File libosip2.spec of Package libosip2
#
# spec file for package libosip2
#
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define sover 15
Name: libosip2
Version: 5.3.1
Release: 1.4
Summary: Implementation of SIP (RFC 3261)
License: LGPL-2.1-or-later
Group: Productivity/Networking/Other
URL: https://www.gnu.org/software/osip/osip.html
Source: https://ftp.gnu.org/gnu/osip/%{name}-%{version}.tar.gz
Source2: https://ftp.gnu.org/gnu/osip/%{name}-%{version}.tar.gz.sig
Source3: https://savannah.gnu.org/people/viewgpg.php?user_id=3960#/%{name}.keyring
%if 0%{?suse_version}
BuildRequires: docbook2x
%elif 0%{?fedora_version}
BuildRequires: docbook2X
%endif
BuildRequires: gperf
BuildRequires: pkgconfig
%description
This is the GNU oSIP library. It has been designed to provide the
Internet community with a simple way to support the Session Initiation
Protocol. SIP is described in the RFC 3261, which is available at
http://www.ietf.org/rfc/rfc3261.txt.
%package -n %{name}-%{sover}
Summary: Implementation of SIP (RFC 3261)
Group: System/Libraries
%description -n %{name}-%{sover}
This is the GNU oSIP library. It has been designed to provide the
Internet community with a simple way to support the Session Initiation
Protocol. SIP is described in the RFC 3261, which is available at
http://www.ietf.org/rfc/rfc3261.txt.
%package devel
Summary: Header files for the GNU SIP implementation
Group: Development/Libraries/C and C++
Requires: %{name}-%{sover} = %{version}
Requires: glibc-devel
Provides: libosip2:%{_includedir}/osip2/osip.h
%description devel
This is the GNU oSIP library. It has been designed to provide the
Internet community with a simple way to support the Session Initiation
Protocol. SIP is described in the RFC 3261, which is available at
http://www.ietf.org/rfc/rfc3261.txt.
%prep
%setup -q
%build
%configure \
--enable-pthread \
--enable-mt \
--enable-gperf \
--disable-static
%make_build
%install
%make_install
find %{buildroot} -type f -name "*.la" -delete -print
%check
%make_build check
%post -n %{name}-%{sover} -p /sbin/ldconfig
%postun -n %{name}-%{sover} -p /sbin/ldconfig
%files -n %{name}-%{sover}
%license COPYING
%{_libdir}/lib*.so.%{sover}{,.*}
%files devel
%license COPYING
%doc HISTORY NEWS README FEATURES BUGS AUTHORS ChangeLog
%{_includedir}/osipparser2
%{_includedir}/osip2
%{_libdir}/lib*.so
%{_libdir}/pkgconfig/libosip2.pc
%{_mandir}/man1/*
%changelog
* Fri Nov 25 2022 Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 5.3.1:
+ In multipart bodies, LWS can't exist (CVE-2022-41550).
* Mon Nov 22 2021 Andreas Stieger <andreas.stieger@gmx.de>
- update to 5.3.0:
* STRUCTURE change: struct osip_transaction
* CHANGE: if out_socket contains -999 and timer_b or timer_f
fires, the transaction will report a transport-error
* improve TIMER_E to avoid high interval after DNS or socket
events
* when port number starts with 0, just put 0 and discard other
char [no op in practice]
* Wed May 26 2021 Andreas Stieger <andreas.stieger@gmx.de>
- update to 5.2.1:
* add OSIP_RETRY_LIMIT which may be useful to exosip
* add osip_timersub macro
* fix validate that the API are used with the expected/required
leading char
* fix memory out-of-bound access in broken uncompliant Via header
* fix k= within media being rejected since 5.1.1 [wrong check]
- package license text
- add upstream signing key and validate source signature
- run tests
- drop libosip2-5.0.0.patch, not required
* Mon Jan 11 2021 Dirk Mueller <dmueller@suse.com>
- update to 5.2.0:
* use localtime_r when __USE_POSIX is available
* sync versions with libexosip
- use https for urls
* Sat Aug 29 2020 Jan Engelhardt <jengelh@inai.de>
- Drop old specfile constructs and excess Provides lines.
* Sat Aug 15 2020 Dirk Mueller <dmueller@suse.com>
- update to 5.1.1:
* fix vulnerability report: Authentication-Info or Proxy-Authentication-Info are affected by a buffer overflow when building sip messages.
* fix vulnerability report: when boundary only contains one quote, strncpy will use the unsigned value of -1 as size parameter.
* fix: avoid several memory leaks detected in the SDP parser upon invalid SDP formats.
* fix bug #57467: infinite loop in sdp_message_a_attribute_del_at_index
* fix bug #56071: Heap-buffer-overflow in osip_util_replace_all_lws function in osip_message_parse.c
* fix to reject any non compliant answer with missing version digits.
* Wed Feb 5 2020 David Sugar <tychosoft@gmail.com>
- Update to 5.1.0
* See package, very many changes since prior 5.0.0 release.
- drop patch already in 5.1.0
SIP_body_len_underflow.patch
- make package so library naming compliant with opensuse library versioning
- pre-requisite for updating to libeXosip2 5.1.0
* Thu Apr 20 2017 ro@suse.de
- drop patch already in 5.0.0
0001-Patch-2.1-Fixes-heap-buffer-overflow-in-osip_body_to_s.patch
- drop patch already in 5.0.0
0001-Patch-1-Fixes-heap-buffer-overflow-in-_osip_message_to_str.patch
- drop patch already in 5.0.0
0001-Patch-3-Fixes-heap-buffer-overflow-in-osip_clrncpy.patch
* Thu Apr 20 2017 ro@suse.de
- fix a set of buffer overflows:
- add patch for (bnc#1034570, CVE-2017-7853)
SIP_body_len_underflow.patch
- add patch for (bnc#1034571, CVE-2016-10326)
0001-Patch-2.1-Fixes-heap-buffer-overflow-in-osip_body_to_s.patch
- add patch for (bnc#1034572, CVE-2016-10325)
0001-Patch-1-Fixes-heap-buffer-overflow-in-_osip_message_to_str.patch
- add patch for (bnc#1034574, CVE-2016-10324)
0001-Patch-3-Fixes-heap-buffer-overflow-in-osip_clrncpy.patch
* Thu Apr 20 2017 ro@suse.de
- Update to 5.0.0:
* STRUCTURE change: additionnal parameter for "struct osip_srv_entry" used for failover in eXosip2.
* fix overflow: sr #109133: Heap buffer overflow in utility function *osip_clrncpy*
* fix overflow: sr #109132: Heap buffer overflow in *osip_body_to_str*
* fix overflow: sr #109131: Heap buffer overflow in `_osip_message_to_str`
* simplify usage of timercmp/timerisset/timerclear
* optimize list search: use iterator
* improve/update autotools (./configure and options, Makefile.am, ax_thread.m4...)
* verify a URI scheme only contains allowed char
* improve make check (test unit) to make it clear about the results expected.
* fix a possible buffer overflow of 1 byte in sdp_message_to_str (size=sdp allocated size)
* fix cseq check in order to stop retransmission of 200ok
* update to reject negative value in port number
* add support for ntlm authentication in parser
* include application_data when cloning sip message
* fix to allow correct parsing of quoted string in from/to/contact/...
* add authorizations and proxy_authorizations into ACK for 3xx, 4xx, 5xx, and 6xx (if answer was not 401/407)
* additionnal check for cseq number for matching incoming ack restransmission
* patch to transmit ack for OSIP_ICT_ACK_SENT event
* improve management of body length // fix a bug when initial value of body is \0.
* increase timer E as soon as we receive 1xx for NICT.
* update all reasons according to RFC.
* add some reason code from rfc4412, rfc3261 and rfc6086.
* parse addr spec with LAQUOT and RAQUOT in generic parameters.
* avoid issue with comma in userinfo of URI which may appear for several headers such as Contact.
* do not use multiple header method for t, f, i, r, refer-to, b, referred-by headers.
* allow faster connection with non blocking reliable sockets.
* improve android time compensation.
- rename libosip2-4.1.0.patch to libosip2-5.0.0.patch
- drop libosip2-4.1.0-pthread.patch, obsolete
* Sun May 25 2014 fisiu@opensuse.org
- Update to 4.1.0:
* fix sdp re-allocation
* increase max length size
* osip_trace_initialize returns 0 if log are compiled.
* timer e and timer g will use #define DEFAULT_T2 instead of 4000.
* handle additionnal possible malloc failure.
* fix compatibility with old UA for INVITE retransmission.
* fix osip_sem_destroy leak on apple.
* accept lowercase sip/2.0.
- Rebase libosip2-3.5.0.dif and rename to libosip2-4.1.0.patch.
- Rebase libosip2-3.5.0-pthread.patch and rename to libosip2-4.1.0-pthread.patch.
* Thu Jun 20 2013 fisiu@opensuse.org
- Update to 4.0.0:
* reduce path len // remove path in front of logs.
* accept only SIP/D.D format message.
* fix bug when releasing request with missing major headers.
* fix minor memory leak // remove limitation on fifo size.
* use system independant time for osip_gettimeofday on unix platform.
* To compile/use osip based application in multi threaded
env, you don't need to define -DOSIP_MT any more. Instead,
if you wish to disable the feature, you can compile with
- DOSIP_MONOTHREAD.
* A few other clean up were made inside osip to avoid any
define to appear in include files. Also to avoid conflict,
config.h has been renamed to osip-config.h.
- Patches updated.
- Spec cleanup.
* Mon Feb 13 2012 coolo@suse.com
- patch license to follow spdx.org standard
* Mon Nov 21 2011 jengelh@medozas.de
- Remove redundant/unwanted tags/section (cf. specfile guidelines)
- Use %%_smp_mflags for parallel building
* Sun Nov 20 2011 coolo@suse.com
- add libtool as buildrequire to avoid implicit dependency
* Tue Apr 26 2011 crrodriguez@opensuse.org
- fix botched pthread linkage,it is going to break sooner or later.
* Sun Jan 16 2011 seife+obs@b1-systems.com
- update to version 3.5.0
* iphone with TCP/TLS background support.
* a lot of minor change/fix/improvments, sorry for not being
able to have an history here...
- libosip2 (3.4.0)
* remove CRLF before parsing SIP message.
* modification to allow non-blocking socket for reliable transport.
* fix race condition for non-atomic incrementation operation.
* osip_list improvements.
* osip_list prototypes and warnings fix.
* new osip_strcasestr method.
- libosip2 (3.3.0)
* new APPLE native interface for semaphore
* add relative time in log information on linux/windows
* fix: unescape last uri parameters.
- libosip2 (3.2.0)
* return new error code for all API.
* Mon Feb 25 2008 crrodriguez@suse.de
- remove libtool archive with empty dependency_libs and static libraries
- update to version 3.1.0
* Windows Mobile 5/6 improvments.
* allow uncompliant/IMS authentication headers.
* fix when a space appear as the first char in body.
* terminate body with '\0' after parsing (don't rely on this!)
* Tue Dec 18 2007 mskibbe@suse.de
- update to version 3.0.3 which include
o initial support for rtems
o initial support for ucos.
o Fix memory leaks
o fix 64-bit (amd64) issue with hash
o parser speed improvements
o add NULL checks
o automatic check for reliable protocol SCTP and TLS
* Wed May 16 2007 ro@suse.de
- branch off devel package
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Tue Mar 22 2005 hvogel@suse.de
- use the linphone version of 2.2.0
- package pkgconfig file
* Tue Nov 9 2004 ro@suse.de
- update to 2.2.0
* Wed Jul 28 2004 ro@suse.de
- update to 2.1.0
* Tue Jan 13 2004 schwab@suse.de
- Remove old libtool macros.
* Mon Oct 20 2003 ro@suse.de
- don't build as root
* Thu Sep 25 2003 ro@suse.de
- package created version 2.0.3-cvs
