package/libpjsip: security bump to version 2.12.1

Security Issue: - Potential buffer overflow in pjsip_auth_create_digest() (GHSA-73f7-48m9-w662 a.k.a. CVE-2022-24754) - Denial-of-service in XML parsing due to an infinite loop (GHSA-5x45-qp78-g4p4 a.k.a. CVE-2022-24763) - Potential stack buffer overflow when printing SDP into a buffer (GHSA-f5qg-pqcg-765m a.k.a. CVE-2022-24764) - Potential out-of-bound read/write when parsing RTCP FB RPSI (GHSA-vhxv-phmx-g52q a.k.a. CVE-2022-24786) - Potential infinite loop when parsing WAV format file (GHSA-rwgw-vwxg-q799 a.k.a. CVE-2022-24792) - Potential heap buffer overflow when parsing DNS packets (GHSA-p6g5-v97c-w5q4 a.k.a. CVE-2022-24793) https://github.com/pjsip/pjproject/releases/tag/2.12.1 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-05-13 22:42:34 +02:00 · 2022-05-13 22:42:34 +02:00 · 2a62ff8274
commit 2a62ff8274
parent 33e947a2d5
2 changed files with 2 additions and 3 deletions
--- a/package/libpjsip/libpjsip.hash
+++ b/package/libpjsip/libpjsip.hash
@ -1,3 +1,3 @@
 # Locally computed
-sha256  b3b94d9be4aba8f6d2d1cb164603e81b0a6ee17352f9e2ba5b58e325e610ca5a  pjproject-2.12.tar.gz
+sha256  d0feef6963b07934e821ba4328aecb4c36358515c1b3e507da5874555d713533  pjproject-2.12.1.tar.gz
 sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
--- a/package/libpjsip/libpjsip.mk
+++ b/package/libpjsip/libpjsip.mk
@ -4,10 +4,9 @@
 #
 ################################################################################

-LIBPJSIP_VERSION = 2.12
+LIBPJSIP_VERSION = 2.12.1
 LIBPJSIP_SOURCE = pjproject-$(LIBPJSIP_VERSION).tar.gz
 LIBPJSIP_SITE = $(call github,pjsip,pjproject,$(LIBPJSIP_VERSION))
-# https://github.com/pjsip/pjproject/archive/2.12.tar.gz

 LIBPJSIP_DEPENDENCIES = libsrtp
 LIBPJSIP_LICENSE = GPL-2.0+