Upgrade to 1.2.4

Update Version, Release, Source0, BuildRequires Delete sed operation which existed in this version Add patch for fix CVE-2021-33516 Update stage 'prep', 'build', 'install', 'check', 'files'
2021-06-15 11:48:58 +08:00 · 2021-06-15 11:48:58 +08:00 · 2b4129153c
commit 2b4129153c
parent b292abe0c3
4 changed files with 146 additions and 19 deletions
--- a/CVE-2021-33516.patch
+++ b/CVE-2021-33516.patch
@ -0,0 +1,118 @@
+From 697ab5b579debf4b9e0f39143b352877e8af3aad Mon Sep 17 00:00:00 2001
+From: Jens Georg <mail@jensge.org>
+Date: Mon, 10 May 2021 10:34:36 +0200
+Subject: [PATCH] service: Validate host header
+
+Make sure that the host header matches the ip:port of the context.
+
+This is in line with UDA (Host header is required and must match the
+location url) and DLNA 7.2.24.1 (All communication has to use ip
+addresses and not names)
+
+Prevents DNS rebinding attacs against agains UPnP services
+---
+ libgupnp/gupnp-context-private.h |  3 ++
+ libgupnp/gupnp-context.c         | 51 ++++++++++++++++++++++++++++++++
+ libgupnp/gupnp-service.c         | 13 ++++++++
+ 3 files changed, 67 insertions(+)
+
+diff --git a/libgupnp/gupnp-context-private.h b/libgupnp/gupnp-context-private.h
+index 6aa1acd..2657c71 100644
+--- a/libgupnp/gupnp-context-private.h
+++ b/libgupnp/gupnp-context-private.h
+@@ -36,6 +36,9 @@ _gupnp_context_add_server_handler_with_data (GUPnPContext *context,
+                                              const char *path,
+                                              AclServerHandler *data);
+ 
+G_GNUC_INTERNAL gboolean
+gupnp_context_validate_host_header (GUPnPContext *context, const char *host);
+
+ G_GNUC_INTERNAL SoupURI *
+ gupnp_context_rewrite_uri_to_uri (GUPnPContext *context,
+                                   const char   *uri);
+diff --git a/libgupnp/gupnp-context.c b/libgupnp/gupnp-context.c
+index 460179e..1901798 100644
+--- a/libgupnp/gupnp-context.c
+++ b/libgupnp/gupnp-context.c
+@@ -1609,6 +1609,57 @@ gupnp_context_remove_server_handler (GUPnPContext *context, const char *path)
+         soup_server_remove_handler (priv->server, path);
+ }
+ 
+gboolean
+gupnp_context_validate_host_header (GUPnPContext *context,
+                                    const char *host_header)
+{
+        gboolean retval = FALSE;
+        // Be lazy and let GUri do the heavy lifting here, such as stripping the
+        // [] from v6 addresses, splitting of the port etc.
+        char *uri_from_host = g_strconcat ("http://", host_header, NULL);
+
+        char *host = NULL;
+        int port = 0;
+        GError *error = NULL;
+
+        g_uri_split_network (uri_from_host,
+                             G_URI_FLAGS_NONE,
+                             NULL,
+                             &host,
+                             &port,
+                             &error);
+
+        if (error != NULL) {
+                g_debug ("Failed to parse HOST header from request: %s",
+                         error->message);
+                goto out;
+        }
+
+        const char *host_ip = gssdp_client_get_host_ip (GSSDP_CLIENT (context));
+        gint context_port = gupnp_context_get_port (context);
+
+        if (!g_str_equal (host, host_ip)) {
+                g_debug ("Mismatch between host header and host IP (%s, "
+                         "expected: %s)",
+                         host,
+                         host_ip);
+        }
+
+        if (port != context_port) {
+                g_debug ("Mismatch between host header and host port (%d, "
+                         "expected %d)",
+                         port,
+                         context_port);
+        }
+
+        retval = g_str_equal (host, host_ip) && port == context_port;
+
+out:
+        g_clear_error (&error);
+        g_free (uri_from_host);
+        return retval;
+}
+
+ /**
+  * gupnp_context_rewrite_uri:
+  * @context: a #GUPnPContext
+diff --git a/libgupnp/gupnp-service.c b/libgupnp/gupnp-service.c
+index b061c34..ad9d40d 100644
+--- a/libgupnp/gupnp-service.c
+++ b/libgupnp/gupnp-service.c
+@@ -954,6 +954,19 @@ control_server_handler (SoupServer                      *server,
+ 
+         context = gupnp_service_info_get_context (GUPNP_SERVICE_INFO (service));
+ 
+        const char *host_header =
+                soup_message_headers_get_one (msg->request_headers, "Host");
+
+        if (!gupnp_context_validate_host_header (context, host_header)) {
+                g_warning ("Host header mismatch, expected %s:%d, got %s",
+                           gssdp_client_get_host_ip (GSSDP_CLIENT (context)),
+                           gupnp_context_get_port (context),
+                           host_header);
+
+                soup_message_set_status (msg, SOUP_STATUS_PRECONDITION_FAILED);
+                return;
+        }
+
+         /* Get action name */
+         soap_action = soup_message_headers_get_one (msg->request_headers,
+                                                     "SOAPAction");
--- a/gupnp-1.0.3.tar.xz
+++ b/gupnp-1.0.3.tar.xz
--- a/gupnp-1.2.4.tar.xz
+++ b/gupnp-1.2.4.tar.xz
--- a/gupnp.spec
+++ b/gupnp.spec
@ -1,13 +1,14 @@
 Name:          gupnp
-Version:       1.0.3
-Release:       2
+Version:       1.2.4
+Release:       1
 Summary:       UPnP devices & control points creation framework
 License:       LGPLv2+
 URL:           http://www.gupnp.org/
-Source0:       http://download.gnome.org/sources/%{name}/1.0/%{name}-%{version}.tar.xz
+Source0:       http://download.gnome.org/sources/%{name}/1.2/%{name}-%{version}.tar.xz
+Patch0:        CVE-2021-33516.patch

-BuildRequires: gssdp-devel >= 0.14.15 gtk-doc gobject-introspection-devel >= 1.36
-BuildRequires: libsoup-devel libxml2-devel libuuid-devel vala
+BuildRequires: gssdp-devel >= 1.2.3 gtk-doc gobject-introspection-devel >= 1.36
+BuildRequires: libsoup-devel libxml2-devel libuuid-devel vala meson
 Requires:      dbus

 %description
@ -34,20 +35,20 @@ Obsoletes:     %{name}-docs < %{version}-%{release}
 This package contains help file and developer documentation for gupnp.

 %prep
-%setup -q
-# Use Python3 rather than Python2
-sed -i '1s|^#! /usr/bin/env python$|#!/usr/bin/python3|' tools/gupnp-binding-tool
+%autosetup -n %{name}-%{version} -p1

 %build
-%configure --disable-static --with-context-manager=network-manager
-%make_build V=1
+%meson \
+  -Dcontext_manager=network-manager \
+  -Dgtk_doc=true
+%meson_build

 %install
-%make_install
+%meson_install
 %delete_la

 %check
-make check %{?_smp_mflags} V=1
+%meson_test

 %post -p /sbin/ldconfig

@ -56,21 +57,29 @@ make check %{?_smp_mflags} V=1
 %files
 %license COPYING
 %doc AUTHORS
-%{_libdir}/libgupnp-1.0.so.*
-%{_libdir}/girepository-1.0/GUPnP-1.0.typelib
+%{_libdir}/libgupnp-1.2.so.*
+%{_libdir}/girepository-1.0/GUPnP-1.2.typelib

 %files         devel
-%{_bindir}/gupnp-binding-tool
-%{_libdir}/pkgconfig/gupnp-1.0.pc
-%{_libdir}/libgupnp-1.0.so
-%{_includedir}/gupnp-1.0
-%{_datadir}/gir-1.0/GUPnP-1.0.gir
+%{_bindir}/gupnp-binding-tool-1.2
+%{_libdir}/pkgconfig/gupnp-1.2.pc
+%{_libdir}/libgupnp-1.2.so
+%{_includedir}/gupnp-1.2
+%{_datadir}/gir-1.0/GUPnP-1.2.gir
 %{_datadir}/vala/vapi/gupnp*

 %files         help
 %doc README
 %doc %{_datadir}/gtk-doc/html/gupnp
+%{_mandir}/man1/gupnp-binding-tool-*

 %changelog
+* Mon Jun 7 2021 weijin deng <weijin.deng@turbolinux.com.cn> - 1.2.4-1
+- Upgrade to 1.2.4
+- Update Version, Release, Source0, BuildRequires
+- Delete sed operation which existed in this version
+- Add patch for fix CVE-2021-33516
+- Update stage 'prep', 'build', 'install', 'check', 'files'
+
 * Fri Oct 25 2019 Alex Chao <zhaolei746@huawei.com> - 1.0.3-2
 - Package init