Merge pull request #866 from neheb/2

coturn: update to 4.6.2
2025-01-08 11:47:32 +08:00 · 2024-04-27 07:25:28 +02:00 · 2024-04-27 07:25:28 +02:00 · 139cc14340
commit 139cc14340
parent 8b26659369 ba31f7c744
3 changed files with 10 additions and 300 deletions
--- a/net/coturn/Makefile
+++ b/net/coturn/Makefile
@ -8,21 +8,21 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=coturn
-PKG_VERSION:=4.6.1
+PKG_VERSION:=4.6.2
 PKG_RELEASE:=1

-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://codeload.github.com/coturn/coturn/tar.gz/$(PKG_VERSION)?
-PKG_HASH:=8fba86e593ed74adc46e002e925cccff2819745371814f42465fbe717483f1d8
-
-PKG_LICENSE:=BSD-COTURN-CITRIX COMBINED-CITRIX-VIVOCHA-BSD MIT-HASH
-PKG_LICENSE_FILES:=LICENSE src/apps/relay/dbdrivers/* src/server/ns_turn_khash.h
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_VERSION:=$(PKG_VERSION)
+PKG_SOURCE_URL:=https://github.com/coturn/coturn
+PKG_MIRROR_HASH:=55a7d63edfde6548cd6d6f1b62f6997beeebc66e0ff07b0afd175829434cbf3a

 PKG_MAINTAINER:=Jiri Slachta <jiri@slachta.eu>, Sebastian Kemper <sebastian_ml@gmx.net>
-
-PKG_BUILD_PARALLEL:=1
+PKG_LICENSE:=BSD-COTURN-CITRIX COMBINED-CITRIX-VIVOCHA-BSD MIT-HASH
+PKG_LICENSE_FILES:=LICENSE src/apps/relay/dbdrivers/* src/server/ns_turn_khash.h
+PKG_CPE_ID:=cpe:/a:coturn_project:coturn

 PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1

 PKG_CONFIG_DEPENDS+= \
 	CONFIG_COTURN_ENABLE_MYSQL \
@ -30,8 +30,6 @@ PKG_CONFIG_DEPENDS+= \
 	CONFIG_COTURN_ENABLE_REDIS \
 	CONFIG_COTURN_ENABLE_SQLITE

-PKG_CPE_ID:=cpe:/a:coturn_project:coturn
-
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/nls.mk

--- a/net/coturn/patches/02-fix-flags-dupes.patch
+++ b/net/coturn/patches/02-fix-flags-dupes.patch
@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -1047,9 +1047,9 @@ ${ECHO_CMD} "# Generated by configure sc
+@@ -1049,9 +1049,9 @@ ${ECHO_CMD} "# Generated by configure sc
 ${ECHO_CMD} "#################################" >> Makefile
 ${ECHO_CMD} "ECHO_CMD = ${ECHO_CMD}" >> Makefile
 ${ECHO_CMD} "CC = ${CC}" >> Makefile
--- a/net/coturn/patches/100-coturn-4.6.0-openssl3-from-gentoo.patch
+++ b/net/coturn/patches/100-coturn-4.6.0-openssl3-from-gentoo.patch
@ -1,288 +0,0 @@
-https://github.com/coturn/coturn/commit/9af9f6306ab73c3403f9e11086b1936e9148f7de
-https://github.com/coturn/coturn/commit/4ce784a8781ab086c150e2b9f5641b1a37fd9b31
-https://github.com/coturn/coturn/commit/9370bb742d976166a51032760da1ecedefb92267
-https://github.com/coturn/coturn/commit/d72a2a8920b80ce66b36e22b2c22f308ad06c424
-
-From 9af9f6306ab73c3403f9e11086b1936e9148f7de Mon Sep 17 00:00:00 2001
-From: Pavel Punsky <eakraly@users.noreply.github.com>
-Date: Wed, 14 Sep 2022 03:29:26 -0700
-Subject: [PATCH] Fix renegotiation flag for older version of openssl (#978)
-
-`SSL_OP_NO_RENEGOTIATION` is only supported in openssl-1.1.0 and above
-Older versions have `SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS `
-
-Fixes #977 and #952
-
-Test:
-Build in a docker container running running openssl-1.0.2g (ubuntu
-16.04) successfully (without the fix getting the same errors)
--- a/src/apps/relay/dtls_listener.c
-+++ b/src/apps/relay/dtls_listener.c
-@@ -295,8 +295,17 @@ static ioa_socket_handle dtls_server_inp
- 	SSL_set_accept_state(connecting_ssl);
- 
- 	SSL_set_bio(connecting_ssl, NULL, wbio);
-	SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
-
-+	SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+		| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+		| SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+	);
- 	SSL_set_max_cert_list(connecting_ssl, 655350);
- 
- 	ioa_socket_handle rc = dtls_accept_client_connection(server, s, connecting_ssl,
-@@ -581,7 +590,17 @@ static int create_new_connected_udp_sock
- 
- 		SSL_set_bio(connecting_ssl, NULL, wbio);
- 
-		SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE | SSL_OP_NO_RENEGOTIATION);
-+		SSL_set_options(connecting_ssl, SSL_OP_COOKIE_EXCHANGE
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+			| SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+			| SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+		);
- 
- 		SSL_set_max_cert_list(connecting_ssl, 655350);
- 		int rc = ssl_read(ret->fd, connecting_ssl, server->sm.m.sm.nd.nbh,
--- a/src/apps/relay/ns_ioalib_engine_impl.c
-+++ b/src/apps/relay/ns_ioalib_engine_impl.c
-@@ -1428,7 +1428,17 @@ static void set_socket_ssl(ioa_socket_ha
- 		if(ssl) {
- 			SSL_set_app_data(ssl,s);
- 			SSL_set_info_callback(ssl, (ssl_info_callback_t)ssl_info_callback);
-			SSL_set_options(ssl, SSL_OP_NO_RENEGOTIATION);
-+			SSL_set_options(ssl, 
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#if defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-+				SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
-+#endif
-+#else
-+#if defined(SSL_OP_NO_RENEGOTIATION)
-+				SSL_OP_NO_RENEGOTIATION
-+#endif
-+#endif
-+			);
- 		}
- 	}
- }
-@@ -1864,7 +1874,11 @@ int ssl_read(evutil_socket_t fd, SSL* ss
- 
- 	} else if (!if1 && if2) {
- 
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+		if(verbose && SSL_get1_peer_certificate(ssl)) {
-+#else
- 		if(verbose && SSL_get_peer_certificate(ssl)) {
-+#endif
- 		  printf("\n------------------------------------------------------------\n");
- 		  X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
- 					XN_FLAG_MULTILINE);
--- a/src/apps/uclient/startuclient.c
-+++ b/src/apps/uclient/startuclient.c
-@@ -138,7 +138,11 @@ static SSL* tls_connect(ioa_socket_raw f
- 		if (rc > 0) {
- 		  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO,"%s: client session connected with cipher %s, method=%s\n",__FUNCTION__,
- 				  SSL_get_cipher(ssl),turn_get_ssl_method(ssl,NULL));
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+		  if(clnet_verbose && SSL_get1_peer_certificate(ssl)) {
-+#else
- 		  if(clnet_verbose && SSL_get_peer_certificate(ssl)) {
-+#endif
- 			  TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "------------------------------------------------------------\n");
- 		  	X509_NAME_print_ex_fp(stdout, X509_get_subject_name(SSL_get_peer_certificate(ssl)), 1,
- 		  						XN_FLAG_MULTILINE);
--- a/src/client/ns_turn_msg.c
-+++ b/src/client/ns_turn_msg.c
-@@ -248,12 +248,22 @@ int stun_produce_integrity_key_str(const
- 		if (FIPS_mode()) {
- 			EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_NON_FIPS_ALLOW);
- 		}
-#endif
-+#endif // defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && !defined(LIBRESSL_VERSION_NUMBER)
- 		EVP_DigestInit_ex(&ctx,EVP_md5(), NULL);
- 		EVP_DigestUpdate(&ctx,str,strl);
- 		EVP_DigestFinal(&ctx,key,&keylen);
- 		EVP_MD_CTX_cleanup(&ctx);
-#else
-+#elif OPENSSL_VERSION_NUMBER >= 0x30000000L
-+ 		unsigned int keylen = 0;
-+ 		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
-+		if (EVP_default_properties_is_fips_enabled(NULL)) {
-+			EVP_default_properties_enable_fips(NULL, 0);
-+ 		}
-+ 		EVP_DigestInit_ex(ctx,EVP_md5(), NULL);
-+ 		EVP_DigestUpdate(ctx,str,strl);
-+ 		EVP_DigestFinal(ctx,key,&keylen);
-+ 		EVP_MD_CTX_free(ctx);
-+#else // OPENSSL_VERSION_NUMBER < 0x10100000L
- 		unsigned int keylen = 0;
- 		EVP_MD_CTX *ctx = EVP_MD_CTX_new();
- #if defined EVP_MD_CTX_FLAG_NON_FIPS_ALLOW && ! defined(LIBRESSL_VERSION_NUMBER)
-@@ -265,7 +275,7 @@ int stun_produce_integrity_key_str(const
- 		EVP_DigestUpdate(ctx,str,strl);
- 		EVP_DigestFinal(ctx,key,&keylen);
- 		EVP_MD_CTX_free(ctx);
-#endif
-+#endif // OPENSSL_VERSION_NUMBER < 0X10100000L
- 		ret = 0;
- 	}
- 
--- a/src/apps/relay/netengine.c
-+++ b/src/apps/relay/netengine.c
-@@ -31,13 +31,7 @@
- #include "mainrelay.h"
- 
- //////////// Backward compatibility with OpenSSL 1.0.x //////////////
-#define HAVE_OPENSSL11_API (!(OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER))
-
-#ifndef HAVE_SSL_CTX_UP_REF
-#define HAVE_SSL_CTX_UP_REF HAVE_OPENSSL11_API
-#endif
-
-#if !HAVE_SSL_CTX_UP_REF
-+#if (OPENSSL_VERSION_NUMBER < 0x10100001L || defined LIBRESSL_VERSION_NUMBER)
- #define SSL_CTX_up_ref(ctx) CRYPTO_add(&(ctx)->references, 1, CRYPTO_LOCK_SSL_CTX)
- #endif
- 
--- a/src/apps/relay/mainrelay.c
-+++ b/src/apps/relay/mainrelay.c
-@@ -1353,7 +1353,6 @@ static void set_option(int c, char *valu
- 		STRCPY(turn_params.relay_ifname, value);
- 		break;
- 	case 'm':
-#if defined(OPENSSL_THREADS)
- 		if(atoi(value)>MAX_NUMBER_OF_GENERAL_RELAY_SERVERS) {
- 			TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: max number of relay threads is 128.\n");
- 			turn_params.general_relay_servers_number = MAX_NUMBER_OF_GENERAL_RELAY_SERVERS;
-@@ -1362,9 +1361,6 @@ static void set_option(int c, char *valu
- 		} else {
- 			turn_params.general_relay_servers_number = atoi(value);
- 		}
-#else
-		TURN_LOG_FUNC(TURN_LOG_LEVEL_WARNING, "WARNING: OpenSSL version is too old OR does not support threading,\n I am using single thread for relaying.\n");
-#endif
- 		break;
- 	case 'd':
- 		STRCPY(turn_params.listener_ifname, value);
-@@ -2640,9 +2636,8 @@ int main(int argc, char **argv)
- 
- ////////// OpenSSL locking ////////////////////////////////////////
- 
-#if defined(OPENSSL_THREADS)
-
-static char some_buffer[65536];
-+#if defined(OPENSSL_THREADS) 
-+#if OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0
- 
- //array larger than anything that OpenSSL may need:
- static pthread_mutex_t mutex_buf[256];
-@@ -2660,76 +2655,52 @@ void coturn_locking_function(int mode, i
-   }
- }
- 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L
- void coturn_id_function(CRYPTO_THREADID *ctid);
- void coturn_id_function(CRYPTO_THREADID *ctid)
- {
- 	UNUSED_ARG(ctid);
-     CRYPTO_THREADID_set_numeric(ctid, (unsigned long)pthread_self());
- }
-#else
-unsigned long coturn_id_function(void);
-unsigned long coturn_id_function(void)
-{
-    return (unsigned long)pthread_self();
-}
-#endif
-
-#endif
- 
- static int THREAD_setup(void) {
-
-#if defined(OPENSSL_THREADS)
-
-	int i;
-
-	some_buffer[0] = 0;
-
-+    int i;
- 	for (i = 0; i < CRYPTO_num_locks(); i++) {
- 		pthread_mutex_init(&(mutex_buf[i]), NULL);
- 	}
- 
- 	mutex_buf_initialized = 1;
-
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
- 	CRYPTO_THREADID_set_callback(coturn_id_function);
-#else
-	CRYPTO_set_id_callback(coturn_id_function);
-#endif
-
- 	CRYPTO_set_locking_callback(coturn_locking_function);
-#endif
-
- 	return 1;
- }
- 
- int THREAD_cleanup(void);
- int THREAD_cleanup(void) {
-+    int i;
- 
-#if defined(OPENSSL_THREADS)
-
-  int i;
-+    if (!mutex_buf_initialized)
-+        return 0;
- 
-  if (!mutex_buf_initialized)
-    return 0;
-+    CRYPTO_THREADID_set_callback(NULL);
-+    CRYPTO_set_locking_callback(NULL);
-+    for (i = 0; i < CRYPTO_num_locks(); i++) {
-+        pthread_mutex_destroy(&(mutex_buf[i]));
-+    }
- 
-#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER <= OPENSSL_VERSION_1_1_1
-	CRYPTO_THREADID_set_callback(NULL);
-+    mutex_buf_initialized = 0;
-+  return 1;
-+}
- #else
-	CRYPTO_set_id_callback(NULL);
-#endif
-
-  CRYPTO_set_locking_callback(NULL);
-  for (i = 0; i < CRYPTO_num_locks(); i++) {
-	  pthread_mutex_destroy(&(mutex_buf[i]));
-  }
-
-  mutex_buf_initialized = 0;
-
-#endif
-+static int THREAD_setup(void) {
-+    return 1;
-+}
- 
-  return 1;
-+int THREAD_cleanup(void);
-+int THREAD_cleanup(void){
-+    return 1;
- }
-+#endif /* OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_1_1_0 */
-+#endif /* defined(OPENSSL_THREADS) */
- 
- static void adjust_key_file_name(char *fn, const char* file_title, int critical)
- {