libosip2 (5.1.1) - 2020-01-16
* fix vulnerability report: Authentication-Info or Proxy-Authentication-Info are affected by a buffer overflow when building sip messages.
* fix vulnerability report: when boundary only contains one quote, strncpy will use the unsigned value of -1 as size parameter.
* fix: avoid several memory leaks detected in the SDP parser upon invalid SDP formats.
* fix bug #57467: infinite loop in sdp_message_a_attribute_del_at_index
* fix bug #56071: Heap-buffer-overflow in osip_util_replace_all_lws function in osip_message_parse.c
* fix to reject any non compliant answer with missing version digits.
libosip2 (5.1.0) - 2019-03-27
* STRUCTURE change: struct osip_srv_record
* STRUCTURE change: struct osip_naptr
* constant renamed: CRLF, LF, CR, SP renamed to OSIP_CRLF, OSIP_LF, OSIP_CR, OSIP_SP
* new API: int parser_add_comma_separated_header(const char *hname);
* support larger binary attachment.
* use strspn for better readability.
* update osip_naptr & osip_srv_record structures to hold more NAPTR info and store ENUM result.
* add AM_SILENT_RULES for autotools silent compilation.
* fix a bug introduced in version 5: The current code is not counting correctly escaped " for multiple
headers on one line. This is fixed.
* In order to prevent incorrect parsing of header that should not appear on one line, osip now contains
a list of known headers which are allowed to appear as "multiple header on one line separated with COMMA".
Other headers will be parsed as ONE header.
* new API: parser_add_comma_separated_header API can be used to add other headers in the list, so they
will be parsed by osip as "multiple header on one line".
* support for Visual Studio 2017: rename macro, better usage of WINAPI_FAMILY.
* add some pre-defined SIP answer code (from www.iana.org/assignments/sip-parameters/)
* fix windows compilation on mingw/msys if compiling without threads.
* fix bug report: sr #109265: SIP message body length underflow in libosip2-4.1.0
https://savannah.gnu.org/support/?109265
* other minor changes: warning, compilation...
libosip2 (5.0.0)
* STRUCTURE change: additionnal parameter for "struct osip_srv_entry" used for failover in eXosip2.
* fix overflow: sr #109133: Heap buffer overflow in utility function *osip_clrncpy*
* fix overflow: sr #109132: Heap buffer overflow in *osip_body_to_str*
* fix overflow: sr #109131: Heap buffer overflow in `_osip_message_to_str`
* simplify usage of timercmp/timerisset/timerclear
* optimize list search: use iterator
* improve/update autotools (./configure and options, Makefile.am, ax_thread.m4...)
* verify a URI scheme only contains allowed char
* improve make check (test unit) to make it clear about the results expected.
* fix a possible buffer overflow of 1 byte in sdp_message_to_str (size=sdp allocated size)
* fix cseq check in order to stop retransmission of 200ok
* update to reject negative value in port number
* add support for ntlm authentication in parser
* include application_data when cloning sip message
* fix to allow correct parsing of quoted string in from/to/contact/...
* add authorizations and proxy_authorizations into ACK for 3xx, 4xx, 5xx, and 6xx (if answer was not 401/407)
* additionnal check for cseq number for matching incoming ack restransmission
* patch to transmit ack for OSIP_ICT_ACK_SENT event
* improve management of body length // fix a bug when initial value of body is \0.
* increase timer E as soon as we receive 1xx for NICT.
* update all reasons according to RFC.
* add some reason code from rfc4412, rfc3261 and rfc6086.
* parse addr spec with LAQUOT and RAQUOT in generic parameters.
* avoid issue with comma in userinfo of URI which may appear for several headers such as Contact.
* do not use multiple header method for t, f, i, r, refer-to, b, referred-by headers.
* allow faster connection with non blocking reliable sockets.
* improve android time compensation.
ce41db1724