Hello community, here is the log from the commit of package libeXosip2 for openSUSE:Factory checked in at 2018-01-09 14:52:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libeXosip2 (Old) and /work/SRC/openSUSE:Factory/.libeXosip2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libeXosip2" Tue Jan 9 14:52:19 2018 rev:24 rq:561495 version:5.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libeXosip2/libeXosip2.changes 2014-09-15 14:50:28.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libeXosip2.new/libeXosip2.changes 2018-01-09 14:52:20.782184208 +0100 @@ -1,0 +2,76 @@ +Thu Dec 28 22:06:50 UTC 2017 - [email protected] + +- Update to 5.0.0: + * major API update: add a new parameter to eXosip_call_build_prack in order to create the PRACK + for this specific response and not for the latest. + * major API update: removal of eX_refer.h API. REFER are now handled with subscriptions APIs. + eXosip_refer_build_request removed + eXosip_refer_send_request removed + * major API update: subscription now handle both SUBSCRIBE and REFER with the same APIs: + eXosip_subscription_build_initial_refer ADDED + eXosip_subscribe_build_initial_request renamed eXosip_subscription_build_initial_subscribe + eXosip_subscribe_send_initial_request renamed eXosip_subscription_send_initial_request + eXosip_subscribe_build_refresh_request renamed eXosip_subscription_build_refresh_request + eXosip_subscribe_send_refresh_request renamed eXosip_subscription_send_refresh_request + eXosip_subscribe_remove renamed eXosip_subscription_remove + EXOSIP_IN_SUBSCRIPTION_* and EXOSIP_SUBSCRIPTION_* events may now relate to REFER subscription. + * major API change: eXosip_automatic_refresh is obsolete and has been removed. + only use eXosip_automatic_action instead + * API update: + eXosip_options_send_request returns a positive transaction id (tid) on success. + eXosip_publish returns a positive transaction id (tid) on success. + note: eXosip_message_send_request was already returing the transaction id (tid) on success. + * new API options: + EXOSIP_OPT_REMOVE_PREROUTESET: to keep Route Set + EXOSIP_OPT_SET_SIP_INSTANCE: define +sip.instance parameter in Contact headers + EXOSIP_OPT_ENABLE_USE_EPHEMERAL_PORT: option to use/not use ephemeral port in Contact. + EXOSIP_OPT_ENABLE_REUSE_TCP_PORT: option to reuse port. + EXOSIP_OPT_AUTO_MASQUERADE_CONTACT: option to enable automatic masquerading for Contact headers. + EXOSIP_OPT_UDP_LEARN_PORT: obsolete and will be removed in the future. + EXOSIP_OPT_SET_DEFAULT_CONTACT_DISPLAYNAME: define a display name to be added in Contact headers + * new API options: (high load traffic use-case: DO NOT USE FOR COMMON USAGE) + EXOSIP_OPT_SET_MAX_MESSAGE_TO_READ: set the number of message to read at once for each network processing. + EXOSIP_OPT_SET_MAX_READ_TIMEOUT: set the period in nano seconds during we read for sip message. + EXOSIP_OPT_GET_STATISTICS: retreive numerous statistics. + * rewrite/update autotools and ./configure options + --enable-pthread=[autodetect|force] + autodetect POSIX threads or force -DHAVE_PTHREAD [default=autodetect] + --enable-semaphore=[autodetect|semaphore|sysv] + select your prefered semaphore [default=autodetect]. + * fix bug when reading sip message longuer than 8000 over UDP and TLS. + * improve eXosip_add_authentication_info to avoid duplicate credentials + * if a SUBSCRIBE is rejected, the context will be released automatically + * add failover after a DNS failure. + * fallback to SRV even if we receive a NOTFOUND reply for NAPTR. + * fix route set with strict router. + * rename usage of -DHAVE_CARES_H into -DHAVE_ARES_H real name of header. + * remove warnings mainly related to socket API (getnameinfo/bind/accept/recv/connect/sendto) + * rewrite all loop using iterator to improve performance (useful for high load traffic) + * rewrite Via and Contact management: both will now contains the IP of the real network interface + instead of the default one. + * improve NAPTR failover, more reliable // add failover for 503 answer + * improve interval to force REGISTER refresh upon network error and failover. + * improve TCP socket management + * add a callback to simplify/optimize/accelerate usage of wakelocks in android application using exosip2. + * improve TLS, add TLSv1.1, TLSv1.2, disable weak cipher (FREAK) and enable ECDHE cipher. + * add support for SNI tls extension (openssl 1.0.2) + * add try/except on windows to catch possible missing qwave (windows server) + * implement a timeout (32 seconds) for establishing a TCP and TLS connection. + * if a connection is failing, report the failure asap. + * fix memory leak in eXosip_call_get_referto + * remove extra connect on socket for TCP and TLS (not allowed for tcp stream) + * fix to correctly discard INVITE retransmission with same branch received after original INVITE was replied + * add WSACleanup for each WSAStartup call (windows) + * do not include contact in BYE and CANCEL + * fix to use sips when appropriate (in Contact) + * fix to avoid handling negative content-length + * do not start naptr for incoming transactions. + * fix bug when rseq is empty but exist + * add support for QOS on windows. + * improve connection handling/failure detection, keep alive options, in TLS, TCP, UDP. + * update static IDs (cid/did/rid/pid) to use range from 0 to INT_MAX to avoid possible collision + * other minor updates. +- Drop libeXosip2-sslverifypaths.patch: fixed upstream. +- Add openssl110-fix.patch: fix build with openssl 1.1.0. + +------------------------------------------------------------------- Old: ---- libeXosip2-4.1.0.tar.gz libeXosip2-sslverifypaths.patch New: ---- libexosip2-5.0.0.tar.gz openssl110-fix.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libeXosip2.spec ++++++ --- /var/tmp/diff_new_pack.F3x2pL/_old 2018-01-09 14:52:21.970128515 +0100 +++ /var/tmp/diff_new_pack.F3x2pL/_new 2018-01-09 14:52:21.970128515 +0100 @@ -1,7 +1,7 @@ # # spec file for package libeXosip2 # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,20 +16,20 @@ # -%define soname libeXosip2-11 +%define soname libeXosip2-12 Name: libeXosip2 -Version: 4.1.0 +Version: 5.0.0 Release: 0 Summary: Extended osip2 library License: GPL-2.0 Group: Productivity/Networking/Other Url: http://savannah.nongnu.org/projects/exosip/ -Source: http://download.savannah.gnu.org/releases/exosip/%{name}-%{version}.tar.gz -Patch0: libeXosip2-sslverifypaths.patch +Source: http://download.savannah.nongnu.org/releases/exosip/libexosip2-%{version}.tar.gz +Patch0: openssl110-fix.patch BuildRequires: glibc-devel BuildRequires: pkg-config -BuildRequires: pkgconfig(libosip2) >= 4.1.0 +BuildRequires: pkgconfig(libosip2) >= 5.0.0 BuildRequires: pkgconfig(openssl) BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -57,7 +57,7 @@ Extended library for the osip2 protocol. %prep -%setup -q +%setup -q -n libexosip2-%{version} %patch0 -p0 %build ++++++ openssl110-fix.patch ++++++ Index: src/eXtl_dtls.c =================================================================== --- src/eXtl_dtls.c.orig +++ src/eXtl_dtls.c @@ -233,7 +233,7 @@ shutdown_free_client_dtls (struct eXosip BIO_ctrl (rbio, BIO_CTRL_DGRAM_SET_PEER, 0, (char *) &addr); - (reserved->socket_tab[pos].ssl_conn)->rbio = rbio; + SSL_set0_rbio((reserved->socket_tab[pos].ssl_conn), rbio); i = SSL_shutdown (reserved->socket_tab[pos].ssl_conn); @@ -562,12 +562,11 @@ dtls_tl_read_message (struct eXosip_t *e rbio = BIO_new_mem_buf (enc_buf, enc_buf_len); BIO_set_mem_eof_return (rbio, -1); - reserved->socket_tab[pos].ssl_conn->rbio = rbio; + SSL_set0_rbio(reserved->socket_tab[pos].ssl_conn, rbio); i = SSL_read (reserved->socket_tab[pos].ssl_conn, dec_buf, SIP_MESSAGE_MAX_LENGTH); /* done with the rbio */ - BIO_free (reserved->socket_tab[pos].ssl_conn->rbio); - reserved->socket_tab[pos].ssl_conn->rbio = BIO_new (BIO_s_mem ()); + SSL_set0_rbio(reserved->socket_tab[pos].ssl_conn, BIO_new (BIO_s_mem ())); if (i > 5) { dec_buf[i] = '\0'; @@ -947,7 +946,7 @@ dtls_tl_send_message (struct eXosip_t *e _dtls_stream_used = &reserved->socket_tab[pos]; rbio = BIO_new_dgram (reserved->dtls_socket, BIO_NOCLOSE); BIO_ctrl (rbio, BIO_CTRL_DGRAM_SET_PEER, 0, (char *) &addr); - reserved->socket_tab[pos].ssl_conn->rbio = rbio; + SSL_set0_rbio(reserved->socket_tab[pos].ssl_conn, rbio); break; } } @@ -961,7 +960,7 @@ dtls_tl_send_message (struct eXosip_t *e _dtls_stream_used = &reserved->socket_tab[pos]; rbio = BIO_new_dgram (reserved->dtls_socket, BIO_NOCLOSE); BIO_ctrl (rbio, BIO_CTRL_DGRAM_SET_PEER, 0, (char *) &addr); - reserved->socket_tab[pos].ssl_conn->rbio = rbio; + SSL_set0_rbio(reserved->socket_tab[pos].ssl_conn, rbio); break; } } Index: src/eXtl_tls.c =================================================================== --- src/eXtl_tls.c.orig +++ src/eXtl_tls.c @@ -841,7 +841,7 @@ verify_cb (int preverify_ok, X509_STORE_ * it for something special */ if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) { - X509_NAME_oneline (X509_get_issuer_name (store->current_cert), buf, 256); + X509_NAME_oneline (X509_get_issuer_name (X509_STORE_CTX_get_current_cert(store)), buf, 256); OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_ERROR, NULL, "issuer= %s\n", buf)); } @@ -969,7 +969,7 @@ RSA_generate_key (int bits, unsigned lon if (!rsa || !e) goto err; - /* The problem is when building with 8, 16, or 32 BN_ULONG, + /* The problem is when building with 8, 16, or 32 BN_ULONG, * unsigned long can be larger */ for (i = 0; i < (int) sizeof (unsigned long) * 8; i++) { if (e_value & (1UL << i)) @@ -1160,7 +1160,7 @@ initialize_client_ctx (struct eXosip_t * } else { /* this is used to add a trusted certificate */ - X509_STORE_add_cert (ctx->cert_store, cert); + X509_STORE_add_cert (SSL_CTX_get_cert_store(ctx), cert); } BIO_free (bio); } @@ -1231,16 +1231,21 @@ initialize_client_ctx (struct eXosip_t * if (excontext->tls_verify_client_certificate > 0 && sni_servernameindication!=NULL) { X509_STORE *pkix_validation_store = SSL_CTX_get_cert_store (ctx); const X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_lookup ("ssl_server"); - +#if (OPENSSL_VERSION_NUMBER > 0x10001000L) + X509_VERIFY_PARAM *store_param = X509_STORE_get0_param(pkix_validation_store); +#else + X509_VERIFY_PARAM *store_param = pkix_validation_store->param; +#endif + if (param != NULL) { /* const value, we have to copy (inherit) */ - if (X509_VERIFY_PARAM_inherit (pkix_validation_store->param, param)) { + if (X509_VERIFY_PARAM_inherit (store_param, param)) { X509_STORE_set_flags (pkix_validation_store, X509_V_FLAG_TRUSTED_FIRST); X509_STORE_set_flags (pkix_validation_store, X509_V_FLAG_PARTIAL_CHAIN); } else { OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_ERROR, NULL, "PARAM_inherit: failed for ssl_server\n")); } - if (X509_VERIFY_PARAM_set1_host (pkix_validation_store->param, sni_servernameindication, 0)) { - X509_VERIFY_PARAM_set_hostflags (pkix_validation_store->param, X509_CHECK_FLAG_NO_WILDCARDS); + if (X509_VERIFY_PARAM_set1_host (store_param, sni_servernameindication, 0)) { + X509_VERIFY_PARAM_set_hostflags (store_param, X509_CHECK_FLAG_NO_WILDCARDS); } else { OSIP_TRACE (osip_trace (__FILE__, __LINE__, OSIP_ERROR, NULL, "PARAM_set1_host: %s failed\n", sni_servernameindication)); }
