commit: 74bc4476b50218718af7c43038176f1d69c50e61 Author: Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za> AuthorDate: Sat Jul 24 08:36:57 2021 +0000 Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org> CommitDate: Wed Jun 15 13:32:11 2022 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74bc4476
net-libs/pjproject: Version 2.12.1. Upstream release. Remove the need for custom patches (which is still required but no longer applies, instead, rely on ./configure detecting openssl, we do depend on it, and only --disable-ssl works, passing --enable-ssl also effectively disables ssl). Compile tested asterisk 13, 16 and 18 (in-tree versions) against this. Would appreciate a double-check on this one. One version from each is sufficient. Since the two libraries that were the target of parallel build failures are now one, I believe the parallel build issue is fixed too. Included patch for CVE-2022-31031 Closes: https://bugs.gentoo.org/833765 Closes: https://bugs.gentoo.org/817803 Closes: https://bugs.gentoo.org/808099 Closes: https://bugs.gentoo.org/834491 Bug: https://bugs.gentoo.org/803614 Bug: https://bugs.gentoo.org/765799 Bug: https://bugs.gentoo.org/829894 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/21761 Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org> net-libs/pjproject/Manifest | 1 + .../files/pjproject-2.12.1-CVE-2022-31031.patch | 41 +++++++ net-libs/pjproject/pjproject-2.12.1.ebuild | 125 +++++++++++++++++++++ 3 files changed, 167 insertions(+) diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest index 048f8a59e96f..b0c9fcafc2b1 100644 --- a/net-libs/pjproject/Manifest +++ b/net-libs/pjproject/Manifest @@ -1 +1,2 @@ DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893 +DIST pjproject-2.12.1.tar.gz 9660659 BLAKE2B d893f22d995c9570e4003f80adf15144cf39e09d5843a88e3a616a529a91164ec7b012ea66ede8d55bfe4ec0dc4eca7d230f07fc66f06dfafaea9d5ff72910fa SHA512 9087456024b8886e56660cebc45c7093b3b91cd6b08a3926fa2c0de452989ac84ceb4e27413c0311bde95f271341ee44d9681f81f83602a4e16151f1831d773b diff --git a/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch b/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch new file mode 100644 index 000000000000..637b7f374ffc --- /dev/null +++ b/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch @@ -0,0 +1,41 @@ +From 450baca94f475345542c6953832650c390889202 Mon Sep 17 00:00:00 2001 +From: sauwming <[email protected]> +Date: Tue, 7 Jun 2022 12:00:13 +0800 +Subject: [PATCH] Merge pull request from GHSA-26j7-ww69-c4qj + +--- + pjlib-util/src/pjlib-util/stun_simple.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/pjlib-util/src/pjlib-util/stun_simple.c b/pjlib-util/src/pjlib-util/stun_simple.c +index 722519584..d0549176d 100644 +--- a/pjlib-util/src/pjlib-util/stun_simple.c ++++ b/pjlib-util/src/pjlib-util/stun_simple.c +@@ -54,6 +54,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len, + { + pj_uint16_t msg_type, msg_len; + char *p_attr; ++ int attr_max_cnt = PJ_ARRAY_SIZE(msg->attr); + + PJ_CHECK_STACK(); + +@@ -83,7 +84,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len, + msg->attr_count = 0; + p_attr = (char*)buf + sizeof(pjstun_msg_hdr); + +- while (msg_len > 0) { ++ while (msg_len > 0 && msg->attr_count < attr_max_cnt) { + pjstun_attr_hdr **attr = &msg->attr[msg->attr_count]; + pj_uint32_t len; + pj_uint16_t attr_type; +@@ -111,6 +112,10 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len, + p_attr += len; + ++msg->attr_count; + } ++ if (msg->attr_count == attr_max_cnt) { ++ PJ_LOG(4, (THIS_FILE, "Warning: max number attribute %d reached.", ++ attr_max_cnt)); ++ } + + return PJ_SUCCESS; + } diff --git a/net-libs/pjproject/pjproject-2.12.1.ebuild b/net-libs/pjproject/pjproject-2.12.1.ebuild new file mode 100644 index 000000000000..7571fc933d02 --- /dev/null +++ b/net-libs/pjproject/pjproject-2.12.1.ebuild @@ -0,0 +1,125 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit autotools flag-o-matic toolchain-funcs + +DESCRIPTION="Open source SIP, Media, and NAT Traversal Library" +HOMEPAGE="https://www.pjsip.org/"; +SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" + +LICENSE="GPL-2" +SLOT="0/${PV}" + +# g729 not included due to special bcg729 handling. +CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16" +VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx" +SOUND_FLAGS="alsa portaudio" +IUSE="amr debug epoll examples ipv6 opus resample silk ssl static-libs webrtc + ${CODEC_FLAGS} g729 + ${VIDEO_FLAGS} + ${SOUND_FLAGS}" + +RDEPEND="net-libs/libsrtp:= + alsa? ( media-libs/alsa-lib ) + amr? ( media-libs/opencore-amr ) + ffmpeg? ( media-video/ffmpeg:= ) + g729? ( media-libs/bcg729 ) + gsm? ( media-sound/gsm ) + ilbc? ( media-libs/libilbc ) + openh264? ( media-libs/openh264 ) + opus? ( media-libs/opus ) + portaudio? ( media-libs/portaudio ) + resample? ( media-libs/libsamplerate ) + sdl? ( media-libs/libsdl ) + speex? ( + media-libs/speex + media-libs/speexdsp + ) + ssl? ( + dev-libs/openssl:0= + ) +" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" + +PATCHES=( + "${FILESDIR}/pjproject-2.12.1-CVE-2022-31031.patch" +) + +src_prepare() { + default + rm configure || die "Unable to remove unwanted wrapper" + mv aconfigure.ac configure.ac || die "Unable to rename configure script source" + eautoreconf + + cp "${FILESDIR}/pjproject-2.9-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h" +} + +_pj_enable() { + usex "$1" '' "--disable-${2:-$1}" +} + +src_configure() { + local myconf=() + local videnable="--disable-video" + local t + + use debug || append-cflags -DNDEBUG=1 + use ipv6 && append-cflags -DPJ_HAS_IPV6=1 + append-cflags -DPJMEDIA_HAS_SRTP=1 + + for t in ${CODEC_FLAGS}; do + myconf+=( $(_pj_enable ${t} ${t}-codec) ) + done + myconf+=( $(_pj_enable g729 bcg729) ) + + for t in ${VIDEO_FLAGS}; do + myconf+=( $(_pj_enable ${t}) ) + use "${t}" && videnable="--enable-video" + done + + [ "${videnable}" = "--enable-video" ] && append-cflags -DPJMEDIA_HAS_VIDEO=1 + + LD="$(tc-getCC)" econf \ + --enable-shared \ + --with-external-srtp \ + ${videnable} \ + $(_pj_enable alsa sound) \ + $(_pj_enable amr opencore-amr) \ + $(_pj_enable epoll) \ + $(_pj_enable opus) \ + $(_pj_enable portaudio ext-sound) \ + $(_pj_enable resample libsamplerate) \ + $(_pj_enable resample resample-dll) \ + $(_pj_enable resample) \ + $(_pj_enable silk) \ + $(_pj_enable speex speex-aec) \ + $(_pj_enable ssl) \ + $(_pj_enable webrtc libwebrtc) \ + $(use_with gsm external-gsm) \ + $(use_with portaudio external-pa) \ + $(use_with speex external-speex) \ + "${myconf[@]}" +} + +src_compile() { + emake dep LD="$(tc-getCC)" + emake LD="$(tc-getCC)" +} + +src_install() { + default + + newbin pjsip-apps/bin/pjsua-${CHOST} pjsua + newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest + + if use examples; then + insinto "/usr/share/doc/${PF}/examples" + doins -r pjsip-apps/src/samples + fi + + use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives" +}
