Pullup ticket #5946 - requested by khorben

devel/libosip: security fix

Revisions pulled up:
- devel/libosip/Makefile                                        1.20
- devel/libosip/distinfo                                        1.16
- devel/libosip/patches/patch-aa                                deleted
- devel/libosip/patches/patch-src_osip2_port__sema.c            1.1
- devel/libosip/patches/patch-src_osipparser2_osip__body.c      1.1

---
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Sun Apr 21 16:25:38 UTC 2019

   Modified Files:
   	pkgsrc/devel/libosip: Makefile distinfo
   Added Files:
   	pkgsrc/devel/libosip/patches: patch-src_osip2_port__sema.c
   	    patch-src_osipparser2_osip__body.c
   	    patch-src_osipparser2_osip__message__parse.c
   	    patch-src_osipparser2_osip__message__to__str.c
   	    patch-src_osipparser2_osip__port.c
   Removed Files:
   	pkgsrc/devel/libosip/patches: patch-aa

   Log Message:
   Import security fixes for libosip2

   This adds patches for the following CVE entries:
   - - CVE-2016-10324
   - - CVE-2016-10325
   - - CVE-2016-10326
   - - CVE-2017-7853

   All patches were obtained from Debian and verified to match upstream.

   While there, rename and comment the previous patch.

   Bumps PKGREVISION.

   XXX pull-up

4 files changed, 37 insertions, 9 deletions

diff --git a/devel/libosip/Makefile b/devel/libosip/Makefile
index bc0f88857f8..e09898e6fa4 100644
--- a/devel/libosip/Makefile
+++ b/devel/libosip/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.19 2014/10/09 14:06:10 wiz Exp $
+# $NetBSD: Makefile,v 1.19.38.1 2019/04/28 16:14:29 bsiegert Exp $
 #
 
 DISTNAME=	libosip2-4.1.0
+PKGREVISION=	1
 CATEGORIES=	devel
 MASTER_SITES=	${MASTER_SITE_GNU:=osip/}
 
diff --git a/devel/libosip/distinfo b/devel/libosip/distinfo
index 8178988bb36..e3270130cfd 100644
--- a/devel/libosip/distinfo
+++ b/devel/libosip/distinfo
@@ -1,7 +1,11 @@
-$NetBSD: distinfo,v 1.15 2015/11/03 03:27:43 agc Exp $
+$NetBSD: distinfo,v 1.15.30.1 2019/04/28 16:14:29 bsiegert Exp $
 
 SHA1 (libosip2-4.1.0.tar.gz) = 61459c9052ca2f5e77a6936c9b369e2b0602c080
 RMD160 (libosip2-4.1.0.tar.gz) = 3f86bf7872cd382f331b49f5e03a6ddddd338afa
 SHA512 (libosip2-4.1.0.tar.gz) = 8a04e047052aa6b970bb107aa8c0f94ed7c984defe69c3f2788f0b7677325812925a9386c1059499aa0940bb524ac1f724b5489f08e5b2210d190bad68271ee7
 Size (libosip2-4.1.0.tar.gz) = 636382 bytes
-SHA1 (patch-aa) = ba19e1ad149d2e7f0b0b44c38b48b1f5031dc587
+SHA1 (patch-src_osip2_port__sema.c) = 690cc6204025566f605cfc58a1652b95afc8e65f
+SHA1 (patch-src_osipparser2_osip__body.c) = fcbbb11e6a1b87f46faa1742d75a1951342b4095
+SHA1 (patch-src_osipparser2_osip__message__parse.c) = 2f9fea6f6ebea18b1bccb685a731ddf2295728dd
+SHA1 (patch-src_osipparser2_osip__message__to__str.c) = 12d559f25566c2143c9a679befb4b28bd03c3a63
+SHA1 (patch-src_osipparser2_osip__port.c) = 3723661ad715531bebb4ba6af7dd2e056f205e93
diff --git a/devel/libosip/patches/patch-aa b/devel/libosip/patches/patch-src_osip2_port__sema.c
index ebd632b8fc8..adef7904980 100644
--- a/devel/libosip/patches/patch-aa
+++ b/devel/libosip/patches/patch-src_osip2_port__sema.c
@@ -1,8 +1,10 @@
-$NetBSD: patch-aa,v 1.7 2014/07/12 16:48:26 schwarz Exp $
+$NetBSD: patch-src_osip2_port__sema.c,v 1.1.2.2 2019/04/28 16:14:29 bsiegert Exp $
 
---- src/osip2/port_sema.c.orig	2013-12-18 19:36:46.000000000 +0100
-+++ src/osip2/port_sema.c	2014-07-12 18:20:40.000000000 +0200
-@@ -305,7 +305,6 @@
+Fix the calls to semctl to make this package build on NetBSD 1.6
+
+--- src/osip2/port_sema.c.orig	2013-12-18 18:36:46.000000000 +0000
++++ src/osip2/port_sema.c
+@@ -305,7 +305,6 @@ osip_sem_trywait (struct osip_sem *_sem)
  struct osip_sem *
  osip_sem_init (unsigned int value)
  {
@@ -10,7 +12,7 @@ $NetBSD: patch-aa,v 1.7 2014/07/12 16:48:26 schwarz Exp $
    int i;
    osip_sem_t *sem = (osip_sem_t *) osip_malloc (sizeof (osip_sem_t));
  
-@@ -318,8 +317,7 @@
+@@ -318,8 +317,7 @@ osip_sem_init (unsigned int value)
      osip_free (sem);
      return NULL;
    }
@@ -20,7 +22,7 @@ $NetBSD: patch-aa,v 1.7 2014/07/12 16:48:26 schwarz Exp $
    if (i != 0) {
      perror ("semctl error");
      osip_free (sem);
-@@ -331,13 +329,11 @@
+@@ -331,13 +329,11 @@ osip_sem_init (unsigned int value)
  int
  osip_sem_destroy (struct osip_sem *_sem)
  {
diff --git a/devel/libosip/patches/patch-src_osipparser2_osip__body.c b/devel/libosip/patches/patch-src_osipparser2_osip__body.c
new file mode 100644
index 00000000000..7151f530a03
--- /dev/null
+++ b/devel/libosip/patches/patch-src_osipparser2_osip__body.c
@@ -0,0 +1,21 @@
+$NetBSD: patch-src_osipparser2_osip__body.c,v 1.1.2.2 2019/04/28 16:14:29 bsiegert Exp $
+
+Apply fix for CVE-2016-10326 (from Debian)
+
+--- src/osipparser2/osip_body.c.orig	2013-12-18 18:36:46.000000000 +0000
++++ src/osipparser2/osip_body.c
+@@ -417,6 +417,14 @@ osip_body_to_str (const osip_body_t * bo
+   }
+ 
+   if ((osip_list_size (body->headers) > 0) || (body->content_type != NULL)) {
++    if (length < tmp_body - ptr + 3) {
++      size_t len;
++
++      len = tmp_body - ptr;
++      length = length + 3 + body->length; /* add body->length, to avoid calling realloc often */
++      ptr = osip_realloc (ptr, length);
++      tmp_body = ptr + len;
++    }
+     tmp_body = osip_strn_append (tmp_body, CRLF, 2);
+   }
+   if (length < tmp_body - ptr + body->length + 4) {