minidlna: Update to version 1.3.2

- Update from version 1.3.0 to 1.3.2
- Update of rootfile not required
- Patch for CVE-2022-26505 is now built into the source tarball
- Changelog
1.3.2 - Released 30-Aug-2022
	- Improved DNS rebinding attack protection.
	- Added Samsung Neo QLED series (2021) support.
	- Added webm/rm/rmvb support.
1.3.1 - Released 11-Feb-2022
	- Fixed a potential crash in SSDP request parsing.
	- Fixed a configure script failure on some platforms.
	- Protect against DNS rebinding attacks.
	- Fix an socket leakage issue on some platforms.
	- Minor bug fixes.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

lfs/minidlna

@@ -26,7 +26,7 @@ include Config
 
 SUMMARY    = DLNA compatible server
 
-VER        = 1.3.0
+VER        = 1.3.2
 
 THISAPP    = minidlna-$(VER)
 DL_FILE    = minidlna-$(VER).tar.gz
@@ -34,7 +34,7 @@ DL_FROM    = $(URL_IPFIRE)
 DIR_APP    = $(DIR_SRC)/$(THISAPP)
 TARGET     = $(DIR_INFO)/$(THISAPP)
 PROG       = minidlna
-PAK_VER    = 12
+PAK_VER    = 13
 
 DEPS       = ffmpeg flac libexif libid3tag libogg
 
@@ -50,7 +50,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 3574d48ee63f8c391d1beac653587b87460522178d9f100fe4b0e49f33398b8e527ee74af02d5ea36b23338f7ac73ef3c177edae6be8eed24e94f9db5c8323b0
+$(DL_FILE)_BLAKE2 = e35266be94e4585f399c80a6909318ce973d443506f6becdacdb00802ed0ce060ebf8401ff1b5dfef0b451f609d98f805c80b9a0c87e23d14084338047418620
 
 install : $(TARGET)
 
@@ -84,7 +84,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	@$(PREBUILD)
 	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE)
 	$(UPDATE_AUTOMAKE)
-	cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/minidlna-1.3.0-fix-DNS-rebinding-issue-CVE-2022-26505.patch
 	cd $(DIR_APP) && ./configure --prefix=/usr
 	cd $(DIR_APP) && make $(MAKETUNING) $(EXTRA_MAKE)
 	cd $(DIR_APP) && make install

src/patches/minidlna-1.3.0-fix-DNS-rebinding-issue-CVE-2022-26505.patch

@@ -1,44 +0,0 @@
---- minidlna-1.3.0/upnphttp.c.orig	2020-11-24 19:53:50.000000000 +0100
-+++ minidlna-1.3.0/upnphttp.c	2022-04-30 12:59:23.432073807 +0200
-@@ -273,6 +273,11 @@
- 				p = colon + 1;
- 				while(isspace(*p))
- 					p++;
-+				    n = 0;
-+				    while(p[n] >= ' ')
-+					    n++;
-+				    h->req_Host = p;
-+				    h->req_HostLen = n;					
- 				for(n = 0; n < n_lan_addr; n++)
- 				{
- 					for(i = 0; lan_addr[n].str[i]; i++)
-@@ -909,6 +914,18 @@
- 	}
- 
- 	DPRINTF(E_DEBUG, L_HTTP, "HTTP REQUEST: %.*s\n", h->req_buflen, h->req_buf);
-+	if(h->req_Host && h->req_HostLen > 0) {
-+		const char *ptr = h->req_Host;
-+		DPRINTF(E_MAXDEBUG, L_HTTP, "Host: %.*s\n", h->req_HostLen, h->req_Host);
-+		for(i = 0; i < h->req_HostLen; i++) {
-+			if(*ptr != ':' && *ptr != '.' && (*ptr > '9' || *ptr < '0')) {
-+				DPRINTF(E_ERROR, L_HTTP, "DNS rebinding attack suspected (Host: %.*s)", h->req_HostLen, h->req_Host);
-+				Send404(h);/* 403 */
-+				return;
-+			}
-+			ptr++;
-+		}
-+	}	
- 	if(strcmp("POST", HttpCommand) == 0)
- 	{
- 		h->req_command = EPost;
---- minidlna-1.3.0/upnphttp.h.orig	2020-11-24 19:53:50.000000000 +0100
-+++ minidlna-1.3.0/upnphttp.h	2022-04-30 13:00:22.619152312 +0200
-@@ -89,6 +89,8 @@
- 	struct client_cache_s * req_client;
- 	const char * req_soapAction;
- 	int req_soapActionLen;
-+	const char * req_Host;        /* Host: header */
-+	int req_HostLen;
- 	const char * req_Callback;	/* For SUBSCRIBE */
- 	int req_CallbackLen;
- 	const char * req_NT;