Debian has issued an advisory today (December 16): https://www.debian.org/security/2016/dsa-3736 Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated libupnp packages fix security vulnerability: Scott Tenaglia discovered a heap buffer overflow vulnerability, that can lead to denial of service or remote code execution (CVE-2016-8863). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863 https://www.debian.org/security/2016/dsa-3736 ======================== Updated packages in core/updates_testing: ======================== libupnp6-1.6.19-4.2.mga5 libthreadutil6-1.6.19-4.2.mga5 libixml2-1.6.19-4.2.mga5 libupnp-devel-1.6.19-4.2.mga5 from libupnp-1.6.19-4.2.mga5.src.rpm
Test procedure: https://bugs.mageia.org/show_bug.cgi?id=14143#c9 Used by amule, openclonk, retroshare, ushare, and vlc-plugin-upnp.
Whiteboard: (none) => has_procedure
MGA5-32 on Acer D620 Xfce No installation issues. Followed instructions as per Comment 1, but get nowhere. The Universal Plug'n'Play options show in VLC, but I don't get any content, and the status reporting is confusing to me: # systemctl restart ushare # systemctl status ushare â ushare.service - LSB: UPnP (TM) A/V Media Server Loaded: loaded (/etc/rc.d/init.d/ushare) Active: active (running) since do 2016-12-22 14:36:45 CET; 59s ago Process: 20621 ExecStop=/etc/rc.d/init.d/ushare stop (code=exited, status=0/SUCCESS) Process: 20706 ExecStart=/etc/rc.d/init.d/ushare start (code=exited, status=0/SUCCESS) CGroup: /system.slice/ushare.service ââ20713 /usr/bin/ushare -D --cfg=/etc/ushare.conf -d So would seem OK, but # journalctl -xe dec 22 14:36:03 mach6.hviaene.thuis systemd[1]: Unit ushare.service entered failed state. dec 22 14:36:03 mach6.hviaene.thuis systemd[1]: ushare.service failed. dec 22 14:36:45 mach6.hviaene.thuis uShare[20712]: Interface wlp5s0 is down. dec 22 14:36:45 mach6.hviaene.thuis uShare[20712]: Recheck uShare's configuration and try again ! And that is nonsense since wlp5s0 is the working wifi internet connection I'm writing this on.
CC: (none) => herman.viaene
Found some other weird: I did not all output from status command above, and now I notice dec 22 14:36:45 mach6.hviaene.thuis uShare[20713]: Looking for files in content directory : /home/tester5/Video/ dec 22 14:36:45 mach6.hviaene.thuis uShare[20713]: Found 2 files and subdirectories. But that is not correct : in /home/tester5/Video/ there are 3 .avi files.
Shall set this up on x86_64 and try to follow the test procedure. Certainly not going to try MythTV.
CC: (none) => tarazed25
Investigating this on x86_64. vlc-plugin-upnp was already installed. Installed ushare. Checked that the preupdate packages were in place and that the various applications would launch. amule OK. openclonk segfaulted. Started ushare, then: # systemctl status ushare â ushare.service - LSB: UPnP (TM) A/V Media Server Loaded: loaded (/etc/rc.d/init.d/ushare) Active: active (exited) since Thu 2016-12-29 22:59:53 GMT; 8s ago Process: 4876 ExecStart=/etc/rc.d/init.d/ushare start (code=exited, status=0/SUCCESS) Configured /etc/ushare.conf, leaving telnet port blank. $ sudo systemctl restart ushare $ systemctl status ushare â ushare.service - LSB: UPnP (TM) A/V Media Server Loaded: loaded (/etc/rc.d/init.d/ushare) Active: active (running) since Thu 2016-12-29 23:14:39 GMT; 4s ago Process: 6954 ExecStop=/etc/rc.d/init.d/ushare stop (code=exited, status=0/SUCCESS) Process: 6963 ExecStart=/etc/rc.d/init.d/ushare start (code=exited, status=0/SUCCESS) CGroup: /system.slice/ushare.service ââ6969 /usr/bin/ushare -D --cfg=/etc/ushare.conf -d The vlc plugin is installed but no UPnP options are shown in the playlist window. All that is shown is Playlist Media Library UPnP is listed in the Plugins and extensions menu under the Plugins tab: Universal Plug'n'Play | services_discovery | 0 For the time being vlc is running on the same machine as the ushare service. So, basically, I haven't a clue.
Following this up on Archwiki, added 1900/udp and 49201/tcp to the firewall and restarted the ushare service. Stiil nothing showing in vlc.
Experimented with command-line ushare. $ sudo systemctl stop ushare $ ushare Interface enp3s0 is down. Recheck uShare's configuration and try again ! uShare (version 1.1a), a lightweight UPnP A/V and DLNA Media Server. Benjamin Zores (C) 2005-2007, for GeeXboX Team. See http://ushare.geexbox.org/ for updates. Listening on telnet port 1900 Initializing UPnP subsystem ... UPnP MediaServer listening on <a.b.c.d>:49201 Sending UPnP advertisement for device ... Listening for control point connections ... Building Metadata List ... Looking for files in content directory : http://a.b.c.d:49201/data/TV/drama scandir: No such file or directory Found 2 files and subdirectories. <Replace a.b.c.d with actual LAN address> The ethernet interface is up and running - ushare does not think so. No indication which files it actually found. vlc still shows nothing in Playlist.
Tried removing the network specification from ushare.conf and ran ushare again. VLC sees nothing. Note that telnet is 'no' and USHARE_TELNET_PORT=<blank> $ ushare Interface enp3s0 is down. Recheck uShare's configuration and try again ! uShare (version 1.1a), a lightweight UPnP A/V and DLNA Media Server. Benjamin Zores (C) 2005-2007, for GeeXboX Team. See http://ushare.geexbox.org/ for updates. Listening on telnet port 1337 Initializing UPnP subsystem ... UPnP MediaServer listening on 192.168.1.3:49201 Sending UPnP advertisement for device ... Listening for control point connections ... Building Metadata List ... Looking for files in content directory : /data/TV/drama Found 41 files and subdirectories. There are in fact 43 files in that directory, .mp4 and .ts files. Is there any kind of configuration needed at the vlc end? Or does vlc have to be pointed at the udp port explicitly?
In vlc, in the Plugins&Extensions window, Plugins lists UPnP services probe with a score of 100 and discovery with score 0. In the Menu, selecting Playlist returns "Empty". It certainly looks like vlc UPnP is not connecting with ushare, but why?
Tried a connection over the LAN. $ ushare Interface enp2s0 is down. Recheck uShare's configuration and try again ! uShare (version 1.1a), a lightweight UPnP A/V and DLNA Media Server. Benjamin Zores (C) 2005-2007, for GeeXboX Team. See http://ushare.geexbox.org/ for updates. Listening on telnet port 1337 Initializing UPnP subsystem ... UPnP MediaServer listening on <belexeuli>:49201 Sending UPnP advertisement for device ... Listening for control point connections ... Building Metadata List ... Looking for files in content directory : http://<vega>:49201/data/TV/drama scandir: No such file or directory Found 2 files and subdirectories. Blank playlist in vlc. ushare running at both ends. That may not be necessary. Whatever, the diagnostics above show that ushare does not see the network connection. At both ends ushare seems to be in listening mode, so what writes to the TCP port?
Ran the update but there was no change in behaviour with regard to vlc and ushare at either end - i.e on either machine.
This is what /etc/ushare.conf looks like at present: # /etc/ushare.conf # Configuration file for uShare # uShare UPnP Friendly Name (default is 'uShare'). USHARE_NAME= # Interface to listen to (default is eth0). # Ex : USHARE_IFACE=eth1 USHARE_IFACE=enp3s0 # Port to listen to (default is random from IANA Dynamic Ports range) # Ex : USHARE_PORT=49200 USHARE_PORT=49201 # Port to listen for Telnet connections # Ex : USHARE_TELNET_PORT=1337 USHARE_TELNET_PORT= # Directories to be shared (space or CSV list). # Ex: USHARE_DIR=/dir1,/dir2 USHARE_DIR=/data/TV/drama # Use to override what happens when iconv fails to parse a file name. # The default uShare behaviour is to not add the entry in the media list # This option overrides that behaviour and adds the non-iconv'ed string into # the media list, with the assumption that the renderer will be able to # handle it. Devices like Noxon 2 have no problem with strings being passed # as is. (Umlauts for all!) # # Options are TRUE/YES/1 for override and anything else for default behaviour USHARE_OVERRIDE_ICONV_ERR=1 # Enable Web interface (yes/no) ENABLE_WEB=no # Enable Telnet control interface (yes/no) ENABLE_TELNET=no # Use XboX 360 compatibility mode (yes/no) ENABLE_XBOX=no # Use DLNA profile (yes/no) # This is needed for PlayStation3 to work (among other devices) ENABLE_DLNA=no The port settings in Shorewall contain 49201/tcp and enp3s0 is unprotected.
Telnet is tcp Len so will likely need to be unblock tcp/1900 too or instead. From what I remember of vlc with upnp, it's a fairly basic interface, feature wise.
Thanks Claire, but I had already crossed off telnet in the config file. I have managed to load a playlist though. See below. In vlc: Menu => Interface => Preferences => Show settings Select All This displays a very full menu containing Playlist Playlist => Services discovery That displays "Services discovery modules" with an empty box. Podcast and SAP are already listed under Services discovery. "Services discovery modules are facilities that automatically add items to playlist. Hovering the mouse over the box gives the hint: "Specifies the ... modules to preload ... Typical value is sap. The implication is that something else needs to be specified here to add the discovered files to the playlist. ushare indicates that it has found the files. Writing upnp into the box and saving it seemed to work. On relaunching vlc the playlist window displayed all the found files. However the services discovery menu in preferences does not display UPnP, just Podcast and SAP but the box contains upnp. So it does work, but why is it so complicated? One would assume that installing a plugin would do all that work for you. It does not seem to be documented anywhere.
It still has to be tested over the LAN. ushare does not seem to understand network addresses; comes up with "no such file".
Further information on the preferences tweak... Before - the startup message was: VLC media player 2.2.4 Weatherwax (revision 2.2.3-37-g888b7e89) [0000000001d07678] core services discovery error: no suitable services discovery module Afterwards: $ vlc VLC media player 2.2.4 Weatherwax (revision 2.2.3-37-g888b7e89) [00000000011dd748] upnp services discovery: Initializing libupnp on '(null)' interface
Kodi should support upnp/dlna too if you feel vlc is an unreliable testbed.
I am very familiar with vlc, use it all the time, including watching Freeview on an aerial connection; as simple as $ vlc channels.xspf & The problems are more to do with ushare than vlc really. I avoid Kodi after trying it a while ago. Could not get it to work properly for anything - far too much work.
VLC might work fine for most stuff, but the UPNP thing obviously doesn't. It took two tries to even see the Mediatomb that I set up on another machine yesterday and took minutes before it would expand to see anything inside of it (it works much better on our Samsung DVD player). It sees two DirecTV receivers and can list some videos, but can't play them. I was finally able to get it to play songs from Mediatomb once they showed up. Tested on Mageia 5 x86_64.
Whiteboard: has_procedure => has_procedure MGA5-64-OK
Installed mediatomb and tried out the web interface. It found my TV and film recordings on another machine without any difficulty and allowed me to build the playlist. Left mediatomb running and closed vlc. Launched it again and the playlist was already there. Loading the initial playlist took some time - 380 titles, but from then on it was fine. So that confirms David's tests - comment 19.
mga5 X86_64 Finally figured out the ushare business. Ran ushare on the remote PC with port 49201 open. Opened 49201/tcp on the local machine and fired up vlc. The playlist displayed the remote directory immediately and played a selected video with clear sound. Simples! A two minute solution after 15 hours work.
Tested this on i586 virtualbox for mga5. Installed vlc-plugin-upnp Edited /etc/ushare.conf on the host and ran it on the host. Enabled upnp in vlc and the playlist displayed the video files from the host machine. Installed the updates and vlc could still access the networked playlist via ushare running on the host. Good for 32-bit.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_updateWhiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-64-OK MGA5-32-OK
(In reply to Len Lawrence from comment #21) > mga5 X86_64 > Finally figured out the ushare business. Ran ushare on the remote PC with > port 49201 open. Opened 49201/tcp on the local machine and fired up vlc. > The playlist displayed the remote directory immediately and played a > selected video with clear sound. Simples! A two minute solution after 15 > hours work. If we could but give medals... Advisory from Comment 0 uploaded.
CC: (none) => lewyssmithWhiteboard: has_procedure MGA5-64-OK MGA5-32-OK => has_procedure MGA5-64-OK MGA5-32-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0002.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
Installed and tested without issues. Tested using amuled and vlc with vlc-plugin-upnp to load videos from a minidlna server. System: Mageia 7, x86_64, Intel CPU. $ uname -a Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux $ cat /proc/18235/cmdline amuled--ec-config--log-stdout $ egrep -i '(upnp|ixml)' /proc/18235/maps 7f8aa8c9d000-7f8aa8ca0000 r--p 00000000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f8aa8ca0000-7f8aa8ca5000 r-xp 00003000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f8aa8ca5000-7f8aa8ca7000 r--p 00008000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f8aa8ca7000-7f8aa8ca8000 r--p 00009000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f8aa8ca8000-7f8aa8ca9000 rw-p 0000a000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f8aa8cab000-7f8aa8cb6000 r--p 00000000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 7f8aa8cb6000-7f8aa8cd1000 r-xp 0000b000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 7f8aa8cd1000-7f8aa8cdc000 r--p 00026000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 7f8aa8cdc000-7f8aa8cdd000 r--p 00030000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 7f8aa8cdd000-7f8aa8cde000 rw-p 00031000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 $ cat /proc/18355/cmdline /usr/bin/vlc--started-from-file $ egrep -i '(upnp|ixml)' /proc/18355/maps 7f909d299000-7f909d2a4000 r--p 00000000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 7f909d2a4000-7f909d2bf000 r-xp 0000b000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 7f909d2bf000-7f909d2ca000 r--p 00026000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 7f909d2ca000-7f909d2cb000 r--p 00030000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 7f909d2cb000-7f909d2cc000 rw-p 00031000 00:17 2018581 /usr/lib64/libupnp.so.13.0.0 7f909d3ff000-7f909d402000 r--p 00000000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f909d402000-7f909d407000 r-xp 00003000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f909d407000-7f909d409000 r--p 00008000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f909d409000-7f909d40a000 r--p 00009000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f909d40a000-7f909d40b000 rw-p 0000a000 00:17 2018578 /usr/lib64/libixml.so.10.0.1 7f909d40b000-7f909d40d000 r--p 00000000 00:17 1835159 /usr/lib64/vlc/plugins/services_discovery/libupnp_plugin.so 7f909d40d000-7f909d416000 r-xp 00002000 00:17 1835159 /usr/lib64/vlc/plugins/services_discovery/libupnp_plugin.so 7f909d416000-7f909d418000 r--p 0000b000 00:17 1835159 /usr/lib64/vlc/plugins/services_discovery/libupnp_plugin.so 7f909d418000-7f909d419000 ---p 0000d000 00:17 1835159 /usr/lib64/vlc/plugins/services_discovery/libupnp_plugin.so 7f909d419000-7f909d41a000 r--p 0000d000 00:17 1835159 /usr/lib64/vlc/plugins/services_discovery/libupnp_plugin.so 7f909d41a000-7f909d41b000 rw-p 0000e000 00:17 1835159 /usr/lib64/vlc/plugins/services_discovery/libupnp_plugin.so $ rpm -qf /usr/lib64/libupnp.so.13.0.0 /usr/lib64/libixml.so.10.0.1 /usr/lib64/vlc/plugins/services_discovery/libupnp_plugin.so lib64upnp13-1.8.4-3.1.mga7 lib64ixml10-1.8.4-3.1.mga7 vlc-plugin-upnp-3.0.10-1.mga7.tainted $ urpmq --whatrequires-recursive lib64upnp13 lib64ixml10 | sort -u amule amule-commandline amule-webserver lib64ixml10 lib64ring0 lib64ring-devel lib64upnp13 lib64upnp-devel libring-devel ring-client-gnome ring-daemon ring-kde vlc-plugin-upnp
CC: (none) => mageia
OOPS! Please, ignore comment 25. It was for another bug 26752.