From: Nicolas Graves via Guix-patches via <guix-patches@gnu.org>
To: 73696@debbugs.gnu.org
Cc: Nicolas Graves <ngraves@ngraves.fr>
Subject: [bug#73696] [PATCH 1/3] gnu: osip: Update to 5.3.1.
Date: Tue, 8 Oct 2024 08:35:00 +0200 [thread overview]
Message-ID: <20241008063510.26512-1-ngraves@ngraves.fr> (raw)
In-Reply-To: <20241008062751.24910-1-ngraves@ngraves.fr>
* gnu/packages/telephony.scm (osip): Update to 5.3.1.
[origin]<patches>: Remove patch.
* gnu/packages/patches/osip-CVE-2017-7853.patch : Remove it.
* gnu/local.mk: Remove patch.
---
gnu/local.mk | 1 -
gnu/packages/patches/osip-CVE-2017-7853.patch | 40 -------------------
gnu/packages/telephony.scm | 5 +--
3 files changed, 2 insertions(+), 44 deletions(-)
delete mode 100644 gnu/packages/patches/osip-CVE-2017-7853.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index c48f4bfeca..25d6249319 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1878,7 +1878,6 @@ dist_patch_DATA = \
%D%/packages/patches/orangeduck-mpc-fix-pkg-config.patch \
%D%/packages/patches/orbit2-fix-array-allocation-32bit.patch \
%D%/packages/patches/orpheus-cast-errors-and-includes.patch \
- %D%/packages/patches/osip-CVE-2017-7853.patch \
%D%/packages/patches/ots-no-include-missing-file.patch \
%D%/packages/patches/owncloud-disable-updatecheck.patch \
%D%/packages/patches/p7zip-CVE-2016-9296.patch \
diff --git a/gnu/packages/patches/osip-CVE-2017-7853.patch b/gnu/packages/patches/osip-CVE-2017-7853.patch
deleted file mode 100644
index 33d95cdb0e..0000000000
--- a/gnu/packages/patches/osip-CVE-2017-7853.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Fix CVE-2017-7853:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7853
-https://savannah.gnu.org/support/index.php?109265
-
-Patch copied from upstream source repository:
-
-https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
-
-From 1ae06daf3b2375c34af23083394a6f010be24a45 Mon Sep 17 00:00:00 2001
-From: Aymeric Moizard <amoizard@gmail.com>
-Date: Tue, 21 Feb 2017 17:16:26 +0100
-Subject: [PATCH] * fix bug report: sr #109265: SIP message body length
- underflow in libosip2-4.1.0 https://savannah.gnu.org/support/?109265
- also applicable to current latest version
-
----
- src/osipparser2/osip_message_parse.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/osipparser2/osip_message_parse.c b/src/osipparser2/osip_message_parse.c
-index 1628c60..aa35446 100644
---- a/src/osipparser2/osip_message_parse.c
-+++ b/src/osipparser2/osip_message_parse.c
-@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char *start_of_buf, const char
- if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
- start_of_body++;
-
-+ /* if message body is empty or contains a single CR/LF */
-+ if (end_of_body <= start_of_body) {
-+ osip_free (sep_boundary);
-+ return OSIP_SYNTAXERROR;
-+ }
-+
- body_len = end_of_body - start_of_body;
-
- /* Skip CR before end boundary. */
---
-2.13.1
-
diff --git a/gnu/packages/telephony.scm b/gnu/packages/telephony.scm
index a08e6cf031..c06178cafb 100644
--- a/gnu/packages/telephony.scm
+++ b/gnu/packages/telephony.scm
@@ -359,14 +359,13 @@ (define-public zrtpcpp
(define-public osip
(package
(name "osip")
- (version "5.2.1")
+ (version "5.3.1")
(source (origin
(method url-fetch)
(uri (string-append "mirror://gnu/osip/libosip2-" version ".tar.gz"))
- (patches (search-patches "osip-CVE-2017-7853.patch"))
(sha256
(base32
- "1wibs2zs035ay7qvl5ai8drv6f0xw7iscb0frmpgax3pisy88dzf"))))
+ "0yfwd8g2nxf3i9d8gqh6a16ma350dlhih4awbb0nl9h82s2gx0py"))))
(build-system gnu-build-system)
(synopsis "Library implementing SIP (RFC-3261)")
--
2.46.0
next prev parent reply other threads:[~2024-10-08 6:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-08 6:27 [bug#73696] [PATCH 0/3] Update osip, exosip, sipwitch. [security fixes] Nicolas Graves via Guix-patches via
2024-10-08 6:35 ` Nicolas Graves via Guix-patches via [this message]
2024-10-08 6:35 ` [bug#73696] [PATCH 2/3] gnu: exosip: Update to 5.3.0. " Nicolas Graves via Guix-patches via
2024-10-08 6:35 ` [bug#73696] [PATCH 3/3] gnu: sipwitch: Fix build Nicolas Graves via Guix-patches via
2024-10-15 16:19 ` bug#73696: [PATCH 0/3] Update osip, exosip, sipwitch. [security fixes] Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241008063510.26512-1-ngraves@ngraves.fr \
--to=guix-patches@gnu.org \
--cc=73696@debbugs.gnu.org \
--cc=ngraves@ngraves.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.