[gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/, net-libs/pjproject/files/
commit: de95d5bb2d85d57be5c31fad028d148f5321d542 Author: orbea riseup net> AuthorDate: Wed Jul 6 04:11:55 2022 + Commit: Quentin Retornaz retornaz com> CommitDate: Sun Jul 10 22:49:23 2022 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=de95d5bb net-libs/pjproject: Remove old version Signed-off-by: orbea riseup.net> Closes: https://github.com/gentoo/libressl/pull/437 Signed-off-by: Quentin Retornaz retornaz.com> net-libs/pjproject/Manifest| 1 - .../pjproject/files/pjproject-2.7.2-libressl.patch | 98 -- .../files/pjproject-2.7.2-ssl-flipflop.patch | 103 --- net-libs/pjproject/pjproject-2.7.2-r2.ebuild | 114 - 4 files changed, 316 deletions(-) diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest index 6adb41c..048f8a5 100644 --- a/net-libs/pjproject/Manifest +++ b/net-libs/pjproject/Manifest @@ -1,2 +1 @@ DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893 -DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7 SHA512 3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd diff --git a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch b/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch deleted file mode 100644 index 07efa9c..000 --- a/net-libs/pjproject/files/pjproject-2.7.2-libressl.patch +++ /dev/null @@ -1,98 +0,0 @@ -Index: /third_party/srtp/crypto/hash/hmac_ossl.c -=== /third_party/srtp/crypto/hash/hmac_ossl.c (revision 5725) -+++ /third_party/srtp/crypto/hash/hmac_ossl.c (revision 5726) -@@ -52,6 +52,8 @@ - #include - #include -+#include - - #define SHA1_DIGEST_SIZE 20 -+#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER)) - - /* the debug module for authentiation */ -@@ -77,5 +79,5 @@ - /* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated -using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ --#if OPENSSL_VERSION_NUMBER < 0x1010L -+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x1010L - { - /* allocate memory for auth and HMAC_CTX structures */ -@@ -122,5 +124,5 @@ - hmac_ctx = (HMAC_CTX*)a->state; - --#if OPENSSL_VERSION_NUMBER < 0x1010L -+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x1010L - HMAC_CTX_cleanup(hmac_ctx); - -Index: /pjlib/src/pj/ssl_sock_ossl.c -=== /pjlib/src/pj/ssl_sock_ossl.c (revision 5725) -+++ /pjlib/src/pj/ssl_sock_ossl.c (revision 5726) -@@ -56,6 +56,10 @@ - #include - #include -- --#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#include -+ -+#define USING_LIBRESSL (defined(LIBRESSL_VERSION_NUMBER)) -+ -+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \ -+ && OPENSSL_VERSION_NUMBER >= 0x1000200fL - - # include -@@ -115,5 +119,5 @@ - - --#if OPENSSL_VERSION_NUMBER >= 0x1010L -+#if !USING_LIBRESSL && OPENSSL_VERSION_NUMBER >= 0x1010L - # define OPENSSL_NO_SSL2 /* seems to be removed in 1.1.0 */ - # define M_ASN1_STRING_data(x) ASN1_STRING_get0_data(x) -@@ -539,5 +543,5 @@ - - /* Init OpenSSL lib */ --#if OPENSSL_VERSION_NUMBER < 0x1010L -+#if USING_LIBRESSL || OPENSSL_VERSION_NUMBER < 0x1010L - SSL_library_init(); - SSL_load_error_strings(); -@@ -560,5 +564,7 @@ - const char *cname; - --#if OPENSSL_VERSION_NUMBER < 0x1010L -+#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\ -+|| OPENSSL_VERSION_NUMBER < 0x1010L -+ - meth = (SSL_METHOD*)SSLv23_server_method(); - if (!meth) -@@ -603,5 +609,6 @@ - SSL_set_session(ssl, SSL_SESSION_new()); - --#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >= 0x1000200fL -+#if !USING_LIBRESSL && !defined(OPENSSL_NO_EC) \ -+&& OPENSSL_VERSION_NUMBER >= 0x1000200fL - openssl_curves_num = SSL_get_shared_curve(ssl,-1); - if (openssl_curves_num > PJ_ARRAY_SIZE(openssl_curves)) -@@ -795,5 +802,6 @@ - - /* Determine SSL method to use */ --#if OPENSSL_VERSION_NUMBER < 0x1010L -+#if (USING_LIBRESSL && LIBRESSL_VERSION_NUMBER < 0x2020100fL)\ -+|| OPENSSL_VERSION_NUMBER < 0x1010L - switch (ssock->param.proto) { - case PJ_SSL_SOCK_PROTO_TLS1: -@@ -1232,5 +1240,6 @@ - static pj_status_t set_curves_list(pj_ssl_sock_t *ssock) - { --#if !defined(OPENSSL_NO_EC) && OPENSSL_VERSION_NUMBER >=
[gentoo-commits] repo/proj/libressl:master commit in: net-libs/pjproject/, net-libs/pjproject/files/
commit: df7659707786500b32825b8407c13c30b9ef4201 Author: orbea riseup net> AuthorDate: Wed Jul 6 04:10:42 2022 + Commit: Quentin Retornaz retornaz com> CommitDate: Sun Jul 10 22:49:19 2022 + URL:https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=df765970 net-libs/pjproject: Add 2.10-r2 Signed-off-by: orbea riseup.net> Signed-off-by: Quentin Retornaz retornaz.com> net-libs/pjproject/Manifest| 1 + ...ct-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 + ...-CVE-2021-21375-negotiation-failure-crash.patch | 45 ...21-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch | 289 + .../pjproject/files/pjproject-2.10-libressl.patch | 17 ++ ...ion-between-transport-destroy-and-acquire.patch | 108 .../pjproject/files/pjproject-2.9-config_site.h| 74 ++ .../pjproject/files/pjproject-2.9-ssl-enable.patch | 100 +++ net-libs/pjproject/metadata.xml| 8 +- net-libs/pjproject/pjproject-2.10-r2.ebuild| 126 + 10 files changed, 890 insertions(+), 3 deletions(-) diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest index 0b9f89a..6adb41c 100644 --- a/net-libs/pjproject/Manifest +++ b/net-libs/pjproject/Manifest @@ -1 +1,2 @@ +DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893 DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7 SHA512 3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch new file mode 100644 index 000..0d7df68 --- /dev/null +++ b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch @@ -0,0 +1,125 @@ +From 67e46c1ac45ad784db5b9080f5ed8b133c122872 Mon Sep 17 00:00:00 2001 +From: sauwming +Date: Mon, 8 Mar 2021 17:39:36 +0800 +Subject: [PATCH] Merge pull request from GHSA-8hcp-hm38-mfph + +* Check hostname during TLS transport selection + +* revision based on feedback + +* remove the code in create_request that has been moved +--- + pjsip/include/pjsip/sip_dialog.h | 1 + + pjsip/src/pjsip/sip_dialog.c | 15 +++ + pjsip/src/pjsip/sip_transport.c | 13 + + pjsip/src/pjsip/sip_util.c | 11 --- + 4 files changed, 37 insertions(+), 3 deletions(-) + +diff --git a/pjsip/include/pjsip/sip_dialog.h b/pjsip/include/pjsip/sip_dialog.h +index a0214d28c..e314c2ece 100644 +--- a/pjsip/include/pjsip/sip_dialog.h b/pjsip/include/pjsip/sip_dialog.h +@@ -165,6 +165,7 @@ struct pjsip_dialog + pjsip_route_hdr route_set; /**< Route set. */ + pj_bool_t route_set_frozen; /**< Route set has been set. */ + pjsip_auth_clt_sess auth_sess; /**< Client authentication session. */ ++pj_str_t initial_dest;/**< Initial destination host. */ + + /** Session counter. */ + int sess_count; /**< Number of sessions. */ +diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c +index 27530e4f2..9571b5a35 100644 +--- a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c +@@ -467,6 +467,10 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua, + + /* Save the remote info. */ + pj_strdup(dlg->pool, >remote.info_str, ); ++ ++/* Save initial destination host from transport's info */ ++pj_strdup(dlg->pool, >initial_dest, ++>tp_info.transport->remote_name.host); + + + /* Init remote's contact from Contact header. +@@ -1192,6 +1196,12 @@ static pj_status_t dlg_create_request_throw( pjsip_dialog *dlg, + return status; + } + ++/* Copy the initial destination host to tdata. This information can be ++ * used later by transport for transport selection. ++ */ ++if (dlg->initial_dest.slen) ++ pj_strdup(tdata->pool, >dest_info.name, >initial_dest); ++ + /* Done. */ + *p_tdata = tdata; + +@@ -1822,6 +1832,11 @@ static void dlg_update_routeset(pjsip_dialog *dlg, const pjsip_rx_data *rdata) + * transaction as the initial transaction that establishes dialog. + */ + if (dlg->role == PJSIP_ROLE_UAC) { ++ /* Save initial destination host from transport's info. */ ++ if (!dlg->initial_dest.slen) { ++ pj_strdup(dlg->pool, >initial_dest, ++>tp_info.transport->remote_name.host); ++ } + +