Sun Apr 28 16:14:29 2019 UTC ()
Pullup ticket #5946 - requested by khorben
devel/libosip: security fix
Revisions pulled up:
- devel/libosip/Makefile 1.20
- devel/libosip/distinfo 1.16
- devel/libosip/patches/patch-aa deleted
- devel/libosip/patches/patch-src_osip2_port__sema.c 1.1
- devel/libosip/patches/patch-src_osipparser2_osip__body.c 1.1
---
Module Name: pkgsrc
Committed By: khorben
Date: Sun Apr 21 16:25:38 UTC 2019
Modified Files:
pkgsrc/devel/libosip: Makefile distinfo
Added Files:
pkgsrc/devel/libosip/patches: patch-src_osip2_port__sema.c
patch-src_osipparser2_osip__body.c
patch-src_osipparser2_osip__message__parse.c
patch-src_osipparser2_osip__message__to__str.c
patch-src_osipparser2_osip__port.c
Removed Files:
pkgsrc/devel/libosip/patches: patch-aa
Log Message:
Import security fixes for libosip2
This adds patches for the following CVE entries:
- - CVE-2016-10324
- - CVE-2016-10325
- - CVE-2016-10326
- - CVE-2017-7853
All patches were obtained from Debian and verified to match upstream.
While there, rename and comment the previous patch.
Bumps PKGREVISION.
XXX pull-up
(bsiegert)
diff -r1.19 -r1.19.38.1 pkgsrc/devel/libosip/Makefile
diff -r1.15 -r1.15.30.1 pkgsrc/devel/libosip/distinfo
diff -r1.7 -r0 pkgsrc/devel/libosip/patches/patch-aa
diff -r0 -r1.1.2.2 pkgsrc/devel/libosip/patches/patch-src_osip2_port__sema.c
diff -r0 -r1.1.2.2 pkgsrc/devel/libosip/patches/patch-src_osipparser2_osip__body.c
--- pkgsrc/devel/libosip/Makefile 2014/10/09 14:06:10 1.19
+++ pkgsrc/devel/libosip/Makefile 2019/04/28 16:14:29 1.19.38.1
| @@ -1,17 +1,18 @@ | | | @@ -1,17 +1,18 @@ |
1 | # $NetBSD: Makefile,v 1.19 2014/10/09 14:06:10 wiz Exp $ | | 1 | # $NetBSD: Makefile,v 1.19.38.1 2019/04/28 16:14:29 bsiegert Exp $ |
2 | # | | 2 | # |
3 | | | 3 | |
4 | DISTNAME= libosip2-4.1.0 | | 4 | DISTNAME= libosip2-4.1.0 |
| | | 5 | PKGREVISION= 1 |
5 | CATEGORIES= devel | | 6 | CATEGORIES= devel |
6 | MASTER_SITES= ${MASTER_SITE_GNU:=osip/} | | 7 | MASTER_SITES= ${MASTER_SITE_GNU:=osip/} |
7 | | | 8 | |
8 | MAINTAINER= pkgsrc-users@NetBSD.org | | 9 | MAINTAINER= pkgsrc-users@NetBSD.org |
9 | HOMEPAGE= http://www.gnu.org/software/osip/ | | 10 | HOMEPAGE= http://www.gnu.org/software/osip/ |
10 | COMMENT= Implementation of SIP | | 11 | COMMENT= Implementation of SIP |
11 | LICENSE= gnu-lgpl-v2.1 | | 12 | LICENSE= gnu-lgpl-v2.1 |
12 | | | 13 | |
13 | USE_LIBTOOL= yes | | 14 | USE_LIBTOOL= yes |
14 | GNU_CONFIGURE= yes | | 15 | GNU_CONFIGURE= yes |
15 | | | 16 | |
16 | PKGCONFIG_OVERRIDE+= libosip2.pc.in | | 17 | PKGCONFIG_OVERRIDE+= libosip2.pc.in |
17 | | | 18 | |
--- pkgsrc/devel/libosip/distinfo 2015/11/03 03:27:43 1.15
+++ pkgsrc/devel/libosip/distinfo 2019/04/28 16:14:29 1.15.30.1
| @@ -1,7 +1,11 @@ | | | @@ -1,7 +1,11 @@ |
1 | $NetBSD: distinfo,v 1.15 2015/11/03 03:27:43 agc Exp $ | | 1 | $NetBSD: distinfo,v 1.15.30.1 2019/04/28 16:14:29 bsiegert Exp $ |
2 | | | 2 | |
3 | SHA1 (libosip2-4.1.0.tar.gz) = 61459c9052ca2f5e77a6936c9b369e2b0602c080 | | 3 | SHA1 (libosip2-4.1.0.tar.gz) = 61459c9052ca2f5e77a6936c9b369e2b0602c080 |
4 | RMD160 (libosip2-4.1.0.tar.gz) = 3f86bf7872cd382f331b49f5e03a6ddddd338afa | | 4 | RMD160 (libosip2-4.1.0.tar.gz) = 3f86bf7872cd382f331b49f5e03a6ddddd338afa |
5 | SHA512 (libosip2-4.1.0.tar.gz) = 8a04e047052aa6b970bb107aa8c0f94ed7c984defe69c3f2788f0b7677325812925a9386c1059499aa0940bb524ac1f724b5489f08e5b2210d190bad68271ee7 | | 5 | SHA512 (libosip2-4.1.0.tar.gz) = 8a04e047052aa6b970bb107aa8c0f94ed7c984defe69c3f2788f0b7677325812925a9386c1059499aa0940bb524ac1f724b5489f08e5b2210d190bad68271ee7 |
6 | Size (libosip2-4.1.0.tar.gz) = 636382 bytes | | 6 | Size (libosip2-4.1.0.tar.gz) = 636382 bytes |
7 | SHA1 (patch-aa) = ba19e1ad149d2e7f0b0b44c38b48b1f5031dc587 | | 7 | SHA1 (patch-src_osip2_port__sema.c) = 690cc6204025566f605cfc58a1652b95afc8e65f |
| | | 8 | SHA1 (patch-src_osipparser2_osip__body.c) = fcbbb11e6a1b87f46faa1742d75a1951342b4095 |
| | | 9 | SHA1 (patch-src_osipparser2_osip__message__parse.c) = 2f9fea6f6ebea18b1bccb685a731ddf2295728dd |
| | | 10 | SHA1 (patch-src_osipparser2_osip__message__to__str.c) = 12d559f25566c2143c9a679befb4b28bd03c3a63 |
| | | 11 | SHA1 (patch-src_osipparser2_osip__port.c) = 3723661ad715531bebb4ba6af7dd2e056f205e93 |
$NetBSD: patch-src_osip2_port__sema.c,v 1.1.2.2 2019/04/28 16:14:29 bsiegert Exp $
Fix the calls to semctl to make this package build on NetBSD 1.6
--- src/osip2/port_sema.c.orig 2013-12-18 18:36:46.000000000 +0000
+++ src/osip2/port_sema.c
@@ -305,7 +305,6 @@ osip_sem_trywait (struct osip_sem *_sem)
struct osip_sem *
osip_sem_init (unsigned int value)
{
- union semun val;
int i;
osip_sem_t *sem = (osip_sem_t *) osip_malloc (sizeof (osip_sem_t));
@@ -318,8 +317,7 @@ osip_sem_init (unsigned int value)
osip_free (sem);
return NULL;
}
- val.val = (int) value;
- i = semctl (sem->semid, 0, SETVAL, val);
+ i = semctl(sem->semid, 0, SETVAL, value);
if (i != 0) {
perror ("semctl error");
osip_free (sem);
@@ -331,13 +329,11 @@ osip_sem_init (unsigned int value)
int
osip_sem_destroy (struct osip_sem *_sem)
{
- union semun val;
osip_sem_t *sem = (osip_sem_t *) _sem;
if (sem == NULL)
return OSIP_SUCCESS;
- val.val = 0;
- semctl (sem->semid, 0, IPC_RMID, val);
+ semctl(sem->semid, 0, IPC_RMID, 0);
osip_free (sem);
return OSIP_SUCCESS;
}
$NetBSD: patch-src_osipparser2_osip__body.c,v 1.1.2.2 2019/04/28 16:14:29 bsiegert Exp $
Apply fix for CVE-2016-10326 (from Debian)
--- src/osipparser2/osip_body.c.orig 2013-12-18 18:36:46.000000000 +0000
+++ src/osipparser2/osip_body.c
@@ -417,6 +417,14 @@ osip_body_to_str (const osip_body_t * bo
}
if ((osip_list_size (body->headers) > 0) || (body->content_type != NULL)) {
+ if (length < tmp_body - ptr + 3) {
+ size_t len;
+
+ len = tmp_body - ptr;
+ length = length + 3 + body->length; /* add body->length, to avoid calling realloc often */
+ ptr = osip_realloc (ptr, length);
+ tmp_body = ptr + len;
+ }
tmp_body = osip_strn_append (tmp_body, CRLF, 2);
}
if (length < tmp_body - ptr + body->length + 4) {