From ab7d46ec358390d6aec5ee365d64dd484a52cb32 Mon Sep 17 00:00:00 2001 From: Sebastian Kemper Date: Sun, 4 Mar 2018 18:09:29 +0100 Subject: [PATCH 1/5] freeswitch-stable: move source file copying to Build/Compile Some source files need to be copied into PKG_BUILD_DIR. This is currently done in Build/Prepare. When PKG_CONFIG_DEPENDS causes a reconfiguration, Build/Prepare is not triggered again, meaning needed source files would not be copied. Move these lines to Build/Compile to address this. Signed-off-by: Sebastian Kemper --- net/freeswitch-stable/Makefile | 37 +++++++++++++++++----------------- 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/net/freeswitch-stable/Makefile b/net/freeswitch-stable/Makefile index 9b44730..d62740b 100644 --- a/net/freeswitch-stable/Makefile +++ b/net/freeswitch-stable/Makefile @@ -957,24 +957,6 @@ define Build/Prepare $(SED) 's|$(FS_STABLE_ANCHOR)|APR_SETVAR(LDFLAGS,$(FS_STABLE_APR_LIBS) $(TARGET_LDFLAGS))|' \ $(PKG_BUILD_DIR)/libs/unimrcp/build/acmacros/apr.m4 -ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-event_zmq),) - $(CP) $(DL_DIR)/$(FS_STABLE_ZEROMQ_FILE) $(PKG_BUILD_DIR)/libs -endif - -ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-pocketsphinx)$(CONFIG_PACKAGE_$(PKG_NAME)-misc-grammar),) - $(CP) $(DL_DIR)/$(FS_STABLE_POCKETSPHINX_FILE) $(PKG_BUILD_DIR)/libs - $(CP) $(DL_DIR)/$(FS_STABLE_SPHINXBASE_FILE) $(PKG_BUILD_DIR)/libs - $(CP) $(DL_DIR)/$(FS_STABLE_SPHINXMODEL_FILE) $(PKG_BUILD_DIR)/libs -endif - -ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-radius_cdr),) - $(CP) $(DL_DIR)/$(FS_STABLE_FREERADIUS_CLIENT_FILE) $(PKG_BUILD_DIR)/libs -endif - -ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-v8),) - $(CP) $(DL_DIR)/$(FS_STABLE_V8_FILE) $(PKG_BUILD_DIR)/libs -endif - # Hack for misc-grammar - needs mod_pocketsphinx to provide grammar files ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-misc-grammar),) ifeq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-pocketsphinx),) @@ -998,6 +980,25 @@ endif endef define Build/Compile +# Copy some source files if certain modules are selected +ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-event_zmq),) + $(CP) $(DL_DIR)/$(FS_STABLE_ZEROMQ_FILE) $(PKG_BUILD_DIR)/libs +endif + +ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-pocketsphinx)$(CONFIG_PACKAGE_$(PKG_NAME)-misc-grammar),) + $(CP) $(DL_DIR)/$(FS_STABLE_POCKETSPHINX_FILE) $(PKG_BUILD_DIR)/libs + $(CP) $(DL_DIR)/$(FS_STABLE_SPHINXBASE_FILE) $(PKG_BUILD_DIR)/libs + $(CP) $(DL_DIR)/$(FS_STABLE_SPHINXMODEL_FILE) $(PKG_BUILD_DIR)/libs +endif + +ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-radius_cdr),) + $(CP) $(DL_DIR)/$(FS_STABLE_FREERADIUS_CLIENT_FILE) $(PKG_BUILD_DIR)/libs +endif + +ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-v8),) + $(CP) $(DL_DIR)/$(FS_STABLE_V8_FILE) $(PKG_BUILD_DIR)/libs +endif + # Compile FreeTDM first ifneq ($(CONFIG_PACKAGE_$(PKG_LIBFTDM)),) $(call Build/Compile/Default,-C $(PKG_BUILD_DIR)/libs/$(FTDM)) From ee3add9b9c5d564e98ff8459a3813d9c4f9819a1 Mon Sep 17 00:00:00 2001 From: Sebastian Kemper Date: Sun, 4 Mar 2018 18:25:11 +0100 Subject: [PATCH 2/5] freeswitch-stable: move module selection to Build/Configure Currently the routine that sets up the modules.conf file resides in Build/Prepare. When PKG_CONFIG_DEPENDS causes a reconfiguration, Build/Prepare is not triggered. So if another module gets selected in menuconfig, this module would not be added to modules.conf, meaning the rebuild would fail. Add the routine to Build/Compile to address this. Signed-off-by: Sebastian Kemper --- net/freeswitch-stable/Makefile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/net/freeswitch-stable/Makefile b/net/freeswitch-stable/Makefile index d62740b..97c8219 100644 --- a/net/freeswitch-stable/Makefile +++ b/net/freeswitch-stable/Makefile @@ -949,14 +949,17 @@ define Build/Prepare echo '#applications/mod_random' >> $(PKG_BUILD_DIR)/modules.conf echo '#codecs/mod_yuv' >> $(PKG_BUILD_DIR)/modules.conf echo '#event_handlers/mod_event_test' >> $(PKG_BUILD_DIR)/modules.conf + + $(SED) 's|$(FS_STABLE_ANCHOR)|APR_SETVAR(LDFLAGS,$(FS_STABLE_APR_LIBS) $(TARGET_LDFLAGS))|' \ + $(PKG_BUILD_DIR)/libs/unimrcp/build/acmacros/apr.m4 +endef + +define Build/Configure $(SED) '/^#/!s/^/#/' $(PKG_BUILD_DIR)/modules.conf $(foreach m,$(FS_STABLE_MOD_AVAILABLE), $(if $(CONFIG_PACKAGE_$(PKG_NAME)-mod-$(m)), $(SED) '/mod_$(m)$$$$/s/^#//' $(PKG_BUILD_DIR)/modules.conf)) - $(SED) 's|$(FS_STABLE_ANCHOR)|APR_SETVAR(LDFLAGS,$(FS_STABLE_APR_LIBS) $(TARGET_LDFLAGS))|' \ - $(PKG_BUILD_DIR)/libs/unimrcp/build/acmacros/apr.m4 - # Hack for misc-grammar - needs mod_pocketsphinx to provide grammar files ifneq ($(CONFIG_PACKAGE_$(PKG_NAME)-misc-grammar),) ifeq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-pocketsphinx),) @@ -977,6 +980,8 @@ ifeq ($(CONFIG_PACKAGE_$(PKG_NAME)-mod-sofia),) $(SED) '/mod_sofia$$$$/s/^#//' $(PKG_BUILD_DIR)/modules.conf endif endif + + $(call Build/Configure/Default) endef define Build/Compile From 971fea6e34d16e263a1413e24434d47ca4c358fc Mon Sep 17 00:00:00 2001 From: Sebastian Kemper Date: Sun, 4 Mar 2018 18:37:48 +0100 Subject: [PATCH 3/5] freeswitch-stable: clean up PKG_CONFIG_DEPENDS A lot of entries in there are unnecessary. Remove them and add the essential bits. Signed-off-by: Sebastian Kemper --- net/freeswitch-stable/Makefile | 48 +++------------------------------- 1 file changed, 4 insertions(+), 44 deletions(-) diff --git a/net/freeswitch-stable/Makefile b/net/freeswitch-stable/Makefile index 97c8219..b08f19b 100644 --- a/net/freeswitch-stable/Makefile +++ b/net/freeswitch-stable/Makefile @@ -78,46 +78,6 @@ FS_STABLE_TZ_DIR:=$(FS_STABLE_DATA_DIR)/tz FTDM:=freetdm PKG_LIBFTDM:=lib$(FTDM)-stable -LIBFTDM_FTMOD_AVAILABLE:= \ - analog \ - analog_em \ - libpri \ - pritap \ - skel \ - zt - -# Maintain a list of all non-module packages so they can be added to -# PKG_CONFIG_DEPENDS. -FS_STABLE_MISC_AVAILABLE:= \ - example-curl \ - example-insideout \ - example-minimal \ - example-rayo \ - example-sbc \ - example-softphone \ - example-testing \ - example-vanilla \ - lang-de \ - lang-en \ - lang-es \ - lang-fr \ - lang-he \ - lang-pt \ - lang-ru \ - lang-sv \ - misc-fonts \ - misc-grammar \ - misc-hotplug \ - misc-images \ - misc-perl-esl \ - misc-python-esl \ - misc-timezones \ - util-fs_cli \ - util-fs_encode \ - util-fs_ivrd \ - util-gentls_cert \ - util-tone2wav - FS_STABLE_MOD_AVAILABLE:= \ abstraction \ alsa \ @@ -258,23 +218,23 @@ FS_STABLE_MOD_AVAILABLE:= \ yuv PKG_CONFIG_DEPENDS:= \ - $(patsubst %,CONFIG_PACKAGE_$(PKG_LIBFTDM)-ftmod-%,$(LIBFTDM_FTMOD_AVAILABLE)) \ - $(patsubst %,CONFIG_PACKAGE_$(PKG_NAME)-%,$(FS_STABLE_MISC_AVAILABLE)) \ $(patsubst %,CONFIG_PACKAGE_$(PKG_NAME)-mod-%,$(FS_STABLE_MOD_AVAILABLE)) \ CONFIG_FS_STABLE_WITH_DEBUG \ CONFIG_FS_STABLE_WITH_FREETYPE \ CONFIG_FS_STABLE_WITH_LIBYUV \ - CONFIG_FS_STABLE_WITH_MODCONF \ CONFIG_FS_STABLE_WITH_ODBC \ CONFIG_FS_STABLE_WITH_PGSQL \ CONFIG_FS_STABLE_WITH_PNG \ CONFIG_FS_STABLE_WITH_SRTP \ - CONFIG_FS_STABLE_WITH_V8 \ CONFIG_FS_STABLE_WITH_V8_SNAPSHOT \ CONFIG_FS_STABLE_WITH_VPX \ CONFIG_FS_STABLE_WITH_ZRTP \ CONFIG_LIBC \ CONFIG_PACKAGE_$(PKG_LIBFTDM) \ + CONFIG_PACKAGE_$(PKG_LIBFTDM)-ftmod-libpri \ + CONFIG_PACKAGE_$(PKG_LIBFTDM)-ftmod-pritap \ + CONFIG_PACKAGE_$(PKG_NAME)-misc-perl-esl \ + CONFIG_PACKAGE_$(PKG_NAME)-misc-python-esl \ CONFIG_SOFT_FLOAT include $(INCLUDE_DIR)/package.mk From 986be1c01337db2971400359c4f115153304b324 Mon Sep 17 00:00:00 2001 From: Sebastian Kemper Date: Sun, 4 Mar 2018 18:41:26 +0100 Subject: [PATCH 4/5] freeswitch-stable: unite libvpx patches, address CVE Currently there are two simple patches for libvpx. This commit puts the second patch into the first. Also added: - CPPFLAGS - a flag to address CVE-2017-0641 - comments A tiff patch got refreshed due to the above. Signed-off-by: Sebastian Kemper --- net/freeswitch-stable/patches/140-libvpx-cross.patch | 10 ++++++++-- .../patches/250-libvpx-use-openwrt-flags.patch | 11 ----------- .../patches/310-use-system-tiff.patch | 4 ++-- 3 files changed, 10 insertions(+), 15 deletions(-) delete mode 100644 net/freeswitch-stable/patches/250-libvpx-use-openwrt-flags.patch diff --git a/net/freeswitch-stable/patches/140-libvpx-cross.patch b/net/freeswitch-stable/patches/140-libvpx-cross.patch index 98694d2..0bd0e60 100644 --- a/net/freeswitch-stable/patches/140-libvpx-cross.patch +++ b/net/freeswitch-stable/patches/140-libvpx-cross.patch @@ -1,11 +1,17 @@ --- a/Makefile.am +++ b/Makefile.am -@@ -550,7 +550,7 @@ libs/libzrtp/libzrtp.a: +@@ -549,8 +549,13 @@ libs/libedit/src/.libs/libedit.a: + libs/libzrtp/libzrtp.a: cd libs/libzrtp && $(MAKE) ++# !!! OpenWrt was here !!! ++# - added CROSS and set target to generic-gnu for cross-compile ++# - added CPPFLAGS to CFLAGS, otherwise they would be ignored ++# - disabled optimizations that would override OpenWrt's CFLAGS ++# - added a size limit like Debian does to address CVE-2017-0641 libs/libvpx/Makefile: - cd libs/libvpx && CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --extra-cflags="$(VISIBILITY_FLAG)" -+ cd libs/libvpx && CROSS="$(CROSS)" CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --target=generic-gnu --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --extra-cflags="$(VISIBILITY_FLAG)" ++ cd libs/libvpx && CROSS="$(CROSS)" CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS) $(CPPFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --target=generic-gnu --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --extra-cflags="$(VISIBILITY_FLAG)" --disable-optimizations --size-limit=16384x16384 libs/libvpx/libvpx.a: libs/libvpx/Makefile @cd libs/libvpx && $(MAKE) diff --git a/net/freeswitch-stable/patches/250-libvpx-use-openwrt-flags.patch b/net/freeswitch-stable/patches/250-libvpx-use-openwrt-flags.patch deleted file mode 100644 index 6361802..0000000 --- a/net/freeswitch-stable/patches/250-libvpx-use-openwrt-flags.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile.am -+++ b/Makefile.am -@@ -550,7 +550,7 @@ libs/libzrtp/libzrtp.a: - cd libs/libzrtp && $(MAKE) - - libs/libvpx/Makefile: -- cd libs/libvpx && CROSS="$(CROSS)" CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --target=generic-gnu --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --extra-cflags="$(VISIBILITY_FLAG)" -+ cd libs/libvpx && CROSS="$(CROSS)" CC="$(CC)" CXX="$(CXX)" CFLAGS="$(CFLAGS)" CXXFLAGS="$(CXXFLAGS)" LDFLAGS="$(LDFLAGS)" ./configure --target=generic-gnu --enable-pic --disable-docs --disable-examples --disable-install-bins --disable-install-srcs --disable-unit-tests --extra-cflags="$(VISIBILITY_FLAG)" --disable-optimizations - - libs/libvpx/libvpx.a: libs/libvpx/Makefile - @cd libs/libvpx && $(MAKE) diff --git a/net/freeswitch-stable/patches/310-use-system-tiff.patch b/net/freeswitch-stable/patches/310-use-system-tiff.patch index 1fcb029..5466ed2 100644 --- a/net/freeswitch-stable/patches/310-use-system-tiff.patch +++ b/net/freeswitch-stable/patches/310-use-system-tiff.patch @@ -14,7 +14,7 @@ Date: Tue Mar 14 17:39:05 2017 -0500 if ENABLE_LIBVPX CORE_CFLAGS += -DSWITCH_HAVE_VPX endif -@@ -731,11 +730,6 @@ sndfile-reconf: +@@ -736,11 +735,6 @@ sndfile-reconf: cd libs/libsndfile && ./config.status --recheck cd libs/libsndfile && ./config.status @@ -26,7 +26,7 @@ Date: Tue Mar 14 17:39:05 2017 -0500 python-reconf: rm -f src/mod/languages/mod_python/Makefile ./config.status -@@ -757,7 +751,7 @@ iks-reconf: +@@ -762,7 +756,7 @@ iks-reconf: cd libs/iksemel && sh ./configure.gnu $(MY_DEFAULT_ARGS) $(MAKE) mod_dingaling-clean From 9f910aeaa948445d771f8298e3ceffcfec699ccc Mon Sep 17 00:00:00 2001 From: Sebastian Kemper Date: Sun, 4 Mar 2018 18:47:04 +0100 Subject: [PATCH 5/5] freeswitch-stable: fix CVE in libvpx Patch copied from Debian to fix CVE-2017-13194. Signed-off-by: Sebastian Kemper --- net/freeswitch-stable/Makefile | 2 +- .../patches/340-libvpx-CVE-2017-13194.patch | 45 +++++++++++++++++++ 2 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 net/freeswitch-stable/patches/340-libvpx-CVE-2017-13194.patch diff --git a/net/freeswitch-stable/Makefile b/net/freeswitch-stable/Makefile index b08f19b..9124ca8 100644 --- a/net/freeswitch-stable/Makefile +++ b/net/freeswitch-stable/Makefile @@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk PRG_NAME:=freeswitch PKG_NAME:=$(PRG_NAME)-stable PKG_VERSION:=1.6.20 -PKG_RELEASE:=3 +PKG_RELEASE:=4 PKG_MAINTAINER:=Sebastian Kemper PKG_SOURCE:=$(PRG_NAME)-$(PKG_VERSION).tar.xz diff --git a/net/freeswitch-stable/patches/340-libvpx-CVE-2017-13194.patch b/net/freeswitch-stable/patches/340-libvpx-CVE-2017-13194.patch new file mode 100644 index 0000000..2f53b12 --- /dev/null +++ b/net/freeswitch-stable/patches/340-libvpx-CVE-2017-13194.patch @@ -0,0 +1,45 @@ +Subject: Fix OOB caused by odd frame width, CVE-2017-13194 +Origin: https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d + +diff --git a/libs/libvpx/libvpx/vpx/src/vpx_image.c b/libs/libvpx/libvpx/vpx/src/vpx_image.c +index dba439c..af7c529 100644 +--- a/libs/libvpx/vpx/src/vpx_image.c ++++ b/libs/libvpx/vpx/src/vpx_image.c +@@ -88,11 +88,10 @@ + default: ycs = 0; break; + } + +- /* Calculate storage sizes given the chroma subsampling */ +- align = (1 << xcs) - 1; +- w = (d_w + align) & ~align; +- align = (1 << ycs) - 1; +- h = (d_h + align) & ~align; ++ /* Calculate storage sizes. If the buffer was allocated externally, the width ++ * and height shouldn't be adjusted. */ ++ w = d_w; ++ h = d_h; + s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8; + s = (s + stride_align - 1) & ~(stride_align - 1); + stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; +@@ -111,9 +110,18 @@ + img->img_data = img_data; + + if (!img_data) { +- const uint64_t alloc_size = (fmt & VPX_IMG_FMT_PLANAR) +- ? (uint64_t)h * s * bps / 8 +- : (uint64_t)h * s; ++ uint64_t alloc_size; ++ /* Calculate storage sizes given the chroma subsampling */ ++ align = (1 << xcs) - 1; ++ w = (d_w + align) & ~align; ++ align = (1 << ycs) - 1; ++ h = (d_h + align) & ~align; ++ ++ s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8; ++ s = (s + stride_align - 1) & ~(stride_align - 1); ++ stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s; ++ alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8 ++ : (uint64_t)h * s; + + if (alloc_size != (size_t)alloc_size) goto fail; +