svn commit: r455239 - in head/net/libosip2: . files
Jung-uk Kim
jkim at FreeBSD.org
Fri Dec 1 00:02:48 UTC 2017
Author: jkim
Date: Fri Dec 1 00:02:47 2017
New Revision: 455239
URL: https://svnweb.freebsd.org/changeset/ports/455239
Log:
Add an upstream patch to fix security vulnerability.
PR: 223574
Approved by: bofh (maintainer timeout, 3 weeks)
MFH: 2017Q4
Security: CVE-2017-7853
Added:
head/net/libosip2/files/
head/net/libosip2/files/patch-src_osipparser2_osip__message__parse.c (contents, props changed)
Modified:
head/net/libosip2/Makefile
Modified: head/net/libosip2/Makefile
==============================================================================
--- head/net/libosip2/Makefile Thu Nov 30 23:53:42 2017 (r455238)
+++ head/net/libosip2/Makefile Fri Dec 1 00:02:47 2017 (r455239)
@@ -2,6 +2,7 @@
PORTNAME= libosip2
PORTVERSION= 5.0.0
+PORTREVISION= 1
CATEGORIES= net
MASTER_SITES= GNU/osip
Added: head/net/libosip2/files/patch-src_osipparser2_osip__message__parse.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/libosip2/files/patch-src_osipparser2_osip__message__parse.c Fri Dec 1 00:02:47 2017 (r455239)
@@ -0,0 +1,15 @@
+--- src/osipparser2/osip_message_parse.c.orig 2016-09-05 14:19:31 UTC
++++ src/osipparser2/osip_message_parse.c
+@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char
+ if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
+ start_of_body++;
+
++ /* if message body is empty or contains a single CR/LF */
++ if (end_of_body <= start_of_body) {
++ osip_free (sep_boundary);
++ return OSIP_SYNTAXERROR;
++ }
++
+ body_len = end_of_body - start_of_body;
+
+ /* Skip CR before end boundary. */
More information about the svn-ports-head
mailing list