Diff below updates miniupnpd to 2.3.0. Noticeable change is that miniupnpd now uses pledge() (introduced in 2.2.0). Full changelog can be found at [0].
Diff is big as we can drop almost all patches, issues have been addressed upstream. So far it works for me on amd64. OK? [0] https://github.com/miniupnp/miniupnp/blob/master/miniupnpd/Changelog.txt. diff --git Makefile Makefile index 1c048358808..0bd731936d8 100755 --- Makefile +++ Makefile @@ -2,18 +2,17 @@ COMMENT= UPnP IGD daemon -DISTNAME= miniupnpd-2.1 -REVISION= 2 +DISTNAME= miniupnpd-2.3.0 +# uses pledge() WANTLIB += c crypto kvm ssl -MAKE_FLAGS= INSTALLETCDIR=${PREFIX}/share/examples/miniupnpd \ - INSTALLMANDIR=${PREFIX}/man/man8 +MAKE_FLAGS= INSTALLETCDIR=${PREFIX}/share/examples/miniupnpd FAKE_FLAGS= PREFIX=${TRUEPREFIX} CONFIGURE_STYLE= simple -CONFIGURE_SCRIPT= genconfig.sh +CONFIGURE_SCRIPT= configure post-install: ${INSTALL_MAN_DIR} ${PREFIX}/man/man8 diff --git distinfo distinfo index a4312372784..dd69bfa3e4d 100644 --- distinfo +++ distinfo @@ -1,2 +1,2 @@ -SHA256 (miniupnpd-2.1.tar.gz) = lQiUd5ZhGX/gk4Vf2imnKPQ0tXVutPpstfe5v/f/4ME= -SIZE (miniupnpd-2.1.tar.gz) = 225458 +SHA256 (miniupnpd-2.3.0.tar.gz) = /56V42DHuq51dXW1utwhqxxkPTWZVvloVAtPgCb6z5w= +SIZE (miniupnpd-2.3.0.tar.gz) = 256069 diff --git patches/patch-Makefile patches/patch-Makefile deleted file mode 100644 index 6ec9d0c3137..00000000000 --- patches/patch-Makefile +++ /dev/null @@ -1,13 +0,0 @@ -$OpenBSD: patch-Makefile,v 1.6 2019/03/11 04:06:37 bket Exp $ -Index: Makefile ---- Makefile.orig -+++ Makefile -@@ -176,7 +176,7 @@ clean: - $(PFOBJS) $(IPFOBJS) $(IPFWOBJS) - $(RM) validateupnppermissions validategetifaddr validatessdppktgen - --install: miniupnpd genuuid -+install: miniupnpd - $(STRIP) miniupnpd - $(INSTALL) -d $(DESTDIR)$(INSTALLBINDIR) - $(INSTALL) -m 755 miniupnpd $(DESTDIR)$(INSTALLBINDIR) diff --git patches/patch-Makefile_bsd patches/patch-Makefile_bsd new file mode 100644 index 00000000000..98bd2750c26 --- /dev/null +++ patches/patch-Makefile_bsd @@ -0,0 +1,14 @@ +$OpenBSD$ + +Index: Makefile.bsd +--- Makefile.bsd.orig ++++ Makefile.bsd +@@ -145,7 +145,7 @@ clean: + $(RM) $(TESTMINISSDPOBJS) + $(RM) validateupnppermissions validategetifaddr validatessdppktgen + +-install: miniupnpd genuuid ++install: miniupnpd + $(STRIP) miniupnpd + $(INSTALL) -d $(DESTDIR)$(INSTALLBINDIR) + $(INSTALL) -m 755 miniupnpd $(DESTDIR)$(INSTALLBINDIR) diff --git patches/patch-asyncsendto_c patches/patch-asyncsendto_c deleted file mode 100644 index 6f5746d6790..00000000000 --- patches/patch-asyncsendto_c +++ /dev/null @@ -1,11 +0,0 @@ -$OpenBSD: patch-asyncsendto_c,v 1.1 2016/09/10 13:03:42 ajacoutot Exp $ ---- asyncsendto.c.orig Sat Sep 10 12:01:40 2016 -+++ asyncsendto.c Sat Sep 10 12:01:47 2016 -@@ -6,6 +6,7 @@ - * in the LICENCE file provided within the distribution */ - - #include <sys/types.h> -+#include <sys/select.h> /* fd_set */ - #include <sys/socket.h> - #include <sys/time.h> - #include <sys/queue.h> diff --git patches/patch-genconfig_sh patches/patch-genconfig_sh deleted file mode 100644 index b7648020925..00000000000 --- patches/patch-genconfig_sh +++ /dev/null @@ -1,16 +0,0 @@ -$OpenBSD: patch-genconfig_sh,v 1.4 2019/03/11 04:06:37 bket Exp $ - -Index: genconfig.sh ---- genconfig.sh.orig -+++ genconfig.sh -@@ -162,7 +162,9 @@ case $OS_NAME in - FW=pf - echo "#define USE_IFACEWATCHER 1" >> ${CONFIGFILE} - OS_URL=http://www.openbsd.org/ -- V6SOCKETS_ARE_V6ONLY=`sysctl -n net.inet6.ip6.v6only` -+ # net.inet6.ip6.v6only has been on by default for many years -+ # and this sysctl node has been removed -+ V6SOCKETS_ARE_V6ONLY=1 - ;; - FreeBSD | GNU/kFreeBSD) - VER=`grep '#define __FreeBSD_version' /usr/include/sys/param.h | awk '{print $3}'` diff --git patches/patch-minissdp_c patches/patch-minissdp_c deleted file mode 100644 index ec476f42c0c..00000000000 --- patches/patch-minissdp_c +++ /dev/null @@ -1,12 +0,0 @@ -$OpenBSD: patch-minissdp_c,v 1.2 2019/03/11 04:06:37 bket Exp $ -Index: minissdp.c ---- minissdp.c.orig -+++ minissdp.c -@@ -11,6 +11,7 @@ - #include <string.h> - #include <unistd.h> - #include <sys/socket.h> -+#include <sys/select.h> /* fd_set */ - #include <sys/un.h> - #include <netinet/in.h> - #include <arpa/inet.h> diff --git patches/patch-miniupnpd_8 patches/patch-miniupnpd_8 index aeb28fa1bd1..43995bd8d98 100644 --- patches/patch-miniupnpd_8 +++ patches/patch-miniupnpd_8 @@ -2,7 +2,7 @@ $OpenBSD: patch-miniupnpd_8,v 1.2 2019/03/11 04:06:37 bket Exp $ Index: miniupnpd.8 --- miniupnpd.8.orig +++ miniupnpd.8 -@@ -17,7 +17,7 @@ clients on the LAN to ask for port redirections. +@@ -18,7 +18,7 @@ clients on the LAN to ask for port redirections. .SH OPTIONS .TP .BI \-f " config_file" diff --git patches/patch-miniupnpd_conf patches/patch-miniupnpd_conf index 47e43c5df7f..310dc0d46bf 100644 --- patches/patch-miniupnpd_conf +++ patches/patch-miniupnpd_conf @@ -2,7 +2,7 @@ $OpenBSD: patch-miniupnpd_conf,v 1.5 2019/03/11 04:06:37 bket Exp $ Index: miniupnpd.conf --- miniupnpd.conf.orig +++ miniupnpd.conf -@@ -121,7 +121,7 @@ clean_ruleset_interval=600 +@@ -155,7 +155,7 @@ clean_ruleset_interval=600 # active when compiled with PF_ENABLE_FILTER_RULES (see config.h file) #quickrules=no @@ -11,7 +11,7 @@ Index: miniupnpd.conf uuid=00000000-0000-0000-0000-000000000000 # Daemon's serial and model number when reporting to clients -@@ -145,8 +145,8 @@ uuid=00000000-0000-0000-0000-000000000000 +@@ -179,8 +179,8 @@ uuid=00000000-0000-0000-0000-000000000000 # modify the IP ranges to match their own internal networks, and # also consider implementing network-specific restrictions # CAUTION: failure to enforce any rules may permit insecure requests to be made! diff --git patches/patch-natpmp_c patches/patch-natpmp_c deleted file mode 100644 index e895d82f9df..00000000000 --- patches/patch-natpmp_c +++ /dev/null @@ -1,11 +0,0 @@ -$OpenBSD: patch-natpmp_c,v 1.1 2016/09/10 13:03:42 ajacoutot Exp $ ---- natpmp.c.orig Sat Sep 10 12:02:47 2016 -+++ natpmp.c Sat Sep 10 12:02:53 2016 -@@ -11,6 +11,7 @@ - #include <errno.h> - #include <time.h> - #include <sys/types.h> -+#include <sys/select.h> /* fd_set */ - #include <sys/socket.h> - #include <netinet/in.h> - #include <arpa/inet.h> diff --git patches/patch-portinuse_c patches/patch-portinuse_c deleted file mode 100644 index c39c5e980de..00000000000 --- patches/patch-portinuse_c +++ /dev/null @@ -1,12 +0,0 @@ -$OpenBSD: patch-portinuse_c,v 1.2 2019/03/11 04:06:37 bket Exp $ -Index: portinuse.c ---- portinuse.c.orig -+++ portinuse.c -@@ -18,6 +18,7 @@ - #include <errno.h> - #include <time.h> - #include <sys/types.h> -+#include <sys/select.h> /* fd_set */ - #include <sys/socket.h> - #include <netinet/in.h> - #include <arpa/inet.h> diff --git patches/patch-testasyncsendto_c patches/patch-testasyncsendto_c deleted file mode 100644 index 18fdc6cffb7..00000000000 --- patches/patch-testasyncsendto_c +++ /dev/null @@ -1,29 +0,0 @@ -$OpenBSD: patch-testasyncsendto_c,v 1.2 2019/03/11 04:06:37 bket Exp $ - -warning: format '%ld' expects type 'long int', but argument 4 has type 'time_t' - -Index: testasyncsendto.c ---- testasyncsendto.c.orig -+++ testasyncsendto.c -@@ -74,8 +74,8 @@ int test(void) - int max_fd; - struct timeval timeout; - struct timeval now; -- syslog(LOG_DEBUG, "get_next_scheduled_send : %d next_send=%ld.%06ld", -- i, (long)next_send.tv_sec, (long)next_send.tv_usec); -+ syslog(LOG_DEBUG, "get_next_scheduled_send : %d next_send==%lld.%06ld", -+ i, (long long)next_send.tv_sec, (long)next_send.tv_usec); - FD_ZERO(&writefds); - max_fd = 0; - gettimeofday(&now, NULL); -@@ -100,8 +100,8 @@ int test(void) - } - } - syslog(LOG_DEBUG, "get_sendto_fds() returned %d", i); -- syslog(LOG_DEBUG, "select(%d, NULL, xx, NULL, %ld.%06ld)", -- max_fd, (long)timeout.tv_sec, (long)timeout.tv_usec); -+ syslog(LOG_DEBUG, "select(%d, NULL, xx, NULL, %lld.%06ld)", -+ max_fd, (long long)timeout.tv_sec, (long)timeout.tv_usec); - i = select(max_fd, NULL, &writefds, NULL, &timeout); - if(i < 0) { - syslog(LOG_ERR, "select: %m"); diff --git patches/patch-upnpevents_c patches/patch-upnpevents_c deleted file mode 100644 index a493ad71cf4..00000000000 --- patches/patch-upnpevents_c +++ /dev/null @@ -1,64 +0,0 @@ -$OpenBSD: patch-upnpevents_c,v 1.3 2019/03/11 20:05:23 bket Exp $ - -Cherrypick patch from upstream: Check the return value of snprintf(). - -Mitigate read out-of-bounds vulnerability as reported by -https://github.com/b1ack0wl/miniupnpd_poc - -Index: upnpevents.c ---- upnpevents.c.orig -+++ upnpevents.c -@@ -14,6 +14,7 @@ - #include <unistd.h> - #include <time.h> - #include <sys/types.h> -+#include <sys/select.h> /* fd_set */ - #include <sys/socket.h> - #include <netinet/in.h> - #include <arpa/inet.h> -@@ -443,19 +444,34 @@ static void upnp_event_prepare(struct upnp_event_notif - l = 0; - } - obj->buffersize = 1024; -- obj->buffer = malloc(obj->buffersize); -- if(!obj->buffer) { -- syslog(LOG_ERR, "%s: malloc returned NULL", "upnp_event_prepare"); -- if(xml) { -- free(xml); -+ for (;;) { -+ obj->buffer = malloc(obj->buffersize); -+ if(!obj->buffer) { -+ syslog(LOG_ERR, "%s: malloc returned NULL", "upnp_event_prepare"); -+ if(xml) { -+ free(xml); -+ } -+ obj->state = EError; -+ return; - } -- obj->state = EError; -- return; -+ obj->tosend = snprintf(obj->buffer, obj->buffersize, notifymsg, -+ obj->path, obj->addrstr, obj->portstr, l+2, -+ obj->sub->uuid, obj->sub->seq, -+ l, xml); -+ if (obj->tosend < 0) { -+ syslog(LOG_ERR, "%s: snprintf() failed", "upnp_event_prepare"); -+ if(xml) { -+ free(xml); -+ } -+ obj->state = EError; -+ return; -+ } else if (obj->tosend < obj->buffersize) { -+ break; /* the buffer was large enough */ -+ } -+ /* Try again with a buffer big enough */ -+ free(obj->buffer); -+ obj->buffersize = obj->tosend + 1; /* reserve space for the final 0 */ - } -- obj->tosend = snprintf(obj->buffer, obj->buffersize, notifymsg, -- obj->path, obj->addrstr, obj->portstr, l+2, -- obj->sub->uuid, obj->sub->seq, -- l, xml); - if(xml) { - free(xml); - xml = NULL; diff --git patches/patch-upnppinhole_c patches/patch-upnppinhole_c deleted file mode 100644 index 893ad85132a..00000000000 --- patches/patch-upnppinhole_c +++ /dev/null @@ -1,11 +0,0 @@ -$OpenBSD: patch-upnppinhole_c,v 1.1 2016/09/10 13:03:42 ajacoutot Exp $ ---- upnppinhole.c.orig Sat Sep 10 12:03:05 2016 -+++ upnppinhole.c Sat Sep 10 12:03:10 2016 -@@ -9,6 +9,7 @@ - #include <string.h> - #include <syslog.h> - #include <sys/types.h> -+#include <sys/select.h> /* fd_set */ - #include <sys/socket.h> - #include <netinet/in.h> - #include <net/if.h> diff --git patches/patch-upnpredirect_c patches/patch-upnpredirect_c deleted file mode 100644 index e4e4a4d8f92..00000000000 --- patches/patch-upnpredirect_c +++ /dev/null @@ -1,12 +0,0 @@ -$OpenBSD: patch-upnpredirect_c,v 1.2 2019/03/11 04:06:37 bket Exp $ -Index: upnpredirect.c ---- upnpredirect.c.orig -+++ upnpredirect.c -@@ -10,6 +10,7 @@ - #include <string.h> - #include <syslog.h> - #include <sys/types.h> -+#include <sys/select.h> /* fd_set */ - #include <sys/socket.h> - #include <netinet/in.h> - #include <net/if.h> diff --git patches/patch-upnpsoap_c patches/patch-upnpsoap_c deleted file mode 100644 index d2e7a7bf402..00000000000 --- patches/patch-upnpsoap_c +++ /dev/null @@ -1,28 +0,0 @@ -$OpenBSD: patch-upnpsoap_c,v 1.4 2019/03/19 17:28:32 steven Exp $ - -Index: upnpsoap.c ---- upnpsoap.c.orig -+++ upnpsoap.c -@@ -590,7 +590,7 @@ AddAnyPortMapping(struct upnphttp * h, const char * ac - if(leaseduration == 0) - leaseduration = 604800; - -- if (!int_ip || !ext_port || !int_port) -+ if (!int_ip || !ext_port || !int_port || !protocol) - { - ClearNameValueList(&data); - SoapError(h, 402, "Invalid Args"); -@@ -1841,6 +1841,13 @@ GetOutboundPinholeTimeout(struct upnphttp * h, const c - rem_host = GetValueFromNameValueList(&data, "RemoteHost"); - rem_port = GetValueFromNameValueList(&data, "RemotePort"); - protocol = GetValueFromNameValueList(&data, "Protocol"); -+ -+ if (!int_port || !rem_port || !protocol) -+ { -+ ClearNameValueList(&data); -+ SoapError(h, 402, "Invalid Args"); -+ return; -+ } - - rport = (unsigned short)atoi(rem_port); - iport = (unsigned short)atoi(int_port);
