5b0e187ea2
*******************************************************************************
Version 1.8.4
*******************************************************************************
2017-11-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
GitHub #57 - 1.8.3 broke ABI without changing SONAME
Opened by jcowgill
This change in 1.8.3 broke the ABI and therefore the SONAME should have
been changed (ie: age reset to 0):
EXPORT_SPEC int UpnpAddVirtualDir(
/*! [in] The name of the new directory mapping to add. */
- const char *dirName);
+ const char *dirName,
+ /*! [in] The cookie to associated with this virtual directory */
+ const void *cookie,
+ /*! [out] The cookie previously associated, if mapping is already present */
+ const void **oldcookie);
If only the cookie argument was added, you could probably get away with
this because all that would happen is that a garbage value is passed
around without being used. With the addition of oldcookie, any old
programs will not initialise this value and will probably segfault when
libupnp tries to write to it.
*******************************************************************************
Version 1.8.3
*******************************************************************************
2017-09-07 Dave Overton <david(at)insomniavisions.com>
Add userdata/cookie to virtualDir callbacks
As with the main Device APIs (UpnpRegisterRootDevice etc), it is useful
to have a userdata/cookie pointer returned with each callback.
This patch allows one cookie per registered path which enables a variety
of functionality in client apps.
2017-09-03 Uwe Kleine-König <uwe@kleine-koenig.org>
Fix large file system support
libupnp uses large file support (if available). If a program linking to
libupnp does not however it creates mismatches in callframes. See
Issue #51 for the results.
This simplifies LFS support by using AC_SYS_LARGEFILE_SENSITIVE instead of
manually defining _LARGE_FILE_SOURCE and _FILE_OFFSET_BITS (which is
useless on architectures where the size of off_t is fixed).
Furthermore additional logic is introduced to catch a library user without
64 bit wide off_t on such a platform.
upnp.h also makes use of off_t, but as this file includes FileInfo.h, the
latter is the single right place for this check.
This fixes #52 which is a generalized variant of #51.
2017-08-19 Uwe Kleine-König <uwe@kleine-koenig.org>
configure.ac: Drop copying of include files
The comment suggests this is for windows compilation. It should be easily
possible to add the source directory as an include path to the windows
compiler, too, so drop this. (Otherwise this should better be done using
AC_CONFIG_COMMANDS.)
2017-09-03 Uwe Kleine-König <uwe@kleine-koenig.org>
Let source code use autoconfig.h not the public upnpconfig.h
The former is the one supposed to be used for internal code. upnpconfig.h is only
for public stuff.
2017-08-19 Uwe Kleine-König <uwe@kleine-koenig.org>
configure.ac: Fix typo s/optionnal/optional/
2017-08-08 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Fix broken samples when configured with --disable-ipv6.
*******************************************************************************
Version 1.8.2
*******************************************************************************
2017-07-24 Michael Osipov
Initialize in_addr and in6_addr to avoid garbage output if never written
If any of the address families isn't available in UpnpGetIfInfo(),
especially IPv6, always init both structs with zero to avoid garbage
output with inet_ntop() to gIF_IPV4 and gIF_IPV6.
See v00d00/gerbera#112 (https://github.com/v00d00/gerbera/issues/112)
for consequences: bind for IPv6 will fail.
2013-10-28 Vladimir Fedoseev <va-dos(at)users.sourceforge.net>
Attached patch allows to register multiple clients from single app.
2014-11-14 Philippe <philippe44ca(at)users.sourceforge.net>
Hi - I recently compiled libupnp on C++ Builder XE7 and had to do a few
changes to make it work. In thase this helps, I've generated a small
patch file.
2015-04-30 Hugo Beauzée-Luyssen <chouquette(at)users.sourceforge.net>
When building using a strict mode (-std=c++11 instead of -std=gnu++11,
for instance), the WIN32 macro isn't defined. The attached patch fixes
it by using _WIN32 instead.
2015-02-06 Jean-Francois Dockes <jf@dockes.org>
Queue events on their subscription object instead of adding them to the
thread pool immediately.
Events destined for a non-responding control point would flood the
thread pool and prevent correct dispatching to other clients, sometimes
to the point of disabling the device. Events are now queued without
allocating thread resources and properly discarded when a client is not
accepting them.
2015-02-03 Jean-Francois Dockes <jf@dockes.org>
genaInitNotify()/genaInitNotifyExt() and
genaNotifyAll()/genaNotifyAllExt() are relatively complicated methods
which only differ by the format of an input parameter. This update
extracts the common code for easier maintenance, esp. relating to the
queueing modifications to follow.
*******************************************************************************
Version 1.8.1
*******************************************************************************
2017-04-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Fix some compiler warning messages on md5.c
2017-03-07 Fabrice Fontaine <fontaine.fabrice(at)gmail.com>
Enable IPv6 by default
2017-03-07 Fabrice Fontaine <fontaine.fabrice(at)gmail.com>
Move threadutil source code to libupnp
With this patch, threadutil library is removed as the only public
header that has been kept in 1.8.x is ithread.h which is mainly a
wrapper to pthread with inline functions.
threadutil source code will now be a part of libupnp library.
*******************************************************************************
Version 1.8.0
*******************************************************************************
2014-01-15 Peng <howtofly(at)gmail.com>
Fix memory leaks.
2013-04-27 Thijs Schreijer <thijs(at)thijsschreijer.nl>
Renamed SCRIPTSUPPORT to IXML_HAVE_SCRIPTSUPPORT for consistency. Also
updated autoconfig and automake files, so it also works on non-windows.
Option is enabled by default, because it adds an element to the node
structure. Not using an available field is better than accidentally
using an unavailable field.
2012-07-11 Thijs Schreijer <thijs(at)thijsschreijer.nl>
Changed param to const UpnpAcceptSubscriptionExt() for consistency
2012-06-07 Thijs Schreijer <thijs(at)thijsschreijer.nl>
updated ixmlDocument_createAttributeEx() and ixmlDocument_createAttribute()
to use parameter DOMString instead of char * (same but now consistent)
2012-05-06 Thijs Schreijer <thijs(at)thijsschreijer.nl>
Added script support (directive SCRIPTSUPPORT) for better support of
garbage collected script languages. The node element gets a custom tag
through ixmlNode_setCTag() and ixmlNode_getCTag(). And a callback upon
releasing the node resources can be set using ixmlSetBeforeFree()
See updated readme for usage.
2012-03-24 Fabrice Fontaine <fabrice.fontaine(at)orange.com>
SF Bug Tracker id 3510595 - UpnpDownloadXmlDoc : can't get the file
Submitted: Marco Virgulti ( mvirg83 ) - 2012-03-23 10:08:08 PDT
There is a problem, perhaps, during downloading a document by
UpnpDownloadXmlDoc. During debugging i've found that in an not exported
api (unfortunately i forgot the code line...) where it is setted a
local variable "int timeout" to -1 then passed directly to another
function for sending data through tcp socket. I patched this setting it
to 0 (there is an IF section that exits if timeout < 0). It is normal
behavior or it is a bug?
2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>
Check for NULL pointer in TemplateSource.h
calloc can return NULL so check for NULL pointer in CLASS##_new and
CLASS##_dup.
2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>
Replace strcpy with strncpy in get_hoststr
Replace strcpy with strncpy to avoid buffer overflow.
2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>
Memory leak fix in handle_query_variable
variable was never freed.
2011-02-07 Chandra Penke <chandrapenke(at)mcntech.com>
Add HTTPS support using OpenSSL. HTTPS support is optional and can
be enabled by passing the --enable-open-ssl argument to the
configure script.
The following methods are introduced to the public API:
UpnpInitOpenSslContext
When enabled, HTTPS can be used by using "https://" instead of
"http://" when passing URLs to the HTTP Client API.
2011-02-07 Chandra Penke <chandrapenke(at)mcntech.com>
Refactor HTTP Client API to be more generic.
The following features are added:
- Support for persistent HTTP connections (reusing HTTP
connections). Tthis is still a work in progress and relies on
applications to interpret the 'Connection' header
appropriately.
- Support for specifying request headers when making
requests. Useful for interacting with web services that require
custom headers.
- Support for retrieving response headers (this is a API only
change, some more work needs to be done to implement the actual
functionality. Specifically copy_msg_headers in httpreadwrite.c
needs to be implemented)
- Common API for all HTTP methods.
- Support for PUT, and DELETE methods.
The following methods are introduced to the public HTTP Client API
UpnpOpenHttpConnection, UpnpCloseHttpConnection, UpnpMakeHttpRequest,
UpnpWriteHttpRequest, UpnpEndHttpRequest, UpnpGetHttpResponse,
UpnpReadHttpResponse.
Removed a lot of duplicate code in httpreadwrite.c
2011-01-17 Chandra Penke <chandrapenke(at)mcntech.com>
Include upnpconfig.h in FileInfo.h to automatically include large
file macros
2011-01-17 Chandra Penke <chandrapenke(at)mcntech.com>
Fix for warnings Apple systems related to macros defined in list.h.
In list.h, in apple systems, undefine the macros prior to defining them.
2011-01-16 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Fix for UpnpFileInfo_get_LastModified() in http_MakeMessage().
UpnpFileInfo_get_LastModified() returns time_t, and http_MakeMessage()
takes a "time_t *". Thanks to Chandra Penke for pointing the bug.
2010-11-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Template object for ssdp_ResultData.
2010-11-10 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>
Support for "polling" select in sock_read_write.
Currently, in sock_read_write function, if the timeout is 0, pupnp
realizes a "blocking" select (with an infinite timeout). With this
patch, if timeout is set to 0, pupnp will realize a "polling" select
and returns immediately if it can not read or write on the socket. This
is very useful for GENA notifications when pupnp is trying to send
events to a disconnected Control Point. "Blocking" select can now be
done by putting a negative timeout value.
2010-09-18 Chandra Penke <chandrapenke(at)mcntech.com>
This is a minor build fix. The new Template*.h files added in the latest
code need to be exported. Patch against the latest sources is attached.
2010-08-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* upnp/src/api/Discovery.c: Fix a serious bug and memory leak in
UpnpDiscovery_strcpy_DeviceType(). Thanks to David Blanchet for the
patch.
2010-04-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Separation of the ClientSubscription object.
2010-04-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
Protect the object destructors agains null pointers on deletion, which
should be something valid.
2010-03-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
SF Patch Tracker [ 2987390 ] upnp_debug vs. ixml_debug
Thanks for the load of updates, I'm still assimilating them ! Could I make
a suggestion though? The addition of printNodes(IXML_Node) to upnpdebug a
dds a new dependency on ixml.h for anything using upnpdebug.h. I'm making
quite a bit of use of upnpdebug in porting things to version 1.8.0, and I'd
prefer it if printNodes could be added to ixmldebug.h instead. I'm attach
ing a patch, what do you think ?
Nick
2010-03-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Forward port of svn revision 505:
SF Patch Tracker [ 2836704 ] Patch for Solaris10 compilation and usage.
Submitted By: zephyrus ( zephyrus00jp )
2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2969188 ] 1.8.0: patch for FreeBSD compilation
Submitted By: Nick Leverton (leveret)
Fix the order of header inclusion for FreeBSD.
2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Forward port of svn revision 502:
SF Patch Tracker [ 2836704 ] Search for nested serviceList (not
stopping at the first lis
Submitted By: zephyrus ( zephyrus00jp )
Internet Gateway Device description contains nested serviceList (rootdevice
-> servicelist, subdevice
and subdevice has the lower-level serviceList, etc..)
Unfrotunately, the sample code sample_util.c used by tv_device sample,
etc.
has a code that looks for only the first top-level serviceList.
This results in the failure to read all the services of an IGD xml
description.
Attached patch modifies this behavior and looks for the service by
visiting all the serviceList in xml document in turn.
With the modified patch (ad additional modification), I could
simulate an IGD device and created a modified control program for that.
Patch against 1.6.6
TIA.
2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2973319 ] Problem in commit 499
Submitted By: Nick Leverton (leveret)
Afraid that this doesn't compile, it seems retval should be retVal in two
places.
2010-03-16 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Fix for the ithread_mutex_unlock() logic in UpnpInit().
Thanks for Nicholas Kraft.
2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2962606 ] Autorenewal errors: invalid SID,
too-short renewal interval
Submitted By: Nick Leverton (leveret)
Auto-renewals send an invalid SID due to a missing UpnpString_get_String
call. They also send a renewal interval of 0 instead of copying it from
the original subscription.
2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2964685 ] patch for avoiding inet_ntoa (1.8.0)
Submitted By: Nick Leverton (leveret)
Seems like SF's tracker won't let me add a patch to someone else's issue ?!
This refers to https://sourceforge.net/support/tracker.php?aid=2724578
The calls to inet_ntoa are in getlocalhostname(), which is called from
UpnpInit when it is returning the bound IP address.
UpnpInit/getlocalhostname hasn't been updated to IPv6, I presume this is
deliberate so that it doesn't start returning IPv6 addresses and
overwriting the caller's IPv4-sized allocation.
The attached patch just updates getlocalhostname to use inet_ntop instead
of inet_ntoa, and also documents the fact that UpnpInit is IPv4 only whilst
UpnpInnit2 is both IPv4 and IPv6.
A fuller solution might be to change UpnpInit to use some variant on
UpnpGetIfInfo. UpnpInit could still be left as IPv4 only if desired -
perhaps UpnpGetIfInfo could take an option for the desired address family.
getlocalhostname and its own copy of the interface scanning code would then
be redundant. I don't have IPv6 capability here though so I'm reluctant to
change the IPv6 code, as I have no way to test it.
2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2724578 ] patch for avoiding memory leaks when
add devices
each time a device been added, UpnpInit() is called, on exit, UpnpFinish()
is called, but the memories allocated by ThreadPoolInit() may lost because
there's no code to call ThreadPoolShutdown() to release the memories. And
inet_ntoa() is not thread safe, so in my patch, I substitute inet_ntoa()
with inet_ntop().
2010-03-14 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Patch Tracker [ 2964687 ] Add new string based accessors to upnp
object API
As per email to pupnp-devel, this is the patch to add the _strget_
accessors for string-like objects in the interface.
Will add a further patch shortly to udpate the sample programs.
2008-06-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Nicholas Kraft's patch to fix some IPv6 copy/paste issues. He
reported to be getting infinite loops with the svn code.
2008-06-13 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Bug Tracker [ 1984541 ]
ixmlDocumenttoString does not render the namespace tag.
Submitted By: Beliveau - belivo
Undoing the patch that fixed this problem. In fact, there was no
problem and the patch was wrong.
2008-06-11 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Ingo Hofmann's patch for "Content-Type in Subscription responses".
Adds charset="utf-8" attribute to the CONTENT-TYPE header line.
Hi,
I have found an inconsistency regarding the text/xml content-type
returned by libupnp. It looks like only subscription responses send
"text/xml" where all other messages contain "text/xml; charset="utf-8"".
Since I'm working on an DLNA device the latter behaviour is mandatory.
I changed the according lines in gena_device.c (see attached patch).
I'm not sure if it would be ok for other device to have the charset
field but it would help me a lot :)
Best regards,
Ingo
2008-06-04 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* SF Bug Tracker [ 1984541 ]
ixmlDocumenttoString does not render the namespace tag.
Submitted By: Beliveau - belivo
The problem occurs when converting a xml document using
ixmlDocumenttoString containing a namespace tag created with
ixmlDocument_createElementNS. The namespace tag doesn't get rendered.
example: The following code fragment prints:
<?xml version="1.0"?>
<root></root>
instead of:
<?xml version="1.0"?>
<root xmlns="urn:schemas-upnp-org:device-1-0"></root>
Code:
#include <stdlib.h>
#include <upnp/ixml.h>
int main()
{
IXML_Document* wDoc = ixmlDocument_createDocument();
IXML_Element* wRoot = ixmlDocument_createElementNS(wDoc,
"urn:schemas-upnp-org:device-1-0", "root");
ixmlNode_appendChild((IXML_Node *)wDoc,(IXML_Node *)wRoot);
DOMString wString = ixmlDocumenttoString(wDoc);
printf(wString);
free(wString);
ixmlDocument_free(wDoc);
return 0;
}
The problem was in the printing routine, not in the library data
structure.
2008-05-31 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Charles Nepveu's suggestion of not allocating a thread for
MiniServer when it is not compiled.
2008-05-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Ported Peter Hartley's patch to compile with mingw.
2008-05-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Added some debug capability to ixml.
2008-05-02 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Merged Charles Nepveu's IPv6 work. libupnp now is IPv6 enabled.
2008-02-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Breaking API so that we now hide internal data structures.
2008-02-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
* Rewrote Peter Hartley's patch to include a new extra header field in
FileInfo.
*******************************************************************************
Version 1.6.22
*******************************************************************************
2017-07-07 James Cowgill <james410(at)cowgill.org.uk>
Replace MD5 impmplementation with public-domain version
Currently the RSA MD5 implementation is used. Unfortunately the license
has some potential issues:
* The license does not explicitly allow distributing derivative works.
This was the original argument used in
[Debian #459516](https://bugs.debian.org/459516).
* The license contains an advertising clause similar to the BSD 4-clause
license. This is incompatible with the GPL and if it were enforced,
would require RSA to be mentioned by pretty much everyone who uses pupnp.
The simple solution is to replace it with a public domain
implementation. I've taken OpenBSDs implementation and tweaked it
slightly for use by pupnp by:
- Adjusting the includes.
- Removing the __bounded__ attributes which are specific to OpenBSD.
- Using the standard integer types from stdint.h.
- Using memset instead of explicit_bzero.
2016-12-16 Peter Pramberger <peterpramb(at)users.sf.net>
ixml/test/test_document.c is missing the string.h include, therefore
the compiler complains about an implicit declaration.
*******************************************************************************
Version 1.6.21
*******************************************************************************
2016-12-16 Gabriel Burca <gburca(at)github>
If the error or info log files can not be created, use stderr and
stdout instead.
2016-12-08 Uwe Kleine-König <uwe(at)kleine-koenig.org>
Fix out-of-bound access in create_url_list() (CVE-2016-8863)
If there is an invalid URL in URLS->buf after a valid one, uri_parse is
called with out pointing after the allocated memory. As uri_parse writes
to *out before returning an error the loop in create_url_list must be
stopped early to prevent an out-of-bound access
Bug: https://sourceforge.net/p/pupnp/bugs/133/
Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
Bug-Debian: https://bugs.debian.org/842093
Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771
2016-11-30 Uwe Kleine-König <uwe(at)kleine-koenig.org>
miniserver: fix binding to ipv6 link-local addresses
Linux requires to have sin6_scope_id hold the interface id when binding to
link-local addresses. This is already in use in other parts of upnp, so
portability shouldn't be in the way here. Without this bind(2) fails with
errno=EINVAL (although ipv6(7) from manpages 4.08 specifies ENODEV in this
case).
Fixes: https://bugs.debian.org/813249
2016-09-15 Mathew Garret <(at)mjg59 (twitter)>
SF Bug Tracker #132 CVE-2016-6255: write files via POST
Submitted by: Balint Reczey in 2016-08-02
From Debian's BTS https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831857 :
From: Salvatore Bonaccorso carnil@debian.org
To: Debian Bug Tracking System submit@bugs.debian.org
Subject: libupnp: write files via POST
Date: Wed, 20 Jul 2016 11:03:34 +0200
Source: libupnp
Version: 1:1.6.17-1
Severity: grave
Tags: security upstream
Justification: user security hole
Hi
See http://www.openwall.com/lists/oss-security/2016/07/18/13 and
https://twitter.com/mjg59/status/755062278513319936 .
Proposed fix:
|
||
---|---|---|
.. | ||
patches | ||
buildlink3.mk | ||
DESCR | ||
distinfo | ||
Makefile | ||
options.mk | ||
PLIST |