GNU bug report logs -
#73696
[PATCH 0/3] Update osip, exosip, sipwitch. [security fixes]
Previous Next
Reported by: Nicolas Graves <ngraves <at> ngraves.fr>
Date: Tue, 8 Oct 2024 06:29:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #8 received at 73696 <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/telephony.scm (osip): Update to 5.3.1.
[origin]<patches>: Remove patch.
* gnu/packages/patches/osip-CVE-2017-7853.patch : Remove it.
* gnu/local.mk: Remove patch.
---
gnu/local.mk | 1 -
gnu/packages/patches/osip-CVE-2017-7853.patch | 40 -------------------
gnu/packages/telephony.scm | 5 +--
3 files changed, 2 insertions(+), 44 deletions(-)
delete mode 100644 gnu/packages/patches/osip-CVE-2017-7853.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index c48f4bfeca..25d6249319 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1878,7 +1878,6 @@ dist_patch_DATA = \
%D%/packages/patches/orangeduck-mpc-fix-pkg-config.patch \
%D%/packages/patches/orbit2-fix-array-allocation-32bit.patch \
%D%/packages/patches/orpheus-cast-errors-and-includes.patch \
- %D%/packages/patches/osip-CVE-2017-7853.patch \
%D%/packages/patches/ots-no-include-missing-file.patch \
%D%/packages/patches/owncloud-disable-updatecheck.patch \
%D%/packages/patches/p7zip-CVE-2016-9296.patch \
diff --git a/gnu/packages/patches/osip-CVE-2017-7853.patch b/gnu/packages/patches/osip-CVE-2017-7853.patch
deleted file mode 100644
index 33d95cdb0e..0000000000
--- a/gnu/packages/patches/osip-CVE-2017-7853.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Fix CVE-2017-7853:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853
-https://savannah.gnu.org/support/index.php?109265
-
-Patch copied from upstream source repository:
-
-https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
-
-From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001
-From: Aymeric Moizard <amoizard <at> gmail.com>
-Date: Tue, 21 Feb 2017 17:16:26 +0100
-Subject: [PATCH] * fix bug report: sr #109265: SIP message body length
- underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265
- also applicable to current latest version
-
----
- src/osipparser2/osip_message_parse.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c
-index 1628c60..aa35446 100644
---- a/src/osipparser2/osip_message_parse.c
-+++ b/src/osipparser2/osip_message_parse.c
-@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char
- if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
- start_of_body++;
-
-+ /* if message body is empty or contains a single CR/LF */
-+ if (end_of_body <= start_of_body) {
-+ osip_free (sep_boundary);
-+ return OSIP_SYNTAXERROR;
-+ }
-+
- body_len = end_of_body - start_of_body;
-
- /* Skip CR before end boundary. */
---
-2.13.1
-
diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm
index a08e6cf031..c06178cafb 100644
--- a/gnu/packages/telephony.scm
+++ b/gnu/packages/telephony.scm
@@ -359,14 +359,13 @@ (define-public zrtpcpp
(define-public osip
(package
(name "osip")
- (version "5.2.1")
+ (version "5.3.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/osip/libosip2-" version ".tar.gz"))
- (patches (search-patches "osip-CVE-2017-7853.patch"))
(sha256
(base32
- "1wibs2zs035ay7qvl5ai8drv6f0xw7iscb0frmpgax3pisy88dzf"))))
+ "0yfwd8g2nxf3i9d8gqh6a16ma350dlhih4awbb0nl9h82s2gx0py"))))
(build-system gnu-build-system)
(synopsis "Library implementing SIP (RFC-3261)")
--
2.46.0
This bug report was last modified 278 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.