Update miniupnpc to 1.9.20151008 #6789
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This version of miniupnpc fixes a buffer overflow in the XML (ugh) parser during initial network discovery. http://talosintel.com/reports/TALOS-2015-0035/ The commit fixing the vulnerability is: miniupnp/miniupnp@79cca97 Reported by timothy on IRC.
|
utACK |
|
utACK Until binaries are available, workaround is for anybody on a public LAN is to add this to their bitcoin.conf: |
laanwj
added a commit
that referenced
this pull request
Oct 9, 2015
0cca024 Update miniupnpc to 1.9.20151008 (Wladimir J. van der Laan)
laanwj
added a commit
that referenced
this pull request
Oct 9, 2015
This version of miniupnpc fixes a buffer overflow in the XML (ugh) parser during initial network discovery. http://talosintel.com/reports/TALOS-2015-0035/ The commit fixing the vulnerability is: miniupnp/miniupnp@79cca97 Reported by timothy on IRC. Github-Pull: #6789 Rebased-From: 0cca024
|
utACK |
|
Ugh. utACK. |
This was referenced Oct 10, 2015
This was referenced May 6, 2019
laanwj
added a commit
that referenced
this pull request
Jul 29, 2019
59cb722 Update configure to reject unsafe miniUPnPc API ver (Hennadii Stepanov) ab21905 doc: Add release notes for 15993 (Hennadii Stepanov) 02709e9 Align formatting with clang-format (Hennadii Stepanov) 91a1b85 Use PACKAGE_NAME in UPnP description (Hennadii Stepanov) 9f76e45 Drop support of insecure miniUPnPc versions (Hennadii Stepanov) Pull request description: 1. Minimum supported miniUPnPc API version is set to 10: - https://packages.ubuntu.com/xenial/libminiupnpc-dev - https://packages.debian.org/jessie/libminiupnpc-dev Refs: - #6583 - #6789 - #10414 2. The hardcoded "Bitcoin" replaced with `PACKAGE_NAME`:  3. Also style-only commit applied. Pardon: could not reopen my previous PR #15966. ACKs for top commit: ryanofsky: utACK 59cb722. Changes since last review: adding a new commit which updates configure script to fall back to disabling upnp if version is too old, adding a requested comment explaining static_assert condition, and fixing a spelling (jessy/jessie) Tree-SHA512: 42ed11bc2fb2ec83d5dd58e2383da5444a24fd572707f6cf10b622cb8943e28adfcca4750d06801024c4472625b5ea9279516fbd9d2ccebc9bbaafe1d148e80d
sidhujag
pushed a commit
to syscoin/syscoin
that referenced
this pull request
Jul 30, 2019
…ions 59cb722 Update configure to reject unsafe miniUPnPc API ver (Hennadii Stepanov) ab21905 doc: Add release notes for 15993 (Hennadii Stepanov) 02709e9 Align formatting with clang-format (Hennadii Stepanov) 91a1b85 Use PACKAGE_NAME in UPnP description (Hennadii Stepanov) 9f76e45 Drop support of insecure miniUPnPc versions (Hennadii Stepanov) Pull request description: 1. Minimum supported miniUPnPc API version is set to 10: - https://packages.ubuntu.com/xenial/libminiupnpc-dev - https://packages.debian.org/jessie/libminiupnpc-dev Refs: - bitcoin#6583 - bitcoin#6789 - bitcoin#10414 2. The hardcoded "Bitcoin" replaced with `PACKAGE_NAME`:  3. Also style-only commit applied. Pardon: could not reopen my previous PR bitcoin#15966. ACKs for top commit: ryanofsky: utACK 59cb722. Changes since last review: adding a new commit which updates configure script to fall back to disabling upnp if version is too old, adding a requested comment explaining static_assert condition, and fixing a spelling (jessy/jessie) Tree-SHA512: 42ed11bc2fb2ec83d5dd58e2383da5444a24fd572707f6cf10b622cb8943e28adfcca4750d06801024c4472625b5ea9279516fbd9d2ccebc9bbaafe1d148e80d
reddink
pushed a commit
to reddcoin-project/reddcoin-3.10
that referenced
this pull request
May 27, 2020
This version of miniupnpc fixes a buffer overflow in the XML (ugh) parser during initial network discovery. http://talosintel.com/reports/TALOS-2015-0035/ The commit fixing the vulnerability is: miniupnp/miniupnp@79cca97 Reported by timothy on IRC. Github-Pull: bitcoin#6789 Rebased-From: 0cca024 (cherry picked from commit 093d7b5)
PastaPastaPasta
referenced
this pull request
in PastaPastaPasta/dash
Jun 26, 2021
…ions 59cb722 Update configure to reject unsafe miniUPnPc API ver (Hennadii Stepanov) ab21905 doc: Add release notes for 15993 (Hennadii Stepanov) 02709e9 Align formatting with clang-format (Hennadii Stepanov) 91a1b85 Use PACKAGE_NAME in UPnP description (Hennadii Stepanov) 9f76e45 Drop support of insecure miniUPnPc versions (Hennadii Stepanov) Pull request description: 1. Minimum supported miniUPnPc API version is set to 10: - https://packages.ubuntu.com/xenial/libminiupnpc-dev - https://packages.debian.org/jessie/libminiupnpc-dev Refs: - dashpay#6583 - dashpay#6789 - bitcoin#10414 2. The hardcoded "Bitcoin" replaced with `PACKAGE_NAME`:  3. Also style-only commit applied. Pardon: could not reopen my previous PR bitcoin#15966. ACKs for top commit: ryanofsky: utACK 59cb722. Changes since last review: adding a new commit which updates configure script to fall back to disabling upnp if version is too old, adding a requested comment explaining static_assert condition, and fixing a spelling (jessy/jessie) Tree-SHA512: 42ed11bc2fb2ec83d5dd58e2383da5444a24fd572707f6cf10b622cb8943e28adfcca4750d06801024c4472625b5ea9279516fbd9d2ccebc9bbaafe1d148e80d
PastaPastaPasta
referenced
this pull request
in PastaPastaPasta/dash
Jun 26, 2021
…ions 59cb722 Update configure to reject unsafe miniUPnPc API ver (Hennadii Stepanov) ab21905 doc: Add release notes for 15993 (Hennadii Stepanov) 02709e9 Align formatting with clang-format (Hennadii Stepanov) 91a1b85 Use PACKAGE_NAME in UPnP description (Hennadii Stepanov) 9f76e45 Drop support of insecure miniUPnPc versions (Hennadii Stepanov) Pull request description: 1. Minimum supported miniUPnPc API version is set to 10: - https://packages.ubuntu.com/xenial/libminiupnpc-dev - https://packages.debian.org/jessie/libminiupnpc-dev Refs: - dashpay#6583 - dashpay#6789 - bitcoin#10414 2. The hardcoded "Bitcoin" replaced with `PACKAGE_NAME`:  3. Also style-only commit applied. Pardon: could not reopen my previous PR bitcoin#15966. ACKs for top commit: ryanofsky: utACK 59cb722. Changes since last review: adding a new commit which updates configure script to fall back to disabling upnp if version is too old, adding a requested comment explaining static_assert condition, and fixing a spelling (jessy/jessie) Tree-SHA512: 42ed11bc2fb2ec83d5dd58e2383da5444a24fd572707f6cf10b622cb8943e28adfcca4750d06801024c4472625b5ea9279516fbd9d2ccebc9bbaafe1d148e80d
PastaPastaPasta
referenced
this pull request
in PastaPastaPasta/dash
Jun 26, 2021
…ions 59cb722 Update configure to reject unsafe miniUPnPc API ver (Hennadii Stepanov) ab21905 doc: Add release notes for 15993 (Hennadii Stepanov) 02709e9 Align formatting with clang-format (Hennadii Stepanov) 91a1b85 Use PACKAGE_NAME in UPnP description (Hennadii Stepanov) 9f76e45 Drop support of insecure miniUPnPc versions (Hennadii Stepanov) Pull request description: 1. Minimum supported miniUPnPc API version is set to 10: - https://packages.ubuntu.com/xenial/libminiupnpc-dev - https://packages.debian.org/jessie/libminiupnpc-dev Refs: - dashpay#6583 - dashpay#6789 - bitcoin#10414 2. The hardcoded "Bitcoin" replaced with `PACKAGE_NAME`:  3. Also style-only commit applied. Pardon: could not reopen my previous PR bitcoin#15966. ACKs for top commit: ryanofsky: utACK 59cb722. Changes since last review: adding a new commit which updates configure script to fall back to disabling upnp if version is too old, adding a requested comment explaining static_assert condition, and fixing a spelling (jessy/jessie) Tree-SHA512: 42ed11bc2fb2ec83d5dd58e2383da5444a24fd572707f6cf10b622cb8943e28adfcca4750d06801024c4472625b5ea9279516fbd9d2ccebc9bbaafe1d148e80d
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This version of miniupnpc fixes a buffer overflow in the XML (ugh) parser during initial network discovery.
http://talosintel.com/reports/TALOS-2015-0035/
The commit fixing the vulnerability is:
miniupnp/miniupnp@79cca97
Reported by timothy on IRC.
Needs backport to 0.10 and 0.11.
Edit: complete diff between current version miniupnp 1.9.20150730 and 1.9.20151008 : https://gist.github.com/laanwj/6caebd77a1c253a486e4