[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 45426048c79dff064f62206e01827d63798e39be
Author: Jaco Kroon uls co za>
AuthorDate: Sun Jul 9 19:18:49 2023 +
Commit: Joonas Niilola gentoo org>
CommitDate: Thu Jul 27 06:48:10 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45426048
net-libs/pjproject: add 2.13.1
Signed-off-by: Jaco Kroon uls.co.za>
Signed-off-by: Joonas Niilola gentoo.org>
net-libs/pjproject/Manifest| 1 +
...pjproject-2.13.1-fix-ptimesized-wav-input.patch | 30 +
net-libs/pjproject/pjproject-2.13.1.ebuild | 143 +
3 files changed, 174 insertions(+)
diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index c081c0e1aeb2..0082f1020d94 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1 +1,2 @@
+DIST pjproject-2.13.1.tar.gz 9746437 BLAKE2B
a50278be52df755c5cec08da0c1a604a8c0ad6911853a424596ce05bc423a829818d2e7425b55bdc00fa24a91b9a3e891c54aa2add5cdbf8698173ac44ae2975
SHA512
1cdfaedafa2f42b306eef38174530163db19952c6842d5c96324c7439e2437a17cd96670ac58ae04da221b06d7eb91d612f4347cd421e036be62b27cb9501cda
DIST pjproject-2.13.tar.gz 9744716 BLAKE2B
947fe076089b3cd0826a554db3cda9939e228b9e7bb5ed2d01242e44e5e5b0d9d2ddc52b378f141efb89fcbfbd628fcdff341e54bc3615280e23f30ea58daf56
SHA512
df184511d554e5f77ca1a551bdf6b22c4c8ae2b6ad61be0e7e459e2d7db50f496af66c37e080f178019a509ea25847e70a342ac48c820a6b9302b4cbf174c520
diff --git
a/net-libs/pjproject/files/pjproject-2.13.1-fix-ptimesized-wav-input.patch
b/net-libs/pjproject/files/pjproject-2.13.1-fix-ptimesized-wav-input.patch
new file mode 100644
index ..9f1459f68d63
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.13.1-fix-ptimesized-wav-input.patch
@@ -0,0 +1,30 @@
+From dc4d4587cb8abe07513b9ae24cf62eaeeb6e8907 Mon Sep 17 00:00:00 2001
+From: Jaco Kroon
+Date: Wed, 14 Jun 2023 16:39:41 +0200
+Subject: [PATCH] Fix wave port creation if the input wave file contains
+ exactly one frame.
+
+If for example we try to load a file with ptime=10 and there is exactly
+10 ms worth of PCM data in the wave file (160 bytes of PCM data) then
+the buff_size will be adjusted down to be of a size that matches exactly
+one frame, resulting in the check that the buffer size can hold at least
+one frame failing due to comparing >= instead of >.
+
+Signed-off-by: Jaco Kroon
+---
+ pjmedia/src/pjmedia/wav_player.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pjmedia/src/pjmedia/wav_player.c
b/pjmedia/src/pjmedia/wav_player.c
+index 84ba53d50..410cf2627 100644
+--- a/pjmedia/src/pjmedia/wav_player.c
b/pjmedia/src/pjmedia/wav_player.c
+@@ -428,7 +428,7 @@ PJ_DEF(pj_status_t) pjmedia_wav_player_port_create(
pj_pool_t *pool,
+ /* samples_per_frame must be smaller than bufsize (because get_frame()
+ * doesn't handle this case).
+ */
+-if (samples_per_frame * fport->bytes_per_sample >= fport->bufsize) {
++if (samples_per_frame * fport->bytes_per_sample > fport->bufsize) {
+ pj_file_close(fport->fd);
+ return PJ_EINVAL;
+ }
diff --git a/net-libs/pjproject/pjproject-2.13.1.ebuild
b/net-libs/pjproject/pjproject-2.13.1.ebuild
new file mode 100644
index ..3620c5411601
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.13.1.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# TODO: Figure out a way to disable SRTP from pjproject entirely.
+EAPI=8
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://github.com/pjsip/pjproject https://www.pjsip.org/;
+SRC_URI="https://github.com/pjsip/${PN}/archive/refs/tags/${PV}.tar.gz ->
${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
+SOUND_FLAGS="alsa portaudio"
+IUSE="amr debug epoll examples opus resample silk ssl static-libs webrtc
+ ${CODEC_FLAGS} g729
+ ${VIDEO_FLAGS}
+ ${SOUND_FLAGS}"
+
+RDEPEND=">=net-libs/libsrtp-2.3.0:=
+ alsa? ( media-libs/alsa-lib )
+ amr? ( media-libs/opencore-amr )
+ ffmpeg? ( media-video/ffmpeg:= )
+ g729? ( media-libs/bcg729 )
+ gsm? ( media-sound/gsm )
+ ilbc? ( media-libs/libilbc )
+ openh264? ( media-libs/openh264 )
+ opus? ( media-libs/opus )
+ portaudio? ( media-libs/portaudio )
+ resample? ( media-libs/libsamplerate )
+ sdl? ( media-libs/libsdl2 )
+ speex? (
+ media-libs/speex
+ media-libs/speexdsp
+ )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/
commit: 871c0d7f0cc4fca68f961233adca4e301ade6669
Author: Michael Mair-Keimberger levelnine at>
AuthorDate: Fri May 19 14:31:10 2023 +
Commit: Conrad Kostecki gentoo org>
CommitDate: Mon May 22 21:26:13 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=871c0d7f
net-libs/pjproject: remove unused patches
Signed-off-by: Michael Mair-Keimberger levelnine.at>
Closes: https://github.com/gentoo/gentoo/pull/31097
Signed-off-by: Conrad Kostecki gentoo.org>
.../files/pjproject-2.12.1-CVE-2022-31031.patch| 41 ---
.../files/pjproject-2.12.1-r2-CVE-2022-39244.patch | 306 -
.../files/pjproject-2.12.1-r2-CVE-2022-39269.patch | 33 ---
.../files/pjproject-2.12.1-r2-bashism.patch| 44 ---
.../pjproject/files/pjproject-2.12.1-r2-musl.patch | 102 ---
5 files changed, 526 deletions(-)
diff --git a/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch
b/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch
deleted file mode 100644
index 637b7f374ffc..
--- a/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 450baca94f475345542c6953832650c390889202 Mon Sep 17 00:00:00 2001
-From: sauwming
-Date: Tue, 7 Jun 2022 12:00:13 +0800
-Subject: [PATCH] Merge pull request from GHSA-26j7-ww69-c4qj
-
- pjlib-util/src/pjlib-util/stun_simple.c | 7 ++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/pjlib-util/src/pjlib-util/stun_simple.c
b/pjlib-util/src/pjlib-util/stun_simple.c
-index 722519584..d0549176d 100644
a/pjlib-util/src/pjlib-util/stun_simple.c
-+++ b/pjlib-util/src/pjlib-util/stun_simple.c
-@@ -54,6 +54,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t
buf_len,
- {
- pj_uint16_t msg_type, msg_len;
- char *p_attr;
-+int attr_max_cnt = PJ_ARRAY_SIZE(msg->attr);
-
- PJ_CHECK_STACK();
-
-@@ -83,7 +84,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t
buf_len,
- msg->attr_count = 0;
- p_attr = (char*)buf + sizeof(pjstun_msg_hdr);
-
--while (msg_len > 0) {
-+while (msg_len > 0 && msg->attr_count < attr_max_cnt) {
- pjstun_attr_hdr **attr = >attr[msg->attr_count];
- pj_uint32_t len;
- pj_uint16_t attr_type;
-@@ -111,6 +112,10 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf,
pj_size_t buf_len,
- p_attr += len;
- ++msg->attr_count;
- }
-+if (msg->attr_count == attr_max_cnt) {
-+ PJ_LOG(4, (THIS_FILE, "Warning: max number attribute %d reached.",
-+ attr_max_cnt));
-+}
-
- return PJ_SUCCESS;
- }
diff --git a/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39244.patch
b/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39244.patch
deleted file mode 100644
index a0995fb92957..
--- a/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39244.patch
+++ /dev/null
@@ -1,306 +0,0 @@
-https://bugs.gentoo.org/875863
-https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
-
-From c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae Mon Sep 17 00:00:00 2001
-From: sauwming
-Date: Mon, 3 Oct 2022 08:07:22 +0800
-Subject: [PATCH] Merge pull request from GHSA-fq45-m3f7-3mhj
-
-* Initial patch
-
-* Use 'pj_scan_is_eof(scanner)'
-
-Co-authored-by: Aaron Lichtman
-
-* Use 'pj_scan_is_eof(scanner)'
-
-Co-authored-by: Aaron Lichtman
-
-* Use 'pj_scan_is_eof(scanner)'
-
-Co-authored-by: Aaron Lichtman
-
-* Use `!pj_scan_is_eof` instead of manually checking `scanner->curptr <
scanner->end`
-
-Co-authored-by: Maksim Mukosey
-
-* Update pjlib-util/src/pjlib-util/scanner.c
-
-Co-authored-by: Aaron Lichtman
-
-* Update pjlib-util/src/pjlib-util/scanner.c
-
-Co-authored-by: Aaron Lichtman
-
-* Update pjlib-util/src/pjlib-util/scanner.c
-
-Co-authored-by: Aaron Lichtman
-
-* Revert '>=' back to '>' in pj_scan_stricmp_alnum()
-
-* Fix error compiles.
-
-Co-authored-by: Nanang Izzuddin
-Co-authored-by: Aaron Lichtman
-Co-authored-by: Maksim Mukosey
- pjlib-util/src/pjlib-util/scanner.c | 41 +++--
- pjmedia/src/pjmedia/rtp.c | 11 +---
- pjmedia/src/pjmedia/sdp.c | 24 ++---
- 3 files changed, 48 insertions(+), 28 deletions(-)
-
-diff --git a/pjlib-util/src/pjlib-util/scanner.c
b/pjlib-util/src/pjlib-util/scanner.c
-index a54edf2d8e..6541bbae31 100644
a/pjlib-util/src/pjlib-util/scanner.c
-+++ b/pjlib-util/src/pjlib-util/scanner.c
-@@ -195,7 +195,13 @@ PJ_DEF(void) pj_scan_skip_whitespace( pj_scanner *scanner
)
-
- PJ_DEF(void) pj_scan_skip_line( pj_scanner *scanner )
- {
--char *s = pj_memchr(scanner->curptr, '\n', scanner->end -
scanner->curptr);
-+char *s;
-+
-+if (pj_scan_is_eof(scanner)) {
-+return;
-+}
-+
-+s = pj_memchr(scanner->curptr, '\n', scanner->end - scanner->curptr);
- if (!s) {
- scanner->curptr = scanner->end;
- } else {
-@@ -264,8 +270,7 @@
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 0697e55a6fa27051a99aa59fde8b5716c022696e
Author: Jaco Kroon uls co za>
AuthorDate: Mon Mar 13 06:54:28 2023 +
Commit: Joonas Niilola gentoo org>
CommitDate: Wed Apr 5 11:56:14 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0697e55a
net-libs/pjproject: Add 2.13-r1
Bug: https://bugs.gentoo.org/887559
Closes: https://bugs.gentoo.org/79
Signed-off-by: Jaco Kroon uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/30088
Signed-off-by: Joonas Niilola gentoo.org>
...3537-buffer-overread-on-STUN-error-decode.patch | 95 ++
...2022-23547-buffer-overread-on-STUN-decode.patch | 50
...NOTIFY-tdata-is-set-before-sending-it_new.patch | 46 +++
net-libs/pjproject/pjproject-2.13-r1.ebuild| 142 +
4 files changed, 333 insertions(+)
diff --git
a/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch
b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch
new file mode 100644
index ..bfd1fc05e160
--- /dev/null
+++
b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch
@@ -0,0 +1,95 @@
+From d8440f4d711a654b511f50f79c0445b26f9dd1e1 Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin
+Date: Tue, 20 Dec 2022 11:39:12 +0700
+Subject: [PATCH] Merge pull request from GHSA-9pfh-r8x4-w26w
+
+* Fix buffer overread in STUN message decoder
+
+* Updates based on comments
+---
+ pjnath/include/pjnath/stun_msg.h | 4
+ pjnath/src/pjnath/stun_msg.c | 14 +++---
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/pjnath/include/pjnath/stun_msg.h
b/pjnath/include/pjnath/stun_msg.h
+index b52f95c586..e49f096f3a 100644
+--- a/pjnath/include/pjnath/stun_msg.h
b/pjnath/include/pjnath/stun_msg.h
+@@ -442,6 +442,7 @@ typedef enum pj_stun_status
+
+\endverbatim
+ */
++#pragma pack(1)
+ typedef struct pj_stun_msg_hdr
+ {
+ /**
+@@ -473,6 +474,7 @@ typedef struct pj_stun_msg_hdr
+ pj_uint8_t tsx_id[12];
+
+ } pj_stun_msg_hdr;
++#pragma pack()
+
+
+ /**
+@@ -490,6 +492,7 @@ typedef struct pj_stun_msg_hdr
+
+\endverbatim
+ */
++#pragma pack(1)
+ typedef struct pj_stun_attr_hdr
+ {
+ /**
+@@ -506,6 +509,7 @@ typedef struct pj_stun_attr_hdr
+ pj_uint16_t length;
+
+ } pj_stun_attr_hdr;
++#pragma pack()
+
+
+ /**
+diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c
+index 3def6b3eac..e904a0ba47 100644
+--- a/pjnath/src/pjnath/stun_msg.c
b/pjnath/src/pjnath/stun_msg.c
+@@ -746,7 +746,7 @@ PJ_DEF(int) pj_stun_set_padding_char(int chr)
+
+ #define INIT_ATTR(a,t,l)(a)->hdr.type=(pj_uint16_t)(t), \
+ (a)->hdr.length=(pj_uint16_t)(l)
+-#define ATTR_HDR_LEN4
++#define ATTR_HDR_LENsizeof(pj_stun_attr_hdr)
+
+ static pj_uint16_t GETVAL16H(const pj_uint8_t *buf, unsigned pos)
+ {
+@@ -2327,6 +2327,14 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
+ status = pj_stun_msg_check(pdu, pdu_len, options);
+ if (status != PJ_SUCCESS)
+ return status;
++} else {
++/* For safety, verify packet length at least */
++pj_uint32_t msg_len = GETVAL16H(pdu, 2) + 20;
++if (msg_len > pdu_len ||
++((options & PJ_STUN_IS_DATAGRAM) && msg_len != pdu_len))
++{
++return PJNATH_EINSTUNMSGLEN;
++}
+ }
+
+ /* Create the message, copy the header, and convert to host byte order */
+@@ -2345,7 +2353,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
+ p_response = NULL;
+
+ /* Parse attributes */
+-while (pdu_len >= 4) {
++while (pdu_len >= ATTR_HDR_LEN) {
+ unsigned attr_type, attr_val_len;
+ const struct attr_desc *adesc;
+
+@@ -2357,7 +2365,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
+ attr_val_len = (attr_val_len + 3) & (~3);
+
+ /* Check length */
+-if (pdu_len < attr_val_len) {
++if (pdu_len < attr_val_len + ATTR_HDR_LEN) {
+ pj_str_t err_msg;
+ char err_msg_buf[80];
+
diff --git
a/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch
b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch
new file mode 100644
index ..499ce4373b56
--- /dev/null
+++
b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch
@@ -0,0 +1,50 @@
+From bc4812d31a67d5e2f973fbfaf950d6118226cf36 Mon Sep 17 00:00:00 2001
+From: sauwming
+Date: Fri, 23 Dec 2022 15:05:28 +0800
+Subject: [PATCH] Merge pull request from GHSA-cxwq-5g9x-x7fr
+
+* Fixed heap buffer overflow when parsing STUN errcode attribute
+
+* Also fixed uint parsing
+---
+ pjnath/src/pjnath/stun_msg.c | 11 ++-
+ 1 file changed, 6
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 9190173b8ee7cf9ee818ad61aebc841f11fa834f
Author: orbea riseup net>
AuthorDate: Fri Oct 7 19:10:13 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Oct 12 23:22:50 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9190173b
net-libs/pjproject: Add 2.12.1-r2
* Fixes the build with musl
* Fixes a bashism
* Backports two CVE fix patches
Closes: https://bugs.gentoo.org/865719
Upstream-PR: https://github.com/pjsip/pjproject/pull/3220
Upstream-Commit:
https://github.com/pjsip/pjproject/commit/bae7e5f4ff9047170e7e160ab52f6d9993aeae80
Bug: https://bugs.gentoo.org/875863
Upstream-Commit:
https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc
Upstream-Commit:
https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
Closes: https://bugs.gentoo.org/867343
Upstream-PR: https://github.com/pjsip/pjproject/pull/3263
Signed-off-by: orbea riseup.net>
Closes: https://github.com/gentoo/gentoo/pull/27677
Signed-off-by: Sam James gentoo.org>
.../files/pjproject-2.12.1-r2-CVE-2022-39244.patch | 306 +
.../files/pjproject-2.12.1-r2-CVE-2022-39269.patch | 33 +++
.../files/pjproject-2.12.1-r2-bashism.patch| 44 +++
.../pjproject/files/pjproject-2.12.1-r2-musl.patch | 102 +++
net-libs/pjproject/pjproject-2.12.1-r2.ebuild | 144 ++
5 files changed, 629 insertions(+)
diff --git a/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39244.patch
b/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39244.patch
new file mode 100644
index ..a0995fb92957
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39244.patch
@@ -0,0 +1,306 @@
+https://bugs.gentoo.org/875863
+https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
+
+From c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae Mon Sep 17 00:00:00 2001
+From: sauwming
+Date: Mon, 3 Oct 2022 08:07:22 +0800
+Subject: [PATCH] Merge pull request from GHSA-fq45-m3f7-3mhj
+
+* Initial patch
+
+* Use 'pj_scan_is_eof(scanner)'
+
+Co-authored-by: Aaron Lichtman
+
+* Use 'pj_scan_is_eof(scanner)'
+
+Co-authored-by: Aaron Lichtman
+
+* Use 'pj_scan_is_eof(scanner)'
+
+Co-authored-by: Aaron Lichtman
+
+* Use `!pj_scan_is_eof` instead of manually checking `scanner->curptr <
scanner->end`
+
+Co-authored-by: Maksim Mukosey
+
+* Update pjlib-util/src/pjlib-util/scanner.c
+
+Co-authored-by: Aaron Lichtman
+
+* Update pjlib-util/src/pjlib-util/scanner.c
+
+Co-authored-by: Aaron Lichtman
+
+* Update pjlib-util/src/pjlib-util/scanner.c
+
+Co-authored-by: Aaron Lichtman
+
+* Revert '>=' back to '>' in pj_scan_stricmp_alnum()
+
+* Fix error compiles.
+
+Co-authored-by: Nanang Izzuddin
+Co-authored-by: Aaron Lichtman
+Co-authored-by: Maksim Mukosey
+---
+ pjlib-util/src/pjlib-util/scanner.c | 41 +++--
+ pjmedia/src/pjmedia/rtp.c | 11 +---
+ pjmedia/src/pjmedia/sdp.c | 24 ++---
+ 3 files changed, 48 insertions(+), 28 deletions(-)
+
+diff --git a/pjlib-util/src/pjlib-util/scanner.c
b/pjlib-util/src/pjlib-util/scanner.c
+index a54edf2d8e..6541bbae31 100644
+--- a/pjlib-util/src/pjlib-util/scanner.c
b/pjlib-util/src/pjlib-util/scanner.c
+@@ -195,7 +195,13 @@ PJ_DEF(void) pj_scan_skip_whitespace( pj_scanner *scanner
)
+
+ PJ_DEF(void) pj_scan_skip_line( pj_scanner *scanner )
+ {
+-char *s = pj_memchr(scanner->curptr, '\n', scanner->end -
scanner->curptr);
++char *s;
++
++if (pj_scan_is_eof(scanner)) {
++return;
++}
++
++s = pj_memchr(scanner->curptr, '\n', scanner->end - scanner->curptr);
+ if (!s) {
+ scanner->curptr = scanner->end;
+ } else {
+@@ -264,8 +270,7 @@ PJ_DEF(void) pj_scan_get( pj_scanner *scanner,
+
+ pj_assert(pj_cis_match(spec,0)==0);
+
+-/* EOF is detected implicitly */
+-if (!pj_cis_match(spec, *s)) {
++if (pj_scan_is_eof(scanner) || !pj_cis_match(spec, *s)) {
+ pj_scan_syntax_err(scanner);
+ return;
+ }
+@@ -299,8 +304,7 @@ PJ_DEF(void) pj_scan_get_unescape( pj_scanner *scanner,
+ /* Must not match character '%' */
+ pj_assert(pj_cis_match(spec,'%')==0);
+
+-/* EOF is detected implicitly */
+-if (!pj_cis_match(spec, *s) && *s != '%') {
++if (pj_scan_is_eof(scanner) || !pj_cis_match(spec, *s) && *s != '%') {
+ pj_scan_syntax_err(scanner);
+ return;
+ }
+@@ -436,7 +440,9 @@ PJ_DEF(void) pj_scan_get_n( pj_scanner *scanner,
+
+ scanner->curptr += N;
+
+-if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws) {
++if (!pj_scan_is_eof(scanner) &&
++ PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws)
++{
+ pj_scan_skip_whitespace(scanner);
+ }
+ }
+@@ -467,15 +473,16 @@ PJ_DEF(int) pj_scan_get_char( pj_scanner *scanner )
+
+ PJ_DEF(void) pj_scan_get_newline( pj_scanner *scanner )
+ {
+-if
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 5e62ae9d029796011f7cb56f80fdf3281d30a2c9
Author: Jaco Kroon uls co za>
AuthorDate: Mon Jul 11 09:53:03 2022 +
Commit: Sam James gentoo org>
CommitDate: Wed Jul 13 08:00:52 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e62ae9d
net-libs/pjproject: Remove old (broken) versions.
USE=ipv6 causes the ABIs here to be broken for all consumers
(net-misc/asterisk).
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Jaco Kroon uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/26230
Signed-off-by: Sam James gentoo.org>
net-libs/pjproject/Manifest| 1 -
...ct-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 -
...-CVE-2021-21375-negotiation-failure-crash.patch | 45
...21-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch | 289 -
...ion-between-transport-destroy-and-acquire.patch | 108
.../pjproject/files/pjproject-2.9-config_site.h| 74 --
.../pjproject/files/pjproject-2.9-ssl-enable.patch | 100 ---
net-libs/pjproject/pjproject-2.10-r1.ebuild| 124 -
net-libs/pjproject/pjproject-2.10-r2.ebuild| 125 -
9 files changed, 991 deletions(-)
diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index b0c9fcafc2b1..7c848864dc10 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1,2 +1 @@
-DIST pjproject-2.10.tar.gz 8768705 BLAKE2B
42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa
SHA512
a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893
DIST pjproject-2.12.1.tar.gz 9660659 BLAKE2B
d893f22d995c9570e4003f80adf15144cf39e09d5843a88e3a616a529a91164ec7b012ea66ede8d55bfe4ec0dc4eca7d230f07fc66f06dfafaea9d5ff72910fa
SHA512
9087456024b8886e56660cebc45c7093b3b91cd6b08a3926fa2c0de452989ac84ceb4e27413c0311bde95f271341ee44d9681f81f83602a4e16151f1831d773b
diff --git
a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
deleted file mode 100644
index 0d7df686a157..
---
a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 67e46c1ac45ad784db5b9080f5ed8b133c122872 Mon Sep 17 00:00:00 2001
-From: sauwming
-Date: Mon, 8 Mar 2021 17:39:36 +0800
-Subject: [PATCH] Merge pull request from GHSA-8hcp-hm38-mfph
-
-* Check hostname during TLS transport selection
-
-* revision based on feedback
-
-* remove the code in create_request that has been moved
- pjsip/include/pjsip/sip_dialog.h | 1 +
- pjsip/src/pjsip/sip_dialog.c | 15 +++
- pjsip/src/pjsip/sip_transport.c | 13 +
- pjsip/src/pjsip/sip_util.c | 11 ---
- 4 files changed, 37 insertions(+), 3 deletions(-)
-
-diff --git a/pjsip/include/pjsip/sip_dialog.h
b/pjsip/include/pjsip/sip_dialog.h
-index a0214d28c..e314c2ece 100644
a/pjsip/include/pjsip/sip_dialog.h
-+++ b/pjsip/include/pjsip/sip_dialog.h
-@@ -165,6 +165,7 @@ struct pjsip_dialog
- pjsip_route_hdr route_set; /**< Route set. */
- pj_bool_t route_set_frozen; /**< Route set has been set. */
- pjsip_auth_clt_sess auth_sess; /**< Client authentication session.
*/
-+pj_str_t initial_dest;/**< Initial destination host. */
-
- /** Session counter. */
- int sess_count; /**< Number of sessions.
*/
-diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c
-index 27530e4f2..9571b5a35 100644
a/pjsip/src/pjsip/sip_dialog.c
-+++ b/pjsip/src/pjsip/sip_dialog.c
-@@ -467,6 +467,10 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua,
-
- /* Save the remote info. */
- pj_strdup(dlg->pool, >remote.info_str, );
-+
-+/* Save initial destination host from transport's info */
-+pj_strdup(dlg->pool, >initial_dest,
-+>tp_info.transport->remote_name.host);
-
-
- /* Init remote's contact from Contact header.
-@@ -1192,6 +1196,12 @@ static pj_status_t dlg_create_request_throw(
pjsip_dialog *dlg,
- return status;
- }
-
-+/* Copy the initial destination host to tdata. This information can be
-+ * used later by transport for transport selection.
-+ */
-+if (dlg->initial_dest.slen)
-+ pj_strdup(tdata->pool, >dest_info.name, >initial_dest);
-+
- /* Done. */
- *p_tdata = tdata;
-
-@@ -1822,6 +1832,11 @@ static void dlg_update_routeset(pjsip_dialog *dlg,
const pjsip_rx_data *rdata)
- * transaction as the initial transaction that establishes dialog.
- */
- if (dlg->role == PJSIP_ROLE_UAC) {
-+ /* Save initial destination host from transport's info. */
-+ if
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 9a59fa196adc0c98fbb19d56533e107ef1625b43 Author: Jaco Kroon uls co za> AuthorDate: Mon Jun 27 21:42:02 2022 + Commit: Sam James gentoo org> CommitDate: Wed Jul 13 08:00:49 2022 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a59fa19 net-libs/pjproject: rev bump to update config_site.h. Straight to stable: This fixes major usability problems in 2.10 revisions of pjproject, and asterisk 18.* depends on this (already stable). This brings in updates from newer versions of asterisk. Note that USE=ipv6 gets dropped as flipping this causes ABI breakage, and the way in which this was done could cause ABI issues as it was. Since there are no extra dependencies, just remove the USE flag completely. Also introduce _pj_ functions in the ebuild itself to manipulate the way in which ./configure is used (pjproject generally enables everything it can find dependencies for, and passing --enable-XXX generally ends up having the same effect as --disable ...). PENDING: ISUE=srtp. Asterisk has patches but I don't want to figure that out at this stage. Bug: https://bugs.gentoo.org/834491 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Jaco Kroon uls.co.za> Signed-off-by: Sam James gentoo.org> .../pjproject/files/pjproject-2.12.1-config_site.h | 97 ++ ...ct-2.12.1.ebuild => pjproject-2.12.1-r1.ebuild} | 29 +-- 2 files changed, 119 insertions(+), 7 deletions(-) diff --git a/net-libs/pjproject/files/pjproject-2.12.1-config_site.h b/net-libs/pjproject/files/pjproject-2.12.1-config_site.h new file mode 100644 index ..37d094e24bbc --- /dev/null +++ b/net-libs/pjproject/files/pjproject-2.12.1-config_site.h @@ -0,0 +1,97 @@ +/* + * Based off of the Asterisk config_site.h file. + * + * In general it's the same with some removals due to being ebuild-managed. + */ + +#include + +#define GENTOO_INVALID (Gentoo compile failure - please report a bug on bugs.gentoo.org) + +/* asterisk_malloc_debug.h is not required ... most of the operations are no-ops regardless + * and I can't see why asterisk is looking to compile this directly into pjproject */ + +/* + * Defining PJMEDIA_HAS_SRTP to 0 does NOT disable Asterisk's ability to use srtp. + * It only disables the pjmedia srtp transport which Asterisk doesn't use. + * The reason for the disable is that while Asterisk works fine with older libsrtp + * versions, newer versions of pjproject won't compile with them. + * + * Disabling this depends on an additional pjproject patch. So just leave it + * enabled for the time being, as it has always been enabled. + */ +#define PJMEDIA_HAS_SRTP 1 + +/* Ability to change this has ABI implications, force it on */ +/* Can be reconsidered in future: https://bugs.gentoo.org/680496 */ +#define PJ_HAS_IPV6 1 + +#define PJ_MAX_HOSTNAME (256) +#define PJSIP_MAX_URL_SIZE (512) +#ifdef PJ_HAS_LINUX_EPOLL +#define PJ_IOQUEUE_MAX_HANDLES (5000) +#else +#define PJ_IOQUEUE_MAX_HANDLES (FD_SETSIZE) +#endif +#define PJ_IOQUEUE_HAS_SAFE_UNREG 1 +#define PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL (16) + +#define PJ_SCANNER_USE_BITWISE 0 +#define PJ_OS_HAS_CHECK_STACK 0 + +#ifndef PJ_LOG_MAX_LEVEL +#define PJ_LOG_MAX_LEVEL 6 +#endif + +#define PJ_ENABLE_EXTRA_CHECK 1 +#define PJSIP_MAX_TSX_COUNT((64*1024)-1) +#define PJSIP_MAX_DIALOG_COUNT ((64*1024)-1) +#define PJSIP_UDP_SO_SNDBUF_SIZE (512*1024) +#define PJSIP_UDP_SO_RCVBUF_SIZE (512*1024) +#define PJ_DEBUG 0 +#define PJSIP_SAFE_MODULE 0 +#define PJ_HAS_STRICMP_ALNUM 0 + +/* + * Do not ever enable PJ_HASH_USE_OWN_TOLOWER because the algorithm is + * inconsistently used when calculating the hash value and doesn't + * convert the same characters as pj_tolower()/tolower(). Thus you + * can get different hash values if the string hashed has certain + * characters in it. (ASCII '@', '[', '\\', ']', '^', and '_') + */ +#undef PJ_HASH_USE_OWN_TOLOWER + +/* + It is imperative that PJSIP_UNESCAPE_IN_PLACE remain 0 or undefined. + Enabling it will result in SEGFAULTS when URIs containing escape sequences are encountered. +*/ +#undef PJSIP_UNESCAPE_IN_PLACE +#define PJSIP_MAX_PKT_LEN 65535 + +#undef PJ_TODO +#define PJ_TODO(x) + +/* Defaults too low for WebRTC */ +#define PJ_ICE_MAX_CAND 64 +#define PJ_ICE_MAX_CHECKS (PJ_ICE_MAX_CAND * PJ_ICE_MAX_CAND) + +/* Increase limits to allow more formats */ +#definePJMEDIA_MAX_SDP_FMT 64 +#definePJMEDIA_MAX_SDP_BANDW 4 +#definePJMEDIA_MAX_SDP_ATTR (PJMEDIA_MAX_SDP_FMT*3 + 4) +#definePJMEDIA_MAX_SDP_MEDIA 16 + +/* + * Turn off the periodic sending of CRLNCRLN. Default is on (90 seconds), + * which conflicts with the global section's keep_alive_interval option in + * pjsip.conf. + */ +#define PJSIP_TCP_KEEP_ALIVE_INTERVAL 0 +#define PJSIP_TLS_KEEP_ALIVE_INTERVAL 0 + +#define PJSIP_TSX_UAS_CONTINUE_ON_TP_ERROR 0 +#define
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 74bc4476b50218718af7c43038176f1d69c50e61
Author: Jaco Kroon uls co za>
AuthorDate: Sat Jul 24 08:36:57 2021 +
Commit: Joonas Niilola gentoo org>
CommitDate: Wed Jun 15 13:32:11 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74bc4476
net-libs/pjproject: Version 2.12.1.
Upstream release.
Remove the need for custom patches (which is still required but no
longer applies, instead, rely on ./configure detecting openssl, we do
depend on it, and only --disable-ssl works, passing --enable-ssl also
effectively disables ssl).
Compile tested asterisk 13, 16 and 18 (in-tree versions) against this.
Would appreciate a double-check on this one. One version from each is
sufficient.
Since the two libraries that were the target of parallel build failures
are now one, I believe the parallel build issue is fixed too.
Included patch for CVE-2022-31031
Closes: https://bugs.gentoo.org/833765
Closes: https://bugs.gentoo.org/817803
Closes: https://bugs.gentoo.org/808099
Closes: https://bugs.gentoo.org/834491
Bug: https://bugs.gentoo.org/803614
Bug: https://bugs.gentoo.org/765799
Bug: https://bugs.gentoo.org/829894
Package-Manager: Portage-3.0.20, Repoman-3.0.2
Signed-off-by: Jaco Kroon uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/21761
Signed-off-by: Joonas Niilola gentoo.org>
net-libs/pjproject/Manifest| 1 +
.../files/pjproject-2.12.1-CVE-2022-31031.patch| 41 +++
net-libs/pjproject/pjproject-2.12.1.ebuild | 125 +
3 files changed, 167 insertions(+)
diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index 048f8a59e96f..b0c9fcafc2b1 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1 +1,2 @@
DIST pjproject-2.10.tar.gz 8768705 BLAKE2B
42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa
SHA512
a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893
+DIST pjproject-2.12.1.tar.gz 9660659 BLAKE2B
d893f22d995c9570e4003f80adf15144cf39e09d5843a88e3a616a529a91164ec7b012ea66ede8d55bfe4ec0dc4eca7d230f07fc66f06dfafaea9d5ff72910fa
SHA512
9087456024b8886e56660cebc45c7093b3b91cd6b08a3926fa2c0de452989ac84ceb4e27413c0311bde95f271341ee44d9681f81f83602a4e16151f1831d773b
diff --git a/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch
b/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch
new file mode 100644
index ..637b7f374ffc
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch
@@ -0,0 +1,41 @@
+From 450baca94f475345542c6953832650c390889202 Mon Sep 17 00:00:00 2001
+From: sauwming
+Date: Tue, 7 Jun 2022 12:00:13 +0800
+Subject: [PATCH] Merge pull request from GHSA-26j7-ww69-c4qj
+
+---
+ pjlib-util/src/pjlib-util/stun_simple.c | 7 ++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/pjlib-util/src/pjlib-util/stun_simple.c
b/pjlib-util/src/pjlib-util/stun_simple.c
+index 722519584..d0549176d 100644
+--- a/pjlib-util/src/pjlib-util/stun_simple.c
b/pjlib-util/src/pjlib-util/stun_simple.c
+@@ -54,6 +54,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t
buf_len,
+ {
+ pj_uint16_t msg_type, msg_len;
+ char *p_attr;
++int attr_max_cnt = PJ_ARRAY_SIZE(msg->attr);
+
+ PJ_CHECK_STACK();
+
+@@ -83,7 +84,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t
buf_len,
+ msg->attr_count = 0;
+ p_attr = (char*)buf + sizeof(pjstun_msg_hdr);
+
+-while (msg_len > 0) {
++while (msg_len > 0 && msg->attr_count < attr_max_cnt) {
+ pjstun_attr_hdr **attr = >attr[msg->attr_count];
+ pj_uint32_t len;
+ pj_uint16_t attr_type;
+@@ -111,6 +112,10 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf,
pj_size_t buf_len,
+ p_attr += len;
+ ++msg->attr_count;
+ }
++if (msg->attr_count == attr_max_cnt) {
++ PJ_LOG(4, (THIS_FILE, "Warning: max number attribute %d reached.",
++ attr_max_cnt));
++}
+
+ return PJ_SUCCESS;
+ }
diff --git a/net-libs/pjproject/pjproject-2.12.1.ebuild
b/net-libs/pjproject/pjproject-2.12.1.ebuild
new file mode 100644
index ..7571fc933d02
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.12.1.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://www.pjsip.org/;
+SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 93f6d97e4bd66daa168e1790f8cb3b8086854bd1
Author: Jaco Kroon uls co za>
AuthorDate: Fri Jul 23 05:10:18 2021 +
Commit: Joonas Niilola gentoo org>
CommitDate: Fri Jul 23 07:24:58 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93f6d97e
net-libs/pjproject: sec bump
Upstream not releasing new version, so just bring in the patch to -r2.
This addresses AST-2021-009 for
Closes: https://bugs.gentoo.org/803440
Package-Manager: Portage-3.0.20, Repoman-3.0.2
Signed-off-by: Jaco Kroon uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/21752
Signed-off-by: Joonas Niilola gentoo.org>
...21-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch | 289 +
net-libs/pjproject/pjproject-2.10-r2.ebuild| 125 +
2 files changed, 414 insertions(+)
diff --git
a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
new file mode 100644
index 000..ba31cf19eda
--- /dev/null
+++
b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
@@ -0,0 +1,289 @@
+From d5f95aa066f878b0aef6a64e60b61e8626e664cd Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin
+Date: Fri, 23 Jul 2021 10:49:21 +0700
+Subject: [PATCH] Merge pull request from GHSA-cv8x-p47p-99wr
+
+* - Avoid SSL socket parent/listener getting destroyed during handshake by
increasing parent's reference count.
+- Add missing SSL socket close when the newly accepted SSL socket is discarded
in SIP TLS transport.
+
+* - Fix silly mistake: accepted active socket created without group lock in
SSL socket.
+- Replace assertion with normal validation check of SSL socket instance in
OpenSSL verification callback (verify_cb()) to avoid crash, e.g: if somehow
race condition with SSL socket destroy happens or OpenSSL application data
index somehow gets corrupted.
+---
+ pjlib/src/pj/ssl_sock_imp_common.c | 47 +
+ pjlib/src/pj/ssl_sock_ossl.c| 45 ++-
+ pjsip/src/pjsip/sip_transport_tls.c | 23 +-
+ 3 files changed, 95 insertions(+), 20 deletions(-)
+
+diff --git a/pjlib/src/pj/ssl_sock_imp_common.c
b/pjlib/src/pj/ssl_sock_imp_common.c
+index 025832da4..24533b397 100644
+--- a/pjlib/src/pj/ssl_sock_imp_common.c
b/pjlib/src/pj/ssl_sock_imp_common.c
+@@ -255,6 +255,8 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t
*ssock,
+
+ /* Accepting */
+ if (ssock->is_server) {
++ pj_bool_t ret = PJ_TRUE;
++
+ if (status != PJ_SUCCESS) {
+ /* Handshake failed in accepting, destroy our self silently. */
+
+@@ -272,6 +274,12 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t
*ssock,
+ status);
+ }
+
++ /* Decrement ref count of parent */
++ if (ssock->parent->param.grp_lock) {
++ pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
++ ssock->parent = NULL;
++ }
++
+ /* Originally, this is a workaround for ticket #985. However,
+* a race condition may occur in multiple worker threads
+* environment when we are destroying SSL objects while other
+@@ -315,23 +323,29 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t
*ssock,
+
+ return PJ_FALSE;
+ }
++
+ /* Notify application the newly accepted SSL socket */
+ if (ssock->param.cb.on_accept_complete2) {
+- pj_bool_t ret;
+ ret = (*ssock->param.cb.on_accept_complete2)
+ (ssock->parent, ssock, (pj_sockaddr_t*)>rem_addr,
+ pj_sockaddr_get_len((pj_sockaddr_t*)>rem_addr),
+ status);
+- if (ret == PJ_FALSE)
+- return PJ_FALSE;
+ } else if (ssock->param.cb.on_accept_complete) {
+- pj_bool_t ret;
+ ret = (*ssock->param.cb.on_accept_complete)
+ (ssock->parent, ssock, (pj_sockaddr_t*)>rem_addr,
+ pj_sockaddr_get_len((pj_sockaddr_t*)>rem_addr));
+- if (ret == PJ_FALSE)
+- return PJ_FALSE;
+ }
++
++ /* Decrement ref count of parent and reset parent (we don't need it
++ * anymore, right?).
++ */
++ if (ssock->parent->param.grp_lock) {
++ pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
++ ssock->parent = NULL;
++ }
++
++ if (ret == PJ_FALSE)
++ return PJ_FALSE;
+ }
+
+ /* Connecting */
+@@ -930,9 +944,13 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t
*ssock_parent,
+ if (status != PJ_SUCCESS)
+ goto on_return;
+
++/* Set parent and add ref count (avoid parent destroy during handshake) */
++ssock->parent = ssock_parent;
++if (ssock->parent->param.grp_lock)
++ pj_grp_lock_add_ref(ssock->parent->param.grp_lock);
++
+
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/
commit: af2f59d44940bf6003439830f1ee36f57a1d6363
Author: Michael Mair-Keimberger levelnine at>
AuthorDate: Fri Mar 26 16:10:24 2021 +
Commit: Conrad Kostecki gentoo org>
CommitDate: Fri Mar 26 18:32:07 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af2f59d4
net-libs/pjproject: remove unused patches
Closes: https://github.com/gentoo/gentoo/pull/20129
Package-Manager: Portage-3.0.17, Repoman-3.0.2
Signed-off-by: Michael Mair-Keimberger levelnine.at>
Signed-off-by: Conrad Kostecki gentoo.org>
.../pjproject/files/pjproject-2.7.2-libressl.patch | 98
.../files/pjproject-2.7.2-ssl-flipflop.patch | 103 -
2 files changed, 201 deletions(-)
diff --git a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch
b/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch
deleted file mode 100644
index 07efa9ccb8f..000
--- a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-Index: /third_party/srtp/crypto/hash/hmac_ossl.c
-===
/third_party/srtp/crypto/hash/hmac_ossl.c (revision 5725)
-+++ /third_party/srtp/crypto/hash/hmac_ossl.c (revision 5726)
-@@ -52,6 +52,8 @@
- #include
- #include
-+#include
-
- #define SHA1_DIGEST_SIZE 20
-+#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER))
-
- /* the debug module for authentiation */
-@@ -77,5 +79,5 @@
- /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
-using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x1010L
- {
- /* allocate memory for auth and HMAC_CTX structures */
-@@ -122,5 +124,5 @@
- hmac_ctx = (HMAC_CTX*)a->state;
-
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x1010L
- HMAC_CTX_cleanup(hmac_ctx);
-
-Index: /pjlib/src/pj/ssl_sock_ossl.c
-===
/pjlib/src/pj/ssl_sock_ossl.c (revision 5725)
-+++ /pjlib/src/pj/ssl_sock_ossl.c (revision 5726)
-@@ -56,6 +56,10 @@
- #include
- #include
--
--#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#include
-+
-+#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER))
-+
-+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
-+ && OPENSSL_VERSION_NUMBER >= 0x1000200fL
-
- # include
-@@ -115,5 +119,5 @@
-
-
--#if OPENSSL_VERSION_NUMBER >= 0x1010L
-+#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x1010L
- # define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */
- # define M_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
-@@ -539,5 +543,5 @@
-
- /* Init OpenSSL lib */
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x1010L
- SSL_library_init();
- SSL_load_error_strings();
-@@ -560,5 +564,7 @@
- const char *cname;
-
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\
-+|| OPENSSL_VERSION_NUMBER < 0x1010L
-+
- meth = (SSL_METHOD*)SSLv23_server_method();
- if (!meth)
-@@ -603,5 +609,6 @@
- SSL_set_session(ssl, SSL_SESSION_new());
-
--#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
-+&& OPENSSL_VERSION_NUMBER >= 0x1000200fL
- openssl_curves_num = SSL_get_shared_curve(ssl,-1);
- if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves))
-@@ -795,5 +802,6 @@
-
- /* Determine SSL method to use */
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\
-+|| OPENSSL_VERSION_NUMBER < 0x1010L
- switch (ssock->param.proto) {
- case PJ_SSL_SOCK_PROTO_TLS1:
-@@ -1232,5 +1240,6 @@
- static pj_status_t set_curves_list(pj_ssl_sock_t *ssock)
- {
--#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
-+&& OPENSSL_VERSION_NUMBER >= 0x1000200fL
- int ret;
- int curves[PJ_SSL_SOCK_MAX_CURVES];
-@@ -1263,5 +1272,5 @@
- static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x1000200fL
- int ret;
-
diff --git a/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
deleted file mode 100644
index c984bc62962..000
--- a/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
+++ /dev/null
@@ -1,103 +0,0 @@
pjproject-2.7.1.ORIG/aconfigure.ac 2018-02-06 11:34:20.973411193 +
-+++ pjproject-2.7.1/aconfigure.ac 2018-02-06 13:33:31.525015674 +
-@@ -1551,57 +1551,56 @@
- enable_ssl=no
- fi
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 69e63f7c831f2a585cd34cb74a3f8bbff901f798
Author: Jaco Kroon uls co za>
AuthorDate: Thu Mar 11 07:34:54 2021 +
Commit: Sam James gentoo org>
CommitDate: Thu Mar 11 08:19:44 2021 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69e63f7c
net-libs/pjproject: security rev bump to 2.10-r1
Upstream didn't release a new version as one would expect. Instead
patches are applied locally.
Also add subslot because they are equally good at maintaining ABI
compatibility, and SONAME is never updated, thus we need to be able to
depend on subslots to rebuild (preserved-rebuild is no good).
Bug: https://bugs.gentoo.org/775359
Bug: https://bugs.gentoo.org/775353
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Jaco Kroon uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/19876
Signed-off-by: Sam James gentoo.org>
...ct-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 +
...-CVE-2021-21375-negotiation-failure-crash.patch | 45
...ion-between-transport-destroy-and-acquire.patch | 108 ++
net-libs/pjproject/pjproject-2.10-r1.ebuild| 125 +
4 files changed, 403 insertions(+)
diff --git
a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
new file mode 100644
index 000..0d7df686a15
--- /dev/null
+++
b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
@@ -0,0 +1,125 @@
+From 67e46c1ac45ad784db5b9080f5ed8b133c122872 Mon Sep 17 00:00:00 2001
+From: sauwming
+Date: Mon, 8 Mar 2021 17:39:36 +0800
+Subject: [PATCH] Merge pull request from GHSA-8hcp-hm38-mfph
+
+* Check hostname during TLS transport selection
+
+* revision based on feedback
+
+* remove the code in create_request that has been moved
+---
+ pjsip/include/pjsip/sip_dialog.h | 1 +
+ pjsip/src/pjsip/sip_dialog.c | 15 +++
+ pjsip/src/pjsip/sip_transport.c | 13 +
+ pjsip/src/pjsip/sip_util.c | 11 ---
+ 4 files changed, 37 insertions(+), 3 deletions(-)
+
+diff --git a/pjsip/include/pjsip/sip_dialog.h
b/pjsip/include/pjsip/sip_dialog.h
+index a0214d28c..e314c2ece 100644
+--- a/pjsip/include/pjsip/sip_dialog.h
b/pjsip/include/pjsip/sip_dialog.h
+@@ -165,6 +165,7 @@ struct pjsip_dialog
+ pjsip_route_hdr route_set; /**< Route set. */
+ pj_bool_t route_set_frozen; /**< Route set has been set. */
+ pjsip_auth_clt_sess auth_sess; /**< Client authentication session.
*/
++pj_str_t initial_dest;/**< Initial destination host. */
+
+ /** Session counter. */
+ int sess_count; /**< Number of sessions.
*/
+diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c
+index 27530e4f2..9571b5a35 100644
+--- a/pjsip/src/pjsip/sip_dialog.c
b/pjsip/src/pjsip/sip_dialog.c
+@@ -467,6 +467,10 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua,
+
+ /* Save the remote info. */
+ pj_strdup(dlg->pool, >remote.info_str, );
++
++/* Save initial destination host from transport's info */
++pj_strdup(dlg->pool, >initial_dest,
++>tp_info.transport->remote_name.host);
+
+
+ /* Init remote's contact from Contact header.
+@@ -1192,6 +1196,12 @@ static pj_status_t dlg_create_request_throw(
pjsip_dialog *dlg,
+ return status;
+ }
+
++/* Copy the initial destination host to tdata. This information can be
++ * used later by transport for transport selection.
++ */
++if (dlg->initial_dest.slen)
++ pj_strdup(tdata->pool, >dest_info.name, >initial_dest);
++
+ /* Done. */
+ *p_tdata = tdata;
+
+@@ -1822,6 +1832,11 @@ static void dlg_update_routeset(pjsip_dialog *dlg,
const pjsip_rx_data *rdata)
+ * transaction as the initial transaction that establishes dialog.
+ */
+ if (dlg->role == PJSIP_ROLE_UAC) {
++ /* Save initial destination host from transport's info. */
++ if (!dlg->initial_dest.slen) {
++ pj_strdup(dlg->pool, >initial_dest,
++>tp_info.transport->remote_name.host);
++ }
+
+ /* Ignore subsequent request from remote */
+ if (msg->type != PJSIP_RESPONSE_MSG)
+diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
+index bef6d24fe..177274b08 100644
+--- a/pjsip/src/pjsip/sip_transport.c
b/pjsip/src/pjsip/sip_transport.c
+@@ -2335,6 +2335,19 @@ PJ_DEF(pj_status_t)
pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
+ if (!tp_iter->tp->is_shutdown &&
+ !tp_iter->tp->is_destroying)
+ {
++ if ((type & PJSIP_TRANSPORT_SECURE) && tdata) {
++ /* For secure transport, make sure tdata's
++ * destination host
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 6bc5649ec449bd87fb1be521cd55ce273c6f2c02 Author: Jaco Kroon uls co za> AuthorDate: Tue Dec 29 05:44:55 2020 + Commit: Sam James gentoo org> CommitDate: Mon Jan 4 16:32:47 2021 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bc5649e net-libs/pjproject: drop old versions. Bug: https://bugs.gentoo.org/70 Signed-off-by: Jaco Kroon uls.co.za> Signed-off-by: Sam James gentoo.org> net-libs/pjproject/Manifest| 1 - .../files/pjproject-2.7.1-ssl-flipflop.patch | 103 --- net-libs/pjproject/pjproject-2.7.1-r1.ebuild | 110 - 3 files changed, 214 deletions(-) diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest index 3f48fc752d5..5d10ffe7549 100644 --- a/net-libs/pjproject/Manifest +++ b/net-libs/pjproject/Manifest @@ -1,4 +1,3 @@ DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893 -DIST pjproject-2.7.1.tar.bz2 4880007 BLAKE2B 33fca89f07abc0b9662b1070c96b903c236a60149734755286dad3111411dbeef5779077a77d21112be6db2957cb7e18c5c833b3c5fd32c26be44d4550fb215e SHA512 cd15afee2a02659668ff228b2652d2bd179393e3b5031afae1c326354fb9676babc08eb689e466165536abc360684299b4fdb41dbb1148aed89afe1ce7e5d979 DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7 SHA512 3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd DIST pjproject-2.9.tar.bz2 5009546 BLAKE2B 853f86e57c0f58943e977856bebc7dc20684ac4a6a16a55f3fe4ddf58ca58187bdc1011c5df2bc72de690f1695484012b582e56dd0e88a624ef319a5f3623772 SHA512 a65823a86ad0cd76890cf7dd2485f7547fd90aea2ef631c5420c009b35f39eda3b78551a42fc2816c2470de9eb728c26497774a8494824472ecaa1d2889cc20b diff --git a/net-libs/pjproject/files/pjproject-2.7.1-ssl-flipflop.patch b/net-libs/pjproject/files/pjproject-2.7.1-ssl-flipflop.patch deleted file mode 100644 index fd1dc5caa1e..000 --- a/net-libs/pjproject/files/pjproject-2.7.1-ssl-flipflop.patch +++ /dev/null @@ -1,103 +0,0 @@ pjproject-2.7.1.ORIG/aconfigure.ac 2018-02-06 11:34:20.973411193 + -+++ pjproject-2.7.1/aconfigure.ac 2018-02-06 13:33:31.525015674 + -@@ -1551,57 +1551,56 @@ - enable_ssl=no - fi - --dnl # Include SSL support -+dnl # Correct --enable vs --disable SSL flipflop logic - AC_SUBST(ac_no_ssl) - AC_SUBST(ac_ssl_has_aes_gcm,0) - AC_ARG_ENABLE(ssl, - AS_HELP_STRING([--disable-ssl], -[Exclude SSL support the build (default: autodetect)]) --, --[ -- if test "$enable_ssl" = "no"; then -- [ac_no_ssl=1] -- AC_MSG_RESULT([Checking if SSL support is disabled... yes]) -- fi --], --[ -- AC_MSG_RESULT([checking for OpenSSL installations..]) --if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then --CFLAGS="$CFLAGS -I$with_ssl/include" --LDFLAGS="$LDFLAGS -L$with_ssl/lib" --AC_MSG_RESULT([Using SSL prefix... $with_ssl]) --fi -- AC_SUBST(openssl_h_present) -- AC_SUBST(libssl_present) -- AC_SUBST(libcrypto_present) -- AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1]) -- AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"]) -- AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"]) -- if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then -- AC_MSG_RESULT([OpenSSL library found, SSL support enabled]) -- -- # Check if SRTP should be compiled with OpenSSL -- # support, to enable cryptos such as AES GCM. -- -- # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type. -- # Update 2.7: our bundled libsrtp has been upgraded to 2.1.0, -- # so we can omit EVP_CIPHER_CTX definition check now. -- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], --[EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])], -- [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])]) -- if test "x$ac_ssl_has_aes_gcm" = "x1"; then --
[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
commit: 32c60bef3d0f71430417a985ce11ba3a1108ece4 Author: Tony Vroon gentoo org> AuthorDate: Wed Mar 14 09:17:32 2018 + Commit: Tony Vroon gentoo org> CommitDate: Wed Mar 14 09:17:32 2018 + URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32c60bef net-libs/pjproject: Version bump to 2.7.2 Fixed SSL flipflop logic by Felix Janda replaces my own failed first attempt. Upstream has two security fixes around malformed SDP, a crash due to an invalid ftmp attribute and a crash due to an invalid media format description. Package-Manager: Portage-2.3.24, Repoman-2.3.6 net-libs/pjproject/Manifest| 1 + .../files/pjproject-2.7.2-ssl-flipflop.patch | 103 +++ net-libs/pjproject/pjproject-2.7.2.ebuild | 110 + 3 files changed, 214 insertions(+) diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest index f4403851ca6..12e01535ff4 100644 --- a/net-libs/pjproject/Manifest +++ b/net-libs/pjproject/Manifest @@ -1 +1,2 @@ DIST pjproject-2.7.1.tar.bz2 4880007 BLAKE2B 33fca89f07abc0b9662b1070c96b903c236a60149734755286dad3111411dbeef5779077a77d21112be6db2957cb7e18c5c833b3c5fd32c26be44d4550fb215e SHA512 cd15afee2a02659668ff228b2652d2bd179393e3b5031afae1c326354fb9676babc08eb689e466165536abc360684299b4fdb41dbb1148aed89afe1ce7e5d979 +DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7 SHA512 3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd diff --git a/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch new file mode 100644 index 000..c984bc62962 --- /dev/null +++ b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch @@ -0,0 +1,103 @@ +--- pjproject-2.7.1.ORIG/aconfigure.ac 2018-02-06 11:34:20.973411193 + pjproject-2.7.1/aconfigure.ac 2018-02-06 13:33:31.525015674 + +@@ -1551,57 +1551,56 @@ + enable_ssl=no + fi + +-dnl # Include SSL support ++dnl # Correct --enable vs --disable SSL flipflop logic + AC_SUBST(ac_no_ssl) + AC_SUBST(ac_ssl_has_aes_gcm,0) + AC_ARG_ENABLE(ssl, + AS_HELP_STRING([--disable-ssl], +[Exclude SSL support the build (default: autodetect)]) +-, +-[ +- if test "$enable_ssl" = "no"; then +- [ac_no_ssl=1] +- AC_MSG_RESULT([Checking if SSL support is disabled... yes]) +- fi +-], +-[ +- AC_MSG_RESULT([checking for OpenSSL installations..]) +-if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then +-CFLAGS="$CFLAGS -I$with_ssl/include" +-LDFLAGS="$LDFLAGS -L$with_ssl/lib" +-AC_MSG_RESULT([Using SSL prefix... $with_ssl]) +-fi +- AC_SUBST(openssl_h_present) +- AC_SUBST(libssl_present) +- AC_SUBST(libcrypto_present) +- AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1]) +- AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"]) +- AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"]) +- if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then +- AC_MSG_RESULT([OpenSSL library found, SSL support enabled]) +- +- # Check if SRTP should be compiled with OpenSSL +- # support, to enable cryptos such as AES GCM. +- +- # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type. +- # Update 2.7: our bundled libsrtp has been upgraded to 2.1.0, +- # so we can omit EVP_CIPHER_CTX definition check now. +- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include ]], +-[EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])], +- [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])]) +- if test "x$ac_ssl_has_aes_gcm" = "x1"; then +- AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL]) +- else +- AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos]) +- fi +- +- # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK +- #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1) +- AC_DEFINE(PJ_HAS_SSL_SOCK, 1) ++) ++ ++dnl # OpenSSL
