#114 mediatomb 0.12.1 uses libupnp 0.4.1

open
Jin
UPnP (10)
5
2013-03-19
2013-03-19
Jonathan Ciesla
No

Hi, Jon Ciesla, Fedora mediatomb package maintainer. We try to avoid bundled libraries in Fedora:

https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries

As such, I've tried to use mediatomb with the latest libupnp:

http://www.kb.cert.org/vuls/id/922681

but to no avail. Is there any change you'll be updating the version of libupnp you use to the latest, so that if packagers unbundle, they can? Thanks!

Discussion

  • Jin
    Jin
    2013-03-19

    Hi,

    sorry, but no chance. Reason is simple: our version of the library has an API that is not compatible to libUPnP, it has various custom patches and extensions. They can not be merged into libUPnP because our changes are covered by the GPL, while libUPnP is under BSD.

    We do apply some relevant fixes from pUPnP to our forked version from time to time, but maybe not often enough. I pushed three security fixes into our git master now.

     
  • Fair enough. When do you think you'll next do a release?

     
  • Jin
    Jin
    2013-03-19

    Good question :) At least we finally got to make a move to git and we fixed the build again. We're currently deciding if we should release the current state "as is" or do some more cleanup, problem is that we are very short on time.

    I'd would not be honest if I told you any date or time range :( So don't know really... Probably not earlier than in 1-2 months.

     
  • Is the version currently in git useable enough to put in rawhide, or do you recommend awaiting the release?

     
  • Jin
    Jin
    2013-03-19

    I think it is, we based our git master not on the currently messy trunk but on the 0.12.1 branch, so it is the latest 0.12.1 release + fixes that allow it to build on a recent distro + security fixes from pupnp that you posted above + some minor bug fixes. So it should not be worse than 0.12.1 and has some fixes on top of it, imho it should be fine.

     
  • Excellent, thanks! I'll watch for the release, then!

     
  • Jin
    Jin
    2013-03-19

    No problem, thanks for packaging :)

     
  • . . .while probably using the git version. :)