From 4274bed0c1f1fd06a654f5816e30d82059f4cc39 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@koprulu.sector>
Date: Wed, 5 Apr 2023 17:25:42 +0100
Subject: gentoo auto-resync : 05:04:2023 - 17:25:42

---
 net-libs/Manifest.gz                               | Bin 32788 -> 32789 bytes
 net-libs/pjproject/Manifest                        |   4 +
 ...3537-buffer-overread-on-STUN-error-decode.patch |  95 ++++++++++++++
 ...2022-23547-buffer-overread-on-STUN-decode.patch |  50 ++++++++
 ...NOTIFY-tdata-is-set-before-sending-it_new.patch |  46 +++++++
 net-libs/pjproject/pjproject-2.13-r1.ebuild        | 142 +++++++++++++++++++++
 6 files changed, 337 insertions(+)
 create mode 100644 net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch
 create mode 100644 net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch
 create mode 100644 net-libs/pjproject/files/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch
 create mode 100644 net-libs/pjproject/pjproject-2.13-r1.ebuild

(limited to 'net-libs')

diff --git a/net-libs/Manifest.gz b/net-libs/Manifest.gz
index cf773346dc4b..1651c95e8eda 100644
Binary files a/net-libs/Manifest.gz and b/net-libs/Manifest.gz differ
diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index dd4d5f160356..fad6b6c42476 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -4,8 +4,12 @@ AUX pjproject-2.12.1-r2-CVE-2022-39244.patch 9936 BLAKE2B b9be3feb439421f82ff660
 AUX pjproject-2.12.1-r2-CVE-2022-39269.patch 1157 BLAKE2B 57a6e5d63c814663b49a0c1c0ec89b3c0fd63c1fda7a1ea4506e68d2b2e0ff84d2d9114379b2e5e260c411e4cca129dcd21d0457ee51a3466c04795916ac3167 SHA512 9557b9d942377a9a03866c0faeb66931a39e9a2506969db5874106f97b8bec68c8ab772364eab9c521b628e11778c35acb676052004927a82d3aa4edd163af49
 AUX pjproject-2.12.1-r2-bashism.patch 1658 BLAKE2B 52498d58f953ca6ca04a3fb4f013fea98b6f49530c7d25dd792d539d3b19eedd2a612900b6b6c8910c10a8004d13bc394716f103146f4bf60ad7ce8f785fdeb8 SHA512 5448766025f13e7f540af770082663d74d189f2cf436caa31222fe9b40d9a90c51cb91297f4e169531fba391c706065c407e9bc3633cd56d81536b6c9ded4d9b
 AUX pjproject-2.12.1-r2-musl.patch 2941 BLAKE2B 58eab3d88a503e36fd1dee26593805e0ec487fc50a41fbc68e6d489895920a15f671ad7d28257d158eda9c2253826fe9e2f9c115b644028191821abdc9aa035d SHA512 26b51b7b5bdd93b40ff267bea1c213f7417acaaab233ffcedaba948c509471210b53eea03c536056afe9298753644b6108d5cf88cf49d8e16e23309967e374ec
+AUX pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch 2895 BLAKE2B 59aa55426eb7ffe90fdbecd5005bed3bfc8f72b4abadb2a48e5bc0c03205005fe73e76d6a4c4640a22c72c1f6f7e201bee29ee426788aa0dd3942d85ebaca1d1 SHA512 2556e9b69ed71324686ca32d7bf7312386ea433af984b929084c44d060989c4631de815f27ef64a7e4082b6a62686bdaf70cbac56df3f81165b2200177d2b95c
+AUX pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch 1665 BLAKE2B 6351b770947a5487e8f1c59ab8ae09a9e8e7eb9c3ab25975e58e04349505b26af5a8917e4044f4d48c5d04001a3f276182328505e1976f829a6dab51e0fd0160 SHA512 a3bdf959f199db105eca701d0b8d9f1e6bce495436277670bad0b6cd60f4718b41e35bcad86f338b9b919de7121d5610af0d5a5f33fa48767b761fc2e4b515da
+AUX pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch 1662 BLAKE2B 48f4b7113ecd0b539b1a8449a3493dbd8459af70566867b5a1c70b794b2ca0136a496f45d24d97602787082cc8bf61c25138fcfe448115bf5215b329888df686 SHA512 de77f0d4f4a6dc2e57ab46727944191fc050fd423b659c26c9d4f4dd7f23ba7cc1d9a55fe63317caaf66b5ea58ac410997bae57a6d3ac28ab7cb6dde47ce9b15
 DIST pjproject-2.12.1.tar.gz 9660659 BLAKE2B d893f22d995c9570e4003f80adf15144cf39e09d5843a88e3a616a529a91164ec7b012ea66ede8d55bfe4ec0dc4eca7d230f07fc66f06dfafaea9d5ff72910fa SHA512 9087456024b8886e56660cebc45c7093b3b91cd6b08a3926fa2c0de452989ac84ceb4e27413c0311bde95f271341ee44d9681f81f83602a4e16151f1831d773b
 DIST pjproject-2.13.tar.gz 9744716 BLAKE2B 947fe076089b3cd0826a554db3cda9939e228b9e7bb5ed2d01242e44e5e5b0d9d2ddc52b378f141efb89fcbfbd628fcdff341e54bc3615280e23f30ea58daf56 SHA512 df184511d554e5f77ca1a551bdf6b22c4c8ae2b6ad61be0e7e459e2d7db50f496af66c37e080f178019a509ea25847e70a342ac48c820a6b9302b4cbf174c520
 EBUILD pjproject-2.12.1-r2.ebuild 4025 BLAKE2B cddb1dcd63188583805cf1148e4609afed9d0ccc678de9916a06581cb39df7003fe9a5566db18d9d7d3203ca93181803c10ee4ab86a96b2a17c70fa99c972493 SHA512 c41fddabe06fd84000f617520f50aec5550219d0c4d2616854d5fa9a68786f6078f9e893485ee9b6c225451ea00a117ffbea4818ff031579fb0b318b369671cb
+EBUILD pjproject-2.13-r1.ebuild 4031 BLAKE2B 6668d519ca979d3d4f1a701291b076ee96b21b0406177c092ac445affe25c70e1bbe25f8651f278936f6946ad4555d16378f6ca4907f67ecb32ff3056fd91955 SHA512 66bfc781dd6dbafe9047b0ee434183df1d13e0ac109a54d47568c2b44012fb14ba096b21d18f6ddf0209019e1ab939fb61ea41f84caea6e577e2bb57647e91d0
 EBUILD pjproject-2.13.ebuild 3759 BLAKE2B 207000e02b8c4050cb6706210fedfe3ee65fa835ff5d7e61c4047f1731ddd491901a0b18c25d7aedd94082a837194f2a3b81a2685d606658a39ff2a8ffc8de31 SHA512 f00be682f11060e1e382d1d2301987f450e72fd29a0fa36fb5f8221478ea4d630c849fd914d471362b95fd1772f9b597d043f78b5e666a56d50cb0502189ff3d
 MISC metadata.xml 1459 BLAKE2B e35f9c8621ea7c1c2670d90f69c341b53b20501ece6fcb41fefdec9f328a6c2b88f2f9d2fd2a77938b802fc74c36f2e3387cad3be7c9126767f28d32b42d19ed SHA512 498a94fb2bf3692b60c644e9d3e341761b20e8a4e0215e1c14c4444a199f9abb085f3421e143e7b944bac54a4f774c0b47af76c6fae5fc2cda4da13d1781a9b0
diff --git a/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch
new file mode 100644
index 000000000000..bfd1fc05e160
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch
@@ -0,0 +1,95 @@
+From d8440f4d711a654b511f50f79c0445b26f9dd1e1 Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin <nanang@teluu.com>
+Date: Tue, 20 Dec 2022 11:39:12 +0700
+Subject: [PATCH] Merge pull request from GHSA-9pfh-r8x4-w26w
+
+* Fix buffer overread in STUN message decoder
+
+* Updates based on comments
+---
+ pjnath/include/pjnath/stun_msg.h |  4 ++++
+ pjnath/src/pjnath/stun_msg.c     | 14 +++++++++++---
+ 2 files changed, 15 insertions(+), 3 deletions(-)
+
+diff --git a/pjnath/include/pjnath/stun_msg.h b/pjnath/include/pjnath/stun_msg.h
+index b52f95c586..e49f096f3a 100644
+--- a/pjnath/include/pjnath/stun_msg.h
++++ b/pjnath/include/pjnath/stun_msg.h
+@@ -442,6 +442,7 @@ typedef enum pj_stun_status
+ 
+    \endverbatim
+  */
++#pragma pack(1)
+ typedef struct pj_stun_msg_hdr
+ {
+     /**
+@@ -473,6 +474,7 @@ typedef struct pj_stun_msg_hdr
+     pj_uint8_t          tsx_id[12];
+ 
+ } pj_stun_msg_hdr;
++#pragma pack()
+ 
+ 
+ /**
+@@ -490,6 +492,7 @@ typedef struct pj_stun_msg_hdr
+ 
+    \endverbatim
+  */
++#pragma pack(1)
+ typedef struct pj_stun_attr_hdr
+ {
+     /**
+@@ -506,6 +509,7 @@ typedef struct pj_stun_attr_hdr
+     pj_uint16_t         length;
+ 
+ } pj_stun_attr_hdr;
++#pragma pack()
+ 
+ 
+ /**
+diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c
+index 3def6b3eac..e904a0ba47 100644
+--- a/pjnath/src/pjnath/stun_msg.c
++++ b/pjnath/src/pjnath/stun_msg.c
+@@ -746,7 +746,7 @@ PJ_DEF(int) pj_stun_set_padding_char(int chr)
+ 
+ #define INIT_ATTR(a,t,l)    (a)->hdr.type=(pj_uint16_t)(t), \
+                             (a)->hdr.length=(pj_uint16_t)(l)
+-#define ATTR_HDR_LEN        4
++#define ATTR_HDR_LEN        sizeof(pj_stun_attr_hdr)
+ 
+ static pj_uint16_t GETVAL16H(const pj_uint8_t *buf, unsigned pos)
+ {
+@@ -2327,6 +2327,14 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
+         status = pj_stun_msg_check(pdu, pdu_len, options);
+         if (status != PJ_SUCCESS)
+             return status;
++    } else {
++        /* For safety, verify packet length at least */
++        pj_uint32_t msg_len = GETVAL16H(pdu, 2) + 20;
++        if (msg_len > pdu_len ||
++            ((options & PJ_STUN_IS_DATAGRAM) && msg_len != pdu_len))
++        {
++            return PJNATH_EINSTUNMSGLEN;
++        }
+     }
+ 
+     /* Create the message, copy the header, and convert to host byte order */
+@@ -2345,7 +2353,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
+         p_response = NULL;
+ 
+     /* Parse attributes */
+-    while (pdu_len >= 4) {
++    while (pdu_len >= ATTR_HDR_LEN) {
+         unsigned attr_type, attr_val_len;
+         const struct attr_desc *adesc;
+ 
+@@ -2357,7 +2365,7 @@ PJ_DEF(pj_status_t) pj_stun_msg_decode(pj_pool_t *pool,
+         attr_val_len = (attr_val_len + 3) & (~3);
+ 
+         /* Check length */
+-        if (pdu_len < attr_val_len) {
++        if (pdu_len < attr_val_len + ATTR_HDR_LEN) {
+             pj_str_t err_msg;
+             char err_msg_buf[80];
+ 
diff --git a/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch
new file mode 100644
index 000000000000..499ce4373b56
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch
@@ -0,0 +1,50 @@
+From bc4812d31a67d5e2f973fbfaf950d6118226cf36 Mon Sep 17 00:00:00 2001
+From: sauwming <ming@teluu.com>
+Date: Fri, 23 Dec 2022 15:05:28 +0800
+Subject: [PATCH] Merge pull request from GHSA-cxwq-5g9x-x7fr
+
+* Fixed heap buffer overflow when parsing STUN errcode attribute
+
+* Also fixed uint parsing
+---
+ pjnath/src/pjnath/stun_msg.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/pjnath/src/pjnath/stun_msg.c b/pjnath/src/pjnath/stun_msg.c
+index c6b0bdd284..b55d29849a 100644
+--- a/pjnath/src/pjnath/stun_msg.c
++++ b/pjnath/src/pjnath/stun_msg.c
+@@ -1438,12 +1438,12 @@ static pj_status_t decode_uint_attr(pj_pool_t *pool,
+     attr = PJ_POOL_ZALLOC_T(pool, pj_stun_uint_attr);
+     GETATTRHDR(buf, &attr->hdr);
+ 
+-    attr->value = GETVAL32H(buf, 4);
+-
+     /* Check that the attribute length is valid */
+     if (attr->hdr.length != 4)
+         return PJNATH_ESTUNINATTRLEN;
+ 
++    attr->value = GETVAL32H(buf, 4);
++
+     /* Done */
+     *p_attr = attr;
+ 
+@@ -1757,14 +1757,15 @@ static pj_status_t decode_errcode_attr(pj_pool_t *pool,
+     attr = PJ_POOL_ZALLOC_T(pool, pj_stun_errcode_attr);
+     GETATTRHDR(buf, &attr->hdr);
+ 
++    /* Check that the attribute length is valid */
++    if (attr->hdr.length < 4)
++        return PJNATH_ESTUNINATTRLEN;
++
+     attr->err_code = buf[6] * 100 + buf[7];
+ 
+     /* Get pointer to the string in the message */
+     value.ptr = ((char*)buf + ATTR_HDR_LEN + 4);
+     value.slen = attr->hdr.length - 4;
+-    /* Make sure the length is never negative */
+-    if (value.slen < 0)
+-        value.slen = 0;
+ 
+     /* Copy the string to the attribute */
+     pj_strdup(pool, &attr->reason, &value);
diff --git a/net-libs/pjproject/files/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch b/net-libs/pjproject/files/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch
new file mode 100644
index 000000000000..009060a124d8
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch
@@ -0,0 +1,46 @@
+From ac685b30c17be461b2bf5b46a772ed9742b8e985 Mon Sep 17 00:00:00 2001
+From: Riza Sulistyo <trengginas@users.noreply.github.com>
+Date: Thu, 9 Feb 2023 13:19:23 +0700
+Subject: [PATCH] Make sure that NOTIFY tdata is set before sending it.
+
+---
+ pjsip/src/pjsip-simple/evsub.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/pjsip/src/pjsip-simple/evsub.c b/pjsip/src/pjsip-simple/evsub.c
+index da0a9b416..68c1d3951 100644
+--- a/pjsip/src/pjsip-simple/evsub.c
++++ b/pjsip/src/pjsip-simple/evsub.c
+@@ -2216,23 +2216,26 @@ static void on_tsx_state_uas( pjsip_evsub *sub, pjsip_transaction *tsx,
+             }
+ 
+         }  else {
+             sub->state = old_state;
+             sub->state_str = old_state_str;
+         }
+ 
+         /* Send the pending NOTIFY sent by app from inside
+          * on_rx_refresh() callback.
+          */
+-        pj_assert(sub->pending_notify);
+-        status = pjsip_evsub_send_request(sub, sub->pending_notify);
+-        sub->pending_notify = NULL;
++        //pj_assert(sub->pending_notify);
++        /* Make sure that pending_notify is set. */
++        if (sub->pending_notify) {
++            status = pjsip_evsub_send_request(sub, sub->pending_notify);
++            sub->pending_notify = NULL;
++        }
+ 
+     } else if (pjsip_method_cmp(&tsx->method, &pjsip_notify_method)==0) {
+ 
+         /* Handle authentication */
+         if (tsx->state == PJSIP_TSX_STATE_COMPLETED &&
+             (tsx->status_code==401 || tsx->status_code==407))
+         {
+             pjsip_tx_data *tdata;
+             pj_status_t status;
+             pjsip_rx_data *rdata = event->body.tsx_state.src.rdata;
+-- 
+2.39.1
+
diff --git a/net-libs/pjproject/pjproject-2.13-r1.ebuild b/net-libs/pjproject/pjproject-2.13-r1.ebuild
new file mode 100644
index 000000000000..5fc988110f6f
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.13-r1.ebuild
@@ -0,0 +1,142 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+# TODO: Figure out a way to disable SRTP from pjproject entirely.
+EAPI=8
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://github.com/pjsip/pjproject https://www.pjsip.org/"
+SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
+SOUND_FLAGS="alsa portaudio"
+IUSE="amr debug epoll examples opus resample silk ssl static-libs webrtc
+	${CODEC_FLAGS} g729
+	${VIDEO_FLAGS}
+	${SOUND_FLAGS}"
+
+RDEPEND=">=net-libs/libsrtp-2.3.0:=
+	alsa? ( media-libs/alsa-lib )
+	amr? ( media-libs/opencore-amr )
+	ffmpeg? ( media-video/ffmpeg:= )
+	g729? ( media-libs/bcg729 )
+	gsm? ( media-sound/gsm )
+	ilbc? ( media-libs/libilbc )
+	openh264? ( media-libs/openh264 )
+	opus? ( media-libs/opus )
+	portaudio? ( media-libs/portaudio )
+	resample? ( media-libs/libsamplerate )
+	sdl? ( media-libs/libsdl )
+	speex? (
+		media-libs/speex
+		media-libs/speexdsp
+	)
+	ssl? (
+		dev-libs/openssl:0=
+	)
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}/pjproject-2.13-r1-Make-sure-that-NOTIFY-tdata-is-set-before-sending-it_new.patch"
+	"${FILESDIR}/pjproject-2.13-r1-CVE-2022-23537-buffer-overread-on-STUN-error-decode.patch"
+	"${FILESDIR}/pjproject-2.13-r1-CVE-2022-23547-buffer-overread-on-STUN-decode.patch"
+)
+
+src_prepare() {
+	default
+	rm configure || die "Unable to remove unwanted wrapper"
+	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+	eautoreconf
+
+	cp "${FILESDIR}/pjproject-2.12.1-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
+}
+
+_pj_enable() {
+	usex "$1" '' "--disable-${2:-$1}"
+}
+
+_pj_get_define() {
+	local r="$(sed -nre "s/^#define[[:space:]]+$1[[:space:]]+//p" "${S}/pjlib/include/pj/config_site.h")"
+	[[ -z "${r}" ]] && die "Unable to fine #define $1 in config_site.h"
+	echo "$r"
+}
+
+_pj_set_define() {
+	local c=$(_pj_get_define "$1")
+	[[ "$c" = "$2" ]] && return 0
+	sed -re "s/^#define[[:space:]]+$1[[:space:]].*/#define $1 $2/" -i "${S}/pjlib/include/pj/config_site.h" || die "sed failed updating $1 to $2."
+	[[ "$(_pj_get_define "$1")" != "$2" ]] && die "sed failed to perform update for $1 to $2."
+}
+
+_pj_use_set_define() {
+	_pj_set_define "$2" $(usex "$1" 1 0)
+}
+
+src_configure() {
+	local myconf=()
+	local videnable="--disable-video"
+	local t
+
+	use debug || append-cflags -DNDEBUG=1
+
+	for t in ${CODEC_FLAGS}; do
+		myconf+=( $(_pj_enable ${t} ${t}-codec) )
+	done
+	myconf+=( $(_pj_enable g729 bcg729) )
+
+	for t in ${VIDEO_FLAGS}; do
+		myconf+=( $(_pj_enable ${t}) )
+		use "${t}" && videnable="--enable-video"
+	done
+
+	[ "${videnable}" = "--enable-video" ] && _pj_set_define PJMEDIA_HAS_VIDEO 1 || _pj_set_define PJMEDIA_HAS_VIDEO 0
+
+	LD="$(tc-getCC)" econf \
+		--enable-shared \
+		--with-external-srtp \
+		${videnable} \
+		$(_pj_enable alsa sound) \
+		$(_pj_enable amr opencore-amr) \
+		$(_pj_enable epoll) \
+		$(_pj_enable opus) \
+		$(_pj_enable portaudio ext-sound) \
+		$(_pj_enable resample libsamplerate) \
+		$(_pj_enable resample resample-dll) \
+		$(_pj_enable resample) \
+		$(_pj_enable silk) \
+		$(_pj_enable speex speex-aec) \
+		$(_pj_enable ssl) \
+		$(_pj_enable webrtc libwebrtc) \
+		$(use_with gsm external-gsm) \
+		$(use_with portaudio external-pa) \
+		$(use_with speex external-speex) \
+		"${myconf[@]}"
+}
+
+src_compile() {
+	emake dep LD="$(tc-getCC)"
+	emake LD="$(tc-getCC)"
+}
+
+src_install() {
+	default
+
+	newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
+	newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r pjsip-apps/src/samples
+	fi
+
+	use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
+}
-- 
cgit v1.2.3