diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2024-10-26 04:04:26 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2024-10-26 04:04:26 +0100 |
| commit | d0349ca0f4903608beca459a9db2068dab9fa6ea (patch) | |
| tree | a69bc9c4a75f35ecabd3909a181128faf8c0e75b /net-misc/asterisk | |
| parent | b11a5614cb96e70e116581c98abf286c2cf694ca (diff) | |
gentoo auto-resync : 26:10:2024 - 04:04:26
Diffstat (limited to 'net-misc/asterisk')
| -rw-r--r-- | net-misc/asterisk/Manifest | 12 | ||||
| -rw-r--r-- | net-misc/asterisk/asterisk-18.25.0-r1.ebuild (renamed from net-misc/asterisk/asterisk-18.24.3.ebuild) | 8 | ||||
| -rw-r--r-- | net-misc/asterisk/asterisk-20.10.0-r1.ebuild (renamed from net-misc/asterisk/asterisk-16.30.1-r3.ebuild) | 178 | ||||
| -rw-r--r-- | net-misc/asterisk/asterisk-21.5.0-r1.ebuild (renamed from net-misc/asterisk/asterisk-21.5.0.ebuild) | 6 | ||||
| -rw-r--r-- | net-misc/asterisk/asterisk-22.0.0-r1.ebuild | 358 | ||||
| -rw-r--r-- | net-misc/asterisk/files/asterisk-16.29.1_18.15.1_20.0.1-noexec_stack.patch | 39 | ||||
| -rw-r--r-- | net-misc/asterisk/files/asterisk-16.30.1-r1-iax2_jitterbuffer.patch | 65 | ||||
| -rw-r--r-- | net-misc/asterisk/files/asterisk-16.30.1-r3-manager.c-Add-entries-to-Originate-blacklist.patch | 205 |
8 files changed, 467 insertions, 404 deletions
diff --git a/net-misc/asterisk/Manifest b/net-misc/asterisk/Manifest index 1cfb865bb313..7d745ba8924f 100644 --- a/net-misc/asterisk/Manifest +++ b/net-misc/asterisk/Manifest @@ -1,17 +1,13 @@ AUX asterisk-16.16.2-no-var-run-install.patch 728 BLAKE2B 25fc61c4aa68d9e3243d1161e68e0b61b14b5505eadd00fdf46e1c3977e7fb536afd42dc6c9a07f400a686c19afd04fd8f00fc1cb916978783a9e54ecfe81dd4 SHA512 ab1e7ac700711125162396c4ebe590eb000f4ad6c4cbe8845794f5d06353a4a52167fcc83ee97860f38540089cad6d45f2e8589c1f30098e85479a2b4c722f75 -AUX asterisk-16.29.1_18.15.1_20.0.1-noexec_stack.patch 1447 BLAKE2B 2785ea3e923d048f83bb2e25d7a645fe27e69051d43c5c4577e98218b6044cf79661d69076737d55dff8bd5be19f87dcfa24bd54003cbea3f36a736234941dc8 SHA512 05eb7e0ca1eee4f6ebae8fd3be67c34cf0d27ac90393c0c9f21f2c4fda5e69f91fbd63d7ebedbcd26f5e2498c1fd4ff9a4079fdfaf5741819892cda6f5753623 -AUX asterisk-16.30.1-r1-iax2_jitterbuffer.patch 2464 BLAKE2B f2f7d109e4876a1ec58d4af4b96415d58250ffb4ea5caa6d75873b8f853b0773747e9e8d4baba09c55ded62fa206444bd6eaef312bfb891f84044be7088a1595 SHA512 ae0649de6ffbc8b0aa35f38ae8600366f7cbf9f3342686d04705b13e6f3085bdd40bd3fb73a001cd727063db86e0bbc6a31f7691bdde2034ddd67ba6af959cdf -AUX asterisk-16.30.1-r3-manager.c-Add-entries-to-Originate-blacklist.patch 6965 BLAKE2B d834fd3831c7871906ba6f6486bdad86e9d3b07d5f0409a1bfd159564a4ca6f7002f38ae2f096fb4083419b90a9c617172cddba466c4c64d7fa0a6b7663ebca1 SHA512 5dbf962b31aa32c99b36264d1d3a600444c4d6e59126e9b86a1f7b029d30d5239145031a1de58cac2cb952653bcf2122a78ae9030074f00bea599f45db7e4aac -DIST asterisk-16.30.1.tar.gz 28234979 BLAKE2B a9cd732feb00408876f90328d7f14dbfe426829e607f9b8e812ff25823c8dc1facab1ecd423e1d4f33c1623f3769197fa3b1fe3181efad0b231c96c0afb1dd16 SHA512 1624d207e80351f976c084344d09d67fe37b526a42970da007f5407be006d107e951093209415a68c891e2bd9cb142421e7acd1ac9fba2c1b1c064aee2224cb6 -DIST asterisk-18.24.3.tar.gz 28531091 BLAKE2B 002210daa4091bed3ebc0ccd14eb3cd2f2648ef7440276ef0d7b74d493a41034358a034ddda8faad4ca0df4a944ef32efd6c820c161b619b3a6a7a5936e72524 SHA512 a1223965b2375c25e736b84d99ac5ce96d27c5bfc9c14e936429643f595e04caff4e159e091b26ff2452249875cd3a37a760e6a23c74269e401805e406492742 DIST asterisk-18.25.0.tar.gz 28546882 BLAKE2B 5cef5db83063387f4786d94be442164a8fb2b9ec3292af453dadd8ed094622142762bfdfadd8d0ba14fe8734a7f822c559ed47ea4e017c2cba4e970dc4a80528 SHA512 8646f65cac366a674674558d4ca59166956bdc5258c16454aaeff28e445b256fe16c144d6e1dedcd401c7577bff1aac69aae735557ea0082c93ff5322f978f56 DIST asterisk-20.10.0.tar.gz 28309321 BLAKE2B 4efcf72c378b31a722643c6b92863354d8e07f2d700a5fccfec14f842cf912c626181e8f73482858a7bd0c74802ed3fd359ee046aeec4af21a92e6c23d05a741 SHA512 b05a65423f6a203f3fca712fc8ee2c008deabfdaf05f1cd56b8bd0ffc1d1805c4dea58e4267d224f47777fbc1bcdc8aabe71cbe1e86e6e98fa597f08ac087cce DIST asterisk-21.5.0.tar.gz 26362808 BLAKE2B e4b47f95879e387d95b02372b084c3538692d74a2399cea5f0a5e0729f72a12ae48dbbbe2d6e5d2e5e12d37eb6837bcc1904c215d81e7da7f41fab63efb1b21c SHA512 4c8200d1e5eba1a3005dc9709be5893ef395c7635df9e64769f4e30c39b8b82be4332a829c0516bd22748f37f5be506d8f3f886381d7d0ea772d0648166c4942 DIST asterisk-22.0.0.tar.gz 26196468 BLAKE2B 1bb1253157c906a9680b1a7264ae634a23e6232101e5c6daf065b7a541844862ae811965ea58f706f599c06c65777660611ccee71dd821bf662471b617662965 SHA512 fa2c530a81f7351369229b2a36ac229a75d7a1ce8c3cdae0340be331979246ecee1e4f90c31fb6bc645cc2066280d40e2385027aedc6bd2c205426b2164e1fc5 -EBUILD asterisk-16.30.1-r3.ebuild 11352 BLAKE2B 469e126b1c9abc7b072040c500a101eed2fce1146e96beeb81283d7840c893d965ced519bd53cae71b44f7fc2289310ddb5fd979d81d514a706bc56b9c4bed3e SHA512 9d4ca44dc15be8eb36a24a4d373b8385dcbff41ee7b778a4aaee72413dd96f043262109d370139a0f33e88231ef38d17c14cc12041abf6d9a73fd742abb10bed -EBUILD asterisk-18.24.3.ebuild 11161 BLAKE2B 5725111feb3f137fd64111e6530a4a582901e7800c6a96df0f17e6e664a282bde0477858916eee4247e9c23b4a5f5245e9bd14e79344e552ea132425f53fe460 SHA512 8af5e9192602887252c6c8c4106cfc325c759b46334d15a9ccc11b3ed0a25484f70c19b0b0fd0ce25e801d7ebcd76ea15a7a5bc03b1c38c747390a87cde1667f +EBUILD asterisk-18.25.0-r1.ebuild 11208 BLAKE2B 0b3a9a6b51c55652a9c7a2d265fe194aeea1a422204dcb779b70c199ac00755be2a77321446b40fba2a977b5faac079da46d0e6c2d8d5a63b6d49b219971a182 SHA512 13584bebc7cbe1bad7b809cce4d2dc59f519fe7c0c0b3c9138dad3a8fe59db67c980b8d51807f46377d0ae70196a8fdf7f237784d55731576bc5b889b7a6dc78 EBUILD asterisk-18.25.0.ebuild 11161 BLAKE2B 5725111feb3f137fd64111e6530a4a582901e7800c6a96df0f17e6e664a282bde0477858916eee4247e9c23b4a5f5245e9bd14e79344e552ea132425f53fe460 SHA512 8af5e9192602887252c6c8c4106cfc325c759b46334d15a9ccc11b3ed0a25484f70c19b0b0fd0ce25e801d7ebcd76ea15a7a5bc03b1c38c747390a87cde1667f +EBUILD asterisk-20.10.0-r1.ebuild 11057 BLAKE2B 9bab7f414a2ec8f47de183d5a4043c03c7249a83b92985327a9bb2e0a852edb5d37033d087a687b6e620ce37e567ae1b8e489e72d206fe0883dc8017e9d5cc76 SHA512 873833e481f8b6293eb341069521b1b846331cde3f74e174ad132f1680183f5bd1b786e04e339c3bd99c783a38b40c01874bc2240040f5412f42ec667aa6aae5 EBUILD asterisk-20.10.0.ebuild 11012 BLAKE2B 35ee0e408bbd1cac76d105cd2101ccb5644b9e6e7fc77a8b51f56c8780c81b45343646aea1844b07bd6047f047dc21bb0ac3968da81358ede02e2573031f86dc SHA512 7e66a49985edc5ae120f2e39e36890e0f875ca23c3d3fb2d9b71127852f9fd8485229222f5b5bcf5083e3ff1787d2172edf6739f342c9e1ce985a84b168ac7c6 -EBUILD asterisk-21.5.0.ebuild 10501 BLAKE2B a36865f478fecb1f5a0a0e6207023705b62e5dcdd18cc8b2b56d6e6fda35a4488759664607574402452a40299fbcde0b36100cf7db06fe5ad0205d9ccd12dbc5 SHA512 af0d41bfab3c3cd14521da9d2d3bea63cb2e59fde7c6a28214456fcaca2e3b058f04477fccaaf5bb689529b2dfcfe10c964ae31752b2ef5721801d4808752794 +EBUILD asterisk-21.5.0-r1.ebuild 10546 BLAKE2B 4f92a4411a9cda08d7a74c15b33b4def6d53f3168bf83d5580988c2f9888729842b3a430931b054c89035489470a1a05782ffda4b74c64ff9c471e9a87a8d69a SHA512 05fa7c7c1e89a45086d3eeed087ab0666c86399e96bdfdcb17a37e30fb7a0812fe44b0beaef7abbe6c9c40fdbcc5628d5263dd9f4a7b7faca53204bdf568678a +EBUILD asterisk-22.0.0-r1.ebuild 10546 BLAKE2B 4f92a4411a9cda08d7a74c15b33b4def6d53f3168bf83d5580988c2f9888729842b3a430931b054c89035489470a1a05782ffda4b74c64ff9c471e9a87a8d69a SHA512 05fa7c7c1e89a45086d3eeed087ab0666c86399e96bdfdcb17a37e30fb7a0812fe44b0beaef7abbe6c9c40fdbcc5628d5263dd9f4a7b7faca53204bdf568678a EBUILD asterisk-22.0.0.ebuild 10501 BLAKE2B a36865f478fecb1f5a0a0e6207023705b62e5dcdd18cc8b2b56d6e6fda35a4488759664607574402452a40299fbcde0b36100cf7db06fe5ad0205d9ccd12dbc5 SHA512 af0d41bfab3c3cd14521da9d2d3bea63cb2e59fde7c6a28214456fcaca2e3b058f04477fccaaf5bb689529b2dfcfe10c964ae31752b2ef5721801d4808752794 MISC metadata.xml 1475 BLAKE2B 53409fa635e1cd45fcb1cc12d035db1206ddc1f882c5d46cc75ddcd69a20718aa135518ce75e98b87c44b66db41a4ec95c75fd926a927b762f2c5e464e176431 SHA512 9b6a91aeb23a5593dfa3aa3b4ad491234fb5fdcb0796c89a1c889297e52c544e4afd290b7ee6f2adaa39e0cba7dcb03a84bea06553340aa3c3f67be59d643f00 diff --git a/net-misc/asterisk/asterisk-18.24.3.ebuild b/net-misc/asterisk/asterisk-18.25.0-r1.ebuild index f68bc6f85b5e..89eea860eb11 100644 --- a/net-misc/asterisk/asterisk-18.24.3.ebuild +++ b/net-misc/asterisk/asterisk-18.25.0-r1.ebuild @@ -12,7 +12,7 @@ HOMEPAGE="https://www.asterisk.org/" SRC_URI="https://downloads.asterisk.org/pub/telephony/asterisk/releases/${P}.tar.gz" LICENSE="GPL-2" SLOT="0/${PV%%.*}" -KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" IUSE_VOICEMAIL_STORAGE=( voicemail_storage_odbc @@ -73,7 +73,7 @@ DEPEND="acct-user/asterisk media-libs/speex media-libs/speexdsp ) - srtp? ( net-libs/libsrtp:0 ) + srtp? ( net-libs/libsrtp:= ) ssl? ( dev-libs/openssl:0= ) @@ -99,6 +99,10 @@ PDEPEND="net-misc/asterisk-base" BDEPEND="dev-libs/libxml2:2 virtual/pkgconfig" +QA_CONFIG_IMPL_DECL_SKIP=( + htonll + ntohll +) QA_DT_NEEDED="/usr/lib.*/libasteriskssl[.]so[.][0-9]\+" ast_make() { diff --git a/net-misc/asterisk/asterisk-16.30.1-r3.ebuild b/net-misc/asterisk/asterisk-20.10.0-r1.ebuild index 5ff80f57d6f9..fcfbb84357a7 100644 --- a/net-misc/asterisk/asterisk-16.30.1-r3.ebuild +++ b/net-misc/asterisk/asterisk-20.10.0-r1.ebuild @@ -12,26 +12,21 @@ HOMEPAGE="https://www.asterisk.org/" SRC_URI="https://downloads.asterisk.org/pub/telephony/asterisk/releases/${P}.tar.gz" LICENSE="GPL-2" SLOT="0/${PV%%.*}" -KEYWORDS="amd64 ~arm ~arm64 ~ppc ~ppc64 x86" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86" IUSE_VOICEMAIL_STORAGE=( - +voicemail_storage_file voicemail_storage_odbc voicemail_storage_imap ) -IUSE="${IUSE_VOICEMAIL_STORAGE[*]} alsa blocks bluetooth calendar +caps cluster codec2 curl debug deprecated doc freetds gtalk http iconv ilbc ldap lua mysql newt odbc oss pjproject portaudio postgres radius selinux snmp span speex srtp +ssl static statsd syslog systemd unbound vorbis xmpp" +IUSE="${IUSE_VOICEMAIL_STORAGE[*]} alsa blocks bluetooth calendar +caps cluster codec2 curl debug deprecated doc freetds gtalk http iconv ilbc ldap lua mysql newt odbc pjproject portaudio postgres radius selinux snmp span speex srtp +ssl static statsd systemd unbound vorbis xmpp" IUSE_EXPAND="VOICEMAIL_STORAGE" REQUIRED_USE="gtalk? ( xmpp ) lua? ( ${LUA_REQUIRED_USE} ) - ^^ ( ${IUSE_VOICEMAIL_STORAGE[*]//+/} ) voicemail_storage_odbc? ( odbc ) " PATCHES=( "${FILESDIR}/asterisk-16.16.2-no-var-run-install.patch" - "${FILESDIR}/asterisk-16.29.1_18.15.1_20.0.1-noexec_stack.patch" - "${FILESDIR}/asterisk-16.30.1-r1-iax2_jitterbuffer.patch" - "${FILESDIR}/asterisk-16.30.1-r3-manager.c-Add-entries-to-Originate-blacklist.patch" ) DEPEND="acct-user/asterisk @@ -67,7 +62,7 @@ DEPEND="acct-user/asterisk mysql? ( dev-db/mysql-connector-c:= ) newt? ( dev-libs/newt ) odbc? ( dev-db/unixODBC ) - pjproject? ( >=net-libs/pjproject-2.9:= ) + pjproject? ( >=net-libs/pjproject-2.12:= ) portaudio? ( media-libs/portaudio ) postgres? ( dev-db/postgresql:* ) radius? ( net-dialup/freeradius-client ) @@ -78,7 +73,7 @@ DEPEND="acct-user/asterisk media-libs/speex media-libs/speexdsp ) - srtp? ( net-libs/libsrtp:0 ) + srtp? ( net-libs/libsrtp:= ) ssl? ( dev-libs/openssl:0= ) @@ -97,26 +92,34 @@ RDEPEND="${DEPEND} net-misc/asterisk-core-sounds net-misc/asterisk-extra-sounds net-misc/asterisk-moh-opsound - selinux? ( sec-policy/selinux-asterisk ) - syslog? ( virtual/logger )" + selinux? ( sec-policy/selinux-asterisk )" PDEPEND="net-misc/asterisk-base" BDEPEND="dev-libs/libxml2:2 virtual/pkgconfig" +QA_CONFIG_IMPL_DECL_SKIP=( + htonll + ntohll +) QA_DT_NEEDED="/usr/lib.*/libasteriskssl[.]so[.][0-9]\+" -_make_args=( - "NOISY_BUILD=yes" - "ASTDBDIR=\$(ASTDATADIR)/astdb" - "ASTVARRUNDIR=/run/asterisk" - "ASTCACHEDIR=/var/cache/asterisk" - "OPTIMIZE=" - "DEBUG=" - "DESTDIR=${D}" - "CONFIG_SRC=configs/samples" - "CONFIG_EXTEN=.sample" -) +ast_make() { + local make_args=( + "NOISY_BUILD=yes" + "ASTDBDIR=\$(ASTDATADIR)/astdb" + "ASTVARRUNDIR=/run/asterisk" + "ASTCACHEDIR=/var/cache/asterisk" + "OPTIMIZE=" + "DEBUG=" + "DESTDIR=${D}" + "CONFIG_SRC=configs/samples" + "CONFIG_EXTEN=.sample" + "AST_FORTIFY_SOURCE=" + ) + + emake "${make_args[@]}" "$@" +} pkg_pretend() { CONFIG_CHECK="~!NF_CONNTRACK_SIP" @@ -140,95 +143,93 @@ pkg_setup() { src_prepare() { default - AT_M4DIR="autoconf third-party third-party/pjproject third-party/jansson" \ + AT_M4DIR="autoconf third-party third-party/pjproject third-party/jansson third-party/libjwt" \ AC_CONFIG_SUBDIRS=menuselect eautoreconf } src_configure() { local vmst local copt cstate - - econf \ - SED=sed \ - LUA_VERSION="${ELUA#lua}" \ - --libdir="/usr/$(get_libdir)" \ - --localstatedir="/var" \ - --with-crypto \ - --with-gsm=internal \ - --with-popt \ - --with-z \ - --with-libedit \ - --without-jansson-bundled \ - --without-pjproject-bundled \ - $(use_with caps cap) \ - $(use_with codec2) \ - $(use_with lua lua) \ - $(use_with http gmime) \ - $(use_with newt) \ - $(use_with pjproject) \ - $(use_with portaudio) \ - $(use_with ssl) \ + local myconf=( + LUA_VERSION="${ELUA#lua}" + --localstatedir="/var" + --with-crypto + --with-gsm=internal + --with-popt + --with-z + --with-libedit + --without-jansson-bundled + --without-pjproject-bundled + $(use_with caps cap) + $(use_with codec2) + $(use_with lua lua) + $(use_with http gmime) + $(use_with newt) + $(use_with pjproject) + $(use_with portaudio) + $(use_with ssl) $(use_with unbound) + ) + econf "${myconf[@]}" - _menuselect() { - menuselect/menuselect "$@" || die "menuselect $* failed." + ast_menuselect() { + menuselect/menuselect "$@" menuselect.makeopts || die "menuselect $* failed." } _use_select() { local state=$(use "$1" && echo enable || echo disable) + local x shift # remove use from parameters - while [[ -n $1 ]]; do - _menuselect --${state} "$1" menuselect.makeopts - shift + for x; do + ast_menuselect --${state} "$x" done } # Blank out sounds/sounds.xml file to prevent # asterisk from installing sounds files (we pull them in via # asterisk-{core,extra}-sounds and asterisk-moh-opsound. - >"${S}"/sounds/sounds.xml + >sounds/sounds.xml || die "Unable to blank out sounds/sounds.xml" # That NATIVE_ARCH chatter really is quite bothersome - sed -i 's/NATIVE_ARCH=/NATIVE_ARCH=0/' build_tools/menuselect-deps || die "Unable to squelch noisy build system" + sed -i 's/NATIVE_ARCH=/&0/' build_tools/menuselect-deps || die "Unable to squelch noisy build system" # Compile menuselect binary for optional components emake "${_make_args[@]}" menuselect.makeopts # Disable astdb2* tools. We've been on sqlite long enough # that this should really no longer be a problem (bug #https://bugs.gentoo.org/872194) - _menuselect --disable astdb2sqlite3 menuselect.makeopts - _menuselect --disable astdb2bdb menuselect.makeopts + ast_menuselect --disable astdb2sqlite3 + ast_menuselect --disable astdb2bdb # Disable BUILD_NATIVE (bug #667498) - _menuselect --disable build_native menuselect.makeopts + ast_menuselect --disable build_native # Broken functionality is forcibly disabled (bug #360143) - _menuselect --disable chan_misdn menuselect.makeopts - _menuselect --disable chan_ooh323 menuselect.makeopts + ast_menuselect --disable chan_ooh323 # Utility set is forcibly enabled (bug #358001) - _menuselect --enable smsq menuselect.makeopts - _menuselect --enable streamplayer menuselect.makeopts - _menuselect --enable aelparse menuselect.makeopts - _menuselect --enable astman menuselect.makeopts + ast_menuselect --enable smsq + ast_menuselect --enable streamplayer + ast_menuselect --enable aelparse + ast_menuselect --enable astman # this is connected, otherwise it would not find # ast_pktccops_gate_alloc symbol - _menuselect --enable chan_mgcp menuselect.makeopts - _menuselect --enable res_pktccops menuselect.makeopts + ast_menuselect --enable chan_mgcp + ast_menuselect --enable res_pktccops # SSL is forcibly enabled, IAX2 & DUNDI are expected to be available - _menuselect --enable pbx_dundi menuselect.makeopts - _menuselect --enable func_aes menuselect.makeopts - _menuselect --enable chan_iax2 menuselect.makeopts + ast_menuselect --enable pbx_dundi + ast_menuselect --enable func_aes + ast_menuselect --enable chan_iax2 # SQlite3 is now the main database backend, enable related features - _menuselect --enable cdr_sqlite3_custom menuselect.makeopts - _menuselect --enable cel_sqlite3_custom menuselect.makeopts + ast_menuselect --enable cdr_sqlite3_custom + ast_menuselect --enable cel_sqlite3_custom # Disable conversion tools (which fails to compile in some cases). - _menuselect --disable astdb2bdb menuselect.makeopts + ast_menuselect --disable astdb2bdb # The others are based on USE-flag settings _use_select alsa chan_alsa @@ -237,7 +238,7 @@ src_configure() { _use_select cluster res_corosync _use_select codec2 codec_codec2 _use_select curl func_curl res_config_curl res_curl - _use_select deprecated app_macro + _use_select deprecated app_macro chan_sip res_monitor _use_select freetds {cdr,cel}_tds _use_select gtalk chan_motif _use_select http res_http_post @@ -245,9 +246,8 @@ src_configure() { _use_select ilbc codec_ilbc format_ilbc _use_select ldap res_config_ldap _use_select lua pbx_lua - _use_select mysql app_mysql cdr_mysql res_config_mysql + _use_select mysql res_config_mysql _use_select odbc cdr_adaptive_odbc res_config_odbc {cdr,cel,res,func}_odbc - _use_select oss chan_oss _use_select postgres {cdr,cel}_pgsql res_config_pgsql _use_select radius {cdr,cel}_radius _use_select snmp res_snmp @@ -256,20 +256,20 @@ src_configure() { _use_select speex format_ogg_speex _use_select srtp res_srtp _use_select statsd res_statsd res_{endpoint,chan}_stats - _use_select syslog cdr_syslog _use_select vorbis format_ogg_vorbis _use_select xmpp res_xmpp # Voicemail storage ... + ast_menuselect --enable app_voicemail for vmst in "${IUSE_VOICEMAIL_STORAGE[@]}"; do if use "${vmst#+}"; then - _menuselect --enable "$(echo "${vmst##*_}" | tr '[:lower:]' '[:upper:]')_STORAGE" menuselect.makeopts + ast_menuselect --enable "app_voicemail_${vmst##*_}" fi done if use debug; then for o in DONT_OPTIMIZE DEBUG_FD_LEAKS MALLOC_DEBUG BETTER_BACKTRACES; do - _menuselect --enable "${o}" menuselect.makeopts + ast_menuselect --enable "${o}" done fi @@ -278,14 +278,14 @@ src_configure() { cstate=--enable [[ "${copt}" == -* ]] && cstate=--disable ebegin "Custom option ${copt#[-+]} ${cstate:2}d" - _menuselect ${cstate} "${copt#[-+]}" + ast_menuselect ${cstate} "${copt#[-+]}" eend $? done fi } src_compile() { - emake "${_make_args[@]}" + ast_make } src_install() { @@ -296,7 +296,7 @@ src_install() { diropts -m 0750 -o root -g asterisk dodir /etc/asterisk - emake "${_make_args[@]}" install install-configs + ast_make install install-headers install-configs "DESTDIR=${D}" fowners asterisk: /var/lib/asterisk/astdb @@ -314,8 +314,7 @@ src_install() { # Reset diropts else dodoc uses it for doc installations. diropts -m0755 - # install the upgrade documentation - dodoc UPGRADE* BUGS CREDITS + dodoc README* BUGS CREDITS # install extra documentation use doc && dodoc doc/*.{txt,pdf} @@ -329,13 +328,24 @@ src_install() { } pkg_postinst() { - if [ -z "${REPLACING_VERSIONS}" ]; then + if [[ -z "${REPLACING_VERSIONS}" ]]; then elog "Asterisk Wiki: https://wiki.asterisk.org/wiki/" elog "Gentoo VoIP IRC Channel: #gentoo-voip @ irc.libera.chat" - elif [ "$(ver_cut 1 "${REPLACING_VERSIONS}")" != "$(ver_cut 1)" ]; then - elog "You are updating from Asterisk $(ver_cut 1 "${REPLACING_VERSIONS}") upgrade document:" - elog "https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+$(ver_cut 1)" - elog "Gentoo VoIP IRC Channel: #gentoo-voip @ irc.libera.chat" + else + local my_replacing=() x + for x in ${REPLACING_VERSIONS}; do + [[ $(ver_cut 1 ${x}) != $(ver_cut 1) ]] && + my_replacing+=( $(ver_cut 1 ${x}) ) + done + if [[ "${#my_replacing}" -gt 0 ]]; then + my_replacing="${my_replacing[*]}" + my_replacing="${my_replacing// /, }" + [[ "${my_replacing}" = *", "* ]] && + my_replacing="${my_replacing%, *} or ${my_replacing##*, }" + elog "You are updating from Asterisk ${my_replacing}, you should reference the upgrade document:" + elog "https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+$(ver_cut 1)" + elog "Assistance also available on Gentoo VoIP IRC Channel: #gentoo-voip @ irc.libera.chat" + fi fi if use deprecated; then diff --git a/net-misc/asterisk/asterisk-21.5.0.ebuild b/net-misc/asterisk/asterisk-21.5.0-r1.ebuild index 923c0b29641a..1812ee48dec1 100644 --- a/net-misc/asterisk/asterisk-21.5.0.ebuild +++ b/net-misc/asterisk/asterisk-21.5.0-r1.ebuild @@ -72,7 +72,7 @@ DEPEND="acct-user/asterisk media-libs/speex media-libs/speexdsp ) - srtp? ( net-libs/libsrtp:0 ) + srtp? ( net-libs/libsrtp:= ) ssl? ( dev-libs/openssl:0= ) @@ -97,6 +97,10 @@ PDEPEND="net-misc/asterisk-base" BDEPEND="dev-libs/libxml2:2 virtual/pkgconfig" +QA_CONFIG_IMPL_DECL_SKIP=( + htonll + ntohll +) QA_DT_NEEDED="/usr/lib.*/libasteriskssl[.]so[.][0-9]\+" ast_make() { diff --git a/net-misc/asterisk/asterisk-22.0.0-r1.ebuild b/net-misc/asterisk/asterisk-22.0.0-r1.ebuild new file mode 100644 index 000000000000..1812ee48dec1 --- /dev/null +++ b/net-misc/asterisk/asterisk-22.0.0-r1.ebuild @@ -0,0 +1,358 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +LUA_COMPAT=( lua5-{1..4} ) + +inherit autotools linux-info lua-single toolchain-funcs + +DESCRIPTION="Asterisk: A Modular Open Source PBX System" +HOMEPAGE="https://www.asterisk.org/" +SRC_URI="https://downloads.asterisk.org/pub/telephony/asterisk/releases/${P}.tar.gz" +LICENSE="GPL-2" +SLOT="0/${PV%%.*}" +KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~sparc ~x86" + +IUSE_VOICEMAIL_STORAGE=( + voicemail_storage_odbc + voicemail_storage_imap +) +IUSE="${IUSE_VOICEMAIL_STORAGE[*]} blocks bluetooth calendar +caps cluster codec2 curl debug doc freetds gtalk http iconv ilbc ldap lua mysql newt odbc pjproject portaudio postgres radius selinux snmp span speex srtp +ssl static statsd systemd unbound vorbis xmpp" +IUSE_EXPAND="VOICEMAIL_STORAGE" +REQUIRED_USE="gtalk? ( xmpp ) + lua? ( ${LUA_REQUIRED_USE} ) + voicemail_storage_odbc? ( odbc ) +" + +PATCHES=( + "${FILESDIR}/asterisk-16.16.2-no-var-run-install.patch" +) + +DEPEND="acct-user/asterisk + acct-group/asterisk + dev-db/sqlite:3 + dev-libs/popt + >=dev-libs/jansson-2.11:= + dev-libs/libedit + dev-libs/libxml2:2 + dev-libs/libxslt + sys-apps/util-linux + sys-libs/zlib + virtual/libcrypt:= + bluetooth? ( net-wireless/bluez:= ) + calendar? ( + net-libs/neon:= + dev-libs/libical:= + dev-libs/iksemel + ) + caps? ( sys-libs/libcap ) + blocks? ( sys-libs/blocksruntime ) + cluster? ( sys-cluster/corosync ) + codec2? ( media-libs/codec2:= ) + curl? ( net-misc/curl ) + freetds? ( dev-db/freetds ) + gtalk? ( dev-libs/iksemel ) + http? ( dev-libs/gmime:2.6 ) + iconv? ( virtual/libiconv ) + ilbc? ( media-libs/libilbc ) + ldap? ( net-nds/openldap:= ) + lua? ( ${LUA_DEPS} ) + mysql? ( dev-db/mysql-connector-c:= ) + newt? ( dev-libs/newt ) + odbc? ( dev-db/unixODBC ) + pjproject? ( >=net-libs/pjproject-2.12:= ) + portaudio? ( media-libs/portaudio ) + postgres? ( dev-db/postgresql:* ) + radius? ( net-dialup/freeradius-client ) + snmp? ( net-analyzer/net-snmp:= ) + span? ( media-libs/spandsp ) + speex? ( + media-libs/libogg + media-libs/speex + media-libs/speexdsp + ) + srtp? ( net-libs/libsrtp:= ) + ssl? ( + dev-libs/openssl:0= + ) + systemd? ( sys-apps/systemd ) + !systemd? ( !sys-apps/systemd ) + unbound? ( net-dns/unbound ) + vorbis? ( + media-libs/libogg + media-libs/libvorbis + ) + voicemail_storage_imap? ( net-libs/c-client[ssl=] ) + xmpp? ( dev-libs/iksemel ) +" + +RDEPEND="${DEPEND} + net-misc/asterisk-core-sounds + net-misc/asterisk-extra-sounds + net-misc/asterisk-moh-opsound + selinux? ( sec-policy/selinux-asterisk )" +PDEPEND="net-misc/asterisk-base" + +BDEPEND="dev-libs/libxml2:2 + virtual/pkgconfig" + +QA_CONFIG_IMPL_DECL_SKIP=( + htonll + ntohll +) +QA_DT_NEEDED="/usr/lib.*/libasteriskssl[.]so[.][0-9]\+" + +ast_make() { + local make_args=( + "NOISY_BUILD=yes" + "ASTDBDIR=\$(ASTDATADIR)/astdb" + "ASTVARRUNDIR=/run/asterisk" + "ASTCACHEDIR=/var/cache/asterisk" + "OPTIMIZE=" + "DEBUG=" + "CONFIG_SRC=configs/samples" + "CONFIG_EXTEN=.sample" + "AST_FORTIFY_SOURCE=" + ) + + emake "${make_args[@]}" "$@" +} + +pkg_pretend() { + CONFIG_CHECK="~!NF_CONNTRACK_SIP" + local WARNING_NF_CONNTRACK_SIP="SIP (NAT) connection tracking is enabled. Some users + have reported that this module dropped critical SIP packets in their deployments. You + may want to disable it if you see such problems." + check_extra_config + + [[ "${MERGE_TYPE}" == binary ]] && return + + if tc-is-clang; then + use blocks || die "CC=clang requires USE=blocks" + else + use blocks && die "USE=blocks can only be used with CC=clang" + fi +} + +pkg_setup() { + use lua && lua-single_pkg_setup +} + +src_prepare() { + default + AT_M4DIR="autoconf third-party third-party/pjproject third-party/jansson third-party/libjwt" \ + AC_CONFIG_SUBDIRS=menuselect eautoreconf +} + +src_configure() { + local vmst + local copt cstate + local myconf=( + LUA_VERSION="${ELUA#lua}" \ + --localstatedir="/var" \ + --with-crypto \ + --with-gsm=internal \ + --with-popt \ + --with-z \ + --with-libedit \ + --without-jansson-bundled \ + --without-pjproject-bundled \ + $(use_with caps cap) \ + $(use_with codec2) \ + $(use_with lua lua) \ + $(use_with http gmime) \ + $(use_with newt) \ + $(use_with pjproject) \ + $(use_with portaudio) \ + $(use_with ssl) \ + $(use_with unbound) + ) + + econf "${myconf[@]}" + + ast_menuselect() { + menuselect/menuselect "$@" menuselect.makeopts || die "menuselect $* failed." + } + + _use_select() { + local state=$(use "$1" && echo enable || echo disable) + local x + shift # remove use from parameters + + for x; do + ast_menuselect --${state} "$x" + done + } + + # Blank out sounds/sounds.xml file to prevent + # asterisk from installing sounds files (we pull them in via + # asterisk-{core,extra}-sounds and asterisk-moh-opsound. + >sounds/sounds.xml || die "Unable to blank out sounds/sounds.xml" + + # That NATIVE_ARCH chatter really is quite bothersome + sed -i 's/NATIVE_ARCH=/&0/' build_tools/menuselect-deps || die "Unable to squelch noisy build system" + + # Compile menuselect binary for optional components + ast_make menuselect.makeopts + + # Disable astdb2* tools. We've been on sqlite long enough + # that this should really no longer be a problem (bug #https://bugs.gentoo.org/872194) + ast_menuselect --disable astdb2sqlite3 + ast_menuselect --disable astdb2bdb + + # Disable BUILD_NATIVE (bug #667498) + ast_menuselect --disable build_native + + # Broken functionality is forcibly disabled (bug #360143) + ast_menuselect --disable chan_ooh323 + + # Utility set is forcibly enabled (bug #358001) + ast_menuselect --enable smsq + ast_menuselect --enable streamplayer + ast_menuselect --enable aelparse + ast_menuselect --enable astman + + # SSL is forcibly enabled, IAX2 & DUNDI are expected to be available + ast_menuselect --enable pbx_dundi + ast_menuselect --enable func_aes + ast_menuselect --enable chan_iax2 + + # SQlite3 is now the main database backend, enable related features + ast_menuselect --enable cdr_sqlite3_custom + ast_menuselect --enable cel_sqlite3_custom + + # Disable conversion tools (which fails to compile in some cases). + ast_menuselect --disable astdb2bdb + + # The others are based on USE-flag settings + _use_select bluetooth chan_mobile + _use_select calendar res_calendar res_calendar_{caldav,ews,exchange,icalendar} + _use_select cluster res_corosync + _use_select codec2 codec_codec2 + _use_select curl func_curl res_config_curl res_curl + _use_select freetds {cdr,cel}_tds + _use_select gtalk chan_motif + _use_select http res_http_post + _use_select iconv func_iconv + _use_select ilbc codec_ilbc format_ilbc + _use_select ldap res_config_ldap + _use_select lua pbx_lua + _use_select mysql res_config_mysql + _use_select odbc cdr_adaptive_odbc res_config_odbc {cdr,cel,res,func}_odbc + _use_select postgres {cdr,cel}_pgsql res_config_pgsql + _use_select radius {cdr,cel}_radius + _use_select snmp res_snmp + _use_select span res_fax_spandsp + _use_select speex {codec,func}_speex + _use_select speex format_ogg_speex + _use_select srtp res_srtp + _use_select statsd res_statsd res_{endpoint,chan}_stats + _use_select vorbis format_ogg_vorbis + _use_select xmpp res_xmpp + + # Voicemail storage ... + ast_menuselect --enable app_voicemail + for vmst in "${IUSE_VOICEMAIL_STORAGE[@]}"; do + if use "${vmst#+}"; then + ast_menuselect --enable "app_voicemail_${vmst##*_}" + fi + done + + if use debug; then + for o in DONT_OPTIMIZE DEBUG_FD_LEAKS MALLOC_DEBUG BETTER_BACKTRACES; do + ast_menuselect --enable "${o}" + done + fi + + if [[ -n "${GENTOO_ASTERISK_CUSTOM_MENUSELECT:+yes}" ]]; then + for copt in ${GENTOO_ASTERISK_CUSTOM_MENUSELECT}; do + cstate=--enable + [[ "${copt}" == -* ]] && cstate=--disable + ebegin "Custom option ${copt#[-+]} ${cstate:2}d" + ast_menuselect ${cstate} "${copt#[-+]}" + eend $? + done + fi +} + +src_compile() { + ast_make +} + +src_install() { + local d + + dodir "/usr/$(get_libdir)/pkgconfig" + + diropts -m 0750 -o root -g asterisk + dodir /etc/asterisk + + ast_make install install-headers install-configs "DESTDIR=${D}" + + fowners asterisk: /var/lib/asterisk/astdb + + if use radius; then + insinto /etc/radiusclient/ + doins contrib/dictionary.digium + fi + + # keep directories + diropts -m 0750 -o asterisk -g root + keepdir /var/spool/asterisk/{system,tmp,meetme,monitor,dictate,voicemail,recording,outgoing} + diropts -m 0750 -o asterisk -g asterisk + keepdir /var/log/asterisk/{cdr-csv,cdr-custom} + + # Reset diropts else dodoc uses it for doc installations. + diropts -m0755 + + dodoc README* BUGS CREDITS + + # install extra documentation + use doc && dodoc doc/*.{txt,pdf} + + # Asterisk installs a few folders that's empty by design, + # but still required. This finds them, and marks them for + # portage. + while read d <&3; do + keepdir "${d#${ED}}" + done 3< <(find "${ED}"/var -type d -empty || die "Find failed.") +} + +pkg_postinst() { + if [[ -z "${REPLACING_VERSIONS}" ]]; then + elog "Asterisk Wiki: https://wiki.asterisk.org/wiki/" + elog "Gentoo VoIP IRC Channel: #gentoo-voip @ irc.libera.chat" + else + local my_replacing=() x + for x in ${REPLACING_VERSIONS}; do + [[ $(ver_cut 1 ${x}) != $(ver_cut 1) ]] && + my_replacing+=( $(ver_cut 1 ${x}) ) + done + if [[ "${#my_replacing}" -gt 0 ]]; then + my_replacing="${my_replacing[*]}" + my_replacing="${my_replacing// /, }" + [[ "${my_replacing}" = *", "* ]] && + my_replacing="${my_replacing%, *} or ${my_replacing##*, }" + elog "You are updating from Asterisk ${my_replacing}, you should reference the upgrade document:" + elog "https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+$(ver_cut 1)" + elog "Assistance also available on Gentoo VoIP IRC Channel: #gentoo-voip @ irc.libera.chat" + fi + fi + + if [[ -n "${GENTOO_ASTERISK_CUSTOM_MENUSELECT:+yes}" ]]; then + ewarn "You are using GENTOO_ASTERISK_CUSTOM_MENUSELECT, this should only be used" + ewarn "for debugging, for anything else, please file a bug on https://bugs.gentoo.org" + fi + + if [[ -f /var/lib/asterisk/astdb.sqlite3 ]]; then + ewarn "Default astdb location has changed from /var/lib/asterisk to /var/lib/asterisk/astdb" + ewarn "You still have a /var/lib/asterisk/astdb.sqlite file. You need to either set" + ewarn "astdbdir in /etc/asterisk/asterisk.conf to /var/lib/asterisk or follow these" + ewarn "steps to migrate:" + ewarn "1. /etc/init.d/asterisk stop" + ewarn "2. mv /var/lib/asterisk/astdb.sqlite /var/lib/asterisk/astdb/" + ewarn "3. /etc/init.d/asterisk start" + ewarn "This update was done partly for security reasons so that /var/lib/asterisk can be root owned." + fi +} diff --git a/net-misc/asterisk/files/asterisk-16.29.1_18.15.1_20.0.1-noexec_stack.patch b/net-misc/asterisk/files/asterisk-16.29.1_18.15.1_20.0.1-noexec_stack.patch deleted file mode 100644 index ed1fafa8aa5b..000000000000 --- a/net-misc/asterisk/files/asterisk-16.29.1_18.15.1_20.0.1-noexec_stack.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e4d33a4e488fb7abfa41b5ff947d048d22d000f4 Mon Sep 17 00:00:00 2001 -From: Jaco Kroon <jaco@uls.co.za> -Date: Mon, 7 Nov 2022 17:30:00 +0200 -Subject: [PATCH] Build system: Avoid executable stack. - -Found in res_geolocation, but I believe others may have similar issues, -thus not linking to a specific issue. - -Essentially gcc doesn't mark the stack for being non-executable unless -it's compiling the source, this informs ld via gcc to mark the object as -not requiring an executable stack (which a binary blob obviously -doesn't). - -Change-Id: I71bcc2fd1fe0c82a28b3257405d6f2b566fd9bfc -Signed-off-by: Jaco Kroon <jaco@uls.co.za> ---- - Makefile.rules | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.rules b/Makefile.rules -index e6b6589cc7..7b508e6ab2 100644 ---- a/Makefile.rules -+++ b/Makefile.rules -@@ -213,10 +213,10 @@ endif - # extern const size_t _binary_abc_def_xml_size; - %.o: %.xml - $(ECHO_PREFIX) echo " [LD] $^ -> $@" -- $(CMD_PREFIX) $(CC) -g -nostartfiles -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^ -+ $(CMD_PREFIX) $(CC) -g -Wl,-znoexecstack -nostartfiles -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^ - - %.o: %.xslt - $(ECHO_PREFIX) echo " [LD] $^ -> $@" -- $(CMD_PREFIX) $(CC) -g -nostartfiles -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^ -+ $(CMD_PREFIX) $(CC) -g -Wl,-znoexecstack -nostartfiles -nodefaultlibs -nostdlib -r -Wl,-b,binary -o $@ $^ - - dist-clean:: clean --- -2.37.4 - diff --git a/net-misc/asterisk/files/asterisk-16.30.1-r1-iax2_jitterbuffer.patch b/net-misc/asterisk/files/asterisk-16.30.1-r1-iax2_jitterbuffer.patch deleted file mode 100644 index 67fb68b3cf42..000000000000 --- a/net-misc/asterisk/files/asterisk-16.30.1-r1-iax2_jitterbuffer.patch +++ /dev/null @@ -1,65 +0,0 @@ -From 73103bdcd5b342ce5dfa32039333ffadad551151 Mon Sep 17 00:00:00 2001 -From: Naveen Albert <asterisk@phreaknet.org> -Date: Wed, 14 Dec 2022 16:00:51 +0000 -Subject: [PATCH] chan_iax2: Fix jitterbuffer regression prior to receiving - audio. - -ASTERISK_29392 (a security fix) introduced a regression by -not processing frames when we don't have an audio format. - -Currently, chan_iax2 only calls jb_get to read frames from -the jitterbuffer when the voiceformat has been set on the pvt. -However, this only happens when we receive a voice frame, which -means that prior to receiving voice frames, other types of frames -get stalled completely in the jitterbuffer. - -To fix this, we now fallback to using the format negotiated during -call setup until we've actually received a voice frame with a format. -This ensures we're always able to read from the jitterbuffer. - -ASTERISK-30354 #close -ASTERISK-30162 #close - -Change-Id: Ie4fd1e8e088a145ad89e0427c2100a530e964fe9 ---- - channels/chan_iax2.c | 17 ++++++++++++++--- - 1 file changed, 14 insertions(+), 3 deletions(-) - -diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c -index ab6bd61638..5b3caf03b5 100644 ---- a/channels/chan_iax2.c -+++ b/channels/chan_iax2.c -@@ -4158,9 +4158,19 @@ static void __get_from_jb(const void *p) - now.tv_usec += 1000; - - ms = ast_tvdiff_ms(now, pvt->rxcore); -- -- voicefmt = ast_format_compatibility_bitfield2format(pvt->voiceformat); -- if (voicefmt && ms >= (next = jb_next(pvt->jb))) { -+ if (ms >= (next = jb_next(pvt->jb))) { -+ voicefmt = ast_format_compatibility_bitfield2format(pvt->voiceformat); -+ if (!voicefmt) { -+ /* pvt->voiceformat won't be set if we haven't received any voice frames yet. -+ * In this case, fall back to using the format negotiated during call setup, -+ * so we don't stall the jitterbuffer completely. */ -+ voicefmt = ast_format_compatibility_bitfield2format(pvt->peerformat); -+ } -+ if (!voicefmt) { -+ /* Really shouldn't happen, but if it does, should be looked into */ -+ ast_log(LOG_WARNING, "No voice format and no peer format available on %s, backlogging frame\n", ast_channel_name(pvt->owner)); -+ goto cleanup; /* Don't crash if there's no voice format */ -+ } - ret = jb_get(pvt->jb, &frame, ms, ast_format_get_default_ms(voicefmt)); - switch(ret) { - case JB_OK: -@@ -4202,6 +4212,7 @@ static void __get_from_jb(const void *p) - break; - } - } -+cleanup: - if (pvt) - update_jbsched(pvt); - ast_mutex_unlock(&iaxsl[callno]); --- -2.41.0 - diff --git a/net-misc/asterisk/files/asterisk-16.30.1-r3-manager.c-Add-entries-to-Originate-blacklist.patch b/net-misc/asterisk/files/asterisk-16.30.1-r3-manager.c-Add-entries-to-Originate-blacklist.patch deleted file mode 100644 index f33e73037979..000000000000 --- a/net-misc/asterisk/files/asterisk-16.30.1-r3-manager.c-Add-entries-to-Originate-blacklist.patch +++ /dev/null @@ -1,205 +0,0 @@ -From faddd99f2b9408b524e5eb8a01589fe1fa282df2 Mon Sep 17 00:00:00 2001 -From: George Joseph <gjoseph@sangoma.com> -Date: Mon, 22 Jul 2024 08:05:03 -0600 -Subject: [PATCH 1/2] manager.c: Add entries to Originate blacklist - -Added Reload and DBdeltree to the list of dialplan application that -can't be executed via the Originate manager action without also -having write SYSTEM permissions. - -Added CURL, DB*, FILE, ODBC and REALTIME* to the list of dialplan -functions that can't be executed via the Originate manager action -without also having write SYSTEM permissions. - -If the Queue application is attempted to be run by the Originate -manager action and an AGI parameter is specified in the app data, -it'll be rejected unless the manager user has either the AGI or -SYSTEM permissions. - -Resolves: #GHSA-c4cg-9275-6w44 ---- - main/manager.c | 161 +++++++++++++++++++++++++++++++++++++++++++------ - 1 file changed, 141 insertions(+), 20 deletions(-) - -diff --git a/main/manager.c b/main/manager.c -index cb64a234e5..2ce88a3ab8 100644 ---- a/main/manager.c -+++ b/main/manager.c -@@ -6325,6 +6325,145 @@ aocmessage_cleanup: - return 0; - } - -+struct originate_permissions_entry { -+ const char *search; -+ int permission; -+ int (*searchfn)(const char *app, const char *data, const char *search); -+}; -+ -+/*! -+ * \internal -+ * \brief Check if the application is allowed for Originate -+ * -+ * \param app The "app" parameter -+ * \param data The "appdata" parameter (ignored) -+ * \param search The search string -+ * \retval 1 Match -+ * \retval 0 No match -+ */ -+static int app_match(const char *app, const char *data, const char *search) -+{ -+ /* -+ * We use strcasestr so we don't have to trim any blanks -+ * from the front or back of the string. -+ */ -+ return !!(strcasestr(app, search)); -+} -+ -+/*! -+ * \internal -+ * \brief Check if the appdata is allowed for Originate -+ * -+ * \param app The "app" parameter (ignored) -+ * \param data The "appdata" parameter -+ * \param search The search string -+ * \retval 1 Match -+ * \retval 0 No match -+ */ -+static int appdata_match(const char *app, const char *data, const char *search) -+{ -+ return !!(strstr(data, search)); -+} -+ -+/*! -+ * \internal -+ * \brief Check if the Queue application is allowed for Originate -+ * -+ * It's only allowed if there's no AGI parameter set -+ * -+ * \param app The "app" parameter -+ * \param data The "appdata" parameter -+ * \param search The search string -+ * \retval 1 Match -+ * \retval 0 No match -+ */ -+static int queue_match(const char *app, const char *data, const char *search) -+{ -+ char *parse; -+ AST_DECLARE_APP_ARGS(args, -+ AST_APP_ARG(queuename); -+ AST_APP_ARG(options); -+ AST_APP_ARG(url); -+ AST_APP_ARG(announceoverride); -+ AST_APP_ARG(queuetimeoutstr); -+ AST_APP_ARG(agi); -+ AST_APP_ARG(gosub); -+ AST_APP_ARG(rule); -+ AST_APP_ARG(position); -+ ); -+ -+ if (!strcasestr(app, "queue")) { -+ return 0; -+ } -+ -+ parse = ast_strdupa(data); -+ AST_STANDARD_APP_ARGS(args, parse); -+ -+ /* -+ * The Queue application is fine unless the AGI parameter is set. -+ * If it is, we need to check the user's permissions. -+ */ -+ return !ast_strlen_zero(args.agi); -+} -+ -+/* -+ * The Originate application and application data are passed -+ * to each searchfn in the list. If a searchfn returns true -+ * and the user's permissions don't include the permissions specified -+ * in the list entry, the Originate action will be denied. -+ * -+ * If no searchfn returns true, the Originate action is allowed. -+ */ -+static struct originate_permissions_entry originate_app_permissions[] = { -+ /* -+ * The app_match function checks if the search string is -+ * anywhere in the app parameter. The check is case-insensitive. -+ */ -+ { "agi", EVENT_FLAG_SYSTEM, app_match }, -+ { "dbdeltree", EVENT_FLAG_SYSTEM, app_match }, -+ { "exec", EVENT_FLAG_SYSTEM, app_match }, -+ { "externalivr", EVENT_FLAG_SYSTEM, app_match }, -+ { "mixmonitor", EVENT_FLAG_SYSTEM, app_match }, -+ { "originate", EVENT_FLAG_SYSTEM, app_match }, -+ { "reload", EVENT_FLAG_SYSTEM, app_match }, -+ { "system", EVENT_FLAG_SYSTEM, app_match }, -+ /* -+ * Since the queue_match function specifically checks -+ * for the presence of the AGI parameter, we'll allow -+ * the call if the user has either the AGI or SYSTEM -+ * permission. -+ */ -+ { "queue", EVENT_FLAG_AGI | EVENT_FLAG_SYSTEM, queue_match }, -+ /* -+ * The appdata_match function checks if the search string is -+ * anywhere in the appdata parameter. Unlike app_match, -+ * the check is case-sensitive. These are generally -+ * dialplan functions. -+ */ -+ { "CURL", EVENT_FLAG_SYSTEM, appdata_match }, -+ { "DB", EVENT_FLAG_SYSTEM, appdata_match }, -+ { "EVAL", EVENT_FLAG_SYSTEM, appdata_match }, -+ { "FILE", EVENT_FLAG_SYSTEM, appdata_match }, -+ { "ODBC", EVENT_FLAG_SYSTEM, appdata_match }, -+ { "REALTIME", EVENT_FLAG_SYSTEM, appdata_match }, -+ { "SHELL", EVENT_FLAG_SYSTEM, appdata_match }, -+ { NULL, 0 }, -+}; -+ -+static int is_originate_app_permitted(const char *app, const char *data, -+ int permission) -+{ -+ int i; -+ -+ for (i = 0; originate_app_permissions[i].search; i++) { -+ if (originate_app_permissions[i].searchfn(app, data, originate_app_permissions[i].search)) { -+ return !!(permission & originate_app_permissions[i].permission); -+ } -+ } -+ -+ return 1; -+} -+ - static int action_originate(struct mansession *s, const struct message *m) - { - const char *name = astman_get_header(m, "Channel"); -@@ -6418,26 +6557,8 @@ static int action_originate(struct mansession *s, const struct message *m) - } - - if (!ast_strlen_zero(app) && s->session) { -- int bad_appdata = 0; -- /* To run the System application (or anything else that goes to -- * shell), you must have the additional System privilege */ -- if (!(s->session->writeperm & EVENT_FLAG_SYSTEM) -- && ( -- strcasestr(app, "system") || /* System(rm -rf /) -- TrySystem(rm -rf /) */ -- strcasestr(app, "exec") || /* Exec(System(rm -rf /)) -- TryExec(System(rm -rf /)) */ -- strcasestr(app, "agi") || /* AGI(/bin/rm,-rf /) -- EAGI(/bin/rm,-rf /) */ -- strcasestr(app, "mixmonitor") || /* MixMonitor(blah,,rm -rf) */ -- strcasestr(app, "externalivr") || /* ExternalIVR(rm -rf) */ -- strcasestr(app, "originate") || /* Originate(Local/1234,app,System,rm -rf) */ -- (strstr(appdata, "SHELL") && (bad_appdata = 1)) || /* NoOp(${SHELL(rm -rf /)}) */ -- (strstr(appdata, "EVAL") && (bad_appdata = 1)) /* NoOp(${EVAL(${some_var_containing_SHELL})}) */ -- )) { -- char error_buf[64]; -- snprintf(error_buf, sizeof(error_buf), "Originate Access Forbidden: %s", bad_appdata ? "Data" : "Application"); -- astman_send_error(s, m, error_buf); -+ if (!is_originate_app_permitted(app, appdata, s->session->writeperm)) { -+ astman_send_error(s, m, "Originate Access Forbidden: app or data blacklisted"); - res = 0; - goto fast_orig_cleanup; - } --- -2.44.2 - |