Add an upstream patch to fix security vulnerability.

PR: 223574 Approved by: bofh (maintainer timeout, 3 weeks) MFH: 2017Q4 Security: CVE-2017-7853
author: Jung-uk Kim <jkim@FreeBSD.org> 2017-12-01 00:02:47 +0000
committer: Jung-uk Kim <jkim@FreeBSD.org> 2017-12-01 00:02:47 +0000
commit: 6a1409ed2cfaf7d6e84f52e73d379769d4486b12 (patch)
tree: 7945d859faf5682f693df820c0a1a8c08f2923b4
parent: Reduce build dependency. (diff)
2 files changed, 16 insertions, 0 deletions
diff --git a/net/libosip2/Makefile b/net/libosip2/Makefile
index c2e879634a2f..c8fbb8e75460 100644
--- a/net/libosip2/Makefile
+++ b/net/libosip2/Makefile
@@ -2,6 +2,7 @@
 
 PORTNAME=	libosip2
 PORTVERSION=	5.0.0
+PORTREVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	GNU/osip
 
diff --git a/net/libosip2/files/patch-src_osipparser2_osip__message__parse.c b/net/libosip2/files/patch-src_osipparser2_osip__message__parse.c
new file mode 100644
index 000000000000..c9713a560641
--- /dev/null
+++ b/net/libosip2/files/patch-src_osipparser2_osip__message__parse.c
@@ -0,0 +1,15 @@
+--- src/osipparser2/osip_message_parse.c.orig	2016-09-05 14:19:31 UTC
++++ src/osipparser2/osip_message_parse.c
+@@ -784,6 +784,12 @@ msg_osip_body_parse (osip_message_t * sip, const char 
+     if ('\n' == start_of_body[0] || '\r' == start_of_body[0])
+       start_of_body++;
+ 
++    /* if message body is empty or contains a single CR/LF */
++    if (end_of_body <= start_of_body) {
++      osip_free (sep_boundary);
++      return OSIP_SYNTAXERROR;
++    }
++
+     body_len = end_of_body - start_of_body;
+ 
+     /* Skip CR before end boundary. */
author	Jung-uk Kim <jkim@FreeBSD.org>	2017-12-01 00:02:47 +0000
committer	Jung-uk Kim <jkim@FreeBSD.org>	2017-12-01 00:02:47 +0000
commit	6a1409ed2cfaf7d6e84f52e73d379769d4486b12 (patch)
tree	7945d859faf5682f693df820c0a1a8c08f2923b4
parent	Reduce build dependency. (diff)