openSUSE has issued an advisory on April 28:
Mageia 5 is also affected.
updated in cauldron
(In reply to Nicolas Lécureuil from comment #1)
> updated in cauldron
Assigning to all packagers collectively for the Mga5, because it has no registered maintainer.
updated in mga5:
srpms: libosip2-5.0.0-2.mga5 siproxd-0.8.1-14.3.mga5 exosip-4.0.0-4.2.mga5
Full package list:
MGA5-32 on Asus A6000VM Xfce
No installation issues
Not sure how to test. Info in MCC mentions support for linphone, but "urpmq --whatrequires" does not give any info.
Took my chances, installed linphone and used my IP's VOIP settings in it and was able to make a call.
However the strace of linphone did not show anything I could recognize as part of these update packages.
Trying to find out what reqires what (64-bt):
$ urpmq --whatrequires-recursive exosip [nothing]
$ urpmq --whatrequires-recursive siproxd [nothing]
$ urpmq --whatrequires-recursive lib64exosip2_10 [stays _10]
$ urpmq --whatrequires-recursive lib64osip2_10 [-> _12]
exosip, lib64exosip2_10, siproxd
exosip - Extended osip library [+ /usr/bin/sip_reg]
Exosip is a library that hides the complexity of using the SIP protocol for mutlimedia session establishement.
siproxd - A SIP masquerading proxy with RTP support [/usr/sbin/siproxd]
Siprox is an proxy/masquerading daemon for the SIP protocol. It handles registrations of SIP clients on a private IP network and performs rewriting of the SIP message bodies to make SIP connections possible via a masquerading firewall.
So now we know.
I am just going to try for a clean update.
BTW I can find no previous bugs or updates for these things.
BEFORE the update, installed:
- lib64exosip2_10-4.0.0-4.2.mga5.x86_64 *** was NOT auto-required by exosip ***
Problem: both exosip & siproxd correctly required automatically lib64osip2_12-5.0.0-2; but selecting exosip did *not* automatically require lib64exosip2_10-4.0.0-4.2, although this was in the Updates Testing list. I selected it manually, but it should be auto-selected 'required' by exosip.
Hence querying the update.
Despite which, after the update:
$ urpmq --whatrequires lib64exosip2_10
shows the correct dependancy.
We don't hard code library dependencies, they're automatically generated. When the packages are available in updates, they'll all be updated. When doing QA, you always might have to manually select the appropriate packages.
Thanks David for your observation. In which case I shall risk the 64 OK.
If somebody can suggest an application which might use some of this, please do. (I decline getting bogged down in Linphone).
It looks as if libosip2_12 is the main thing.