Package: gupnp / 1.0.5-0+deb10u1

Metadata

Package Version Patches format
gupnp 1.0.5-0+deb10u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
disable multicast tests.patch | (download)

tests/gtest/Makefile.am | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 disable multicast tests

These build tests appear to violate Debian Policy 4.9's
"no required targets may attempt network access"

https://bugs.debian.org/882215

binding tool Make shebang python3.patch | (download)

tools/gupnp-binding-tool | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 binding-tool: make shebang python3

Fixes #1

0001 Don t unref the mask.patch | (download)

libgupnp/gupnp-context.c | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 [patch] don't unref the mask

With gssdp 1.0, we don't get a ref from get_network_mask(), so by
freeing it and requesting it again later we can run into a UAF
and segfault:

AddressSanitizer:DEADLYSIGNAL
=================================================================
==8938==ERROR: AddressSanitizer: SEGV on unknown address 0x00009fff8000 (pc 0x7f85bf7ba1af bp 0x7ffdbfb84440 sp 0x7ffdbfb84400 T0)
==8938==The signal is caused by a READ memory access.
    #0 0x7f85bf7ba1ae in gssdp_client_get_address_mask gssdp-1.0.5/libgssdp/gssdp-client.c:946
    #1 0x7f85c01a18b2 in gupnp_context_ip_is_ours gupnp-1.0.5/libgupnp/gupnp-context.c:1578
    #2 0x7f85c01b7958 in add_subscription_callback gupnp-1.0.5/libgupnp/gupnp-service.c:1201