libosip: Update to 5.1.1
libosip2 (5.1.1) - 2020-01-16 * fix vulnerability report: Authentication-Info or Proxy-Authentication-Info are affected by a buffer overflow when building sip messages. * fix vulnerability report: when boundary only contains one quote, strncpy will use the unsigned value of -1 as size parameter. * fix: avoid several memory leaks detected in the SDP parser upon invalid SDP formats. * fix bug #57467: infinite loop in sdp_message_a_attribute_del_at_index * fix bug #56071: Heap-buffer-overflow in osip_util_replace_all_lws function in osip_message_parse.c * fix to reject any non compliant answer with missing version digits. libosip2 (5.1.0) - 2019-03-27 * STRUCTURE change: struct osip_srv_record * STRUCTURE change: struct osip_naptr * constant renamed: CRLF, LF, CR, SP renamed to OSIP_CRLF, OSIP_LF, OSIP_CR, OSIP_SP * new API: int parser_add_comma_separated_header(const char *hname); * support larger binary attachment. * use strspn for better readability. * update osip_naptr & osip_srv_record structures to hold more NAPTR info and store ENUM result. * add AM_SILENT_RULES for autotools silent compilation. * fix a bug introduced in version 5: The current code is not counting correctly escaped " for multiple headers on one line. This is fixed. * In order to prevent incorrect parsing of header that should not appear on one line, osip now contains a list of known headers which are allowed to appear as "multiple header on one line separated with COMMA". Other headers will be parsed as ONE header. * new API: parser_add_comma_separated_header API can be used to add other headers in the list, so they will be parsed by osip as "multiple header on one line". * support for Visual Studio 2017: rename macro, better usage of WINAPI_FAMILY. * add some pre-defined SIP answer code (from www.iana.org/assignments/sip-parameters/) * fix windows compilation on mingw/msys if compiling without threads. * fix bug report: sr #109265: SIP message body length underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265 * other minor changes: warning, compilation... libosip2 (5.0.0) * STRUCTURE change: additionnal parameter for "struct osip_srv_entry" used for failover in eXosip2. * fix overflow: sr #109133: Heap buffer overflow in utility function *osip_clrncpy* * fix overflow: sr #109132: Heap buffer overflow in *osip_body_to_str* * fix overflow: sr #109131: Heap buffer overflow in `_osip_message_to_str` * simplify usage of timercmp/timerisset/timerclear * optimize list search: use iterator * improve/update autotools (./configure and options, Makefile.am, ax_thread.m4...) * verify a URI scheme only contains allowed char * improve make check (test unit) to make it clear about the results expected. * fix a possible buffer overflow of 1 byte in sdp_message_to_str (size=sdp allocated size) * fix cseq check in order to stop retransmission of 200ok * update to reject negative value in port number * add support for ntlm authentication in parser * include application_data when cloning sip message * fix to allow correct parsing of quoted string in from/to/contact/... * add authorizations and proxy_authorizations into ACK for 3xx, 4xx, 5xx, and 6xx (if answer was not 401/407) * additionnal check for cseq number for matching incoming ack restransmission * patch to transmit ack for OSIP_ICT_ACK_SENT event * improve management of body length // fix a bug when initial value of body is \0. * increase timer E as soon as we receive 1xx for NICT. * update all reasons according to RFC. * add some reason code from rfc4412, rfc3261 and rfc6086. * parse addr spec with LAQUOT and RAQUOT in generic parameters. * avoid issue with comma in userinfo of URI which may appear for several headers such as Contact. * do not use multiple header method for t, f, i, r, refer-to, b, referred-by headers. * allow faster connection with non blocking reliable sockets. * improve android time compensation.
This commit is contained in:
parent
985f154f64
commit
ce41db1724
6 changed files with 9 additions and 94 deletions
|
@ -1,8 +1,6 @@
|
|||
# $NetBSD: Makefile,v 1.21 2020/01/18 23:30:32 rillig Exp $
|
||||
#
|
||||
# $NetBSD: Makefile,v 1.22 2020/03/06 12:52:20 nia Exp $
|
||||
|
||||
DISTNAME= libosip2-4.1.0
|
||||
PKGREVISION= 1
|
||||
DISTNAME= libosip2-5.1.1
|
||||
CATEGORIES= devel
|
||||
MASTER_SITES= ${MASTER_SITE_GNU:=osip/}
|
||||
|
||||
|
@ -11,12 +9,11 @@ HOMEPAGE= https://www.gnu.org/software/osip/
|
|||
COMMENT= Implementation of SIP
|
||||
LICENSE= gnu-lgpl-v2.1
|
||||
|
||||
USE_LIBTOOL= yes
|
||||
GNU_CONFIGURE= yes
|
||||
USE_LIBTOOL= yes
|
||||
GNU_CONFIGURE= yes
|
||||
|
||||
PKGCONFIG_OVERRIDE+= libosip2.pc.in
|
||||
|
||||
.include "options.mk"
|
||||
|
||||
.include "../../mk/pthread.buildlink3.mk"
|
||||
.include "../../mk/bsd.pkg.mk"
|
||||
|
|
|
@ -1,11 +1,7 @@
|
|||
$NetBSD: distinfo,v 1.16 2019/04/21 16:25:38 khorben Exp $
|
||||
$NetBSD: distinfo,v 1.17 2020/03/06 12:52:20 nia Exp $
|
||||
|
||||
SHA1 (libosip2-4.1.0.tar.gz) = 61459c9052ca2f5e77a6936c9b369e2b0602c080
|
||||
RMD160 (libosip2-4.1.0.tar.gz) = 3f86bf7872cd382f331b49f5e03a6ddddd338afa
|
||||
SHA512 (libosip2-4.1.0.tar.gz) = 8a04e047052aa6b970bb107aa8c0f94ed7c984defe69c3f2788f0b7677325812925a9386c1059499aa0940bb524ac1f724b5489f08e5b2210d190bad68271ee7
|
||||
Size (libosip2-4.1.0.tar.gz) = 636382 bytes
|
||||
SHA1 (libosip2-5.1.1.tar.gz) = 21e04561d5ebf27c1870cdc72e8387912ea769d2
|
||||
RMD160 (libosip2-5.1.1.tar.gz) = 42e9230f883734f56e97c23d84ac6f6301f0fc96
|
||||
SHA512 (libosip2-5.1.1.tar.gz) = 485a385b67ff422878bb45ae16936a5ef4cfbff3c7db618a3ff57b942bae6d269c108fa58d58caf5be1123155fb946595e10aba5cf261ec656168444fddf840a
|
||||
Size (libosip2-5.1.1.tar.gz) = 721763 bytes
|
||||
SHA1 (patch-src_osip2_port__sema.c) = 690cc6204025566f605cfc58a1652b95afc8e65f
|
||||
SHA1 (patch-src_osipparser2_osip__body.c) = fcbbb11e6a1b87f46faa1742d75a1951342b4095
|
||||
SHA1 (patch-src_osipparser2_osip__message__parse.c) = 2f9fea6f6ebea18b1bccb685a731ddf2295728dd
|
||||
SHA1 (patch-src_osipparser2_osip__message__to__str.c) = 12d559f25566c2143c9a679befb4b28bd03c3a63
|
||||
SHA1 (patch-src_osipparser2_osip__port.c) = 3723661ad715531bebb4ba6af7dd2e056f205e93
|
||||
|
|
|
@ -1,21 +0,0 @@
|
|||
$NetBSD: patch-src_osipparser2_osip__body.c,v 1.1 2019/04/21 16:25:38 khorben Exp $
|
||||
|
||||
Apply fix for CVE-2016-10326 (from Debian)
|
||||
|
||||
--- src/osipparser2/osip_body.c.orig 2013-12-18 18:36:46.000000000 +0000
|
||||
+++ src/osipparser2/osip_body.c
|
||||
@@ -417,6 +417,14 @@ osip_body_to_str (const osip_body_t * bo
|
||||
}
|
||||
|
||||
if ((osip_list_size (body->headers) > 0) || (body->content_type != NULL)) {
|
||||
+ if (length < tmp_body - ptr + 3) {
|
||||
+ size_t len;
|
||||
+
|
||||
+ len = tmp_body - ptr;
|
||||
+ length = length + 3 + body->length; /* add body->length, to avoid calling realloc often */
|
||||
+ ptr = osip_realloc (ptr, length);
|
||||
+ tmp_body = ptr + len;
|
||||
+ }
|
||||
tmp_body = osip_strn_append (tmp_body, CRLF, 2);
|
||||
}
|
||||
if (length < tmp_body - ptr + body->length + 4) {
|
|
@ -1,19 +0,0 @@
|
|||
$NetBSD: patch-src_osipparser2_osip__message__parse.c,v 1.1 2019/04/21 16:25:38 khorben Exp $
|
||||
|
||||
Apply fix for CVE-2017-7853 (from Debian)
|
||||
|
||||
--- src/osipparser2/osip_message_parse.c.orig 2013-12-18 18:36:46.000000000 +0000
|
||||
+++ src/osipparser2/osip_message_parse.c
|
||||
@@ -812,6 +812,12 @@ msg_osip_body_parse (osip_message_t * si
|
||||
if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
|
||||
start_of_body++;
|
||||
|
||||
+ /* if message body is empty or contains a single CR/LF */
|
||||
+ if (end_of_body <= start_of_body) {
|
||||
+ osip_free (sep_boundary);
|
||||
+ return OSIP_SYNTAXERROR;
|
||||
+ }
|
||||
+
|
||||
body_len = end_of_body - start_of_body;
|
||||
|
||||
/* Skip CR before end boundary. */
|
|
@ -1,20 +0,0 @@
|
|||
$NetBSD: patch-src_osipparser2_osip__message__to__str.c,v 1.1 2019/04/21 16:25:38 khorben Exp $
|
||||
|
||||
Apply fix for CVE-2016-10325 (from Debian)
|
||||
|
||||
--- src/osipparser2/osip_message_to_str.c.orig 2013-12-18 18:36:46.000000000 +0000
|
||||
+++ src/osipparser2/osip_message_to_str.c
|
||||
@@ -378,6 +378,13 @@ _osip_message_to_str (osip_message_t * s
|
||||
/* A start-line isn't required for message/sipfrag parts. */
|
||||
}
|
||||
else {
|
||||
+ size_t message_len = strlen(tmp);
|
||||
+ if (_osip_message_realloc (&message, dest, message_len + 3, &malloc_size) < 0) {
|
||||
+ osip_free (tmp);
|
||||
+ *dest = NULL;
|
||||
+ return OSIP_NOMEM;
|
||||
+ }
|
||||
+
|
||||
message = osip_str_append (message, tmp);
|
||||
osip_free (tmp);
|
||||
message = osip_strn_append (message, CRLF, 2);
|
|
@ -1,18 +0,0 @@
|
|||
$NetBSD: patch-src_osipparser2_osip__port.c,v 1.1 2019/04/21 16:25:38 khorben Exp $
|
||||
|
||||
Apply fix for CVE-2016-10324 (from Debian)
|
||||
|
||||
--- src/osipparser2/osip_port.c.orig 2013-12-18 18:36:46.000000000 +0000
|
||||
+++ src/osipparser2/osip_port.c
|
||||
@@ -1462,8 +1462,10 @@ osip_clrncpy (char *dst, const char *src
|
||||
char *p;
|
||||
size_t spaceless_length;
|
||||
|
||||
- if (src == NULL)
|
||||
+ if (src == NULL || len == 0) {
|
||||
+ *dst = '\0';
|
||||
return NULL;
|
||||
+ }
|
||||
|
||||
/* find the start of relevant text */
|
||||
pbeg = src;
|
Loading…
Reference in a new issue