On Sat, Nov 03, 2018 at 03:13:05PM +0100, Sebastien Marie wrote:
> Hi,
>
> Here an update for pjsua (from 2.4.5 to 2.8).
>
> It updates the underline sip framework pjsip.
>
> I enabled video support in pjsip mostly for testing purpose, but we
> currently don't have application using it (pjsua is audio-only).
>
> libwebrtc is disable because it failed to compile, and I disabled ffmpeg
> too, to avoid too big dependency for video (which is only enabled for
> testing).
>
> pjsua still works well.
>
> Thanks.
> --
> Sebastien Marie
>
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/telephony/pjsua/Makefile,v
> retrieving revision 1.43
> diff -u -p -r1.43 Makefile
> --- Makefile 5 Aug 2017 12:31:01 -0000 1.43
> +++ Makefile 3 Nov 2018 13:53:36 -0000
> @@ -3,14 +3,13 @@
> COMMENT-main= multimedia communication library (SIP, RTP, ICE, etc)
> COMMENT-pjsua= lightweight sip client
>
> -V= 2.4.5
> -REVISION= 2
> +V= 2.8
> DISTNAME= pjproject-$V
> PKGNAME-main= pjsip-$V
> PKGNAME-pjsua= pjsua-$V
> EXTRACT_SUFX= .tar.bz2
>
> -LIBVER= 0.0
> +LIBVER= 1.0
> SHARED_LIBS += g7221codec ${LIBVER}
> SHARED_LIBS += ilbccodec ${LIBVER}
> SHARED_LIBS += pj ${LIBVER}
> @@ -26,34 +25,41 @@ SHARED_LIBS += pjsip
> SHARED_LIBS += pjsua ${LIBVER}
> SHARED_LIBS += pjsua2 ${LIBVER}
> SHARED_LIBS += resample ${LIBVER}
> +SHARED_LIBS += yuv ${LIBVER}
>
> CATEGORIES= telephony
>
> -HOMEPAGE= http://www.pjsip.org/
> -MASTER_SITES= ${HOMEPAGE}release/$V/
> +HOMEPAGE= https://www.pjsip.org/
> +MASTER_SITES= https://www.pjsip.org/release/$V/
>
> # GPLv2+
> PERMIT_PACKAGE_CDROM= Yes
>
> -WANTLIB += crypto gsm m opencore-amrnb opencore-amrwb portaudio pthread
> -WANTLIB += speex speexdsp ssl
> +WANTLIB += SDL2 crypto gsm m opencore-amrnb opencore-amrwb opus
> +WANTLIB += portaudio speex speexdsp ssl v4l2
>
> WANTLIB-pjsua += ${WANTLIB}
> WANTLIB-pjsua += c g7221codec ilbccodec pj pjlib-util pjmedia
> pjmedia-audiodev
> WANTLIB-pjsua += pjmedia-codec pjmedia-videodev pjnath pjsip pjsip-simple
> -WANTLIB-pjsua += pjsip-ua pjsua resample
> +WANTLIB-pjsua += pjsip-ua pjsua pthread resample yuv
>
> -WANTLIB-main = ${WANTLIB} ${COMPILER_LIBCXX}
> +WANTLIB-main += ${WANTLIB} ${COMPILER_LIBCXX}
>
> MULTI_PACKAGES= -main -pjsua
>
> LIB_DEPENDS-main= audio/gsm \
> + audio/opus \
> audio/opencore-amr \
> audio/portaudio-svn \
> - audio/speex
> + audio/speex \
> + devel/sdl2 \
> + multimedia/libv4l
>
> LIB_DEPENDS-pjsua= telephony/pjsua,-main \
> - audio/portaudio-svn
> + audio/portaudio-svn \
> + audio/opus \
> + devel/sdl2 \
> + multimedia/libv4l
>
> # statically linked
> BUILD_DEPENDS= security/libsrtp
> @@ -61,12 +67,12 @@ BUILD_DEPENDS= security/libsrtp
> CONFIGURE_STYLE= autoconf no-autoheader
> AUTOCONF_VERSION= 2.69
> CONFIGURE_ARGS= --enable-shared \
> - --disable-oss \
> - --disable-video \
> --with-external-gsm \
> --with-external-pa \
> --with-external-speex \
> - --with-external-srtp
> + --with-external-srtp \
> + --disable-libwebrtc \
> + --disable-ffmpeg
> CFLAGS+= -DNDEBUG -DPJ_HAS_IPV6=1 -I${LOCALBASE}/include
> CONFIGURE_ENV= CFLAGS="${CFLAGS}" \
> LDFLAGS="-L${LOCALBASE}/lib"
> Index: distinfo
> ===================================================================
> RCS file: /cvs/ports/telephony/pjsua/distinfo,v
> retrieving revision 1.17
> diff -u -p -r1.17 distinfo
> --- distinfo 9 Oct 2015 21:28:13 -0000 1.17
> +++ distinfo 3 Nov 2018 13:53:37 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (pjproject-2.4.5.tar.bz2) =
> CG9ecNyu4xK2bdwk2sbvhebx/sTu0A/ykVzr4O483Y0=
> -SIZE (pjproject-2.4.5.tar.bz2) = 4654415
> +SHA256 (pjproject-2.8.tar.bz2) = UD0L1/nxPcFJKsm3G3YbEImFH7tgi5oTmW7cPEIAb3k=
> +SIZE (pjproject-2.8.tar.bz2) = 4976501
> Index: patches/patch-configure_ac
> ===================================================================
> RCS file: /cvs/ports/telephony/pjsua/patches/patch-configure_ac,v
> retrieving revision 1.1
> diff -u -p -r1.1 patch-configure_ac
> --- patches/patch-configure_ac 9 Oct 2015 21:28:13 -0000 1.1
> +++ patches/patch-configure_ac 3 Nov 2018 13:53:36 -0000
> @@ -1,6 +1,8 @@
> $OpenBSD: patch-configure_ac,v 1.1 2015/10/09 21:28:13 sthen Exp $
> ---- configure.ac.orig Tue Aug 19 03:18:07 2014
> -+++ configure.ac Fri Feb 20 20:11:42 2015
> +
> +Index: configure.ac
> +--- configure.ac.orig
> ++++ configure.ac
> @@ -114,6 +114,7 @@ AC_CHECK_LIB(winmm,puts)
> AC_CHECK_LIB(socket,puts)
> AC_CHECK_LIB(rt,puts)
> @@ -9,7 +11,7 @@ $OpenBSD: patch-configure_ac,v 1.1 2015/
> AC_CHECK_LIB(uuid,uuid_generate)
> AC_CHECK_LIB(uuid,uuid_generate,[ac_has_uuid_lib=1])
> AC_SEARCH_LIBS(gethostbyname,nsl)
> -@@ -256,6 +257,7 @@ AC_CHECK_HEADER(mswsock.h,[AC_DEFINE(PJ_HAS_MSWSOCK_H,
> +@@ -259,6 +260,7 @@ AC_CHECK_HEADER(mswsock.h,[AC_DEFINE(PJ_HAS_MSWSOCK_H,
> #endif
> ])
> AC_CHECK_HEADER(ws2tcpip.h,[AC_DEFINE(PJ_HAS_WS2TCPIP_H,1)])
> Index: patches/patch-pjsip_src_pjsip_sip_dialog_c
> ===================================================================
> RCS file: patches/patch-pjsip_src_pjsip_sip_dialog_c
> diff -N patches/patch-pjsip_src_pjsip_sip_dialog_c
> --- patches/patch-pjsip_src_pjsip_sip_dialog_c 5 Jun 2012 23:15:23
> -0000 1.1
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,11 +0,0 @@
> -$OpenBSD: patch-pjsip_src_pjsip_sip_dialog_c,v 1.1 2012/06/05 23:15:23 fgsch
> Exp $
> ---- pjsip/src/pjsip/sip_dialog.c.orig Fri Jun 1 03:38:55 2012
> -+++ pjsip/src/pjsip/sip_dialog.c Fri Jun 1 03:39:01 2012
> -@@ -111,6 +111,7 @@ on_error:
> - static void destroy_dialog( pjsip_dialog *dlg )
> - {
> - if (dlg->mutex_) {
> -+ pj_mutex_unlock(dlg->mutex_);
> - pj_mutex_destroy(dlg->mutex_);
> - dlg->mutex_ = NULL;
> - }
> Index: pkg/PLIST-main
> ===================================================================
> RCS file: /cvs/ports/telephony/pjsua/pkg/PLIST-main,v
> retrieving revision 1.1
> diff -u -p -r1.1 PLIST-main
> --- pkg/PLIST-main 9 Oct 2015 21:28:13 -0000 1.1
> +++ pkg/PLIST-main 3 Nov 2018 13:53:38 -0000
> @@ -29,6 +29,7 @@ include/pj/compat/cc_mwcc.h
> include/pj/compat/ctype.h
> include/pj/compat/errno.h
> include/pj/compat/high_precision.h
> +include/pj/compat/limits.h
> include/pj/compat/m_alpha.h
> include/pj/compat/m_armv4.h
> include/pj/compat/m_auto.h
> @@ -43,13 +44,14 @@ include/pj/compat/os_auto.h
> include/pj/compat/os_auto.h.in
> include/pj/compat/os_darwinos.h
> include/pj/compat/os_linux.h
> -include/pj/compat/os_linux_kernel.h
> include/pj/compat/os_palmos.h
> include/pj/compat/os_rtems.h
> include/pj/compat/os_sunos.h
> include/pj/compat/os_symbian.h
> include/pj/compat/os_win32.h
> include/pj/compat/os_win32_wince.h
> +include/pj/compat/os_winphone8.h
> +include/pj/compat/os_winuwp.h
> include/pj/compat/rand.h
> include/pj/compat/setjmp.h
> include/pj/compat/size_t.h
> @@ -72,6 +74,7 @@ include/pj/guid.h
> include/pj/hash.h
> include/pj/ioqueue.h
> include/pj/ip_helper.h
> +include/pj/limits.h
> include/pj/list.h
> include/pj/list_i.h
> include/pj/lock.h
> @@ -136,6 +139,7 @@ include/pjmedia-codec.h
> include/pjmedia-codec/amr_helper.h
> include/pjmedia-codec/amr_sdp_match.h
> include/pjmedia-codec/audio_codecs.h
> +include/pjmedia-codec/bcg729.h
> include/pjmedia-codec/config.h
> include/pjmedia-codec/config_auto.h
> include/pjmedia-codec/config_auto.h.in
> @@ -151,10 +155,12 @@ include/pjmedia-codec/ipp_codecs.h
> include/pjmedia-codec/l16.h
> include/pjmedia-codec/opencore_amr.h
> include/pjmedia-codec/openh264.h
> +include/pjmedia-codec/opus.h
> include/pjmedia-codec/passthrough.h
> include/pjmedia-codec/silk.h
> include/pjmedia-codec/speex.h
> include/pjmedia-codec/types.h
> +include/pjmedia-codec/vid_toolbox.h
> include/pjmedia-videodev/
> include/pjmedia-videodev/avi_dev.h
> include/pjmedia-videodev/config.h
> @@ -164,6 +170,7 @@ include/pjmedia-videodev/videodev.h
> include/pjmedia-videodev/videodev_imp.h
> include/pjmedia.h
> include/pjmedia/alaw_ulaw.h
> +include/pjmedia/audiodev.h
> include/pjmedia/avi.h
> include/pjmedia/avi_stream.h
> include/pjmedia/bidirectional.h
> @@ -193,6 +200,7 @@ include/pjmedia/plc.h
> include/pjmedia/port.h
> include/pjmedia/resample.h
> include/pjmedia/rtcp.h
> +include/pjmedia/rtcp_fb.h
> include/pjmedia/rtcp_xr.h
> include/pjmedia/rtp.h
> include/pjmedia/sdp.h
> @@ -220,6 +228,7 @@ include/pjmedia/vid_codec_util.h
> include/pjmedia/vid_port.h
> include/pjmedia/vid_stream.h
> include/pjmedia/vid_tee.h
> +include/pjmedia/videodev.h
> include/pjmedia/wav_playlist.h
> include/pjmedia/wav_port.h
> include/pjmedia/wave.h
> @@ -327,4 +336,5 @@ include/pjsua2/types.hpp
> @lib lib/libpjsua.so.${LIBpjsua_VERSION}
> @lib lib/libpjsua2.so.${LIBpjsua2_VERSION}
> @lib lib/libresample.so.${LIBresample_VERSION}
> +@lib lib/libyuv.so.${LIByuv_VERSION}
> lib/pkgconfig/libpjproject.pc
>
Hi,
I don't use this particular software, but I am working on a automated CVE
checker similar to pkg audit on NetBSD, FreeBSD. It parses the FreeBSD VuXML
and compares the version ranges against a package list like /usr/ports/INDEX or
pkg_info.
Source file: https://vuxml.freebsd.org/
I think this package was affected by the following issues:
https://downloads.asterisk.org/pub/security/AST-2018-002.html
https://downloads.asterisk.org/pub/security/AST-2017-009.html
https://downloads.asterisk.org/pub/security/AST-2017-002.html
https://downloads.asterisk.org/pub/security/AST-2016-005.html
Should it be marked in the cve_quirks list?
--
Kind regards,
Hiltjo
