From 6870c3a4d08a0414715a66eb7d2351753eb94992 Mon Sep 17 00:00:00 2001 From: Nicolas Graves Date: Tue, 8 Oct 2024 08:35:00 +0200 Subject: gnu: osip: Update to 5.3.1. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/telephony.scm (osip): Update to 5.3.1. [origin]: Remove patch. * gnu/packages/patches/osip-CVE-2017-7853.patch : Remove it. * gnu/local.mk: Remove patch. Signed-off-by: Ludovic Courtès --- gnu/local.mk | 1 - gnu/packages/patches/osip-CVE-2017-7853.patch | 40 --------------------------- gnu/packages/telephony.scm | 5 ++-- 3 files changed, 2 insertions(+), 44 deletions(-) delete mode 100644 gnu/packages/patches/osip-CVE-2017-7853.patch diff --git a/gnu/local.mk b/gnu/local.mk index 5d1b316aa3..e6b1bac46b 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -1882,7 +1882,6 @@ dist_patch_DATA = \ %D%/packages/patches/orangeduck-mpc-fix-pkg-config.patch \ %D%/packages/patches/orbit2-fix-array-allocation-32bit.patch \ %D%/packages/patches/orpheus-cast-errors-and-includes.patch \ - %D%/packages/patches/osip-CVE-2017-7853.patch \ %D%/packages/patches/ots-no-include-missing-file.patch \ %D%/packages/patches/owncloud-disable-updatecheck.patch \ %D%/packages/patches/p7zip-CVE-2016-9296.patch \ diff --git a/gnu/packages/patches/osip-CVE-2017-7853.patch b/gnu/packages/patches/osip-CVE-2017-7853.patch deleted file mode 100644 index 33d95cdb0e..0000000000 --- a/gnu/packages/patches/osip-CVE-2017-7853.patch +++ /dev/null @@ -1,40 +0,0 @@ -Fix CVE-2017-7853: - -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853 -https://savannah.gnu.org/support/index.php?109265 - -Patch copied from upstream source repository: - -https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45 - -From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001 -From: Aymeric Moizard -Date: Tue, 21 Feb 2017 17:16:26 +0100 -Subject: [PATCH] * fix bug report: sr #109265: SIP message body length - underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265 - also applicable to current latest version - ---- - src/osipparser2/osip_message_parse.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c -index 1628c60..aa35446 100644 ---- a/src/osipparser2/osip_message_parse.c -+++ b/src/osipparser2/osip_message_parse.c -@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char - if ('\n' == start_of_body[0] || '\r' == start_of_body[0]) - start_of_body++; - -+ /* if message body is empty or contains a single CR/LF */ -+ if (end_of_body <= start_of_body) { -+ osip_free (sep_boundary); -+ return OSIP_SYNTAXERROR; -+ } -+ - body_len = end_of_body - start_of_body; - - /* Skip CR before end boundary. */ --- -2.13.1 - diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm index a08e6cf031..c06178cafb 100644 --- a/gnu/packages/telephony.scm +++ b/gnu/packages/telephony.scm @@ -359,14 +359,13 @@ GNU ccRTP stack and serves as library for other RTP stacks (define-public osip (package (name "osip") - (version "5.2.1") + (version "5.3.1") (source (origin (method url-fetch) (uri (string-append "mirror://gnu/osip/libosip2-" version ".tar.gz")) - (patches (search-patches "osip-CVE-2017-7853.patch")) (sha256 (base32 - "1wibs2zs035ay7qvl5ai8drv6f0xw7iscb0frmpgax3pisy88dzf")))) + "0yfwd8g2nxf3i9d8gqh6a16ma350dlhih4awbb0nl9h82s2gx0py")))) (build-system gnu-build-system) (synopsis "Library implementing SIP (RFC-3261)") -- cgit v1.2.3