SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libosip2-15-5.3.1-1.4.x86_64.rpm :

* Fri Nov 25 2022 Dominique Leuenberger - Update to version 5.3.1: + In multipart bodies, LWS can\'t exist (CVE-2022-41550).
* Mon Nov 22 2021 Andreas Stieger - update to 5.3.0:
* STRUCTURE change: struct osip_transaction
* CHANGE: if out_socket contains -999 and timer_b or timer_f fires, the transaction will report a transport-error
* improve TIMER_E to avoid high interval after DNS or socket events
* when port number starts with 0, just put 0 and discard other char [no op in practice]
* Wed May 26 2021 Andreas Stieger - update to 5.2.1:
* add OSIP_RETRY_LIMIT which may be useful to exosip
* add osip_timersub macro
* fix validate that the API are used with the expected/required leading char
* fix memory out-of-bound access in broken uncompliant Via header
* fix k= within media being rejected since 5.1.1 [wrong check]- package license text- add upstream signing key and validate source signature- run tests- drop libosip2-5.0.0.patch, not required
* Mon Jan 11 2021 Dirk Mueller - update to 5.2.0:
* use localtime_r when __USE_POSIX is available
* sync versions with libexosip- use https for urls
* Sat Aug 29 2020 Jan Engelhardt - Drop old specfile constructs and excess Provides lines.
* Sat Aug 15 2020 Dirk Mueller - update to 5.1.1:
* fix vulnerability report: Authentication-Info or Proxy-Authentication-Info are affected by a buffer overflow when building sip messages.
* fix vulnerability report: when boundary only contains one quote, strncpy will use the unsigned value of -1 as size parameter.
* fix: avoid several memory leaks detected in the SDP parser upon invalid SDP formats.
* fix bug #57467: infinite loop in sdp_message_a_attribute_del_at_index
* fix bug #56071: Heap-buffer-overflow in osip_util_replace_all_lws function in osip_message_parse.c
* fix to reject any non compliant answer with missing version digits.
* Wed Feb 05 2020 David Sugar - Update to 5.1.0
* See package, very many changes since prior 5.0.0 release.- drop patch already in 5.1.0 SIP_body_len_underflow.patch- make package so library naming compliant with opensuse library versioning- pre-requisite for updating to libeXosip2 5.1.0
* Thu Apr 20 2017 roAATTsuse.de- drop patch already in 5.0.0 0001-Patch-2.1-Fixes-heap-buffer-overflow-in-osip_body_to_s.patch- drop patch already in 5.0.0 0001-Patch-1-Fixes-heap-buffer-overflow-in-_osip_message_to_str.patch- drop patch already in 5.0.0 0001-Patch-3-Fixes-heap-buffer-overflow-in-osip_clrncpy.patch
* Thu Apr 20 2017 roAATTsuse.de- fix a set of buffer overflows: - add patch for (bnc#1034570, CVE-2017-7853) SIP_body_len_underflow.patch - add patch for (bnc#1034571, CVE-2016-10326) 0001-Patch-2.1-Fixes-heap-buffer-overflow-in-osip_body_to_s.patch - add patch for (bnc#1034572, CVE-2016-10325) 0001-Patch-1-Fixes-heap-buffer-overflow-in-_osip_message_to_str.patch - add patch for (bnc#1034574, CVE-2016-10324) 0001-Patch-3-Fixes-heap-buffer-overflow-in-osip_clrncpy.patch
* Thu Apr 20 2017 roAATTsuse.de- Update to 5.0.0:
* STRUCTURE change: additionnal parameter for \"struct osip_srv_entry\" used for failover in eXosip2.
* fix overflow: sr #109133: Heap buffer overflow in utility function
*osip_clrncpy
*
* fix overflow: sr #109132: Heap buffer overflow in
*osip_body_to_str
*
* fix overflow: sr #109131: Heap buffer overflow in `_osip_message_to_str`
* simplify usage of timercmp/timerisset/timerclear
* optimize list search: use iterator
* improve/update autotools (./configure and options, Makefile.am, ax_thread.m4...)
* verify a URI scheme only contains allowed char
* improve make check (test unit) to make it clear about the results expected.
* fix a possible buffer overflow of 1 byte in sdp_message_to_str (size=sdp allocated size)
* fix cseq check in order to stop retransmission of 200ok
* update to reject negative value in port number
* add support for ntlm authentication in parser
* include application_data when cloning sip message
* fix to allow correct parsing of quoted string in from/to/contact/...
* add authorizations and proxy_authorizations into ACK for 3xx, 4xx, 5xx, and 6xx (if answer was not 401/407)
* additionnal check for cseq number for matching incoming ack restransmission
* patch to transmit ack for OSIP_ICT_ACK_SENT event
* improve management of body length // fix a bug when initial value of body is \\0.
* increase timer E as soon as we receive 1xx for NICT.
* update all reasons according to RFC.
* add some reason code from rfc4412, rfc3261 and rfc6086.
* parse addr spec with LAQUOT and RAQUOT in generic parameters.
* avoid issue with comma in userinfo of URI which may appear for several headers such as Contact.
* do not use multiple header method for t, f, i, r, refer-to, b, referred-by headers.
* allow faster connection with non blocking reliable sockets.
* improve android time compensation.- rename libosip2-4.1.0.patch to libosip2-5.0.0.patch- drop libosip2-4.1.0-pthread.patch, obsolete
  
ICM