[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Tony Vroon]

commit:     32c60bef3d0f71430417a985ce11ba3a1108ece4
Author:     Tony Vroon <chainsaw <AT> gentoo <DOT> org>
AuthorDate: Wed Mar 14 09:17:32 2018 +0000
Commit:     Tony Vroon <chainsaw <AT> gentoo <DOT> org>
CommitDate: Wed Mar 14 09:17:32 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=32c60bef

net-libs/pjproject: Version bump to 2.7.2

Fixed SSL flipflop logic by Felix Janda replaces my own failed first attempt.
Upstream has two security fixes around malformed SDP, a crash due to an invalid
ftmp attribute and a crash due to an invalid media format description.

Package-Manager: Portage-2.3.24, Repoman-2.3.6

 net-libs/pjproject/Manifest                        |   1 +
 .../files/pjproject-2.7.2-ssl-flipflop.patch       | 103 +++++++++++++++++++
 net-libs/pjproject/pjproject-2.7.2.ebuild          | 110 +++++++++++++++++++++
 3 files changed, 214 insertions(+)

diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index f4403851ca6..12e01535ff4 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1 +1,2 @@
 DIST pjproject-2.7.1.tar.bz2 4880007 BLAKE2B 33fca89f07abc0b9662b1070c96b903c236a60149734755286dad3111411dbeef5779077a77d21112be6db2957cb7e18c5c833b3c5fd32c26be44d4550fb215e SHA512 cd15afee2a02659668ff228b2652d2bd179393e3b5031afae1c326354fb9676babc08eb689e466165536abc360684299b4fdb41dbb1148aed89afe1ce7e5d979
+DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7 SHA512 3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd

diff --git a/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
new file mode 100644
index 00000000000..c984bc62962
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
@@ -0,0 +1,103 @@
+--- pjproject-2.7.1.ORIG/aconfigure.ac	2018-02-06 11:34:20.973411193 +0000
++++ pjproject-2.7.1/aconfigure.ac	2018-02-06 13:33:31.525015674 +0000
+@@ -1551,57 +1551,56 @@
+     enable_ssl=no
+ fi
+ 
+-dnl # Include SSL support
++dnl # Correct --enable vs --disable SSL flipflop logic
+ AC_SUBST(ac_no_ssl)
+ AC_SUBST(ac_ssl_has_aes_gcm,0)
+ AC_ARG_ENABLE(ssl,
+ 	      AS_HELP_STRING([--disable-ssl],
+ 			     [Exclude SSL support the build (default: autodetect)])
+-	      ,
+-	      [
+-		if test "$enable_ssl" = "no"; then
+-		 [ac_no_ssl=1]
+-		 AC_MSG_RESULT([Checking if SSL support is disabled... yes])
+-	        fi
+-	      ],
+-	      [
+-		AC_MSG_RESULT([checking for OpenSSL installations..])
+-                if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
+-                    CFLAGS="$CFLAGS -I$with_ssl/include"
+-                    LDFLAGS="$LDFLAGS -L$with_ssl/lib"
+-                    AC_MSG_RESULT([Using SSL prefix... $with_ssl])
+-                fi
+-		AC_SUBST(openssl_h_present)
+-		AC_SUBST(libssl_present)
+-		AC_SUBST(libcrypto_present)
+-		AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
+-		AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
+-		AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
+-		if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
+-	        	AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
+-			
+-			# Check if SRTP should be compiled with OpenSSL
+-			# support, to enable cryptos such as AES GCM.
+-			
+-			# EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
+-			# Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
+-			# so we can omit EVP_CIPHER_CTX definition check now.
+-			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
+-							  [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
+-					  [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
+-			if test "x$ac_ssl_has_aes_gcm" = "x1"; then
+-				AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
+-			else
+-				AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
+-			fi
+-
+-			# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
+-			#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
+-			AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
++)
++
++dnl # OpenSSL detection
++AC_MSG_CHECKING([OpenSSL installations])
++if test "x$enable_ssl" = "xno"; then
++	ac_no_ssl=1
++	AC_MSG_RESULT([explicitly disabled])
++else
++	if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
++		CFLAGS="$CFLAGS -I$with_ssl/include"
++		LDFLAGS="$LDFLAGS -L$with_ssl/lib"
++		AC_MSG_RESULT([Using SSL prefix... $with_ssl])
++	fi
++	AC_SUBST(openssl_h_present)
++	AC_SUBST(libssl_present)
++	AC_SUBST(libcrypto_present)
++	AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
++	AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
++	AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
++	if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
++	       	AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
++
++		# Check if SRTP should be compiled with OpenSSL
++		# support, to enable cryptos such as AES GCM.
++
++		# EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
++		# Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
++		# so we can omit EVP_CIPHER_CTX definition check now.
++		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
++						  [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
++				  [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
++		if test "x$ac_ssl_has_aes_gcm" = "x1"; then
++			AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
+ 		else
+-			AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
++			AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
+ 		fi
+-	      ])
++
++		# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
++		#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
++		AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
++	else
++		AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
++	fi
++fi
+ 
+ dnl # Obsolete option --with-opencore-amrnb
+ AC_ARG_WITH(opencore-amrnb,

diff --git a/net-libs/pjproject/pjproject-2.7.2.ebuild b/net-libs/pjproject/pjproject-2.7.2.ebuild
new file mode 100644
index 00000000000..e4d25565824
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.7.2.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="http://www.pjsip.org/"
+SRC_URI="http://www.pjsip.org/release/${PV}/${P}.tar.bz2"
+KEYWORDS="~amd64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0"
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv"
+SOUND_FLAGS="alsa oss portaudio"
+IUSE="amr debug doc epoll examples ipv6 opus resample silk ssl static-libs webrtc ${CODEC_FLAGS} ${VIDEO_FLAGS} ${SOUND_FLAGS}"
+
+PATCHES=( "${FILESDIR}"/${P}-ssl-flipflop.patch )
+
+RDEPEND="alsa? ( media-libs/alsa-lib )
+	oss? ( media-libs/portaudio[oss] )
+	portaudio? ( media-libs/portaudio )
+
+	amr? ( media-libs/opencore-amr )
+	gsm? ( media-sound/gsm )
+	ilbc? ( dev-libs/ilbc-rfc3951 )
+	opus? ( media-libs/opus )
+	speex? ( media-libs/speexdsp )
+
+	ffmpeg? ( virtual/ffmpeg:= )
+	sdl? ( media-libs/libsdl )
+	openh264? ( media-libs/openh264 )
+	resample? ( media-libs/libsamplerate )
+
+	ssl? ( dev-libs/openssl:= )
+
+	net-libs/libsrtp:0"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig"
+
+REQUIRED_USE="?? ( ${SOUND_FLAGS} )"
+
+src_prepare() {
+	default
+	rm configure || die "Unable to remove unwanted wrapper"
+	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+	eautoreconf
+}
+
+src_configure() {
+	local myconf=()
+	local videnable="--disable-video"
+	local t
+
+	use ipv6 && append-cflags -DPJ_HAS_IPV6=1
+	use debug || append-cflags -DNDEBUG=1
+
+	for t in ${CODEC_FLAGS}; do
+		myconf+=( $(use_enable ${t} ${t}-codec) )
+	done
+
+	for t in ${VIDEO_FLAGS}; do
+		myconf+=( $(use_enable ${t}) )
+		use "${t}" && videnable="--enable-video"
+	done
+
+	econf \
+		--enable-shared \
+		--with-external-srtp \
+		${videnable} \
+		$(use_enable epoll) \
+		$(use_with gsm external-gsm) \
+		$(use_with speex external-speex) \
+		$(use_enable speex speex-aec) \
+		$(use_enable resample) \
+		$(use_enable resample libsamplerate) \
+		$(use_enable resample resample-dll) \
+		$(use_enable alsa sound) \
+		$(use_enable oss) \
+		$(use_with portaudio external-pa) \
+		$(use_enable portaudio ext-sound) \
+		$(use_enable amr opencore-amr) \
+		$(use_enable silk) \
+		$(use_enable opus) \
+		$(use_enable ssl) \
+		$(use_enable webrtc libwebrtc) \
+		"${myconf[@]}"
+}
+
+src_compile() {
+	emake dep
+	emake
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	if use doc; then
+		dodoc README.txt README-RTEMS
+	fi
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r pjsip-apps/src/samples
+	fi
+
+	use static-libs || rm "${D}/usr/$(get_libdir)/*.a"
+}

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Sam James]

commit:     6bc5649ec449bd87fb1be521cd55ce273c6f2c02
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Tue Dec 29 05:44:55 2020 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Mon Jan  4 16:32:47 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bc5649e

net-libs/pjproject: drop old versions.

Bug: https://bugs.gentoo.org/444470
Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-libs/pjproject/Manifest                        |   1 -
 .../files/pjproject-2.7.1-ssl-flipflop.patch       | 103 -------------------
 net-libs/pjproject/pjproject-2.7.1-r1.ebuild       | 110 ---------------------
 3 files changed, 214 deletions(-)

diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index 3f48fc752d5..5d10ffe7549 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1,4 +1,3 @@
 DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893
-DIST pjproject-2.7.1.tar.bz2 4880007 BLAKE2B 33fca89f07abc0b9662b1070c96b903c236a60149734755286dad3111411dbeef5779077a77d21112be6db2957cb7e18c5c833b3c5fd32c26be44d4550fb215e SHA512 cd15afee2a02659668ff228b2652d2bd179393e3b5031afae1c326354fb9676babc08eb689e466165536abc360684299b4fdb41dbb1148aed89afe1ce7e5d979
 DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7 SHA512 3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd
 DIST pjproject-2.9.tar.bz2 5009546 BLAKE2B 853f86e57c0f58943e977856bebc7dc20684ac4a6a16a55f3fe4ddf58ca58187bdc1011c5df2bc72de690f1695484012b582e56dd0e88a624ef319a5f3623772 SHA512 a65823a86ad0cd76890cf7dd2485f7547fd90aea2ef631c5420c009b35f39eda3b78551a42fc2816c2470de9eb728c26497774a8494824472ecaa1d2889cc20b

diff --git a/net-libs/pjproject/files/pjproject-2.7.1-ssl-flipflop.patch b/net-libs/pjproject/files/pjproject-2.7.1-ssl-flipflop.patch
deleted file mode 100644
index fd1dc5caa1e..00000000000
--- a/net-libs/pjproject/files/pjproject-2.7.1-ssl-flipflop.patch
+++ /dev/null
@@ -1,103 +0,0 @@
---- pjproject-2.7.1.ORIG/aconfigure.ac	2018-02-06 11:34:20.973411193 +0000
-+++ pjproject-2.7.1/aconfigure.ac	2018-02-06 13:33:31.525015674 +0000
-@@ -1551,57 +1551,56 @@
-     enable_ssl=no
- fi
- 
--dnl # Include SSL support
-+dnl # Correct --enable vs --disable SSL flipflop logic
- AC_SUBST(ac_no_ssl)
- AC_SUBST(ac_ssl_has_aes_gcm,0)
- AC_ARG_ENABLE(ssl,
- 	      AS_HELP_STRING([--disable-ssl],
- 			     [Exclude SSL support the build (default: autodetect)])
--	      ,
--	      [
--		if test "$enable_ssl" = "no"; then
--		 [ac_no_ssl=1]
--		 AC_MSG_RESULT([Checking if SSL support is disabled... yes])
--	        fi
--	      ],
--	      [
--		AC_MSG_RESULT([checking for OpenSSL installations..])
--                if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
--                    CFLAGS="$CFLAGS -I$with_ssl/include"
--                    LDFLAGS="$LDFLAGS -L$with_ssl/lib"
--                    AC_MSG_RESULT([Using SSL prefix... $with_ssl])
--                fi
--		AC_SUBST(openssl_h_present)
--		AC_SUBST(libssl_present)
--		AC_SUBST(libcrypto_present)
--		AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
--		AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
--		AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
--		if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
--	        	AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
--			
--			# Check if SRTP should be compiled with OpenSSL
--			# support, to enable cryptos such as AES GCM.
--			
--			# EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
--			# Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
--			# so we can omit EVP_CIPHER_CTX definition check now.
--			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
--							  [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
--					  [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
--			if test "x$ac_ssl_has_aes_gcm" = "x1"; then
--				AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
--			else
--				AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
--			fi
--
--			# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
--			#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
--			AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
-+	      ,	 [ac_no_ssl=1]
-+)
-+
-+dnl # OpenSSL detection
-+AC_MSG_CHECKING([OpenSSL installations])
-+if test "x$ac_no_ssl" = "x1"; then
-+	AC_MSG_RESULT([explicitly disabled])
-+else
-+	if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
-+		CFLAGS="$CFLAGS -I$with_ssl/include"
-+		LDFLAGS="$LDFLAGS -L$with_ssl/lib"
-+		AC_MSG_RESULT([Using SSL prefix... $with_ssl])
-+	fi
-+	AC_SUBST(openssl_h_present)
-+	AC_SUBST(libssl_present)
-+	AC_SUBST(libcrypto_present)
-+	AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
-+	AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
-+	AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
-+	if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
-+	       	AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
-+
-+		# Check if SRTP should be compiled with OpenSSL
-+		# support, to enable cryptos such as AES GCM.
-+
-+		# EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
-+		# Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
-+		# so we can omit EVP_CIPHER_CTX definition check now.
-+		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
-+						  [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
-+				  [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
-+		if test "x$ac_ssl_has_aes_gcm" = "x1"; then
-+			AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
- 		else
--			AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
-+			AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
- 		fi
--	      ])
-+
-+		# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
-+		#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
-+		AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
-+	else
-+		AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
-+	fi
-+fi
- 
- dnl # Obsolete option --with-opencore-amrnb
- AC_ARG_WITH(opencore-amrnb,

diff --git a/net-libs/pjproject/pjproject-2.7.1-r1.ebuild b/net-libs/pjproject/pjproject-2.7.1-r1.ebuild
deleted file mode 100644
index a9e3fdf624d..00000000000
--- a/net-libs/pjproject/pjproject-2.7.1-r1.ebuild
+++ /dev/null
@@ -1,110 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-
-inherit autotools flag-o-matic
-
-DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
-HOMEPAGE="https://www.pjsip.org/"
-SRC_URI="https://www.pjsip.org/release/${PV}/${P}.tar.bz2"
-KEYWORDS="amd64 ~ppc x86"
-
-LICENSE="GPL-2"
-SLOT="0"
-CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
-VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv"
-SOUND_FLAGS="alsa oss portaudio"
-IUSE="amr debug doc epoll examples ipv6 opus resample silk ssl static-libs webrtc ${CODEC_FLAGS} ${VIDEO_FLAGS} ${SOUND_FLAGS}"
-
-PATCHES=( "${FILESDIR}"/${P}-ssl-flipflop.patch )
-
-RDEPEND="alsa? ( media-libs/alsa-lib )
-	oss? ( media-libs/portaudio[oss] )
-	portaudio? ( media-libs/portaudio )
-
-	amr? ( media-libs/opencore-amr )
-	gsm? ( media-sound/gsm )
-	ilbc? ( dev-libs/ilbc-rfc3951 )
-	opus? ( media-libs/opus )
-	speex? ( media-libs/speexdsp )
-
-	ffmpeg? ( media-video/ffmpeg:= )
-	sdl? ( media-libs/libsdl )
-	openh264? ( media-libs/openh264 )
-	resample? ( media-libs/libsamplerate )
-
-	ssl? ( dev-libs/openssl:= )
-
-	net-libs/libsrtp:0"
-DEPEND="${RDEPEND}
-	virtual/pkgconfig"
-
-REQUIRED_USE="?? ( ${SOUND_FLAGS} )"
-
-src_prepare() {
-	default
-	rm configure || die "Unable to remove unwanted wrapper"
-	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
-	eautoreconf
-}
-
-src_configure() {
-	local myconf=()
-	local videnable="--disable-video"
-	local t
-
-	use ipv6 && append-cflags -DPJ_HAS_IPV6=1
-	use debug || append-cflags -DNDEBUG=1
-
-	for t in ${CODEC_FLAGS}; do
-		myconf+=( $(use_enable ${t} ${t}-codec) )
-	done
-
-	for t in ${VIDEO_FLAGS}; do
-		myconf+=( $(use_enable ${t}) )
-		use "${t}" && videnable="--enable-video"
-	done
-
-	econf \
-		--enable-shared \
-		--with-external-srtp \
-		${videnable} \
-		$(use_enable epoll) \
-		$(use_with gsm external-gsm) \
-		$(use_with speex external-speex) \
-		$(use_enable speex speex-aec) \
-		$(use_enable resample) \
-		$(use_enable resample libsamplerate) \
-		$(use_enable resample resample-dll) \
-		$(use_enable alsa sound) \
-		$(use_enable oss) \
-		$(use_with portaudio external-pa) \
-		$(use_enable portaudio ext-sound) \
-		$(use_enable amr opencore-amr) \
-		$(use_enable silk) \
-		$(use_enable opus) \
-		$(use_enable ssl) \
-		$(use_enable webrtc libwebrtc) \
-		"${myconf[@]}"
-}
-
-src_compile() {
-	emake dep
-	emake
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-
-	if use doc; then
-		dodoc README.txt README-RTEMS
-	fi
-
-	if use examples; then
-		insinto "/usr/share/doc/${PF}/examples"
-		doins -r pjsip-apps/src/samples
-	fi
-
-	use static-libs || rm "${D}/usr/$(get_libdir)/*.a"
-}

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Sam James]

commit:     69e63f7c831f2a585cd34cb74a3f8bbff901f798
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Thu Mar 11 07:34:54 2021 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu Mar 11 08:19:44 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69e63f7c

net-libs/pjproject: security rev bump to 2.10-r1

Upstream didn't release a new version as one would expect. Instead
patches are applied locally.

Also add subslot because they are equally good at maintaining ABI
compatibility, and SONAME is never updated, thus we need to be able to
depend on subslots to rebuild (preserved-rebuild is no good).

Bug: https://bugs.gentoo.org/775359
Bug: https://bugs.gentoo.org/775353
Package-Manager: Portage-3.0.13, Repoman-3.0.2
Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/19876
Signed-off-by: Sam James <sam <AT> gentoo.org>

 ...ct-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 +++++++++++++++++++++
 ...-CVE-2021-21375-negotiation-failure-crash.patch |  45 ++++++++
 ...ion-between-transport-destroy-and-acquire.patch | 108 ++++++++++++++++++
 net-libs/pjproject/pjproject-2.10-r1.ebuild        | 125 +++++++++++++++++++++
 4 files changed, 403 insertions(+)

diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
new file mode 100644
index 00000000000..0d7df686a15
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
@@ -0,0 +1,125 @@
+From 67e46c1ac45ad784db5b9080f5ed8b133c122872 Mon Sep 17 00:00:00 2001
+From: sauwming <ming@teluu.com>
+Date: Mon, 8 Mar 2021 17:39:36 +0800
+Subject: [PATCH] Merge pull request from GHSA-8hcp-hm38-mfph
+
+* Check hostname during TLS transport selection
+
+* revision based on feedback
+
+* remove the code in create_request that has been moved
+---
+ pjsip/include/pjsip/sip_dialog.h |  1 +
+ pjsip/src/pjsip/sip_dialog.c     | 15 +++++++++++++++
+ pjsip/src/pjsip/sip_transport.c  | 13 +++++++++++++
+ pjsip/src/pjsip/sip_util.c       | 11 ++++++++---
+ 4 files changed, 37 insertions(+), 3 deletions(-)
+
+diff --git a/pjsip/include/pjsip/sip_dialog.h b/pjsip/include/pjsip/sip_dialog.h
+index a0214d28c..e314c2ece 100644
+--- a/pjsip/include/pjsip/sip_dialog.h
++++ b/pjsip/include/pjsip/sip_dialog.h
+@@ -165,6 +165,7 @@ struct pjsip_dialog
+     pjsip_route_hdr	route_set;  /**< Route set.			    */
+     pj_bool_t		route_set_frozen; /**< Route set has been set.	    */
+     pjsip_auth_clt_sess	auth_sess;  /**< Client authentication session.	    */
++    pj_str_t		initial_dest;/**< Initial destination host.  	    */
+ 
+     /** Session counter. */
+     int			sess_count; /**< Number of sessions.		    */
+diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c
+index 27530e4f2..9571b5a35 100644
+--- a/pjsip/src/pjsip/sip_dialog.c
++++ b/pjsip/src/pjsip/sip_dialog.c
+@@ -467,6 +467,10 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua,
+ 
+     /* Save the remote info. */
+     pj_strdup(dlg->pool, &dlg->remote.info_str, &tmp);
++    
++    /* Save initial destination host from transport's info */
++    pj_strdup(dlg->pool, &dlg->initial_dest,
++    	      &rdata->tp_info.transport->remote_name.host);
+ 
+ 
+     /* Init remote's contact from Contact header.
+@@ -1192,6 +1196,12 @@ static pj_status_t dlg_create_request_throw( pjsip_dialog *dlg,
+ 	    return status;
+     }
+ 
++    /* Copy the initial destination host to tdata. This information can be
++     * used later by transport for transport selection.
++     */
++    if (dlg->initial_dest.slen)
++    	pj_strdup(tdata->pool, &tdata->dest_info.name, &dlg->initial_dest);
++
+     /* Done. */
+     *p_tdata = tdata;
+ 
+@@ -1822,6 +1832,11 @@ static void dlg_update_routeset(pjsip_dialog *dlg, const pjsip_rx_data *rdata)
+      * transaction as the initial transaction that establishes dialog.
+      */
+     if (dlg->role == PJSIP_ROLE_UAC) {
++    	/* Save initial destination host from transport's info. */
++    	if (!dlg->initial_dest.slen) {
++    	    pj_strdup(dlg->pool, &dlg->initial_dest,
++    	      	      &rdata->tp_info.transport->remote_name.host);
++    	}
+ 
+ 	/* Ignore subsequent request from remote */
+ 	if (msg->type != PJSIP_RESPONSE_MSG)
+diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
+index bef6d24fe..177274b08 100644
+--- a/pjsip/src/pjsip/sip_transport.c
++++ b/pjsip/src/pjsip/sip_transport.c
+@@ -2335,6 +2335,19 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
+ 		    if (!tp_iter->tp->is_shutdown &&
+ 			!tp_iter->tp->is_destroying)
+ 		    {
++			if ((type & PJSIP_TRANSPORT_SECURE) && tdata) {
++			    /* For secure transport, make sure tdata's
++			     * destination host matches the transport's
++			     * remote host.
++			     */
++			    if (pj_stricmp(&tdata->dest_info.name,
++				  	   &tp_iter->tp->remote_name.host))
++			    {
++			    	tp_iter = tp_iter->next;
++			    	continue;
++			    }
++			}
++
+ 			if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER &&
+ 			    sel->u.listener)
+ 			{
+diff --git a/pjsip/src/pjsip/sip_util.c b/pjsip/src/pjsip/sip_util.c
+index a1bf878ea..cf916805d 100644
+--- a/pjsip/src/pjsip/sip_util.c
++++ b/pjsip/src/pjsip/sip_util.c
+@@ -1417,7 +1417,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_request_stateless(pjsip_endpoint *endpt,
+      */
+     if (tdata->dest_info.addr.count == 0) {
+ 	/* Copy the destination host name to TX data */
+-	pj_strdup(tdata->pool, &tdata->dest_info.name, &dest_info.addr.host);
++	if (!tdata->dest_info.name.slen) {
++	    pj_strdup(tdata->pool, &tdata->dest_info.name,
++	    	      &dest_info.addr.host);
++	}
+ 
+ 	pjsip_endpt_resolve( endpt, tdata->pool, &dest_info, stateless_data,
+ 			     &stateless_send_resolver_callback);
+@@ -1810,8 +1813,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_response( pjsip_endpoint *endpt,
+ 	}
+     } else {
+ 	/* Copy the destination host name to TX data */
+-	pj_strdup(tdata->pool, &tdata->dest_info.name, 
+-		  &res_addr->dst_host.addr.host);
++	if (!tdata->dest_info.name.slen) {
++	    pj_strdup(tdata->pool, &tdata->dest_info.name, 
++		      &res_addr->dst_host.addr.host);
++	}
+ 
+ 	pjsip_endpt_resolve(endpt, tdata->pool, &res_addr->dst_host, 
+ 			    send_state, &send_response_resolver_cb);
+-- 
+2.26.2
+

diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch
new file mode 100644
index 00000000000..9dc9016e491
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch
@@ -0,0 +1,45 @@
+From 97b3d7addbaa720b7ddb0af9bf6f3e443e664365 Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin <nanang@teluu.com>
+Date: Mon, 8 Mar 2021 16:09:34 +0700
+Subject: [PATCH] Merge pull request from GHSA-hvq6-f89p-frvp
+
+---
+ pjmedia/src/pjmedia/sdp_neg.c | 14 ++++++++++++--
+ 1 file changed, 12 insertions(+), 2 deletions(-)
+
+diff --git a/pjmedia/src/pjmedia/sdp_neg.c b/pjmedia/src/pjmedia/sdp_neg.c
+index f4838f75d..9f76b5200 100644
+--- a/pjmedia/src/pjmedia/sdp_neg.c
++++ b/pjmedia/src/pjmedia/sdp_neg.c
+@@ -304,7 +304,6 @@ PJ_DEF(pj_status_t) pjmedia_sdp_neg_modify_local_offer2(
+ {
+     pjmedia_sdp_session *new_offer;
+     pjmedia_sdp_session *old_offer;
+-    char media_used[PJMEDIA_MAX_SDP_MEDIA];
+     unsigned oi; /* old offer media index */
+     pj_status_t status;
+ 
+@@ -323,8 +322,19 @@ PJ_DEF(pj_status_t) pjmedia_sdp_neg_modify_local_offer2(
+     /* Change state to STATE_LOCAL_OFFER */
+     neg->state = PJMEDIA_SDP_NEG_STATE_LOCAL_OFFER;
+ 
++    /* When there is no active local SDP in state PJMEDIA_SDP_NEG_STATE_DONE,
++     * it means that the previous initial SDP nego must have been failed,
++     * so we'll just set the local SDP offer here.
++     */
++    if (!neg->active_local_sdp) {
++	neg->initial_sdp_tmp = NULL;
++	neg->initial_sdp = pjmedia_sdp_session_clone(pool, local);
++	neg->neg_local_sdp = pjmedia_sdp_session_clone(pool, local);
++
++	return PJ_SUCCESS;
++    }
++
+     /* Init vars */
+-    pj_bzero(media_used, sizeof(media_used));
+     old_offer = neg->active_local_sdp;
+     new_offer = pjmedia_sdp_session_clone(pool, local);
+ 
+-- 
+2.26.2
+

diff --git a/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch b/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch
new file mode 100644
index 00000000000..b036951d9ed
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch
@@ -0,0 +1,108 @@
+From 90a16c523bfdf4d43c10506c972c5fd4250b2856 Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin <nanang@teluu.com>
+Date: Fri, 20 Nov 2020 10:52:22 +0700
+Subject: [PATCH] Race condition between transport destroy and acquire (#2470)
+
+* Handle race condition between transport_idle_callback() and pjsip_tpmgr_acquire_transport2().
+* Add transport destroy state check as additional of transport shutdown state check
+---
+ pjsip/src/pjsip/sip_transaction.c |  2 +-
+ pjsip/src/pjsip/sip_transport.c   | 34 +++++++++++++++++++++++++------
+ 2 files changed, 29 insertions(+), 7 deletions(-)
+
+diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c
+index 2b4ece7df..f663c7f4b 100644
+--- a/pjsip/src/pjsip/sip_transaction.c
++++ b/pjsip/src/pjsip/sip_transaction.c
+@@ -2443,7 +2443,7 @@ static void tsx_update_transport( pjsip_transaction *tsx,
+ 	pjsip_transport_add_ref(tp);
+ 	pjsip_transport_add_state_listener(tp, &tsx_tp_state_callback, tsx,
+ 					    &tsx->tp_st_key);
+-        if (tp->is_shutdown) {
++	if (tp->is_shutdown || tp->is_destroying) {
+ 	    pjsip_transport_state_info info;
+ 
+ 	    pj_bzero(&info, sizeof(info));
+diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
+index 06fce358c..bef6d24fe 100644
+--- a/pjsip/src/pjsip/sip_transport.c
++++ b/pjsip/src/pjsip/sip_transport.c
+@@ -1071,6 +1071,19 @@ static void transport_idle_callback(pj_timer_heap_t *timer_heap,
+ 	return;
+ 
+     entry->id = PJ_FALSE;
++
++    /* Set is_destroying flag under transport manager mutex to avoid
++     * race condition with pjsip_tpmgr_acquire_transport2().
++     */
++    pj_lock_acquire(tp->tpmgr->lock);
++    if (pj_atomic_get(tp->ref_cnt) == 0) {
++	tp->is_destroying = PJ_TRUE;
++    } else {
++	pj_lock_release(tp->tpmgr->lock);
++	return;
++    }
++    pj_lock_release(tp->tpmgr->lock);
++
+     pjsip_transport_destroy(tp);
+ }
+ 
+@@ -1392,8 +1405,8 @@ PJ_DEF(pj_status_t) pjsip_transport_shutdown2(pjsip_transport *tp,
+     mgr = tp->tpmgr;
+     pj_lock_acquire(mgr->lock);
+ 
+-    /* Do nothing if transport is being shutdown already */
+-    if (tp->is_shutdown) {
++    /* Do nothing if transport is being shutdown/destroyed already */
++    if (tp->is_shutdown || tp->is_destroying) {
+ 	pj_lock_release(mgr->lock);
+ 	pj_lock_release(tp->lock);
+ 	return PJ_SUCCESS;
+@@ -2256,6 +2269,13 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
+ 	    return PJSIP_ETPNOTSUITABLE;
+ 	}
+ 
++	/* Make sure the transport is not being destroyed */
++	if (seltp->is_destroying) {
++	    pj_lock_release(mgr->lock);
++	    TRACE_((THIS_FILE,"Transport to be acquired is being destroyed"));
++	    return PJ_ENOTFOUND;
++	}
++
+ 	/* We could also verify that the destination address is reachable
+ 	 * from this transport (i.e. both are equal), but if application
+ 	 * has requested a specific transport to be used, assume that
+@@ -2311,8 +2331,10 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
+ 	    if (tp_entry) {
+ 		transport *tp_iter = tp_entry;
+ 		do {
+-		    /* Don't use transport being shutdown */
+-		    if (!tp_iter->tp->is_shutdown) {
++		    /* Don't use transport being shutdown/destroyed */
++		    if (!tp_iter->tp->is_shutdown &&
++			!tp_iter->tp->is_destroying)
++		    {
+ 			if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER &&
+ 			    sel->u.listener)
+ 			{
+@@ -2382,7 +2404,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
+ 	    TRACE_((THIS_FILE, "Transport found but from different listener"));
+ 	}
+ 
+-	if (tp_ref!=NULL && !tp_ref->is_shutdown) {
++	if (tp_ref!=NULL && !tp_ref->is_shutdown && !tp_ref->is_destroying) {
+ 	    /*
+ 	     * Transport found!
+ 	     */
+@@ -2624,7 +2646,7 @@ PJ_DEF(pj_status_t) pjsip_transport_add_state_listener (
+ 
+     PJ_ASSERT_RETURN(tp && cb && key, PJ_EINVAL);
+ 
+-    if (tp->is_shutdown) {
++    if (tp->is_shutdown || tp->is_destroying) {
+ 	*key = NULL;
+ 	return PJ_EINVALIDOP;
+     }
+-- 
+2.26.2
+

diff --git a/net-libs/pjproject/pjproject-2.10-r1.ebuild b/net-libs/pjproject/pjproject-2.10-r1.ebuild
new file mode 100644
index 00000000000..7731f052e47
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.10-r1.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://www.pjsip.org/"
+SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
+SOUND_FLAGS="alsa portaudio"
+IUSE="amr debug epoll examples ipv6 libressl opus resample silk ssl static-libs webrtc
+	${CODEC_FLAGS} g729
+	${VIDEO_FLAGS}
+	${SOUND_FLAGS}"
+
+PATCHES=(
+	"${FILESDIR}/pjproject-2.9-ssl-enable.patch"
+	"${FILESDIR}/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch"
+	"${FILESDIR}/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch"
+	"${FILESDIR}/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch"
+)
+
+RDEPEND="net-libs/libsrtp:=
+	alsa? ( media-libs/alsa-lib )
+	amr? ( media-libs/opencore-amr )
+	ffmpeg? ( media-video/ffmpeg:= )
+	g729? ( media-libs/bcg729 )
+	gsm? ( media-sound/gsm )
+	ilbc? ( media-libs/libilbc )
+	openh264? ( media-libs/openh264 )
+	opus? ( media-libs/opus )
+	portaudio? ( media-libs/portaudio )
+	resample? ( media-libs/libsamplerate )
+	sdl? ( media-libs/libsdl )
+	speex? (
+		media-libs/speex
+		media-libs/speexdsp
+	)
+	ssl? (
+		!libressl? ( dev-libs/openssl:0= )
+		libressl? ( dev-libs/libressl:0= )
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+src_prepare() {
+	default
+	rm configure || die "Unable to remove unwanted wrapper"
+	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+	eautoreconf
+
+	cp "${FILESDIR}/pjproject-2.9-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
+}
+
+src_configure() {
+	local myconf=()
+	local videnable="--disable-video"
+	local t
+
+	use debug || append-cflags -DNDEBUG=1
+	use ipv6 && append-cflags -DPJ_HAS_IPV6=1
+	append-cflags -DPJMEDIA_HAS_SRTP=1
+
+	for t in ${CODEC_FLAGS}; do
+		myconf+=( $(use_enable ${t} ${t}-codec) )
+	done
+	myconf+=( $(use_enable g729 bcg729) )
+
+	for t in ${VIDEO_FLAGS}; do
+		myconf+=( $(use_enable ${t}) )
+		use "${t}" && videnable="--enable-video"
+	done
+
+	[ "${videnable}" = "--enable-video" ] && append-cflags -DPJMEDIA_HAS_VIDEO=1
+
+	LD="$(tc-getCC)" econf \
+		--enable-shared \
+		--with-external-srtp \
+		${videnable} \
+		$(use_enable alsa sound) \
+		$(use_enable amr opencore-amr) \
+		$(use_enable epoll) \
+		$(use_enable opus) \
+		$(use_enable portaudio ext-sound) \
+		$(use_enable resample libsamplerate) \
+		$(use_enable resample resample-dll) \
+		$(use_enable resample) \
+		$(use_enable silk) \
+		$(use_enable speex speex-aec) \
+		$(use_enable ssl) \
+		$(use_with gsm external-gsm) \
+		$(use_with portaudio external-pa) \
+		$(use_with speex external-speex) \
+		$(usex webrtc '' --disable-libwebrtc) \
+		"${myconf[@]}"
+}
+
+src_compile() {
+	emake dep LD="$(tc-getCC)"
+	emake LD="$(tc-getCC)"
+}
+
+src_install() {
+	default
+
+	newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
+	newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r pjsip-apps/src/samples
+	fi
+
+	use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
+}

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Joonas Niilola]

commit:     93f6d97e4bd66daa168e1790f8cb3b8086854bd1
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Fri Jul 23 05:10:18 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Fri Jul 23 07:24:58 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=93f6d97e

net-libs/pjproject: sec bump

Upstream not releasing new version, so just bring in the patch to -r2.

This addresses AST-2021-009 for

Closes: https://bugs.gentoo.org/803440
Package-Manager: Portage-3.0.20, Repoman-3.0.2
Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/21752
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 ...21-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch | 289 +++++++++++++++++++++
 net-libs/pjproject/pjproject-2.10-r2.ebuild        | 125 +++++++++
 2 files changed, 414 insertions(+)

diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
new file mode 100644
index 00000000000..ba31cf19eda
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
@@ -0,0 +1,289 @@
+From d5f95aa066f878b0aef6a64e60b61e8626e664cd Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin <nanang@teluu.com>
+Date: Fri, 23 Jul 2021 10:49:21 +0700
+Subject: [PATCH] Merge pull request from GHSA-cv8x-p47p-99wr
+
+* - Avoid SSL socket parent/listener getting destroyed during handshake by increasing parent's reference count.
+- Add missing SSL socket close when the newly accepted SSL socket is discarded in SIP TLS transport.
+
+* - Fix silly mistake: accepted active socket created without group lock in SSL socket.
+- Replace assertion with normal validation check of SSL socket instance in OpenSSL verification callback (verify_cb()) to avoid crash, e.g: if somehow race condition with SSL socket destroy happens or OpenSSL application data index somehow gets corrupted.
+---
+ pjlib/src/pj/ssl_sock_imp_common.c  | 47 +++++++++++++++++++++--------
+ pjlib/src/pj/ssl_sock_ossl.c        | 45 ++++++++++++++++++++++-----
+ pjsip/src/pjsip/sip_transport_tls.c | 23 +++++++++++++-
+ 3 files changed, 95 insertions(+), 20 deletions(-)
+
+diff --git a/pjlib/src/pj/ssl_sock_imp_common.c b/pjlib/src/pj/ssl_sock_imp_common.c
+index 025832da4..24533b397 100644
+--- a/pjlib/src/pj/ssl_sock_imp_common.c
++++ b/pjlib/src/pj/ssl_sock_imp_common.c
+@@ -255,6 +255,8 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
+ 
+     /* Accepting */
+     if (ssock->is_server) {
++	pj_bool_t ret = PJ_TRUE;
++
+ 	if (status != PJ_SUCCESS) {
+ 	    /* Handshake failed in accepting, destroy our self silently. */
+ 
+@@ -272,6 +274,12 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
+ 		      status);
+ 	    }
+ 
++	    /* Decrement ref count of parent */
++	    if (ssock->parent->param.grp_lock) {
++		pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
++		ssock->parent = NULL;
++	    }
++
+ 	    /* Originally, this is a workaround for ticket #985. However,
+ 	     * a race condition may occur in multiple worker threads
+ 	     * environment when we are destroying SSL objects while other
+@@ -315,23 +323,29 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
+ 
+ 	    return PJ_FALSE;
+ 	}
++
+ 	/* Notify application the newly accepted SSL socket */
+ 	if (ssock->param.cb.on_accept_complete2) {
+-	    pj_bool_t ret;
+ 	    ret = (*ssock->param.cb.on_accept_complete2) 
+ 		    (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr, 
+ 		    pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr), 
+ 		    status);
+-	    if (ret == PJ_FALSE)
+-		return PJ_FALSE;	
+ 	} else if (ssock->param.cb.on_accept_complete) {
+-	    pj_bool_t ret;
+ 	    ret = (*ssock->param.cb.on_accept_complete)
+ 		      (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr,
+ 		       pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr));
+-	    if (ret == PJ_FALSE)
+-		return PJ_FALSE;
+ 	}
++
++	/* Decrement ref count of parent and reset parent (we don't need it
++	 * anymore, right?).
++	 */
++	if (ssock->parent->param.grp_lock) {
++	    pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
++	    ssock->parent = NULL;
++	}
++
++	if (ret == PJ_FALSE)
++	    return PJ_FALSE;
+     }
+ 
+     /* Connecting */
+@@ -930,9 +944,13 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
+     if (status != PJ_SUCCESS)
+ 	goto on_return;
+ 
++    /* Set parent and add ref count (avoid parent destroy during handshake) */
++    ssock->parent = ssock_parent;
++    if (ssock->parent->param.grp_lock)
++	pj_grp_lock_add_ref(ssock->parent->param.grp_lock);
++
+     /* Update new SSL socket attributes */
+     ssock->sock = newsock;
+-    ssock->parent = ssock_parent;
+     ssock->is_server = PJ_TRUE;
+     if (ssock_parent->cert) {
+ 	status = pj_ssl_sock_set_certificate(ssock, ssock->pool, 
+@@ -957,16 +975,20 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
+     ssock->asock_rbuf = (void**)pj_pool_calloc(ssock->pool, 
+ 					       ssock->param.async_cnt,
+ 					       sizeof(void*));
+-    if (!ssock->asock_rbuf)
+-        return PJ_ENOMEM;
++    if (!ssock->asock_rbuf) {
++	status = PJ_ENOMEM;
++	goto on_return;
++    }
+ 
+     for (i = 0; i<ssock->param.async_cnt; ++i) {
+ 	ssock->asock_rbuf[i] = (void*) pj_pool_alloc(
+ 					    ssock->pool, 
+ 					    ssock->param.read_buffer_size + 
+ 					    sizeof(read_data_t*));
+-        if (!ssock->asock_rbuf[i])
+-            return PJ_ENOMEM;
++	if (!ssock->asock_rbuf[i]) {
++	    status = PJ_ENOMEM;
++	    goto on_return;
++	}
+     }
+ 
+     /* If listener socket has group lock, automatically create group lock
+@@ -980,7 +1002,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
+ 	    goto on_return;
+ 
+ 	pj_grp_lock_add_ref(glock);
+-	asock_cfg.grp_lock = ssock->param.grp_lock = glock;
++	ssock->param.grp_lock = glock;
+ 	pj_grp_lock_add_handler(ssock->param.grp_lock, ssock->pool, ssock,
+ 				ssl_on_destroy);
+     }
+@@ -1008,6 +1030,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
+ 
+     /* Create active socket */
+     pj_activesock_cfg_default(&asock_cfg);
++    asock_cfg.grp_lock = ssock->param.grp_lock;
+     asock_cfg.async_cnt = ssock->param.async_cnt;
+     asock_cfg.concurrency = ssock->param.concurrency;
+     asock_cfg.whole_data = PJ_TRUE;
+diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
+index 88a2a6b94..df4f4f96a 100644
+--- a/pjlib/src/pj/ssl_sock_ossl.c
++++ b/pjlib/src/pj/ssl_sock_ossl.c
+@@ -327,7 +327,8 @@ static pj_status_t STATUS_FROM_SSL_ERR(char *action, pj_ssl_sock_t *ssock,
+ 	ERROR_LOG("STATUS_FROM_SSL_ERR", err, ssock);
+     }
+ 
+-    ssock->last_err = err;
++    if (ssock)
++	ssock->last_err = err;
+     return GET_STATUS_FROM_SSL_ERR(err);
+ }
+ 
+@@ -344,7 +345,8 @@ static pj_status_t STATUS_FROM_SSL_ERR2(char *action, pj_ssl_sock_t *ssock,
+     /* Dig for more from OpenSSL error queue */
+     SSLLogErrors(action, ret, err, len, ssock);
+ 
+-    ssock->last_err = ssl_err;
++    if (ssock)
++	ssock->last_err = ssl_err;
+     return GET_STATUS_FROM_SSL_ERR(ssl_err);
+ }
+ 
+@@ -786,6 +788,13 @@ static pj_status_t init_openssl(void)
+ 
+     /* Create OpenSSL application data index for SSL socket */
+     sslsock_idx = SSL_get_ex_new_index(0, "SSL socket", NULL, NULL, NULL);
++    if (sslsock_idx == -1) {
++	status = STATUS_FROM_SSL_ERR2("Init", NULL, -1, ERR_get_error(), 0);
++	PJ_LOG(1,(THIS_FILE,
++	       "Fatal error: failed to get application data index for "
++	       "SSL socket"));
++	return status;
++    }
+ 
+ #if defined(PJ_SSL_SOCK_OSSL_USE_THREAD_CB) && \
+     PJ_SSL_SOCK_OSSL_USE_THREAD_CB != 0 && OPENSSL_VERSION_NUMBER < 0x10100000L
+@@ -819,21 +828,36 @@ static int password_cb(char *buf, int num, int rwflag, void *user_data)
+ }
+ 
+ 
+-/* SSL password callback. */
++/* SSL certificate verification result callback.
++ * Note that this callback seems to be always called from library worker
++ * thread, e.g: active socket on_read_complete callback, which should have
++ * already been equipped with race condition avoidance mechanism (should not
++ * be destroyed while callback is being invoked).
++ */
+ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+ {
+-    pj_ssl_sock_t *ssock;
+-    SSL *ossl_ssl;
++    pj_ssl_sock_t *ssock = NULL;
++    SSL *ossl_ssl = NULL;
+     int err;
+ 
+     /* Get SSL instance */
+     ossl_ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 
+ 				    SSL_get_ex_data_X509_STORE_CTX_idx());
+-    pj_assert(ossl_ssl);
++    if (!ossl_ssl) {
++	PJ_LOG(1,(THIS_FILE,
++		  "SSL verification callback failed to get SSL instance"));
++	goto on_return;
++    }
+ 
+     /* Get SSL socket instance */
+     ssock = SSL_get_ex_data(ossl_ssl, sslsock_idx);
+-    pj_assert(ssock);
++    if (!ssock) {
++	/* SSL socket may have been destroyed */
++	PJ_LOG(1,(THIS_FILE,
++		  "SSL verification callback failed to get SSL socket "
++		  "instance (sslsock_idx=%d).", sslsock_idx));
++	goto on_return;
++    }
+ 
+     /* Store verification status */
+     err = X509_STORE_CTX_get_error(x509_ctx);
+@@ -911,6 +935,7 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+     if (PJ_FALSE == ssock->param.verify_peer)
+ 	preverify_ok = 1;
+ 
++on_return:
+     return preverify_ok;
+ }
+ 
+@@ -1474,6 +1499,12 @@ static void ssl_destroy(pj_ssl_sock_t *ssock)
+ static void ssl_reset_sock_state(pj_ssl_sock_t *ssock)
+ {
+     ossl_sock_t *ossock = (ossl_sock_t *)ssock;
++
++    /* Detach from SSL instance */
++    if (ossock->ossl_ssl) {
++	SSL_set_ex_data(ossock->ossl_ssl, sslsock_idx, NULL);
++    }
++
+     /**
+      * Avoid calling SSL_shutdown() if handshake wasn't completed.
+      * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an
+diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
+index 56a06cf99..24e43ef60 100644
+--- a/pjsip/src/pjsip/sip_transport_tls.c
++++ b/pjsip/src/pjsip/sip_transport_tls.c
+@@ -1333,9 +1333,26 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
+     PJ_UNUSED_ARG(src_addr_len);
+ 
+     listener = (struct tls_listener*) pj_ssl_sock_get_user_data(ssock);
++    if (!listener) {
++	/* Listener already destroyed, e.g: after TCP accept but before SSL
++	 * handshake is completed.
++	 */
++	if (new_ssock && accept_status == PJ_SUCCESS) {
++	    /* Close the SSL socket if the accept op is successful */
++	    PJ_LOG(4,(THIS_FILE,
++		      "Incoming TLS connection from %s (sock=%d) is discarded "
++		      "because listener is already destroyed",
++		      pj_sockaddr_print(src_addr, addr, sizeof(addr), 3),
++		      new_ssock));
++
++	    pj_ssl_sock_close(new_ssock);
++	}
++
++	return PJ_FALSE;
++    }
+ 
+     if (accept_status != PJ_SUCCESS) {
+-	if (listener && listener->tls_setting.on_accept_fail_cb) {
++	if (listener->tls_setting.on_accept_fail_cb) {
+ 	    pjsip_tls_on_accept_fail_param param;
+ 	    pj_ssl_sock_info ssi;
+ 
+@@ -1358,6 +1375,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
+     PJ_ASSERT_RETURN(new_ssock, PJ_TRUE);
+ 
+     if (!listener->is_registered) {
++	pj_ssl_sock_close(new_ssock);
++
+ 	if (listener->tls_setting.on_accept_fail_cb) {
+ 	    pjsip_tls_on_accept_fail_param param;
+ 	    pj_bzero(&param, sizeof(param));
+@@ -1409,6 +1428,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
+ 			 ssl_info.grp_lock, &tls);
+     
+     if (status != PJ_SUCCESS) {
++	pj_ssl_sock_close(new_ssock);
++
+ 	if (listener->tls_setting.on_accept_fail_cb) {
+ 	    pjsip_tls_on_accept_fail_param param;
+ 	    pj_bzero(&param, sizeof(param));
+-- 
+2.31.1
+

diff --git a/net-libs/pjproject/pjproject-2.10-r2.ebuild b/net-libs/pjproject/pjproject-2.10-r2.ebuild
new file mode 100644
index 00000000000..ee620bea10a
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.10-r2.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://www.pjsip.org/"
+SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
+SOUND_FLAGS="alsa portaudio"
+IUSE="amr debug epoll examples ipv6 opus resample silk ssl static-libs webrtc
+	${CODEC_FLAGS} g729
+	${VIDEO_FLAGS}
+	${SOUND_FLAGS}"
+
+PATCHES=(
+	"${FILESDIR}/pjproject-2.9-ssl-enable.patch"
+	"${FILESDIR}/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch"
+	"${FILESDIR}/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch"
+	"${FILESDIR}/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch"
+	"${FILESDIR}/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch"
+)
+
+RDEPEND="net-libs/libsrtp:=
+	alsa? ( media-libs/alsa-lib )
+	amr? ( media-libs/opencore-amr )
+	ffmpeg? ( media-video/ffmpeg:= )
+	g729? ( media-libs/bcg729 )
+	gsm? ( media-sound/gsm )
+	ilbc? ( media-libs/libilbc )
+	openh264? ( media-libs/openh264 )
+	opus? ( media-libs/opus )
+	portaudio? ( media-libs/portaudio )
+	resample? ( media-libs/libsamplerate )
+	sdl? ( media-libs/libsdl )
+	speex? (
+		media-libs/speex
+		media-libs/speexdsp
+	)
+	ssl? (
+		dev-libs/openssl:0=
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+src_prepare() {
+	default
+	rm configure || die "Unable to remove unwanted wrapper"
+	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+	eautoreconf
+
+	cp "${FILESDIR}/pjproject-2.9-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
+}
+
+src_configure() {
+	local myconf=()
+	local videnable="--disable-video"
+	local t
+
+	use debug || append-cflags -DNDEBUG=1
+	use ipv6 && append-cflags -DPJ_HAS_IPV6=1
+	append-cflags -DPJMEDIA_HAS_SRTP=1
+
+	for t in ${CODEC_FLAGS}; do
+		myconf+=( $(use_enable ${t} ${t}-codec) )
+	done
+	myconf+=( $(use_enable g729 bcg729) )
+
+	for t in ${VIDEO_FLAGS}; do
+		myconf+=( $(use_enable ${t}) )
+		use "${t}" && videnable="--enable-video"
+	done
+
+	[ "${videnable}" = "--enable-video" ] && append-cflags -DPJMEDIA_HAS_VIDEO=1
+
+	LD="$(tc-getCC)" econf \
+		--enable-shared \
+		--with-external-srtp \
+		${videnable} \
+		$(use_enable alsa sound) \
+		$(use_enable amr opencore-amr) \
+		$(use_enable epoll) \
+		$(use_enable opus) \
+		$(use_enable portaudio ext-sound) \
+		$(use_enable resample libsamplerate) \
+		$(use_enable resample resample-dll) \
+		$(use_enable resample) \
+		$(use_enable silk) \
+		$(use_enable speex speex-aec) \
+		$(use_enable ssl) \
+		$(use_with gsm external-gsm) \
+		$(use_with portaudio external-pa) \
+		$(use_with speex external-speex) \
+		$(usex webrtc '' --disable-libwebrtc) \
+		"${myconf[@]}"
+}
+
+src_compile() {
+	emake dep LD="$(tc-getCC)"
+	emake LD="$(tc-getCC)"
+}
+
+src_install() {
+	default
+
+	newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
+	newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r pjsip-apps/src/samples
+	fi
+
+	use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
+}

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Joonas Niilola]

commit:     74bc4476b50218718af7c43038176f1d69c50e61
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Sat Jul 24 08:36:57 2021 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Jun 15 13:32:11 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=74bc4476

net-libs/pjproject: Version 2.12.1.

Upstream release.

Remove the need for custom patches (which is still required but no
longer applies, instead, rely on ./configure detecting openssl, we do
depend on it, and only --disable-ssl works, passing --enable-ssl also
effectively disables ssl).

Compile tested asterisk 13, 16 and 18 (in-tree versions) against this.
Would appreciate a double-check on this one.  One version from each is
sufficient.

Since the two libraries that were the target of parallel build failures
are now one, I believe the parallel build issue is fixed too.

Included patch for CVE-2022-31031

Closes: https://bugs.gentoo.org/833765
Closes: https://bugs.gentoo.org/817803
Closes: https://bugs.gentoo.org/808099
Closes: https://bugs.gentoo.org/834491
Bug: https://bugs.gentoo.org/803614
Bug: https://bugs.gentoo.org/765799
Bug: https://bugs.gentoo.org/829894
Package-Manager: Portage-3.0.20, Repoman-3.0.2
Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/21761
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 net-libs/pjproject/Manifest                        |   1 +
 .../files/pjproject-2.12.1-CVE-2022-31031.patch    |  41 +++++++
 net-libs/pjproject/pjproject-2.12.1.ebuild         | 125 +++++++++++++++++++++
 3 files changed, 167 insertions(+)

diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index 048f8a59e96f..b0c9fcafc2b1 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1 +1,2 @@
 DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893
+DIST pjproject-2.12.1.tar.gz 9660659 BLAKE2B d893f22d995c9570e4003f80adf15144cf39e09d5843a88e3a616a529a91164ec7b012ea66ede8d55bfe4ec0dc4eca7d230f07fc66f06dfafaea9d5ff72910fa SHA512 9087456024b8886e56660cebc45c7093b3b91cd6b08a3926fa2c0de452989ac84ceb4e27413c0311bde95f271341ee44d9681f81f83602a4e16151f1831d773b

diff --git a/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch b/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch
new file mode 100644
index 000000000000..637b7f374ffc
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.12.1-CVE-2022-31031.patch
@@ -0,0 +1,41 @@
+From 450baca94f475345542c6953832650c390889202 Mon Sep 17 00:00:00 2001
+From: sauwming <ming@teluu.com>
+Date: Tue, 7 Jun 2022 12:00:13 +0800
+Subject: [PATCH] Merge pull request from GHSA-26j7-ww69-c4qj
+
+---
+ pjlib-util/src/pjlib-util/stun_simple.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/pjlib-util/src/pjlib-util/stun_simple.c b/pjlib-util/src/pjlib-util/stun_simple.c
+index 722519584..d0549176d 100644
+--- a/pjlib-util/src/pjlib-util/stun_simple.c
++++ b/pjlib-util/src/pjlib-util/stun_simple.c
+@@ -54,6 +54,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len,
+ {
+     pj_uint16_t msg_type, msg_len;
+     char *p_attr;
++    int attr_max_cnt = PJ_ARRAY_SIZE(msg->attr);
+ 
+     PJ_CHECK_STACK();
+ 
+@@ -83,7 +84,7 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len,
+     msg->attr_count = 0;
+     p_attr = (char*)buf + sizeof(pjstun_msg_hdr);
+ 
+-    while (msg_len > 0) {
++    while (msg_len > 0 && msg->attr_count < attr_max_cnt) {
+ 	pjstun_attr_hdr **attr = &msg->attr[msg->attr_count];
+ 	pj_uint32_t len;
+ 	pj_uint16_t attr_type;
+@@ -111,6 +112,10 @@ PJ_DEF(pj_status_t) pjstun_parse_msg( void *buf, pj_size_t buf_len,
+ 	p_attr += len;
+ 	++msg->attr_count;
+     }
++    if (msg->attr_count == attr_max_cnt) {
++	PJ_LOG(4, (THIS_FILE, "Warning: max number attribute %d reached.",
++		   attr_max_cnt));
++    }
+ 
+     return PJ_SUCCESS;
+ }

diff --git a/net-libs/pjproject/pjproject-2.12.1.ebuild b/net-libs/pjproject/pjproject-2.12.1.ebuild
new file mode 100644
index 000000000000..7571fc933d02
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.12.1.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://www.pjsip.org/"
+SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
+SOUND_FLAGS="alsa portaudio"
+IUSE="amr debug epoll examples ipv6 opus resample silk ssl static-libs webrtc
+	${CODEC_FLAGS} g729
+	${VIDEO_FLAGS}
+	${SOUND_FLAGS}"
+
+RDEPEND="net-libs/libsrtp:=
+	alsa? ( media-libs/alsa-lib )
+	amr? ( media-libs/opencore-amr )
+	ffmpeg? ( media-video/ffmpeg:= )
+	g729? ( media-libs/bcg729 )
+	gsm? ( media-sound/gsm )
+	ilbc? ( media-libs/libilbc )
+	openh264? ( media-libs/openh264 )
+	opus? ( media-libs/opus )
+	portaudio? ( media-libs/portaudio )
+	resample? ( media-libs/libsamplerate )
+	sdl? ( media-libs/libsdl )
+	speex? (
+		media-libs/speex
+		media-libs/speexdsp
+	)
+	ssl? (
+		dev-libs/openssl:0=
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}/pjproject-2.12.1-CVE-2022-31031.patch"
+)
+
+src_prepare() {
+	default
+	rm configure || die "Unable to remove unwanted wrapper"
+	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+	eautoreconf
+
+	cp "${FILESDIR}/pjproject-2.9-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
+}
+
+_pj_enable() {
+	usex "$1" '' "--disable-${2:-$1}"
+}
+
+src_configure() {
+	local myconf=()
+	local videnable="--disable-video"
+	local t
+
+	use debug || append-cflags -DNDEBUG=1
+	use ipv6 && append-cflags -DPJ_HAS_IPV6=1
+	append-cflags -DPJMEDIA_HAS_SRTP=1
+
+	for t in ${CODEC_FLAGS}; do
+		myconf+=( $(_pj_enable ${t} ${t}-codec) )
+	done
+	myconf+=( $(_pj_enable g729 bcg729) )
+
+	for t in ${VIDEO_FLAGS}; do
+		myconf+=( $(_pj_enable ${t}) )
+		use "${t}" && videnable="--enable-video"
+	done
+
+	[ "${videnable}" = "--enable-video" ] && append-cflags -DPJMEDIA_HAS_VIDEO=1
+
+	LD="$(tc-getCC)" econf \
+		--enable-shared \
+		--with-external-srtp \
+		${videnable} \
+		$(_pj_enable alsa sound) \
+		$(_pj_enable amr opencore-amr) \
+		$(_pj_enable epoll) \
+		$(_pj_enable opus) \
+		$(_pj_enable portaudio ext-sound) \
+		$(_pj_enable resample libsamplerate) \
+		$(_pj_enable resample resample-dll) \
+		$(_pj_enable resample) \
+		$(_pj_enable silk) \
+		$(_pj_enable speex speex-aec) \
+		$(_pj_enable ssl) \
+		$(_pj_enable webrtc libwebrtc) \
+		$(use_with gsm external-gsm) \
+		$(use_with portaudio external-pa) \
+		$(use_with speex external-speex) \
+		"${myconf[@]}"
+}
+
+src_compile() {
+	emake dep LD="$(tc-getCC)"
+	emake LD="$(tc-getCC)"
+}
+
+src_install() {
+	default
+
+	newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
+	newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r pjsip-apps/src/samples
+	fi
+
+	use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
+}

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Sam James]

commit:     9a59fa196adc0c98fbb19d56533e107ef1625b43
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Mon Jun 27 21:42:02 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jul 13 08:00:49 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9a59fa19

net-libs/pjproject: rev bump to update config_site.h.

Straight to stable:  This fixes major usability problems in 2.10
revisions of pjproject, and asterisk 18.* depends on this (already
stable).

This brings in updates from newer versions of asterisk.

Note that USE=ipv6 gets dropped as flipping this causes ABI breakage,
and the way in which this was done could cause ABI issues as it was.
Since there are no extra dependencies, just remove the USE flag
completely.

Also introduce _pj_ functions in the ebuild itself to manipulate the way
in which ./configure is used (pjproject generally enables everything it
can find dependencies for, and passing --enable-XXX generally ends up
having the same effect as --disable ...).

PENDING: ISUE=srtp.  Asterisk has patches but I don't want to figure
that out at this stage.

Bug: https://bugs.gentoo.org/834491
Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../pjproject/files/pjproject-2.12.1-config_site.h | 97 ++++++++++++++++++++++
 ...ct-2.12.1.ebuild => pjproject-2.12.1-r1.ebuild} | 29 +++++--
 2 files changed, 119 insertions(+), 7 deletions(-)

diff --git a/net-libs/pjproject/files/pjproject-2.12.1-config_site.h b/net-libs/pjproject/files/pjproject-2.12.1-config_site.h
new file mode 100644
index 000000000000..37d094e24bbc
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.12.1-config_site.h
@@ -0,0 +1,97 @@
+/*
+ * Based off of the Asterisk config_site.h file.
+ *
+ * In general it's the same with some removals due to being ebuild-managed.
+ */
+
+#include <sys/select.h>
+
+#define GENTOO_INVALID	(Gentoo compile failure - please report a bug on bugs.gentoo.org)
+
+/* asterisk_malloc_debug.h is not required ... most of the operations are no-ops regardless
+ * and I can't see why asterisk is looking to compile this directly into pjproject */
+
+/*
+ * Defining PJMEDIA_HAS_SRTP to 0 does NOT disable Asterisk's ability to use srtp.
+ * It only disables the pjmedia srtp transport which Asterisk doesn't use.
+ * The reason for the disable is that while Asterisk works fine with older libsrtp
+ * versions, newer versions of pjproject won't compile with them.
+ *
+ * Disabling this depends on an additional pjproject patch.  So just leave it
+ * enabled for the time being, as it has always been enabled.
+ */
+#define PJMEDIA_HAS_SRTP 1
+
+/* Ability to change this has ABI implications, force it on */
+/* Can be reconsidered in future:  https://bugs.gentoo.org/680496 */
+#define PJ_HAS_IPV6 1
+
+#define PJ_MAX_HOSTNAME (256)
+#define PJSIP_MAX_URL_SIZE (512)
+#ifdef PJ_HAS_LINUX_EPOLL
+#define PJ_IOQUEUE_MAX_HANDLES	(5000)
+#else
+#define PJ_IOQUEUE_MAX_HANDLES	(FD_SETSIZE)
+#endif
+#define PJ_IOQUEUE_HAS_SAFE_UNREG 1
+#define PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL (16)
+
+#define PJ_SCANNER_USE_BITWISE	0
+#define PJ_OS_HAS_CHECK_STACK	0
+
+#ifndef PJ_LOG_MAX_LEVEL
+#define PJ_LOG_MAX_LEVEL		6
+#endif
+
+#define PJ_ENABLE_EXTRA_CHECK	1
+#define PJSIP_MAX_TSX_COUNT		((64*1024)-1)
+#define PJSIP_MAX_DIALOG_COUNT	((64*1024)-1)
+#define PJSIP_UDP_SO_SNDBUF_SIZE	(512*1024)
+#define PJSIP_UDP_SO_RCVBUF_SIZE	(512*1024)
+#define PJ_DEBUG			0
+#define PJSIP_SAFE_MODULE		0
+#define PJ_HAS_STRICMP_ALNUM		0
+
+/*
+ * Do not ever enable PJ_HASH_USE_OWN_TOLOWER because the algorithm is
+ * inconsistently used when calculating the hash value and doesn't
+ * convert the same characters as pj_tolower()/tolower().  Thus you
+ * can get different hash values if the string hashed has certain
+ * characters in it.  (ASCII '@', '[', '\\', ']', '^', and '_')
+ */
+#undef PJ_HASH_USE_OWN_TOLOWER
+
+/*
+  It is imperative that PJSIP_UNESCAPE_IN_PLACE remain 0 or undefined.
+  Enabling it will result in SEGFAULTS when URIs containing escape sequences are encountered.
+*/
+#undef PJSIP_UNESCAPE_IN_PLACE
+#define PJSIP_MAX_PKT_LEN			65535
+
+#undef PJ_TODO
+#define PJ_TODO(x)
+
+/* Defaults too low for WebRTC */
+#define PJ_ICE_MAX_CAND 64
+#define PJ_ICE_MAX_CHECKS (PJ_ICE_MAX_CAND * PJ_ICE_MAX_CAND)
+
+/* Increase limits to allow more formats */
+#define	PJMEDIA_MAX_SDP_FMT   64
+#define	PJMEDIA_MAX_SDP_BANDW   4
+#define	PJMEDIA_MAX_SDP_ATTR   (PJMEDIA_MAX_SDP_FMT*3 + 4)
+#define	PJMEDIA_MAX_SDP_MEDIA   16
+
+/*
+ * Turn off the periodic sending of CRLNCRLN.  Default is on (90 seconds),
+ * which conflicts with the global section's keep_alive_interval option in
+ * pjsip.conf.
+ */
+#define PJSIP_TCP_KEEP_ALIVE_INTERVAL	0
+#define PJSIP_TLS_KEEP_ALIVE_INTERVAL	0
+
+#define PJSIP_TSX_UAS_CONTINUE_ON_TP_ERROR 0
+#define PJ_SSL_SOCK_OSSL_USE_THREAD_CB 0
+#define PJSIP_AUTH_ALLOW_MULTIPLE_AUTH_HEADER 1
+
+/* Required to enable things like USE=video. */
+#define PJMEDIA_HAS_VIDEO GENTOO_INVALID

diff --git a/net-libs/pjproject/pjproject-2.12.1.ebuild b/net-libs/pjproject/pjproject-2.12.1-r1.ebuild
similarity index 73%
rename from net-libs/pjproject/pjproject-2.12.1.ebuild
rename to net-libs/pjproject/pjproject-2.12.1-r1.ebuild
index e4b5b281a448..bbf767978443 100644
--- a/net-libs/pjproject/pjproject-2.12.1.ebuild
+++ b/net-libs/pjproject/pjproject-2.12.1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
-
+# TODO: Figure out a way to disable SRTP from pjproject entirely.
 EAPI=8
 
 inherit autotools flag-o-matic toolchain-funcs
@@ -8,7 +8,7 @@ inherit autotools flag-o-matic toolchain-funcs
 DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
 HOMEPAGE="https://www.pjsip.org/"
 SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86"
 
 LICENSE="GPL-2"
 SLOT="0/${PV}"
@@ -17,7 +17,7 @@ SLOT="0/${PV}"
 CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
 VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
 SOUND_FLAGS="alsa portaudio"
-IUSE="amr debug epoll examples ipv6 opus resample silk ssl static-libs webrtc
+IUSE="amr debug epoll examples opus resample silk ssl static-libs webrtc
 	${CODEC_FLAGS} g729
 	${VIDEO_FLAGS}
 	${SOUND_FLAGS}"
@@ -55,21 +55,36 @@ src_prepare() {
 	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
 	eautoreconf
 
-	cp "${FILESDIR}/pjproject-2.9-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
+	cp "${FILESDIR}/pjproject-2.12.1-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
 }
 
 _pj_enable() {
 	usex "$1" '' "--disable-${2:-$1}"
 }
 
+_pj_get_define() {
+	local r="$(sed -nre "s/^#define[[:space:]]+$1[[:space:]]+//p" "${S}/pjlib/include/pj/config_site.h")"
+	[[ -z "${r}" ]] && die "Unable to fine #define $1 in config_site.h"
+	echo "$r"
+}
+
+_pj_set_define() {
+	local c=$(_pj_get_define "$1")
+	[[ "$c" = "$2" ]] && return 0
+	sed -re "s/^#define[[:space:]]+$1[[:space:]].*/#define $1 $2/" -i "${S}/pjlib/include/pj/config_site.h" || die "sed failed updating $1 to $2."
+	[[ "$(_pj_get_define "$1")" != "$2" ]] && die "sed failed to perform update for $1 to $2."
+}
+
+_pj_use_set_define() {
+	_pj_set_define "$2" $(usex "$1" 1 0)
+}
+
 src_configure() {
 	local myconf=()
 	local videnable="--disable-video"
 	local t
 
 	use debug || append-cflags -DNDEBUG=1
-	use ipv6 && append-cflags -DPJ_HAS_IPV6=1
-	append-cflags -DPJMEDIA_HAS_SRTP=1
 
 	for t in ${CODEC_FLAGS}; do
 		myconf+=( $(_pj_enable ${t} ${t}-codec) )
@@ -81,7 +96,7 @@ src_configure() {
 		use "${t}" && videnable="--enable-video"
 	done
 
-	[ "${videnable}" = "--enable-video" ] && append-cflags -DPJMEDIA_HAS_VIDEO=1
+	[ "${videnable}" = "--enable-video" ] && _pj_set_define PJMEDIA_HAS_VIDEO 1 || _pj_set_define PJMEDIA_HAS_VIDEO 0
 
 	LD="$(tc-getCC)" econf \
 		--enable-shared \

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Sam James]

commit:     5e62ae9d029796011f7cb56f80fdf3281d30a2c9
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Mon Jul 11 09:53:03 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Jul 13 08:00:52 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e62ae9d

net-libs/pjproject: Remove old (broken) versions.

USE=ipv6 causes the ABIs here to be broken for all consumers
(net-misc/asterisk).

Package-Manager: Portage-3.0.30, Repoman-3.0.3
Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/26230
Signed-off-by: Sam James <sam <AT> gentoo.org>

 net-libs/pjproject/Manifest                        |   1 -
 ...ct-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 ---------
 ...-CVE-2021-21375-negotiation-failure-crash.patch |  45 ----
 ...21-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch | 289 ---------------------
 ...ion-between-transport-destroy-and-acquire.patch | 108 --------
 .../pjproject/files/pjproject-2.9-config_site.h    |  74 ------
 .../pjproject/files/pjproject-2.9-ssl-enable.patch | 100 -------
 net-libs/pjproject/pjproject-2.10-r1.ebuild        | 124 ---------
 net-libs/pjproject/pjproject-2.10-r2.ebuild        | 125 ---------
 9 files changed, 991 deletions(-)

diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index b0c9fcafc2b1..7c848864dc10 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1,2 +1 @@
-DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893
 DIST pjproject-2.12.1.tar.gz 9660659 BLAKE2B d893f22d995c9570e4003f80adf15144cf39e09d5843a88e3a616a529a91164ec7b012ea66ede8d55bfe4ec0dc4eca7d230f07fc66f06dfafaea9d5ff72910fa SHA512 9087456024b8886e56660cebc45c7093b3b91cd6b08a3926fa2c0de452989ac84ceb4e27413c0311bde95f271341ee44d9681f81f83602a4e16151f1831d773b

diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
deleted file mode 100644
index 0d7df686a157..000000000000
--- a/net-libs/pjproject/files/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch
+++ /dev/null
@@ -1,125 +0,0 @@
-From 67e46c1ac45ad784db5b9080f5ed8b133c122872 Mon Sep 17 00:00:00 2001
-From: sauwming <ming@teluu.com>
-Date: Mon, 8 Mar 2021 17:39:36 +0800
-Subject: [PATCH] Merge pull request from GHSA-8hcp-hm38-mfph
-
-* Check hostname during TLS transport selection
-
-* revision based on feedback
-
-* remove the code in create_request that has been moved
----
- pjsip/include/pjsip/sip_dialog.h |  1 +
- pjsip/src/pjsip/sip_dialog.c     | 15 +++++++++++++++
- pjsip/src/pjsip/sip_transport.c  | 13 +++++++++++++
- pjsip/src/pjsip/sip_util.c       | 11 ++++++++---
- 4 files changed, 37 insertions(+), 3 deletions(-)
-
-diff --git a/pjsip/include/pjsip/sip_dialog.h b/pjsip/include/pjsip/sip_dialog.h
-index a0214d28c..e314c2ece 100644
---- a/pjsip/include/pjsip/sip_dialog.h
-+++ b/pjsip/include/pjsip/sip_dialog.h
-@@ -165,6 +165,7 @@ struct pjsip_dialog
-     pjsip_route_hdr	route_set;  /**< Route set.			    */
-     pj_bool_t		route_set_frozen; /**< Route set has been set.	    */
-     pjsip_auth_clt_sess	auth_sess;  /**< Client authentication session.	    */
-+    pj_str_t		initial_dest;/**< Initial destination host.  	    */
- 
-     /** Session counter. */
-     int			sess_count; /**< Number of sessions.		    */
-diff --git a/pjsip/src/pjsip/sip_dialog.c b/pjsip/src/pjsip/sip_dialog.c
-index 27530e4f2..9571b5a35 100644
---- a/pjsip/src/pjsip/sip_dialog.c
-+++ b/pjsip/src/pjsip/sip_dialog.c
-@@ -467,6 +467,10 @@ pj_status_t create_uas_dialog( pjsip_user_agent *ua,
- 
-     /* Save the remote info. */
-     pj_strdup(dlg->pool, &dlg->remote.info_str, &tmp);
-+    
-+    /* Save initial destination host from transport's info */
-+    pj_strdup(dlg->pool, &dlg->initial_dest,
-+    	      &rdata->tp_info.transport->remote_name.host);
- 
- 
-     /* Init remote's contact from Contact header.
-@@ -1192,6 +1196,12 @@ static pj_status_t dlg_create_request_throw( pjsip_dialog *dlg,
- 	    return status;
-     }
- 
-+    /* Copy the initial destination host to tdata. This information can be
-+     * used later by transport for transport selection.
-+     */
-+    if (dlg->initial_dest.slen)
-+    	pj_strdup(tdata->pool, &tdata->dest_info.name, &dlg->initial_dest);
-+
-     /* Done. */
-     *p_tdata = tdata;
- 
-@@ -1822,6 +1832,11 @@ static void dlg_update_routeset(pjsip_dialog *dlg, const pjsip_rx_data *rdata)
-      * transaction as the initial transaction that establishes dialog.
-      */
-     if (dlg->role == PJSIP_ROLE_UAC) {
-+    	/* Save initial destination host from transport's info. */
-+    	if (!dlg->initial_dest.slen) {
-+    	    pj_strdup(dlg->pool, &dlg->initial_dest,
-+    	      	      &rdata->tp_info.transport->remote_name.host);
-+    	}
- 
- 	/* Ignore subsequent request from remote */
- 	if (msg->type != PJSIP_RESPONSE_MSG)
-diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
-index bef6d24fe..177274b08 100644
---- a/pjsip/src/pjsip/sip_transport.c
-+++ b/pjsip/src/pjsip/sip_transport.c
-@@ -2335,6 +2335,19 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
- 		    if (!tp_iter->tp->is_shutdown &&
- 			!tp_iter->tp->is_destroying)
- 		    {
-+			if ((type & PJSIP_TRANSPORT_SECURE) && tdata) {
-+			    /* For secure transport, make sure tdata's
-+			     * destination host matches the transport's
-+			     * remote host.
-+			     */
-+			    if (pj_stricmp(&tdata->dest_info.name,
-+				  	   &tp_iter->tp->remote_name.host))
-+			    {
-+			    	tp_iter = tp_iter->next;
-+			    	continue;
-+			    }
-+			}
-+
- 			if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER &&
- 			    sel->u.listener)
- 			{
-diff --git a/pjsip/src/pjsip/sip_util.c b/pjsip/src/pjsip/sip_util.c
-index a1bf878ea..cf916805d 100644
---- a/pjsip/src/pjsip/sip_util.c
-+++ b/pjsip/src/pjsip/sip_util.c
-@@ -1417,7 +1417,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_request_stateless(pjsip_endpoint *endpt,
-      */
-     if (tdata->dest_info.addr.count == 0) {
- 	/* Copy the destination host name to TX data */
--	pj_strdup(tdata->pool, &tdata->dest_info.name, &dest_info.addr.host);
-+	if (!tdata->dest_info.name.slen) {
-+	    pj_strdup(tdata->pool, &tdata->dest_info.name,
-+	    	      &dest_info.addr.host);
-+	}
- 
- 	pjsip_endpt_resolve( endpt, tdata->pool, &dest_info, stateless_data,
- 			     &stateless_send_resolver_callback);
-@@ -1810,8 +1813,10 @@ PJ_DEF(pj_status_t) pjsip_endpt_send_response( pjsip_endpoint *endpt,
- 	}
-     } else {
- 	/* Copy the destination host name to TX data */
--	pj_strdup(tdata->pool, &tdata->dest_info.name, 
--		  &res_addr->dst_host.addr.host);
-+	if (!tdata->dest_info.name.slen) {
-+	    pj_strdup(tdata->pool, &tdata->dest_info.name, 
-+		      &res_addr->dst_host.addr.host);
-+	}
- 
- 	pjsip_endpt_resolve(endpt, tdata->pool, &res_addr->dst_host, 
- 			    send_state, &send_response_resolver_cb);
--- 
-2.26.2
-

diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch
deleted file mode 100644
index 9dc9016e491a..000000000000
--- a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 97b3d7addbaa720b7ddb0af9bf6f3e443e664365 Mon Sep 17 00:00:00 2001
-From: Nanang Izzuddin <nanang@teluu.com>
-Date: Mon, 8 Mar 2021 16:09:34 +0700
-Subject: [PATCH] Merge pull request from GHSA-hvq6-f89p-frvp
-
----
- pjmedia/src/pjmedia/sdp_neg.c | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/pjmedia/src/pjmedia/sdp_neg.c b/pjmedia/src/pjmedia/sdp_neg.c
-index f4838f75d..9f76b5200 100644
---- a/pjmedia/src/pjmedia/sdp_neg.c
-+++ b/pjmedia/src/pjmedia/sdp_neg.c
-@@ -304,7 +304,6 @@ PJ_DEF(pj_status_t) pjmedia_sdp_neg_modify_local_offer2(
- {
-     pjmedia_sdp_session *new_offer;
-     pjmedia_sdp_session *old_offer;
--    char media_used[PJMEDIA_MAX_SDP_MEDIA];
-     unsigned oi; /* old offer media index */
-     pj_status_t status;
- 
-@@ -323,8 +322,19 @@ PJ_DEF(pj_status_t) pjmedia_sdp_neg_modify_local_offer2(
-     /* Change state to STATE_LOCAL_OFFER */
-     neg->state = PJMEDIA_SDP_NEG_STATE_LOCAL_OFFER;
- 
-+    /* When there is no active local SDP in state PJMEDIA_SDP_NEG_STATE_DONE,
-+     * it means that the previous initial SDP nego must have been failed,
-+     * so we'll just set the local SDP offer here.
-+     */
-+    if (!neg->active_local_sdp) {
-+	neg->initial_sdp_tmp = NULL;
-+	neg->initial_sdp = pjmedia_sdp_session_clone(pool, local);
-+	neg->neg_local_sdp = pjmedia_sdp_session_clone(pool, local);
-+
-+	return PJ_SUCCESS;
-+    }
-+
-     /* Init vars */
--    pj_bzero(media_used, sizeof(media_used));
-     old_offer = neg->active_local_sdp;
-     new_offer = pjmedia_sdp_session_clone(pool, local);
- 
--- 
-2.26.2
-

diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
deleted file mode 100644
index ba31cf19eda7..000000000000
--- a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
+++ /dev/null
@@ -1,289 +0,0 @@
-From d5f95aa066f878b0aef6a64e60b61e8626e664cd Mon Sep 17 00:00:00 2001
-From: Nanang Izzuddin <nanang@teluu.com>
-Date: Fri, 23 Jul 2021 10:49:21 +0700
-Subject: [PATCH] Merge pull request from GHSA-cv8x-p47p-99wr
-
-* - Avoid SSL socket parent/listener getting destroyed during handshake by increasing parent's reference count.
-- Add missing SSL socket close when the newly accepted SSL socket is discarded in SIP TLS transport.
-
-* - Fix silly mistake: accepted active socket created without group lock in SSL socket.
-- Replace assertion with normal validation check of SSL socket instance in OpenSSL verification callback (verify_cb()) to avoid crash, e.g: if somehow race condition with SSL socket destroy happens or OpenSSL application data index somehow gets corrupted.
----
- pjlib/src/pj/ssl_sock_imp_common.c  | 47 +++++++++++++++++++++--------
- pjlib/src/pj/ssl_sock_ossl.c        | 45 ++++++++++++++++++++++-----
- pjsip/src/pjsip/sip_transport_tls.c | 23 +++++++++++++-
- 3 files changed, 95 insertions(+), 20 deletions(-)
-
-diff --git a/pjlib/src/pj/ssl_sock_imp_common.c b/pjlib/src/pj/ssl_sock_imp_common.c
-index 025832da4..24533b397 100644
---- a/pjlib/src/pj/ssl_sock_imp_common.c
-+++ b/pjlib/src/pj/ssl_sock_imp_common.c
-@@ -255,6 +255,8 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
- 
-     /* Accepting */
-     if (ssock->is_server) {
-+	pj_bool_t ret = PJ_TRUE;
-+
- 	if (status != PJ_SUCCESS) {
- 	    /* Handshake failed in accepting, destroy our self silently. */
- 
-@@ -272,6 +274,12 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
- 		      status);
- 	    }
- 
-+	    /* Decrement ref count of parent */
-+	    if (ssock->parent->param.grp_lock) {
-+		pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
-+		ssock->parent = NULL;
-+	    }
-+
- 	    /* Originally, this is a workaround for ticket #985. However,
- 	     * a race condition may occur in multiple worker threads
- 	     * environment when we are destroying SSL objects while other
-@@ -315,23 +323,29 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
- 
- 	    return PJ_FALSE;
- 	}
-+
- 	/* Notify application the newly accepted SSL socket */
- 	if (ssock->param.cb.on_accept_complete2) {
--	    pj_bool_t ret;
- 	    ret = (*ssock->param.cb.on_accept_complete2) 
- 		    (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr, 
- 		    pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr), 
- 		    status);
--	    if (ret == PJ_FALSE)
--		return PJ_FALSE;	
- 	} else if (ssock->param.cb.on_accept_complete) {
--	    pj_bool_t ret;
- 	    ret = (*ssock->param.cb.on_accept_complete)
- 		      (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr,
- 		       pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr));
--	    if (ret == PJ_FALSE)
--		return PJ_FALSE;
- 	}
-+
-+	/* Decrement ref count of parent and reset parent (we don't need it
-+	 * anymore, right?).
-+	 */
-+	if (ssock->parent->param.grp_lock) {
-+	    pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
-+	    ssock->parent = NULL;
-+	}
-+
-+	if (ret == PJ_FALSE)
-+	    return PJ_FALSE;
-     }
- 
-     /* Connecting */
-@@ -930,9 +944,13 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
-     if (status != PJ_SUCCESS)
- 	goto on_return;
- 
-+    /* Set parent and add ref count (avoid parent destroy during handshake) */
-+    ssock->parent = ssock_parent;
-+    if (ssock->parent->param.grp_lock)
-+	pj_grp_lock_add_ref(ssock->parent->param.grp_lock);
-+
-     /* Update new SSL socket attributes */
-     ssock->sock = newsock;
--    ssock->parent = ssock_parent;
-     ssock->is_server = PJ_TRUE;
-     if (ssock_parent->cert) {
- 	status = pj_ssl_sock_set_certificate(ssock, ssock->pool, 
-@@ -957,16 +975,20 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
-     ssock->asock_rbuf = (void**)pj_pool_calloc(ssock->pool, 
- 					       ssock->param.async_cnt,
- 					       sizeof(void*));
--    if (!ssock->asock_rbuf)
--        return PJ_ENOMEM;
-+    if (!ssock->asock_rbuf) {
-+	status = PJ_ENOMEM;
-+	goto on_return;
-+    }
- 
-     for (i = 0; i<ssock->param.async_cnt; ++i) {
- 	ssock->asock_rbuf[i] = (void*) pj_pool_alloc(
- 					    ssock->pool, 
- 					    ssock->param.read_buffer_size + 
- 					    sizeof(read_data_t*));
--        if (!ssock->asock_rbuf[i])
--            return PJ_ENOMEM;
-+	if (!ssock->asock_rbuf[i]) {
-+	    status = PJ_ENOMEM;
-+	    goto on_return;
-+	}
-     }
- 
-     /* If listener socket has group lock, automatically create group lock
-@@ -980,7 +1002,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
- 	    goto on_return;
- 
- 	pj_grp_lock_add_ref(glock);
--	asock_cfg.grp_lock = ssock->param.grp_lock = glock;
-+	ssock->param.grp_lock = glock;
- 	pj_grp_lock_add_handler(ssock->param.grp_lock, ssock->pool, ssock,
- 				ssl_on_destroy);
-     }
-@@ -1008,6 +1030,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
- 
-     /* Create active socket */
-     pj_activesock_cfg_default(&asock_cfg);
-+    asock_cfg.grp_lock = ssock->param.grp_lock;
-     asock_cfg.async_cnt = ssock->param.async_cnt;
-     asock_cfg.concurrency = ssock->param.concurrency;
-     asock_cfg.whole_data = PJ_TRUE;
-diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
-index 88a2a6b94..df4f4f96a 100644
---- a/pjlib/src/pj/ssl_sock_ossl.c
-+++ b/pjlib/src/pj/ssl_sock_ossl.c
-@@ -327,7 +327,8 @@ static pj_status_t STATUS_FROM_SSL_ERR(char *action, pj_ssl_sock_t *ssock,
- 	ERROR_LOG("STATUS_FROM_SSL_ERR", err, ssock);
-     }
- 
--    ssock->last_err = err;
-+    if (ssock)
-+	ssock->last_err = err;
-     return GET_STATUS_FROM_SSL_ERR(err);
- }
- 
-@@ -344,7 +345,8 @@ static pj_status_t STATUS_FROM_SSL_ERR2(char *action, pj_ssl_sock_t *ssock,
-     /* Dig for more from OpenSSL error queue */
-     SSLLogErrors(action, ret, err, len, ssock);
- 
--    ssock->last_err = ssl_err;
-+    if (ssock)
-+	ssock->last_err = ssl_err;
-     return GET_STATUS_FROM_SSL_ERR(ssl_err);
- }
- 
-@@ -786,6 +788,13 @@ static pj_status_t init_openssl(void)
- 
-     /* Create OpenSSL application data index for SSL socket */
-     sslsock_idx = SSL_get_ex_new_index(0, "SSL socket", NULL, NULL, NULL);
-+    if (sslsock_idx == -1) {
-+	status = STATUS_FROM_SSL_ERR2("Init", NULL, -1, ERR_get_error(), 0);
-+	PJ_LOG(1,(THIS_FILE,
-+	       "Fatal error: failed to get application data index for "
-+	       "SSL socket"));
-+	return status;
-+    }
- 
- #if defined(PJ_SSL_SOCK_OSSL_USE_THREAD_CB) && \
-     PJ_SSL_SOCK_OSSL_USE_THREAD_CB != 0 && OPENSSL_VERSION_NUMBER < 0x10100000L
-@@ -819,21 +828,36 @@ static int password_cb(char *buf, int num, int rwflag, void *user_data)
- }
- 
- 
--/* SSL password callback. */
-+/* SSL certificate verification result callback.
-+ * Note that this callback seems to be always called from library worker
-+ * thread, e.g: active socket on_read_complete callback, which should have
-+ * already been equipped with race condition avoidance mechanism (should not
-+ * be destroyed while callback is being invoked).
-+ */
- static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
- {
--    pj_ssl_sock_t *ssock;
--    SSL *ossl_ssl;
-+    pj_ssl_sock_t *ssock = NULL;
-+    SSL *ossl_ssl = NULL;
-     int err;
- 
-     /* Get SSL instance */
-     ossl_ssl = X509_STORE_CTX_get_ex_data(x509_ctx, 
- 				    SSL_get_ex_data_X509_STORE_CTX_idx());
--    pj_assert(ossl_ssl);
-+    if (!ossl_ssl) {
-+	PJ_LOG(1,(THIS_FILE,
-+		  "SSL verification callback failed to get SSL instance"));
-+	goto on_return;
-+    }
- 
-     /* Get SSL socket instance */
-     ssock = SSL_get_ex_data(ossl_ssl, sslsock_idx);
--    pj_assert(ssock);
-+    if (!ssock) {
-+	/* SSL socket may have been destroyed */
-+	PJ_LOG(1,(THIS_FILE,
-+		  "SSL verification callback failed to get SSL socket "
-+		  "instance (sslsock_idx=%d).", sslsock_idx));
-+	goto on_return;
-+    }
- 
-     /* Store verification status */
-     err = X509_STORE_CTX_get_error(x509_ctx);
-@@ -911,6 +935,7 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
-     if (PJ_FALSE == ssock->param.verify_peer)
- 	preverify_ok = 1;
- 
-+on_return:
-     return preverify_ok;
- }
- 
-@@ -1474,6 +1499,12 @@ static void ssl_destroy(pj_ssl_sock_t *ssock)
- static void ssl_reset_sock_state(pj_ssl_sock_t *ssock)
- {
-     ossl_sock_t *ossock = (ossl_sock_t *)ssock;
-+
-+    /* Detach from SSL instance */
-+    if (ossock->ossl_ssl) {
-+	SSL_set_ex_data(ossock->ossl_ssl, sslsock_idx, NULL);
-+    }
-+
-     /**
-      * Avoid calling SSL_shutdown() if handshake wasn't completed.
-      * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an
-diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
-index 56a06cf99..24e43ef60 100644
---- a/pjsip/src/pjsip/sip_transport_tls.c
-+++ b/pjsip/src/pjsip/sip_transport_tls.c
-@@ -1333,9 +1333,26 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
-     PJ_UNUSED_ARG(src_addr_len);
- 
-     listener = (struct tls_listener*) pj_ssl_sock_get_user_data(ssock);
-+    if (!listener) {
-+	/* Listener already destroyed, e.g: after TCP accept but before SSL
-+	 * handshake is completed.
-+	 */
-+	if (new_ssock && accept_status == PJ_SUCCESS) {
-+	    /* Close the SSL socket if the accept op is successful */
-+	    PJ_LOG(4,(THIS_FILE,
-+		      "Incoming TLS connection from %s (sock=%d) is discarded "
-+		      "because listener is already destroyed",
-+		      pj_sockaddr_print(src_addr, addr, sizeof(addr), 3),
-+		      new_ssock));
-+
-+	    pj_ssl_sock_close(new_ssock);
-+	}
-+
-+	return PJ_FALSE;
-+    }
- 
-     if (accept_status != PJ_SUCCESS) {
--	if (listener && listener->tls_setting.on_accept_fail_cb) {
-+	if (listener->tls_setting.on_accept_fail_cb) {
- 	    pjsip_tls_on_accept_fail_param param;
- 	    pj_ssl_sock_info ssi;
- 
-@@ -1358,6 +1375,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
-     PJ_ASSERT_RETURN(new_ssock, PJ_TRUE);
- 
-     if (!listener->is_registered) {
-+	pj_ssl_sock_close(new_ssock);
-+
- 	if (listener->tls_setting.on_accept_fail_cb) {
- 	    pjsip_tls_on_accept_fail_param param;
- 	    pj_bzero(&param, sizeof(param));
-@@ -1409,6 +1428,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
- 			 ssl_info.grp_lock, &tls);
-     
-     if (status != PJ_SUCCESS) {
-+	pj_ssl_sock_close(new_ssock);
-+
- 	if (listener->tls_setting.on_accept_fail_cb) {
- 	    pjsip_tls_on_accept_fail_param param;
- 	    pj_bzero(&param, sizeof(param));
--- 
-2.31.1
-

diff --git a/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch b/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch
deleted file mode 100644
index b036951d9edd..000000000000
--- a/net-libs/pjproject/files/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch
+++ /dev/null
@@ -1,108 +0,0 @@
-From 90a16c523bfdf4d43c10506c972c5fd4250b2856 Mon Sep 17 00:00:00 2001
-From: Nanang Izzuddin <nanang@teluu.com>
-Date: Fri, 20 Nov 2020 10:52:22 +0700
-Subject: [PATCH] Race condition between transport destroy and acquire (#2470)
-
-* Handle race condition between transport_idle_callback() and pjsip_tpmgr_acquire_transport2().
-* Add transport destroy state check as additional of transport shutdown state check
----
- pjsip/src/pjsip/sip_transaction.c |  2 +-
- pjsip/src/pjsip/sip_transport.c   | 34 +++++++++++++++++++++++++------
- 2 files changed, 29 insertions(+), 7 deletions(-)
-
-diff --git a/pjsip/src/pjsip/sip_transaction.c b/pjsip/src/pjsip/sip_transaction.c
-index 2b4ece7df..f663c7f4b 100644
---- a/pjsip/src/pjsip/sip_transaction.c
-+++ b/pjsip/src/pjsip/sip_transaction.c
-@@ -2443,7 +2443,7 @@ static void tsx_update_transport( pjsip_transaction *tsx,
- 	pjsip_transport_add_ref(tp);
- 	pjsip_transport_add_state_listener(tp, &tsx_tp_state_callback, tsx,
- 					    &tsx->tp_st_key);
--        if (tp->is_shutdown) {
-+	if (tp->is_shutdown || tp->is_destroying) {
- 	    pjsip_transport_state_info info;
- 
- 	    pj_bzero(&info, sizeof(info));
-diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c
-index 06fce358c..bef6d24fe 100644
---- a/pjsip/src/pjsip/sip_transport.c
-+++ b/pjsip/src/pjsip/sip_transport.c
-@@ -1071,6 +1071,19 @@ static void transport_idle_callback(pj_timer_heap_t *timer_heap,
- 	return;
- 
-     entry->id = PJ_FALSE;
-+
-+    /* Set is_destroying flag under transport manager mutex to avoid
-+     * race condition with pjsip_tpmgr_acquire_transport2().
-+     */
-+    pj_lock_acquire(tp->tpmgr->lock);
-+    if (pj_atomic_get(tp->ref_cnt) == 0) {
-+	tp->is_destroying = PJ_TRUE;
-+    } else {
-+	pj_lock_release(tp->tpmgr->lock);
-+	return;
-+    }
-+    pj_lock_release(tp->tpmgr->lock);
-+
-     pjsip_transport_destroy(tp);
- }
- 
-@@ -1392,8 +1405,8 @@ PJ_DEF(pj_status_t) pjsip_transport_shutdown2(pjsip_transport *tp,
-     mgr = tp->tpmgr;
-     pj_lock_acquire(mgr->lock);
- 
--    /* Do nothing if transport is being shutdown already */
--    if (tp->is_shutdown) {
-+    /* Do nothing if transport is being shutdown/destroyed already */
-+    if (tp->is_shutdown || tp->is_destroying) {
- 	pj_lock_release(mgr->lock);
- 	pj_lock_release(tp->lock);
- 	return PJ_SUCCESS;
-@@ -2256,6 +2269,13 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
- 	    return PJSIP_ETPNOTSUITABLE;
- 	}
- 
-+	/* Make sure the transport is not being destroyed */
-+	if (seltp->is_destroying) {
-+	    pj_lock_release(mgr->lock);
-+	    TRACE_((THIS_FILE,"Transport to be acquired is being destroyed"));
-+	    return PJ_ENOTFOUND;
-+	}
-+
- 	/* We could also verify that the destination address is reachable
- 	 * from this transport (i.e. both are equal), but if application
- 	 * has requested a specific transport to be used, assume that
-@@ -2311,8 +2331,10 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
- 	    if (tp_entry) {
- 		transport *tp_iter = tp_entry;
- 		do {
--		    /* Don't use transport being shutdown */
--		    if (!tp_iter->tp->is_shutdown) {
-+		    /* Don't use transport being shutdown/destroyed */
-+		    if (!tp_iter->tp->is_shutdown &&
-+			!tp_iter->tp->is_destroying)
-+		    {
- 			if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER &&
- 			    sel->u.listener)
- 			{
-@@ -2382,7 +2404,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr,
- 	    TRACE_((THIS_FILE, "Transport found but from different listener"));
- 	}
- 
--	if (tp_ref!=NULL && !tp_ref->is_shutdown) {
-+	if (tp_ref!=NULL && !tp_ref->is_shutdown && !tp_ref->is_destroying) {
- 	    /*
- 	     * Transport found!
- 	     */
-@@ -2624,7 +2646,7 @@ PJ_DEF(pj_status_t) pjsip_transport_add_state_listener (
- 
-     PJ_ASSERT_RETURN(tp && cb && key, PJ_EINVAL);
- 
--    if (tp->is_shutdown) {
-+    if (tp->is_shutdown || tp->is_destroying) {
- 	*key = NULL;
- 	return PJ_EINVALIDOP;
-     }
--- 
-2.26.2
-

diff --git a/net-libs/pjproject/files/pjproject-2.9-config_site.h b/net-libs/pjproject/files/pjproject-2.9-config_site.h
deleted file mode 100644
index d41ac1d1947b..000000000000
--- a/net-libs/pjproject/files/pjproject-2.9-config_site.h
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Based off of the Asterisk config_site.h file.
- *
- * In general it's the same with some removals due to being ebuild-managed.
- */
-
-#include <sys/select.h>
-
-/* handled by ebuild, default to disabled here */
-#ifndef PJMEDIA_HAS_SRTP
-#define PJMEDIA_HAS_SRTP 0
-#endif
-
-#define PJ_MAX_HOSTNAME (256)
-#define PJSIP_MAX_URL_SIZE (512)
-#ifdef PJ_HAS_LINUX_EPOLL
-#define PJ_IOQUEUE_MAX_HANDLES	(5000)
-#else
-#define PJ_IOQUEUE_MAX_HANDLES	(FD_SETSIZE)
-#endif
-#define PJ_IOQUEUE_HAS_SAFE_UNREG 1
-#define PJ_IOQUEUE_MAX_EVENTS_IN_SINGLE_POLL (16)
-
-#define PJ_SCANNER_USE_BITWISE	0
-#define PJ_OS_HAS_CHECK_STACK	0
-
-#ifndef PJ_LOG_MAX_LEVEL
-#define PJ_LOG_MAX_LEVEL		6
-#endif
-
-#define PJ_ENABLE_EXTRA_CHECK	1
-#define PJSIP_MAX_TSX_COUNT		((64*1024)-1)
-#define PJSIP_MAX_DIALOG_COUNT	((64*1024)-1)
-#define PJSIP_UDP_SO_SNDBUF_SIZE	(512*1024)
-#define PJSIP_UDP_SO_RCVBUF_SIZE	(512*1024)
-#define PJSIP_SAFE_MODULE		0
-#define PJ_HAS_STRICMP_ALNUM		0
-
-/*
- * Do not ever enable PJ_HASH_USE_OWN_TOLOWER because the algorithm is
- * inconsistently used when calculating the hash value and doesn't
- * convert the same characters as pj_tolower()/tolower().  Thus you
- * can get different hash values if the string hashed has certain
- * characters in it.  (ASCII '@', '[', '\\', ']', '^', and '_')
- */
-#undef PJ_HASH_USE_OWN_TOLOWER
-
-/*
-  It is imperative that PJSIP_UNESCAPE_IN_PLACE remain 0 or undefined.
-  Enabling it will result in SEGFAULTS when URIs containing escape sequences are encountered.
-*/
-#undef PJSIP_UNESCAPE_IN_PLACE
-#define PJSIP_MAX_PKT_LEN			32000
-
-#undef PJ_TODO
-#define PJ_TODO(x)
-
-/* Defaults too low for WebRTC */
-#define PJ_ICE_MAX_CAND 32
-#define PJ_ICE_MAX_CHECKS (PJ_ICE_MAX_CAND * PJ_ICE_MAX_CAND)
-
-/* Increase limits to allow more formats */
-#define	PJMEDIA_MAX_SDP_FMT   64
-#define	PJMEDIA_MAX_SDP_BANDW   4
-#define	PJMEDIA_MAX_SDP_ATTR   (PJMEDIA_MAX_SDP_FMT*2 + 4)
-#define	PJMEDIA_MAX_SDP_MEDIA   16
-
-/*
- * Turn off the periodic sending of CRLNCRLN.  Default is on (90 seconds),
- * which conflicts with the global section's keep_alive_interval option in
- * pjsip.conf.
- */
-#define PJSIP_TCP_KEEP_ALIVE_INTERVAL	0
-#define PJSIP_TLS_KEEP_ALIVE_INTERVAL	0

diff --git a/net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch b/net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch
deleted file mode 100644
index bb8a11d7f457..000000000000
--- a/net-libs/pjproject/files/pjproject-2.9-ssl-enable.patch
+++ /dev/null
@@ -1,100 +0,0 @@
-From 2942c73cd3b3389ec1a35258f22ac9d0f0742de1 Mon Sep 17 00:00:00 2001
-From: Jaco Kroon <jaco@iewc.co.za>
-Date: Thu, 24 May 2018 15:40:33 +0200
-Subject: [PATCH] Fix support for --enable-ssl.
-
-This change enables the explicit use of --enable-ssl in such a way that
-package managers such as portage (Gentoo) that explicitly does
---enable-ssl or --disable-ssl will get the results that it's looking
-for.
-
-Without this specifying --enable-ssl would end up actually disabling it.
-
-Additionally, if --enable-ssl is specified but the script ends up being
-unable to enable ssl it will fail.
----
- aconfigure    | 16 ++++++++++++----
- aconfigure.ac | 15 ++++++++++++---
- 2 files changed, 24 insertions(+), 7 deletions(-)
-
-diff --git a/aconfigure b/aconfigure
-index 0cf17faae..57bdfba87 100755
---- a/aconfigure
-+++ b/aconfigure
-@@ -8001,8 +8001,9 @@ if test "${enable_ssl+set}" = set; then :
- $as_echo "Checking if SSL support is disabled... yes" >&6; }
- 	        fi
- 
--else
-+fi
- 
-+if test "x$ac_no_ssl" != "x1"; then
- 	        if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
-                     CFLAGS="$CFLAGS -I$with_ssl/include"
-                     CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
-@@ -8317,16 +8318,23 @@ $as_echo "GnuTLS library found, SSL support enabled" >&6; }
- 
-             		ac_ssl_backend="gnutls"
-         	    else
--            		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ** No GnuTLS libraries found, disabling SSL support **" >&5
--$as_echo "** No GnuTLS libraries found, disabling SSL support **" >&6; }
-+			{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ** No GnuTLS libraries found **" >&5
-+$as_echo "** No GnuTLS libraries found **" >&6; }
-         	    fi
- 
-         	fi
- 
-+		if test "x$ac_ssl_backend" = "x"; then
-+		    if test "x$enable_ssl" = "xyes"; then
-+			as_fn_error $? "SSL Support requested but neither OpenSSL nor GnuTLS operational" "$LINENO" 5
-+		    else
-+			{ $as_echo "$as_me:${as_lineno-$LINENO}: result: No SSL detected, disabling SSL support" >&5
-+$as_echo "No SSL detected, disabling SSL support" >&6; }
-+		    fi
-+		fi
- fi
- 
- 
--
- # Check whether --with-opencore-amrnb was given.
- if test "${with_opencore_amrnb+set}" = set; then :
-   withval=$with_opencore_amrnb; as_fn_error $? "This option is obsolete and replaced by --with-opencore-amr=DIR" "$LINENO" 5
-diff --git a/aconfigure.ac b/aconfigure.ac
-index 8d7d944a1..45c42756b 100644
---- a/aconfigure.ac
-+++ b/aconfigure.ac
-@@ -1607,7 +1607,8 @@ AC_ARG_ENABLE(ssl,
- 		 AC_MSG_RESULT([Checking if SSL support is disabled... yes])
- 	        fi
- 	      ],
--	      [
-+	      [])
-+if test "x$ac_no_ssl" != "x1"; then
- 	        if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
-                     CFLAGS="$CFLAGS -I$with_ssl/include"
-                     CPPFLAGS="$CPPFLAGS -I$with_ssl/include"
-@@ -1692,11 +1693,19 @@ AC_ARG_ENABLE(ssl,
- 			AC_DEFINE(PJ_SSL_SOCK_IMP, PJ_SSL_SOCK_IMP_GNUTLS)
-             		ac_ssl_backend="gnutls"
-         	    else
--            		AC_MSG_RESULT([** No GnuTLS libraries found, disabling SSL support **])
-+			AC_MSG_RESULT([** No GnuTLS libraries found **])
-         	    fi
-         	
-         	fi
--	      ])
-+
-+		if test "x$ac_ssl_backend" = "x"; then
-+		    if test "x$enable_ssl" = "xyes"; then
-+			AC_MSG_ERROR([SSL Support requested but neither OpenSSL nor GnuTLS operational])
-+		    else
-+			AC_MSG_RESULT([No SSL detected, disabling SSL support])
-+		    fi
-+		fi
-+fi
- 
- dnl # Obsolete option --with-opencore-amrnb
- AC_ARG_WITH(opencore-amrnb,
--- 
-2.23.0
-

diff --git a/net-libs/pjproject/pjproject-2.10-r1.ebuild b/net-libs/pjproject/pjproject-2.10-r1.ebuild
deleted file mode 100644
index 3db743937f47..000000000000
--- a/net-libs/pjproject/pjproject-2.10-r1.ebuild
+++ /dev/null
@@ -1,124 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic toolchain-funcs
-
-DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
-HOMEPAGE="https://www.pjsip.org/"
-SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86"
-
-LICENSE="GPL-2"
-SLOT="0/${PV}"
-
-# g729 not included due to special bcg729 handling.
-CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
-VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
-SOUND_FLAGS="alsa portaudio"
-IUSE="amr debug epoll examples ipv6 opus resample silk ssl static-libs webrtc
-	${CODEC_FLAGS} g729
-	${VIDEO_FLAGS}
-	${SOUND_FLAGS}"
-
-PATCHES=(
-	"${FILESDIR}/pjproject-2.9-ssl-enable.patch"
-	"${FILESDIR}/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch"
-	"${FILESDIR}/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch"
-	"${FILESDIR}/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch"
-)
-
-RDEPEND="net-libs/libsrtp:=
-	alsa? ( media-libs/alsa-lib )
-	amr? ( media-libs/opencore-amr )
-	ffmpeg? ( media-video/ffmpeg:= )
-	g729? ( media-libs/bcg729 )
-	gsm? ( media-sound/gsm )
-	ilbc? ( media-libs/libilbc )
-	openh264? ( media-libs/openh264 )
-	opus? ( media-libs/opus )
-	portaudio? ( media-libs/portaudio )
-	resample? ( media-libs/libsamplerate )
-	sdl? ( media-libs/libsdl )
-	speex? (
-		media-libs/speex
-		media-libs/speexdsp
-	)
-	ssl? (
-		dev-libs/openssl:0=
-	)
-"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig"
-
-src_prepare() {
-	default
-	rm configure || die "Unable to remove unwanted wrapper"
-	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
-	eautoreconf
-
-	cp "${FILESDIR}/pjproject-2.9-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
-}
-
-src_configure() {
-	local myconf=()
-	local videnable="--disable-video"
-	local t
-
-	use debug || append-cflags -DNDEBUG=1
-	use ipv6 && append-cflags -DPJ_HAS_IPV6=1
-	append-cflags -DPJMEDIA_HAS_SRTP=1
-
-	for t in ${CODEC_FLAGS}; do
-		myconf+=( $(use_enable ${t} ${t}-codec) )
-	done
-	myconf+=( $(use_enable g729 bcg729) )
-
-	for t in ${VIDEO_FLAGS}; do
-		myconf+=( $(use_enable ${t}) )
-		use "${t}" && videnable="--enable-video"
-	done
-
-	[ "${videnable}" = "--enable-video" ] && append-cflags -DPJMEDIA_HAS_VIDEO=1
-
-	LD="$(tc-getCC)" econf \
-		--enable-shared \
-		--with-external-srtp \
-		${videnable} \
-		$(use_enable alsa sound) \
-		$(use_enable amr opencore-amr) \
-		$(use_enable epoll) \
-		$(use_enable opus) \
-		$(use_enable portaudio ext-sound) \
-		$(use_enable resample libsamplerate) \
-		$(use_enable resample resample-dll) \
-		$(use_enable resample) \
-		$(use_enable silk) \
-		$(use_enable speex speex-aec) \
-		$(use_enable ssl) \
-		$(use_with gsm external-gsm) \
-		$(use_with portaudio external-pa) \
-		$(use_with speex external-speex) \
-		$(usex webrtc '' --disable-libwebrtc) \
-		"${myconf[@]}"
-}
-
-src_compile() {
-	emake dep LD="$(tc-getCC)"
-	emake LD="$(tc-getCC)"
-}
-
-src_install() {
-	default
-
-	newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
-	newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
-
-	if use examples; then
-		insinto "/usr/share/doc/${PF}/examples"
-		doins -r pjsip-apps/src/samples
-	fi
-
-	use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
-}

diff --git a/net-libs/pjproject/pjproject-2.10-r2.ebuild b/net-libs/pjproject/pjproject-2.10-r2.ebuild
deleted file mode 100644
index c4474ea97453..000000000000
--- a/net-libs/pjproject/pjproject-2.10-r2.ebuild
+++ /dev/null
@@ -1,125 +0,0 @@
-# Copyright 1999-2021 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit autotools flag-o-matic toolchain-funcs
-
-DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
-HOMEPAGE="https://www.pjsip.org/"
-SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
-KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86"
-
-LICENSE="GPL-2"
-SLOT="0/${PV}"
-
-# g729 not included due to special bcg729 handling.
-CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
-VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
-SOUND_FLAGS="alsa portaudio"
-IUSE="amr debug epoll examples ipv6 opus resample silk ssl static-libs webrtc
-	${CODEC_FLAGS} g729
-	${VIDEO_FLAGS}
-	${SOUND_FLAGS}"
-
-PATCHES=(
-	"${FILESDIR}/pjproject-2.9-ssl-enable.patch"
-	"${FILESDIR}/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch"
-	"${FILESDIR}/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch"
-	"${FILESDIR}/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch"
-	"${FILESDIR}/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch"
-)
-
-RDEPEND="net-libs/libsrtp:=
-	alsa? ( media-libs/alsa-lib )
-	amr? ( media-libs/opencore-amr )
-	ffmpeg? ( media-video/ffmpeg:= )
-	g729? ( media-libs/bcg729 )
-	gsm? ( media-sound/gsm )
-	ilbc? ( media-libs/libilbc )
-	openh264? ( media-libs/openh264 )
-	opus? ( media-libs/opus )
-	portaudio? ( media-libs/portaudio )
-	resample? ( media-libs/libsamplerate )
-	sdl? ( media-libs/libsdl )
-	speex? (
-		media-libs/speex
-		media-libs/speexdsp
-	)
-	ssl? (
-		dev-libs/openssl:0=
-	)
-"
-DEPEND="${RDEPEND}"
-BDEPEND="virtual/pkgconfig"
-
-src_prepare() {
-	default
-	rm configure || die "Unable to remove unwanted wrapper"
-	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
-	eautoreconf
-
-	cp "${FILESDIR}/pjproject-2.9-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
-}
-
-src_configure() {
-	local myconf=()
-	local videnable="--disable-video"
-	local t
-
-	use debug || append-cflags -DNDEBUG=1
-	use ipv6 && append-cflags -DPJ_HAS_IPV6=1
-	append-cflags -DPJMEDIA_HAS_SRTP=1
-
-	for t in ${CODEC_FLAGS}; do
-		myconf+=( $(use_enable ${t} ${t}-codec) )
-	done
-	myconf+=( $(use_enable g729 bcg729) )
-
-	for t in ${VIDEO_FLAGS}; do
-		myconf+=( $(use_enable ${t}) )
-		use "${t}" && videnable="--enable-video"
-	done
-
-	[ "${videnable}" = "--enable-video" ] && append-cflags -DPJMEDIA_HAS_VIDEO=1
-
-	LD="$(tc-getCC)" econf \
-		--enable-shared \
-		--with-external-srtp \
-		${videnable} \
-		$(use_enable alsa sound) \
-		$(use_enable amr opencore-amr) \
-		$(use_enable epoll) \
-		$(use_enable opus) \
-		$(use_enable portaudio ext-sound) \
-		$(use_enable resample libsamplerate) \
-		$(use_enable resample resample-dll) \
-		$(use_enable resample) \
-		$(use_enable silk) \
-		$(use_enable speex speex-aec) \
-		$(use_enable ssl) \
-		$(use_with gsm external-gsm) \
-		$(use_with portaudio external-pa) \
-		$(use_with speex external-speex) \
-		$(usex webrtc '' --disable-libwebrtc) \
-		"${myconf[@]}"
-}
-
-src_compile() {
-	emake dep LD="$(tc-getCC)"
-	emake LD="$(tc-getCC)"
-}
-
-src_install() {
-	default
-
-	newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
-	newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
-
-	if use examples; then
-		insinto "/usr/share/doc/${PF}/examples"
-		doins -r pjsip-apps/src/samples
-	fi
-
-	use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
-}

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Sam James]

commit:     9190173b8ee7cf9ee818ad61aebc841f11fa834f
Author:     orbea <orbea <AT> riseup <DOT> net>
AuthorDate: Fri Oct  7 19:10:13 2022 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Wed Oct 12 23:22:50 2022 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9190173b

net-libs/pjproject: Add 2.12.1-r2

* Fixes the build with musl
* Fixes a bashism
* Backports two CVE fix patches

Closes: https://bugs.gentoo.org/865719
Upstream-PR: https://github.com/pjsip/pjproject/pull/3220
Upstream-Commit: https://github.com/pjsip/pjproject/commit/bae7e5f4ff9047170e7e160ab52f6d9993aeae80
Bug: https://bugs.gentoo.org/875863
Upstream-Commit: https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc
Upstream-Commit: https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
Closes: https://bugs.gentoo.org/867343
Upstream-PR: https://github.com/pjsip/pjproject/pull/3263
Signed-off-by: orbea <orbea <AT> riseup.net>
Closes: https://github.com/gentoo/gentoo/pull/27677
Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../files/pjproject-2.12.1-r2-CVE-2022-39244.patch | 306 +++++++++++++++++++++
 .../files/pjproject-2.12.1-r2-CVE-2022-39269.patch |  33 +++
 .../files/pjproject-2.12.1-r2-bashism.patch        |  44 +++
 .../pjproject/files/pjproject-2.12.1-r2-musl.patch | 102 +++++++
 net-libs/pjproject/pjproject-2.12.1-r2.ebuild      | 144 ++++++++++
 5 files changed, 629 insertions(+)

diff --git a/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39244.patch b/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39244.patch
new file mode 100644
index 000000000000..a0995fb92957
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39244.patch
@@ -0,0 +1,306 @@
+https://bugs.gentoo.org/875863
+https://github.com/pjsip/pjproject/commit/c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae
+
+From c4d34984ec92b3d5252a7d5cddd85a1d3a8001ae Mon Sep 17 00:00:00 2001
+From: sauwming <ming@teluu.com>
+Date: Mon, 3 Oct 2022 08:07:22 +0800
+Subject: [PATCH] Merge pull request from GHSA-fq45-m3f7-3mhj
+
+* Initial patch
+
+* Use 'pj_scan_is_eof(scanner)'
+
+Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>
+
+* Use 'pj_scan_is_eof(scanner)'
+
+Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>
+
+* Use 'pj_scan_is_eof(scanner)'
+
+Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>
+
+* Use `!pj_scan_is_eof` instead of manually checking `scanner->curptr < scanner->end`
+
+Co-authored-by: Maksim Mukosey <mmukosey@gmail.com>
+
+* Update pjlib-util/src/pjlib-util/scanner.c
+
+Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>
+
+* Update pjlib-util/src/pjlib-util/scanner.c
+
+Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>
+
+* Update pjlib-util/src/pjlib-util/scanner.c
+
+Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>
+
+* Revert '>=' back to '>' in pj_scan_stricmp_alnum()
+
+* Fix error compiles.
+
+Co-authored-by: Nanang Izzuddin <nanang@teluu.com>
+Co-authored-by: Aaron Lichtman <aaronlichtman@gmail.com>
+Co-authored-by: Maksim Mukosey <mmukosey@gmail.com>
+---
+ pjlib-util/src/pjlib-util/scanner.c | 41 +++++++++++++++++++----------
+ pjmedia/src/pjmedia/rtp.c           | 11 +++++---
+ pjmedia/src/pjmedia/sdp.c           | 24 ++++++++++-------
+ 3 files changed, 48 insertions(+), 28 deletions(-)
+
+diff --git a/pjlib-util/src/pjlib-util/scanner.c b/pjlib-util/src/pjlib-util/scanner.c
+index a54edf2d8e..6541bbae31 100644
+--- a/pjlib-util/src/pjlib-util/scanner.c
++++ b/pjlib-util/src/pjlib-util/scanner.c
+@@ -195,7 +195,13 @@ PJ_DEF(void) pj_scan_skip_whitespace( pj_scanner *scanner )
+ 
+ PJ_DEF(void) pj_scan_skip_line( pj_scanner *scanner )
+ {
+-    char *s = pj_memchr(scanner->curptr, '\n', scanner->end - scanner->curptr);
++    char *s;
++
++    if (pj_scan_is_eof(scanner)) {
++        return;
++    }
++
++    s = pj_memchr(scanner->curptr, '\n', scanner->end - scanner->curptr);
+     if (!s) {
+ 	scanner->curptr = scanner->end;
+     } else {
+@@ -264,8 +270,7 @@ PJ_DEF(void) pj_scan_get( pj_scanner *scanner,
+ 
+     pj_assert(pj_cis_match(spec,0)==0);
+ 
+-    /* EOF is detected implicitly */
+-    if (!pj_cis_match(spec, *s)) {
++    if (pj_scan_is_eof(scanner) || !pj_cis_match(spec, *s)) {
+ 	pj_scan_syntax_err(scanner);
+ 	return;
+     }
+@@ -299,8 +304,7 @@ PJ_DEF(void) pj_scan_get_unescape( pj_scanner *scanner,
+     /* Must not match character '%' */
+     pj_assert(pj_cis_match(spec,'%')==0);
+ 
+-    /* EOF is detected implicitly */
+-    if (!pj_cis_match(spec, *s) && *s != '%') {
++    if (pj_scan_is_eof(scanner) || !pj_cis_match(spec, *s) && *s != '%') {
+ 	pj_scan_syntax_err(scanner);
+ 	return;
+     }
+@@ -436,7 +440,9 @@ PJ_DEF(void) pj_scan_get_n( pj_scanner *scanner,
+     
+     scanner->curptr += N;
+ 
+-    if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws) {
++    if (!pj_scan_is_eof(scanner) &&
++	PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && scanner->skip_ws)
++    {
+ 	pj_scan_skip_whitespace(scanner);
+     }
+ }
+@@ -467,15 +473,16 @@ PJ_DEF(int) pj_scan_get_char( pj_scanner *scanner )
+ 
+ PJ_DEF(void) pj_scan_get_newline( pj_scanner *scanner )
+ {
+-    if (!PJ_SCAN_IS_NEWLINE(*scanner->curptr)) {
++    if (pj_scan_is_eof(scanner) || !PJ_SCAN_IS_NEWLINE(*scanner->curptr)) {
+ 	pj_scan_syntax_err(scanner);
+ 	return;
+     }
+ 
++    /* We have checked scanner->curptr validity above */
+     if (*scanner->curptr == '\r') {
+ 	++scanner->curptr;
+     }
+-    if (*scanner->curptr == '\n') {
++    if (!pj_scan_is_eof(scanner) && *scanner->curptr == '\n') {
+ 	++scanner->curptr;
+     }
+ 
+@@ -520,7 +527,9 @@ PJ_DEF(void) pj_scan_get_until( pj_scanner *scanner,
+ 
+     scanner->curptr = s;
+ 
+-    if (PJ_SCAN_IS_PROBABLY_SPACE(*s) && scanner->skip_ws) {
++    if (!pj_scan_is_eof(scanner) && PJ_SCAN_IS_PROBABLY_SPACE(*s) &&
++	scanner->skip_ws)
++    {
+ 	pj_scan_skip_whitespace(scanner);
+     }
+ }
+@@ -544,7 +553,9 @@ PJ_DEF(void) pj_scan_get_until_ch( pj_scanner *scanner,
+ 
+     scanner->curptr = s;
+ 
+-    if (PJ_SCAN_IS_PROBABLY_SPACE(*s) && scanner->skip_ws) {
++    if (!pj_scan_is_eof(scanner) && PJ_SCAN_IS_PROBABLY_SPACE(*s) &&
++	scanner->skip_ws)
++    {
+ 	pj_scan_skip_whitespace(scanner);
+     }
+ }
+@@ -570,7 +581,9 @@ PJ_DEF(void) pj_scan_get_until_chr( pj_scanner *scanner,
+ 
+     scanner->curptr = s;
+ 
+-    if (PJ_SCAN_IS_PROBABLY_SPACE(*s) && scanner->skip_ws) {
++    if (!pj_scan_is_eof(scanner) && PJ_SCAN_IS_PROBABLY_SPACE(*s) &&
++	scanner->skip_ws)
++    {
+ 	pj_scan_skip_whitespace(scanner);
+     }
+ }
+@@ -585,7 +598,9 @@ PJ_DEF(void) pj_scan_advance_n( pj_scanner *scanner,
+ 
+     scanner->curptr += N;
+ 
+-    if (PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && skip_ws) {
++    if (!pj_scan_is_eof(scanner) && 
++	PJ_SCAN_IS_PROBABLY_SPACE(*scanner->curptr) && skip_ws)
++    {
+ 	pj_scan_skip_whitespace(scanner);
+     }
+ }
+@@ -636,5 +651,3 @@ PJ_DEF(void) pj_scan_restore_state( pj_scanner *scanner,
+     scanner->line = state->line;
+     scanner->start_line = state->start_line;
+ }
+-
+-
+diff --git a/pjmedia/src/pjmedia/rtp.c b/pjmedia/src/pjmedia/rtp.c
+index 18917f18b5..d29348cc5f 100644
+--- a/pjmedia/src/pjmedia/rtp.c
++++ b/pjmedia/src/pjmedia/rtp.c
+@@ -188,6 +188,11 @@ PJ_DEF(pj_status_t) pjmedia_rtp_decode_rtp2(
+     /* Payload is located right after header plus CSRC */
+     offset = sizeof(pjmedia_rtp_hdr) + ((*hdr)->cc * sizeof(pj_uint32_t));
+ 
++    /* Check that offset is less than packet size */
++    if (offset >= pkt_len) {
++        return PJMEDIA_RTP_EINLEN;
++    }
++
+     /* Decode RTP extension. */
+     if ((*hdr)->x) {
+         if (offset + sizeof (pjmedia_rtp_ext_hdr) > (unsigned)pkt_len)
+@@ -202,8 +207,8 @@ PJ_DEF(pj_status_t) pjmedia_rtp_decode_rtp2(
+ 	dec_hdr->ext_len = 0;
+     }
+ 
+-    /* Check that offset is less than packet size */
+-    if (offset > pkt_len)
++    /* Check again that offset is still less than packet size */
++    if (offset >= pkt_len)
+ 	return PJMEDIA_RTP_EINLEN;
+ 
+     /* Find and set payload. */
+@@ -393,5 +398,3 @@ void pjmedia_rtp_seq_update( pjmedia_rtp_seq_session *sess,
+ 	seq_status->status.value = st.status.value;
+     }
+ }
+-
+-
+diff --git a/pjmedia/src/pjmedia/sdp.c b/pjmedia/src/pjmedia/sdp.c
+index 3905c2f525..647f49e138 100644
+--- a/pjmedia/src/pjmedia/sdp.c
++++ b/pjmedia/src/pjmedia/sdp.c
+@@ -983,13 +983,13 @@ static void parse_version(pj_scanner *scanner,
+     ctx->last_error = PJMEDIA_SDP_EINVER;
+ 
+     /* check equal sign */
+-    if (*(scanner->curptr+1) != '=') {
++    if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
+ 	on_scanner_error(scanner);
+ 	return;
+     }
+ 
+     /* check version is 0 */
+-    if (*(scanner->curptr+2) != '0') {
++    if (scanner->curptr+2 >= scanner->end || *(scanner->curptr+2) != '0') {
+ 	on_scanner_error(scanner);
+ 	return;
+     }
+@@ -1006,7 +1006,7 @@ static void parse_origin(pj_scanner *scanner, pjmedia_sdp_session *ses,
+     ctx->last_error = PJMEDIA_SDP_EINORIGIN;
+ 
+     /* check equal sign */
+-    if (*(scanner->curptr+1) != '=') {
++    if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
+ 	on_scanner_error(scanner);
+ 	return;
+     }
+@@ -1052,7 +1052,7 @@ static void parse_time(pj_scanner *scanner, pjmedia_sdp_session *ses,
+     ctx->last_error = PJMEDIA_SDP_EINTIME;
+ 
+     /* check equal sign */
+-    if (*(scanner->curptr+1) != '=') {
++    if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
+ 	on_scanner_error(scanner);
+ 	return;
+     }
+@@ -1080,7 +1080,7 @@ static void parse_generic_line(pj_scanner *scanner, pj_str_t *str,
+     ctx->last_error = PJMEDIA_SDP_EINSDP;
+ 
+     /* check equal sign */
+-    if (*(scanner->curptr+1) != '=') {
++    if ((scanner->curptr+1 >= scanner->end) || *(scanner->curptr+1) != '=') {
+ 	on_scanner_error(scanner);
+ 	return;
+     }
+@@ -1149,7 +1149,7 @@ static void parse_media(pj_scanner *scanner, pjmedia_sdp_media *med,
+     ctx->last_error = PJMEDIA_SDP_EINMEDIA;
+ 
+     /* check the equal sign */
+-    if (*(scanner->curptr+1) != '=') {
++    if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
+ 	on_scanner_error(scanner);
+ 	return;
+     }
+@@ -1164,6 +1164,10 @@ static void parse_media(pj_scanner *scanner, pjmedia_sdp_media *med,
+     /* port */
+     pj_scan_get(scanner, &cs_token, &str);
+     med->desc.port = (unsigned short)pj_strtoul(&str);
++    if (pj_scan_is_eof(scanner)) {
++        on_scanner_error(scanner);
++        return;
++    }
+     if (*scanner->curptr == '/') {
+ 	/* port count */
+ 	pj_scan_get_char(scanner);
+@@ -1175,7 +1179,7 @@ static void parse_media(pj_scanner *scanner, pjmedia_sdp_media *med,
+     }
+ 
+     if (pj_scan_get_char(scanner) != ' ') {
+-	PJ_THROW(SYNTAX_ERROR);
++	on_scanner_error(scanner);
+     }
+ 
+     /* transport */
+@@ -1183,7 +1187,7 @@ static void parse_media(pj_scanner *scanner, pjmedia_sdp_media *med,
+ 
+     /* format list */
+     med->desc.fmt_count = 0;
+-    while (*scanner->curptr == ' ') {
++    while (scanner->curptr < scanner->end && *scanner->curptr == ' ') {
+ 	pj_str_t fmt;
+ 
+ 	pj_scan_get_char(scanner);
+@@ -1223,7 +1227,7 @@ static pjmedia_sdp_attr *parse_attr( pj_pool_t *pool, pj_scanner *scanner,
+     attr = PJ_POOL_ALLOC_T(pool, pjmedia_sdp_attr);
+ 
+     /* check equal sign */
+-    if (*(scanner->curptr+1) != '=') {
++    if (scanner->curptr+1 >= scanner->end || *(scanner->curptr+1) != '=') {
+ 	on_scanner_error(scanner);
+ 	return NULL;
+     }
+@@ -1242,7 +1246,7 @@ static pjmedia_sdp_attr *parse_attr( pj_pool_t *pool, pj_scanner *scanner,
+ 	    pj_scan_get_char(scanner);
+ 
+ 	/* get value */
+-	if (*scanner->curptr != '\r' && *scanner->curptr != '\n') {
++	if (!pj_scan_is_eof(scanner) && *scanner->curptr != '\r' && *scanner->curptr != '\n') {
+ 	    pj_scan_get_until_chr(scanner, "\r\n", &attr->value);
+ 	} else {
+ 	    attr->value.ptr = NULL;

diff --git a/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39269.patch b/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39269.patch
new file mode 100644
index 000000000000..7c065a024b92
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.12.1-r2-CVE-2022-39269.patch
@@ -0,0 +1,33 @@
+https://bugs.gentoo.org/875863
+https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc
+
+From d2acb9af4e27b5ba75d658690406cec9c274c5cc Mon Sep 17 00:00:00 2001
+From: Riza Sulistyo <trengginas@users.noreply.github.com>
+Date: Thu, 6 Oct 2022 13:55:13 +0700
+Subject: [PATCH] Merge pull request from GHSA-wx5m-cj97-4wwg
+
+---
+ pjmedia/src/pjmedia/transport_srtp.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/pjmedia/src/pjmedia/transport_srtp.c b/pjmedia/src/pjmedia/transport_srtp.c
+index 2d393beaa..39d06434b 100644
+--- a/pjmedia/src/pjmedia/transport_srtp.c
++++ b/pjmedia/src/pjmedia/transport_srtp.c
+@@ -1531,13 +1531,14 @@ static void srtp_rtp_cb(pjmedia_tp_cb_param *param)
+ 	pjmedia_srtp_crypto tx, rx;
+ 	pj_status_t status;
+ 
++	tx = srtp->tx_policy;
++	rx = srtp->rx_policy;
++
+ 	/* Stop SRTP first, otherwise srtp_start() will maintain current
+ 	 * roll-over counter.
+ 	 */
+ 	pjmedia_transport_srtp_stop((pjmedia_transport*)srtp);
+ 
+-	tx = srtp->tx_policy;
+-	rx = srtp->rx_policy;
+ 	status = pjmedia_transport_srtp_start((pjmedia_transport*)srtp,
+ 					      &tx, &rx);
+ 	if (status != PJ_SUCCESS) {

diff --git a/net-libs/pjproject/files/pjproject-2.12.1-r2-bashism.patch b/net-libs/pjproject/files/pjproject-2.12.1-r2-bashism.patch
new file mode 100644
index 000000000000..d24243eba223
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.12.1-r2-bashism.patch
@@ -0,0 +1,44 @@
+https://bugs.gentoo.org/865719
+https://github.com/pjsip/pjproject/pull/3220
+https://github.com/pjsip/pjproject/commit/bae7e5f4ff9047170e7e160ab52f6d9993aeae80
+
+From 84c7a5a6a050fcd51c7f5cada51df27ab00b7332 Mon Sep 17 00:00:00 2001
+From: Jaco Kroon <jaco@uls.co.za>
+Date: Fri, 19 Aug 2022 11:20:10 +0200
+Subject: [PATCH] aconfigure: fix bashism.
+
+${var//string/replacement} is considered a bashism and should be avoided
+in configure scripts.
+
+Signed-off-by: Jaco Kroon <jaco@uls.co.za>
+---
+ aconfigure    | 2 +-
+ aconfigure.ac | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/aconfigure b/aconfigure
+index b15c133e2e..5ce01f5057 100755
+--- a/aconfigure
++++ b/aconfigure
+@@ -7986,7 +7986,7 @@ printf "%s\n" "not found" >&6; }
+ 			ac_sdl_cflags=`$SDL_CONFIG --cflags`
+ 			ac_sdl_cflags="-DPJMEDIA_VIDEO_DEV_HAS_SDL=1 $ac_sdl_cflags"
+ 			ac_sdl_ldflags=`$SDL_CONFIG --libs`
+-			ac_sdl_ldflags=${ac_sdl_ldflags//-mwindows/}
++			ac_sdl_ldflags=`echo "${ac_sdl_ldflags}" | sed -e 's/-mwindows//g'`
+ 			LIBS="$LIBS $ac_sdl_ldflags"
+ 		  else
+ 			{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: Unsupported SDL version" >&5
+diff --git a/aconfigure.ac b/aconfigure.ac
+index 9fc32d0bf9..2b6227711e 100644
+--- a/aconfigure.ac
++++ b/aconfigure.ac
+@@ -1295,7 +1295,7 @@ AC_ARG_ENABLE(sdl,
+ 			ac_sdl_cflags=`$SDL_CONFIG --cflags`
+ 			ac_sdl_cflags="-DPJMEDIA_VIDEO_DEV_HAS_SDL=1 $ac_sdl_cflags"
+ 			ac_sdl_ldflags=`$SDL_CONFIG --libs`
+-			ac_sdl_ldflags=${ac_sdl_ldflags//-mwindows/}
++			ac_sdl_ldflags=`echo "${ac_sdl_ldflags}" | sed -e 's/-mwindows//g'`
+ 			LIBS="$LIBS $ac_sdl_ldflags"
+ 		  else
+ 			AC_MSG_RESULT([Unsupported SDL version])

diff --git a/net-libs/pjproject/files/pjproject-2.12.1-r2-musl.patch b/net-libs/pjproject/files/pjproject-2.12.1-r2-musl.patch
new file mode 100644
index 000000000000..8db401dc7544
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.12.1-r2-musl.patch
@@ -0,0 +1,102 @@
+From aa54bd7ae0d60461cb5f434da1338faf315314f6 Mon Sep 17 00:00:00 2001
+From: orbea <orbea@riseup.net>
+Date: Sun, 9 Oct 2022 23:17:34 -0700
+Subject: [PATCH] Fix the build with musl
+
+The execinfo.h header is GNU specific and is not available with musl.
+
+This commit is based on a patch from Alpine Linux.
+
+https://git.alpinelinux.org/aports/tree/main/pjproject/execinfo.patch?h=3.16-stable
+
+Gentoo Issue: https://bugs.gentoo.org/867343
+---
+ pjlib-util/src/pjlib-util-test/main.c | 2 +-
+ pjlib/src/pjlib-test/main.c           | 2 +-
+ pjmedia/src/test/main.c               | 2 +-
+ pjnath/src/pjnath-test/main.c         | 2 +-
+ pjsip-apps/src/pjsua/main.c           | 2 +-
+ pjsip/src/test/main.c                 | 2 +-
+ 6 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/pjlib-util/src/pjlib-util-test/main.c b/pjlib-util/src/pjlib-util-test/main.c
+index 4aeb3e07d..780db4d33 100644
+--- a/pjlib-util/src/pjlib-util-test/main.c
++++ b/pjlib-util/src/pjlib-util-test/main.c
+@@ -33,7 +33,7 @@ static void init_signals()
+     sigaction(SIGALRM, &act, NULL);
+ }
+ 
+-#elif PJ_LINUX || PJ_DARWINOS
++#elif __GLIBC__ || PJ_DARWINOS
+ 
+ #include <execinfo.h>
+ #include <signal.h>
+diff --git a/pjlib/src/pjlib-test/main.c b/pjlib/src/pjlib-test/main.c
+index d5f853a60..76a077037 100644
+--- a/pjlib/src/pjlib-test/main.c
++++ b/pjlib/src/pjlib-test/main.c
+@@ -54,7 +54,7 @@ static void init_signals()
+     sigaction(SIGALRM, &act, NULL);
+ }
+ 
+-#elif PJ_LINUX || PJ_DARWINOS
++#elif __GLIBC__ || PJ_DARWINOS
+ 
+ #include <execinfo.h>
+ #include <signal.h>
+diff --git a/pjmedia/src/test/main.c b/pjmedia/src/test/main.c
+index 8d6353b15..b16023761 100644
+--- a/pjmedia/src/test/main.c
++++ b/pjmedia/src/test/main.c
+@@ -32,7 +32,7 @@
+ #endif
+ 
+ 
+-#if PJ_LINUX || PJ_DARWINOS
++#if __GLIBC__ || PJ_DARWINOS
+ 
+ #include <execinfo.h>
+ #include <signal.h>
+diff --git a/pjnath/src/pjnath-test/main.c b/pjnath/src/pjnath-test/main.c
+index d783669e5..f6c906166 100644
+--- a/pjnath/src/pjnath-test/main.c
++++ b/pjnath/src/pjnath-test/main.c
+@@ -32,7 +32,7 @@ static void init_signals()
+     sigaction(SIGALRM, &act, NULL);
+ }
+ 
+-#elif PJ_LINUX || PJ_DARWINOS
++#elif __GLIBC__ || PJ_DARWINOS
+ 
+ #include <execinfo.h>
+ #include <signal.h>
+diff --git a/pjsip-apps/src/pjsua/main.c b/pjsip-apps/src/pjsua/main.c
+index bb8ddc345..fcc1e8f34 100644
+--- a/pjsip-apps/src/pjsua/main.c
++++ b/pjsip-apps/src/pjsua/main.c
+@@ -80,7 +80,7 @@ static void setup_signal_handler(void)
+     SetConsoleCtrlHandler(&CtrlHandler, TRUE);
+ }
+ 
+-#elif PJ_LINUX || PJ_DARWINOS
++#elif __GLIBC__ || PJ_DARWINOS
+ 
+ #include <execinfo.h>
+ #include <signal.h>
+diff --git a/pjsip/src/test/main.c b/pjsip/src/test/main.c
+index 18e4c9255..255667dda 100644
+--- a/pjsip/src/test/main.c
++++ b/pjsip/src/test/main.c
+@@ -36,7 +36,7 @@ static void usage(void)
+     list_tests();
+ }
+ 
+-#if PJ_LINUX || PJ_DARWINOS
++#if __GLIBC__ || PJ_DARWINOS
+ 
+ #include <execinfo.h>
+ #include <signal.h>
+-- 
+2.35.1
+

diff --git a/net-libs/pjproject/pjproject-2.12.1-r2.ebuild b/net-libs/pjproject/pjproject-2.12.1-r2.ebuild
new file mode 100644
index 000000000000..846b53806406
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.12.1-r2.ebuild
@@ -0,0 +1,144 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# TODO: Figure out a way to disable SRTP from pjproject entirely.
+EAPI=8
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://www.pjsip.org/"
+SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
+SOUND_FLAGS="alsa portaudio"
+IUSE="amr debug epoll examples opus resample silk ssl static-libs webrtc
+	${CODEC_FLAGS} g729
+	${VIDEO_FLAGS}
+	${SOUND_FLAGS}"
+
+RDEPEND=">=net-libs/libsrtp-2.3.0:=
+	alsa? ( media-libs/alsa-lib )
+	amr? ( media-libs/opencore-amr )
+	ffmpeg? ( media-video/ffmpeg:= )
+	g729? ( media-libs/bcg729 )
+	gsm? ( media-sound/gsm )
+	ilbc? ( media-libs/libilbc )
+	openh264? ( media-libs/openh264 )
+	opus? ( media-libs/opus )
+	portaudio? ( media-libs/portaudio )
+	resample? ( media-libs/libsamplerate )
+	sdl? ( media-libs/libsdl )
+	speex? (
+		media-libs/speex
+		media-libs/speexdsp
+	)
+	ssl? (
+		dev-libs/openssl:0=
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}/pjproject-2.12.1-CVE-2022-31031.patch"
+	"${FILESDIR}/pjproject-2.12.1-r2-CVE-2022-39244.patch" # 875863
+	"${FILESDIR}/pjproject-2.12.1-r2-CVE-2022-39269.patch" # 875863
+	"${FILESDIR}/pjproject-2.12.1-r2-bashism.patch" # 865719
+	"${FILESDIR}/pjproject-2.12.1-r2-musl.patch" # 867343
+)
+
+src_prepare() {
+	default
+	rm configure || die "Unable to remove unwanted wrapper"
+	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+	eautoreconf
+
+	cp "${FILESDIR}/pjproject-2.12.1-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
+}
+
+_pj_enable() {
+	usex "$1" '' "--disable-${2:-$1}"
+}
+
+_pj_get_define() {
+	local r="$(sed -nre "s/^#define[[:space:]]+$1[[:space:]]+//p" "${S}/pjlib/include/pj/config_site.h")"
+	[[ -z "${r}" ]] && die "Unable to fine #define $1 in config_site.h"
+	echo "$r"
+}
+
+_pj_set_define() {
+	local c=$(_pj_get_define "$1")
+	[[ "$c" = "$2" ]] && return 0
+	sed -re "s/^#define[[:space:]]+$1[[:space:]].*/#define $1 $2/" -i "${S}/pjlib/include/pj/config_site.h" || die "sed failed updating $1 to $2."
+	[[ "$(_pj_get_define "$1")" != "$2" ]] && die "sed failed to perform update for $1 to $2."
+}
+
+_pj_use_set_define() {
+	_pj_set_define "$2" $(usex "$1" 1 0)
+}
+
+src_configure() {
+	local myconf=()
+	local videnable="--disable-video"
+	local t
+
+	use debug || append-cflags -DNDEBUG=1
+
+	for t in ${CODEC_FLAGS}; do
+		myconf+=( $(_pj_enable ${t} ${t}-codec) )
+	done
+	myconf+=( $(_pj_enable g729 bcg729) )
+
+	for t in ${VIDEO_FLAGS}; do
+		myconf+=( $(_pj_enable ${t}) )
+		use "${t}" && videnable="--enable-video"
+	done
+
+	[ "${videnable}" = "--enable-video" ] && _pj_set_define PJMEDIA_HAS_VIDEO 1 || _pj_set_define PJMEDIA_HAS_VIDEO 0
+
+	LD="$(tc-getCC)" econf \
+		--enable-shared \
+		--with-external-srtp \
+		${videnable} \
+		$(_pj_enable alsa sound) \
+		$(_pj_enable amr opencore-amr) \
+		$(_pj_enable epoll) \
+		$(_pj_enable opus) \
+		$(_pj_enable portaudio ext-sound) \
+		$(_pj_enable resample libsamplerate) \
+		$(_pj_enable resample resample-dll) \
+		$(_pj_enable resample) \
+		$(_pj_enable silk) \
+		$(_pj_enable speex speex-aec) \
+		$(_pj_enable ssl) \
+		$(_pj_enable webrtc libwebrtc) \
+		$(use_with gsm external-gsm) \
+		$(use_with portaudio external-pa) \
+		$(use_with speex external-speex) \
+		"${myconf[@]}"
+}
+
+src_compile() {
+	emake dep LD="$(tc-getCC)"
+	emake LD="$(tc-getCC)"
+}
+
+src_install() {
+	default
+
+	newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
+	newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r pjsip-apps/src/samples
+	fi
+
+	use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
+}

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Joonas Niilola]

commit:     0697e55a6fa27051a99aa59fde8b5716c022696e
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Mon Mar 13 06:54:28 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Wed Apr  5 11:56:14 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0697e55a

net-libs/pjproject: Add 2.13-r1

Bug: https://bugs.gentoo.org/887559
Closes: https://bugs.gentoo.org/888879
Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>
Closes: https://github.com/gentoo/gentoo/pull/30088
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 ...3537-buffer-overread-on-STUN-error-decode.patch |  95 ++++++++++++++
 ...2022-23547-buffer-overread-on-STUN-decode.patch |  50 ++++++++
 ...NOTIFY-tdata-is-set-before-sending-it_new.patch |  46 +++++++
 net-libs/pjproject/pjproject-2.13-r1.ebuild        | 142 +++++++++++++++++++++
 4 files changed, 333 insertions(+)

diff --git a/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch
new file mode 100644
index 000000000000..bfd1fc05e160
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch
@@ -0,0 +1,95 @@
+From d8440f4d711a654b511f50f79c0445b26f9dd1e1 Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin <nanang@teluu.com>
+Date: Tue, 20 Dec 2022 11:39:12 +0700
+Subject: [PATCH] Merge pull request from GHSA-9pfh-r8x4-w26w
+
+* Fix buffer overread in STUN message decoder
+
+* Updates based on comments
+---
+ pjnath/include/pjnath/stun_msg.h |  4 ++++
+ pjnath/src/pjnath/stun_msg.c     | 14 +++++++++++---
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/pjnath/include/pjnath/stun_msg.h b/pjnath/include/pjnath/stun_msg.h
+index b52f95c586..e49f096f3a 100644
+--- a/pjnath/include/pjnath/stun_msg.h
++++ b/pjnath/include/pjnath/stun_msg.h
+@@ -442,6 +442,7 @@ typedef enum pj_stun_status
+ 
+    \endverbatim
+  */
++#pragma pack(1)
+ typedef struct pj_stun_msg_hdr
+ {
+     /**
+@@ -473,6 +474,7 @@ typedef struct pj_stun_msg_hdr
+     pj_uint8_t          tsx_id[12];
+ 
+ } pj_stun_msg_hdr;
++#pragma pack()
+ 
+ 
+ /**
+@@ -490,6 +492,7 @@ typedef struct pj_stun_msg_hdr
+ 
+    \endverbatim
+  */
++#pragma pack(1)
+ typedef struct pj_stun_attr_hdr
+ {
+     /**
+@@ -506,6 +509,7 @@ typedef struct pj_stun_attr_hdr
+     pj_uint16_t         length;
+ 
+ } pj_stun_attr_hdr;
++#pragma pack()
+ 
+ 
+ /**
+diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c
+index 3def6b3eac..e904a0ba47 100644
+--- a/pjnath/src/pjnath/stun_msg.c
++++ b/pjnath/src/pjnath/stun_msg.c
+@@ -746,7 +746,7 @@ PJ_DEF(int) pj_stun_set_padding_char(int chr)
+ 
+ #define INIT_ATTR(a,t,l)    (a)->hdr.type=(pj_uint16_t)(t), \
+                             (a)->hdr.length=(pj_uint16_t)(l)
+-#define ATTR_HDR_LEN        4
++#define ATTR_HDR_LEN        sizeof(pj_stun_attr_hdr)
+ 
+ static pj_uint16_t GETVAL16H(const pj_uint8_t *buf, unsigned pos)
+ {
+@@ -2327,6 +2327,14 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
+         status = pj_stun_msg_check(pdu, pdu_len, options);
+         if (status != PJ_SUCCESS)
+             return status;
++    } else {
++        /* For safety, verify packet length at least */
++        pj_uint32_t msg_len = GETVAL16H(pdu, 2) + 20;
++        if (msg_len > pdu_len ||
++            ((options & PJ_STUN_IS_DATAGRAM) && msg_len != pdu_len))
++        {
++            return PJNATH_EINSTUNMSGLEN;
++        }
+     }
+ 
+     /* Create the message, copy the header, and convert to host byte order */
+@@ -2345,7 +2353,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
+         p_response = NULL;
+ 
+     /* Parse attributes */
+-    while (pdu_len >= 4) {
++    while (pdu_len >= ATTR_HDR_LEN) {
+         unsigned attr_type, attr_val_len;
+         const struct attr_desc *adesc;
+ 
+@@ -2357,7 +2365,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
+         attr_val_len = (attr_val_len + 3) & (~3);
+ 
+         /* Check length */
+-        if (pdu_len < attr_val_len) {
++        if (pdu_len < attr_val_len + ATTR_HDR_LEN) {
+             pj_str_t err_msg;
+             char err_msg_buf[80];
+ 

diff --git a/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch
new file mode 100644
index 000000000000..499ce4373b56
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch
@@ -0,0 +1,50 @@
+From bc4812d31a67d5e2f973fbfaf950d6118226cf36 Mon Sep 17 00:00:00 2001
+From: sauwming <ming@teluu.com>
+Date: Fri, 23 Dec 2022 15:05:28 +0800
+Subject: [PATCH] Merge pull request from GHSA-cxwq-5g9x-x7fr
+
+* Fixed heap buffer overflow when parsing STUN errcode attribute
+
+* Also fixed uint parsing
+---
+ pjnath/src/pjnath/stun_msg.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c
+index c6b0bdd284..b55d29849a 100644
+--- a/pjnath/src/pjnath/stun_msg.c
++++ b/pjnath/src/pjnath/stun_msg.c
+@@ -1438,12 +1438,12 @@ static pj_status_t decode_uint_attr(pj_pool_t *pool,
+     attr = PJ_POOL_ZALLOC_T(pool, pj_stun_uint_attr);
+     GETATTRHDR(buf, &attr->hdr);
+ 
+-    attr->value = GETVAL32H(buf, 4);
+-
+     /* Check that the attribute length is valid */
+     if (attr->hdr.length != 4)
+         return PJNATH_ESTUNINATTRLEN;
+ 
++    attr->value = GETVAL32H(buf, 4);
++
+     /* Done */
+     *p_attr = attr;
+ 
+@@ -1757,14 +1757,15 @@ static pj_status_t decode_errcode_attr(pj_pool_t *pool,
+     attr = PJ_POOL_ZALLOC_T(pool, pj_stun_errcode_attr);
+     GETATTRHDR(buf, &attr->hdr);
+ 
++    /* Check that the attribute length is valid */
++    if (attr->hdr.length < 4)
++        return PJNATH_ESTUNINATTRLEN;
++
+     attr->err_code = buf[6] * 100 + buf[7];
+ 
+     /* Get pointer to the string in the message */
+     value.ptr = ((char*)buf + ATTR_HDR_LEN + 4);
+     value.slen = attr->hdr.length - 4;
+-    /* Make sure the length is never negative */
+-    if (value.slen < 0)
+-        value.slen = 0;
+ 
+     /* Copy the string to the attribute */
+     pj_strdup(pool, &attr->reason, &value);

diff --git a/net-libs/pjproject/files/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch b/net-libs/pjproject/files/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch
new file mode 100644
index 000000000000..009060a124d8
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch
@@ -0,0 +1,46 @@
+From ac685b30c17be461b2bf5b46a772ed9742b8e985 Mon Sep 17 00:00:00 2001
+From: Riza Sulistyo <trengginas@users.noreply.github.com>
+Date: Thu, 9 Feb 2023 13:19:23 +0700
+Subject: [PATCH] Make sure that NOTIFY tdata is set before sending it.
+
+---
+ pjsip/src/pjsip-simple/evsub.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/pjsip/src/pjsip-simple/evsub.c b/pjsip/src/pjsip-simple/evsub.c
+index da0a9b416..68c1d3951 100644
+--- a/pjsip/src/pjsip-simple/evsub.c
++++ b/pjsip/src/pjsip-simple/evsub.c
+@@ -2216,23 +2216,26 @@ static void on_tsx_state_uas( pjsip_evsub *sub, pjsip_transaction *tsx,
+             }
+ 
+         }  else {
+             sub->state = old_state;
+             sub->state_str = old_state_str;
+         }
+ 
+         /* Send the pending NOTIFY sent by app from inside
+          * on_rx_refresh() callback.
+          */
+-        pj_assert(sub->pending_notify);
+-        status = pjsip_evsub_send_request(sub, sub->pending_notify);
+-        sub->pending_notify = NULL;
++        //pj_assert(sub->pending_notify);
++        /* Make sure that pending_notify is set. */
++        if (sub->pending_notify) {
++            status = pjsip_evsub_send_request(sub, sub->pending_notify);
++            sub->pending_notify = NULL;
++        }
+ 
+     } else if (pjsip_method_cmp(&tsx->method, &pjsip_notify_method)==0) {
+ 
+         /* Handle authentication */
+         if (tsx->state == PJSIP_TSX_STATE_COMPLETED &&
+             (tsx->status_code==401 || tsx->status_code==407))
+         {
+             pjsip_tx_data *tdata;
+             pj_status_t status;
+             pjsip_rx_data *rdata = event->body.tsx_state.src.rdata;
+-- 
+2.39.1
+

diff --git a/net-libs/pjproject/pjproject-2.13-r1.ebuild b/net-libs/pjproject/pjproject-2.13-r1.ebuild
new file mode 100644
index 000000000000..5fc988110f6f
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.13-r1.ebuild
@@ -0,0 +1,142 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# TODO: Figure out a way to disable SRTP from pjproject entirely.
+EAPI=8
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://github.com/pjsip/pjproject https://www.pjsip.org/"
+SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
+SOUND_FLAGS="alsa portaudio"
+IUSE="amr debug epoll examples opus resample silk ssl static-libs webrtc
+	${CODEC_FLAGS} g729
+	${VIDEO_FLAGS}
+	${SOUND_FLAGS}"
+
+RDEPEND=">=net-libs/libsrtp-2.3.0:=
+	alsa? ( media-libs/alsa-lib )
+	amr? ( media-libs/opencore-amr )
+	ffmpeg? ( media-video/ffmpeg:= )
+	g729? ( media-libs/bcg729 )
+	gsm? ( media-sound/gsm )
+	ilbc? ( media-libs/libilbc )
+	openh264? ( media-libs/openh264 )
+	opus? ( media-libs/opus )
+	portaudio? ( media-libs/portaudio )
+	resample? ( media-libs/libsamplerate )
+	sdl? ( media-libs/libsdl )
+	speex? (
+		media-libs/speex
+		media-libs/speexdsp
+	)
+	ssl? (
+		dev-libs/openssl:0=
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch"
+	"${FILESDIR}/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch"
+	"${FILESDIR}/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch"
+)
+
+src_prepare() {
+	default
+	rm configure || die "Unable to remove unwanted wrapper"
+	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+	eautoreconf
+
+	cp "${FILESDIR}/pjproject-2.12.1-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
+}
+
+_pj_enable() {
+	usex "$1" '' "--disable-${2:-$1}"
+}
+
+_pj_get_define() {
+	local r="$(sed -nre "s/^#define[[:space:]]+$1[[:space:]]+//p" "${S}/pjlib/include/pj/config_site.h")"
+	[[ -z "${r}" ]] && die "Unable to fine #define $1 in config_site.h"
+	echo "$r"
+}
+
+_pj_set_define() {
+	local c=$(_pj_get_define "$1")
+	[[ "$c" = "$2" ]] && return 0
+	sed -re "s/^#define[[:space:]]+$1[[:space:]].*/#define $1 $2/" -i "${S}/pjlib/include/pj/config_site.h" || die "sed failed updating $1 to $2."
+	[[ "$(_pj_get_define "$1")" != "$2" ]] && die "sed failed to perform update for $1 to $2."
+}
+
+_pj_use_set_define() {
+	_pj_set_define "$2" $(usex "$1" 1 0)
+}
+
+src_configure() {
+	local myconf=()
+	local videnable="--disable-video"
+	local t
+
+	use debug || append-cflags -DNDEBUG=1
+
+	for t in ${CODEC_FLAGS}; do
+		myconf+=( $(_pj_enable ${t} ${t}-codec) )
+	done
+	myconf+=( $(_pj_enable g729 bcg729) )
+
+	for t in ${VIDEO_FLAGS}; do
+		myconf+=( $(_pj_enable ${t}) )
+		use "${t}" && videnable="--enable-video"
+	done
+
+	[ "${videnable}" = "--enable-video" ] && _pj_set_define PJMEDIA_HAS_VIDEO 1 || _pj_set_define PJMEDIA_HAS_VIDEO 0
+
+	LD="$(tc-getCC)" econf \
+		--enable-shared \
+		--with-external-srtp \
+		${videnable} \
+		$(_pj_enable alsa sound) \
+		$(_pj_enable amr opencore-amr) \
+		$(_pj_enable epoll) \
+		$(_pj_enable opus) \
+		$(_pj_enable portaudio ext-sound) \
+		$(_pj_enable resample libsamplerate) \
+		$(_pj_enable resample resample-dll) \
+		$(_pj_enable resample) \
+		$(_pj_enable silk) \
+		$(_pj_enable speex speex-aec) \
+		$(_pj_enable ssl) \
+		$(_pj_enable webrtc libwebrtc) \
+		$(use_with gsm external-gsm) \
+		$(use_with portaudio external-pa) \
+		$(use_with speex external-speex) \
+		"${myconf[@]}"
+}
+
+src_compile() {
+	emake dep LD="$(tc-getCC)"
+	emake LD="$(tc-getCC)"
+}
+
+src_install() {
+	default
+
+	newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
+	newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r pjsip-apps/src/samples
+	fi
+
+	use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
+}

[gentoo-commits] repo/gentoo:master commit in: net-libs/pjproject/files/, net-libs/pjproject/

[Joonas Niilola]

commit:     45426048c79dff064f62206e01827d63798e39be
Author:     Jaco Kroon <jaco <AT> uls <DOT> co <DOT> za>
AuthorDate: Sun Jul  9 19:18:49 2023 +0000
Commit:     Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Thu Jul 27 06:48:10 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=45426048

net-libs/pjproject: add 2.13.1

Signed-off-by: Jaco Kroon <jaco <AT> uls.co.za>
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>

 net-libs/pjproject/Manifest                        |   1 +
 ...pjproject-2.13.1-fix-ptimesized-wav-input.patch |  30 +++++
 net-libs/pjproject/pjproject-2.13.1.ebuild         | 143 +++++++++++++++++++++
 3 files changed, 174 insertions(+)

diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index c081c0e1aeb2..0082f1020d94 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1 +1,2 @@
+DIST pjproject-2.13.1.tar.gz 9746437 BLAKE2B a50278be52df755c5cec08da0c1a604a8c0ad6911853a424596ce05bc423a829818d2e7425b55bdc00fa24a91b9a3e891c54aa2add5cdbf8698173ac44ae2975 SHA512 1cdfaedafa2f42b306eef38174530163db19952c6842d5c96324c7439e2437a17cd96670ac58ae04da221b06d7eb91d612f4347cd421e036be62b27cb9501cda
 DIST pjproject-2.13.tar.gz 9744716 BLAKE2B 947fe076089b3cd0826a554db3cda9939e228b9e7bb5ed2d01242e44e5e5b0d9d2ddc52b378f141efb89fcbfbd628fcdff341e54bc3615280e23f30ea58daf56 SHA512 df184511d554e5f77ca1a551bdf6b22c4c8ae2b6ad61be0e7e459e2d7db50f496af66c37e080f178019a509ea25847e70a342ac48c820a6b9302b4cbf174c520

diff --git a/net-libs/pjproject/files/pjproject-2.13.1-fix-ptimesized-wav-input.patch b/net-libs/pjproject/files/pjproject-2.13.1-fix-ptimesized-wav-input.patch
new file mode 100644
index 000000000000..9f1459f68d63
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.13.1-fix-ptimesized-wav-input.patch
@@ -0,0 +1,30 @@
+From dc4d4587cb8abe07513b9ae24cf62eaeeb6e8907 Mon Sep 17 00:00:00 2001
+From: Jaco Kroon <jaco@uls.co.za>
+Date: Wed, 14 Jun 2023 16:39:41 +0200
+Subject: [PATCH] Fix wave port creation if the input wave file contains
+ exactly one frame.
+
+If for example we try to load a file with ptime=10 and there is exactly
+10 ms worth of PCM data in the wave file (160 bytes of PCM data) then
+the buff_size will be adjusted down to be of a size that matches exactly
+one frame, resulting in the check that the buffer size can hold at least
+one frame failing due to comparing >= instead of >.
+
+Signed-off-by: Jaco Kroon <jaco@uls.co.za>
+---
+ pjmedia/src/pjmedia/wav_player.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/pjmedia/src/pjmedia/wav_player.c b/pjmedia/src/pjmedia/wav_player.c
+index 84ba53d50..410cf2627 100644
+--- a/pjmedia/src/pjmedia/wav_player.c
++++ b/pjmedia/src/pjmedia/wav_player.c
+@@ -428,7 +428,7 @@ PJ_DEF(pj_status_t) pjmedia_wav_player_port_create( pj_pool_t *pool,
+     /* samples_per_frame must be smaller than bufsize (because get_frame()
+      * doesn't handle this case).
+      */
+-    if (samples_per_frame * fport->bytes_per_sample >= fport->bufsize) {
++    if (samples_per_frame * fport->bytes_per_sample > fport->bufsize) {
+         pj_file_close(fport->fd);
+         return PJ_EINVAL;
+     }

diff --git a/net-libs/pjproject/pjproject-2.13.1.ebuild b/net-libs/pjproject/pjproject-2.13.1.ebuild
new file mode 100644
index 000000000000..3620c5411601
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.13.1.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# TODO: Figure out a way to disable SRTP from pjproject entirely.
+EAPI=8
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://github.com/pjsip/pjproject https://www.pjsip.org/"
+SRC_URI="https://github.com/pjsip/${PN}/archive/refs/tags/${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
+SOUND_FLAGS="alsa portaudio"
+IUSE="amr debug epoll examples opus resample silk ssl static-libs webrtc
+	${CODEC_FLAGS} g729
+	${VIDEO_FLAGS}
+	${SOUND_FLAGS}"
+
+RDEPEND=">=net-libs/libsrtp-2.3.0:=
+	alsa? ( media-libs/alsa-lib )
+	amr? ( media-libs/opencore-amr )
+	ffmpeg? ( media-video/ffmpeg:= )
+	g729? ( media-libs/bcg729 )
+	gsm? ( media-sound/gsm )
+	ilbc? ( media-libs/libilbc )
+	openh264? ( media-libs/openh264 )
+	opus? ( media-libs/opus )
+	portaudio? ( media-libs/portaudio )
+	resample? ( media-libs/libsamplerate )
+	sdl? ( media-libs/libsdl2 )
+	speex? (
+		media-libs/speex
+		media-libs/speexdsp
+	)
+	ssl? (
+		dev-libs/openssl:0=
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch"
+	"${FILESDIR}/pjproject-2.13.1-fix-ptimesized-wav-input.patch"
+)
+
+src_prepare() {
+	default
+	rm configure || die "Unable to remove unwanted wrapper"
+	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+	eautoreconf
+
+	cp "${FILESDIR}/pjproject-2.12.1-config_site.h" "${S}/pjlib/include/pj/config_site.h" \
+		|| die "Unable to create config_site.h"
+}
+
+_pj_enable() {
+	usex "$1" '' "--disable-${2:-$1}"
+}
+
+_pj_get_define() {
+	local r="$(sed -nre "s/^#define[[:space:]]+$1[[:space:]]+//p" "${S}/pjlib/include/pj/config_site.h")"
+	[[ -z "${r}" ]] && die "Unable to fine #define $1 in config_site.h"
+	echo "$r"
+}
+
+_pj_set_define() {
+	local c=$(_pj_get_define "$1")
+	[[ "$c" = "$2" ]] && return 0
+	sed -re "s/^#define[[:space:]]+$1[[:space:]].*/#define $1 $2/" -i "${S}/pjlib/include/pj/config_site.h" \
+		|| die "sed failed updating $1 to $2."
+	[[ "$(_pj_get_define "$1")" != "$2" ]] && die "sed failed to perform update for $1 to $2."
+}
+
+_pj_use_set_define() {
+	_pj_set_define "$2" $(usex "$1" 1 0)
+}
+
+src_configure() {
+	local myconf=()
+	local videnable="--disable-video"
+	local t
+
+	use debug || append-cflags -DNDEBUG=1
+
+	for t in ${CODEC_FLAGS}; do
+		myconf+=( $(_pj_enable ${t} ${t}-codec) )
+	done
+	myconf+=( $(_pj_enable g729 bcg729) )
+
+	for t in ${VIDEO_FLAGS}; do
+		myconf+=( $(_pj_enable ${t}) )
+		use "${t}" && videnable="--enable-video"
+	done
+
+	[ "${videnable}" = "--enable-video" ] && _pj_set_define PJMEDIA_HAS_VIDEO 1 || _pj_set_define PJMEDIA_HAS_VIDEO 0
+
+	LD="$(tc-getCC)" econf \
+		--enable-shared \
+		--with-external-srtp \
+		${videnable} \
+		$(_pj_enable alsa sound) \
+		$(_pj_enable amr opencore-amr) \
+		$(_pj_enable epoll) \
+		$(_pj_enable opus) \
+		$(_pj_enable portaudio ext-sound) \
+		$(_pj_enable resample libsamplerate) \
+		$(_pj_enable resample resample-dll) \
+		$(_pj_enable resample) \
+		$(_pj_enable silk) \
+		$(_pj_enable speex speex-aec) \
+		$(_pj_enable ssl) \
+		$(_pj_enable webrtc libwebrtc) \
+		$(use_with gsm external-gsm) \
+		$(use_with portaudio external-pa) \
+		$(use_with speex external-speex) \
+		"${myconf[@]}"
+}
+
+src_compile() {
+	emake dep LD="$(tc-getCC)"
+	emake LD="$(tc-getCC)"
+}
+
+src_install() {
+	default
+
+	newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
+	newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r pjsip-apps/src/samples
+	fi
+
+	use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
+}