diff --git a/net/freeswitch-stable/Makefile b/net/freeswitch-stable/Makefile index 30c653e..2496958 100644 --- a/net/freeswitch-stable/Makefile +++ b/net/freeswitch-stable/Makefile @@ -9,13 +9,13 @@ include $(TOPDIR)/rules.mk PRG_NAME:=freeswitch PKG_NAME:=$(PRG_NAME)-stable -PKG_VERSION:=1.8.6 -PKG_RELEASE:=2 +PKG_VERSION:=1.8.7 +PKG_RELEASE:=1 PKG_MAINTAINER:=Sebastian Kemper PKG_SOURCE:=$(PRG_NAME)-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://files.$(PRG_NAME).org/releases/$(PRG_NAME) -PKG_HASH:=b87f47e57d13de2b901bd1e4eb85491178e59a159a2831d7430abe7947f0d3a4 +PKG_HASH:=7d3cee32713db5f65e3d4703c6420038872d8f6efab8be4d58fbf66ffa993008 PKG_CPE_ID:=cpe:/a:freeswitch:freeswitch diff --git a/net/freeswitch-stable/patches/030-fix-configure-ac.patch b/net/freeswitch-stable/patches/030-fix-configure-ac.patch index 754a0a2..a05ed6a 100644 --- a/net/freeswitch-stable/patches/030-fix-configure-ac.patch +++ b/net/freeswitch-stable/patches/030-fix-configure-ac.patch @@ -40,7 +40,7 @@ AC_PATH_PROG([PKG_CONFIG], [pkg-config], [no]) if test "$PKG_CONFIG" = "no" \ || test x"$enable_core_pgsql_pkgconfig" = x"no" \ -@@ -1613,13 +1589,7 @@ AC_CHECK_PROG(PERL,perl,[ac_cv_have_perl +@@ -1614,13 +1590,7 @@ AC_CHECK_PROG(PERL,perl,[ac_cv_have_perl # -a "x$ac_cv_have_EXTERN_h" != "xno" if test "x$ac_cv_have_perl" != "xno"; then @@ -55,7 +55,7 @@ save_CFLAGS="$CFLAGS" CFLAGS="$PERL_CFLAGS" -@@ -1714,24 +1684,12 @@ then +@@ -1715,24 +1685,12 @@ then if test "$python_has_distutils" != "no" ; then AC_MSG_CHECKING([location of site-packages]) diff --git a/net/freeswitch-stable/patches/040-gentls_cert_update_message_digest.patch b/net/freeswitch-stable/patches/040-gentls_cert_update_message_digest.patch new file mode 100644 index 0000000..ff5226d --- /dev/null +++ b/net/freeswitch-stable/patches/040-gentls_cert_update_message_digest.patch @@ -0,0 +1,51 @@ +commit 70d1cbafe4ab0176cd9fc01f740e34cd1bae326b +Author: Sebastian Kemper +Date: Wed Nov 13 20:29:50 2019 +0100 + + [gentls_cert] Update message digest + + Debian Buster updated /etc/ssl/openssl.cnf to default to + + MinProtocol = TLSv1.2 + CipherString = DEFAULT@SECLEVEL=2 + + gentls_cert currently uses SHA1 as message digest. According to OpenSSL + documentation this only offers 80 bit of security. 80 bits is enough for + security level 1, but not 2. + + The OpenSSL default MD nowadays is SHA256. This commit updates + gentls_cert to use it. + + Issue was reported on the FS mailing list. The certificates created by + gentls_cert caused "md too weak" errors and clients were unable to + connect. + + Signed-off-by: Sebastian Kemper + +diff --git a/scripts/gentls_cert.in b/scripts/gentls_cert.in +index 43aa8ac605..dd56c9f6dc 100644 +--- a/scripts/gentls_cert.in ++++ b/scripts/gentls_cert.in +@@ -89,7 +89,7 @@ setup_ca() { + + openssl req -out "${CONFDIR}/CA/cacert.pem" \ + -new -x509 -keyout "${CONFDIR}/CA/cakey.pem" \ +- -config "${TMPFILE}.cfg" -nodes -days ${DAYS} -sha1 >/dev/null || exit 1 ++ -config "${TMPFILE}.cfg" -nodes -days ${DAYS} -sha256 >/dev/null || exit 1 + cat "${CONFDIR}/CA/cacert.pem" > "${CONFDIR}/cafile.pem" + cp $TMPFILE.cfg /tmp/ssl.cfg + rm "${TMPFILE}.cfg" +@@ -131,11 +131,11 @@ generate_cert() { + + openssl req -new -out "${TMPFILE}.req" \ + -newkey rsa:${KEY_SIZE} -keyout "${TMPFILE}.key" \ +- -config "${TMPFILE}.cfg" -nodes -sha1 >/dev/null || exit 1 ++ -config "${TMPFILE}.cfg" -nodes -sha256 >/dev/null || exit 1 + + openssl x509 -req -CAkey "${CONFDIR}/CA/cakey.pem" -CA "${CONFDIR}/CA/cacert.pem" -CAcreateserial \ + -in "${TMPFILE}.req" -out "${TMPFILE}.crt" -extfile "${TMPFILE}.cfg" \ +- -extensions "${EXTENSIONS}" -days ${DAYS} -sha1 >/dev/null || exit 1 ++ -extensions "${EXTENSIONS}" -days ${DAYS} -sha256 >/dev/null || exit 1 + + cat "${TMPFILE}.crt" "${TMPFILE}.key" > "${CONFDIR}/${OUTFILE}" + diff --git a/net/freeswitch-stable/patches/370-procd-compat.patch b/net/freeswitch-stable/patches/370-procd-compat.patch index 0549a03..5bab0f2 100644 --- a/net/freeswitch-stable/patches/370-procd-compat.patch +++ b/net/freeswitch-stable/patches/370-procd-compat.patch @@ -1,6 +1,6 @@ --- a/src/switch_console.c +++ b/src/switch_console.c -@@ -1053,10 +1053,12 @@ static void *SWITCH_THREAD_FUNC console_ +@@ -1051,10 +1051,12 @@ static void *SWITCH_THREAD_FUNC console_ while (running) { int32_t arg = 0; diff --git a/net/freeswitch-stable/patches/390-t38-reinvite-488-fix.patch b/net/freeswitch-stable/patches/390-t38-reinvite-488-fix.patch new file mode 100644 index 0000000..a16266b --- /dev/null +++ b/net/freeswitch-stable/patches/390-t38-reinvite-488-fix.patch @@ -0,0 +1,66 @@ +commit 167294ea2649afd0ffedf4520b0f308979c3ca2a +Author: Sebastian Kemper +Date: Fri Oct 18 18:28:07 2019 +0200 + + [mod-sofia] Fix reINVITE after T38 is rejected + + From FS-11833. + + After FS sends a reINVITE to T38 which gets rejected by peer it is no + longer in a state where it can properly answer a reINVITE which requests + a change of the media setup. + + 1. FS sends INVITE (destination is a fax machine) + 2. Call connects with "8 101" + 3. FS sends reINVITE to T38 + 4. T38 rejected (488) + 5. FS receives INVITE to "8" + 6. FS replies with 200 OK without SDP + 7. Call fails + + The bug is related to TFLAG_SDP. This flag is set when a media session + is established. And when there's a reINVITE sofia_glue_do_invite() from + sofia_glue.c is called and clears the flag again: + + sofia_clear_flag_locked(tech_pvt, TFLAG_SDP); + + So when FS sends a reINVITE to T38 the flag gets cleared. But when the + reINVITE is rejected with 488 the flag is not set again. It stays + cleared. So the call continues with the previously negotiated media, fax + passthrough (8 101 in this case), but TFLAG_SDP is not set. + + So when FS receives a reINVITE at this point it doesn't see the need to + renegotiate anything, even though it realizes that 2833 DTMF is now off: + + 2019-04-30 16:42:12.478025 [DEBUG] switch_core_media.c:5478 Audio Codec Compare [PCMA:8:8000:20:64000:1]/[PCMA:8:8000:20:64000:1] + 2019-04-30 16:42:12.478025 [DEBUG] switch_core_media.c:5533 Audio Codec Compare [PCMA:8:8000:20:64000:1] ++++ is saved as a match + 2019-04-30 16:42:12.478025 [DEBUG] switch_core_media.c:5802 No 2833 in SDP. Disable 2833 dtmf and switch to INFO + + When FS doesn't send a reINVITE (fax_enable_t38_request=false) and the + reINVITE to "8" is received, TFLAG_SDP is still set and then FS + understands that it needs to renegotiate and replies with a 200 OK that + includes SDP: + + 2019-04-30 16:41:19.358028 [DEBUG] switch_core_media.c:5478 Audio Codec Compare [PCMA:8:8000:20:64000:1]/[PCMA:8:8000:20:64000:1] + 2019-04-30 16:41:19.358028 [DEBUG] switch_core_media.c:5533 Audio Codec Compare [PCMA:8:8000:20:64000:1] ++++ is saved as a match + 2019-04-30 16:41:19.358028 [DEBUG] switch_core_media.c:5802 No 2833 in SDP. Disable 2833 dtmf and switch to INFO + 2019-04-30 16:41:19.358028 [DEBUG] sofia.c:8237 skemper was here in line 8232 + 2019-04-30 16:41:19.358028 [DEBUG] switch_core_media.c:8390 skemper was here in line 8390. + 2019-04-30 16:41:19.358028 [DEBUG] switch_core_media.c:8496 Audio params are unchanged for sofia/external/+called_number. + 2019-04-30 16:41:19.358028 [DEBUG] sofia.c:8243 Processing updated SDP + + This fixes the state problem after a rejected T38 reINVITE by setting + TFLAG_SDP. + + Signed-off-by: Sebastian Kemper + +--- a/src/mod/endpoints/mod_sofia/sofia.c ++++ b/src/mod/endpoints/mod_sofia/sofia.c +@@ -6501,6 +6501,7 @@ static void sofia_handle_sip_r_invite(sw + switch_channel_clear_app_flag_key("T38", tech_pvt->channel, CF_APP_T38_REQ); + switch_channel_set_app_flag_key("T38", tech_pvt->channel, CF_APP_T38_FAIL); + switch_log_printf(SWITCH_CHANNEL_SESSION_LOG(session), SWITCH_LOG_DEBUG, "%s T38 invite failed\n", switch_channel_get_name(tech_pvt->channel)); ++ sofia_set_flag(tech_pvt, TFLAG_SDP); + } + + diff --git a/net/freeswitch-stable/patches/400-switch_core_media-fix-stringop-truncation.patch b/net/freeswitch-stable/patches/400-switch_core_media-fix-stringop-truncation.patch deleted file mode 100644 index 607df68..0000000 --- a/net/freeswitch-stable/patches/400-switch_core_media-fix-stringop-truncation.patch +++ /dev/null @@ -1,32 +0,0 @@ -commit e114c6382e68824d4498f62562714860d20804e2 -Author: Sebastian Kemper -Date: Sun Apr 14 19:11:58 2019 +0200 - - FS-11783: [core] quiet gcc truncation warning - - With -Wstringop-truncation gcc warns about calls to bounded string - manipulation function "strncpy" that may either truncate the copied - string or leave the destination unchanged. To avoid the warning when the - result is not expected to be NUL-terminated, it is suggested to call - "memcpy" instead. - - src/switch_core_media.c: In function 'switch_core_media_patch_sdp': - src/switch_core_media.c:11854:4: error: 'strncpy' output truncated before terminating nul copying 2 bytes from a string of the same length [-Werror=stringop-truncation] - strncpy(q, strchr(a_engine->adv_sdp_ip, ':') ? "6 " : "4 ", 2); - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - This commit follows gcc's recommendation. - - Signed-off-by: Sebastian Kemper - ---- a/src/switch_core_media.c -+++ b/src/switch_core_media.c -@@ -11918,7 +11918,7 @@ SWITCH_DECLARE(void) switch_core_media_p - strncpy(q, p, 7); - p += 7; - q += 7; -- strncpy(q, strchr(a_engine->adv_sdp_ip, ':') ? "6 " : "4 ", 2); -+ memcpy(q, strchr(a_engine->adv_sdp_ip, ':') ? "6 " : "4 ", 2); - p +=2; - q +=2; - strncpy(q, a_engine->adv_sdp_ip, strlen(a_engine->adv_sdp_ip)); diff --git a/net/freeswitch-stable/patches/410-mod_say_ja-fix-format-overflow.patch b/net/freeswitch-stable/patches/410-mod_say_ja-fix-format-overflow.patch deleted file mode 100644 index b9f598f..0000000 --- a/net/freeswitch-stable/patches/410-mod_say_ja-fix-format-overflow.patch +++ /dev/null @@ -1,42 +0,0 @@ -commit 3ca75eb8efa4e50ebe083a269b75fcb1762daa91 -Author: Sebastian Kemper -Date: Sun Apr 14 19:23:41 2019 +0200 - - FS-11783: [mod_say_ja] quiet overflow warning - - With -Wformat-overflow gcc warns about calls to formatted input/output - function "sprintf" that might overflow the destination buffer. - - In this case gcc does not know the upper bound of tm_min and assumes - that up to 11 bytes might be written to buffer (3 bytes). But we know - that tm_min can only be within the range 0 to 59. - - mod_say_ja.c: In function 'ja_say_time': - mod_say_ja.c:376:35: error: '%d' directive writing between 2 and 10 bytes into a region of size 3 [-Werror=format-overflow=] - sprintf(buffer, "%d", tm.tm_min); - ^~ - mod_say_ja.c:376:34: note: directive argument in the range [11, 2147483647] - sprintf(buffer, "%d", tm.tm_min); - ^~~~ - mod_say_ja.c:376:18: note: 'sprintf' output between 3 and 11 bytes into a destination of size 3 - sprintf(buffer, "%d", tm.tm_min); - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - - This commits adds a hint for gcc, which silences the warning. - - Signed-off-by: Sebastian Kemper - -diff --git a/src/mod/say/mod_say_ja/mod_say_ja.c b/src/mod/say/mod_say_ja/mod_say_ja.c -index 72c7c38131..d8e0692fd0 100644 ---- a/src/mod/say/mod_say_ja/mod_say_ja.c -+++ b/src/mod/say/mod_say_ja/mod_say_ja.c -@@ -367,7 +367,8 @@ static switch_status_t ja_say_time(switch_core_session_t *session, char *tosay, - say_file("time/pm.wav"); - } - say_file("time/hour-%d.wav", tm.tm_hour); -- if (tm.tm_min > 10) { -+ /* tm_min is always < 60 - this is just to silence gcc 8 warning */ -+ if (tm.tm_min > 10 && tm.tm_min < 60) { - int temp; - char tch[1+1]; - mod_min = tm.tm_min % 10; diff --git a/net/freeswitch-stable/patches/420-mod_kazoo-correct-ei_init-check.patch b/net/freeswitch-stable/patches/420-mod_kazoo-correct-ei_init-check.patch deleted file mode 100644 index 4381643..0000000 --- a/net/freeswitch-stable/patches/420-mod_kazoo-correct-ei_init-check.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/src/mod/event_handlers/mod_kazoo/kazoo_ei_utils.c -+++ b/src/mod/event_handlers/mod_kazoo/kazoo_ei_utils.c -@@ -519,7 +519,7 @@ switch_status_t create_acceptor() { - char ipbuf[48]; - const char *ip_addr; - --#if ERLANG_MAJOR >= 10 -+#if (ERLANG_MAJOR == 10 && ERLANG_MINOR >= 3) || ERLANG_MAJOR >= 11 - ei_init(); - #endif -