Update to 1.4.3

CVE-2021-33516.patch

@@ -1,118 +0,0 @@
-From 697ab5b579debf4b9e0f39143b352877e8af3aad Mon Sep 17 00:00:00 2001
-From: Jens Georg <mail@jensge.org>
-Date: Mon, 10 May 2021 10:34:36 +0200
-Subject: [PATCH] service: Validate host header
-
-Make sure that the host header matches the ip:port of the context.
-
-This is in line with UDA (Host header is required and must match the
-location url) and DLNA 7.2.24.1 (All communication has to use ip
-addresses and not names)
-
-Prevents DNS rebinding attacs against agains UPnP services
----
- libgupnp/gupnp-context-private.h |  3 ++
- libgupnp/gupnp-context.c         | 51 ++++++++++++++++++++++++++++++++
- libgupnp/gupnp-service.c         | 13 ++++++++
- 3 files changed, 67 insertions(+)
-
-diff --git a/libgupnp/gupnp-context-private.h b/libgupnp/gupnp-context-private.h
-index 6aa1acd..2657c71 100644
---- a/libgupnp/gupnp-context-private.h
-+++ b/libgupnp/gupnp-context-private.h
-@@ -36,6 +36,9 @@ _gupnp_context_add_server_handler_with_data (GUPnPContext *context,
-                                              const char *path,
-                                              AclServerHandler *data);
- 
-+G_GNUC_INTERNAL gboolean
-+gupnp_context_validate_host_header (GUPnPContext *context, const char *host);
-+
- G_GNUC_INTERNAL SoupURI *
- gupnp_context_rewrite_uri_to_uri (GUPnPContext *context,
-                                   const char   *uri);
-diff --git a/libgupnp/gupnp-context.c b/libgupnp/gupnp-context.c
-index 460179e..1901798 100644
---- a/libgupnp/gupnp-context.c
-+++ b/libgupnp/gupnp-context.c
-@@ -1609,6 +1609,57 @@ gupnp_context_remove_server_handler (GUPnPContext *context, const char *path)
-         soup_server_remove_handler (priv->server, path);
- }
- 
-+gboolean
-+gupnp_context_validate_host_header (GUPnPContext *context,
-+                                    const char *host_header)
-+{
-+        gboolean retval = FALSE;
-+        // Be lazy and let GUri do the heavy lifting here, such as stripping the
-+        // [] from v6 addresses, splitting of the port etc.
-+        char *uri_from_host = g_strconcat ("http://", host_header, NULL);
-+
-+        char *host = NULL;
-+        int port = 0;
-+        GError *error = NULL;
-+
-+        g_uri_split_network (uri_from_host,
-+                             G_URI_FLAGS_NONE,
-+                             NULL,
-+                             &host,
-+                             &port,
-+                             &error);
-+
-+        if (error != NULL) {
-+                g_debug ("Failed to parse HOST header from request: %s",
-+                         error->message);
-+                goto out;
-+        }
-+
-+        const char *host_ip = gssdp_client_get_host_ip (GSSDP_CLIENT (context));
-+        gint context_port = gupnp_context_get_port (context);
-+
-+        if (!g_str_equal (host, host_ip)) {
-+                g_debug ("Mismatch between host header and host IP (%s, "
-+                         "expected: %s)",
-+                         host,
-+                         host_ip);
-+        }
-+
-+        if (port != context_port) {
-+                g_debug ("Mismatch between host header and host port (%d, "
-+                         "expected %d)",
-+                         port,
-+                         context_port);
-+        }
-+
-+        retval = g_str_equal (host, host_ip) && port == context_port;
-+
-+out:
-+        g_clear_error (&error);
-+        g_free (uri_from_host);
-+        return retval;
-+}
-+
- /**
-  * gupnp_context_rewrite_uri:
-  * @context: a #GUPnPContext
-diff --git a/libgupnp/gupnp-service.c b/libgupnp/gupnp-service.c
-index b061c34..ad9d40d 100644
---- a/libgupnp/gupnp-service.c
-+++ b/libgupnp/gupnp-service.c
-@@ -954,6 +954,19 @@ control_server_handler (SoupServer                      *server,
- 
-         context = gupnp_service_info_get_context (GUPNP_SERVICE_INFO (service));
- 
-+        const char *host_header =
-+                soup_message_headers_get_one (msg->request_headers, "Host");
-+
-+        if (!gupnp_context_validate_host_header (context, host_header)) {
-+                g_warning ("Host header mismatch, expected %s:%d, got %s",
-+                           gssdp_client_get_host_ip (GSSDP_CLIENT (context)),
-+                           gupnp_context_get_port (context),
-+                           host_header);
-+
-+                soup_message_set_status (msg, SOUP_STATUS_PRECONDITION_FAILED);
-+                return;
-+        }
-+
-         /* Get action name */
-         soap_action = soup_message_headers_get_one (msg->request_headers,
-                                                     "SOAPAction");

gupnp-1.4.2-revert-man-page.patch

@@ -0,0 +1,28 @@
+From dbc32a55e265814a83cea7c1254d85f51f99b54b Mon Sep 17 00:00:00 2001
+From: Jens Georg <mail@jensge.org>
+Date: Tue, 4 Jan 2022 15:05:14 +0100
+Subject: [PATCH] Revert "build: Do not write man page during test"
+
+This reverts commit 79a2cb24cd0079e9a025809d11dce13edce68bdd.
+
+Does not work, will exit xsltproc with an error as if the file was not
+writeable
+---
+ doc/meson.build | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/doc/meson.build b/doc/meson.build
+index de94aa2..2fd0106 100644
+--- a/doc/meson.build
++++ b/doc/meson.build
+@@ -66,7 +66,6 @@ if xsltproc.found()
+             xsltproc,
+             xlstproc_flags,
+             '--noout',
+-            '--nowrite',
+             stylesheet,
+             'gupnp-binding-tool.xml'
+         ]
+-- 
+2.33.1
+

gupnp.spec

@@ -1,15 +1,19 @@
+%global apiver 1.2
+%global gssdp_version 1.3.0
+
 Name:          gupnp
-Version:       1.2.4
-Release:       2
+Version:       1.4.3
+Release:       1
 Summary:       UPnP devices & control points creation framework
 License:       LGPLv2+
-URL:           http://www.gupnp.org/
-Source0:       http://download.gnome.org/sources/%{name}/1.2/%{name}-%{version}.tar.xz
-Patch0:        CVE-2021-33516.patch
+URL:           https://www.gupnp.org/
+Source0:       https://download.gnome.org/sources/%{name}/1.4/%{name}-%{version}.tar.xz
+Patch0:        gupnp-1.4.2-revert-man-page.patch
 
-BuildRequires: gssdp-devel >= 1.2.3 gtk-doc gobject-introspection-devel >= 1.36 glib2-devel >= 2.66
+BuildRequires: gssdp-devel >= %{gssdp_version} gtk-doc gobject-introspection-devel docbook-style-xsl
 BuildRequires: libsoup-devel libxml2-devel libuuid-devel vala meson
 Requires:      dbus
+Requires:      gssdp%{?_isa} >= %{gssdp_version}
 
 %description
 GUPnP is an elegant, object-oriented open source framework for creating UPnP
@@ -40,7 +44,9 @@ This package contains help file and developer documentation for gupnp.
 %build
 %meson \
   -Dcontext_manager=network-manager \
-  -Dgtk_doc=true
+  -Dgtk_doc=true \
+  -Dexamples=false \
+  %{nil}
 %meson_build
 
 %install
@@ -56,24 +62,26 @@ This package contains help file and developer documentation for gupnp.
 
 %files
 %license COPYING
-%doc AUTHORS
-%{_libdir}/libgupnp-1.2.so.*
-%{_libdir}/girepository-1.0/GUPnP-1.2.typelib
+%{_libdir}/libgupnp-%{apiver}.so.1*
+%{_libdir}/girepository-1.0/GUPnP-%{apiver}.typelib
 
-%files         devel
-%{_bindir}/gupnp-binding-tool-1.2
-%{_libdir}/pkgconfig/gupnp-1.2.pc
-%{_libdir}/libgupnp-1.2.so
-%{_includedir}/gupnp-1.2
-%{_datadir}/gir-1.0/GUPnP-1.2.gir
+%files devel
+%{_bindir}/gupnp-binding-tool-%{apiver}
+%{_includedir}/gupnp-%{apiver}/
+%{_libdir}/libgupnp-%{apiver}.so
+%{_libdir}/pkgconfig/gupnp-%{apiver}.pc
+%{_datadir}/gir-1.0/GUPnP-%{apiver}.gir
 %{_datadir}/vala/vapi/gupnp*
 
-%files         help
-%doc README
+%files help
+%doc AUTHORS README.md
 %doc %{_datadir}/gtk-doc/html/gupnp
 %{_mandir}/man1/gupnp-binding-tool-*
 
 %changelog
+* Mon Mar 28 2022 lin zhang <lin.zhang@turbolinux.com.cn> - 1.4.3-1
+- Update to 1.4.3
+
 * Wed Jul 14 2021 Wenlong Ding <wenlong.ding@turbolinux.com.cn> - 1.2.4-2
 - Add missing BuildRequires version: glib2-devel >= 2.66