Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package sngrep for openSUSE:Leap:16.0
checked in at 2025-06-11 10:09:22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:16.0/sngrep (Old)
and /work/SRC/openSUSE:Leap:16.0/.sngrep.new.19631 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "sngrep"
Wed Jun 11 10:09:22 2025 rev:2 rq:1278540 version:1.8.2
Changes:
--------
--- /work/SRC/openSUSE:Leap:16.0/sngrep/sngrep.changes 2025-03-19
11:57:50.261705357 +0100
+++ /work/SRC/openSUSE:Leap:16.0/.sngrep.new.19631/sngrep.changes
2025-06-11 10:09:23.745620825 +0200
@@ -1,0 +2,13 @@
+Fri Mar 14 15:21:00 UTC 2025 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- build with pcre2
+
+-------------------------------------------------------------------
+Sat Dec 21 20:44:37 UTC 2024 - Andreas Stieger <andreas.stie...@gmx.de>
+
+- update to 1.8.2:
+ * This release contains the the upstream fix for a possible
+ buffer overflow while processing RTP payload, it was previsouly
+ patched in via sngrep-1.8.1-CVE-2024-35434.patch, now dropped
+
+-------------------------------------------------------------------
Old:
----
sngrep-1.8.1-CVE-2024-35434.patch
sngrep-1.8.1.tar.gz
New:
----
sngrep-1.8.2.tar.gz
BETA DEBUG BEGIN:
Old: buffer overflow while processing RTP payload, it was previsouly
patched in via sngrep-1.8.1-CVE-2024-35434.patch, now dropped
BETA DEBUG END:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ sngrep.spec ++++++
--- /var/tmp/diff_new_pack.l0styT/_old 2025-06-11 10:09:23.993631092 +0200
+++ /var/tmp/diff_new_pack.l0styT/_new 2025-06-11 10:09:23.997631258 +0200
@@ -3,6 +3,7 @@
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2018-2024, Martin Hauke <mar...@gmx.de>
+# Copyright (c) 2024 Andreas Stieger <andreas.stie...@gmx.de>
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -18,7 +19,7 @@
Name: sngrep
-Version: 1.8.1
+Version: 1.8.2
Release: 0
Summary: Ncurses SIP Messages flow viewer
License: GPL-3.0-or-later
@@ -26,13 +27,12 @@
URL: https://github.com/irontec/sngrep
#Git-Clone: https://github.com/irontec/sngrep.git
Source:
https://github.com/irontec/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-Patch0: sngrep-1.8.1-CVE-2024-35434.patch
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libpcap-devel
BuildRequires: pkgconfig
BuildRequires: pkgconfig(libcrypto)
-BuildRequires: pkgconfig(libpcre)
+BuildRequires: pkgconfig(libpcre2-8)
BuildRequires: pkgconfig(libssl)
BuildRequires: pkgconfig(ncursesw)
@@ -48,12 +48,12 @@
%autosetup -p1
%build
-autoreconf -fi
+autoreconf -fiv
export CFLAGS="%{optflags} $(pkg-config --cflags ncursesw)"
%configure \
--enable-unicode \
--with-openssl \
- --with-pcre \
+ --with-pcre2 \
--enable-ipv6 \
--enable-eep
++++++ sngrep-1.8.1.tar.gz -> sngrep-1.8.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sngrep-1.8.1/ChangeLog new/sngrep-1.8.2/ChangeLog
--- old/sngrep-1.8.1/ChangeLog 2024-04-08 10:56:52.000000000 +0200
+++ new/sngrep-1.8.2/ChangeLog 2024-07-08 10:53:44.000000000 +0200
@@ -1,3 +1,8 @@
+2024-07-08 Ivan Alonso <ka...@irontec.com>
+ * sngrep 1.8.2 released
+
+ * capture: fix possible buffer overflow while processing RTP payload
+
2024-04-08 Ivan Alonso <ka...@irontec.com>
* sngrep 1.8.1 released
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sngrep-1.8.1/configure.ac
new/sngrep-1.8.2/configure.ac
--- old/sngrep-1.8.1/configure.ac 2024-04-08 10:56:52.000000000 +0200
+++ new/sngrep-1.8.2/configure.ac 2024-07-08 10:53:44.000000000 +0200
@@ -1,5 +1,5 @@
AC_PREREQ([2.59])
-AC_INIT([sngrep], [1.8.1], [ka...@irontec.com], [sngrep],
[http://www.irontec.com/])
+AC_INIT([sngrep], [1.8.2], [ka...@irontec.com], [sngrep],
[http://www.irontec.com/])
AM_INIT_AUTOMAKE([1.9])
AC_CONFIG_HEADERS([src/config.h])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sngrep-1.8.1/doc/sngrep.8
new/sngrep-1.8.2/doc/sngrep.8
--- old/sngrep-1.8.1/doc/sngrep.8 2024-04-08 10:56:52.000000000 +0200
+++ new/sngrep-1.8.2/doc/sngrep.8 2024-07-08 10:53:44.000000000 +0200
@@ -3,7 +3,7 @@
.\" Copyright (c) 2013-2024 Ivan Alonso <ka...@irontec.com>
.\" Copyright (c) 2013-2024 Irontec S.L.
-.TH SNGREP 8 "Mar 2023" "sngrep 1.8.1"
+.TH SNGREP 8 "Mar 2023" "sngrep 1.8.2"
.SH NAME
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sngrep-1.8.1/pkg/apk/APKBUILD
new/sngrep-1.8.2/pkg/apk/APKBUILD
--- old/sngrep-1.8.1/pkg/apk/APKBUILD 2024-04-08 10:56:52.000000000 +0200
+++ new/sngrep-1.8.2/pkg/apk/APKBUILD 2024-07-08 10:53:44.000000000 +0200
@@ -1,7 +1,7 @@
# Contributor: Francesco Colista <fcoli...@alpinelinux.org>
# Maintainer: Francesco Colista <fcoli...@alpinelinux.org>
pkgname=sngrep
-pkgver=1.8.1
+pkgver=1.8.2
pkgrel=0
pkgdesc="display SIP call message flows from a terminal"
url="https://github.com/irontec/sngrep";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sngrep-1.8.1/pkg/debian/changelog
new/sngrep-1.8.2/pkg/debian/changelog
--- old/sngrep-1.8.1/pkg/debian/changelog 2024-04-08 10:56:52.000000000
+0200
+++ new/sngrep-1.8.2/pkg/debian/changelog 2024-07-08 10:53:44.000000000
+0200
@@ -1,3 +1,9 @@
+sngrep (1.8.2) experimental; urgency=low
+
+ * sngrep 1.8.2 released
+
+ -- Ivan Alonso <ka...@irontec.com> Mon, 08 Jul 2024 09:27:47 +0200
+
sngrep (1.8.1) experimental; urgency=low
* sngrep 1.8.1 released
@@ -119,7 +125,7 @@
-- Ivan Alonso <ka...@irontec.com> Tue, 27 Oct 2015 16:01:00 +0100
sngrep (1.0.0) experimental; urgency=low
-
+
* sngrep 1.3.0 released
-- Ivan Alonso <ka...@irontec.com> Tue, 06 Oct 2015 19:13:00 +0100
@@ -175,18 +181,18 @@
sngrep (0.2.0) experimental; urgency=low
* sngrep 0.2.0 released
-
+
-- Ivan Alonso <ka...@irontec.com> Thu, 4 Dec 2014 20:39:04 +0100
sngrep (0.1.0) experimental; urgency=low
* sngrep 0.1.0 released
-
+
-- Ivan Alonso <ka...@irontec.com> Sun, 21 Oct 2014 14:35:00 +0100
sngrep (0.0.1) experimental; urgency=low
* sngrep 0.0.1 released
-
+
-- Ivan Alonso <ka...@irontec.com> Wed, 1 Oct 2014 20:39:04 +0100
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sngrep-1.8.1/pkg/debian/control
new/sngrep-1.8.2/pkg/debian/control
--- old/sngrep-1.8.1/pkg/debian/control 2024-04-08 10:56:52.000000000 +0200
+++ new/sngrep-1.8.2/pkg/debian/control 2024-07-08 10:53:44.000000000 +0200
@@ -9,7 +9,7 @@
Package: sngrep
Architecture: any
Pre-Depends: ${misc:Pre-Depends}
-Depends: ${misc:Depends}, ${shlibs:Depends}, libpcap0.8, libncursesw5,
libpcre2 | libpcre2-8-0
+Depends: ${misc:Depends}, ${shlibs:Depends}, libpcap0.8, libncursesw5 |
libncursesw6, libpcre2 | libpcre2-8-0
Description: Ncurses SIP Messages flow viewer
sngrep displays SIP Messages grouped by Call-Id into flow
diagrams. It can be used as an offline PCAP viewer or online
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sngrep-1.8.1/pkg/rpm/SPECS/sngrep.spec
new/sngrep-1.8.2/pkg/rpm/SPECS/sngrep.spec
--- old/sngrep-1.8.1/pkg/rpm/SPECS/sngrep.spec 2024-04-08 10:56:52.000000000
+0200
+++ new/sngrep-1.8.2/pkg/rpm/SPECS/sngrep.spec 2024-07-08 10:53:44.000000000
+0200
@@ -2,16 +2,16 @@
Summary: SIP Messages flow viewer
Name: sngrep
-Version: 1.8.1
+Version: 1.8.2
Release: 0%{?dist}
License: GPLv3
Group: Applications/Engineering
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Source:
https://github.com/irontec/sngrep/releases/download/v%{version}/sngrep-%{version}.tar.gz
URL: http://github.com/irontec/sngrep
-BuildRequires: ncurses-devel
-BuildRequires: make
-BuildRequires: libpcap-devel
+BuildRequires: ncurses-devel
+BuildRequires: make
+BuildRequires: libpcap-devel
BuildRequires: pcre-devel
BuildRequires: autoconf
BuildRequires: automake
@@ -59,9 +59,11 @@
%{__rm} -rf %{buildroot}
%changelog
+* Mon Jul 08 2024 Ivan Alonso <ka...@irontec.com> - 1.8.2
+ - Version 1.8.2
* Mon Apr 08 2024 Ivan Alonso <ka...@irontec.com> - 1.8.1
- Version 1.8.1
-* Wed Dec 20 2024 Ivan Alonso <ka...@irontec.com> - 1.8.0
+* Wed Dec 20 2023 Ivan Alonso <ka...@irontec.com> - 1.8.0
- Version 1.8.0
* Fri Mar 31 2023 Ivan Alonso <ka...@irontec.com> - 1.7.0
- Version 1.7.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/sngrep-1.8.1/src/rtp.c new/sngrep-1.8.2/src/rtp.c
--- old/sngrep-1.8.1/src/rtp.c 2024-04-08 10:56:52.000000000 +0200
+++ new/sngrep-1.8.2/src/rtp.c 2024-07-08 10:53:44.000000000 +0200
@@ -271,6 +271,10 @@
// Check RTCP packet header typ
switch (hdr.type) {
case RTCP_HDR_SR:
+ // Ensure there is enough payload to fill the header
+ if (size < sizeof(struct rtcp_hdr_sr))
+ break;
+
// Get Sender Report header
memcpy(&hdr_sr, payload, sizeof(hdr_sr));
stream->rtcpinfo.spc = ntohl(hdr_sr.spc);
@@ -283,6 +287,10 @@
case RTCP_PSFB:
break;
case RTCP_XR:
+ // Ensure there is enough payload to fill the header
+ if (size < sizeof(struct rtcp_hdr_xr))
+ break;
+
// Get Sender Report Extended header
memcpy(&hdr_xr, payload, sizeof(hdr_xr));
bsize = sizeof(hdr_xr);
