2016
-+++ asyncsendto.c Sat Sep 10 12:01:47 2016
-@@ -6,6 +6,7 @@
- * in the LICENCE file provided within the distribution */
-
- #include <sys/types.h>
-+#include <sys/select.h> /* fd_set */
- #include <sys/socket.h>
- #include <sys/time.h>
- #include <sys/queue.h>
diff --git patches/patch-genconfig_sh patches/patch-genconfig_sh
deleted file mode 100644
index b7648020925..00000000000
--- patches/patch-genconfig_sh
+++ /dev/null
@@ -1,16 +0,0 @@
-$OpenBSD: patch-genconfig_sh,v 1.4 2019/03/11 04:06:37 bket Exp $
-
-Index: genconfig.sh
---- genconfig.sh.orig
-+++ genconfig.sh
-@@ -162,7 +162,9 @@ case $OS_NAME in
- FW=pf
- echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE}
- OS_URL=http://www.openbsd.org/
-- V6SOCKETS_ARE_V6ONLY=`sysctl -n net.inet6.ip6.v6only`
-+ # net.inet6.ip6.v6only has been on by default for many years
-+ # and this sysctl node has been removed
-+ V6SOCKETS_ARE_V6ONLY=1
- ;;
- FreeBSD | GNU/kFreeBSD)
- VER=`grep '#define __FreeBSD_version' /usr/include/sys/param.h | awk '{print $3}'`
diff --git patches/patch-minissdp_c patches/patch-minissdp_c
deleted file mode 100644
index ec476f42c0c..00000000000
--- patches/patch-minissdp_c
+++ /dev/null
@@ -1,12 +0,0 @@
-$OpenBSD: patch-minissdp_c,v 1.2 2019/03/11 04:06:37 bket Exp $
-Index: minissdp.c
---- minissdp.c.orig
-+++ minissdp.c
-@@ -11,6 +11,7 @@
- #include <string.h>
- #include <unistd.h>
- #include <sys/socket.h>
-+#include <sys/select.h> /* fd_set */
- #include <sys/un.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
diff --git patches/patch-miniupnpd_8 patches/patch-miniupnpd_8
index aeb28fa1bd1..43995bd8d98 100644
--- patches/patch-miniupnpd_8
+++ patches/patch-miniupnpd_8
@@ -2,7 +2,7 @@ $OpenBSD: patch-miniupnpd_8,v 1.2 2019/03/11 04:06:37 bket Exp $
Index: miniupnpd.8
--- miniupnpd.8.orig
+++ miniupnpd.8
-@@ -17,7 +17,7 @@ clients on the LAN to ask for port redirections.
+@@ -18,7 +18,7 @@ clients on the LAN to ask for port redirections.
.SH OPTIONS
.TP
.BI \-f " config_file"
diff --git patches/patch-miniupnpd_conf patches/patch-miniupnpd_conf
index 47e43c5df7f..310dc0d46bf 100644
--- patches/patch-miniupnpd_conf
+++ patches/patch-miniupnpd_conf
@@ -2,7 +2,7 @@ $OpenBSD: patch-miniupnpd_conf,v 1.5 2019/03/11 04:06:37 bket Exp $
Index: miniupnpd.conf
--- miniupnpd.conf.orig
+++ miniupnpd.conf
-@@ -121,7 +121,7 @@ clean_ruleset_interval=600
+@@ -155,7 +155,7 @@ clean_ruleset_interval=600
# active when compiled with PF_ENABLE_FILTER_RULES (see config.h file)
#quickrules=no
@@ -11,7 +11,7 @@ Index: miniupnpd.conf
uuid=00000000-0000-0000-0000-000000000000
# Daemon's serial and model number when reporting to clients
-@@ -145,8 +145,8 @@ uuid=00000000-0000-0000-0000-000000000000
+@@ -179,8 +179,8 @@ uuid=00000000-0000-0000-0000-000000000000
# modify the IP ranges to match their own internal networks, and
# also consider implementing network-specific restrictions
# CAUTION: failure to enforce any rules may permit insecure requests to be made!
diff --git patches/patch-natpmp_c patches/patch-natpmp_c
deleted file mode 100644
index e895d82f9df..00000000000
--- patches/patch-natpmp_c
+++ /dev/null
@@ -1,11 +0,0 @@
-$OpenBSD: patch-natpmp_c,v 1.1 2016/09/10 13:03:42 ajacoutot Exp $
---- natpmp.c.orig Sat Sep 10 12:02:47 2016
-+++ natpmp.c Sat Sep 10 12:02:53 2016
-@@ -11,6 +11,7 @@
- #include <errno.h>
- #include <time.h>
- #include <sys/types.h>
-+#include <sys/select.h> /* fd_set */
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
diff --git patches/patch-portinuse_c patches/patch-portinuse_c
deleted file mode 100644
index c39c5e980de..00000000000
--- patches/patch-portinuse_c
+++ /dev/null
@@ -1,12 +0,0 @@
-$OpenBSD: patch-portinuse_c,v 1.2 2019/03/11 04:06:37 bket Exp $
-Index: portinuse.c
---- portinuse.c.orig
-+++ portinuse.c
-@@ -18,6 +18,7 @@
- #include <errno.h>
- #include <time.h>
- #include <sys/types.h>
-+#include <sys/select.h> /* fd_set */
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
diff --git patches/patch-testasyncsendto_c patches/patch-testasyncsendto_c
deleted file mode 100644
index 18fdc6cffb7..00000000000
--- patches/patch-testasyncsendto_c
+++ /dev/null
@@ -1,29 +0,0 @@
-$OpenBSD: patch-testasyncsendto_c,v 1.2 2019/03/11 04:06:37 bket Exp $
-
-warning: format '%ld' expects type 'long int', but argument 4 has type 'time_t'
-
-Index: testasyncsendto.c
---- testasyncsendto.c.orig
-+++ testasyncsendto.c
-@@ -74,8 +74,8 @@ int test(void)
- int max_fd;
- struct timeval timeout;
- struct timeval now;
-- syslog(LOG_DEBUG, "get_next_scheduled_send : %d next_send=%ld.%06ld",
-- i, (long)next_send.tv_sec, (long)next_send.tv_usec);
-+ syslog(LOG_DEBUG, "get_next_scheduled_send : %d next_send==%lld.%06ld",
-+ i, (long long)next_send.tv_sec, (long)next_send.tv_usec);
- FD_ZERO(&writefds);
- max_fd = 0;
- gettimeofday(&now, NULL);
-@@ -100,8 +100,8 @@ int test(void)
- }
- }
- syslog(LOG_DEBUG, "get_sendto_fds() returned %d", i);
-- syslog(LOG_DEBUG, "select(%d, NULL, xx, NULL, %ld.%06ld)",
-- max_fd, (long)timeout.tv_sec, (long)timeout.tv_usec);
-+ syslog(LOG_DEBUG, "select(%d, NULL, xx, NULL, %lld.%06ld)",
-+ max_fd, (long long)timeout.tv_sec, (long)timeout.tv_usec);
- i = select(max_fd, NULL, &writefds, NULL, &timeout);
- if(i < 0) {
- syslog(LOG_ERR, "select: %m");
diff --git patches/patch-upnpevents_c patches/patch-upnpevents_c
deleted file mode 100644
index a493ad71cf4..00000000000
--- patches/patch-upnpevents_c
+++ /dev/null
@@ -1,64 +0,0 @@
-$OpenBSD: patch-upnpevents_c,v 1.3 2019/03/11 20:05:23 bket Exp $
-
-Cherrypick patch from upstream: Check the return value of snprintf().
-
-Mitigate read out-of-bounds vulnerability as reported by
-https://github.com/b1ack0wl/miniupnpd_poc
-
-Index: upnpevents.c
---- upnpevents.c.orig
-+++ upnpevents.c
-@@ -14,6 +14,7 @@
- #include <unistd.h>
- #include <time.h>
- #include <sys/types.h>
-+#include <sys/select.h> /* fd_set */
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <arpa/inet.h>
-@@ -443,19 +444,34 @@ static void upnp_event_prepare(struct upnp_event_notif
- l = 0;
- }
- obj->buffersize = 1024;
-- obj->buffer = malloc(obj->buffersize);
-- if(!obj->buffer) {
-- syslog(LOG_ERR, "%s: malloc returned NULL", "upnp_event_prepare");
-- if(xml) {
-- free(xml);
-+ for (;;) {
-+ obj->buffer = malloc(obj->buffersize);
-+ if(!obj->buffer) {
-+ syslog(LOG_ERR, "%s: malloc returned NULL", "upnp_event_prepare");
-+ if(xml) {
-+ free(xml);
-+ }
-+ obj->state = EError;
-+ return;
- }
-- obj->state = EError;
-- return;
-+ obj->tosend = snprintf(obj->buffer, obj->buffersize, notifymsg,
-+ obj->path, obj->addrstr, obj->portstr, l+2,
-+ obj->sub->uuid, obj->sub->seq,
-+ l, xml);
-+ if (obj->tosend < 0) {
-+ syslog(LOG_ERR, "%s: snprintf() failed", "upnp_event_prepare");
-+ if(xml) {
-+ free(xml);
-+ }
-+ obj->state = EError;
-+ return;
-+ } else if (obj->tosend < obj->buffersize) {
-+ break; /* the buffer was large enough */
-+ }
-+ /* Try again with a buffer big enough */
-+ free(obj->buffer);
-+ obj->buffersize = obj->tosend + 1; /* reserve space for the final 0 */
- }
-- obj->tosend = snprintf(obj->buffer, obj->buffersize, notifymsg,
-- obj->path, obj->addrstr, obj->portstr, l+2,
-- obj->sub->uuid, obj->sub->seq,
-- l, xml);
- if(xml) {
- free(xml);
- xml = NULL;
diff --git patches/patch-upnppinhole_c patches/patch-upnppinhole_c
deleted file mode 100644
index 893ad85132a..00000000000
--- patches/patch-upnppinhole_c
+++ /dev/null
@@ -1,11 +0,0 @@
-$OpenBSD: patch-upnppinhole_c,v 1.1 2016/09/10 13:03:42 ajacoutot Exp $
---- upnppinhole.c.orig Sat Sep 10 12:03:05 2016
-+++ upnppinhole.c Sat Sep 10 12:03:10 2016
-@@ -9,6 +9,7 @@
- #include <string.h>
- #include <syslog.h>
- #include <sys/types.h>
-+#include <sys/select.h> /* fd_set */
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <net/if.h>
diff --git patches/patch-upnpredirect_c patches/patch-upnpredirect_c
deleted file mode 100644
index e4e4a4d8f92..00000000000
--- patches/patch-upnpredirect_c
+++ /dev/null
@@ -1,12 +0,0 @@
-$OpenBSD: patch-upnpredirect_c,v 1.2 2019/03/11 04:06:37 bket Exp $
-Index: upnpredirect.c
---- upnpredirect.c.orig
-+++ upnpredirect.c
-@@ -10,6 +10,7 @@
- #include <string.h>
- #include <syslog.h>
- #include <sys/types.h>
-+#include <sys/select.h> /* fd_set */
- #include <sys/socket.h>
- #include <netinet/in.h>
- #include <net/if.h>
diff --git patches/patch-upnpsoap_c patches/patch-upnpsoap_c
deleted file mode 100644
index d2e7a7bf402..00000000000
--- patches/patch-upnpsoap_c
+++ /dev/null
@@ -1,28 +0,0 @@
-$OpenBSD: patch-upnpsoap_c,v 1.4 2019/03/19 17:28:32 steven Exp $
-
-Index: upnpsoap.c
---- upnpsoap.c.orig
-+++ upnpsoap.c
-@@ -590,7 +590,7 @@ AddAnyPortMapping(struct upnphttp * h, const char * ac
- if(leaseduration == 0)
- leaseduration = 604800;
-
-- if (!int_ip || !ext_port || !int_port)
-+ if (!int_ip || !ext_port || !int_port || !protocol)
- {
- ClearNameValueList(&data);
- SoapError(h, 402, "Invalid Args");
-@@ -1841,6 +1841,13 @@ GetOutboundPinholeTimeout(struct upnphttp * h, const c
- rem_host = GetValueFromNameValueList(&data, "RemoteHost");
- rem_port = GetValueFromNameValueList(&data, "RemotePort");
- protocol = GetValueFromNameValueList(&data, "Protocol");
-+
-+ if (!int_port || !rem_port || !protocol)
-+ {
-+ ClearNameValueList(&data);
-+ SoapError(h, 402, "Invalid Args");
-+ return;
-+ }
-
- rport = (unsigned short)atoi(rem_port);
- iport = (unsigned short)atoi(int_port);
No comments:
Post a Comment