projects / feed / packages.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 67af341)
minidlna: update to 1.3.3
authorRobert Högberg <robert.hogberg@gmail.com>
Sun, 11 Jun 2023 21:55:23 +0000 (23:55 +0200)
committerRosen Penev <rosenp@gmail.com>
Fri, 30 Jun 2023 01:05:10 +0000 (18:05 -0700)
Fixes CVE-2023-33476:
  ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable
  to Buffer Overflow. The vulnerability is caused by incorrect
  validation logic when handling HTTP requests using chunked transport
  encoding. This results in other code later using attacker-controlled
  chunk values that exceed the length of the allocated buffer,
  resulting in out-of-bounds read/write.

Signed-off-by: Robert Högberg <robert.hogberg@gmail.com>
multimedia/minidlna/Makefile patch | blob | history
multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch patch | blob | history

diff --git a/multimedia/minidlna/Makefile b/multimedia/minidlna/Makefile
index d5343edbddfd685217e261f882dd3ac4e86e044b..8d5d51a9d41a03636e19582ed932c9620e340bcd 100644 (file)
--- a/multimedia/minidlna/Makefile
+++ b/multimedia/minidlna/Makefile
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=minidlna
-PKG_VERSION:=1.3.2
+PKG_VERSION:=1.3.3
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/minidlna
-PKG_HASH:=222ce45a1a60c3ce3de17527955d38e5ff7a4592d61db39577e6bf88e0ae1cb0
+PKG_HASH:=39026c6d4a139b9180192d1c37225aa3376fdf4f1a74d7debbdbb693d996afa4
 
 PKG_MAINTAINER:=
 PKG_LICENSE:=GPL-2.0-or-later BSD-3-Clause
diff --git a/multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch b/multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch
index 84a818835a29cc3c17c31514cedf58f9cf304327..92c521f646e7d945dc6851cf1b0bd5af14da89ad 100644 (file)
--- a/multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch
+++ b/multimedia/minidlna/patches/030-mark_all_instances_of_magic_container_s_as_const.patch
@@ -105,7 +105,7 @@ Subject: [PATCH] Mark all instances of magic_container_s as const
  {
        int ret;
  
-@@ -1301,7 +1301,7 @@ BrowseContentDirectory(struct upnphttp *
+@@ -1305,7 +1305,7 @@ BrowseContentDirectory(struct upnphttp *
                        "<Result>"
                        "&lt;DIDL-Lite"
                        CONTENT_DIRECTORY_SCHEMAS;
@@ -114,7 +114,7 @@ Subject: [PATCH] Mark all instances of magic_container_s as const
        char *zErrMsg = NULL;
        char *sql, *ptr;
        struct Response args;
-@@ -1823,7 +1823,7 @@ SearchContentDirectory(struct upnphttp *
+@@ -1828,7 +1828,7 @@ SearchContentDirectory(struct upnphttp *
                        "<Result>"
                        "&lt;DIDL-Lite"
                        CONTENT_DIRECTORY_SCHEMAS;
Mirror of packages feed