Important: GSSDP 1.0.4, GSSDP 1.2.3, GUPnP 1.0.5 and GUPnP 1.2.3 released

From: Jens Georg <mail jensge org>
To: gupnp-list <gupnp-list gnome org>, gnome-announce-list <gnome-announce-list gnome org>
Cc: distributor-list <distributor-list gnome org>
Subject: Important: GSSDP 1.0.4, GSSDP 1.2.3, GUPnP 1.0.5 and GUPnP 1.2.3 released
Date: Tue, 23 Jun 2020 09:09:53 +0200

Hello everyone,

I have released new versions of GUPnP. The main "feature" of this
release is the implementation of the UDA 2.0 spec addendum from
2020/04/17 which restricts notifications registered with SUBSCRIBE to
the subnet of the server. For this reason, a new GSSDP version is
required to provide the required information.

This is a reaction to CVE-2020-12695 (https://www.callstranger.com/)

Other changes are listed below:

GSSDP 1.0.4:
============

 - Set the correct multicast source interface on the correct socket
 - Add gssdp_client_get_address_mask

Bugs fixed in this release:
 - https://gitlab.gnome.org/GNOME/gssdp/issues/4

All contributors to this release:
 - Jens Georg <mail jensge org>

GSSDP 1.2.3:
============
 - Prevent crash if client is not initialized
 - Fix critical if network device does not exists
 - Fix ::1 multicast
 - client. Add getter for network mask

Bugs fixed in this release:
 - https://gitlab.gnome.org/GNOME/gssdp/issues/5
 - https://gitlab.gnome.org/GNOME/gssdp/issues/6

All contributors to this release:
 - Jens Georg <mail jensge org>

GUPnP 1.0.5:
============
- Attention! Version requirement change: Requires GSSDP 1.0.4
- Fix an issue with if.h redefinition
- Fix introspection annotation for introspection callback
- Add mitigation for CVE-CVE-2020-12695 (CallStranger)
- Implement UDA 2.0 April 17 2020 addendum (CallStranger prevention)

Bugs fixed in this release:
 - https://gitlab.gnome.org/GNOME/gupnp/issues/16

All contributors to this release:
 - Jens Georg <mail jensge org>
 - soiamsoNG <83182235 qq com>
 - Fabrice Fontaine <fontaine fabrice gmail com>

GUPnP 1.2.3:
============
- Attention: Requires GSSDP 1.2.3!
- Always build the gupnp-binding-tool manpage
- Fix meson build on Windows
- Fix context creation for tests across different platforms
- Fix static linking issue caused by libguul subproject
- Add mitigations for CVE-2020-12695 (CallStranger)
- Implement UDA 2.0 April 17 2020 Addendum (Partial fix for CVE-2020-
12695)

Bugs fixed in this release:
 - https://gitlab.gnome.org/GNOME/gupnp/issues/15
 - https://gitlab.gnome.org/GNOME/gupnp/issues/16

All contributors to this release:
 - Jens Georg <mail jensge org>
 - soiamsoNG <83182235 qq com>
 - Peter Seiderer <ps report gmx net>
 - Jan-Michael Brummer <jan brummer tabos org>
 - Mart Raudsepp <leio gentoo org>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]