ChangeLog

*******************************************************************************
Version 1.8.4
*******************************************************************************

2017-11-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	GitHub #57 - 1.8.3 broke ABI without changing SONAME
	Opened by jcowgill

	This change in 1.8.3 broke the ABI and therefore the SONAME should have
	been changed (ie: age reset to 0):

	EXPORT_SPEC int UpnpAddVirtualDir(
	        /*! [in] The name of the new directory mapping to add. */
	-       const char *dirName);
	+       const char *dirName,
	+       /*! [in] The cookie to associated with this virtual directory */
	+       const void *cookie,
	+       /*! [out] The cookie previously associated, if mapping is already present */
	+       const void **oldcookie);

	If only the cookie argument was added, you could probably get away with
	this because all that would happen is that a garbage value is passed
	around without being used. With the addition of oldcookie, any old
	programs will not initialise this value and will probably segfault when
	libupnp tries to write to it.

*******************************************************************************
Version 1.8.3
*******************************************************************************

2017-09-07 Dave Overton <david(at)insomniavisions.com>

	Add userdata/cookie to virtualDir callbacks

	As with the main Device APIs (UpnpRegisterRootDevice etc), it is useful
	to have a userdata/cookie pointer returned with each callback.

	This patch allows one cookie per registered path which enables a variety
	of functionality in client apps.

2017-09-03 Uwe Kleine-König <uwe@kleine-koenig.org>

	Fix large file system support

	libupnp uses large file support (if available). If a program linking to
	libupnp does not however it creates mismatches in callframes. See
	Issue #51 for the results.

	This simplifies LFS support by using AC_SYS_LARGEFILE_SENSITIVE instead of
	manually defining _LARGE_FILE_SOURCE and _FILE_OFFSET_BITS (which is
	useless on architectures where the size of off_t is fixed).

	Furthermore additional logic is introduced to catch a library user without
	64 bit wide off_t on such a platform.

	upnp.h also makes use of off_t, but as this file includes FileInfo.h, the
	latter is the single right place for this check.

	This fixes #52 which is a generalized variant of #51.

2017-08-19 Uwe Kleine-König <uwe@kleine-koenig.org>

	configure.ac: Drop copying of include files

	The comment suggests this is for windows compilation. It should be easily
	possible to add the source directory as an include path to the windows
	compiler, too, so drop this. (Otherwise this should better be done using
	AC_CONFIG_COMMANDS.)

2017-09-03 Uwe Kleine-König <uwe@kleine-koenig.org>

	Let source code use autoconfig.h not the public upnpconfig.h

	The former is the one supposed to be used for internal code. upnpconfig.h is only
	for public stuff.

2017-08-19 Uwe Kleine-König <uwe@kleine-koenig.org>

	configure.ac: Fix typo s/optionnal/optional/

2017-08-08 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	Fix broken samples when configured with --disable-ipv6.

*******************************************************************************
Version 1.8.2
*******************************************************************************

2017-07-24 Michael Osipov

	Initialize in_addr and in6_addr to avoid garbage output if never written

	If any of the address families isn't available in UpnpGetIfInfo(),
	especially IPv6, always init both structs with zero to avoid garbage
	output with inet_ntop() to gIF_IPV4 and gIF_IPV6.

	See v00d00/gerbera#112 (https://github.com/v00d00/gerbera/issues/112)
	for consequences: bind for IPv6 will fail.

2013-10-28 Vladimir Fedoseev <va-dos(at)users.sourceforge.net>

	Attached patch allows to register multiple clients from single app.

2014-11-14 Philippe <philippe44ca(at)users.sourceforge.net>

	Hi - I recently compiled libupnp on C++ Builder XE7 and had to do a few
	changes to make it work. In thase this helps, I've generated a small
	patch file.

2015-04-30 Hugo Beauzée-Luyssen <chouquette(at)users.sourceforge.net>

	When building using a strict mode (-std=c++11 instead of -std=gnu++11,
	for instance), the WIN32 macro isn't defined. The attached patch fixes
	it by using _WIN32 instead.

2015-02-06 Jean-Francois Dockes <jf@dockes.org>

	Queue events on their subscription object instead of adding them to the
	thread pool immediately. 

	Events destined for a non-responding control point would flood the
	thread pool and prevent correct dispatching to other clients, sometimes
	to the point of disabling the device. Events are now queued without
	allocating thread resources and properly discarded when a client is not
	accepting them.

2015-02-03 Jean-Francois Dockes <jf@dockes.org>

	genaInitNotify()/genaInitNotifyExt() and
	genaNotifyAll()/genaNotifyAllExt() are relatively complicated methods
	which only differ by the format of an input parameter. This update
	extracts the common code for easier maintenance, esp. relating to the
	queueing modifications to follow.


*******************************************************************************
Version 1.8.1
*******************************************************************************

2017-04-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	Fix some compiler warning messages on md5.c

2017-03-07 Fabrice Fontaine <fontaine.fabrice(at)gmail.com>

	Enable IPv6 by default

2017-03-07 Fabrice Fontaine <fontaine.fabrice(at)gmail.com>

	Move threadutil source code to libupnp

	With this patch, threadutil library is removed as the only public
	header that has been kept in 1.8.x is ithread.h which is mainly a
	wrapper to pthread with inline functions.
	threadutil source code will now be a part of libupnp library.

*******************************************************************************
Version 1.8.0
*******************************************************************************

2014-01-15 Peng <howtofly(at)gmail.com>

	Fix memory leaks.

2013-04-27 Thijs Schreijer <thijs(at)thijsschreijer.nl>

	Renamed SCRIPTSUPPORT to IXML_HAVE_SCRIPTSUPPORT for consistency. Also
	updated autoconfig and automake files, so it also works on non-windows.
	Option is enabled by default, because it adds an element to the node
	structure. Not using an available field is better than accidentally
	using an unavailable field.

2012-07-11 Thijs Schreijer <thijs(at)thijsschreijer.nl>

	Changed param to const UpnpAcceptSubscriptionExt() for consistency

2012-06-07 Thijs Schreijer <thijs(at)thijsschreijer.nl>

	updated ixmlDocument_createAttributeEx() and ixmlDocument_createAttribute()
	to use parameter DOMString instead of char * (same but now consistent)

2012-05-06 Thijs Schreijer <thijs(at)thijsschreijer.nl>

	Added script support (directive SCRIPTSUPPORT) for better support of
	garbage collected script languages. The node element gets a custom tag
	through ixmlNode_setCTag() and ixmlNode_getCTag(). And a callback upon
	releasing the node resources can be set using ixmlSetBeforeFree()
	See updated readme for usage.

2012-03-24 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3510595 - UpnpDownloadXmlDoc : can't get the file

	Submitted: Marco Virgulti ( mvirg83 ) - 2012-03-23 10:08:08 PDT

	There is a problem, perhaps, during downloading a document by
	UpnpDownloadXmlDoc. During debugging i've found that in an not exported
	api (unfortunately i forgot the code line...) where it is setted a
	local variable "int timeout" to -1 then passed directly to another
	function for sending data through tcp socket. I patched this setting it
	to 0 (there is an IF section that exits if timeout < 0). It is normal
	behavior or it is a bug?

2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Check for NULL pointer in TemplateSource.h

	calloc can return NULL so check for NULL pointer in CLASS##_new and
	CLASS##_dup.

2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Replace strcpy with strncpy in get_hoststr

	Replace strcpy with strncpy to avoid buffer overflow.

2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Memory leak fix in handle_query_variable

	variable was never freed.

2011-02-07 Chandra Penke <chandrapenke(at)mcntech.com>

	Add HTTPS support using OpenSSL. HTTPS support is optional and can
	be enabled by passing the --enable-open-ssl argument to the
	configure script.

	The following methods are introduced to the public API:
	UpnpInitOpenSslContext

	When enabled, HTTPS can be used by using "https://" instead of
	"http://" when passing URLs to the HTTP Client API.

2011-02-07 Chandra Penke <chandrapenke(at)mcntech.com>

	Refactor HTTP Client API to be more generic.

	The following features are added:

	- Support for persistent HTTP connections (reusing HTTP
	  connections). Tthis is still a work in progress and relies on
	  applications to interpret the 'Connection' header
	  appropriately.

	- Support for specifying request headers when making
	  requests. Useful for interacting with web services that require
	  custom headers.

	- Support for retrieving response headers (this is a API only
	  change, some more work needs to be done to implement the actual
	  functionality. Specifically copy_msg_headers in httpreadwrite.c
	  needs to be implemented)

	- Common API for all HTTP methods.

	- Support for PUT, and DELETE methods.

	The following methods are introduced to the public HTTP Client API

	UpnpOpenHttpConnection, UpnpCloseHttpConnection, UpnpMakeHttpRequest,
	UpnpWriteHttpRequest, UpnpEndHttpRequest, UpnpGetHttpResponse,
	UpnpReadHttpResponse.

	Removed a lot of duplicate code in httpreadwrite.c

2011-01-17 Chandra Penke <chandrapenke(at)mcntech.com>

	Include upnpconfig.h in FileInfo.h to automatically include large
	file macros

2011-01-17 Chandra Penke <chandrapenke(at)mcntech.com>

	Fix for warnings Apple systems related to macros defined in list.h.

	In list.h, in apple systems, undefine the macros prior to defining them.

2011-01-16 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	Fix for UpnpFileInfo_get_LastModified() in http_MakeMessage().

	UpnpFileInfo_get_LastModified() returns time_t, and http_MakeMessage()
	takes a "time_t *". Thanks to Chandra Penke for pointing the bug.

2010-11-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	Template object for ssdp_ResultData.

2010-11-10 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Support for "polling" select in sock_read_write.

	Currently, in sock_read_write function, if the timeout is 0, pupnp
	realizes a "blocking" select (with an infinite timeout). With this
	patch, if timeout is set to 0, pupnp will realize a "polling" select
	and returns immediately if it can not read or write on the socket. This
	is very useful for GENA notifications when pupnp is trying to send
	events to a disconnected Control Point. "Blocking" select can now be
	done by putting a negative timeout value.

2010-09-18 Chandra Penke <chandrapenke(at)mcntech.com>

	This is a minor build fix. The new Template*.h files added in the latest
	code need to be exported. Patch against the latest sources is attached.

2010-08-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* upnp/src/api/Discovery.c: Fix a serious bug and memory leak in
	UpnpDiscovery_strcpy_DeviceType(). Thanks to David Blanchet for the
	patch.

2010-04-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	Separation of the ClientSubscription object.

2010-04-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	Protect the object destructors agains null pointers on deletion, which
	should be something valid.

2010-03-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	SF Patch Tracker [ 2987390 ] upnp_debug vs. ixml_debug
	Thanks for the load of updates, I'm still assimilating them ! Could I make
	a suggestion though? The addition of printNodes(IXML_Node) to upnpdebug a
	dds a new dependency on ixml.h for anything using upnpdebug.h. I'm making
	quite a bit of use of upnpdebug in porting things to version 1.8.0, and I'd
	prefer it if printNodes could be added to ixmldebug.h instead. I'm attach
	ing a patch, what do you think ?

	Nick

2010-03-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Forward port of svn revision 505:
	SF Patch Tracker [ 2836704 ] Patch for Solaris10 compilation and usage.
	Submitted By: zephyrus ( zephyrus00jp )

2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2969188 ] 1.8.0: patch for FreeBSD compilation
	Submitted By: Nick Leverton (leveret)
	Fix the order of header inclusion for FreeBSD.

2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Forward port of svn revision 502:
	SF Patch Tracker [ 2836704 ] Search for nested serviceList (not
	stopping at the first lis
	Submitted By: zephyrus ( zephyrus00jp )
	
	Internet Gateway Device description contains nested serviceList (rootdevice
	-> servicelist, subdevice
	and subdevice has the lower-level serviceList, etc..)

	Unfrotunately, the sample code sample_util.c used by tv_device sample,
	etc.
	has a code that looks for only the first top-level serviceList.
	This results in the failure to read all the services of an IGD xml
	description.

	Attached patch modifies this behavior and looks for the service by
	visiting all the serviceList in xml document in turn.

	With the modified patch (ad additional modification), I could
	simulate an IGD device and created a modified control program for that.

	Patch against 1.6.6

	TIA.

2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2973319 ] Problem in commit 499
	Submitted By: Nick Leverton (leveret)
	Afraid that this doesn't compile, it seems retval should be retVal in two
	places.

2010-03-16 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fix for the ithread_mutex_unlock() logic in UpnpInit().
	Thanks for Nicholas Kraft.

2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2962606 ] Autorenewal errors: invalid SID,
	too-short renewal interval
	Submitted By: Nick Leverton (leveret)
	
	Auto-renewals send an invalid SID due to a missing UpnpString_get_String
	call. They also send a renewal interval of 0 instead of copying it from
	the original subscription.

2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2964685 ] patch for avoiding inet_ntoa (1.8.0)
	Submitted By: Nick Leverton (leveret)
	
	Seems like SF's tracker won't let me add a patch to someone else's issue ?!
	This refers to https://sourceforge.net/support/tracker.php?aid=2724578
	
	The calls to inet_ntoa are in getlocalhostname(), which is called from
	UpnpInit when it is returning the bound IP address. 
	UpnpInit/getlocalhostname hasn't been updated to IPv6, I presume this is
	deliberate so that it doesn't start returning IPv6 addresses and
	overwriting the caller's IPv4-sized allocation.
	
	The attached patch just updates getlocalhostname to use inet_ntop instead
	of inet_ntoa, and also documents the fact that UpnpInit is IPv4 only whilst
	UpnpInnit2 is both IPv4 and IPv6.
	
	A fuller solution might be to change UpnpInit to use some variant on
	UpnpGetIfInfo. UpnpInit could still be left as IPv4 only if desired -
	perhaps UpnpGetIfInfo could take an option for the desired address family.
	getlocalhostname and its own copy of the interface scanning code would then
	be redundant. I don't have IPv6 capability here though so I'm reluctant to
	change the IPv6 code, as I have no way to test it.

2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2724578 ] patch for avoiding memory leaks when
	add devices
	
	each time a device been added, UpnpInit() is called, on exit, UpnpFinish()
	is called, but the memories allocated by ThreadPoolInit() may lost because
	there's no code to call ThreadPoolShutdown() to release the memories. And
	inet_ntoa() is not thread safe, so in my patch, I substitute inet_ntoa()
	with inet_ntop().

2010-03-14 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2964687 ] Add new string based accessors to upnp
	object API

	As per email to pupnp-devel, this is the patch to add the _strget_
	accessors for string-like objects in the interface.
	
	Will add a further patch shortly to udpate the sample programs.

2008-06-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Nicholas Kraft's patch to fix some IPv6 copy/paste issues. He
	reported to be getting infinite loops with the svn code.

2008-06-13 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 1984541 ]
	ixmlDocumenttoString does not render the namespace tag.
	Submitted By: Beliveau - belivo

	Undoing the patch that fixed this problem. In fact, there was no
	problem and the patch was wrong.

2008-06-11 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Ingo Hofmann's patch for "Content-Type in Subscription responses".
	Adds charset="utf-8" attribute to the CONTENT-TYPE header line.

	Hi,

	I have found an inconsistency regarding the text/xml content-type
	returned by libupnp. It looks like only subscription responses send
	"text/xml" where all other messages contain "text/xml; charset="utf-8"".
	Since I'm working on an DLNA device the latter behaviour is mandatory.
	I changed the according lines in gena_device.c (see attached patch).
	I'm not sure if it would be ok for other device to have the charset
	field but it would help me a lot :)

	Best regards,
	Ingo

2008-06-04 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 1984541 ]
	ixmlDocumenttoString does not render the namespace tag.
	Submitted By: Beliveau - belivo

	The problem occurs when converting a xml document using
	ixmlDocumenttoString containing a namespace tag created with
	ixmlDocument_createElementNS. The namespace tag doesn't get rendered.

	example: The following code fragment prints:

	<?xml version="1.0"?>
	<root></root>

	instead of:
	<?xml version="1.0"?>
	<root xmlns="urn:schemas-upnp-org:device-1-0"></root>
	
	Code:

	#include <stdlib.h>
	#include <upnp/ixml.h>

	int main()
	{
		IXML_Document* wDoc = ixmlDocument_createDocument();
		IXML_Element* wRoot = ixmlDocument_createElementNS(wDoc,
			"urn:schemas-upnp-org:device-1-0", "root");
		ixmlNode_appendChild((IXML_Node *)wDoc,(IXML_Node *)wRoot);
		DOMString wString = ixmlDocumenttoString(wDoc);
		printf(wString);
		free(wString);
		ixmlDocument_free(wDoc);
		
		return 0;
	}

	The problem was in the printing routine, not in the library data
	structure.

2008-05-31 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Charles Nepveu's suggestion of not allocating a thread for
	MiniServer when it is not compiled.

2008-05-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Ported Peter Hartley's patch to compile with mingw.

2008-05-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added some debug capability to ixml.

2008-05-02 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Merged Charles Nepveu's IPv6 work. libupnp now is IPv6 enabled.

2008-02-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Breaking API so that we now hide internal data structures.

2008-02-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Rewrote Peter Hartley's patch to include a new extra header field in
	FileInfo.

*******************************************************************************
Version 1.6.22
*******************************************************************************

2017-07-07 James Cowgill <james410(at)cowgill.org.uk>

	Replace MD5 impmplementation with public-domain version

	Currently the RSA MD5 implementation is used. Unfortunately the license
	has some potential issues:
	* The license does not explicitly allow distributing derivative works.
	This was the original argument used in
	[Debian #459516](https://bugs.debian.org/459516).
	* The license contains an advertising clause similar to the BSD 4-clause
	license. This is incompatible with the GPL and if it were enforced,
	would require RSA to be mentioned by pretty much everyone who uses pupnp.

	The simple solution is to replace it with a public domain
	implementation. I've taken OpenBSDs implementation and tweaked it
	slightly for use by pupnp by:
	- Adjusting the includes.
	- Removing the __bounded__ attributes which are specific to OpenBSD.
	- Using the standard integer types from stdint.h.
	- Using memset instead of explicit_bzero.

2016-12-16 Peter Pramberger <peterpramb(at)users.sf.net>

	ixml/test/test_document.c is missing the string.h include, therefore
	the compiler complains about an implicit declaration.

*******************************************************************************
Version 1.6.21
*******************************************************************************

2016-12-16 Gabriel Burca <gburca(at)github>

	If the error or info log files can not be created, use stderr and
	stdout instead.

2016-12-08 Uwe Kleine-König <uwe(at)kleine-koenig.org>

	Fix out-of-bound access in create_url_list() (CVE-2016-8863)

	If there is an invalid URL in URLS->buf after a valid one, uri_parse is
	called with out pointing after the allocated memory. As uri_parse writes
	to *out before returning an error the loop in create_url_list must be
	stopped early to prevent an out-of-bound access

	Bug: https://sourceforge.net/p/pupnp/bugs/133/
	Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
	Bug-Debian: https://bugs.debian.org/842093
	Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771

2016-11-30 Uwe Kleine-König <uwe(at)kleine-koenig.org>

	miniserver: fix binding to ipv6 link-local addresses

	Linux requires to have sin6_scope_id hold the interface id when binding to
	link-local addresses. This is already in use in other parts of upnp, so
	portability shouldn't be in the way here. Without this bind(2) fails with
	errno=EINVAL (although ipv6(7) from manpages 4.08 specifies ENODEV in this
	case).

	Fixes: https://bugs.debian.org/813249

2016-09-15 Mathew Garret <(at)mjg59 (twitter)>

	SF Bug Tracker #132 CVE-2016-6255: write files via POST

	Submitted by: Balint Reczey in 2016-08-02

	From Debian's BTS https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=831857 :
	From: Salvatore Bonaccorso carnil@debian.org
	To: Debian Bug Tracking System submit@bugs.debian.org
	Subject: libupnp: write files via POST
	Date: Wed, 20 Jul 2016 11:03:34 +0200
	Source: libupnp
	Version: 1:1.6.17-1
	Severity: grave
	Tags: security upstream
	Justification: user security hole
	Hi
	See http://www.openwall.com/lists/oss-security/2016/07/18/13 and
	https://twitter.com/mjg59/status/755062278513319936 .
	Proposed fix:
	https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
	Regards,
	Salvatore

	From Mathew Garret's commit: Don't allow unhandled POSTs to write to the filesystem by default

*******************************************************************************
Version 1.6.20
*******************************************************************************

2016-02-22 Jean-Francois Dockes <medoc(at)users.sf.net>

	SF Bugs #131, Creator: Jean-Francois Dockes

	I know it sounds crazy that nobody ever saw this, but the CONTENT-LENGTH
	value in GENA NOTIFY messages is too small by one.

	It appears that most current control points don't notice the extra
	character (an LF, which is validly there but not included in
	Content-Length), probably because their protocol handler is reasonably
	lenient, and because the missing body LF does not prevent parsing the
	XML. But there is a least one anal CP (Linn Kazoo) which barfs, because
	it reads all data until connection close and the size mismatch triggers
	a bug.

	"Proof":
	In gena_device.c:217 (notify_send_and_recv())

	ret_code = http_SendMessage(&info, &timeout,
	    "bbb",
	    start_msg.buf, start_msg.length,
	    propertySet, strlen(propertySet),
	    CRLF, strlen(CRLF));

	start_msg has all the headers, including the empty line.
	Content-length should be strlen(propertySet) + strlen(CRLF) (2)
	In gena_device.c:433 (AllocGenaHeaders())

	rc = snprintf(headers, headers_size, "%s%s%"PRIzu"%s%s%s",
	    HEADER_LINE_1,
	    HEADER_LINE_2A,
	    strlen(propertySet) + 1,
	    HEADER_LINE_2B,
	    HEADER_LINE_3,
	    HEADER_LINE_4);

	HEADER_LINE_2A is "CONTENT-LENGTH: ". 
	The following value should be strlen(propertySet) + 2

2016-01-07 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Fix for a reported integer overflow

2016-01-07 Jean-Francois Dockes <medoc(at)users.sf.net>
2016-01-07 Nick Leverton <nick(at)leverton.org>
	SF Patches #60, Creator: Jean-Francois Dockes

	When libupnp is configured with --enable-ipv6 but ipv6 is not available
	on the system (for example because the ipv6 code is not loaded in a Linux
	kernel as is the case by default on Raspbian), the ipv6 socket creation
	call will fail in miniserver.c and the library init will fail, even if
	the ipv4 initialisation would have succeeded.

	Let a library configured with --enable-ipv6 initialize in ipv4-only
	mode if ipv6 is not available instead of failing. This can happen
	if no ipv6 code is configured or loaded in the kernel.

	Don't fail if IPv6 is unavailable.
	We might be an IPv6 enabled distro build running on an IPv4-only custom kernel.

2016-01-07 Nick Leverton <nick(at)leverton.org>

	SF Bug Tracker #128, Creator: Nick Leverton
	redefining strndup causes "error: expected identifier or '(' before '__extension__'"

	Fix redefinition of strnlen and strndup
	These are available when HAVE_STRNDUP and HAVE_STRNLEN are defined, but
	libupnp provides an extern prototype anyway.  Recent versions of glibc
	define this prototype differently, causing the following compile error:

	src/api/UpnpString.c:47:15: error: expected identifier or '(' before  '__extension__'
		extern char *strndup(__const char *__string, size_t __n);

2016-01-07 Nick Leverton <nick(at)leverton.org>

	SF Bug Tracker #129, Creator: Nick Leverton
	shutdown() on UDP sockets logs ENOTCONN message.
	https://sourceforge.net/p/pupnp/bugs/129/

	Fix ENOTCONN "Error in shutdown: Transport endpoint is not connected"

	When logging is enabled, ssdpserver logs bursts of
	"Error in shutdown: Transport endpoint is not connected"
	This is because shutdown() is not supported for UDP sockets and under
	recent UNIX specifications it returns ENOTCONN if used.
	
2016-01-07 Nick Leverton <nick(at)leverton.org>

	SF Bug Tracker #127, Creator: Klaus Fischer
	Miniserver uses INADDR_ANY instead of HostIP
	https://sourceforge.net/p/pupnp/bugs/127/

	The internal miniserver.c uses INADDR_ANY instead of the HostIP/IfName
	provided when initializing libupnp. But, this HostIP/IfName gets used
	for the UDP socket when multicasting SSDP messages.  Because of this,
	miniserver may end up sending from different IP address than ssdpserver.
	This patch causes miniserver to use the already known interface address.

2016-01-07 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker #130, Creator: Shaddy Baddah
	infinite loop in UpnpGetIfInfo() under WIN32

	Original code makes no sense. This patch should fix it.

2015-02-04 Shaun Marko <semarko@users.sf.net>

	Bug tracker #124 Build fails with --enable-debug

	Build environment
	Fedora 21
	X86-64
	* gcc 4.9.2

	How to repeat
	$ ./configure --enable debug
	$ make
	libtool: compile: gcc -DHAVE_CONFIG_H -I. -I.. -I../upnp/inc -I./inc -I../threadutil/inc
	-I../ixml/inc -I./src/inc -pthread -g -O2 -Wall -MT src/api/libupnp_la-UpnpString.lo
	-MD -MP -MF src/api/.deps/libupnp_la-UpnpString.Tpo -c src/api/UpnpString.c
	-fPIC -DPIC -o src/api .libs/libupnp_la-UpnpString.o src/api/UpnpString.c:47:16:
	error: expected identifier or '(' before 'extension'
	extern char *strndup(const char *string, size_t __n);
	^
	Makefile:1016: recipe for target 'src/api/libupnp_la-UpnpString.lo' failed

	Reason for failure
	Build enables -O2 optimization flags which causes the inclusion of a
	macro implementation of strndup from include/bits/string2.h.

	Workarounds
	Disable optimization when configuring or making:
	$ configure CFLAGS='-g -pthread -O0' --enable-debug
	$ make
	or
	$ configure --enable-debug
	$ make CFLAGS='-g -pthread -O0' Define NO_STRING_INLINES
	$ export CFLAGS="-DNO_STRING_INLINES -O2"
	$ ./configure --enagble-debug
	$ make

	Fix
	* Don't declare strndup in src/api/UpnpString.c if it exists

2015-02-01 Jean-Francois Dockes <medoc@users.sf.net>

	Out-of-tree builds seem to be currently broken, because ixml and
	threadutil files need an include path to include UpnpGlobal.h, and
	configure tries to copy files into a directory which it does not create.
	The patch fixes both issues.

2014-01-03 Peng <howtofly(at)gmail.com>

	rewrite soap_device.c

	1) separate HTTP handling from SOAP handling
	2) remove repeated validity check, each check is performed exactly once
	3) fix HTTP status code per UPnP spec, SOAP spec and RFC 2774

*******************************************************************************
Version 1.6.19
*******************************************************************************

2013-11-14 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker #119, Creator: Klaus Fischer
	Access violation due to changed usage of pthreads-win32

	Dear libupnp developers,

	I have experienced a crash (access violation) when using libupnp on
	Windows. The crash is actually located in pthreads-win32 and happens
	when repeatedly de-/initializing libupnp on Win32 in the same process
	and both libupnp and pthreads-win32 are compiled as static libraries.

	So I'm doing this:
	- UpnpInit()
	- UpnpFinish()
	- UpnpInit() <- Crash

	I am already in touch with Ross Johnson on the pthreads-win32 mailing
	list regarding this issue:

	http://sourceware.org/ml/pthreads-win32/2013/msg00020.html

	He told me the problem is that the functions
	pthread_win32_process_attach/detach_np() should no longer be called
	directly, but are invoked automatically now since version 2.9.0 of
	pthreads-win32, which has been released approx. 1.5 years ago. Please
	refer to above link for in-depth information.

	So for proper using of latest pthreads-win32 library, those function
	calls should vanish inside libupnp. Could you consider adapting libupnp
	in that way? I would really like to use both libraries out-of-the-box
	without local modifications, and this issue prevents that.

	Best regards,
	Klaus

2013-11-08 Peng <howtofly(at)gmail.com>

	Fix several minor bugs in soap_device.c

	1) remove redundant free
	2) avoid user-provided ErrStr being overwritten by the default one
	3) eliminated memory leak possiblity in handle_query_variable

2013-11-08 Peng <howtofly(at)gmail.com>

	Fix return value check of parse_uri.

2012-06-19 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	SF Bug Tracker #118, Creator: T.Iwamoto
	tv_ctrlpt crashes after detecting a later version of tvcontrol service

	From:  gon3456@users.sf.net
	Steps to reproduce:
	1. Extracts and build libupnp-1.6.18
	$ tar -xjf /path/to/archive/libupnp-1.6.18.tar.bz2
	$ cd libupnp-1.6.18
	$ ./configure
	$ make
	2. Applies the attached patch and remake.
	$ patch -p1 < /path/to/patch/libupnp-1.6.18.patch
	$ make
	3. Run tv_device.
	$ cd upnp/sample
	$ ./tv_device
	4. Run tv_ctrlpt; the tv_ctrlpt crashes soon.
	$ ./tv_ctrlpt
	Segmentation fault (core dumped)
	This is an issue report about the sample program of control point.
	The tv_ctrlpt crashes after detecting a tvdevice that contains tvcontrol:2 or higher version of tvcontrol service.
	tv_ctrlpt should detect correctly such devices due to forward compatibility of control points with device.
	For more information about the compatibility, please refer the following document:
	DLNA Architectures and Protocols Part 1 2011 December - 7.3.2.1.3 (GUN:GZJXU)
	The attached patch changes the sample programs as below:
	- device: changes version of tvcontrol service from 1 to 2. This change may occur in the future.
	- cp: nothing changed: cp knows version 1 of tvcontrol service only.
	I know many vendors implements their control points based on the tv_ctrlpt, so I hope to fix this issue ASAP.

	==

	From: Yoichi NAKAYAMA
	SEGV is caused by strcpy with NULL argument.
	Attached patch will avoid SEGV in strcpy, but there may be other inconsistencies.

	> I know many vendors implements their control points based on the tv_ctrlpt,

	I don't think so. I think tv_ctrlpt is just a sample to be used with tv_device.

2013-10-28 Pino Toscano <pinotree(at)users.sourceforge.net>

	Fix compilation on GNU/Hurd

2013-10-28 Peng <howtofly(at)gmail.com>

	Fix return value of http_RecvPostMessage and update httpparser.c's comments

2013-10-17 Peng <howtofly(at)gmail.com>

	Fix return value of process_request and related subroutines
	1) Only HTTP_XXX should be return
	2) Make default return value work for process_request

2013-10-15 Peng <howtofly(at)gmail.com>

	Fix Content-Range generation bug

2013-09-10 zexian chen <chenzexian88(at)gmail.com>

	Hi,

	I had found some bugs about memory leak on libupnp-1.6.18. 

	It may lead to memory leak  when calling ThreadPoolAdd() or
	ThreadPoolAddPersistent() which does not return 0. 

	See the attachment for patch.

2013-09-03 Peng <howtofly(at)gmail.com>

	Fix return value of config_description_doc.

	UPNP_E_XXX should not be used instead of IXML_XXX

2013-09-03 Peng <howtofly(at)gmail.com>

	Remove faulty free in GetDescDocumentAndURL.

	temp_str, which points to part of description, should not be freed.

2013-09-02 Peng <howtofly(at)gmail.com>

	Suppose the UPnP device is listening on 192.168.1.102:49152. Use the following to send
	garbage bytes to the device:
	while true; do echo "\""; done | netcat 192.168.1.102 49152

	The device just keeps receiving these bytes and its memory usage keeps growing.
	Malicious client may exploit it to exhaust the device's memory.

	The attached patch eliminates this possibility.

2013-09-02 Peng <howtofly(at)gmail.com>

	1) restore the scanner's original cursor position in case of
	   insufficient input;
	2) free the memories allocated for a new header in case of a failure.

2013-08-13 Peng <howtofly(at)gmail.com>

	Patch to fix behaviou when char is signed

	it seems to me that there is still something wrong:

	1)  the new is_qdtext_char() is incorrect.
	There is a trap if char is implemented as signed char.
	Suppose that c is '\xFF', it will be -1 when converted to an int.
	By definition, c should be qdtext:
	qdtext = <any TEXT except <">>
	TEXT = <any OCTET except CTLs, but including LWS>
	OCTET = <any 8-bit sequence of data>

	2) the character after '\\' could be either part of a quoted-pair
	(together with '\\'), or a normal qdtext, since '\\' itself can
	be treated as a qdtext. This is equivalent to saying that the
	character after '\\' in a quoted string could be ANY octet.

	A patch based on the above two observations is attached.

	Peng

2013-08-13 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Enforce RFC 2616 and accept "0" after a backslash for quoted-strings.

	Reported by Peng <howtofly(at)gmail.com>

2013-08-13 Peng <howtofly(at)gmail.com>

	Patch to make scanner_get_token more robust (avoid over-reading).

2013-07-30 Zheng Peng <darkelf2010(at)users.sf.net>

	SF ticket #116 UpnpRemoveVirtualDir wrong linked list operation

	What if pVirtualDirList has two nodes and what we want to delete is the
	first one. Patch attached.

2013-07-30 Sebastian Brandt <s.brandt(at)aixtrusion.de>

	Dear libupnp-devels,
	when POST'ing to the simple web server in libupnp, the application crashes.
	This is caused by a missing "..." argument in webserver.c:1533.
	Seems it has been there for a long time ... 1.6.9 and 1.6.18 have it.

	webserver.c:1533 calls http_MakeMessage
	/* Send response. */
	http_MakeMessage(&headers, 1, 1,
		 "RTLSXcCc",
		 ret, "text/html", X_USER_AGENT);
	The format parameter RTLSXcCc needs four arguments -
	R - response code - ret,
	T- content type - text/html,
	L - struct SendInstruction * - NOT PRESENT
	X - user agent - X_USER_AGENT

	This results in a crash.

	Changing to
	http_MakeMessage(&headers, 1, 1,
		 "RTLSXcCc",
		 ret, "text/html", &RespInstr, X_USER_AGENT);
	solves the situation.

	Yours,
	Sebastian Brandt

*******************************************************************************
Version 1.6.18
*******************************************************************************

2012-12-06 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Security fix for CERT issue VU#922681

	This patch addresses three possible buffer overflows in function
	unique_service_name(). The three issues have the folowing CVE numbers:

	CVE-2012-5958 Issue #2: Stack buffer overflow of Tempbuf
	CVE-2012-5959 Issue #4: Stack buffer overflow of Event->UDN
	CVE-2012-5960 Issue #8: Stack buffer overflow of Event->UDN

	Notice that the following issues have already been dealt by previous
	work:

	CVE-2012-5961 Issue #1: Stack buffer overflow of Evt->UDN
	CVE-2012-5962 Issue #3: Stack buffer overflow of Evt->DeviceType
	CVE-2012-5963 Issue #5: Stack buffer overflow of Event->UDN
	CVE-2012-5964 Issue #6: Stack buffer overflow of Event->DeviceType
	CVE-2012-5965 Issue #7: Stack buffer overflow of Event->DeviceType

2012-06-19 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Fix memory leak and access violation in UpnpSendAction(Ex)Async.

	Free buffers after malloc or ixmlPrintNode failure.
	Free Param->Header before destructing Param.

2012-05-25 Anoop Mohan <anoop.anoop(at)gmail.com>

	This patch fixes a bug in non blocking connect call where the sock
	option length for SO_ERROR was passed as 0 instead of sizeof(int).

2012-04-24 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Disable SetGenaCallback call if device is disabled.

	If device is disabled, SetGenaCallback definition is disabled,
	but its call remains. A link error will occur in Win32.

2012-04-21 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Fix condition for allocation failure in get_content_type().

	At the end of get_content_type() in webserver.c, it should check
	return value of ixmlCloneDOMString().

2012-04-21 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Fix problems detected as dead assignment warning by clang scan-build.

	Wrong assignment by shutdown result hides the real error code
	of NewRequestHandler() in ssdp_device.c.
	Fix return code description of NewRequestHandler().
	Handle return code from ithread_create in sample applications.
	Remove unused assignments.

2012-04-20 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Avoid dereference of null pointer in ixmlNode_setNodeProperties.

	The problem can occur if one of the arguments is NULL.
	Test argument and fix assertion.

2012-04-17 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Create intermediate directory per project on vc9.

	Sample applications share sample_util.c and collisions of
	object file can occur in parallel build. Modify project files to
	split intermediate directories against it.
	Apply similar changes also to library projects, like vc10 projects.

2012-04-11 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Avoid access violation after parser_parse_chunky_headers call.

	In parser_parse_chunky_headers, parser->msg.msg.buf can be changed
	by membuffer_delete call. Therefore if we save the pointer to
	parser->msg.entity.buf before calling membuffer_delete, it will
	induce access to released memory.

2012-04-06 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Remove possibility of access violation.

	1. Test Instr before dereference it in http_RecvPostMessage.
	(Though it never becomes NULL because NULL is not passed to
	the static method)
	2. Avoid strdup(NULL) in ixmlElement_setAttributeNS.
	Those are detected by llvm scan-build.

2012-04-05 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	SF Bug Tracker id 3507819 - Use of thread-unsafe gmtime() in httpreadwrite.c

	Submitted: zephyrus ( zephyrus00jp ) - 2012-03-18 06:31:00 PDT

	Define http_gmtime_r and web_server_asctime_r and use it.
	Those prefix are added since pthread for Win32 already
	has macro gmtime_r and asctime_r.

2012-04-05 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Fix type of local variable stopSock in RunMiniServer()

	The variable is declared as SOCKET, but it is used to
	store return value of int receive_from_stopSock(...).
	The type was changed in the commit
	4b47e6a51d9c7049a862695b68de75699e023551 by mistake.

2012-04-03 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Compilation optimisation

	Do not compile the code related to the webserver in http_SendMessage
	when --disable-webserver is set

*******************************************************************************
Version 1.6.17
*******************************************************************************

2012-04-02 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3514145 - Memory leak fix in threadutil

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-04-02 06:49:20 PDT

	Put thread in a detached state when calling ithread_create otherwise in
	some circumstances, thread can end before the call to ithread_detach.

2012-03-30 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Add --enable-unspecified_server

	Add --enable-unspecified_server configure option to set to "Unspecified"
	the OS name, OS version, product name and product version normally
	contained in the SERVER header as this could be used by an attacker.

2012-03-29 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Removing implicit casts in miniserver.c

	Removing implicit integer or enum casts in miniserver.c.

2012-03-29 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3512833 - Miniserver is wrongly disabled

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-29 07:36:34 PDT

	Miniserver is disabled if ECXLUDE_GENA, EXCLUDE_SOAP and
	EXCLUDE_WEBSERVER are set.
	However, SSDP needs the Miniserver to answer to M-SEARCH requests.
	So, MiniServer should not be disabled if EXCLUDE_SSDP is not also set.

2012-03-26 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	SF Bug Tracker id 3510693 - build fail with --disable-device

	Use INCLUDE_DEVICE_APIS instead of UPNP_HAVE_DEVICE as in other sources.
	Don't use soap_device_callback if INCLUDE_DEVICE_APIS is not set,
	otherwise link error occur on Windows.

2012-03-26 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3511149 - --disable-ssdp has no effect

	Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-25 18:14:34 PDT

	There are typos in upnp/src/inc/config.h "EXCLUDE_SSSDP" (shold be
	EXCLUDE_SSDP), therefore EXCLUDE_SSDP is always 0, and --disable-ssdp
	has no effect.

2012-03-24 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Remove implicit casts

	Cast parameters of htonl in uint32_t in IN6_IS_ADDR_GLOBAL and
	IN6_IS_ADDR_ULA definitions.
	Remove comparison with 0 in while statement of vfmatch,
	http_SendMessage and http_MakeMessage.

2012-03-24 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	SF Bug Tracker id 3510693 - build fail with --disable-device

	GetDeviceHandleInfo just fail without using undefined member DeviceAf
	if UPNP_HAVE_DEVICE is not defined.
	Move ContentTypeHeader definition to soap_common.c, since it is
	also used in soap_ctrlpt.c.

*******************************************************************************
Version 1.6.16
*******************************************************************************

2012-03-18 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Replace sprintf by snprintf in http_WriteHttpPost

	Replace sprintf by snprintf in http_WriteHttpPost to avoid buffer
	overflow.

2012-03-18 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Add infoSize parameter to get_sdk_info

	Add infoSize parameter to get_sdk_info function to replace sprintf call
	by a snprintf call.

2012-03-16 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Check return code in ixml

	Check return code of ixmlDocument_CreateElementEx in
	ixmlDocument_CreateElement.
	Check return code of ixmlNode_setNodeName and ixmlNode_setNodeValue in
	ixmlNode_cloneCDATASect and ixmlNode_cloneTextNode.

2012-03-16 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Add more explicit casts and remove dead code

	Comment unused SERVER from DeviceShutdown.
	Comment unused max from parse_hostport.
	Comment unused nodeptr from ixmlNode_cloneDoc.
	Comment unused newNode from Parser_hasDefaultNamespace.
	Comment unused Parser_parseReference function
	Check return code of shutdown and display an error if needed.

2012-03-15 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Fix previous commit

	Replace HAVE_UPNP_OPTSSDP by UPNP_HAVE_OPTSSDP in upnpapi.c.

2012-03-15 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Add --disable-optssdp option

	Modify configure.ac to add --disable-optssdp option. This option will
	remove OPT, 01-NLS and X_USER_AGENT headers from SSDP messages as those
	headers are optional. If --disable-gena and disable-optssdp are both
	used, uuid part will not be compiled anymore.

2012-03-15 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Bug fix in ixmlNode_allowChildren

	Commit d48d73720bd325062c4d3b9ce85f3944be4f562d added a bug in
	ixmlNode_allowChildren, this function was returning FALSE instead of
	TRUE when newChild->nodeName was eELEMENT_NODE.

2012-03-15 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Improve upnp/genlib/net

	Change ret_code from int to parse_status_t in match.
	Set back return code of ReadResponseLineAndHeaders from parse_status_t
	to int as this function can return UPNP_E_BAD_HTTPMSG. As a result, do
	not cast the result of this function into parse_status_t in
	http_OpenHttpGetProxy and http_OpenHttpGetEx.
	Use switch with PARSE_OK in parsetools.c.
	Add missing explicit casts of integer constants in uri.c and
	httpreadwrite.c.
	Use switch, int and sa_family_t with AF_INET in uri.c.
	Print an error in http_Download if realloc failed.

2012-03-14 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Use switch instead of if with enums in upnpapi.c

	Replace if statements with switch when using HND_DEVICE and HND_CLIENT
	enum constants.
	Correct also UpnpUnRegisterRootDeviceLowPower and UpnpUnRegisterClient
	as those functions were wrongly awaiting an UPNP_E_INVALID_HANDLE
	instead of HND_INVALID from GetHandleInfo.

2012-03-14 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Improve ssdp part

	Do not compile CreateClientRequestPacketUlaGua if IPv6 is disable.
	Cast DestAddr->sa_family from sa_family_t into int when calling
	CreateServicePacket as this function has been set back to accept int in
	a692e591defe6ed9a617b9b4a083964a01f7bbab.
	Use switch instead of if with AF_INET and AF_INET6.
	Add missing casts from AF_INET and AF_INET6 into sa_family_t when using
	them to set sin_family and sin6_family.
	Add missing explicit casts into size_t or lu when using	integer
	constants with strlen or unsigned long indexes.
	Set SSDP_PAUSE to be unsigned as it is used with usleep.

2012-03-14 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Use switch insted of if with enums in ixml

	Replace if statements with switch when using enums in ixml.
	Remove uneeded initialization in ixmlAttr_init, Parser_init and
	ixmlNode_init which was added by wrongly added in commit
	06660b6383c438e4e2c9ca9854077cecc4da9e5d.

2012-03-14 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Use switch insted of if with enums in threadutil

	Replace if statements with switch when using enums in threadutil.

2012-03-14 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Fix missing break in http_RecvMessage

	There was a missing break in PARSE_INCOMPLETE_ENTITY due to commit
	2eb3e069badd5c8676738c3ead37f9551fd8448e.

2012-03-14 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Fix parse failure observed with tvdevice sample.

	Commit c40d2bc0c9b60c43b641ac4669c7b8bbcd6134c5 has a problem
	at removing the parentheses in parser_parse_responseline.
	Difference of pointers was used with intention, don't cast
	them separately.

2012-03-14 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Fix compile error on Windows.

	Include UpnpStdInt.h for ssize_t.
	Define sa_family_t in UpnpInet.h.

2012-03-14 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Avoid ambiguous change of SsdpEvent in unique_service_name.

	Handle overflow before changing SsdpEvent.
	Because the behavior of "snprintf" is platform dependent in such case.

2012-03-14 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	SF Bug Tracker id 3502958 - The commit 5944960e prevents a pupnp client (amule) from receiving replies from an IGD device.

	Previous change broke the feature. The error of unique_service_name
	in ssdp_request_type should be ignored.
	This reverts commit 5944960e172a797a9fcc196291f4046cafa7f6ec.

2012-03-13 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Address family is an int

	Reference: "man 2 socket".

2012-03-11 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Remove more implicit casts in upnp part

	Remove more "implicit integer or enum conversions" errors as well as
	dead code. 

2012-03-11 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Remove more implicit casts in upnp part

	Remove more "implicit integer or enum conversions" as well as memset
	before snprintf.

2012-03-11 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Avoid out of range access in CheckOtherHTTPHeaders.

	There was a problem in HDR_ACCEPT_LANGUAGE case.
	It may read from TmpBuf larger amount than allocated,
	since condition was always true.
	Terminate RespInstr->AcceptLanguageHeader correctly.
	Skip allocation if there is already sufficient buffer.

2012-03-10 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Remove some of the implicit cast in upnp part

	Remove some of the "implicit integer or enum conversions" as well as
	some access to NULL reference in upnp part.

2012-03-10 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Remove lock in ThreadPoolInit

	If ThreadPoolInit returned EAGAIN, tp->lock was not freed. 

2012-03-10 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Improve ixml

	Remove "implicit integer conversions" and
	"dereference NULL return value" errors in ixml part.

2012-03-10 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Exclude IPv6 stuff in SearchByTarget when UPNP_ENABLE_IPV6 is not defined.

2012-03-10 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Further measures against buffer overflows.

	* Pass output buffer size to CreateClientRequestPacket(UlaGua)
	  from SearchByTarget and detect overflow.
	* Handle SearchByTarget error in UpnpSearchAsync.
	* Pass output buffer size to addrToString and detect overflow.
	* Handle addrToString error in configure_urlbase. 
	* Handle overflow in http_SendMessage.
	* Respect unique_service_name error in ssdp_request_type
	  so as not to touch non-terminated buffer under Evt.
	* Treat large argument as error in UpnpAddVirtualDir.
	* Use strncpy with the standard way in readFromSSDPSocket.
	* Do not clear buffer before snprintf.
	* Clarify the last argument of GetDescDocumentAndURL has size LINE_SIZE.
	* For inet_ntop, use buffer with size INET6_ADDRSTRLEN or INET_ADDRSTRLEN.

2012-03-10 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Handle allocation error in strndup to avoid access violation.

	Return NULL before calling strncpy.
	Platforms with HAVE_STRNDUP are not affected.

2012-03-10 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Synchronize autoconfig.h with upnpconfig.h.

	It fixes WIN32 build where configure is not invoked. 

2012-03-09 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	More compilaton optimisation

	Do not compile most of service_table.c and client_table.c if
	--disable-gena is used.
	Do not compile urlconfig.c if --disable-webserver is used.
	Adding new UPNP_HAVE_xxx variables in upnpconfig.h and upnpconfig.h.in.

2012-03-09 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Optimisation of --disable-webserver

	Do not compile webserver.c if --disable-webserver is used.

2012-03-09 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Improve threadutil

	Remove "dereference NULL return" errors and implicit conversions to
	double or enum types.

2012-03-09 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Optimisation of --disable-webserver

	Do not compile miniserver.c if --disable-webserver is used.

2012-03-09 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Adding configure options

	Adding --disable-ssdp, --disable-soap, --disable-gena options to
	configure script.

2012-03-09 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Bug fix of last commit

	_snprintf was wrongly defined in ssdp_server.c

2012-03-09 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3499781 - msvc doesn't have snprintf

	Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-08 10:18:39 PST

	97a17ff5add73c97844e2fa74456bab4df0800f1 commit breaks build on
	windows/msvc since there is no snprintf.

	Note:
	* Some existing sources use _snprintf when WIN32 is defined, but its
	behavior is a bit different from C99 snprintf.
	* snprintf does terminate the buffer, so the commit (use buffer size
	minus 1 as argument) changes the behavior at the boundary.
	* Truncation might be better than crash in some cases. But it may
	result in not good.

2012-03-08 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker id 3499878 - UpnpUnSubscribeAsync(): ‘retVal’ may be used uninitialized

	Submitted: Marcelo Roberto Jimenez ( mroberto ) - 2012-03-08 12:38:57 PST

	src/api/upnpapi.c: In function ‘UpnpUnSubscribeAsync’:
	src/api/upnpapi.c:2060:6: warning: ‘retVal’ may be used uninitialized in this function

2012-03-08 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker id 3175217 - Crash bug in Parser_addNamespace()

	Submitted: Terry Farnham ( tfarnham ) - 2011-02-07 09:25:25 PST

	Details: The strcmp(pNode->prefix,pCur->prefix) crashes on pCur->prefix
	being NULL. This occurs on invalidly formatted xml where a node uses an
	undefined namespace. I would expect to receive IXML_FAILED in this
	situation.

2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Removing access to NULL pointers in node.c and element.c

	Check that newNode is not NULL ixmlNode_cloneNodeTree and pass newAttr
	as the return node in the ixmlElement_setAttributeNodeNS call of
	ixmlElement_setAttributeNS.

2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Memory leaks correction in upnpapi.c

	Fix memory leaks in UpnpUnSubscribe, SendActionExAsync and
	RenewSubscription.

2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3496993 - Write after free in ixmlNode_insertBefore

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 04:54:40 PST

	If ixmlNode_isParent(nodeptr, newChild) returns TRUE,
	ixmlNode_removeChild(nodeptr, newChild, NULL) will free newChild before
	the modifications of newChild->nextSibling and newChild->prevSibling.

2012-03-08 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Remove most of strcpy, sprintf and strcat

	Replace strcpy, sprintf and strcat by strncpy, snprintf and strncat to
	avoid buffer overflows.

2012-03-07 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	SF Bug Tracker id 3497714 - Buffer overflows

	Fix compile error on WIN32.

	Local variables must be declared first.
	Remove outdated comment.

2012-03-07 Yoichi NAKAYAMA <yoichi.nakayama(at)gmail.com>

	Avoid access violation in assertion.

	xmlParser->pCurElement was dereferenced before null check.
	Affects debug build only.

2012-03-07 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Remove SIZEOF_MISTACH error in notify_send_and_recv

	Replace sizeof(CRLF) by strlen(CRLF) as CRLF is a const char*.

2012-03-07 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3498442 - Memory leak in get_file_info

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:44:30 PST

	info->contentType is not freed before being set to NULL.

2012-03-07 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3498439 - Memory leak in removeServiceTable

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:35:46 PST

	UDN is not freed.

2012-03-07 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3498436 - Memory leak in Parser_processAttributeName

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-07 02:30:57 PST

	attr is not freed if ixmlNode_setNodeProperties or
	ixmlNode_setAttributeNode return an error in
	Parser_processAttributeName.

2012-03-07 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Fixing an error in d6db7c555d0f11856ce5e3e479b16a4cf4689107 commit

	Evt.Sid should not be cast into char* when calling sizeof otherwise
	size will be 4.

2012-03-06 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Removing two unused variables in ssdp_server.c

	Removing first TempPtr allocation in unique_service_name as well as one
	of the dbgStr allocation in AdvertizeAndReply as those values were not
	used.

2012-03-06 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3497714 - Buffer overflows

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-06 07:36:08 PST

	Call to strcpy should be replaced by call to memset and strncpy to
	avoid getting buffer overflows.

2012-03-05 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker id 2989399 - UpnpSetVirtualDirCallbacks API removal in 1.6.x

	Submitted: Nick Leverton ( leveret ) - 2010-04-19 07:44:10 PDT

	Details: The recent codebase merge has removed a significant API call
	which is used by several pupnp devices such as mediatomb and gmediaserver.
	UpnpSetVirtualDirCallbacks() has been replaced by individual routines to
	set each callback. Essentially this means that 1.6.7 will in fact be a majo
	bump and 1.6.6 devices can no longer link against it. Could we have the call
	reinstated please, perhaps as a wrapper around the individual calls ? As
	it is, all distros will have to patch their 1.6.x apps, rebuild and re-link them.

	The other removed API calls and external variables don't seem to be used
	by any of the apps I have copies of, but UpnpSetVirtualDirCallbacks is
	important for maintaining compatibility within 1.6.x.

2012-03-05 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker id 3325246 - Memory Leak in XML Parser

	Submitted: Terry Farnham ( tfarnham ) - 2011-06-23 09:45:54 PDT

	Details: The following bit of xml results in a memory leak from the xml
	parser:

	const char *xmlbuffer="<?xml version=\"1.0\" encoding=\"utf-8\"?>
	<root xmlns=\"urn:schemas-upnp-org:device-1-0\" xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">
	<dlna:X_DLNADOC xmlns:dlna=\"urn:schemas-dlna-org:device-1-0\">DMS-1.50</dlna:X_DLNADOC></root>";

	When I execute the following code:

	IXML_Document *doc = ixmlParseBuffer(xmlbuffer);
	ixmlDocument_free(doc);

	It results in a memory leak in ixmlparser.c line 2107 where it calls
	safe_strdup( newElement->namespaceURI ); It's difficult to figure out why.

2012-03-05 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker id 3417134 - Crash seen in UpnpFinish

	Submitted: Sunil ( sunilangadi ) - 2011-10-02 08:28:47 PDT

	Details: I observed crash in the below mentioned log statement in
	function upnpfinish(file: upnpapi.c).
	UpnpPrintf(UPNP_INFO, API, __FILE__, __LINE__, "Exiting UpnpFinish:
		UpnpSdkInit is :%d:\n", UpnpSdkInit);

	In particular it was crashing in ithread_self in
	UpnpDisplayFileAndLine(file upnpdebug.c) on WIN32.

	Moving the call ithread_cleanup_library() below the upnp printf call
	mentioned above in function upnpfinish fixed the crash but I couldn't get
	to the root of the problem.

	The problem was observed on WIN32.


2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3497159 - Bug fix in Parser_readFileOrBuffer

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 14:20:58 PST

	fileSize = ftell( xmlFilePtr ); can return a negative value, in this
	 case the function should exit (at the moment, the function exits only
	if ftell returns 0).

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3497140 - Bug fix in http_get_code_text

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 13:07:03 PST

	Replace if( statusCode < 100 && statusCode >= 600 ) which can't be true
	by if( statusCode < 100 || statusCode >= 600 ).

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3497126 - Resource leak in http_RecvPostMessage

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 12:33:59 PST

	Fp is not closed when an error is raised on membuffer_append or
	sock_read.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3497034 - Buffer not null terminated in UpnpGetIfInfo

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:43:52 PST

	gIF_NAME might be not null terminated.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3497033 - Buffer not null terminated in UpnpInit

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:42:18 PST

	gIF_IPV4, gIF_IPV6 and gIF_IPV6_ULA_GUA might be not null terminated.
	Moreover, gIF_IPV4 should be 16 characters (INET_ADDRSTRLEN) and not 22
	and gIF_IPV6 should be 46 characters (INET6_ADDRSTRLEN) and not 65.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Bug fix of lastest commit (parse_hostport)

	Missing parenthesis in memset.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3497027 - Buffer not null terminated in parse_hostport

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 06:28:38 PST

	workbuf might be not null terminated.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3497009 - Resource leak in http_SendMessage

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 05:51:44 PST

	Fp is not closed if fseeko(Fp, Instr->RangeOffset, SEEK_CUR) does not return 0.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	HInfo->ServiceTable initialization in UpnpRegisterRootDevice2 and UpnpRegisterRootDevice4

	Initialize also HInfo->ServiceTable in UpnpRegisterRootDevice2 and
	UpnpRegisterRootDevice4 functions

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3496703 - Handle_Info::ServiceList may have undefined value

	Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-03 20:49:25 PST

	In UpnpRegisterRootDevice(), HInfo->ServiceTable is not initialized and
	getServiceTable() may leave it intact. It will cause crash on
	freeServiceTable() called from UpnpUnRegisterRootDevice().

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3496702 - TvDeviceStop is called even if Start failed

	Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-03-03 20:35:08 PST

	In sample tvdevice, error of device_main() is not handled, and
	TvDeviceStop() cause crash.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3496942 - Memory leak in config_description_doc

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:55:54 PST

	element was not freed if membuffer_append_str(&url_str, "http://") does
	not return 0. Moreover addNew was not used.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3496938 - Missing structures initialisation in some functions

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:31:16 PST

	Memsetting to 0 some of the structures: finfo in process_request,
	job in readFromSSDPSocket, request in http_OpenHttpGetEx, job in
	genaNotifyThread, job in genaNotifyAllExt, job in genaNotifyAll,
	job in genaInitNotifyExt, job in genaInitNotify, LocalAddr in
	getlocalhostname.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3496934 - Memory leaks in getlocalhostname and UpnpGetIfInfo

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:25:42 PST

	LocalSock is not closed if ioctl(LocalSock, SIOCGIFCONF, &ifConf);
	returns an error.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3496933 - Out-of-bounds access in CheckOtherHTTPHeaders

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-05 01:15:34 PST

	An out-of-bands access is raised because size of
	RespInst->AcceptLanguageHeader is 200 and TmpBuf size is 180.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Remove unused currentDevice variable in removeServiceTable

	currentDevice is not used in this function.

2012-03-05 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3496581 - Memory leak in getServiceList

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-03-03 08:43:23 PST

	serviceNodeList is not freed if
	current->next = malloc(sizeof(service_info)); returns NULL.

2012-02-29 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3495616 - Memory leak in ixmlElement_setAttributeNS

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-29 02:09:43 PST

	newAttrNode is not freed if newAttr->n.nodeValue = strdup(value); returns
	NULL or if ixmlElement_setAttributeNodeNS(element, newAttr, NULL) does
	not return IXML_SUCCESS.

2012-02-28 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3495286 - Double free in get_action_node

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:27:54 PST

	ixmlFreeDOMString(ActNodeName); is called twice if
	ixmlParseBufferEx(ActNodeName, RespNode); does not return IXML_SUCCESS.

2012-02-28 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3495280 - Memory leak in ixmlDocument_createElementEx

	Submitted: Fabrice Fontaine ( ffontaine ) - 2012-02-28 04:01:02 PST

	There is a memory leak in ixmlDocument_createElementEx:
	newElement->tagName is not freed if
	newElement->n.nodeName = strdup(tagName); returns NULL.

2012-02-27 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	SF Bug Tracker id 3494865 - Use of non-initialized variable in parser_parse_requestline

	Submitted: Marcelo Roberto Jimenez ( mroberto ) - 2012-02-26 16:50:23 PST

	src/genlib/net/http/httpparser.c: In function ‘parser_parse_requestline’:
	src/genlib/net/http/httpparser.c:1319:28: warning: ‘index’ may be used uninitialized in this function

2012-02-24 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker id 3489999 - UpnpString leaks in genaSubscribe()

	Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 07:06:35 PST

	In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
	ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
	returns UPNP_E_SUCCESS.

	This fixes the an issue introduced by the previous fix.

2012-02-23 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker id 3489990 - some files are missing in tarball

	Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 06:52:57 PST

	Released tarball (e.g. libupnp-1.6.15.tar.bz2) does not contain
	some files under upnp/{inc,src} used by the project files for
	windows (build/vc8/libupnp. vcproj and build/vc9/libupnp.vcproj).

	This breaks build on Windows from tarball released after following changes
	http://pupnp.git.sourceforge.net/git/gitweb.cgi?p=pupnp/pupnp;a=commitdiff;h=0eba550da039be01211b56fea0d02d03f0a12343
	http://pupnp.git.sourceforge.net/git/gitweb.cgi?p=pupnp/pupnp;a=commitdiff;h=7a796b264ec7d5de5876fd6a2001c2d329709e02

2012-02-23 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker id 3489999 - UpnpString leaks in genaSubscribe()

	Submitted: Yoichi NAKAYAMA ( yoichi ) - 2012-02-21 07:06:35 PST

	In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
	ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
	returns UPNP_E_SUCCESS.

	This fixes the original issue.

2012-02-23 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug Tracker: UpnpString leaks in genaSubscribe()

	In genaSubscribe() (defined in upnp/src/gena/gena_ctrlpt.c),
	ActualSID and EventURL will not be freed if ScheduleGenaAutoRenew
	returns UPNP_E_SUCCESS.

2012-02-23 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Revert cb89781a55466703763c1b0ee67094eb401ddfe9 as suggested by
	Fabrice Fontaine.

2012-02-07 Edwin Stearns <edwin(at)vtilt.com>

	Attached is a patch that resolved an issue I found with a server that
	gave its device description URI without a trailing slash (e.g.
	`http://127.0.0.1:5555`).

2012-01-04 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Bug fix for IPv4-mapped IPv6 addresses.

	Setting IPv6 sockets with IPV6_V6ONLY flag to avoid getting IP packets
	with IPv4-mapped IPv6 addresses on IPv6 sockets.


*******************************************************************************
Version 1.6.15
*******************************************************************************

2012-01-11 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Bug fix on M-SEARCH for IPv6 CPs.

	Small bug fix on IPv6 Control Point: now CP will also send M-SEARCH on
	site-scope address (FF05::C) instead of only sending M-SEARCH on
	link-scope (FF02::C).

2012-01-11 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Retrieve IPv6 addresses in Upnp_Discovery.

	Changing sockaddr_in into sockaddr_storage in Upnp_Discovery to be able
	to retrieve IPv6 addresses of devices in Control Points using pupnp.

2012-01-09 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Bug tracker, ID: 3469344
	Submitted: dimmman ( dimmman ) - 2012-01-04 01:44:29 PST
	Details: Looking at the code (v1.6.14, upnptools.c) for UpnpResolveURL
	and UpnpResolveURL2 it shows that the ExitFunction: always returns
	UPNP_E_SUCCESS.

	I'm farily sure it's a simple mistake that should have been "return ret;"
	in both cases.

	Br,
	Jonny

*******************************************************************************
Version 1.6.14
*******************************************************************************

2011-10-31 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	UPnP Low Power Support.

	Adding two new functions (UpnpSendAdvertisementLowPower and
	UpnpUnRegisterRootDeviceLowPower) which can be used to specify values
	for the three SSDP headers defined by UPnP Low Power. Those headers are
	Powerstate, SleepPeriod and RegistrationState.

2011-10-24 Fabrice Fontaine <fabrice.fontaine(at)orange.com>

	Bug fix in IN6_IS_ADDR_GLOBAL.

	Changing IN6_IS_ADDR_GLOBAL to accept all IPv6 addresses which have a
	2000::/3 prefix.

2011-07-20 Marc Essayan <marc.essayan(at)orange-ftgroup.com>

	Bug Fix on M-SEARCH.

	Do not answer to M-SEARCH using HTTP version 1.0 as specified by the
	UPnP Device Architecture.

2011-03-18 Iain Denniston <iain.denniston(at)gmail.com>

	Fixes for compilation under Windows (specifically MSVC). Also added
	MSVC supported "_inline", and fixed some WIN32 specific warnings.

2011-03-08 Iain Denniston <iain.denniston(at)gmail.com>

	Several fixes to correctly use SOCKET (and related) types instead of
	non-portable variations.

*******************************************************************************
Version 1.6.13
*******************************************************************************

2011-03-15 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Putting ssdpReqSocks under compilation flag.

	Putting all access to ssdpReqSock4 and ssdpReqSock6 under
	INCLUDE_CLIENT_APIS compilation flag to be able to compile when
	client part of library is disable.

2011-03-15 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	New UpnpRegisterRootDevice4 for legacy CPs.

	Add a new UpnpRegisterRootDevice4 which allow user to specify a
	description URL to be returned for legacy CPs (for example, CPs
	searching for a v1 when the device is v2). Most of those CPs does not
	work if they found a v2 in the XML description, so this new function is
	only used to solve interoperability issues.

2011-03-08 Iain Denniston <iain.denniston(at)gmail.com>
	Fix for memory leak.

2011-03-08 Iain Denniston <iain.denniston(at)gmail.com>
	Fix and Update of MSVC9 solution and project files - now compile in all
	modes. Added x64 and static library targets.

2011-03-08 Iain Denniston <iain.denniston(at)gmail.com>
	Partial fix for UpnpGetIfInfo with MSVC - convert wchar string to
	char string (full fix requires a lot of work - potentially impacting
	all supported platforms)

2011-03-11 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Created the macros PRIzd and PRIzx to deal with MSVC lack of C99.
	Thanks to Iain Denniston for pointing it out.

2011-03-08 Iain Denniston <iain.denniston(at)gmail.com>

	Fixes for headers when compiled under C++

2011-03-08 Iain Denniston <iain.denniston(at)gmail.com>

	Fix for uuid_unpack incorrect shift precedence.

*******************************************************************************
Version 1.6.12
*******************************************************************************

2011-02-08 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Undo the "incorrectly exported include files".
	
	Legacy applications like linux-igd and igd2-for-linux are using those
	API to create a thread pool for managing their GENA events.

	Leave it to be reworked in 1.8.x.

*******************************************************************************
Version 1.6.11
*******************************************************************************

2011-02-07 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Remove PrintThreadPoolStats() from the public API. This function uses
	a ThreadPool object as an argument, which is not supposed to be
	exported.

2011-02-07 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Major bug fix in IPv6 code.

	Major bug fix in miniserver.c for IPv6, bug was introduced when
	changing implementation of get_port in November 20th 2010 ("gena:fix
	several compiler warnings" commit).

2011-02-06 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Fix for incorrectly exported include files.

	The files FreeList.h, LinkedList.h, ThreadPool.h and TimerThread.h
	from the threautil library were being installed in the include
	directory of the library, incorrectly exposing internal data structure
	of the library.

2011-01-30 Chandra Penke <chandrapenke(at)mcntech.com>

	Fix for compilation warnings of unused variables in upnpdebug.c in
	release builds.

2011-01-20 Chandra Penke <chandrapenke(at)mcntech.com>

	Fix for Race condition can hang miniserver thread.

	Add 'requiredThreads' field to the ThreadPool structure, to avoid
	a race condition when waiting for a new thread to be created. The
	race condition occurs when a thread is destroyed while the master
	thread is waiting for a new thread to be created.

	Thanks to Chuck Thomason for pointing the problem.

	Summary: Race condition can hang miniserver thread - ID: 3158591

	Details:
	Hello,

	I have found a race condition in the thread pool handling of
	libupnp-1.6.6 that periodically results in the miniserver thread
	getting blocked infinitely.

	In my setup, I have the miniserver thread pool configured with 1
	job per thread, 2 threads minimum, and 50 threads maximum.

	Just before the lockup occurs, the miniserver thread pool contains
	2 threads: one worker thread hanging around from a previous HTTP
	request job (let's call that thread "old_worker") and the
	miniserver thread itself.

	A new HTTP request comes in. Accordingly, the miniserver enters
	schedule_request_job() and then ThreadPoolAdd(). In
	ThreadPoolAdd(), the job gets added to the medium-priority queue,
	and AddWorker() is called. In AddWorker(), jobs = 1 and threads =
	1, so CreateWorker gets called.

	When we enter CreateWorker(), tp->totalThreads is 2, so
	currentThreads is 3. The function creates a new thread and then
	blocks on tp->start_and_shutdown. The miniserver thread expects
	the newly created thread to increment tp->totalThreads and then
	signal the condition variable to wake up the miniserver thread and
	let it proceed.

	The newly created thread starts in the WorkerThread() function. It
	increments tp->totalThreads to 3, does a broadcast on the
	start_and_shutdown condition, and starts running its job. However,
	before the miniserver thread wakes up, "old_worker" times out. It
	sees that there are no jobs in any queue and that the total number
	of threads (3) is more than the minimum (2). As a result, it
	reduces tp->totalThreads to 2 and dies.

	Now the miniserver thread finally wakes up. It checks
	tp->totalThreads and sees that its value is 2, so it blocks on
	tp->start_and_shutdown again. It has now "missed" seeing
	tp->totalThreads get incremented to 3 and will never be unblocked
	again.

	When this issue does occur for a server device, the miniserver
	port remains open, but becomes unresponsive since the miniserver
	thread is stuck. SSDP alive messages keep getting sent out, as
	they are handled by a separate thread. Reproducing the issue is
	difficult due to the timing coincidence involved, but in my
	environment I am presently seeing it at least once a day. I
	figured out the sequence described above through addition of my
	own debug logs.

	The relevant code involved in this bug has not changed
	substantially in libupnp-1.6.10, though I am planning to test
	against 1.6.10 as well in the near future.

	Do you have any input for an elegant fix for this issue?

	Thanks,

	Chuck Thomason

2011-01-16 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Define _FILE_OFFSET_BITS, _LARGEFILE_SOURCE and _LARGE_FILE_SOURCE in
	upnpconfig.h.

	Make these definitions available to programs using the library.
	Thanks to Chandra Penke for pointing the problem.

	Summary: Problem with large file support in pupnp build - ID: 3158969
	Submitted: Chandra ( inactiveneurons ) - 2011-01-15 16:17:02 BRST
	Details:
	First off, I apologize in advance for the length of this comment, it's
	the only way I could describe the problem accurately.

	Secondly, a brief thanks (again). The company I'm working for has been
	using pupnp for a massively cross-platform project which involves iphone,
	osx, windows, linux x86, arm, and mips hosts. It's amazing how well it
	works, so kudos to the maintainers!

	We came across a problem when compiling with the following tool-chain:
	http://www.codesourcery.com/sgpp/lite/mips/portal/release824. The
	problem is the following:

	In configure.ac the following lines exist to enable large file support:

	AC_DEFINE([_LARGE_FILE_SOURCE], [], [Large files support])
	AC_DEFINE([_FILE_OFFSET_BITS], [64], [File Offset size])

	Which in turn result in the following #defines in autoconfig.h:

	#define _LARGE_FILE_SOURCE /**/
	#define _FILE_OFFSET_BITS 64

	However, this file is not exported as part of the upnp build. Therefore,
	while the entire library gets built with large file support, it's
	possible that dependent libraries which only rely on the include files
	may not use large file support.

	In the particular case of the above tool-chain, the 'off_t' type is 8
	bytes when large file support is enabled, but only 4 bytes when it's
	not. As a result part our stack built on top of pupnp, which did not
	have large file support (because it did not use the above autoconf
	directives), was relying on 'a off_t' that was 4 bytes.

	This caused, among many things, for the UpnpFileInfo struct to break.
	Since the struct is completely invisible outside of pupnp (because of
	some template macro magic), pupnp thought that 'FileLength' field was
	8 bytes, but the header setter/getter methods being used by dependent
	libraries thought that it was 4, which caused some erratic behavior
	when going through pupnp's webserver and HTTP client API.

	We put in a temporary work around by adding the following preprocessor
	flags: -D_LARGE_FILE_SOURCE, -D_FILE_OFFSET_BITS=64 as part of our
	build process. However, it's a hack, and I was wondering if I'm missing
	something and there's a better way to approach this.

	Thanks,
	Chandra

2011-01-16 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Use config.h to test for the availability of strndup() and strnlen().

2011-01-14 Chandra Penke <chandrapenke(at)mcntech.com>

	- Null termination of strndup() implementation on systems missing it.
	- Implementation of strnlen() on systems missing it.

2011-01-14 Chandra Penke <chandrapenke(at)mcntech.com>

	Fixes transfer encoding in the HTTP client API, which is currently
	broken. The break was due to a regression caused by another
	fix (tracker 3056713), which fixed an out of memory crash when
	downloading large files. The previous fix changed the
	http_ReadHttpGet() implementation so that data already read by the
	user was discarded. However, it only worked for transfers where
	the content length was specified. This fix extends the previous
	implementation to cover chunked transfer encoding.

2011-01-14 Chandra Penke <chandrapenke(at)mcntech.com>

	Minor change in membuffer.c to include "membuffer.h" without looking
	in the standard header path. This allows pupnp to build in xcode.

2010-12-18 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	SF Tracker: Patches
	Fedora mingw32 compilation - ID: 3138849
	Details:
	Hello. I trying compile libupnp-1.6.10 on the Fedora 14 MinGW
	Environment and get many errors. I create patch to fix it. With this
	patch i can get static library. This patch is very raw.

	Submitted: Ivan Romanov (ivanromanov) - 2010-12-16 23:29:19 UTC

*******************************************************************************
Version 1.6.10
*******************************************************************************

2010-11-23 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Major bug fix in http_SendMessage.

	Currently, http_SendMessage was not able to write to write a buffer
	due to a bad use of file_buf instead of buf. This bug was introduced by
	the 0197-Doxygen-reformating-compiler-warnings patch.

2010-11-23 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Returning the Sid in Upnp_Event_Subscribe.

	Currently, Upnp_Event_Subscribe always contains an empty chain in the
	Sid parameter. This patch now saves the client Subscription ID in this
	parameter so Control Points can see and use the same SID in the
	Upnp_Event_Subscribe and in the Upnp_Event structures.

2010-11-22 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Two fixes from Juergen Lock <nox(at)jelal.kn-bremen.de>:

1. varargs:  pass size of CRLF as size_t not as int:

--- upnp/src/gena/gena_device.c.orig
+++ upnp/src/gena/gena_device.c
@@ -225,7 +225,7 @@ static UPNP_INLINE int notify_send_and_r
		"bbb",
		start_msg.buf, start_msg.length,
		propertySet, strlen(propertySet),
-		"\r\n", 2);
+		"\r\n", sizeof "\r\n" - 1);
	if (ret_code) {
		membuffer_destroy(&start_msg);
		sock_destroy(&info, SD_BOTH);

2. Remove "b" arg here, there is no buffer passed:  (this caused a pointer
to be interpreted as a buffer size to be alloc'd/copied, hence the 32 GB.)

--- upnp/src/genlib/net/http/webserver.c.orig
+++ upnp/src/genlib/net/http/webserver.c
@@ -1262,7 +1262,7 @@ static int process_request(
			// Content-Range: bytes 222-3333/4000  HTTP_PARTIAL_CONTENT
			// Transfer-Encoding: chunked
			if (http_MakeMessage(headers, resp_major, resp_minor,
-				"R" "TLD" "s" "tcS" "b" "Xc" "sCc",
+				"R" "TLD" "s" "tcS" "Xc" "sCc",
				HTTP_OK,    // status code
				finfo.content_type, // content type
				RespInstr,  // language info

2010-11-15 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Added the convenience function UpnpResolveURL2() to upnptools.c.

	This function avoids some unecessary memory allocation.
	The memory alloc'd by this function must be freed later by the caller.

2010-11-10 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Add GENA_NOTIFICATION_xxx_TIMEOUT variable.

	Currently, in notify_send_and_recv function, pupnp waits for
	HTTP_DEFAULT_TIMEOUT seconds when trying to send a GENA notification.
	When there is a lot of notifications with CPs which was disconnected
	without unsusbcribing, all the pupnp threads are blocked on this
	timeout. To correct, this issue, this patch adds a new variable,
	GENA_NOTIFICATION_SENDING_TIMEOUT, which can be used to lower the
	timeout so GENA threads return quickly when writing is impossible. By
	the same mean, pupnp waits the CP's answer to the NOTIFY for
	HTTP_DEFAULT_TIMEOUT seconds, so this patch adds a new variable,
	GENA_NOTIFICATION_ANSWERING_TIMEOUT, to customize this value.

2010-11-10 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Add --disable-blocking-tcp-connections flag.

	Currently, pupnp is using a blocking connect to sends GENA
	notifications. As a result, when there is a lot of notifications with
	CPs which were disconnected without unsusbcribing, all the pupnp
	threads are blocked for 20s (timeout). To correct this issue, this
	patch replace the call to connect with a call to private_connect and add
	a compilation flag to disable blocking TCP connections, so if we are not
	able to connect to the CP, the notification is lost.

2010-11-07 Stefan Sommerfeld <zerocom(at)cs.tu-berlin.de>

	Several patches for windows compatibility and fixing warnings.

2010-11-07 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	PTHREAD_MUTEX_RECURSIVE on DragonFly is an enum.

	SF Bug Tracker - ID: 3104527
	Submitted: OBATA Akio ( obache ) - 2010-11-07 07:10:28 BRST

	In threadutil/inc/ithread.h, it is expected that
	PTHREAD_MUTEX_RECURSIVE is defined as macro. But on DragonFly BSD,
	it is defined as enum, so not works as expected.

	Attachment patch treat that DragonFly BSD always
	have PTHREAD_MUTEX_RECURSIVE.

2010-11-07 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	ftime(3) in -lcompat should not be checked.

	SF Bug Tracker - ID: 3104521
	Submitted: OBATA Akio ( obache ) - 2010-11-07 07:03:44 BRST

	In configure.ac
	AC_CHECK_FUNCS(ftime,, [AC_CHECK_LIB(compat, ftime)])

	But since version 1.6.3, ftime(3) is not used, so it should be
	removed, or introduce unwanted linkage with -lcompat.

*******************************************************************************
Version 1.6.9
*******************************************************************************

2010-11-06 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Fix for bug introduced in samples code in svn revision 502, commit
	git:25c908c558c8e60eb386c155a6b93add447ffec0

	Sample device and combo were aborting with the message:
	"***** SampleUtil_Initialize was called multiple times!"

2010-11-06 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Make multiple SSDP advertisements faster.

	Put the loop to send multiple copies of each SSDP advertisements in
	ssdp_server.c instead of ssdp_device.c so we have only one call to
	imillisleep ( SSDP_PAUSE ) to speed up advertisements.

2010-11-05 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Removing unused NUM_COPY variable.

	Previously, NUM_COPY was used in ssdp_device.c to send multiple copies 
	of each advertisements but also multiple replies to each M-SEARCH
	request. As sending multiple replies is not compliant with HTTPU/MU
	spec, NUM_COPY has been set to 1 in an older patch. However, as this
	variable is not needed and has been replaced with SSDP_COPY, it has
	been removed.

2010-11-05 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Use SSDP_COPY to send multiple SSDP advertisements.

	Currently, SSDP_COPY is used only to send multiple M-SEARCH requests (in
	ssdp_ctrlpt.c). With this patch, SSDP_COPY is also used to send multiple
	copies of each advertisements packets (in ssdp_device.c).

2010-11-01 Carl Benson <carl.benson(at)windriver.com>

	Fix for Android build.

	I had to do some modifications myself though, because the Android
	build system insists on having a file named "util.h" taking precedence
	in its include path, libupnp gets confused because of the same filename
	in upnp/src/inc/util.h

*******************************************************************************
Version 1.6.8
*******************************************************************************

2010-10-20 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Fix a long date memory leak in webserver.c:StrStr().

2010-10-19 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Bug fix in select of miniserver.c
	
	Fix a bug in miniserver.c, in which maxMiniSock was wrongly declared as
	unsigned int and as a result it was beeng set to ((unsigned int)(-1)).
	As a result, after beeing incremented, it became zero, and this value
	was beeing used in the select() call.

	Thanks to Fabrice Fontaine for helping and testing with this issue.

2010-10-15 Marcelo Roberto Jimenez <mroberto(at)users.sourceforge.net>

	Fix for 100% CPU issue in select() in miniserv.c. I have also removed
	the sleep() call, it was just a workaround.

	SF Bug Tracker [ 3086852 ] 99% CPU loop in miniserver.c on a non ipv6
	system.

	Submitted by: Jin ( jin_eld ) - 2010-10-13 19:29:13 UTC

	I cross compiled libupnp 1.6.7 for ARM9 using the --disable-ipv6
	option, my system is an ipv4 only setup.

	I do not know why this problem only appears when running the app in the
	background (for instance using nohup &), but then it starts using 99%
	CPU.

	I traced the problem down to the select() call in miniserver.c in the
	RunMiniServer() function. Select returns code 1, but errno is set to
	"Socket operation on non-socket", I also see this when running my app
	under strace.

	I set all ...Sock6 variables to INVALID_SOCKET to make sure that they
	do not get added to the FD_SET and the problem is gone.

*******************************************************************************
Version 1.6.7
*******************************************************************************

2010-10-01 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Adding --disable-notification-reordering option

	Adding a configure flag to disable GENA notification reordering as even
	with an imillisleep(1), this mechanism consumes too much CPU on embedded
	devices when there is a burst of notifications.

2010-09-30 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Bug fix when there is no service in embedded devices

	When a device with embedded devices (like IGD) when created and one of
	the embedded devices did not have any service, there was a Segmentation
	Fault (see SF Tracker [ 2688125 ]).

	Original SF Tracker issue follows:

	SF Tracker [ 2688125 ] v1.6.6 crashes on subdevices without services
	Submitted by: Arno Willig ( akw ) - 2009-03-15 22:45:23 BRT

	I discovered a bug, which will make libupnp (1.6.6) segfault, when you
	create a upnp description document with multiple devices which have
	subdevices, but no own services.

	The crash occurs in genlib/service_table.c in line 977:
	end->next =
		getServiceList( currentDevice, &next_end, URLBase );

	In this case "end" seems not to be defined, so end->next crashes.

	Can anyone confirm this, please?

2010-09-28 Marc Essayan <marc.essayan(at)orange-ftgroup.com>

	Bug fix on burst of GENA notification

	When a lot of notifications were generated by a device in a short
	period of time then 100% of the CPU was used to reorder those
	notifications by pushing back the thread in the job queue. This
	mechanism has been modified so now thread sleep 1 ms before being
	pushed back into the job queue.

	Removing DEFAULT_SCHED_PARAM parameter and use
	sched_get_priority_min(DEFAULT_POLICY) instead.

2010-09-22 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Bug fix on M-SEARCH response

	Devices must respond to M-SEARCH requests for any supported version and the
	response should specify the same version as was contained in the search target.
	Previously, the device did not answer if the M-SEARCH request did not
	contain the same version number than the version number of the device.

2010-09-21 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Add Content-Language iff Accept-Language

	Add Content-Language header in the response if and only if there is an
	Accept-Language header in the request.

2010-09-21 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Addition of WEB_SERVER_CONTENT_LANGUAGE parameter

	This patch adds the WEB_SERVER_CONTENT_LANGUAGE parameter so the user can specify
	the language used by the device during Description and Presentation steps of UPnP
	through the HTTP CONTENT-LANGUAGE header.
	By default, the WEB_SERVER_CONTENT_LANGUAGE is an empty string so no
	CONTENT-LANGUAGE is added.

2010-09-18 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Customize the stack size of the threads used by pupnp through the new
	THREAD_STACK_SIZE variable.

	This patch allows a user to customize the stack size of the threads used by
	pupnp through the new THREAD_STACK_SIZE variable. This is especially useful
	on embedded systems with limited memory where the user can set THREAD_STACK_SIZE
	to ITHREAD_STACK_MIN.

	However, as this modification can have side effects, I set 0 as the default
	value, so threads will continue to use the default stack size of the system
	(which varies greatly as stated in
	https://computing.llnl.gov/tutorials/pthreads/).

2010-09-16 Fabrice Fontaine <fabrice.fontaine(at)orange-ftgroup.com>

	Broken IPv6.
	IPv6 is currently broken in latest release of branch-1.6.x, so find a
	patch attached that correct the issue (small fixes on define, undef and
	retVal).

2010-09-10 Warwick Harvey <warwick.harvey(at)tieto.com>
	Patch to take notice of UPNP_USE_RWLOCK flag

	The configure.ac file included with UPnP checks for the presence of the
	pthread_rwlock_t type, and then sets the value of the UPNP_USE_RWLOCK
	flag appropriately.  However, this flag is not referenced at all in the
	source code, and thus the code does not compile on systems that don't
	have the pthread_rwlock_t type (such as Android).
	
	Please find attached a patch (against the current 1.6.x head) that checks
	the value of this flag and falls back on using mutexes if read-write
	locks are not available.

2010-09-10 Jean Sigwald <jean.sigwald(at)orange-ftgroup.com>
	I discovered a reliable denial-of-service issue on the last stable
	release of libupnp (1.6.6) remotely triggerable by any
	unauthenticated user. The issue is related with a bad parsing of
	malformed XML.

2010-09-10 Chandra Penke <chandrapenke(at)mcntech.com>
	* SF Patch Tracker [ 2854711 ] Patch for Solaris10 compilation and usage
	Submitted By: zephyrus ( zephyrus00jp )
	
	Patch for Solaris10 compilation and usage.

2010-09-10 Chandra Penke <chandrapenke(at)mcntech.com>
	Add support for conditionally enabling ipv6.

2010-09-10 Chandra Penke <chandrapenke(at)mcntech.com>
	Fix for compilation in debug builds.

	Ensure internal methods are declared as static since debug builds don't inline.

2010-09-09 Chandra Penke <chandrapenke(at)mcntech.com>
	Fix for regression in SSDP code to send/receive messages over UDP

	Sending messages over UDP is broken in some Apple OSes
	such as OS X and iOS. This might be broken in other OSes to but didn't
	verify.

	The fix is to modify the socket lenght argument of sendto to use the correct
	sockaddr lenght dependng on whether the socket is IPV4 or IPV6.

	Also added some error checks and debugging related to the issue

2010-09-07 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	Using UpnpReadHttpGet to download large files causes the application to
	crash. This happens when the file being downloaded exceeds the device
	memory - entirely possible when transferring video files.
	The programmatic cause is that the logic implemented in the function
	http_ReadHttpGet (which UpnpReadHttpGet calls) reads the entire file
	into memory. The fix modifies the existing logic to discard data after
	it's been read; there's no reason to keep it around since the caller
	of UpnpReadHttpGet already has a copy of it.
	
	This issue exists in 1.6.6 as well as the latest sources.

	Patch submitted by Chandra (inactiveneurons).

2010-09-07 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	In the latest sources, http_RequestAndResponse and other methods that
	use connect() are broken. More specifically, connect() in these methods
	is returning with an EINVAL. The programatic cause is that the address_len
	argument passed to connect() is different in IPV4 vs IPV6 (as described in:
	http://www.opengroup.org/onlinepubs/009695399/functions/connect.html).
	The current code always uses the IPV6 size. The fix modifies each use of
	connect() to use the correct size based on the address family being used.

	Patch submitted by Chandra (inactiveneurons).

2010-09-07 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	Fix compilation error in upnp/src/gena/gena_ctrlpt.c (this is most
	likely an error on all platforms).

	Patch submitted by Chandra (inactiveneurons).

2010-09-07 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	Fix compilation error in upnp/src/inc/ssdplib.h when compiling in OS X
	(the netinet/* headers are not available).

	Patch submitted by Chandra (inactiveneurons).

2010-09-07 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	Fix compilation error in ixml/inc/ixml.h when compiling with an
	Objective-C compiler (when cross-compiling for iPhone devices).

	Patch submitted by Chandra (inactiveneurons).

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Issue regarding the GENA notifications. A string termination indicator
	was added at the end of the notification ("\r\n") in
	notify_send_and_recv() in upnp/src/gena/gena_device.c.
	Patch by Fabrice Fontaine.

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* The last part of Ronan Menard's patch.

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* upnp/src/ssdp/ssdp_device.c: Fix for IPV6 ULA/GUA issues.
	* upnp/src/ssdp/ssdp_ctrlpt.c: Fix for IPV6 ULA/GUA issues.
	* upnp/src/ssdp/ssdp_server.c: Fix for IPV6 ULA/GUA issues.
	
	Patch submitted by Ronan Menard.

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* upnp/src/genlib/miniserver/miniserver.c: Fix for IPV6 ULA/GUA issues.
	
	Patch submitted by Ronan Menard.

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* gena_subscribe(): Fix for IPV6 ULA/GUA issues.
	
	Patch submitted by Ronan Menard.

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SOCKET ssdpSock6UlaGua: created variable for later use.
	
	Patch submitted by Ronan Menard.

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SSDP_IPV6_SITELOCAL: new macro.
	
	Patch submitted by Ronan Menard.

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* The scope of the macro NUM_HANDLE is now restricted to upnpapi.c.

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* InitHandleList() has never been implemented, I guess no one has ever
	called it, so remove it.
	* GetFreeHandle() and FreeHandle() are now static as they should.

2010-08-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* New internal buffer added to store global/ula IPV6 address.
	* Macros to test whether an IPV6 address is global or ula.
	* UpnpGetServerUlaGuaIp6Address(): added interface.
	* IN6_IS_ADDR_GLOBAL, IN6_IS_ADDR_ULA: new macros.
	* gIF_IPV6_ULA_GUA: new buffer.
	* UpnpRegisterRootDevice3(): Change to the test of already registered
	devices for IPV6.
	* UpnpGetIfInfo(): gua/ula issues.
	
	Patch submitted by Ronan Menard.

2010-08-19 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* libUPnP does support IPV6 now.
	
	Patch submitted by Ronan Menard.

2010-08-19 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* HTTP version equal to 1.0 should fail as required by the UPnP
	certification tool. Patch submitted by Ronan Menard.

2010-06-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	SF Bug Tracker [ 3022490 ] String declaration fix for patch applied in 3007407
	Hello,

	When my patch for tracker ID 3007407 was accepted, the definition of the
	serviceList string was changed from

	#define SERVICELIST_STR "serviceList"

	to

	static const char *SERVICELIST_STR = "serviceList";

	During internal code review of the final patch, it was pointed out that 
	sizeof(SERVICELIST_STR) == 4 since SERVICELIST_STR is now declared as
	a pointer instead of an array.

	If you wish to use a variable instead of a define, I suggest the
	following instead:

	static const char SERVICELIST_STR[] = "serviceList";

	Thanks,
	Chuck Thomason

2010-06-10 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	SF Bug Tracker [ 3007407 ] Service traversal issue in AdvertiseAndReply()
	Submitted: Chuck Thomason ( cyt4 ) - 2010-05-26 15:07:39 UTC

	When the UPnP server is started, one alive message is broadcast for each
	service in each device. It appears that libupnp's implementation of the
	alive message generation does not correctly navigate the XML description
	document when locating the services. This can result in the wrong UDN
	being used in the alive message sent for a service.

	In my specific case (see attached XML), the root EchoSTB device contains
	no services, but its embedded MediaServer device contains 2 services.
	When the existing libupnp code traverses the EchoSTB device in the XML,
	it searches the global list of serviceLists within the document instead
	of searching for a serviceList that is its direct child node. The
	ContentDirectory and ConnectionManager services are then announced with
	the UDN of EchoSTB1 (the root device) instead of with the UDN of
	MediaServer, which is actually their parent device.

	I discovered this behavior using libupnp-1.6.6. I have generated a patch
	against branch-1.6.x that corrects the XML navigation such that all
	services are traversed from their parent device, which results in the
	correct UDN being sent in the alive message for each service. I built
	from branch-1.6.x without this patch, tested, and confirmed that the
	issue still exists as I observed it in libupnp-1.6.6. I then built
	from branch-1.6.x with this patch, tested, and confirmed that the
	issue was resolved.

	Thanks,
	Chuck Thomason

2010-05-07 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	SF Bug Tracker [ 2995758 ] libupnp 1.6.6, wrong bind when reuseaddr is
	1.
	Submitted: viallard anthony ( homer242 )
	When trying to use reuseaddr option in miniserver/miniserver.c, there
	isn't a affectation of the port chosen (serverAddr.sin_port isn't
	receive listen_port variable value).

2010-04-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	Define PROTOTYPES to be one by default in global.h. This affects the
	RSA MD5 code.

2010-03-27 Nick Leverton <nick@leverton.org>
	Subscription auto-renewals copy the renewal time from old subscription.

2010-03-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added API to ithread, created the following functions:
	- int ithread_initialize_library(void);
	- int ithread_cleanup_library(void);
	- int ithread_initialize_thread(void);
	- int ithread_cleanup_thread(void);
	* SF Bug Tracker [ 2876374 ] Access Violation when compiling with Visual Studio 2008
	Submitted: Stulle ( stulleamgym ) - 2009-10-10 19:05

	Hi,

	I am one of the devs of the MorphXT project and I use this lib in some
	other of my projects, too. When I tried to upgrade the lib earlier for one
	of my projects I had to realise that something did not work at first and
	while most of the things were reasonably ease to be fixed. Now, the last
	thing I encountered was not so easy to fix and I am uncertain if my fix is
	any good so I'll just post it here and wait for some comments.

	The problem was that I got an Access Violation when calling "UpnpInit". It
	would call "ithread_rwlock_init(&GlobalHndRWLock, NULL)" which eventually
	led to calling "pthread_cond_init" and I got the error notice at
	"EnterCriticalSection (&ptw32_cond_list_lock);". It appeared that
	"ptw32_cond_list_lock" was NULL. Now, I found two ways to fix this. Firstly
	moving the whole block after at least one of the "ThreadPoolInit" calls
	will fix the issue. Secondly, you could add:
	#ifdef WIN32
	#ifdef PTW32_STATIC_LIB
	// to get the following working we need this... is it a good patch or
	not... I do not know!
	pthread_win32_process_attach_np();
	#endif
	#endif
	right before "ithread_rwlock_init(&GlobalHndRWLock, NULL)".

	Just so you know, I am using libupnp 1.6.6 and libpthreads 2.8.0 and both
	are linked static into the binaries. I am currently using Visual Studio
	2008 for development with Windows being the target OS. Any comment at your
	end?

	Regards, Stulle

2010-03-27 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2836704 ] Patch for Solaris10 compilation and usage.
	Submitted By: zephyrus ( zephyrus00jp )
	This second part covers the issue on linking with -lsocket -lnsl -lrt.

2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 2392166 ] ithread_detach not called for finished worker thread
	Submitted: Ulrik ( ulsv_enea ) - 2008-12-05 08:24

	Valgrind reports a memory leak due to that the function ithread_detach is
	not called for finished worker threads in ThreadPool.c.

	==21137== 2,176 bytes in 8 blocks are possibly lost in loss record 5 of 5
	==21137== at 0x4C20F3F: calloc (vg_replace_malloc.c:279)
	==21137== by 0x4010F58: _dl_allocate_tls (in /lib/ld-2.6.1.so)
	==21137== by 0x544BA92: pthread_create@@GLIBC_2.2.5 (in
	/lib/libpthread-2.6.1.so)
	==21137== by 0x5F94592: CreateWorker (ThreadPool.c:639)
	==21137== by 0x5F95079: ThreadPoolInit (ThreadPool.c:784)

	I'm using libupnp 1.6.6

	For more info on pthread_detach, see:
	http://gelorakan.wordpress.com/2007/11/26/pthead_create-valgrind-memory-lea
	k-solved/

2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 2392304 ] Memory leak in SSDP AdvertiseAndReply
	Submitted: Ulrik ( ulsv_enea ) - 2008-12-05 08:24

	Valgrind reports a memory leak function in AdvertiseAndReply
	(ssdp/ssdp_server.c) in libupnp 1.6.6

	There are continue statements in many places in AdvertiseAndReply. In some
	of those error handling cases the variable nodelist is not free'ed before
	continuing to the next iteration. The next iteration will take care of
	free'ing the nodelist from the previous iteration in most cases, but not
	when breaking out of the for loop after the last element.

	I belive this memory leak can be solved by makeing sure that the rows

	ixmlNodeList_free( nodeList );
	nodeList = NULL;

	are always executed, also in the beginning of the last iteration when we
	found out that there are not more elements.

	==29110== at 0x4C21C16: malloc (vg_replace_malloc.c:149)
	==29110== by 0x5D8DE0E: ixmlNodeList_addToNodeList (nodeList.c:106)
	==29110== by 0x5D8B7E2: ixmlNode_getElementsByTagNameRecursive
	(node.c:1438)
	==29110== by 0x5D8E587: ixmlElement_getElementsByTagName
	(element.c:491)
	==29110== by 0x5B6C0F1: AdvertiseAndReply (ssdp_server.c:201)
	==29110== by 0x5B7AB74: UpnpSendAdvertisement (upnpapi.c:1495)

2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* libupnp and multi-flows scenario patch
	Submited by Carlo Parata from STMicroelectronics.

	Hi Roberto and Nektarios,
	after an analysis of the problem of libupnp with a multi-flows scenario, I
	noticed that the only cause of the freezed system is the ThreadPool
	management. There are not mutex problems. In practise, if all threads in the
	thread pool are busy executing jobs, a new worker thread should be created if
	a job is scheduled (I inspired to tombupnp library). So I solved the problem
	with a little patch in threadutil library that you can find attached in this
	e-mail. I hope to have helped you.

2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2964973 ] install: will not overwrite just-created
	...blah... with...
	Submitted: Nick Leverton ( leveret ) - 2010-03-07 05:18

	Full error:
	/usr/bin/install: will not overwrite just-created
	`/tmp/buildd/libupnp-1.6.6/debian/tmp/usr/share/doc/libupnp3-dev/examples/s
	ample_util.c' with `common/sample_util.c'

	This seems to be from Automake 1.11 which doesn't like having duplicate
	files in a Makefile.am. Patch attached, kindly provided by Stefan Potyra
	for Debian (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543068)

	This fix will be needed for both 1.6.x and 1.8.x branches.

2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Backport of svn revision 504:
	SF Patch Tracker [ 2969188 ] 1.8.0: patch for FreeBSD compilation
	Submitted By: Nick Leverton (leveret)
	Fix the order of header inclusion for FreeBSD.

2010-03-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2836704 ] Patch for Solaris10 compilation and usage.
	Submitted By: zephyrus ( zephyrus00jp )
	Obs by Marcelo: The issue with linking with -lsocket -lnsl -lrt is not
	covered in this changeset beacuse I don't have solaris to test. I will
	need some help from zephyrus in this regard. The issue will be addressed
	in a future changeset.

	Compilation for solaris

	I have used gcc3.x and gcc4.x under solaris 10 for x86 / 64 bits.

	A couple of Source file fixes were necessary for successful compilation
	and runtime behavior.

	threadutil/src/ThreadPool.c

	POSIX
	sched_setschduler() returns non-negative value for success.

	Without the fix, UpnpInit() fails immediately.

	upnpp/src/api/upnpai.c

	There is a typo of a macro name "__sun" in one of the
	CPP conditional.
	Without the fix, the compilation aborts due to unknown constant
	in socket ioctl call.

	A few structs and an array is not properly initialized.
	Well, I think it may be safe as is, but when I checked it
	using purify evaluation version, it was reported that
	uninitizlied iszBuffer may cause read of uninitialized memory.
	So play it safe.

	Configure issue.
	This has to be more of a configure magic.
	To link a program successfully using network, we need
	-lsocket and -lnsl library specifications on the link line.
	We also need -lrt for programs that use thread scheduling features.

	The sample program under upnp/sample requires
	-lsocket -lnsl -lrt
	for successful linking.
	I added -lsocket -lnsl -lrt to Makefile.in.
	configure probably needs to take care of these.

	I don't know much about configure, automake, etc., so
	I am just raising a flag here.

	TIA
	
2010-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2836704 ] Search for nested serviceList (not
	stopping at the first lis
	Submitted By: zephyrus ( zephyrus00jp )
	
	Internet Gateway Device description contains nested serviceList (rootdevice
	-> servicelist, subdevice
	and subdevice has the lower-level serviceList, etc..)

	Unfrotunately, the sample code sample_util.c used by tv_device sample,
	etc.
	has a code that looks for only the first top-level serviceList.
	This results in the failure to read all the services of an IGD xml
	description.

	Attached patch modifies this behavior and looks for the service by
	visiting all the serviceList in xml document in turn.

	With the modified patch (ad additional modification), I could
	simulate an IGD device and created a modified control program for that.

	Patch against 1.6.6

	TIA.
	
2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2203721 ] timeb.h check obsolete

2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2970872 ] Update ErrorMessages for latest return
	code list
	Submitted By: Nick Leverton ( leveret )
	
	ErrorMessage[] in upnptools.c has got a bit out of sync, the attached
	patch (generated from grep 'define UPNP_E_') should bring it up to date.

2010-03-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2857611 ] Declare a few functions to have proper
	(void) argument list.
	Submitted By: zephyrus ( zephyrus00jp )
	
	In a publicly installed headers, a few functions are declared without any
	arguments at all, a la "()".
	When I used gcc's -Wimplict and -Wstrict-prototypes to check for the
	mismatch of
	function prototype declarations and their usage in my own program,
	some headers from libupnp-1.6.6 produced warnings.

	They are not strictly bugs, but pretty much annoying. This is 2009, and
	almost all the important compilers
	understand ISO-C.

	So the offending functions are declared as "(void") to show that they have
	no arguments at all.

2010-03-14 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patch Tracker [ 2546532 ] Missing carriage return between
	SOAPACTION and User-Agent headers.

	There is something going wrong in soap_ctrlpt.c at line 931 (based on
	version 1.6.6 release).
	
	The http_Makemessage call looks as follows:
	
	if (http_MakeMessage(
	&request, 1, 1,
	"Q" "sbc" "N" "s" "s" "Ucc" "sss",
	SOAPMETHOD_POST, path.buf, path.length,
	"HOST: ", host.buf, host.length,
	content_length,
	ContentTypeHeader,
	"SOAPACTION:
	\"urn:schemas-upnp-org:control-1-0#QueryStateVariable\"",
	xml_start, var_name, xml_end ) != 0 ) {
	return UPNP_E_OUTOF_MEMORY;
	}
	
	This will result in the SOAPACTION header to be immediately followed by the
	User-Agent header, while a cr-lf should separate the two. I propose to fix
	this by changing the second "s" to "sc" to force the addition of a cr-lf
	after the SOAPACTION. This looks consistent to the other Makemessage calls.

2009-03-06 Oxygenic <oxygenic(at)users.sourceforge.net>
	* parameter problem fixed in soap_request_and_response(), 2nd call to
	http_RequestAndResponse() was wrong (thanks to Kim Kyungsan)

2008-07-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added upnp/m4/libupnp.m4 to the distribution tarball.

2008-07-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fixed a missing HandleUnlock() in upnp/src/gena/gena_device.c.

2008-07-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 2026431 ] pupnp does not build on GNU/KfreeBSD.
	Submitted By: Nick Leverton - leveret
	Gnu/KFreeBSD is one of the Debian architectures, it includes a FreeBSD
	kernel with GNU userspace (glibc etc). The Gnu/KfreeBSD developers
	provided the attached patch to test the appropriate #define and allow pupnp
	to build in their environment, and asked me to forward it to you.

	Since the test is a simple check for defined(__GLIBC__), this would
	presumably also help with other ports of GNU libc to non-Linux kernels.

2008-07-16 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Andre Sodermans (wienerschnitzel) patch for building libupnp under
	windows systems with VC9. This one fixes a missing include.

2008-06-30 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added an m4 macro to deal with finding libupnp in the users'
	configure script.

2008-06-11 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fixed a buffer overflow due to a bug in the calculation of the
	CONTENT-TYPE header line size, the length was beeing calculated with
	the wrong string, there was a missing colon.

2008-06-02 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 1942285 ]
	UpnpCreatePropertySet can leak memory.
	Submitted By: Bob Ciora - bobciora

	In file upnp/src/api/upnptools.c, function UpnpCreatePropertySet can leak
	memory if no additional arguments are passed. This is because of the
	'return' statement at (or near) line 554.

	The prior call to ixmlParseBufferEx may succeed. This causes a basic ixml
	tree to be created. The return statement at line 554 leaves this tree in
	memory without cleaning it up.

	There are two options: either add code prior to the return at 554 to clean
	up the tree, or simply allow a NumArg parameter of 0 to be passed.

	I prefer the second method -- there doesn't seem to be any need to pass
	*any* arguments to this function.

	In my local copy of upnptools.c, I have simply replaced the "return NULL"
	in line 554 to "return PropSet".

	I've attached the source file.

2008-05-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 1903069 ]
	Subs (not services) not marked 'active'
	Submitted By: Bob Ciora - bobciora

	If the UpnpAcceptSubscription is not called, the subscription is not marked
	as "active", so no state variables will ever be sent.

	I have a "lazy" architecture where a service may not be ready to publish
	any state data at the time of a subscription. Subscriptions are still
	accepted, there's just nothing to send, so UpnpAcceptSubscription is never
	called. As a result, the subscription is never marked as "active" via the
	genaInitNotify functions.

	A best course of action would be to modify UpnpAcceptSubscription<...>
	functions so that they can accept *no* initial state information, but can
	still result in the subscription being marked as active. Technically,
	then, the "active" flag should be set here, not in the genaInitNotify<...>
	functions.

	But the UpnpAccept functions don't muck with the subscription table, and
	it's more work than it's worth to move that code from the gena fucntions to
	the upnpapi functions.

	So--- what I've done to correct this problem is to modify both
	UpnpAcceptSubscription<...> functions (in upnppapi.c) to accept an empty
	state list and still call the gena layer functions. The gena layer
	genaInitNotify<...> functions (gena_device.c) then mark the subscription as
	"active" *before* checking for an empty state set.

	In genaInitNotify, a check for "var_count <= 0" is added immediately after
	the "subs->active = 1;" line. If this occurs, then all cleanup is
	performed and the function returns GENA_SUCCESS (since now, an empty state
	list is not an error). The same check is made for "PropSet == 0" in
	genaInitNotifyExt (just after the "subs->active = 1;" line).

	I've modifified my proxy layer to call UpnpAcceptSubscriptionExt even when
	there is no state data to send. With the suggested changes to
	gena_device.c, later state changes are sent correctly.

	This has solved my problem.

2008-04-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fix in function SetSeed() in threadutil/src/ThreadPool.c for CYGWIN
	compilation. Thanks to Gary Chan.

*******************************************************************************
Version 1.6.6
*******************************************************************************

2008-04-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added thread id's to the UpnpPrintf debug messages. Thanks to
	Charles Nepveu for the idea.

2008-04-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	*  SF Bug Tracker [ 1948586 ]
	Uppercase U in in "xmlns:U" in Invoke Action causes seg. f.
	Submitted By: Thomas Norheim - kjakan_no
	Device no longer segfaults with the following malformed xml action:
	<u:SetColor xmlns:U="urn:schemas-upnp-org:service:tvpicture:1">
		<Color>2</Color>
	</u:SetColor>

2008-04-23 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Use -O0 in debug builds so that variables do not get optimized out.

2008-04-10 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Apostolos Syropoulos changes for OpenSolaris x86.

2008-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Andre Sodermans (wienerschnitzel) patch for building libupnp under
	windows systems with VC9.

2008-03-20 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Andre Sodermans (wienerschnitzel) patch for building libupnp under
	windows systems with VC8.

2008-03-08 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fixed a printf format problem on the upnp_tv_device.c from both
	upnp/sample/tvdevie and upnp/sample/tvcombo directories. The variable
	port was a short int instead of an unsigned short and it was beeing
	print as a negative value.

2008-03-08 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 1902668 ] Cannot compile on MSVC
	Submitted By Luke Kim - nereusuj
	Version 1.6.5 cannot be compiled because of some changes in 1.6.3.
	MSVC does not support stdint.h, gettimeofday(), sys/param.h, const int
	variables in array size and Windows does not define _WINDOWS_ but define
	_WINDOWS.
	* MSVC does not understand "const int"'s as declarators of array
	dimensions, we must use #define'd constants.
	* Use WIN32 instead of _WINDOWS_ or _WINDOWS.

2008-02-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* No longer ignore "upnp:rootdevice" advertisement. Thanks to Bob Ciora.

2008-02-10 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Changed "sys_errlist[errno]", which is deprecated, by
	"strerror_r()", which is thread safe.

2008-02-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Slightly improved error report by showing the sys_errlist string
	corresponding to errno.

2008-02-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Got rid of two useless constants: UPNP_SOCKETERROR and
	UPNP_INVALID_SOCKET. They both mean the same, that a network API
	function has failed. -1 is the value to check, not an invented constant.

*******************************************************************************
Version 1.6.5
*******************************************************************************

2008-02-02 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Peter Hartley's fix for wrong sized variable beeing passed to
	http_MakeMessage() on 64 bit architectures.


*******************************************************************************
Version 1.6.4
*******************************************************************************

2008-01-23 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Workaround for a problem with the new automake AM_CONDITIONAL macro
	from autotools-1.10. Thanks to Ingo Hofmann for helping with debugging
	this one.

2008-01-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added quoting to macros AC_CONFIG_AUX_DIR, AC_CONFIG_MACRO_DIR and
	AC_CONFIG_SRCDIR in configure.ac. Also changed the name of the
	auxiliary directory in AC_CONFIG_AUX_DIR to build-aux.

2008-01-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fix for setsockopt() in Threadpool.c to allow more than one process
	to join the multicast-group on OSX. Thanks to Ingo Hofmann.

2008-01-22 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Using defined(__OSX__) || defined(__APPLE__) instead of just
	defined(__OSX__) in the code. Thanks to Ingo Hofmann and Chris
	Pickel.

2008-01-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fix for isFileInVirtualDir. Thanks to Peter Hartley for the patch.

2008-01-07 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Putting back a "defined(__OSX__)" that has been removed in the
	previous *BSD patch. Thanks to Chris Pickel for pointing it out.

2008-01-07 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Patches Tracker [ 1865812 ] typo in docs comment
	Submitted By: Hartmut Holzgraefe - hholzgra
	typo in docs comment ACCAPTED instead of ACCEPTED in
	@name UPNP_E_UNSUBSCRIBE_UNACCAPTED [-302]
	Also, the documentation file name was mispelled and was corrected in
	the Makefile.am.

*******************************************************************************
Version 1.6.3
*******************************************************************************

2007-12-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Using pthread flags for the whole project, not just at the places
	individually indicated by several Makefile.am files spread all over
	the directories. That was too much error prone.

2007-12-24 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added a configure test to check if pthread_rwlock_t is available.
	Define _GNU_SOURCE if needed. The fallback behaviou will only be
	implemented if _GNU_SOURCE prooves to be insufficient on some
	platforms. Thanks to Jonathan Casiot (no_dice) and Robert Gingher
	(robsbox).

2007-12-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Removed unused iasnprintf.{c,h} files.

2007-12-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Removed STATSONLY() macro from ThreadPool.{c,h}.
	* Removed time() usage from ThreadPool.c.
	* Fixed STATS = 0 compilation.

2007-12-16 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Library was not compiling on FreeBSD 7. Code now no longer uses
	ftime(), using gettimeofday() instead. Thanks to Josh Carroll.


*******************************************************************************
Version 1.6.2
*******************************************************************************

2007-12-10 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fixed a compilation error due to a missing #ifdef in
	upnp/src/genlib/miniserver/miniserver.c. Thanks to Eugene Christensen.

2007-11-12 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* "make check" was failing because ixml/test/test_document.sh did not
	have the executable flag set. Thanks to Steve Bresson.

2007-11-12 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fixed a memory leak in upnpapi.c to delete gMiniServerThreadPool in
	the call to UpnpFinish(). Thanks to Fabrice Fontaine.

2007-11-09 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added a isleep() call to the error handler of select() in
	RunMiniServer(), so that it does not take 100% cpu in case select()
	fails repeatedly.

*******************************************************************************
Version 1.6.1
*******************************************************************************

2007-11-07 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 1825278 ] AdvertiseAndReply sleeps with handle lock out
	Applied patch from Alex (afaucher) to change some write locks to read
	locks.

2007-11-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Adjusting libtool library numbers to reflect the last changes.

2007-11-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 1825278 ] AdvertiseAndReply sleeps with handle lock out
	GlobalHndMutex, which was a mutex is now GlobalHndRWLock, which is a
	rwlock. HandleLock() is mapped to HandleWriteLock() while all other
	instances have not been checked. One instance in AdvertiseAndReply()
	has been changed to HandleReadLock(). Thanks to Alex (afaucher) for the 
	bug report and suggestions.

2007-11-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added support for rwlocks.

2007-11-05 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 1825929 ] woker thread still alive after UpnpFinish()
	Submitted By: Luke Kim - nereusuj
	Worker thread still alive after calling UpnpFinish() because
	ThreadPoolShutdown() is in the #ifdef DEBUG block.
	421
	422 #ifdef DEBUG
	423 ThreadPoolShutdown( &gSendThreadPool );
	424 ThreadPoolShutdown( &gRecvThreadPool );

2007-08-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Changed the calls to virtualDirCallback.open(filename, UPNP_WRITE)
	to (virtualDirCallback.open)(filename, UPNP_WRITE) (notice the
	parenthesis) due to a change in glibc that produces compilation
	errors.

2007-08-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Initialization of the "randomness" struct so that valgrind does not
	complain.

2007-08-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Merge of patch submitted By Keith Brindley - brindlk
	SF Bug Tracker [ 1762758 ] Seek not working for large files
	Problem:
	Requests from the uPnP client to seek to a position beyond 2GB in a large
	file are handled as a request to see from the 2GB point.

	Impact:
	Varies depending on client. The Xbox 360 kills the connection when it
	realises.

	Solution:
	GetNextRange function (webserver.c) is updated to handle large file sizes.
	Fix should also recognise when built on a 32bit platform rather than 64 and
	handle accordingly.

2007-08-05 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Merge of Mac OS X patch from Stéphane Corthésy (davelopper),
	SF Bug Tracker [ 1686420 ] Modifications for MacOSX.
	Some of the proposed changes were already done by Rene Hexel's patch.

*******************************************************************************
Version 1.6.0
*******************************************************************************

2007-06-10 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* More fixes to Mac OS X and NetBSD from Rene Hexel:
	[pupnp-devel] NetBSD & Mac OS X packages and patches

	  Okay, I found a couple more things.  I have attached a patch file
	against the trunk (version 206) that make the repository code compile
	and run on both Mac OS X and NetBSD.

	This fixes the following issues:

	   upnp/src/api/upnpapi.c: SIOCGIFCONF didn't work properly, use
	getifaddrs() instead (on BSD systems).

	  threadutil/src/ThreadPool.c: priorities only work if
	_POSIX_PRIORITY_SCHEDULING is defined (and greater than 0).

	  threadutil/src/LinkedList.c and threadutil/src/iasnprintf.c: use
	stdlib.h instead of malloc.h on all BSD systems (not just FreeBSD).
	This is important, because malloc.h does not exist on Darwin/Mac OS X.

	  Cheers
	      ,
	   Rene

2007-06-09 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* [pupnp-devel] NetBSD & Mac OS X packages and patches.
	Rene Hexel's <rh@netbsd.org> patch to compile in NetBSD and Mac OS X.

2007-05-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Updated the macro files acx_pthread.m4, ax_cflags_gcc_option.m4,
	ax_cflags_warn_all.m4, m4/ax_cflags_warn_all_ansi.m4,
	m4/type_socklen_t.m4.

2007-05-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fixed an issue with the instalation of the file upnpdebug.h. Since
	the last modifications that removed the macro DEBUV_ONLY, this file
	must be installed even on a non-debug build.

2007-05-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Bug Tracker [ 1711325 ] Bad DestAddr in Upnp_Discovery structure
	Submitted By: Bob Ciora
	The field DestAddr of the structure Upnp_Discovery is now a full
	SOCKADDRIN instead of a pointer to SOCKADDRIN. Commented code sugests
	that in a previous moment, the function ssdp_handle_ctrlpt_msg() did
	not use a postponed thread to call ctrlpt_callback(). Now the code
	uses a thread, and most probably the original data would get lost and
	the pointer would point to an invalid memory region. This fix caused
	an interface change in the library and the minor library version was
	bumped. Also, the libtool library numbers were changed accordingly.

*******************************************************************************
Version 1.4.7
*******************************************************************************

2007-05-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added support for the Basic Device
	(http://www.upnp.org/standardizeddcps/basic.asp) as suggested by
	Titus Winters.

2007-05-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fixed the file libupnp.pc.in to generate a correct path for the
	include files.

2007-05-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Removing the Dbg_Level, InitLog, SetLogFileNames and CloseLog
	defines. These were just aliases, no reason to keep them.

2007-05-25 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Changed the comments of the include files that expose the UPnP API
	to use only C89 comments and no C99 comments.

2007-05-24 Nektarios K. Papadopoulos <npapadop(at)inaccessnetworks.com>
	* Added tvcombo sample that demonstrates coexistence of a device and a
	control point in the same application.

2007-05-24 Nektarios K. Papadopoulos <npapadop(at)inaccessnetworks.com>
	* SF Tracker FR [ 1570020 ].
	* Enable both device and control point in the same application. Resolve
	deadlock in the SSDP processing threads.
	* Fix Threadpool expansion condition.
	Thanks to Siva Chandran P. for the original patch.

2007-05-24 Nektarios K. Papadopoulos <npapadop(at)inaccessnetworks.com>
	* Modified tvdevice (control and picture) service descriptions to make
	compatible with WinXP/IE control point. 'in' arguments must appear before
	'out' arguments in argument list.
	Thanks to Martin Tremblay for pointing out the solution originally provided
	by MORIOKA Yasuhiro.

2007-05-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* More MSVC fixes, using XINLINE instead of inline, MSVC has troubles
	with inline. Thanks to David Maass for reporting.
	* Changed XINLINE to UPNP_INLINE.

2007-05-21 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added the file build/inc/msvc/inttypes.h. This file is for use with
	MSVC only, because it does not provide C99 compatibility.

2007-05-18 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Removed all uses of the DEVICEONLY(x) macro.

2007-05-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Removed all uses of the DBGONLY(x) macro. A static inline empty
	function now is used and the compiler takes care of optimizing it out.

2007-05-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fixed a bug in UpnpPrintf, function could call va_start() and return
	befor calling va_end().

2007-05-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* EXPORT_SPEC missing on some declarations in ixml/inc/ixml.h.
	Thanks to David Maass.

2007-05-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* sizeof is unsigned, so %zu is more adequate than %zd.

2007-05-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Using an invented printf directive PRIzu that on MSVC
	expands to "lu", and on normal C99 compilers expands to "zu".

2007-05-15 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Rewrote raw_find_str. Now it no longer uses strcasestr(), but it
	transforms the first input buffer into lowercase.

2007-05-08 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fix for debug printf format strings. size_t are not expected
	in a string format like "%.*s".

2007-05-08 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Added inttypes.h as a header requirement in configure.ac.

2007-05-11 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Moved upnp_tv_ctrlpt and upnp_tv_device executables from folder
	upnp to folder upnp/sample. Moved folder upnp/sample/tvdevice/web
	to folder upnp/sample/web. This way, if someone compiles the
	tarball and executes upnp_tv_device from its creation directory,
	there will be no error -108 for not finding directory web.

*******************************************************************************
Version 1.4.6
*******************************************************************************

2007-04-19 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Fix for freebsd host_os in configure.ac.

*******************************************************************************
Version 1.4.5
*******************************************************************************

2007-04-19 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* Case insensitive comparison in raw_find_str() (httpparser.c) as
	suggested by Craig Nelson in SF Tracker [ 1689382 ] DLINK DIR-625
	patch.

2007-04-07 Nektarios K. Papadopoulos <npapadop(at)inaccessnetworks.com>
	* Fix for a bug in makeAction where va_arg was beeing called one
	extra time.

2007-04-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Tracker [ 1703533 ] Patch to make it compile under FreeBSD
	Submitted By: Timothy Redaelli - drittz
	I made some patches to make it compile under FreeBSD using
	gethostbyaddr_r when supported.

2007-04-28 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* [pupnp-devel] Type mixup on x86_64 causes UPNP_E_OUTOF_MEMORY
	Submitted By: Glen Masgai
	after an UpnpSendActionAsync() for example, i get UPNP_E_OUTOF_MEMORY
	in the callback using 1.4.4 on a x86_64 system. This happens in
	http_MakeMessage(), which in some cases get called with wrong types
	(int instead of size_t) in combination with format "b" and "Q".
	The attached patch should fix this.

*******************************************************************************
Version 1.4.4
*******************************************************************************

2007-04-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Tracker [ 1695399 ] Typo in util.h
	Submitted By: Luke Kim - nereusuj
	Unix sleep is in seconds but WIN32 Sleep is in milliseconds.

2007-04-17 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Tracker [ 1652827 ] UpnpRegisterRootDevice returned -104
	Submitted By: Michael Andersen - miwer
	
	Issue was found to be related to sizeof (size_t) != sizeof (int)
	on AMD64 systems. Emil Ljungdahl's AMD64 patch has been applied along
	with some other fixes. Original user report follows:

	When I run upnpd I get the above mentioned error (UPNP_E_OUTOF_MEMORY).
	I've tried with 1.4.1 and 1.4.2-RC3, it's the same. I don't understand why,
	because I have plenty of RAM, and I even tried closing some applications,
	but it didn't help.

	$ upnpd eth1 br0

	The following is logged in the /var/log/messages:
	Feb 6 01:33:47 server upnpd[6933]: Error registering the root device with
	descDocUrl: http://192.168.0.1:49152/gatedesc.xml
	Feb 6 01:33:47 server upnpd[6933]: UpnpRegisterRootDevice returned -104


	I tried enabling debugging and it looks like it cannot allocate memory
	through the membuffer_append function. It's wierd because it's only a few
	bytes.

	Please note, that I enabled some extra debugging lines that were commented,
	in order to get more information. See attached files.

*******************************************************************************
Version 1.4.3
*******************************************************************************

2007-03-13 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	* SF Tracker [ 1663004 ] Compile on Cygwin
	Submitted By: Jon Foster - jongfoster
	This patch gives basic support for building under Cygwin - it compiles,
	links, and a simple UPnP device application can initialise. I'm not sure
	if it actually works yet, but this is definitely a step in the right
	direction.
	
	Patch is against the 1.4.1 release. Changes are:
	
	* threadutil/inc/ithread.h: Fix the ithread mutex support to use
	documented, portable APIs (if present) rather than the Non-Portable (_NP)
	ones it uses now. This is required because Cygwin implements only the
	portable API.
	
	* threadutil/src/ThreadPool.c: Fake SetPolicyType() to do nothing on Cygwin
	because otherwise it fails. Should probably investigate why it fails and
	add a proper implementation later.
	
	* upnp/src/api/upnpapi.c: On Cygwin, zero out the GlobalHndMutex structure
	before initialising it. Without this, the initialisation fails. This
	appears to be a bug in Cygwin.
	
	* upnp/src/genlib/net/uri/uri.c: Use gethostbyname() on Cygwin.
	
2007-03-05 Oxy <oxygenic(at)users.sourceforge.net>
	* Code adapted and typedefs added to compile cleanly under Windows
	with Borland C++ Builder and MS Visual C++

2007-03-03 Marcelo Jimenez <mroberto(at)users.sourceforge.net>
	
	* Fixed nasty segmentation fault bug on membuffer.c.
	
*******************************************************************************
Version 1.4.2
*******************************************************************************

2007-02-09 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	* 32/64 bits portability issues on *printf.
	Use %zd for size_t, and cast to (long long) for off_t.

2007-02-02 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	* Bumped the program version to 1.4.2 in config.ac.

	* Now requires autoconf 2.60.

	* Fixed docdir use.

	* Does not install the documentation by default.

	* Use dist-bzip2 to create a .bz2 distribution file.

2007-01-23 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	* SF Tracker [ 1634922 ] Support for large files (>= 2 GiB), part 2
	Submitted By: Jonathan Casiot - no_dice
	Summary: This patch hopefully fixes the remaining types and related
	code to enable files >= 2 GiB to be streamed. Jonathan claims to have
	tested this with a patched version of ushare-0.9.8 and a D-Link DSM-520.

2007-01-09 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	* SF Tracker [ 1628629 ] Multicast interface patch
	Submitted By: Fredrik Svensson - svefredrik
	This patch fixes two problems:
	1) Specify the IP address for the interface when we do
	setsockopt IP_ADD_MEMBERSHIP. This makes it possible to run
	when no default router has been configured.
	2) Explicitly set the multicast interface through setsockopt
	IP_MULTICAST_IF. Avoids socket error -207 in some cases.
	
	* SF Tracker [ 1628590 ] XML parsing segfault patch
	Submitted By: Fredrik Svensson - svefredrik
	This patch fixes a segmentation fault problem that occurrs
	when parsing XML code than some routers produce.

2007-01-06 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	* SF Tracker [ 1628552 ] XML white space patch
	Submitted By: Fredrik Svensson - svefredrik
	
	* SF Tracker [ 1628562 ] Maximum total jobs patch
	Submitted By: Fredrik Svensson - svefredrik
	Also, I incremented the libray versions and included some
	comments in the file configure.ac so that we do not bump
	the library version excessively, only the necessary numbers
	on the next release.
	
	* SF Tracker [ 1628575 ] Linksys WRT54G patch
	Submitted By: Fredrik Svensson - svefredrik
	
	* SF Tracker [ 1628636 ] SSDP packet copy patch
	Submitted By: Fredrik Svensson - svefredrik
	Changed NUM_COPY to 1 since, according to section 9.2 of the
	HTTPU/MU spec, we should never send more than one copy of a
	reply to an SSDP request. Ref. section 9.2 of
	http://www.upnp.org/download/draft-goland-http-udp-04.txt

2006-12-23 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	* Thorough revision of every call of http_MakeMessage() due to a
	bug introduced in rev.79 "largefile patch added".
	http_MakeMessage() has a worst than brain damaged "printf" like
	interface. In rev.79, the "N" format parameter must be an off_t.
	Every call of this function with an "N" format parameter and an
	int passed on the stack would fail terribly.
	
	* SF Bug tracker [ 1590469 ]
	Typo in ixmlparser.c
	Submitted By: Erik Johansson - erijo
	
	* SF Bug Tracker [ 1590466 ] Invalid xml output
	Submitted By: Erik Johansson - erijo
	
	* SF Patch tracker [ 1581161 ] VStudio2005 patch
	Submitted By: David Maass - darkservant
	
	* SF Patch tracker [ 1587272 ] const-ified ixml
	Submitted By: Erik Johansson
	
	* Finished const-ifications as suggested by Erik Johansson in
	SF Patch tracker [ 1587272 ].

2006-07-05 Nektarios K. Papadopoulos <npapadop(at)inaccessnetworks.com>
	* [bug-id] 1580440
	[submitted-by] Erik Johansson - erijo
	[patched-by] Erik Johansson - erijo
	The SOAP HTTP message that's generated on upnp errors
	is missing a \r\n\ between header and body.

2006-07-07 Oxy <virtual_worlds(at)gmx.de>

	* support for large files (>2 GBytes) added


*******************************************************************************
Version 1.4.1
*******************************************************************************

2006-07-07 Oxy <virtual_worlds(at)gmx.de>

	* full support for Windows added, static library and DLL are fully
	working, code compiles with Borland Builder C++ and MS Visual
	C/C++

2006-07-05 Nektarios K. Papadopoulos <npapadop(at)inaccessnetworks.com>

	* Include prebuilt documentation (html,pdf), dropping doc++ 
	dependancy.

2006-07-03 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	* Patch for FreeBSD, thanks to Markus Strobl.

2006-06-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	* Fix for missing "else" in httpreadwrite.c. Thanks to npapadop
	for the patch.

2006-06-26 Marcelo Jimenez <mroberto(at)users.sourceforge.net>

	* Fix for va_list initialization in x86_64 architectures.

2006-06-08 Oxy <virtual_worlds(at)gmx.de>

	* Patch to fix memory leaks and reasons for crashes added (thanks
	to loigu)

*******************************************************************************
Version 1.4.0
*******************************************************************************

2006-05-26 Oxy <virtual_worlds(at)gmx.de>

	* defines in iasnprintf.h changed to work with GCC-version < 3

2006-05-22 Oxy <virtual_worlds(at)gmx.de>

	* BSD-patch added (not tested yet on an BSD system)

2006-05-19 Oxy <virtual_worlds(at)gmx.de>

	* Patch added for bug: ixml parser colapsed on empty args (arg="")

2006-05-18 Oxy <virtual_worlds(at)gmx.de>

	* DSM-320 patch added (fetched from project MediaTomb)
	
	* httpGet additons atch added, Added proxy support by introducing
	  UpnpOpenHttpGetProxy. UpnpOpenHttpGet now just calls
	  UpnpOpenHttpGetProxy with the proxy url set to NULL.
	  
	* Bugfix for typo ("\0" / "0") in ixmlparser.c
	
	* Bugfix for M-Search packet

*******************************************************************************
FORK FROM DEAD libupnp
*******************************************************************************

2006-04-29  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* THANKS: new file with list of contributors

	* upnp/src/gena/gena_device.c (respond_ok): add 'Content-Length: 0'
	  in subscription response. Patch by Chaos (Bug # 1455367).

2006-04-08  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/doc/UPnP_Programming_Guide.pdf: replace this document with 
	  the one in libupnp-doc-1.2.1 because current CVS version 
	  was corrupted.

2006-04-06

	* changes applied to several files to work under Sparc Solaris, temporarily
	  requiring a define SPARC_SOLARIS

2006-04-03  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/Makefile.am: install upnp samples in $(docdir)/examples

2006-03-28  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* configure.ac: add --with-docdir option to choose where documentation
	  is installed (or -without-docdir to not install the documentation)

2006-03-27  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* ixml/test: add simple test suite for xml parser

2006-03-26  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* ixml/src/ixmlparser.c (Parser_processCDSect): fix bug which prevents
	  CDATA sections which contain a 0 (zero) to be parsed (instead the
	  parsing of the whole document is aborted). Patch by Arno Willig 
	  (Patch # 1432124).

	* configure.ac, upnp/Makefile.am: add "--disable-samples" configure
	  option, and move samples compilation from check_PROGRAMS to
	  noinst_PROGRAMS

2006-03-25  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/src/genlib/miniserver/miniserver.c (get_miniserver_sockets): 
	  fix bug if new socket created has fd 0 (can only occur when stdin
	  has been closed). Patch by Oskar Liljeblad 2004-07-02 :
	  http://sourceforge.net/mailarchive/message.php?msg_id=8870528
	
2006-03-21  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/test/test_init.c: add some version checks and exit if failure

2006-03-05  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* libupnp version 1.3.1

	* upnp/inc/upnpconfig.h.in: add new define UPNP_VERSION_PATCH

	* upnp/test/test_init.c: add simple test to run during checks

	* upnp/inc/upnp.h: include "upnpdebug.h" only if debug enabled
	  in the library (else header file is not installed)

	* upnp/Makefile.am (libupnp_la_LDFLAGS): add inter-library libtool
	  dependencies between upnp and ixml / threadutil, so that programs 
	  linking against upnp only still work.

2006-03-04  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* libupnp version 1.3.0

2006-03-03  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/src/genlib/net/http/httpreadwrite.c (get_sdk_info): use
	  package version string from configure to set sdk info

	* upnp/Makefile.am: add sample/tvdevice/web/ files in EXTRA_DIST
	  + do not distribute generated upnpconfig.h file.

2006-02-28  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/src/inc/config.h, configure.ac: use only new defines
	  UPNP_HAVE_xx instead of INCLUDE_yyy_APIS and INTERNAL_WEB_SERVER

	* upnp/Makefile.am, ixml/Makefile.am: add -export-symbols-regex to
	  the librarie LDFLAGS in order to export only the symbols defined 
	  in the API

2006-02-27  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* configure.ac: add libtool versions for the 3 libraries

	* ixml/src/ixml.c (copy_with_escape): add missing 'static' to function

	* threadutil/src/ThreadPool.c (SetSeed): add missing 'static' 

2006-02-26  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* threadutil/inc/iasnprintf.h: add gcc __printf__ format attribute
	  to "iasnprintf"

	* upnp/src/api/upnpapi.c: fix invalid UpnpPrintf formats

	* upnp/src/gena/gena_device.c: fix invalid UpnpPrintf formats

	* upnp/src/inc/config.h: move upnp/inc/config.h to internal
	  sources (this file is no longer installed with the libraries)

	* upnp/inc/upnpdebug.h: new file created from debug definitions
	  previously in upnp/inc/config.h

	* upnp/src/api/config.c: rename to upnp/src/api/upnpdebug.c

	* upnp/inc/upnpconfig.h.in: new file to contain information on    
	  the configuration of the installed libraries (generates installed
	  file <upnp/upnpconfig.h>)

2006-02-22  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/ : add missing include of config.h in some .c files

2006-02-21  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/inc/upnp.h: move some definitions which should not be
	  exported into "upnp/src/inc/util.h"

	* import all modifications below from libupnp in djmount 0.51
	  into official libupnp
	
2006-01-17  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* threadutil/Makefile.am (libthreadutil_la_SOURCES): remove extraneous
	  file

2006-01-15  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* configure.ac: add checks for large-file support

	* upnp/inc/config.h: rename to "upnpconfig.h". The new "config.h" file
	  is the one generated by autoconf.

	* m4/type_socklen_t.m4: added new check for socklen_t (fallback to
	  int if not defined)

	* upnp/src/genlib/miniserver/miniserver.c, 
	  upnp/src/ssdp/ssdp_server.c: use socklen_t where appropriate 
	  (instead of int)

	* upnp/src/genlib/net/http/httpreadwrite.c (get_sdk_info): remove
	  XINLINE declaration (unused and too late)

	* ixml/src/node.c (ixmlNode_getNodeType): fix compilation warning
	  on const return type

2006-01-12  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/src/inc/readwrite.h : suppress unused C++ header file

2006-01-11  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/inc/config.h, upnp/src/inc/upnpapi.h, 
	  upnp/src/inc/httpreadwrite.h: remove internal configuration variable 
	  MINIMUM_DELAY (no clear purpose)

2005-12-05  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/inc/upnp.h: re-declare obsolete method UpnpSetContentLength,
	  for binary compatibility with previous libupnp version.

	* upnp/src/api/upnpapi.c: correct type of g_maxContentLength to size_t

2005-11-01  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* autoconfiscate library : replace all makefiles by Makefile.am
	  for automake support, + preliminary autoconf support
	  (generated config.h not yet used in source files)

2005-10-18  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/src/makefile: fix location of DEBUG STATIC libupnp library
	
	* upnp/sample/tvctrlpt/linux/Makefile, 
	  upnp/sample/tvdevice/linux/Makefile: fix STATIC library support

2005-10-16  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* threadutil/src/Makefile (clean): remove built library

2005-08-28  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* ixml/src/ixml.h, ixml/src/ixml.c (ixmlRelaxParser) : new function

	* ixml/src/ixmlparser.h, ixml/src/ixmlparser.c (Parser_setErrorChar) :
	  new function

2005-08-02  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* ixml/src/Makefile: correct bug for static library being incorrectly 
	  stripped when building non-debug

2005-06-09  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* ixml/src/element.c (ixmlElement_removeAttributeNode): 
	  remove some compilation warning

	* ixml/inc/ixml.h, ixml/src/document.c : 
	  add some missing const's in public API 

	* upnp/inc/upnptools.h, upnp/src/api/upnptools.c : 
	  add missing const's in public API

2005-05-28  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/inc/config.h: suppress HTTP_READ_BYTES (unused)
	  and replace by DEFAULT_SOAP_CONTENT_LENGTH (previously in upnpapi.h)
	
	* upnp/inc/upnp.h, upnp/src/api/upnpapi.c : replace 
	  UpnpSetContentLength (which was not using its Handle argument) 
	  by global function UpnpSetMaxContentLength. 
	  Remove "hard" limitation to 32K (not suitable for using in UPnP AV).
	
	* upnp/src/inc/upnpapi.h : removed DEFAULT_SOAP_CONTENT_LENGTH
	  (moved to config.h) and MAX_SOAP_CONTENT_LENGTH (now unused)

	* upnp/src/api/upnptools.c : add more error message strings

	* upnp/src/genlib/net/http/httpreadwrite.c : return OUTOF_BOUNDS
	  instead of BAD_HTTPMSG when allowed Content Length is exceeded.

	* upnp/src/genlib/net/http/httpreadwrite.c : corrected an incorrect
	  sprintf format
	
2005-05-27  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/makefile, upnp/src/makefile, 
	  ixml/Makefile, ixml/src/Makefile, 
	  threadutil/Makefile, threadutil/src/Makefile : 
	  implement STATIC library support (from patch at 
	  http://sourceforge.net/tracker/?group_id=7189&atid=307189 )

2005-05-26  Rémi Turboult  <r3mi(at)users.sourceforge.net>

	* upnp/src/api/upnpapi.c, upnp/src/soap/soap_device.c,
	  upnp/src/soap/makefile : 
	  corrections for compilation with CLIENT=1 only
	
	* importing "libupnp-1.2.1a" as baseline