Summary: | net-libs/libosip: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | bircoph, mail, maintainer-needed, selurvedu, treecleaner |
Priority: | Normal | Keywords: | PMASKED |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1442989 | ||
Whiteboard: | B2 [upstream/cve],Pending removal: 2018-12-01 | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 504114 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-04-24 12:02:46 UTC
@bircoph, greetings! Due to multiple outstanding vulnerabilities within net-libs/libosip that have not been corrected within Gentoo or upstream (after several years) we would like to last-rite it. Unfortunately, net-voip/linphone depends on it. Please let security know if we can last-rite net-voip/linphone in order to proceed. Mike Boyle Gentoo Security Padawan Upstream has released v5.0.0 in 2016. The latest version in portage is 4.0.0 which was released in 2012 (see https://ftp.gnu.org/gnu/osip/ ). At least net-voip/linphone-3.6.1 can be built against and works fine with net-libs/libosip-5.0.0 (currently not in the tree). To get net-libs/libosip-5.0.0 to build successfully it is enough to rename libosip-4.0.0 ebuild appropriately. I modified the ebuilds for libexosip2 and libosip2 v5.0.0 here: https://github.com/anyc/anyc-overlay/tree/master/net-libs I renamed libosip to libosip2 and libeXosip to libexosip2 in order to reflect upstream naming and removed the slotting as old versions seem unsupported. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=529da2a566027d4ca738ebafec7230da75eb23c2 commit 529da2a566027d4ca738ebafec7230da75eb23c2 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2019-03-13 09:43:45 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2019-03-13 09:44:02 +0000 net-libs/libosip: Remove last-rited pkg Bug: https://bugs.gentoo.org/616490 Signed-off-by: Michał Górny <mgorny@gentoo.org> net-libs/libosip/Manifest | 2 -- .../files/libosip-3.3.0-out-source-build.patch | 16 ---------- net-libs/libosip/libosip-3.6.0.ebuild | 33 -------------------- net-libs/libosip/libosip-4.0.0.ebuild | 35 ---------------------- net-libs/libosip/metadata.xml | 5 ---- profiles/package.mask | 1 - 6 files changed, 92 deletions(-) This has been removed from tree. Arches and Maintainer(s), Thank you for your work. |