rokudev / hello-world Goto Github PK

We have a media app that doesn't just do video, it is built in html, does the Roku platform have a html control we can embed in the app? This is a requirement we can't get around.

The following ZIP is referenced in the Roku 'Getting Started', and it does NOT work for uploading: https://github.com/rokudev/hello-world/blob/master/dist/apps/hello-world.zip

(Source: https://developer.roku.com/docs/developer-program/getting-started/hello-world.md)

The error when trying to publish it: "The file you uploaded is incorrectly packaged. Please follow our guide to packaging an application and resubmit."

This ZIP should be updated or removed and the documentation updated.

Description
According to its banner, the version of Portable SDK for UPnP Devices (libupnp) running on the remote host is prior to 1.6.18. It is, therefore, affected by multiple remote code execution vulnerabilities :

• A stack-based buffer overflow condition exists in the unique_service_name() function within file ssdp/ssdp_server.c when handling Simple Service Discovery Protocol (SSDP) requests that is triggered while copying the DeviceType URN. An unauthenticated, remote attacker can exploit this, via a specially crafted SSDP request, to execute arbitrary code.
  (CVE-2012-5958)

• A stack-based buffer overflow condition exists in the unique_service_name() function within file ssdp/ssdp_server.c when handling Simple Service Discovery Protocol (SSDP) requests that is triggered while copying the UDN prior to two colons. An unauthenticated, remote attacker can exploit this, via a specially crafted SSDP request, to execute arbitrary code. (CVE-2012-5959)

• A stack-based buffer overflow condition exists in the unique_service_name() function within file ssdp/ssdp_server.c when handling Simple Service Discovery Protocol (SSDP) requests that is triggered while copying the UDN prior to the '::upnp:rootdevice' string. An unauthenticated, remote attacker can exploit this, via a specially crafted SSDP request, to execute arbitrary code. (CVE-2012-5960)

• Multiple stack-based buffer overflow conditions exist in the unique_service_name() function within file ssdp/ssdp_server.c due to improper validation of the UDN, DeviceType, and ServiceType fields when parsing Simple Service Discovery Protocol (SSDP) requests. An unauthenticated, remote attacker can exploit these issues, via a specially crafted SSDP request, to execute arbitrary code. (CVE-2012-5961, CVE-2012-5962, CVE-2012-5963, CVE-2012-5964, CVE-2012-5965)

Problem

This channel does not work on SD TVs. Only part of the "Hello World!" text is displayed.

Cause

The manifest file does not contain a ui_resolutions entry. Consequently, the channel reverts to the default, which is ui_resolutions=sd,hd. The channel assumes a 1280x720 display. No scaling down to 720x480 takes place because of the presence of the default 'sd' UI resolution.

Solution

Add the following line to the manifest file:

ui_resolutions=hd

https://www.youtube.com/watch?v=AddtrV6UFFs