* [gentoo-commits] repo/proj/libressl:migration commit in: net-libs/pjproject/files/, net-libs/pjproject/
2021-01-26 18:17 [gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/files/, net-libs/pjproject/ Quentin Retornaz
@ 2021-01-26 0:22 ` Quentin Retornaz
0 siblings, 0 replies; 3+ messages in thread
From: Quentin Retornaz @ 2021-01-26 0:22 UTC (permalink / raw
To: gentoo-commits
commit: ac74feb8181ccba2bfdba90ca1688e54a19822aa
Author: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
AuthorDate: Sun Jan 17 19:32:53 2021 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Tue Jan 26 00:21:43 2021 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=ac74feb8
net-libs/pjproject: new package
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
net-libs/pjproject/Manifest | 1 +
.../pjproject/files/pjproject-2.7.2-libressl.patch | 98 +++++++++++++++++
.../files/pjproject-2.7.2-ssl-flipflop.patch | 103 ++++++++++++++++++
net-libs/pjproject/metadata.xml | 29 +++++
net-libs/pjproject/pjproject-2.7.2-r2.ebuild | 117 +++++++++++++++++++++
5 files changed, 348 insertions(+)
diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
new file mode 100644
index 0000000..0b9f89a
--- /dev/null
+++ b/net-libs/pjproject/Manifest
@@ -0,0 +1 @@
+DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7 SHA512 3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd
diff --git a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch b/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch
new file mode 100644
index 0000000..07efa9c
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch
@@ -0,0 +1,98 @@
+Index: /third_party/srtp/crypto/hash/hmac_ossl.c
+===================================================================
+--- /third_party/srtp/crypto/hash/hmac_ossl.c (revision 5725)
++++ /third_party/srtp/crypto/hash/hmac_ossl.c (revision 5726)
+@@ -52,6 +52,8 @@
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
++#include <openssl/opensslv.h>
+
+ #define SHA1_DIGEST_SIZE 20
++#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER))
+
+ /* the debug module for authentiation */
+@@ -77,5 +79,5 @@
+ /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
+ using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x10100000L
+ {
+ /* allocate memory for auth and HMAC_CTX structures */
+@@ -122,5 +124,5 @@
+ hmac_ctx = (HMAC_CTX*)a->state;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x10100000L
+ HMAC_CTX_cleanup(hmac_ctx);
+
+Index: /pjlib/src/pj/ssl_sock_ossl.c
+===================================================================
+--- /pjlib/src/pj/ssl_sock_ossl.c (revision 5725)
++++ /pjlib/src/pj/ssl_sock_ossl.c (revision 5726)
+@@ -56,6 +56,10 @@
+ #include <openssl/rand.h>
+ #include <openssl/opensslconf.h>
+-
+-#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#include <openssl/opensslv.h>
++
++#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER))
++
++#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
++ && OPENSSL_VERSION_NUMBER >= 0x1000200fL
+
+ # include <openssl/obj_mac.h>
+@@ -115,5 +119,5 @@
+
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x10100000L
+ # define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */
+ # define M_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
+@@ -539,5 +543,5 @@
+
+ /* Init OpenSSL lib */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL_library_init();
+ SSL_load_error_strings();
+@@ -560,5 +564,7 @@
+ const char *cname;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\
++ || OPENSSL_VERSION_NUMBER < 0x10100000L
++
+ meth = (SSL_METHOD*)SSLv23_server_method();
+ if (!meth)
+@@ -603,5 +609,6 @@
+ SSL_set_session(ssl, SSL_SESSION_new());
+
+-#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
++ && OPENSSL_VERSION_NUMBER >= 0x1000200fL
+ openssl_curves_num = SSL_get_shared_curve(ssl,-1);
+ if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves))
+@@ -795,5 +802,6 @@
+
+ /* Determine SSL method to use */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\
++ || OPENSSL_VERSION_NUMBER < 0x10100000L
+ switch (ssock->param.proto) {
+ case PJ_SSL_SOCK_PROTO_TLS1:
+@@ -1232,5 +1240,6 @@
+ static pj_status_t set_curves_list(pj_ssl_sock_t *ssock)
+ {
+-#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
++ && OPENSSL_VERSION_NUMBER >= 0x1000200fL
+ int ret;
+ int curves[PJ_SSL_SOCK_MAX_CURVES];
+@@ -1263,5 +1272,5 @@
+ static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x1000200fL
+ int ret;
+
diff --git a/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
new file mode 100644
index 0000000..c984bc6
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
@@ -0,0 +1,103 @@
+--- pjproject-2.7.1.ORIG/aconfigure.ac 2018-02-06 11:34:20.973411193 +0000
++++ pjproject-2.7.1/aconfigure.ac 2018-02-06 13:33:31.525015674 +0000
+@@ -1551,57 +1551,56 @@
+ enable_ssl=no
+ fi
+
+-dnl # Include SSL support
++dnl # Correct --enable vs --disable SSL flipflop logic
+ AC_SUBST(ac_no_ssl)
+ AC_SUBST(ac_ssl_has_aes_gcm,0)
+ AC_ARG_ENABLE(ssl,
+ AS_HELP_STRING([--disable-ssl],
+ [Exclude SSL support the build (default: autodetect)])
+- ,
+- [
+- if test "$enable_ssl" = "no"; then
+- [ac_no_ssl=1]
+- AC_MSG_RESULT([Checking if SSL support is disabled... yes])
+- fi
+- ],
+- [
+- AC_MSG_RESULT([checking for OpenSSL installations..])
+- if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
+- CFLAGS="$CFLAGS -I$with_ssl/include"
+- LDFLAGS="$LDFLAGS -L$with_ssl/lib"
+- AC_MSG_RESULT([Using SSL prefix... $with_ssl])
+- fi
+- AC_SUBST(openssl_h_present)
+- AC_SUBST(libssl_present)
+- AC_SUBST(libcrypto_present)
+- AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
+- AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
+- AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
+- if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
+- AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
+-
+- # Check if SRTP should be compiled with OpenSSL
+- # support, to enable cryptos such as AES GCM.
+-
+- # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
+- # Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
+- # so we can omit EVP_CIPHER_CTX definition check now.
+- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
+- [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
+- [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
+- if test "x$ac_ssl_has_aes_gcm" = "x1"; then
+- AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
+- else
+- AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
+- fi
+-
+- # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
+- #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
+- AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
++)
++
++dnl # OpenSSL detection
++AC_MSG_CHECKING([OpenSSL installations])
++if test "x$enable_ssl" = "xno"; then
++ ac_no_ssl=1
++ AC_MSG_RESULT([explicitly disabled])
++else
++ if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
++ CFLAGS="$CFLAGS -I$with_ssl/include"
++ LDFLAGS="$LDFLAGS -L$with_ssl/lib"
++ AC_MSG_RESULT([Using SSL prefix... $with_ssl])
++ fi
++ AC_SUBST(openssl_h_present)
++ AC_SUBST(libssl_present)
++ AC_SUBST(libcrypto_present)
++ AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
++ AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
++ AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
++ if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
++ AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
++
++ # Check if SRTP should be compiled with OpenSSL
++ # support, to enable cryptos such as AES GCM.
++
++ # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
++ # Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
++ # so we can omit EVP_CIPHER_CTX definition check now.
++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
++ [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
++ [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
++ if test "x$ac_ssl_has_aes_gcm" = "x1"; then
++ AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
+ else
+- AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
++ AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
+ fi
+- ])
++
++ # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
++ #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
++ AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
++ else
++ AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
++ fi
++fi
+
+ dnl # Obsolete option --with-opencore-amrnb
+ AC_ARG_WITH(opencore-amrnb,
diff --git a/net-libs/pjproject/metadata.xml b/net-libs/pjproject/metadata.xml
new file mode 100644
index 0000000..ebb6d87
--- /dev/null
+++ b/net-libs/pjproject/metadata.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>jaco@uls.co.za</email>
+ <name>Jaco Kroon</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <use>
+ <flag name="amr">Inlcude AMR codec in the build</flag>
+ <flag name="epoll">Use /dev/epoll ioqueue on Linux (experimental)</flag>
+ <flag name="g711">Include G.711 codecs in the build</flag>
+ <flag name="g722">Include G.722 codec in the build</flag>
+ <flag name="g7221">Include G.722.1 codec in the build</flag>
+ <flag name="g729">Include G.729 codec via net-libs/bcg729</flag>
+ <flag name="ilbc">Include iLBC codec in the build</flag>
+ <flag name="l16">Include Linear/L16 codec family in the build</flag>
+ <flag name="libyuv">Include libyuv in the build</flag>
+ <flag name="openh264">Include Open H.264 support in the build</flag>
+ <flag name="resample">Include resampling implementations in the build</flag>
+ <flag name="silk">Include SILK support in the build</flag>
+ <flag name="v4l2">Include Video4Linux v2 support in the build</flag>
+ <flag name="vpx">Include VP8 and VP9 codec support in the build</flag>
+ <flag name="webrtc">Enable WebRTC support</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-libs/pjproject/pjproject-2.7.2-r2.ebuild b/net-libs/pjproject/pjproject-2.7.2-r2.ebuild
new file mode 100644
index 0000000..e31ed4a
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.7.2-r2.ebuild
@@ -0,0 +1,117 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://www.pjsip.org/"
+SRC_URI="https://www.pjsip.org/release/${PV}/${P}.tar.bz2"
+KEYWORDS="amd64 ~ppc x86"
+
+LICENSE="GPL-2"
+SLOT="0"
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv"
+SOUND_FLAGS="alsa oss portaudio"
+IUSE="amr debug doc epoll examples ipv6 libressl opus resample silk ssl static-libs webrtc ${CODEC_FLAGS} ${VIDEO_FLAGS} ${SOUND_FLAGS}"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-ssl-flipflop.patch
+ "${FILESDIR}"/${P}-libressl.patch
+)
+
+RDEPEND="alsa? ( media-libs/alsa-lib )
+ oss? ( media-libs/portaudio[oss] )
+ portaudio? ( media-libs/portaudio )
+
+ amr? ( media-libs/opencore-amr )
+ gsm? ( media-sound/gsm )
+ ilbc? ( media-libs/libilbc )
+ opus? ( media-libs/opus )
+ speex? ( media-libs/speexdsp )
+
+ ffmpeg? ( media-video/ffmpeg:= )
+ sdl? ( media-libs/libsdl )
+ openh264? ( media-libs/openh264 )
+ resample? ( media-libs/libsamplerate )
+
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+
+ net-libs/libsrtp:0"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ !!media-plugins/mediastreamer-bcg729"
+
+REQUIRED_USE="?? ( ${SOUND_FLAGS} )"
+
+src_prepare() {
+ default
+ rm configure || die "Unable to remove unwanted wrapper"
+ mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=()
+ local videnable="--disable-video"
+ local t
+
+ use ipv6 && append-cflags -DPJ_HAS_IPV6=1
+ use debug || append-cflags -DNDEBUG=1
+
+ for t in ${CODEC_FLAGS}; do
+ myconf+=( $(use_enable ${t} ${t}-codec) )
+ done
+
+ for t in ${VIDEO_FLAGS}; do
+ myconf+=( $(use_enable ${t}) )
+ use "${t}" && videnable="--enable-video"
+ done
+
+ econf \
+ --enable-shared \
+ --with-external-srtp \
+ ${videnable} \
+ $(use_enable epoll) \
+ $(use_with gsm external-gsm) \
+ $(use_with speex external-speex) \
+ $(use_enable speex speex-aec) \
+ $(use_enable resample) \
+ $(use_enable resample libsamplerate) \
+ $(use_enable resample resample-dll) \
+ $(use_enable alsa sound) \
+ $(use_enable oss) \
+ $(use_with portaudio external-pa) \
+ $(use_enable portaudio ext-sound) \
+ $(use_enable amr opencore-amr) \
+ $(use_enable silk) \
+ $(use_enable opus) \
+ $(use_enable ssl) \
+ $(use_enable webrtc libwebrtc) \
+ "${myconf[@]}"
+}
+
+src_compile() {
+ emake dep
+ emake
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ if use doc; then
+ dodoc README.txt README-RTEMS
+ fi
+
+ if use examples; then
+ insinto "/usr/share/doc/${PF}/examples"
+ doins -r pjsip-apps/src/samples
+ fi
+
+ use static-libs || rm "${D}/usr/$(get_libdir)/*.a"
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
@ 2021-01-26 18:17 Quentin Retornaz
2021-01-26 0:22 ` [gentoo-commits] repo/proj/libressl:migration " Quentin Retornaz
0 siblings, 1 reply; 3+ messages in thread
From: Quentin Retornaz @ 2021-01-26 18:17 UTC (permalink / raw
To: gentoo-commits
commit: ac74feb8181ccba2bfdba90ca1688e54a19822aa
Author: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
AuthorDate: Sun Jan 17 19:32:53 2021 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Tue Jan 26 00:21:43 2021 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=ac74feb8
net-libs/pjproject: new package
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
net-libs/pjproject/Manifest | 1 +
.../pjproject/files/pjproject-2.7.2-libressl.patch | 98 +++++++++++++++++
.../files/pjproject-2.7.2-ssl-flipflop.patch | 103 ++++++++++++++++++
net-libs/pjproject/metadata.xml | 29 +++++
net-libs/pjproject/pjproject-2.7.2-r2.ebuild | 117 +++++++++++++++++++++
5 files changed, 348 insertions(+)
diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
new file mode 100644
index 0000000..0b9f89a
--- /dev/null
+++ b/net-libs/pjproject/Manifest
@@ -0,0 +1 @@
+DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7 SHA512 3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd
diff --git a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch b/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch
new file mode 100644
index 0000000..07efa9c
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch
@@ -0,0 +1,98 @@
+Index: /third_party/srtp/crypto/hash/hmac_ossl.c
+===================================================================
+--- /third_party/srtp/crypto/hash/hmac_ossl.c (revision 5725)
++++ /third_party/srtp/crypto/hash/hmac_ossl.c (revision 5726)
+@@ -52,6 +52,8 @@
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
++#include <openssl/opensslv.h>
+
+ #define SHA1_DIGEST_SIZE 20
++#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER))
+
+ /* the debug module for authentiation */
+@@ -77,5 +79,5 @@
+ /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
+ using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x10100000L
+ {
+ /* allocate memory for auth and HMAC_CTX structures */
+@@ -122,5 +124,5 @@
+ hmac_ctx = (HMAC_CTX*)a->state;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x10100000L
+ HMAC_CTX_cleanup(hmac_ctx);
+
+Index: /pjlib/src/pj/ssl_sock_ossl.c
+===================================================================
+--- /pjlib/src/pj/ssl_sock_ossl.c (revision 5725)
++++ /pjlib/src/pj/ssl_sock_ossl.c (revision 5726)
+@@ -56,6 +56,10 @@
+ #include <openssl/rand.h>
+ #include <openssl/opensslconf.h>
+-
+-#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#include <openssl/opensslv.h>
++
++#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER))
++
++#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
++ && OPENSSL_VERSION_NUMBER >= 0x1000200fL
+
+ # include <openssl/obj_mac.h>
+@@ -115,5 +119,5 @@
+
+
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x10100000L
+ # define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */
+ # define M_ASN1_STRING_data(x) ASN1_STRING_get0_data(x)
+@@ -539,5 +543,5 @@
+
+ /* Init OpenSSL lib */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL_library_init();
+ SSL_load_error_strings();
+@@ -560,5 +564,7 @@
+ const char *cname;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\
++ || OPENSSL_VERSION_NUMBER < 0x10100000L
++
+ meth = (SSL_METHOD*)SSLv23_server_method();
+ if (!meth)
+@@ -603,5 +609,6 @@
+ SSL_set_session(ssl, SSL_SESSION_new());
+
+-#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
++ && OPENSSL_VERSION_NUMBER >= 0x1000200fL
+ openssl_curves_num = SSL_get_shared_curve(ssl,-1);
+ if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves))
+@@ -795,5 +802,6 @@
+
+ /* Determine SSL method to use */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\
++ || OPENSSL_VERSION_NUMBER < 0x10100000L
+ switch (ssock->param.proto) {
+ case PJ_SSL_SOCK_PROTO_TLS1:
+@@ -1232,5 +1240,6 @@
+ static pj_status_t set_curves_list(pj_ssl_sock_t *ssock)
+ {
+-#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
++ && OPENSSL_VERSION_NUMBER >= 0x1000200fL
+ int ret;
+ int curves[PJ_SSL_SOCK_MAX_CURVES];
+@@ -1263,5 +1272,5 @@
+ static pj_status_t set_sigalgs(pj_ssl_sock_t *ssock)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x1000200fL
++#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x1000200fL
+ int ret;
+
diff --git a/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
new file mode 100644
index 0000000..c984bc6
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
@@ -0,0 +1,103 @@
+--- pjproject-2.7.1.ORIG/aconfigure.ac 2018-02-06 11:34:20.973411193 +0000
++++ pjproject-2.7.1/aconfigure.ac 2018-02-06 13:33:31.525015674 +0000
+@@ -1551,57 +1551,56 @@
+ enable_ssl=no
+ fi
+
+-dnl # Include SSL support
++dnl # Correct --enable vs --disable SSL flipflop logic
+ AC_SUBST(ac_no_ssl)
+ AC_SUBST(ac_ssl_has_aes_gcm,0)
+ AC_ARG_ENABLE(ssl,
+ AS_HELP_STRING([--disable-ssl],
+ [Exclude SSL support the build (default: autodetect)])
+- ,
+- [
+- if test "$enable_ssl" = "no"; then
+- [ac_no_ssl=1]
+- AC_MSG_RESULT([Checking if SSL support is disabled... yes])
+- fi
+- ],
+- [
+- AC_MSG_RESULT([checking for OpenSSL installations..])
+- if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
+- CFLAGS="$CFLAGS -I$with_ssl/include"
+- LDFLAGS="$LDFLAGS -L$with_ssl/lib"
+- AC_MSG_RESULT([Using SSL prefix... $with_ssl])
+- fi
+- AC_SUBST(openssl_h_present)
+- AC_SUBST(libssl_present)
+- AC_SUBST(libcrypto_present)
+- AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
+- AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
+- AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
+- if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
+- AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
+-
+- # Check if SRTP should be compiled with OpenSSL
+- # support, to enable cryptos such as AES GCM.
+-
+- # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
+- # Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
+- # so we can omit EVP_CIPHER_CTX definition check now.
+- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
+- [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
+- [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
+- if test "x$ac_ssl_has_aes_gcm" = "x1"; then
+- AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
+- else
+- AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
+- fi
+-
+- # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
+- #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
+- AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
++)
++
++dnl # OpenSSL detection
++AC_MSG_CHECKING([OpenSSL installations])
++if test "x$enable_ssl" = "xno"; then
++ ac_no_ssl=1
++ AC_MSG_RESULT([explicitly disabled])
++else
++ if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
++ CFLAGS="$CFLAGS -I$with_ssl/include"
++ LDFLAGS="$LDFLAGS -L$with_ssl/lib"
++ AC_MSG_RESULT([Using SSL prefix... $with_ssl])
++ fi
++ AC_SUBST(openssl_h_present)
++ AC_SUBST(libssl_present)
++ AC_SUBST(libcrypto_present)
++ AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
++ AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
++ AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
++ if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
++ AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
++
++ # Check if SRTP should be compiled with OpenSSL
++ # support, to enable cryptos such as AES GCM.
++
++ # EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
++ # Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
++ # so we can omit EVP_CIPHER_CTX definition check now.
++ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
++ [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
++ [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
++ if test "x$ac_ssl_has_aes_gcm" = "x1"; then
++ AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
+ else
+- AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
++ AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
+ fi
+- ])
++
++ # PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
++ #AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
++ AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
++ else
++ AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
++ fi
++fi
+
+ dnl # Obsolete option --with-opencore-amrnb
+ AC_ARG_WITH(opencore-amrnb,
diff --git a/net-libs/pjproject/metadata.xml b/net-libs/pjproject/metadata.xml
new file mode 100644
index 0000000..ebb6d87
--- /dev/null
+++ b/net-libs/pjproject/metadata.xml
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <maintainer type="person">
+ <email>jaco@uls.co.za</email>
+ <name>Jaco Kroon</name>
+ </maintainer>
+ <maintainer type="project">
+ <email>proxy-maint@gentoo.org</email>
+ <name>Proxy Maintainers</name>
+ </maintainer>
+ <use>
+ <flag name="amr">Inlcude AMR codec in the build</flag>
+ <flag name="epoll">Use /dev/epoll ioqueue on Linux (experimental)</flag>
+ <flag name="g711">Include G.711 codecs in the build</flag>
+ <flag name="g722">Include G.722 codec in the build</flag>
+ <flag name="g7221">Include G.722.1 codec in the build</flag>
+ <flag name="g729">Include G.729 codec via net-libs/bcg729</flag>
+ <flag name="ilbc">Include iLBC codec in the build</flag>
+ <flag name="l16">Include Linear/L16 codec family in the build</flag>
+ <flag name="libyuv">Include libyuv in the build</flag>
+ <flag name="openh264">Include Open H.264 support in the build</flag>
+ <flag name="resample">Include resampling implementations in the build</flag>
+ <flag name="silk">Include SILK support in the build</flag>
+ <flag name="v4l2">Include Video4Linux v2 support in the build</flag>
+ <flag name="vpx">Include VP8 and VP9 codec support in the build</flag>
+ <flag name="webrtc">Enable WebRTC support</flag>
+ </use>
+</pkgmetadata>
diff --git a/net-libs/pjproject/pjproject-2.7.2-r2.ebuild b/net-libs/pjproject/pjproject-2.7.2-r2.ebuild
new file mode 100644
index 0000000..e31ed4a
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.7.2-r2.ebuild
@@ -0,0 +1,117 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://www.pjsip.org/"
+SRC_URI="https://www.pjsip.org/release/${PV}/${P}.tar.bz2"
+KEYWORDS="amd64 ~ppc x86"
+
+LICENSE="GPL-2"
+SLOT="0"
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv"
+SOUND_FLAGS="alsa oss portaudio"
+IUSE="amr debug doc epoll examples ipv6 libressl opus resample silk ssl static-libs webrtc ${CODEC_FLAGS} ${VIDEO_FLAGS} ${SOUND_FLAGS}"
+
+PATCHES=(
+ "${FILESDIR}"/${P}-ssl-flipflop.patch
+ "${FILESDIR}"/${P}-libressl.patch
+)
+
+RDEPEND="alsa? ( media-libs/alsa-lib )
+ oss? ( media-libs/portaudio[oss] )
+ portaudio? ( media-libs/portaudio )
+
+ amr? ( media-libs/opencore-amr )
+ gsm? ( media-sound/gsm )
+ ilbc? ( media-libs/libilbc )
+ opus? ( media-libs/opus )
+ speex? ( media-libs/speexdsp )
+
+ ffmpeg? ( media-video/ffmpeg:= )
+ sdl? ( media-libs/libsdl )
+ openh264? ( media-libs/openh264 )
+ resample? ( media-libs/libsamplerate )
+
+ ssl? (
+ !libressl? ( dev-libs/openssl:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+
+ net-libs/libsrtp:0"
+DEPEND="${RDEPEND}
+ virtual/pkgconfig
+ !!media-plugins/mediastreamer-bcg729"
+
+REQUIRED_USE="?? ( ${SOUND_FLAGS} )"
+
+src_prepare() {
+ default
+ rm configure || die "Unable to remove unwanted wrapper"
+ mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+ eautoreconf
+}
+
+src_configure() {
+ local myconf=()
+ local videnable="--disable-video"
+ local t
+
+ use ipv6 && append-cflags -DPJ_HAS_IPV6=1
+ use debug || append-cflags -DNDEBUG=1
+
+ for t in ${CODEC_FLAGS}; do
+ myconf+=( $(use_enable ${t} ${t}-codec) )
+ done
+
+ for t in ${VIDEO_FLAGS}; do
+ myconf+=( $(use_enable ${t}) )
+ use "${t}" && videnable="--enable-video"
+ done
+
+ econf \
+ --enable-shared \
+ --with-external-srtp \
+ ${videnable} \
+ $(use_enable epoll) \
+ $(use_with gsm external-gsm) \
+ $(use_with speex external-speex) \
+ $(use_enable speex speex-aec) \
+ $(use_enable resample) \
+ $(use_enable resample libsamplerate) \
+ $(use_enable resample resample-dll) \
+ $(use_enable alsa sound) \
+ $(use_enable oss) \
+ $(use_with portaudio external-pa) \
+ $(use_enable portaudio ext-sound) \
+ $(use_enable amr opencore-amr) \
+ $(use_enable silk) \
+ $(use_enable opus) \
+ $(use_enable ssl) \
+ $(use_enable webrtc libwebrtc) \
+ "${myconf[@]}"
+}
+
+src_compile() {
+ emake dep
+ emake
+}
+
+src_install() {
+ emake DESTDIR="${D}" install
+
+ if use doc; then
+ dodoc README.txt README-RTEMS
+ fi
+
+ if use examples; then
+ insinto "/usr/share/doc/${PF}/examples"
+ doins -r pjsip-apps/src/samples
+ fi
+
+ use static-libs || rm "${D}/usr/$(get_libdir)/*.a"
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/files/, net-libs/pjproject/
@ 2022-10-11 22:16 Quentin Retornaz
0 siblings, 0 replies; 3+ messages in thread
From: Quentin Retornaz @ 2022-10-11 22:16 UTC (permalink / raw
To: gentoo-commits
commit: 11b113dbfb44fc999f737d1718592afa62e70c4c
Author: orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Mon Oct 10 15:53:10 2022 +0000
Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
CommitDate: Tue Oct 11 22:15:44 2022 +0000
URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=11b113db
net-libs/pjproject: Remove package
Works with net-libs/pjproject-2.12.1-r1::gentoo
Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/libressl/pull/463
Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
net-libs/pjproject/Manifest | 1 -
...ct-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 ---------
...-CVE-2021-21375-negotiation-failure-crash.patch | 45 ----
...21-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch | 289 ---------------------
.../pjproject/files/pjproject-2.10-libressl.patch | 17 --
...ion-between-transport-destroy-and-acquire.patch | 108 --------
.../pjproject/files/pjproject-2.9-config_site.h | 74 ------
.../pjproject/files/pjproject-2.9-ssl-enable.patch | 100 -------
net-libs/pjproject/metadata.xml | 29 ---
net-libs/pjproject/pjproject-2.10-r2.ebuild | 126 ---------
10 files changed, 914 deletions(-)
diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
deleted file mode 100644
index 048f8a5..0000000
--- a/net-libs/pjproject/Manifest
+++ /dev/null
@@ -1 +0,0 @@
-DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893
diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
deleted file mode 100644
index 0d7df68..0000000
--- a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 67e46c1ac45ad784db5b9080f5ed8b133c122872 Mon Sep 17 00:00:00 2001
-From: sauwming <ming@teluu.com>
-Date: Mon, 8 Mar 2021 17:39:36 +0800
-Subject: [PATCH] Merge pull request from GHSA-8hcp-hm38-mfph
-
-* Check hostname during TLS transport selection
-
-* revision based on feedback
-
-* remove the code in create_request that has been moved
----
- pjsip/include/pjsip/sip_dialog.h | 1 +
- pjsip/src/pjsip/sip_dialog.c | 15 +++++++++++++++
- pjsip/src/pjsip/sip_transport.c | 13 +++++++++++++
- pjsip/src/pjsip/sip_util.c | 11 ++++++++---
- 4 files changed, 37 insertions(+), 3 deletions(-)
-
-diff --git a/pjsip/include/pjsip/sip_dialog.h b/pjsip/include/pjsip/sip_dialog.h
-index a0214d28c..e314c2ece 100644
---- a/pjsip/include/pjsip/sip_dialog.h
-+++ b/pjsip/include/pjsip/sip_dialog.h
-@@ -165,6 +165,7 @@ struct pjsip_dialog
- pjsip_route_hdr route_set; /**< Route set. */
- pj_bool_t route_set_frozen; /**< Route set has been set. */
- pjsip_auth_clt_sess auth_sess; /**< Client authentication session. */
-+ pj_str_t initial_dest;/**< Initial destination host. */
-
- /** Session counter. */
- int sess_count; /**< Number of sessions. */
-diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c
-index 27530e4f2..9571b5a35 100644
---- a/pjsip/src/pjsip/sip_dialog.c
-+++ b/pjsip/src/pjsip/sip_dialog.c
-@@ -467,6 +467,10 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua,
-
- /* Save the remote info. */
- pj_strdup(dlg->pool, &dlg->remote.info_str, &tmp);
-+
-+ /* Save initial destination host from transport's info */
-+ pj_strdup(dlg->pool, &dlg->initial_dest,
-+ &rdata->tp_info.transport->remote_name.host);
-
-
- /* Init remote's contact from Contact header.
-@@ -1192,6 +1196,12 @@ static pj_status_t dlg_create_request_throw( pjsip_dialog *dlg,
- return status;
- }
-
-+ /* Copy the initial destination host to tdata. This information can be
-+ * used later by transport for transport selection.
-+ */
-+ if (dlg->initial_dest.slen)
-+ pj_strdup(tdata->pool, &tdata->dest_info.name, &dlg->initial_dest);
-+
- /* Done. */
- *p_tdata = tdata;
-
-@@ -1822,6 +1832,11 @@ static void dlg_update_routeset(pjsip_dialog *dlg, const pjsip_rx_data *rdata)
- * transaction as the initial transaction that establishes dialog.
- */
- if (dlg->role == PJSIP_ROLE_UAC) {
-+ /* Save initial destination host from transport's info. */
-+ if (!dlg->initial_dest.slen) {
-+ pj_strdup(dlg->pool, &dlg->initial_dest,
-+ &rdata->tp_info.transport->remote_name.host);
-+ }
-
- /* Ignore subsequent request from remote */
- if (msg->type != PJSIP_RESPONSE_MSG)
-diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
-index bef6d24fe..177274b08 100644
---- a/pjsip/src/pjsip/sip_transport.c
-+++ b/pjsip/src/pjsip/sip_transport.c
-@@ -2335,6 +2335,19 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
- if (!tp_iter->tp->is_shutdown &&
- !tp_iter->tp->is_destroying)
- {
-+ if ((type & PJSIP_TRANSPORT_SECURE) && tdata) {
-+ /* For secure transport, make sure tdata's
-+ * destination host matches the transport's
-+ * remote host.
-+ */
-+ if (pj_stricmp(&tdata->dest_info.name,
-+ &tp_iter->tp->remote_name.host))
-+ {
-+ tp_iter = tp_iter->next;
-+ continue;
-+ }
-+ }
-+
- if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER &&
- sel->u.listener)
- {
-diff --git a/pjsip/src/pjsip/sip_util.c b/pjsip/src/pjsip/sip_util.c
-index a1bf878ea..cf916805d 100644
---- a/pjsip/src/pjsip/sip_util.c
-+++ b/pjsip/src/pjsip/sip_util.c
-@@ -1417,7 +1417,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_request_stateless(pjsip_endpoint *endpt,
- */
- if (tdata->dest_info.addr.count == 0) {
- /* Copy the destination host name to TX data */
-- pj_strdup(tdata->pool, &tdata->dest_info.name, &dest_info.addr.host);
-+ if (!tdata->dest_info.name.slen) {
-+ pj_strdup(tdata->pool, &tdata->dest_info.name,
-+ &dest_info.addr.host);
-+ }
-
- pjsip_endpt_resolve( endpt, tdata->pool, &dest_info, stateless_data,
- &stateless_send_resolver_callback);
-@@ -1810,8 +1813,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_response( pjsip_endpoint *endpt,
- }
- } else {
- /* Copy the destination host name to TX data */
-- pj_strdup(tdata->pool, &tdata->dest_info.name,
-- &res_addr->dst_host.addr.host);
-+ if (!tdata->dest_info.name.slen) {
-+ pj_strdup(tdata->pool, &tdata->dest_info.name,
-+ &res_addr->dst_host.addr.host);
-+ }
-
- pjsip_endpt_resolve(endpt, tdata->pool, &res_addr->dst_host,
- send_state, &send_response_resolver_cb);
---
-2.26.2
-
diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch
deleted file mode 100644
index 9dc9016..0000000
--- a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 97b3d7addbaa720b7ddb0af9bf6f3e443e664365 Mon Sep 17 00:00:00 2001
-From: Nanang Izzuddin <nanang@teluu.com>
-Date: Mon, 8 Mar 2021 16:09:34 +0700
-Subject: [PATCH] Merge pull request from GHSA-hvq6-f89p-frvp
-
----
- pjmedia/src/pjmedia/sdp_neg.c | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/pjmedia/src/pjmedia/sdp_neg.c b/pjmedia/src/pjmedia/sdp_neg.c
-index f4838f75d..9f76b5200 100644
---- a/pjmedia/src/pjmedia/sdp_neg.c
-+++ b/pjmedia/src/pjmedia/sdp_neg.c
-@@ -304,7 +304,6 @@ PJ_DEF(pj_status_t) pjmedia_sdp_neg_modify_local_offer2(
- {
- pjmedia_sdp_session *new_offer;
- pjmedia_sdp_session *old_offer;
-- char media_used[PJMEDIA_MAX_SDP_MEDIA];
- unsigned oi; /* old offer media index */
- pj_status_t status;
-
-@@ -323,8 +322,19 @@ PJ_DEF(pj_status_t) pjmedia_sdp_neg_modify_local_offer2(
- /* Change state to STATE_LOCAL_OFFER */
- neg->state = PJMEDIA_SDP_NEG_STATE_LOCAL_OFFER;
-
-+ /* When there is no active local SDP in state PJMEDIA_SDP_NEG_STATE_DONE,
-+ * it means that the previous initial SDP nego must have been failed,
-+ * so we'll just set the local SDP offer here.
-+ */
-+ if (!neg->active_local_sdp) {
-+ neg->initial_sdp_tmp = NULL;
-+ neg->initial_sdp = pjmedia_sdp_session_clone(pool, local);
-+ neg->neg_local_sdp = pjmedia_sdp_session_clone(pool, local);
-+
-+ return PJ_SUCCESS;
-+ }
-+
- /* Init vars */
-- pj_bzero(media_used, sizeof(media_used));
- old_offer = neg->active_local_sdp;
- new_offer = pjmedia_sdp_session_clone(pool, local);
-
---
-2.26.2
-
diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
deleted file mode 100644
index ba31cf1..0000000
--- a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
+++ /dev/null
@@ -1,289 +0,0 @@
-From d5f95aa066f878b0aef6a64e60b61e8626e664cd Mon Sep 17 00:00:00 2001
-From: Nanang Izzuddin <nanang@teluu.com>
-Date: Fri, 23 Jul 2021 10:49:21 +0700
-Subject: [PATCH] Merge pull request from GHSA-cv8x-p47p-99wr
-
-* - Avoid SSL socket parent/listener getting destroyed during handshake by increasing parent's reference count.
-- Add missing SSL socket close when the newly accepted SSL socket is discarded in SIP TLS transport.
-
-* - Fix silly mistake: accepted active socket created without group lock in SSL socket.
-- Replace assertion with normal validation check of SSL socket instance in OpenSSL verification callback (verify_cb()) to avoid crash, e.g: if somehow race condition with SSL socket destroy happens or OpenSSL application data index somehow gets corrupted.
----
- pjlib/src/pj/ssl_sock_imp_common.c | 47 +++++++++++++++++++++--------
- pjlib/src/pj/ssl_sock_ossl.c | 45 ++++++++++++++++++++++-----
- pjsip/src/pjsip/sip_transport_tls.c | 23 +++++++++++++-
- 3 files changed, 95 insertions(+), 20 deletions(-)
-
-diff --git a/pjlib/src/pj/ssl_sock_imp_common.c b/pjlib/src/pj/ssl_sock_imp_common.c
-index 025832da4..24533b397 100644
---- a/pjlib/src/pj/ssl_sock_imp_common.c
-+++ b/pjlib/src/pj/ssl_sock_imp_common.c
-@@ -255,6 +255,8 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
-
- /* Accepting */
- if (ssock->is_server) {
-+ pj_bool_t ret = PJ_TRUE;
-+
- if (status != PJ_SUCCESS) {
- /* Handshake failed in accepting, destroy our self silently. */
-
-@@ -272,6 +274,12 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
- status);
- }
-
-+ /* Decrement ref count of parent */
-+ if (ssock->parent->param.grp_lock) {
-+ pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
-+ ssock->parent = NULL;
-+ }
-+
- /* Originally, this is a workaround for ticket #985. However,
- * a race condition may occur in multiple worker threads
- * environment when we are destroying SSL objects while other
-@@ -315,23 +323,29 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
-
- return PJ_FALSE;
- }
-+
- /* Notify application the newly accepted SSL socket */
- if (ssock->param.cb.on_accept_complete2) {
-- pj_bool_t ret;
- ret = (*ssock->param.cb.on_accept_complete2)
- (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr,
- pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr),
- status);
-- if (ret == PJ_FALSE)
-- return PJ_FALSE;
- } else if (ssock->param.cb.on_accept_complete) {
-- pj_bool_t ret;
- ret = (*ssock->param.cb.on_accept_complete)
- (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr,
- pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr));
-- if (ret == PJ_FALSE)
-- return PJ_FALSE;
- }
-+
-+ /* Decrement ref count of parent and reset parent (we don't need it
-+ * anymore, right?).
-+ */
-+ if (ssock->parent->param.grp_lock) {
-+ pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
-+ ssock->parent = NULL;
-+ }
-+
-+ if (ret == PJ_FALSE)
-+ return PJ_FALSE;
- }
-
- /* Connecting */
-@@ -930,9 +944,13 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
- if (status != PJ_SUCCESS)
- goto on_return;
-
-+ /* Set parent and add ref count (avoid parent destroy during handshake) */
-+ ssock->parent = ssock_parent;
-+ if (ssock->parent->param.grp_lock)
-+ pj_grp_lock_add_ref(ssock->parent->param.grp_lock);
-+
- /* Update new SSL socket attributes */
- ssock->sock = newsock;
-- ssock->parent = ssock_parent;
- ssock->is_server = PJ_TRUE;
- if (ssock_parent->cert) {
- status = pj_ssl_sock_set_certificate(ssock, ssock->pool,
-@@ -957,16 +975,20 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
- ssock->asock_rbuf = (void**)pj_pool_calloc(ssock->pool,
- ssock->param.async_cnt,
- sizeof(void*));
-- if (!ssock->asock_rbuf)
-- return PJ_ENOMEM;
-+ if (!ssock->asock_rbuf) {
-+ status = PJ_ENOMEM;
-+ goto on_return;
-+ }
-
- for (i = 0; i<ssock->param.async_cnt; ++i) {
- ssock->asock_rbuf[i] = (void*) pj_pool_alloc(
- ssock->pool,
- ssock->param.read_buffer_size +
- sizeof(read_data_t*));
-- if (!ssock->asock_rbuf[i])
-- return PJ_ENOMEM;
-+ if (!ssock->asock_rbuf[i]) {
-+ status = PJ_ENOMEM;
-+ goto on_return;
-+ }
- }
-
- /* If listener socket has group lock, automatically create group lock
-@@ -980,7 +1002,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
- goto on_return;
-
- pj_grp_lock_add_ref(glock);
-- asock_cfg.grp_lock = ssock->param.grp_lock = glock;
-+ ssock->param.grp_lock = glock;
- pj_grp_lock_add_handler(ssock->param.grp_lock, ssock->pool, ssock,
- ssl_on_destroy);
- }
-@@ -1008,6 +1030,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
-
- /* Create active socket */
- pj_activesock_cfg_default(&asock_cfg);
-+ asock_cfg.grp_lock = ssock->param.grp_lock;
- asock_cfg.async_cnt = ssock->param.async_cnt;
- asock_cfg.concurrency = ssock->param.concurrency;
- asock_cfg.whole_data = PJ_TRUE;
-diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
-index 88a2a6b94..df4f4f96a 100644
---- a/pjlib/src/pj/ssl_sock_ossl.c
-+++ b/pjlib/src/pj/ssl_sock_ossl.c
-@@ -327,7 +327,8 @@ static pj_status_t STATUS_FROM_SSL_ERR(char *action, pj_ssl_sock_t *ssock,
- ERROR_LOG("STATUS_FROM_SSL_ERR", err, ssock);
- }
-
-- ssock->last_err = err;
-+ if (ssock)
-+ ssock->last_err = err;
- return GET_STATUS_FROM_SSL_ERR(err);
- }
-
-@@ -344,7 +345,8 @@ static pj_status_t STATUS_FROM_SSL_ERR2(char *action, pj_ssl_sock_t *ssock,
- /* Dig for more from OpenSSL error queue */
- SSLLogErrors(action, ret, err, len, ssock);
-
-- ssock->last_err = ssl_err;
-+ if (ssock)
-+ ssock->last_err = ssl_err;
- return GET_STATUS_FROM_SSL_ERR(ssl_err);
- }
-
-@@ -786,6 +788,13 @@ static pj_status_t init_openssl(void)
-
- /* Create OpenSSL application data index for SSL socket */
- sslsock_idx = SSL_get_ex_new_index(0, "SSL socket", NULL, NULL, NULL);
-+ if (sslsock_idx == -1) {
-+ status = STATUS_FROM_SSL_ERR2("Init", NULL, -1, ERR_get_error(), 0);
-+ PJ_LOG(1,(THIS_FILE,
-+ "Fatal error: failed to get application data index for "
-+ "SSL socket"));
-+ return status;
-+ }
-
- #if defined(PJ_SSL_SOCK_OSSL_USE_THREAD_CB) && \
- PJ_SSL_SOCK_OSSL_USE_THREAD_CB != 0 && OPENSSL_VERSION_NUMBER < 0x10100000L
-@@ -819,21 +828,36 @@ static int password_cb(char *buf, int num, int rwflag, void *user_data)
- }
-
-
--/* SSL password callback. */
-+/* SSL certificate verification result callback.
-+ * Note that this callback seems to be always called from library worker
-+ * thread, e.g: active socket on_read_complete callback, which should have
-+ * already been equipped with race condition avoidance mechanism (should not
-+ * be destroyed while callback is being invoked).
-+ */
- static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
- {
-- pj_ssl_sock_t *ssock;
-- SSL *ossl_ssl;
-+ pj_ssl_sock_t *ssock = NULL;
-+ SSL *ossl_ssl = NULL;
- int err;
-
- /* Get SSL instance */
- ossl_ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
- SSL_get_ex_data_X509_STORE_CTX_idx());
-- pj_assert(ossl_ssl);
-+ if (!ossl_ssl) {
-+ PJ_LOG(1,(THIS_FILE,
-+ "SSL verification callback failed to get SSL instance"));
-+ goto on_return;
-+ }
-
- /* Get SSL socket instance */
- ssock = SSL_get_ex_data(ossl_ssl, sslsock_idx);
-- pj_assert(ssock);
-+ if (!ssock) {
-+ /* SSL socket may have been destroyed */
-+ PJ_LOG(1,(THIS_FILE,
-+ "SSL verification callback failed to get SSL socket "
-+ "instance (sslsock_idx=%d).", sslsock_idx));
-+ goto on_return;
-+ }
-
- /* Store verification status */
- err = X509_STORE_CTX_get_error(x509_ctx);
-@@ -911,6 +935,7 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
- if (PJ_FALSE == ssock->param.verify_peer)
- preverify_ok = 1;
-
-+on_return:
- return preverify_ok;
- }
-
-@@ -1474,6 +1499,12 @@ static void ssl_destroy(pj_ssl_sock_t *ssock)
- static void ssl_reset_sock_state(pj_ssl_sock_t *ssock)
- {
- ossl_sock_t *ossock = (ossl_sock_t *)ssock;
-+
-+ /* Detach from SSL instance */
-+ if (ossock->ossl_ssl) {
-+ SSL_set_ex_data(ossock->ossl_ssl, sslsock_idx, NULL);
-+ }
-+
- /**
- * Avoid calling SSL_shutdown() if handshake wasn't completed.
- * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an
-diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
-index 56a06cf99..24e43ef60 100644
---- a/pjsip/src/pjsip/sip_transport_tls.c
-+++ b/pjsip/src/pjsip/sip_transport_tls.c
-@@ -1333,9 +1333,26 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
- PJ_UNUSED_ARG(src_addr_len);
-
- listener = (struct tls_listener*) pj_ssl_sock_get_user_data(ssock);
-+ if (!listener) {
-+ /* Listener already destroyed, e.g: after TCP accept but before SSL
-+ * handshake is completed.
-+ */
-+ if (new_ssock && accept_status == PJ_SUCCESS) {
-+ /* Close the SSL socket if the accept op is successful */
-+ PJ_LOG(4,(THIS_FILE,
-+ "Incoming TLS connection from %s (sock=%d) is discarded "
-+ "because listener is already destroyed",
-+ pj_sockaddr_print(src_addr, addr, sizeof(addr), 3),
-+ new_ssock));
-+
-+ pj_ssl_sock_close(new_ssock);
-+ }
-+
-+ return PJ_FALSE;
-+ }
-
- if (accept_status != PJ_SUCCESS) {
-- if (listener && listener->tls_setting.on_accept_fail_cb) {
-+ if (listener->tls_setting.on_accept_fail_cb) {
- pjsip_tls_on_accept_fail_param param;
- pj_ssl_sock_info ssi;
-
-@@ -1358,6 +1375,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
- PJ_ASSERT_RETURN(new_ssock, PJ_TRUE);
-
- if (!listener->is_registered) {
-+ pj_ssl_sock_close(new_ssock);
-+
- if (listener->tls_setting.on_accept_fail_cb) {
- pjsip_tls_on_accept_fail_param param;
- pj_bzero(¶m, sizeof(param));
-@@ -1409,6 +1428,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
- ssl_info.grp_lock, &tls);
-
- if (status != PJ_SUCCESS) {
-+ pj_ssl_sock_close(new_ssock);
-+
- if (listener->tls_setting.on_accept_fail_cb) {
- pjsip_tls_on_accept_fail_param param;
- pj_bzero(¶m, sizeof(param));
---
-2.31.1
-
diff --git a/net-libs/pjproject/files/pjproject-2.10-libressl.patch b/net-libs/pjproject/files/pjproject-2.10-libressl.patch
deleted file mode 100644
index 16bf89a..0000000
--- a/net-libs/pjproject/files/pjproject-2.10-libressl.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-$OpenBSD: patch-pjlib_src_pj_ssl_sock_ossl_c,v 1.4 2021/05/07 20:00:03 tb Exp $
-
-https://github.com/pjsip/pjproject/pull/2708
-
-Index: pjlib/src/pj/ssl_sock_ossl.c
---- a/pjlib/src/pj/ssl_sock_ossl.c.orig
-+++ b/pjlib/src/pj/ssl_sock_ossl.c
-@@ -130,9 +130,6 @@ static unsigned get_nid_from_cid(unsigned cid)
- # define X509_get_notBefore(x) X509_get0_notBefore(x)
- # define X509_get_notAfter(x) X509_get0_notAfter(x)
- # endif
--#else
--# define SSL_CIPHER_get_id(c) (c)->id
--# define SSL_set_session(ssl, s) (ssl)->session = (s)
- #endif
-
-
diff --git a/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch b/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch
deleted file mode 100644
index b036951..0000000
--- a/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 90a16c523bfdf4d43c10506c972c5fd4250b2856 Mon Sep 17 00:00:00 2001
-From: Nanang Izzuddin <nanang@teluu.com>
-Date: Fri, 20 Nov 2020 10:52:22 +0700
-Subject: [PATCH] Race condition between transport destroy and acquire (#2470)
-
-* Handle race condition between transport_idle_callback() and pjsip_tpmgr_acquire_transport2().
-* Add transport destroy state check as additional of transport shutdown state check
----
- pjsip/src/pjsip/sip_transaction.c | 2 +-
- pjsip/src/pjsip/sip_transport.c | 34 +++++++++++++++++++++++++------
- 2 files changed, 29 insertions(+), 7 deletions(-)
-
-diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c
-index 2b4ece7df..f663c7f4b 100644
---- a/pjsip/src/pjsip/sip_transaction.c
-+++ b/pjsip/src/pjsip/sip_transaction.c
-@@ -2443,7 +2443,7 @@ static void tsx_update_transport( pjsip_transaction *tsx,
- pjsip_transport_add_ref(tp);
- pjsip_transport_add_state_listener(tp, &tsx_tp_state_callback, tsx,
- &tsx->tp_st_key);
-- if (tp->is_shutdown) {
-+ if (tp->is_shutdown || tp->is_destroying) {
- pjsip_transport_state_info info;
-
- pj_bzero(&info, sizeof(info));
-diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
-index 06fce358c..bef6d24fe 100644
---- a/pjsip/src/pjsip/sip_transport.c
-+++ b/pjsip/src/pjsip/sip_transport.c
-@@ -1071,6 +1071,19 @@ static void transport_idle_callback(pj_timer_heap_t *timer_heap,
- return;
-
- entry->id = PJ_FALSE;
-+
-+ /* Set is_destroying flag under transport manager mutex to avoid
-+ * race condition with pjsip_tpmgr_acquire_transport2().
-+ */
-+ pj_lock_acquire(tp->tpmgr->lock);
-+ if (pj_atomic_get(tp->ref_cnt) == 0) {
-+ tp->is_destroying = PJ_TRUE;
-+ } else {
-+ pj_lock_release(tp->tpmgr->lock);
-+ return;
-+ }
-+ pj_lock_release(tp->tpmgr->lock);
-+
- pjsip_transport_destroy(tp);
- }
-
-@@ -1392,8 +1405,8 @@ PJ_DEF(pj_status_t) pjsip_transport_shutdown2(pjsip_transport *tp,
- mgr = tp->tpmgr;
- pj_lock_acquire(mgr->lock);
-
-- /* Do nothing if transport is being shutdown already */
-- if (tp->is_shutdown) {
-+ /* Do nothing if transport is being shutdown/destroyed already */
-+ if (tp->is_shutdown || tp->is_destroying) {
- pj_lock_release(mgr->lock);
- pj_lock_release(tp->lock);
- return PJ_SUCCESS;
-@@ -2256,6 +2269,13 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
- return PJSIP_ETPNOTSUITABLE;
- }
-
-+ /* Make sure the transport is not being destroyed */
-+ if (seltp->is_destroying) {
-+ pj_lock_release(mgr->lock);
-+ TRACE_((THIS_FILE,"Transport to be acquired is being destroyed"));
-+ return PJ_ENOTFOUND;
-+ }
-+
- /* We could also verify that the destination address is reachable
- * from this transport (i.e. both are equal), but if application
- * has requested a specific transport to be used, assume that
-@@ -2311,8 +2331,10 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
- if (tp_entry) {
- transport *tp_iter = tp_entry;
- do {
-- /* Don't use transport being shutdown */
-- if (!tp_iter->tp->is_shutdown) {
-+ /* Don't use transport being shutdown/destroyed */
-+ if (!tp_iter->tp->is_shutdown &&
-+ !tp_iter->tp->is_destroying)
-+ {
- if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER &&
- sel->u.listener)
- {
-@@ -2382,7 +2404,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
- TRACE_((THIS_FILE, "Transport found but from different listener"));
- }
-
-- if (tp_ref!=NULL && !tp_ref->is_shutdown) {
-+ if (tp_ref!=NULL && !tp_ref->is_shutdown && !tp_ref->is_destroying) {
- /*
- * Transport found!
- */
-@@ -2624,7 +2646,7 @@ PJ_DEF(pj_status_t) pjsip_transport_add_state_listener (
-
- PJ_ASSERT_RETURN(tp && cb && key, PJ_EINVAL);
-
-- if (tp->is_shutdown) {
-+ if (tp->is_shutdown || tp->is_destroying) {
- *key = NULL;
- return PJ_EINVALIDOP;
- }
---
-2.26.2
-
diff --git a/net-libs/pjproject/files/pjproject-2.9-config_site.h b/net-libs/pjproject/files/pjproject-2.9-config_site.h
deleted file mode 100644
index d41ac1d..0000000
--- a/net-libs/pjproject/files/pjproject-2.9-config_site.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Based off of the Asterisk config_site.h file.
- *
- * In general it's the same with some removals due to being ebuild-managed.
- */
-
-#include <sys/select.h>
-
-/* handled by ebuild, default to disabled here */
-#ifndef PJMEDIA_HAS_SRTP
-#define PJMEDIA_HAS_SRTP 0
-#endif
-
-#define PJ_MAX_HOSTNAME (256)
-#define PJSIP_MAX_URL_SIZE (512)
-#ifdef PJ_HAS_LINUX_EPOLL
-#define PJ_IOQUEUE_MAX_HANDLES (5000)
-#else
-#define PJ_IOQUEUE_MAX_HANDLES (FD_SETSIZE)
-#endif
-#define PJ_IOQUEUE_HAS_SAFE_UNREG 1
-#define PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL (16)
-
-#define PJ_SCANNER_USE_BITWISE 0
-#define PJ_OS_HAS_CHECK_STACK 0
-
-#ifndef PJ_LOG_MAX_LEVEL
-#define PJ_LOG_MAX_LEVEL 6
-#endif
-
-#define PJ_ENABLE_EXTRA_CHECK 1
-#define PJSIP_MAX_TSX_COUNT ((64*1024)-1)
-#define PJSIP_MAX_DIALOG_COUNT ((64*1024)-1)
-#define PJSIP_UDP_SO_SNDBUF_SIZE (512*1024)
-#define PJSIP_UDP_SO_RCVBUF_SIZE (512*1024)
-#define PJSIP_SAFE_MODULE 0
-#define PJ_HAS_STRICMP_ALNUM 0
-
-/*
- * Do not ever enable PJ_HASH_USE_OWN_TOLOWER because the algorithm is
- * inconsistently used when calculating the hash value and doesn't
- * convert the same characters as pj_tolower()/tolower(). Thus you
- * can get different hash values if the string hashed has certain
- * characters in it. (ASCII '@', '[', '\\', ']', '^', and '_')
- */
-#undef PJ_HASH_USE_OWN_TOLOWER
-
-/*
- It is imperative that PJSIP_UNESCAPE_IN_PLACE remain 0 or undefined.
- Enabling it will result in SEGFAULTS when URIs containing escape sequences are encountered.
-*/
-#undef PJSIP_UNESCAPE_IN_PLACE
-#define PJSIP_MAX_PKT_LEN 32000
-
-#undef PJ_TODO
-#define PJ_TODO(x)
-
-/* Defaults too low for WebRTC */
-#define PJ_ICE_MAX_CAND 32
-#define PJ_ICE_MAX_CHECKS (PJ_ICE_MAX_CAND * PJ_ICE_MAX_CAND)
-
-/* Increase limits to allow more formats */
-#define PJMEDIA_MAX_SDP_FMT 64
-#define PJMEDIA_MAX_SDP_BANDW 4
-#define PJMEDIA_MAX_SDP_ATTR (PJMEDIA_MAX_SDP_FMT*2 + 4)
-#define PJMEDIA_MAX_SDP_MEDIA 16
-
-/*
- * Turn off the periodic sending of CRLNCRLN. Default is on (90 seconds),
- * which conflicts with the global section's keep_alive_interval option in
- * pjsip.conf.
- */
-#define PJSIP_TCP_KEEP_ALIVE_INTERVAL 0
-#define PJSIP_TLS_KEEP_ALIVE_INTERVAL 0
diff --git a/net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch b/net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch
deleted file mode 100644
index bb8a11d..0000000
--- a/net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 2942c73cd3b3389ec1a35258f22ac9d0f0742de1 Mon Sep 17 00:00:00 2001
-From: Jaco Kroon <jaco@iewc.co.za>
-Date: Thu, 24 May 2018 15:40:33 +0200
-Subject: [PATCH] Fix support for --enable-ssl.
-
-This change enables the explicit use of --enable-ssl in such a way that
-package managers such as portage (Gentoo) that explicitly does
---enable-ssl or --disable-ssl will get the results that it's looking
-for.
-
-Without this specifying --enable-ssl would end up actually disabling it.
-
-Additionally, if --enable-ssl is specified but the script ends up being
-unable to enable ssl it will fail.
----
- aconfigure | 16 ++++++++++++----
- aconfigure.ac | 15 ++++++++++++---
- 2 files changed, 24 insertions(+), 7 deletions(-)
-
-diff --git a/aconfigure b/aconfigure
-index 0cf17faae..57bdfba87 100755
---- a/aconfigure
-+++ b/aconfigure
-@@ -8001,8 +8001,9 @@ if test "${enable_ssl+set}" = set; then :
- $as_echo "Checking if SSL support is disabled... yes" >&6; }
- fi
-
--else
-+fi
-
-+if test "x$ac_no_ssl" != "x1"; then
- if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
- CFLAGS="$CFLAGS -I$with_ssl/include"
- CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
-@@ -8317,16 +8318,23 @@ $as_echo "GnuTLS library found, SSL support enabled" >&6; }
-
- ac_ssl_backend="gnutls"
- else
-- { $as_echo "$as_me:${as_lineno-$LINENO}: result: ** No GnuTLS libraries found, disabling SSL support **" >&5
--$as_echo "** No GnuTLS libraries found, disabling SSL support **" >&6; }
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: ** No GnuTLS libraries found **" >&5
-+$as_echo "** No GnuTLS libraries found **" >&6; }
- fi
-
- fi
-
-+ if test "x$ac_ssl_backend" = "x"; then
-+ if test "x$enable_ssl" = "xyes"; then
-+ as_fn_error $? "SSL Support requested but neither OpenSSL nor GnuTLS operational" "$LINENO" 5
-+ else
-+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: No SSL detected, disabling SSL support" >&5
-+$as_echo "No SSL detected, disabling SSL support" >&6; }
-+ fi
-+ fi
- fi
-
-
--
- # Check whether --with-opencore-amrnb was given.
- if test "${with_opencore_amrnb+set}" = set; then :
- withval=$with_opencore_amrnb; as_fn_error $? "This option is obsolete and replaced by --with-opencore-amr=DIR" "$LINENO" 5
-diff --git a/aconfigure.ac b/aconfigure.ac
-index 8d7d944a1..45c42756b 100644
---- a/aconfigure.ac
-+++ b/aconfigure.ac
-@@ -1607,7 +1607,8 @@ AC_ARG_ENABLE(ssl,
- AC_MSG_RESULT([Checking if SSL support is disabled... yes])
- fi
- ],
-- [
-+ [])
-+if test "x$ac_no_ssl" != "x1"; then
- if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
- CFLAGS="$CFLAGS -I$with_ssl/include"
- CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
-@@ -1692,11 +1693,19 @@ AC_ARG_ENABLE(ssl,
- AC_DEFINE(PJ_SSL_SOCK_IMP, PJ_SSL_SOCK_IMP_GNUTLS)
- ac_ssl_backend="gnutls"
- else
-- AC_MSG_RESULT([** No GnuTLS libraries found, disabling SSL support **])
-+ AC_MSG_RESULT([** No GnuTLS libraries found **])
- fi
-
- fi
-- ])
-+
-+ if test "x$ac_ssl_backend" = "x"; then
-+ if test "x$enable_ssl" = "xyes"; then
-+ AC_MSG_ERROR([SSL Support requested but neither OpenSSL nor GnuTLS operational])
-+ else
-+ AC_MSG_RESULT([No SSL detected, disabling SSL support])
-+ fi
-+ fi
-+fi
-
- dnl # Obsolete option --with-opencore-amrnb
- AC_ARG_WITH(opencore-amrnb,
---
-2.23.0
-
diff --git a/net-libs/pjproject/metadata.xml b/net-libs/pjproject/metadata.xml
deleted file mode 100644
index 6e8f87f..0000000
--- a/net-libs/pjproject/metadata.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
- <maintainer type="person" proxied="yes">
- <email>jaco@uls.co.za</email>
- <name>Jaco Kroon</name>
- </maintainer>
- <maintainer type="project" proxied="proxy">
- <email>proxy-maint@gentoo.org</email>
- <name>Proxy Maintainers</name>
- </maintainer>
- <use>
- <flag name="amr">Inlcude AMR codec in the build</flag>
- <flag name="epoll">Use /dev/epoll ioqueue on Linux (experimental)</flag>
- <flag name="g711">Include G.711 codecs in the build</flag>
- <flag name="g722">Include G.722 codec in the build</flag>
- <flag name="g7221">Include G.722.1 codec in the build</flag>
- <flag name="g729">Include G.729 codec via net-libs/bcg729</flag>
- <flag name="ilbc">Include iLBC codec in the build</flag>
- <flag name="l16">Include Linear/L16 codec family in the build</flag>
- <flag name="libyuv">Include libyuv in the build</flag>
- <flag name="openh264">Include Open H.264 support in the build</flag>
- <flag name="resample">Include resampling implementations in the build</flag>
- <flag name="silk">Include SILK support in the build</flag>
- <flag name="v4l2">Include Video4Linux v2 support in the build</flag>
- <flag name="vpx">Include VP8 and VP9 codec support in the build</flag>
- <flag name="webrtc">Enable WebRTC support</flag>
- </use>
-</pkgmetadata>
diff --git a/net-libs/pjproject/pjproject-2.10-r2.ebuild b/net-libs/pjproject/pjproject-2.10-r2.ebuild
deleted file mode 100644
index 5f5276a..0000000
--- a/net-libs/pjproject/pjproject-2.10-r2.ebuild
+++ /dev/null
@@ -1,126 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic toolchain-funcs
-
-DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
-HOMEPAGE="https://www.pjsip.org/"
-SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86"
-
-LICENSE="GPL-2"
-SLOT="0/${PV}"
-
-# g729 not included due to special bcg729 handling.
-CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
-VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
-SOUND_FLAGS="alsa portaudio"
-IUSE="amr debug epoll examples ipv6 opus resample silk ssl static-libs webrtc
- ${CODEC_FLAGS} g729
- ${VIDEO_FLAGS}
- ${SOUND_FLAGS}"
-
-PATCHES=(
- "${FILESDIR}/pjproject-2.9-ssl-enable.patch"
- "${FILESDIR}/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch"
- "${FILESDIR}/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch"
- "${FILESDIR}/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch"
- "${FILESDIR}/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch"
- "${FILESDIR}/pjproject-2.10-libressl.patch"
-)
-
-RDEPEND="net-libs/libsrtp:=
- alsa? ( media-libs/alsa-lib )
- amr? ( media-libs/opencore-amr )
- ffmpeg? ( media-video/ffmpeg:= )
- g729? ( media-libs/bcg729 )
- gsm? ( media-sound/gsm )
- ilbc? ( media-libs/libilbc )
- openh264? ( media-libs/openh264 )
- opus? ( media-libs/opus )
- portaudio? ( media-libs/portaudio )
- resample? ( media-libs/libsamplerate )
- sdl? ( media-libs/libsdl )
- speex? (
- media-libs/speex
- media-libs/speexdsp
- )
- ssl? (
- dev-libs/openssl:0=
- )
-"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig"
-
-src_prepare() {
- default
- rm configure || die "Unable to remove unwanted wrapper"
- mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
- eautoreconf
-
- cp "${FILESDIR}/pjproject-2.9-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
-}
-
-src_configure() {
- local myconf=()
- local videnable="--disable-video"
- local t
-
- use debug || append-cflags -DNDEBUG=1
- use ipv6 && append-cflags -DPJ_HAS_IPV6=1
- append-cflags -DPJMEDIA_HAS_SRTP=1
-
- for t in ${CODEC_FLAGS}; do
- myconf+=( $(use_enable ${t} ${t}-codec) )
- done
- myconf+=( $(use_enable g729 bcg729) )
-
- for t in ${VIDEO_FLAGS}; do
- myconf+=( $(use_enable ${t}) )
- use "${t}" && videnable="--enable-video"
- done
-
- [ "${videnable}" = "--enable-video" ] && append-cflags -DPJMEDIA_HAS_VIDEO=1
-
- LD="$(tc-getCC)" econf \
- --enable-shared \
- --with-external-srtp \
- ${videnable} \
- $(use_enable alsa sound) \
- $(use_enable amr opencore-amr) \
- $(use_enable epoll) \
- $(use_enable opus) \
- $(use_enable portaudio ext-sound) \
- $(use_enable resample libsamplerate) \
- $(use_enable resample resample-dll) \
- $(use_enable resample) \
- $(use_enable silk) \
- $(use_enable speex speex-aec) \
- $(use_enable ssl) \
- $(use_with gsm external-gsm) \
- $(use_with portaudio external-pa) \
- $(use_with speex external-speex) \
- $(usex webrtc '' --disable-libwebrtc) \
- "${myconf[@]}"
-}
-
-src_compile() {
- emake dep LD="$(tc-getCC)"
- emake LD="$(tc-getCC)"
-}
-
-src_install() {
- default
-
- newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
- newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
-
- if use examples; then
- insinto "/usr/share/doc/${PF}/examples"
- doins -r pjsip-apps/src/samples
- fi
-
- use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
-}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-10-11 22:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-01-26 18:17 [gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/files/, net-libs/pjproject/ Quentin Retornaz
2021-01-26 0:22 ` [gentoo-commits] repo/proj/libressl:migration " Quentin Retornaz
-- strict thread matches above, loose matches on Subject: below --
2022-10-11 22:16 [gentoo-commits] repo/proj/libressl:master " Quentin Retornaz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox