update miniupnpc

[MaxXor]

Updated the miniupnpc module from miniupnp/miniupnp@587f33c

Changelog:

• Fix CVE-2017-8798 Thanks to tin/Team OSTStrom
• Check strlen before memcmp in XML parsing portlistingparse.c
• Fix build under SOLARIS and CYGWIN
• Add python 3 compatibility to IGD test

[anonimal]

Hi @MaxXor,

JFTR: this should be a submodule like #2133 and (eventually) #2317. Lucky for us, miniupnpc uses git so it will be easy pull. Even more important: CVE or not, unless people can keep a regular/close eye on development, we should use tagged versions and not arbitrary commits in their master branch. The CVE fix is good (why haven't they bumped their version or created a release-candidate...) but what other unknown issues could be brought into the master branch since their most recent release? They are in active development, so this is why tagged versions are usually the go-to for dependency resolution.

[MaxXor]

@anonimal Yes I agree it should be a git submodule. Maybe @fluffypony could create a fork of miniupnp under the @monero-project account?
I understand your concerns when using the latest commit from the master branch. Would it be an option to just include the CVE patch?

[moneromooo-monero]

Adding the CVE fix only on the release-0.11 branch too would be nice, independently of what happens here.

[fluffypony]

I've created a repo for miniupnpc, we can switch to a submodule post-merge