subject:"\[gentoo\-commits\] repo\/proj\/libressl\:master commit in\: net\-libs\/pjproject\/, net\-libs\/pjproject\/files\/"

[gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/, net-libs/pjproject/files/

2022-07-10 Thread Quentin Retornaz

commit: de95d5bb2d85d57be5c31fad028d148f5321d542
Author: orbea  riseup  net>
AuthorDate: Wed Jul  6 04:11:55 2022 +
Commit: Quentin Retornaz  retornaz  com>
CommitDate: Sun Jul 10 22:49:23 2022 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=de95d5bb

net-libs/pjproject: Remove old version

Signed-off-by: orbea  riseup.net>
Closes: https://github.com/gentoo/libressl/pull/437
Signed-off-by: Quentin Retornaz  retornaz.com>

 net-libs/pjproject/Manifest|   1 -
 .../pjproject/files/pjproject-2.7.2-libressl.patch |  98 --
 .../files/pjproject-2.7.2-ssl-flipflop.patch   | 103 ---
 net-libs/pjproject/pjproject-2.7.2-r2.ebuild   | 114 -
 4 files changed, 316 deletions(-)

diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index 6adb41c..048f8a5 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1,2 +1 @@
 DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 
42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa
 SHA512 
a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893
-DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 
44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7
 SHA512 
3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd

diff --git a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch 
b/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch
deleted file mode 100644
index 07efa9c..000
--- a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-Index: /third_party/srtp/crypto/hash/hmac_ossl.c
-===
 /third_party/srtp/crypto/hash/hmac_ossl.c  (revision 5725)
-+++ /third_party/srtp/crypto/hash/hmac_ossl.c  (revision 5726)
-@@ -52,6 +52,8 @@
- #include 
- #include 
-+#include 
- 
- #define SHA1_DIGEST_SIZE  20
-+#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER))
- 
- /* the debug module for authentiation */
-@@ -77,5 +79,5 @@
- /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated
-using HMAC_CTX_new.  But this function doesn't exist in OpenSSL 1.0.x. */
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x1010L
- {
- /* allocate memory for auth and HMAC_CTX structures */
-@@ -122,5 +124,5 @@
- hmac_ctx = (HMAC_CTX*)a->state;
- 
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x1010L
- HMAC_CTX_cleanup(hmac_ctx);
- 
-Index: /pjlib/src/pj/ssl_sock_ossl.c
-===
 /pjlib/src/pj/ssl_sock_ossl.c  (revision 5725)
-+++ /pjlib/src/pj/ssl_sock_ossl.c  (revision 5726)
-@@ -56,6 +56,10 @@
- #include 
- #include 
--
--#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#include 
-+
-+#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER))
-+
-+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
-+  && OPENSSL_VERSION_NUMBER >= 0x1000200fL
- 
- #   include 
-@@ -115,5 +119,5 @@
- 
- 
--#if OPENSSL_VERSION_NUMBER >= 0x1010L
-+#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x1010L
- #  define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */
- #  define M_ASN1_STRING_data(x)   ASN1_STRING_get0_data(x)
-@@ -539,5 +543,5 @@
- 
- /* Init OpenSSL lib */
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x1010L
- SSL_library_init();
- SSL_load_error_strings();
-@@ -560,5 +564,7 @@
-   const char *cname;
- 
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\
-+|| OPENSSL_VERSION_NUMBER < 0x1010L
-+
-   meth = (SSL_METHOD*)SSLv23_server_method();
-   if (!meth)
-@@ -603,5 +609,6 @@
-   SSL_set_session(ssl, SSL_SESSION_new());
- 
--#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL
-+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \
-+&& OPENSSL_VERSION_NUMBER >= 0x1000200fL
-   openssl_curves_num = SSL_get_shared_curve(ssl,-1);
-   if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves))
-@@ -795,5 +802,6 @@
- 
- /* Determine SSL method to use */
--#if OPENSSL_VERSION_NUMBER < 0x1010L
-+#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\
-+|| OPENSSL_VERSION_NUMBER < 0x1010L
- switch (ssock->param.proto) {
- case PJ_SSL_SOCK_PROTO_TLS1:
-@@ -1232,5 +1240,6 @@
- static pj_status_t set_curves_list(pj_ssl_sock_t *ssock)
- {
--#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >=

[gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/, net-libs/pjproject/files/

2022-07-10 Thread Quentin Retornaz

commit: df7659707786500b32825b8407c13c30b9ef4201
Author: orbea  riseup  net>
AuthorDate: Wed Jul  6 04:10:42 2022 +
Commit: Quentin Retornaz  retornaz  com>
CommitDate: Sun Jul 10 22:49:19 2022 +
URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=df765970

net-libs/pjproject: Add 2.10-r2

Signed-off-by: orbea  riseup.net>
Signed-off-by: Quentin Retornaz  retornaz.com>

 net-libs/pjproject/Manifest|   1 +
 ...ct-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 +
 ...-CVE-2021-21375-negotiation-failure-crash.patch |  45 
 ...21-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch | 289 +
 .../pjproject/files/pjproject-2.10-libressl.patch  |  17 ++
 ...ion-between-transport-destroy-and-acquire.patch | 108 
 .../pjproject/files/pjproject-2.9-config_site.h|  74 ++
 .../pjproject/files/pjproject-2.9-ssl-enable.patch | 100 +++
 net-libs/pjproject/metadata.xml|   8 +-
 net-libs/pjproject/pjproject-2.10-r2.ebuild| 126 +
 10 files changed, 890 insertions(+), 3 deletions(-)

diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index 0b9f89a..6adb41c 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1 +1,2 @@
+DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 
42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa
 SHA512 
a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893
 DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 
44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7
 SHA512 
3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd

diff --git 
a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
 
b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
new file mode 100644
index 000..0d7df68
--- /dev/null
+++ 
b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
@@ -0,0 +1,125 @@
+From 67e46c1ac45ad784db5b9080f5ed8b133c122872 Mon Sep 17 00:00:00 2001
+From: sauwming 
+Date: Mon, 8 Mar 2021 17:39:36 +0800
+Subject: [PATCH] Merge pull request from GHSA-8hcp-hm38-mfph
+
+* Check hostname during TLS transport selection
+
+* revision based on feedback
+
+* remove the code in create_request that has been moved
+---
+ pjsip/include/pjsip/sip_dialog.h |  1 +
+ pjsip/src/pjsip/sip_dialog.c | 15 +++
+ pjsip/src/pjsip/sip_transport.c  | 13 +
+ pjsip/src/pjsip/sip_util.c   | 11 ---
+ 4 files changed, 37 insertions(+), 3 deletions(-)
+
+diff --git a/pjsip/include/pjsip/sip_dialog.h 
b/pjsip/include/pjsip/sip_dialog.h
+index a0214d28c..e314c2ece 100644
+--- a/pjsip/include/pjsip/sip_dialog.h
 b/pjsip/include/pjsip/sip_dialog.h
+@@ -165,6 +165,7 @@ struct pjsip_dialog
+ pjsip_route_hdr   route_set;  /**< Route set. */
+ pj_bool_t route_set_frozen; /**< Route set has been set.  */
+ pjsip_auth_clt_sess   auth_sess;  /**< Client authentication session. 
*/
++pj_str_t  initial_dest;/**< Initial destination host. */
+ 
+ /** Session counter. */
+ int   sess_count; /**< Number of sessions.
*/
+diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c
+index 27530e4f2..9571b5a35 100644
+--- a/pjsip/src/pjsip/sip_dialog.c
 b/pjsip/src/pjsip/sip_dialog.c
+@@ -467,6 +467,10 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua,
+ 
+ /* Save the remote info. */
+ pj_strdup(dlg->pool, >remote.info_str, );
++
++/* Save initial destination host from transport's info */
++pj_strdup(dlg->pool, >initial_dest,
++>tp_info.transport->remote_name.host);
+ 
+ 
+ /* Init remote's contact from Contact header.
+@@ -1192,6 +1196,12 @@ static pj_status_t dlg_create_request_throw( 
pjsip_dialog *dlg,
+   return status;
+ }
+ 
++/* Copy the initial destination host to tdata. This information can be
++ * used later by transport for transport selection.
++ */
++if (dlg->initial_dest.slen)
++  pj_strdup(tdata->pool, >dest_info.name, >initial_dest);
++
+ /* Done. */
+ *p_tdata = tdata;
+ 
+@@ -1822,6 +1832,11 @@ static void dlg_update_routeset(pjsip_dialog *dlg, 
const pjsip_rx_data *rdata)
+  * transaction as the initial transaction that establishes dialog.
+  */
+ if (dlg->role == PJSIP_ROLE_UAC) {
++  /* Save initial destination host from transport's info. */
++  if (!dlg->initial_dest.slen) {
++  pj_strdup(dlg->pool, >initial_dest,
++>tp_info.transport->remote_name.host);
++  }
+ 
+

[gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/, net-libs/pjproject/files/

[gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/, net-libs/pjproject/files/

2 matches

Site Navigation

Mail list logo

Footer information