pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/devel/libosip libosip: Update to 5.1.1



details:   https://anonhg.NetBSD.org/pkgsrc/rev/5fe5e211885b
branches:  trunk
changeset: 412431:5fe5e211885b
user:      nia <nia%pkgsrc.org@localhost>
date:      Fri Mar 06 12:52:20 2020 +0000

description:
libosip: Update to 5.1.1

libosip2 (5.1.1) - 2020-01-16
        * fix vulnerability report: Authentication-Info or Proxy-Authentication-Info are affected by a buffer overflow when building sip messages.
        * fix vulnerability report: when boundary only contains one quote, strncpy will use the unsigned value of -1 as size parameter.
        * fix: avoid several memory leaks detected in the SDP parser upon invalid SDP formats.
        * fix bug #57467: infinite loop in sdp_message_a_attribute_del_at_index
        * fix bug #56071: Heap-buffer-overflow in osip_util_replace_all_lws function in osip_message_parse.c
        * fix to reject any non compliant answer with missing version digits.

libosip2 (5.1.0) - 2019-03-27
        * STRUCTURE change: struct osip_srv_record
        * STRUCTURE change: struct osip_naptr
        * constant renamed: CRLF, LF, CR, SP renamed to OSIP_CRLF, OSIP_LF, OSIP_CR, OSIP_SP

        * new API: int parser_add_comma_separated_header(const char *hname);

        * support larger binary attachment.
        * use strspn for better readability.
        * update osip_naptr & osip_srv_record structures to hold more NAPTR info and store ENUM result.
        * add AM_SILENT_RULES for autotools silent compilation.
        * fix a bug introduced in version 5: The current code is not counting correctly escaped " for multiple
          headers on one line. This is fixed.
        * In order to prevent incorrect parsing of header that should not appear on one line, osip now contains
          a list of known headers which are allowed to appear as "multiple header on one line separated with COMMA".
          Other headers will be parsed as ONE header.
        * new API: parser_add_comma_separated_header API can be used to add other headers in the list, so they
          will be parsed by osip as "multiple header on one line".
        * support for Visual Studio 2017: rename macro, better usage of WINAPI_FAMILY.
        * add some pre-defined SIP answer code (from www.iana.org/assignments/sip-parameters/)
        * fix windows compilation on mingw/msys if compiling without threads.
        * fix bug report: sr #109265: SIP message body length underflow in libosip2-4.1.0
          https://savannah.gnu.org/support/?109265
        * other minor changes: warning, compilation...

libosip2 (5.0.0)
        * STRUCTURE change: additionnal parameter for "struct osip_srv_entry" used for failover in eXosip2.

        * fix overflow: sr #109133: Heap buffer overflow in utility function *osip_clrncpy*
        * fix overflow: sr #109132: Heap buffer overflow in *osip_body_to_str*
        * fix overflow: sr #109131: Heap buffer overflow in `_osip_message_to_str`
        * simplify usage of timercmp/timerisset/timerclear
        * optimize list search: use iterator
        * improve/update autotools (./configure and options, Makefile.am, ax_thread.m4...)
        * verify a URI scheme only contains allowed char
        * improve make check (test unit) to make it clear about the results expected.
        * fix a possible buffer overflow of 1 byte in sdp_message_to_str (size=sdp allocated size)
        * fix cseq check in order to stop retransmission of 200ok
        * update to reject negative value in port number
        * add support for ntlm authentication in parser
        * include application_data when cloning sip message
        * fix to allow correct parsing of quoted string in from/to/contact/...
        * add authorizations and proxy_authorizations into ACK for 3xx, 4xx, 5xx, and 6xx (if answer was not 401/407)
        * additionnal check for cseq number for matching incoming ack restransmission
        * patch to transmit ack for OSIP_ICT_ACK_SENT event
        * improve management of body length // fix a bug when initial value of body is \0.
        * increase timer E as soon as we receive 1xx for NICT.
        * update all reasons according to RFC.
        * add some reason code from rfc4412, rfc3261 and rfc6086.
        * parse addr spec with LAQUOT and RAQUOT in generic parameters.
        * avoid issue with comma in userinfo of URI which may appear for several headers such as Contact.
        * do not use multiple header method for t, f, i, r, refer-to, b, referred-by headers.
        * allow faster connection with non blocking reliable sockets.
        * improve android time compensation.

diffstat:

 devel/libosip/Makefile                                               |  11 +---
 devel/libosip/distinfo                                               |  14 ++----
 devel/libosip/patches/patch-src_osipparser2_osip__body.c             |  21 ----------
 devel/libosip/patches/patch-src_osipparser2_osip__message__parse.c   |  19 ---------
 devel/libosip/patches/patch-src_osipparser2_osip__message__to__str.c |  20 ---------
 devel/libosip/patches/patch-src_osipparser2_osip__port.c             |  18 --------
 6 files changed, 9 insertions(+), 94 deletions(-)

diffs (143 lines):

diff -r 901d4f74407f -r 5fe5e211885b devel/libosip/Makefile
--- a/devel/libosip/Makefile    Fri Mar 06 12:43:32 2020 +0000
+++ b/devel/libosip/Makefile    Fri Mar 06 12:52:20 2020 +0000
@@ -1,8 +1,6 @@
-# $NetBSD: Makefile,v 1.21 2020/01/18 23:30:32 rillig Exp $
-#
+# $NetBSD: Makefile,v 1.22 2020/03/06 12:52:20 nia Exp $
 
-DISTNAME=      libosip2-4.1.0
-PKGREVISION=   1
+DISTNAME=      libosip2-5.1.1
 CATEGORIES=    devel
 MASTER_SITES=  ${MASTER_SITE_GNU:=osip/}
 
@@ -11,12 +9,11 @@
 COMMENT=       Implementation of SIP
 LICENSE=       gnu-lgpl-v2.1
 
-USE_LIBTOOL=           yes
-GNU_CONFIGURE=         yes
+USE_LIBTOOL=   yes
+GNU_CONFIGURE= yes
 
 PKGCONFIG_OVERRIDE+=   libosip2.pc.in
 
 .include "options.mk"
-
 .include "../../mk/pthread.buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"
diff -r 901d4f74407f -r 5fe5e211885b devel/libosip/distinfo
--- a/devel/libosip/distinfo    Fri Mar 06 12:43:32 2020 +0000
+++ b/devel/libosip/distinfo    Fri Mar 06 12:52:20 2020 +0000
@@ -1,11 +1,7 @@
-$NetBSD: distinfo,v 1.16 2019/04/21 16:25:38 khorben Exp $
+$NetBSD: distinfo,v 1.17 2020/03/06 12:52:20 nia Exp $
 
-SHA1 (libosip2-4.1.0.tar.gz) = 61459c9052ca2f5e77a6936c9b369e2b0602c080
-RMD160 (libosip2-4.1.0.tar.gz) = 3f86bf7872cd382f331b49f5e03a6ddddd338afa
-SHA512 (libosip2-4.1.0.tar.gz) = 8a04e047052aa6b970bb107aa8c0f94ed7c984defe69c3f2788f0b7677325812925a9386c1059499aa0940bb524ac1f724b5489f08e5b2210d190bad68271ee7
-Size (libosip2-4.1.0.tar.gz) = 636382 bytes
+SHA1 (libosip2-5.1.1.tar.gz) = 21e04561d5ebf27c1870cdc72e8387912ea769d2
+RMD160 (libosip2-5.1.1.tar.gz) = 42e9230f883734f56e97c23d84ac6f6301f0fc96
+SHA512 (libosip2-5.1.1.tar.gz) = 485a385b67ff422878bb45ae16936a5ef4cfbff3c7db618a3ff57b942bae6d269c108fa58d58caf5be1123155fb946595e10aba5cf261ec656168444fddf840a
+Size (libosip2-5.1.1.tar.gz) = 721763 bytes
 SHA1 (patch-src_osip2_port__sema.c) = 690cc6204025566f605cfc58a1652b95afc8e65f
-SHA1 (patch-src_osipparser2_osip__body.c) = fcbbb11e6a1b87f46faa1742d75a1951342b4095
-SHA1 (patch-src_osipparser2_osip__message__parse.c) = 2f9fea6f6ebea18b1bccb685a731ddf2295728dd
-SHA1 (patch-src_osipparser2_osip__message__to__str.c) = 12d559f25566c2143c9a679befb4b28bd03c3a63
-SHA1 (patch-src_osipparser2_osip__port.c) = 3723661ad715531bebb4ba6af7dd2e056f205e93
diff -r 901d4f74407f -r 5fe5e211885b devel/libosip/patches/patch-src_osipparser2_osip__body.c
--- a/devel/libosip/patches/patch-src_osipparser2_osip__body.c  Fri Mar 06 12:43:32 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,21 +0,0 @@
-$NetBSD: patch-src_osipparser2_osip__body.c,v 1.1 2019/04/21 16:25:38 khorben Exp $
-
-Apply fix for CVE-2016-10326 (from Debian)
-
---- src/osipparser2/osip_body.c.orig   2013-12-18 18:36:46.000000000 +0000
-+++ src/osipparser2/osip_body.c
-@@ -417,6 +417,14 @@ osip_body_to_str (const osip_body_t * bo
-   }
- 
-   if ((osip_list_size (body->headers) > 0) || (body->content_type != NULL)) {
-+    if (length < tmp_body - ptr + 3) {
-+      size_t len;
-+
-+      len = tmp_body - ptr;
-+      length = length + 3 + body->length; /* add body->length, to avoid calling realloc often */
-+      ptr = osip_realloc (ptr, length);
-+      tmp_body = ptr + len;
-+    }
-     tmp_body = osip_strn_append (tmp_body, CRLF, 2);
-   }
-   if (length < tmp_body - ptr + body->length + 4) {
diff -r 901d4f74407f -r 5fe5e211885b devel/libosip/patches/patch-src_osipparser2_osip__message__parse.c
--- a/devel/libosip/patches/patch-src_osipparser2_osip__message__parse.c        Fri Mar 06 12:43:32 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,19 +0,0 @@
-$NetBSD: patch-src_osipparser2_osip__message__parse.c,v 1.1 2019/04/21 16:25:38 khorben Exp $
-
-Apply fix for CVE-2017-7853 (from Debian)
-
---- src/osipparser2/osip_message_parse.c.orig  2013-12-18 18:36:46.000000000 +0000
-+++ src/osipparser2/osip_message_parse.c
-@@ -812,6 +812,12 @@ msg_osip_body_parse (osip_message_t * si
-     if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
-       start_of_body++;
- 
-+    /* if message body is empty or contains a single CR/LF */
-+    if (end_of_body <= start_of_body) {
-+      osip_free (sep_boundary);
-+      return OSIP_SYNTAXERROR;
-+    }
-+
-     body_len = end_of_body - start_of_body;
- 
-     /* Skip CR before end boundary. */
diff -r 901d4f74407f -r 5fe5e211885b devel/libosip/patches/patch-src_osipparser2_osip__message__to__str.c
--- a/devel/libosip/patches/patch-src_osipparser2_osip__message__to__str.c      Fri Mar 06 12:43:32 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-$NetBSD: patch-src_osipparser2_osip__message__to__str.c,v 1.1 2019/04/21 16:25:38 khorben Exp $
-
-Apply fix for CVE-2016-10325 (from Debian)
-
---- src/osipparser2/osip_message_to_str.c.orig 2013-12-18 18:36:46.000000000 +0000
-+++ src/osipparser2/osip_message_to_str.c
-@@ -378,6 +378,13 @@ _osip_message_to_str (osip_message_t * s
-     /* A start-line isn't required for message/sipfrag parts. */
-   }
-   else {
-+    size_t message_len = strlen(tmp);
-+    if (_osip_message_realloc (&message, dest, message_len + 3, &malloc_size) < 0) {
-+      osip_free (tmp);
-+      *dest = NULL;
-+      return OSIP_NOMEM;
-+    }
-+
-     message = osip_str_append (message, tmp);
-     osip_free (tmp);
-     message = osip_strn_append (message, CRLF, 2);
diff -r 901d4f74407f -r 5fe5e211885b devel/libosip/patches/patch-src_osipparser2_osip__port.c
--- a/devel/libosip/patches/patch-src_osipparser2_osip__port.c  Fri Mar 06 12:43:32 2020 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,18 +0,0 @@
-$NetBSD: patch-src_osipparser2_osip__port.c,v 1.1 2019/04/21 16:25:38 khorben Exp $
-
-Apply fix for CVE-2016-10324 (from Debian)
-
---- src/osipparser2/osip_port.c.orig   2013-12-18 18:36:46.000000000 +0000
-+++ src/osipparser2/osip_port.c
-@@ -1462,8 +1462,10 @@ osip_clrncpy (char *dst, const char *src
-   char *p;
-   size_t spaceless_length;
- 
--  if (src == NULL)
-+  if (src == NULL || len == 0) {
-+    *dst = '\0';
-     return NULL;
-+  }
- 
-   /* find the start of relevant text */
-   pbeg = src;



Home | Main Index | Thread Index | Old Index