- patches refreshed
- upstreamed patches removed
- hotplug script fix (ntpq output could print a plus that the script
didn't expect)
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
180-AST-2019-007-16.diff refreshed.
Upstream patch for AST-2021-001 added. This patch is mainly for
res_pjsip_diversion, but the part that is patched there was added later
("res_pjsip_diversion: implement support for History-Info"), so asterisk
16.3.0 is not affected. Hence the res_pjsip_diversion part was removed
from the patch. The patch resolves similar overflow situations in
res_pjsip_path and res_pjsip_outbound_registration, so these were kept.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Patches used:
http://downloads.asterisk.org/pub/security/AST-2020-001-16.diffhttp://downloads.asterisk.org/pub/security/AST-2020-002-16.diff
Patch AST-2020-002-16.diff was amended a bit in res/res_pjsip_session.c:
if (++session->authentication_challenge_count > MAX_RX_CHALLENGES) {
ast_debug(3, "%s: Initial INVITE reached maximum number of auth attempts.\n", ast_sip_session_get_name(session));
return PJ_FALSE;
}
The above was not possible, because of missing bits introduced only in a
later version of Asterisk 16 (see upstream commit [1]). So the ast_debug
call was simplified accordingly.
Both patches were refreshed within OpenWrt SDK.
[1] 6abf6f345d
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
This release includes bug fixes and improvements accumulated over the last
4 years of development snapshots [1].
Bump upstream version, build new plugins 'stats' and 'blacklist', and add
an 'sqlite3' package dependency for siproxd-mod-blacklist.
Disable procd capturing stderr to syslog, since siproxd in 'foreground'
mode writes both to syslog and stderr, duplicating log messages.
Include a patch to drastically reduce memory usage (RSS from 17MB to 5MB
on ipq40xx platform):
* 005-reduce-rtpproxy-urlmap-size.patch
Drop the following patches now included upstream:
* 010-syslog-msg.patch
* 100-musl-compat.patch
[1] http://siproxd.sourceforge.net/index.php?op=changelog.
Signed-off-by: Tony Ambardar <itugrok@yahoo.com>
Currently we disable some sofia tests to prevent build failure. An issue
was actually raised upstream ([1]) where this was discussed.
This cleared up some doubts. For instance it was established that
libcheck is used as a test framework, if the lib is detected. In OpenWrt
libcheck is available, so it may be in staging during the freeswitch
build.
Upstream also mentioned that libcheck is not always compatible with
freeswitch, which depends on the libcheck version.
This commit prevents libcheck detection. This is nicer than explicitly
disabling tests that fail.
[1] https://github.com/signalwire/freeswitch/issues/681
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Currently the init script creates "/var/lib/asterisk/keys". But the
default keys directory is actually "/usr/share/asterisk/keys".
This commit amends the init script.
Resolves: #512
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
CFLAGS aren't used when compiling objects for check_expr2. This commits
adds the flags, which fixes the compilation when PKG_ASLR_PIE is
enabled. Note: The STANDALONE define is removed because it is already
defined in _ASTCFLAGS.
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
(cherry picked from commit 357949967f)
Patches refreshed, two patches removed (included upstream), fixed one
typo (will send pull request to upstream if nobody did so yet).
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
gentls_cert generates certificates that are deemed too weak by Debian's
OpenSSL (on Buster and up). This patch upgrades the message digest to
SHA256 to address this.
See patch for details. Sent upstream ([1]).
[1] https://github.com/signalwire/freeswitch/pull/126
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Add patch for a remote crash vulnerability. Crash can occur when
negotiating for T.38 with a declined stream.
CVE-2019-15297
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
Since OpenWrt commit e82a4d9cfb ("config: regenerate *_shipped sources")
a few recursive dependencies have been discovered that were not visible
before.
$ make menuconfig
tmp/.config-package.in:103098:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:103098: symbol PACKAGE_baresip-mod-pulse depends on PACKAGE_baresip-mod-pulse
tmp/.config-package.in:121863:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:121863: symbol PACKAGE_pulseaudio-profiles depends on PACKAGE_pulseaudio-profiles
tmp/.config-package.in:121878:error: recursive dependency detected!
For a resolution refer to Documentation/kbuild/kconfig-language.txt
subsection "Kconfig recursive dependency limitations"
tmp/.config-package.in:121878: symbol PACKAGE_pulseaudio-tools depends on PACKAGE_pulseaudio-tools
The recursive dependencies were reported at [1] and [2].
This commit addresses the recursive dependency of baresip-mod-pulse. The
new dependency string may look a bit peculiar, but it works and when
specified like this pulseaudio (when selected) doesn't get compiled
automatically when the intention is only to build baresip with mod-pulse
disabled (which in general is why we have the "patsubst" in the module
builder - but this is only triggered when the dependency has a leading
"+").
[1] https://github.com/openwrt/packages/issues/9300
[2] https://forum.openwrt.org/t/make-menuconfig-errors-this-day/38673/5
Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
