coturn: update to 4.6.2 866/head
authorRosen Penev <rosenp@gmail.com>
Fri, 26 Apr 2024 22:42:09 +0000 (15:42 -0700)
committerRosen Penev <rosenp@gmail.com>
Fri, 26 Apr 2024 22:46:43 +0000 (15:46 -0700)
Remove upstreamed patch.

Switch to local tarballs. Smaller.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
net/coturn/Makefile
net/coturn/patches/02-fix-flags-dupes.patch
net/coturn/patches/100-coturn-4.6.0-openssl3-from-gentoo.patch [deleted file]

index ef57cf14e2c7a9ba2582503dc22840398da2993e..685225b5218e33d316511040c120862302894dde 100644 (file)
@@ -8,21 +8,21 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=coturn
-PKG_VERSION:=4.6.1
+PKG_VERSION:=4.6.2
 PKG_RELEASE:=1
 
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/coturn/coturn/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=8fba86e593ed74adc46e002e925cccff2819745371814f42465fbe717483f1d8
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
+PKG_SOURCE_URL:=https://github.com/coturn/coturn
+PKG_MIRROR_HASH:=55a7d63edfde6548cd6d6f1b62f6997beeebc66e0ff07b0afd175829434cbf3a
 
+PKG_MAINTAINER:=Jiri Slachta <jiri@slachta.eu>, Sebastian Kemper <sebastian_ml@gmx.net>
 PKG_LICENSE:=BSD-COTURN-CITRIX COMBINED-CITRIX-VIVOCHA-BSD MIT-HASH
 PKG_LICENSE_FILES:=LICENSE src/apps/relay/dbdrivers/* src/server/ns_turn_khash.h
-
-PKG_MAINTAINER:=Jiri Slachta <jiri@slachta.eu>, Sebastian Kemper <sebastian_ml@gmx.net>
-
-PKG_BUILD_PARALLEL:=1
+PKG_CPE_ID:=cpe:/a:coturn_project:coturn
 
 PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
 
 PKG_CONFIG_DEPENDS+= \
        CONFIG_COTURN_ENABLE_MYSQL \
@@ -30,8 +30,6 @@ PKG_CONFIG_DEPENDS+= \
        CONFIG_COTURN_ENABLE_REDIS \
        CONFIG_COTURN_ENABLE_SQLITE
 
-PKG_CPE_ID:=cpe:/a:coturn_project:coturn
-
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/nls.mk
 
index 516ec24edcb38caf4d6a2506cdfb125810a55b74..b42f26ddca924ab7db30787fa2c49a27f1a11f56 100644 (file)
@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -1047,9 +1047,9 @@ ${ECHO_CMD} "# Generated by configure sc
+@@ -1049,9 +1049,9 @@ ${ECHO_CMD} "# Generated by configure sc
  ${ECHO_CMD} "#################################" >> Makefile
  ${ECHO_CMD} "ECHO_CMD = ${ECHO_CMD}" >> Makefile
  ${ECHO_CMD} "CC = ${CC}" >> Makefile
diff --git a/net/coturn/patches/100-coturn-4.6.0-openssl3-from-gentoo.patch b/net/coturn/patches/100-coturn-4.6.0-openssl3-from-gentoo.patch
deleted file mode 100644 (file)
index 42f9dd2..0000000
+++ /dev/null
@@ -1,288 +0,0 @@
-https://github.com/coturn/coturn/commit/9af9f6306ab73c3403f9e11086b1936e9148f7de
-https://github.com/coturn/coturn/commit/4ce784a8781ab086c150e2b9f5641b1a37fd9b31
-https://github.com/coturn/coturn/commit/9370bb742d976166a51032760da1ecedefb92267
-https://github.com/coturn/coturn/commit/d72a2a8920b80ce66b36e22b2c22f308ad06c424
-
-From 9af9f6306ab73c3403f9e11086b1936e9148f7de Mon Sep 17 00:00:00 2001
-From: Pavel Punsky <eakraly@users.noreply.github.com>
-Date: Wed, 14 Sep 2022 03:29:26 -0700
-Subject: [PATCH] Fix renegotiation flag for older version of openssl (#978)
-
-`SSL_OP_NO_RENEGOTIATION` is only supported in openssl-1.1.0 and above
-Older versions have `SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS `
-
-Fixes #977 and #952
-
-Test:
-Build in a docker container running running openssl-1.0.2g (ubuntu
-16.04) successfully (without the fix getting the same errors)
---- a/src/apps/relay/dtls_listener.c
-+++ b/src/apps/relay/dtls_listener.c
-@@ -295,8 +295,17 @@ static ioa_socket_handle dtls_server_inp
-       SSL_set_accept_state(connecting_ssl);
-       SSL_set_bio(connecting_ssl, NULL, wbio);
--      SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
--
-+      SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+              | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+              | SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+      );
-       SSL_set_max_cert_list(connecting_ssl, 655350);
-       ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl,
-@@ -581,7 +590,17 @@ static int create_new_connected_udp_sock
-               SSL_set_bio(connecting_ssl, NULL, wbio);
--              SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
-+              SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+                      | SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+                      | SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+              );
-               SSL_set_max_cert_list(connecting_ssl, 655350);
-               int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh,
---- a/src/apps/relay/ns_ioalib_engine_impl.c
-+++ b/src/apps/relay/ns_ioalib_engine_impl.c
-@@ -1428,7 +1428,17 @@ static void set_socket_ssl(ioa_socket_ha
-               if(ssl) {
-                       SSL_set_app_data(ssl,s);
-                       SSL_set_info_callback(ssl, (ssl_info_callback_t)ssl_info_callback);
--                      SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION);
-+                      SSL_set_options(ssl, 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+                              SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+                              SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+                      );
-               }
-       }
- }
-@@ -1864,7 +1874,11 @@ int ssl_read(evutil_socket_t fd, SSL* ss
-       } else if (!if1 && if2) {
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+              if(verbose && SSL_get1_peer_certificate(ssl)) {
-+#else
-               if(verbose && SSL_get_peer_certificate(ssl)) {
-+#endif
-                 printf("\n------------------------------------------------------------\n");
-                 X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
-                                       XN_FLAG_MULTILINE);
---- a/src/apps/uclient/startuclient.c
-+++ b/src/apps/uclient/startuclient.c
-@@ -138,7 +138,11 @@ static SSL* tls_connect(ioa_socket_raw f
-               if (rc > 0) {
-                 TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"%s: client session connected with cipher %s, method=%s\n",__FUNCTION__,
-                                 SSL_get_cipher(ssl),turn_get_ssl_method(ssl,NULL));
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+                if(clnet_verbose && SSL_get1_peer_certificate(ssl)) {
-+#else
-                 if(clnet_verbose && SSL_get_peer_certificate(ssl)) {
-+#endif
-                         TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "------------------------------------------------------------\n");
-                       X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
-                                                               XN_FLAG_MULTILINE);
---- a/src/client/ns_turn_msg.c
-+++ b/src/client/ns_turn_msg.c
-@@ -248,12 +248,22 @@ int stun_produce_integrity_key_str(const
-               if (FIPS_mode()) {
-                       EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
-               }
--#endif
-+#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
-               EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
-               EVP_DigestUpdate(&ctx,str,strl);
-               EVP_DigestFinal(&ctx,key,&keylen);
-               EVP_MD_CTX_cleanup(&ctx);
--#else
-+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
-+              unsigned int keylen = 0;
-+              EVP_MD_CTX *ctx = EVP_MD_CTX_new();
-+              if (EVP_default_properties_is_fips_enabled(NULL)) {
-+                      EVP_default_properties_enable_fips(NULL, 0);
-+              }
-+              EVP_DigestInit_ex(ctx,EVP_md5(), NULL);
-+              EVP_DigestUpdate(ctx,str,strl);
-+              EVP_DigestFinal(ctx,key,&keylen);
-+              EVP_MD_CTX_free(ctx);
-+#else // OPENSSL_VERSION_NUMBER < 0x10100000L
-               unsigned int keylen = 0;
-               EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER)
-@@ -265,7 +275,7 @@ int stun_produce_integrity_key_str(const
-               EVP_DigestUpdate(ctx,str,strl);
-               EVP_DigestFinal(ctx,key,&keylen);
-               EVP_MD_CTX_free(ctx);
--#endif
-+#endif // OPENSSL_VERSION_NUMBER < 0X10100000L
-               ret = 0;
-       }
---- a/src/apps/relay/netengine.c
-+++ b/src/apps/relay/netengine.c
-@@ -31,13 +31,7 @@
- #include "mainrelay.h"
- //////////// Backward compatibility with OpenSSL 1.0.x //////////////
--#define HAVE_OPENSSL11_API (!(OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER))
--
--#ifndef HAVE_SSL_CTX_UP_REF
--#define HAVE_SSL_CTX_UP_REF HAVE_OPENSSL11_API
--#endif
--
--#if !HAVE_SSL_CTX_UP_REF
-+#if (OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER)
- #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX)
- #endif
---- a/src/apps/relay/mainrelay.c
-+++ b/src/apps/relay/mainrelay.c
-@@ -1353,7 +1353,6 @@ static void set_option(int c, char *valu
-               STRCPY(turn_params.relay_ifname, value);
-               break;
-       case 'm':
--#if defined(OPENSSL_THREADS)
-               if(atoi(value)>MAX_NUMBER_OF_GENERAL_RELAY_SERVERS) {
-                       TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: max number of relay threads is 128.\n");
-                       turn_params.general_relay_servers_number = MAX_NUMBER_OF_GENERAL_RELAY_SERVERS;
-@@ -1362,9 +1361,6 @@ static void set_option(int c, char *valu
-               } else {
-                       turn_params.general_relay_servers_number = atoi(value);
-               }
--#else
--              TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: OpenSSL version is too old OR does not support threading,\n I am using single thread for relaying.\n");
--#endif
-               break;
-       case 'd':
-               STRCPY(turn_params.listener_ifname, value);
-@@ -2640,9 +2636,8 @@ int main(int argc, char **argv)
- ////////// OpenSSL locking ////////////////////////////////////////
--#if defined(OPENSSL_THREADS)
--
--static char some_buffer[65536];
-+#if defined(OPENSSL_THREADS) 
-+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
- //array larger than anything that OpenSSL may need:
- static pthread_mutex_t mutex_buf[256];
-@@ -2660,76 +2655,52 @@ void coturn_locking_function(int mode, i
-   }
- }
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L
- void coturn_id_function(CRYPTO_THREADID *ctid);
- void coturn_id_function(CRYPTO_THREADID *ctid)
- {
-       UNUSED_ARG(ctid);
-     CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self());
- }
--#else
--unsigned long coturn_id_function(void);
--unsigned long coturn_id_function(void)
--{
--    return (unsigned long)pthread_self();
--}
--#endif
--
--#endif
- static int THREAD_setup(void) {
--
--#if defined(OPENSSL_THREADS)
--
--      int i;
--
--      some_buffer[0] = 0;
--
-+    int i;
-       for (i = 0; i < CRYPTO_num_locks(); i++) {
-               pthread_mutex_init(&(mutex_buf[i]), NULL);
-       }
-       mutex_buf_initialized = 1;
--
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
-       CRYPTO_THREADID_set_callback(coturn_id_function);
--#else
--      CRYPTO_set_id_callback(coturn_id_function);
--#endif
--
-       CRYPTO_set_locking_callback(coturn_locking_function);
--#endif
--
-       return 1;
- }
- int THREAD_cleanup(void);
- int THREAD_cleanup(void) {
-+    int i;
--#if defined(OPENSSL_THREADS)
--
--  int i;
-+    if (!mutex_buf_initialized)
-+        return 0;
--  if (!mutex_buf_initialized)
--    return 0;
-+    CRYPTO_THREADID_set_callback(NULL);
-+    CRYPTO_set_locking_callback(NULL);
-+    for (i = 0; i < CRYPTO_num_locks(); i++) {
-+        pthread_mutex_destroy(&(mutex_buf[i]));
-+    }
--#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
--      CRYPTO_THREADID_set_callback(NULL);
-+    mutex_buf_initialized = 0;
-+  return 1;
-+}
- #else
--      CRYPTO_set_id_callback(NULL);
--#endif
--
--  CRYPTO_set_locking_callback(NULL);
--  for (i = 0; i < CRYPTO_num_locks(); i++) {
--        pthread_mutex_destroy(&(mutex_buf[i]));
--  }
--
--  mutex_buf_initialized = 0;
--
--#endif
-+static int THREAD_setup(void) {
-+    return 1;
-+}
--  return 1;
-+int THREAD_cleanup(void);
-+int THREAD_cleanup(void){
-+    return 1;
- }
-+#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */
-+#endif /* defined(OPENSSL_THREADS) */
- static void adjust_key_file_name(char *fn, const char* file_title, int critical)
- {