From: Maxim Cournoyer <maxim.cournoyer@gmail.com>
To: 47513@debbugs.gnu.org
Cc: Maxim Cournoyer <maxim.cournoyer@gmail.com>
Subject: [bug#47513] [PATCH 07/12] gnu: pjproject-jami: Fix CVE-2020-15260 and CVE-2021-21375.
Date: Wed, 31 Mar 2021 01:23:43 -0400 [thread overview]
Message-ID: <20210331052348.5164-7-maxim.cournoyer@gmail.com> (raw)
In-Reply-To: <20210331052348.5164-1-maxim.cournoyer@gmail.com>
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset=yes, Size: 6127 bytes --]
The custom pjproject package used by Jami is updated with the latest patches
found in the 20210326.1.cfba013 release of Jami.
* gnu/packages/jami.scm (%jami-version): Update to 20210326.1.cfba013.
(jami-source) [snippet]: Update comment. Add client-electron and client-ios
to the list of deleted directories. Remove client-windows from the list, as
it no longer exists.
(jami-apply-dependency-patches): Update comment. Ignore whitespace
when applying patches, otherwise the pjproject patches would not apply.
(pjproject-jami): Add comment.
[source]: Define the source; the parent pjproject package was
updated was updated to 2.11, but the patches only apply against 2.10.
[phases] <apply-patches>: Update the list of patches used with those found in
the release tarball.
---
gnu/packages/jami.scm | 52 ++++++++++++++++++++++++++++++-------------
1 file changed, 36 insertions(+), 16 deletions(-)
diff --git a/gnu/packages/jami.scm b/gnu/packages/jami.scm
index 3773c1ab0a..35d84bb37b 100644
--- a/gnu/packages/jami.scm
+++ b/gnu/packages/jami.scm
@@ -2,7 +2,7 @@
;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
;;; Copyright © 2019, 2020 Jan Wielkiewicz <tona_kosmicznego_smiecia@interia.pl>
-;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2020, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -63,7 +63,7 @@
#:use-module (guix utils)
#:use-module (srfi srfi-1))
-(define %jami-version "20200710.1.6bd18d2")
+(define %jami-version "20210326.1.cfba013")
(define* (jami-source #:key keep-contrib-patches?)
"Return an origin object of the tarball release sources archive of Jami.
@@ -78,7 +78,7 @@ of Jami."
(modules '((guix build utils)))
(snippet
`(begin
- ;; Delete over 200 MiB of bundled tarballs. The contrib directory
+ ;; Delete multiple MiBs of bundled tarballs. The contrib directory
;; contains the custom patches for pjproject and other libraries used
;; by Savoir-faire Linux.
(if ,keep-contrib-patches?
@@ -86,21 +86,21 @@ of Jami."
(delete-file-recursively "daemon/contrib"))
;; Remove code from unused Jami clients.
(for-each delete-file-recursively '("client-android"
+ "client-electron"
+ "client-ios"
"client-macosx"
- "client-uwp"
- "client-windows"))
- #t))
+ "client-uwp"))))
(sha256
(base32
- "0lg61jv39x7kc9lq30by246xb6gcgp1rzj49ak7ff8nqpfzyfvva"))))
+ "1h0avma8bdzyznkz39crjyv2888bii4f49md15jg7970dyp5pdyz"))))
(define %sfl-patches (jami-source #:keep-contrib-patches? #t))
(define %jami-sources (jami-source))
-;; Savoir-faire Linux modifies many libraries to add features
-;; to Jami. This procedure makes applying patches to a given
-;; package easy.
+;; Savoir-faire Linux maintains a set of patches for some key dependencies
+;; (currently pjproject and ffmpeg) of Jami that haven't yet been integrated
+;; upstream. This procedure simplifies the process of applying these patches.x
(define jami-apply-dependency-patches
'(lambda* (#:key inputs dep-name patches)
(let ((patches-directory "sfl-patches"))
@@ -112,15 +112,30 @@ of Jami."
dep-name))
(for-each
(lambda (file)
- (invoke "patch" "--force" "-p1" "-i"
+ (invoke "patch" "--force" "--ignore-whitespace" "-p1" "-i"
(string-append patches-directory "/"
file ".patch")))
patches))))
+;;; Jami maintains pjproject patches that add the ability to do ICE over TCP,
+;;; among other things. The patches are currently based on pjproject 2.10.
(define-public pjproject-jami
(package
(inherit pjproject)
(name "pjproject-jami")
+ (version "2.10")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/pjsip/pjproject")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1aklicpgwc88578k03i5d5cm5h8mfm7hmx8vfprchbmaa2p8f4z0"))
+ (patches (search-patches
+ "pjproject-correct-the-cflags-field.patch"
+ "pjproject-fix-pkg-config-ldflags.patch"))))
(native-inputs
`(("sfl-patches" ,%sfl-patches)
,@(package-native-inputs pjproject)))
@@ -140,14 +155,19 @@ of Jami."
"0004-multiple_listeners"
"0005-fix_ebusy_turn"
"0006-ignore_ipv6_on_transport_check"
- "0007-pj_ice_sess"
+ "0007-upnp-srflx-nat-assisted-cand"
"0008-fix_ioqueue_ipv6_sendto"
"0009-add-config-site"
- ;; Note: The base pjproject is already patched with
- ;; "0010-fix-pkgconfig".
+ ;; Already taken care of via the origin patches.
+ ;;"0010-fix-pkgconfig"
"0011-fix-tcp-death-detection"
- "0012-fix-turn-shutdown-crash"))
- #t))))))))
+ "0012-fix-turn-shutdown-crash"
+ "0013-Assign-unique-local-preferences-for-candidates-with-"
+ "0014-Add-new-compile-time-setting-PJ_ICE_ST_USE_TURN_PERM"
+ "0015-update-local-preference-for-peer-reflexive-candidate"
+ "0016-use-addrinfo-instead-CFHOST"
+ "0017-CVE-2020-15260"
+ "0018-CVE-2021-21375"))))))))))
;; The following variables are configure flags used by ffmpeg-jami. They're
;; from the ring-project/daemon/contrib/src/ffmpeg/rules.mak file. We try to
--
2.31.1
next prev parent reply other threads:[~2021-03-31 5:26 UTC|newest]
Thread overview: 35+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-31 5:14 [bug#47513] [PATCH 00/12] Update jami and add jami-qt Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 01/12] gnu: asio: Update to 1.18.1 Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 02/12] gnu: restbed: Update to 4.7 Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 03/12] gnu: restinio: Update to 0.6.13 Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 04/12] gnu: Add nettle-3.7 Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 05/12] gnu: opendht: Update to 2.2.0rc4 Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 06/12] gnu: pjproject: Update to 2.11 Maxim Cournoyer
2021-03-31 5:23 ` Maxim Cournoyer [this message]
2021-03-31 5:23 ` [bug#47513] [PATCH 08/12] ffmpeg-jami: Patch with the patches from Jami 20210326.1.cfba013 Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 09/12] gnu: libring: Update to 20210326.1.cfba013 Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 10/12] gnu: libringclient: " Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 11/12] gnu: jami: Update to 20210326.1.cfba013 and rename to jami-gnome Maxim Cournoyer
2021-03-31 6:08 ` Jack Hill
2021-03-31 15:21 ` Jack Hill
2021-03-31 15:23 ` Jack Hill
2021-03-31 17:26 ` Maxim Cournoyer
2021-03-31 5:23 ` [bug#47513] [PATCH 12/12] gnu: Add jami-qt Maxim Cournoyer
2021-03-31 6:49 ` [bug#47513] [PATCH 00/12] Update jami and add jami-qt Maxime Devos
2021-03-31 13:23 ` Maxime Devos
2021-03-31 16:57 ` Maxim Cournoyer
2021-03-31 17:23 ` Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 01/12] gnu: asio: Update to 1.18.1 Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 02/12] gnu: restbed: Update to 4.7 Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 03/12] gnu: restinio: Update to 0.6.13 Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 04/12] gnu: Add nettle-3.7 Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 05/12] gnu: opendht: Update to 2.2.0rc4 Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 06/12] gnu: pjproject: Update to 2.11 Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 07/12] gnu: pjproject-jami: Fix CVE-2020-15260 and CVE-2021-21375 Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 08/12] ffmpeg-jami: Patch with the patches from Jami 20210326.1.cfba013 Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 09/12] gnu: libring: Update to 20210326.1.cfba013 Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 10/12] gnu: libringclient: " Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 11/12] gnu: jami: Update to 20210326.1.cfba013 and rename to jami-gnome Maxim Cournoyer
2021-03-31 17:22 ` [bug#47513] [PATCH v2 12/12] gnu: Add jami-qt Maxim Cournoyer
2021-04-01 11:10 ` [bug#47513] [PATCH 00/12] Update jami and add jami-qt Maxime Devos
2021-04-02 11:52 ` bug#47513: " Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210331052348.5164-7-maxim.cournoyer@gmail.com \
--to=maxim.cournoyer@gmail.com \
--cc=47513@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).