From addf1d5da37236f0e0dbb7959f7eedb7d255e65b Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Mon, 15 Jan 2018 17:51:19 +0100 Subject: [PATCH 1/2] miniupnpd: 2.0 -> 2.0.20171212 (fixes CVE-2017-1000494) changelog since the last version bump: 2017/12/12: Fix a few buffer overrun in SSDP and SOAP parsing 2017/11/02: PCP : reset epoch after address change 2017/05/26: merge https://github.com/miniupnp/miniupnp/tree/randomize_url branch 2017/05/24: get SSDP packet receiving interface index and use it to check if the packet is from a LAN 2017/03/13: default to client address for AddPortMapping when is empty pass ext_if_name to add_pinhole() 2016/12/23: Fix UDA-1.2.10 Man header empty or invalid 2016/12/16: Do not try to open IPv6 sockets once it is disabled 2016/12/01: Fix "AddPinhole Twice" test 2016/11/11: fixes build for Solaris/SunOS 2016/07/23: fixes build error on DragonFly BSD --- pkgs/tools/networking/miniupnpd/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/miniupnpd/default.nix b/pkgs/tools/networking/miniupnpd/default.nix index 6003471bed93..3e3b4ec34a30 100644 --- a/pkgs/tools/networking/miniupnpd/default.nix +++ b/pkgs/tools/networking/miniupnpd/default.nix @@ -3,11 +3,11 @@ assert stdenv.isLinux; stdenv.mkDerivation rec { - name = "miniupnpd-2.0"; + name = "miniupnpd-2.0.20171212"; src = fetchurl { url = "http://miniupnp.free.fr/files/download.php?file=${name}.tar.gz"; - sha256 = "1dxzhvkylrnbkd5srb9rb2g4f9ydd1zbjg5sdf190m0g1sha6snr"; + sha256 = "0jdcll1nd8jf356fpl0n2yw8sww58nfz6hkx052d77l34afq6sn7"; name = "${name}.tar.gz"; }; From 761ed40c5cef73beb2827d47a7494a7b99a23955 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Mon, 15 Jan 2018 17:55:00 +0100 Subject: [PATCH 2/2] miniupnpc_2: 2.0.20170509 -> 2.0.20171212 This potentially addresses CVE-2017-1000494. Changes since last version bump: 2017/12/11: Fix buffer over run in minixml.c Fix uninitialized variable access in upnpreplyparse.c --- pkgs/tools/networking/miniupnpc/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/tools/networking/miniupnpc/default.nix b/pkgs/tools/networking/miniupnpc/default.nix index 2cca57121e91..fe3568c3a83f 100644 --- a/pkgs/tools/networking/miniupnpc/default.nix +++ b/pkgs/tools/networking/miniupnpc/default.nix @@ -27,8 +27,8 @@ let }; in { miniupnpc_2 = generic { - version = "2.0.20170509"; - sha256 = "0spi75q6nafxp3ndnrhrlqagzmjlp8wwlr5x7rnvdpswgxi6ihyk"; + version = "2.0.20171212"; + sha256 = "0za7pr6hrr3ajkifirhhxfn3hlhl06f622g8hnj5h8y18sp3bwff"; }; miniupnpc_1 = generic { version = "1.9.20160209";