Date: Sat, 2 Nov 2019 14:43:57 +0000 (UTC) From: Guido Falsi <madpilot@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r516330 - in head/net/pjsip: . files Message-ID: <201911021443.xA2EhvY2069912@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: madpilot Date: Sat Nov 2 14:43:56 2019 New Revision: 516330 URL: https://svnweb.freebsd.org/changeset/ports/516330 Log: Update patches imported from asterisk project to latest version. Obtained from: https://gerrit.asterisk.org/plugins/gitiles/asterisk/+/164e5372a213bd3264870d614f006df2be043938 Deleted: head/net/pjsip/files/patch-0032 head/net/pjsip/files/patch-0033 Modified: head/net/pjsip/Makefile head/net/pjsip/files/patch-0030 head/net/pjsip/files/patch-0031 Modified: head/net/pjsip/Makefile ============================================================================== --- head/net/pjsip/Makefile Sat Nov 2 14:33:44 2019 (r516329) +++ head/net/pjsip/Makefile Sat Nov 2 14:43:56 2019 (r516330) @@ -2,7 +2,7 @@ PORTNAME= pjsip PORTVERSION= 2.9 -PORTREVISION= 2 +PORTREVISION= 3 CATEGORIES= net MASTER_SITES= http://www.pjsip.org/release/${PORTVERSION}/ DISTNAME= pjproject-${DISTVERSION} Modified: head/net/pjsip/files/patch-0030 ============================================================================== --- head/net/pjsip/files/patch-0030 Sat Nov 2 14:33:44 2019 (r516329) +++ head/net/pjsip/files/patch-0030 Sat Nov 2 14:43:56 2019 (r516330) @@ -1,60 +1,105 @@ -From 8d0652d4a02c7b8da58b1b98421cfda57056184d Mon Sep 17 00:00:00 2001 +From 489281f29fc7b97143cf79154f22e5007adaba39 Mon Sep 17 00:00:00 2001 From: George Joseph <gjoseph@digium.com> -Date: Tue, 24 Sep 2019 06:41:16 -0600 -Subject: [PATCH 30/33] Revert "Misc (re #2147): Fixed warnings in SSL socket: - redefinition of typedef 'pj_ssl_sock_t' and unused 'get_pem'." +Date: Wed, 9 Oct 2019 07:49:44 -0600 +Subject: [PATCH 30/31] ssl regression fix -This reverts commit 688a9b0de685328f62b2df86304b44c21e4460ae. --- - pjlib/src/pj/ssl_sock_imp_common.h | 4 ++-- - pjlib/src/pj/ssl_sock_ossl.c | 5 +---- - 2 files changed, 3 insertions(+), 6 deletions(-) + pjlib/src/pj/ssl_sock_gtls.c | 6 ++++-- + pjlib/src/pj/ssl_sock_imp_common.c | 4 ++++ + pjlib/src/pj/ssl_sock_imp_common.h | 3 +++ + pjlib/src/pj/ssl_sock_ossl.c | 9 +++++---- + 4 files changed, 16 insertions(+), 6 deletions(-) +diff --git a/pjlib/src/pj/ssl_sock_gtls.c b/pjlib/src/pj/ssl_sock_gtls.c +index 311b7b757..484770ae4 100644 +--- pjlib/src/pj/ssl_sock_gtls.c ++++ pjlib/src/pj/ssl_sock_gtls.c +@@ -1050,7 +1050,8 @@ static void ssl_update_certs_info(pj_ssl_sock_t *ssock) + goto us_out; + + tls_cert_get_info(ssock->pool, &ssock->local_cert_info, cert); +- tls_cert_get_chain_raw(ssock->pool, &ssock->local_cert_info, us, 1); ++ pj_pool_reset(ssock->info_pool); ++ tls_cert_get_chain_raw(ssock->info_pool, &ssock->local_cert_info, us, 1); + + us_out: + tls_last_error = ret; +@@ -1077,7 +1078,8 @@ us_out: + goto peer_out; + + tls_cert_get_info(ssock->pool, &ssock->remote_cert_info, cert); +- tls_cert_get_chain_raw(ssock->pool, &ssock->remote_cert_info, certs, ++ pj_pool_reset(ssock->info_pool); ++ tls_cert_get_chain_raw(ssock->info_pool, &ssock->remote_cert_info, certs, + certslen); + + peer_out: +diff --git a/pjlib/src/pj/ssl_sock_imp_common.c b/pjlib/src/pj/ssl_sock_imp_common.c +index e6273d832..51a62a2fb 100644 +--- pjlib/src/pj/ssl_sock_imp_common.c ++++ pjlib/src/pj/ssl_sock_imp_common.c +@@ -616,6 +616,7 @@ static void ssl_on_destroy(void *arg) + } + + /* Secure release pool, i.e: all memory blocks will be zeroed first */ ++ pj_pool_secure_release(&ssock->info_pool); + pj_pool_secure_release(&ssock->pool); + } + +@@ -1262,15 +1263,18 @@ PJ_DEF(pj_status_t) pj_ssl_sock_create (pj_pool_t *pool, + { + pj_ssl_sock_t *ssock; + pj_status_t status; ++ pj_pool_t *info_pool; + + PJ_ASSERT_RETURN(pool && param && p_ssock, PJ_EINVAL); + PJ_ASSERT_RETURN(param->sock_type == pj_SOCK_STREAM(), PJ_ENOTSUP); + ++ info_pool = pj_pool_create(pool->factory, "ssl_chain%p", 512, 512, NULL); + pool = pj_pool_create(pool->factory, "ssl%p", 512, 512, NULL); + + /* Create secure socket */ + ssock = ssl_alloc(pool); + ssock->pool = pool; ++ ssock->info_pool = info_pool; + ssock->sock = PJ_INVALID_SOCKET; + ssock->ssl_state = SSL_STATE_NULL; + ssock->circ_buf_input.owner = ssock; diff --git a/pjlib/src/pj/ssl_sock_imp_common.h b/pjlib/src/pj/ssl_sock_imp_common.h -index 09f259ef7..4edbb3b82 100644 +index 09f259ef7..eb45f14e0 100644 --- pjlib/src/pj/ssl_sock_imp_common.h +++ pjlib/src/pj/ssl_sock_imp_common.h -@@ -93,7 +93,7 @@ typedef struct circ_buf_t { - /* - * Secure socket structure definition. - */ --struct pj_ssl_sock_t -+typedef struct pj_ssl_sock_t +@@ -96,6 +96,9 @@ typedef struct circ_buf_t { + struct pj_ssl_sock_t { pj_pool_t *pool; ++ pj_pool_t *info_pool; /* this is for certificate chain ++ * information allocation. Don't use for ++ * other purposes. */ pj_ssl_sock_t *parent; -@@ -139,7 +139,7 @@ struct pj_ssl_sock_t - - circ_buf_t circ_buf_output; - pj_lock_t *circ_buf_output_mutex; --}; -+} pj_ssl_sock_t; - - - /* + pj_ssl_sock_param param; + pj_ssl_sock_param newsock_param; diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c -index b4ac5c15f..debb105b1 100644 +index b4ac5c15f..2545b7c37 100644 --- pjlib/src/pj/ssl_sock_ossl.c +++ pjlib/src/pj/ssl_sock_ossl.c -@@ -37,6 +37,7 @@ - #if defined(PJ_HAS_SSL_SOCK) && PJ_HAS_SSL_SOCK != 0 && \ - (PJ_SSL_SOCK_IMP == PJ_SSL_SOCK_IMP_OPENSSL) +@@ -1637,11 +1637,12 @@ static void ssl_update_certs_info(pj_ssl_sock_t *ssock) -+#include "ssl_sock_imp_common.h" - #include "ssl_sock_imp_common.c" + chain = SSL_get_peer_cert_chain(ossock->ossl_ssl); + if (chain) { +- ssl_update_remote_cert_chain_info(ssock->pool, +- &ssock->remote_cert_info, +- chain, PJ_TRUE); ++ pj_pool_reset(ssock->info_pool); ++ ssl_update_remote_cert_chain_info(ssock->info_pool, ++ &ssock->remote_cert_info, ++ chain, PJ_TRUE); + } else { +- ssock->remote_cert_info.raw_chain.cnt = 0; ++ ssock->remote_cert_info.raw_chain.cnt = 0; + } + } - #define THIS_FILE "ssl_sock_ossl.c" -@@ -1575,10 +1576,6 @@ static void ssl_update_remote_cert_chain_info(pj_pool_t *pool, - { - int i; - -- /* For now, get_pem has to be PJ_TRUE */ -- pj_assert(get_pem); -- PJ_UNUSED_ARG(get_pem); -- - ci->raw_chain.cert_raw = (pj_str_t *)pj_pool_calloc(pool, - sk_X509_num(chain), - sizeof(pj_str_t)); -- 2.21.0 Modified: head/net/pjsip/files/patch-0031 ============================================================================== --- head/net/pjsip/files/patch-0031 Sat Nov 2 14:33:44 2019 (r516329) +++ head/net/pjsip/files/patch-0031 Sat Nov 2 14:43:56 2019 (r516330) @@ -1,84 +1,187 @@ -From 616a13933f33a6d74f84d85b5bfb858279a09e2d Mon Sep 17 00:00:00 2001 +From 9c6108ca392d5e0392e7fb5d2ffde85e3c44ce55 Mon Sep 17 00:00:00 2001 From: George Joseph <gjoseph@digium.com> -Date: Tue, 24 Sep 2019 06:42:04 -0600 -Subject: [PATCH 31/33] Revert "Fixed #2204: Add OpenSSL remote certificate - chain info" +Date: Wed, 9 Oct 2019 07:50:32 -0600 +Subject: [PATCH 31/31] transport regression fix -This reverts commit f71d60c866c4572a7c8398fe982416771fc6a7f5. --- - pjlib/src/pj/ssl_sock_ossl.c | 45 ------------------------------------ - 1 file changed, 45 deletions(-) + pjsip/src/pjsip/sip_transport.c | 73 +++++++++++++++++++++++++++------ + 1 file changed, 61 insertions(+), 12 deletions(-) -diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c -index debb105b1..109c5c1e2 100644 ---- pjlib/src/pj/ssl_sock_ossl.c -+++ pjlib/src/pj/ssl_sock_ossl.c -@@ -1566,41 +1566,6 @@ static void get_cert_info(pj_pool_t *pool, pj_ssl_cert_info *ci, X509 *x, - } +diff --git a/pjsip/src/pjsip/sip_transport.c b/pjsip/src/pjsip/sip_transport.c +index 65ac823d4..da6b70e50 100644 +--- pjsip/src/pjsip/sip_transport.c ++++ pjsip/src/pjsip/sip_transport.c +@@ -50,6 +50,24 @@ static const char *addr_string(const pj_sockaddr_t *addr) + str, sizeof(str)); + return str; } ++static const char* print_tpsel_info(const pjsip_tpselector *sel) ++{ ++ static char tpsel_info_buf[80]; ++ if (!sel) return "(null)"; ++ if (sel->type==PJSIP_TPSELECTOR_LISTENER) ++ pj_ansi_snprintf(tpsel_info_buf, sizeof(tpsel_info_buf), ++ "listener[%s], reuse=%d", sel->u.listener->obj_name, ++ !sel->disable_connection_reuse); ++ else if (sel->type==PJSIP_TPSELECTOR_TRANSPORT) ++ pj_ansi_snprintf(tpsel_info_buf, sizeof(tpsel_info_buf), ++ "transport[%s], reuse=%d", sel->u.transport->info, ++ !sel->disable_connection_reuse); ++ else ++ pj_ansi_snprintf(tpsel_info_buf, sizeof(tpsel_info_buf), ++ "unknown[%p], reuse=%d", sel->u.ptr, ++ !sel->disable_connection_reuse); ++ return tpsel_info_buf; ++} + #else + # define TRACE_(x) + #endif +@@ -1210,10 +1228,14 @@ PJ_DEF(pj_status_t) pjsip_transport_register( pjsip_tpmgr *mgr, + * new transport to the list. + */ + pj_list_push_back(tp_ref, tp_add); ++ TRACE_((THIS_FILE, "Remote address already registered, " ++ "appended the transport to the list")); + } else { + /* Transport list not found, add it to the hash table. */ + pj_hash_set_np(mgr->table, &tp->key, key_len, hval, tp_add->tp_buf, + tp_add); ++ TRACE_((THIS_FILE, "Remote address not registered, " ++ "added the transport to the hash")); + } --/* Update remote certificates chain info. This function should be -- * called after handshake or renegotiation successfully completed. -- */ --static void ssl_update_remote_cert_chain_info(pj_pool_t *pool, -- pj_ssl_cert_info *ci, -- STACK_OF(X509) *chain, -- pj_bool_t get_pem) --{ -- int i; -- -- ci->raw_chain.cert_raw = (pj_str_t *)pj_pool_calloc(pool, -- sk_X509_num(chain), -- sizeof(pj_str_t)); -- ci->raw_chain.cnt = sk_X509_num(chain); -- -- for (i = 0; i < sk_X509_num(chain); i++) { -- BIO *bio; -- BUF_MEM *ptr; -- X509 *x = sk_X509_value(chain, i); -- -- bio = BIO_new(BIO_s_mem()); -- -- if (!PEM_write_bio_X509(bio, x)) { -- PJ_LOG(3, (THIS_FILE, "Error retrieving raw certificate info")); -- ci->raw_chain.cert_raw[i].ptr = NULL; -- ci->raw_chain.cert_raw[i].slen = 0; -- } else { -- BIO_write(bio, "\0", 1); -- BIO_get_mem_ptr(bio, &ptr); -- pj_strdup2(pool, &ci->raw_chain.cert_raw[i], ptr->data ); -- } -- -- BIO_free(bio); -- } --} + /* Add ref transport group lock, if any */ +@@ -1283,6 +1305,13 @@ static pj_status_t destroy_transport( pjsip_tpmgr *mgr, + /* The transport list has multiple entry. */ + pj_hash_set_np(mgr->table, &tp_next->tp->key, key_len, + hval, tp_next->tp_buf, tp_next); ++ TRACE_((THIS_FILE, "Hash entry updated after " ++ "transport %d being destroyed", ++ tp->obj_name)); ++ } else { ++ TRACE_((THIS_FILE, "Hash entry deleted after " ++ "transport %d being destroyed", ++ tp->obj_name)); + } + } - /* Update local & remote certificates info. This function should be - * called after handshake or renegotiation successfully completed. -@@ -1609,7 +1574,6 @@ static void ssl_update_certs_info(pj_ssl_sock_t *ssock) - { - ossl_sock_t *ossock = (ossl_sock_t *)ssock; - X509 *x; -- STACK_OF(X509) *chain; - - pj_assert(ssock->ssl_state == SSL_STATE_ESTABLISHED); - -@@ -1631,15 +1595,6 @@ static void ssl_update_certs_info(pj_ssl_sock_t *ssock) - } else { - pj_bzero(&ssock->remote_cert_info, sizeof(pj_ssl_cert_info)); +@@ -1294,6 +1323,14 @@ static pj_status_t destroy_transport( pjsip_tpmgr *mgr, + } + tp_iter = tp_iter->next; + } while (tp_iter != tp_ref); ++ ++ if (tp_iter->tp != tp) { ++ PJ_LOG(3, (THIS_FILE, "Warning: transport %s being destroyed is " ++ "not registered", tp->obj_name)); ++ } ++ } else { ++ PJ_LOG(3, (THIS_FILE, "Warning: transport %s being destroyed is " ++ "not found in the hash table", tp->obj_name)); } -- -- chain = SSL_get_peer_cert_chain(ossock->ossl_ssl); -- if (chain) { -- ssl_update_remote_cert_chain_info(ssock->pool, -- &ssock->remote_cert_info, -- chain, PJ_TRUE); -- } else { -- ssock->remote_cert_info.raw_chain.cnt = 0; -- } + + pj_lock_release(mgr->lock); +@@ -2159,6 +2196,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport(pjsip_tpmgr *mgr, + NULL, tp); } ++ + /* + * pjsip_tpmgr_acquire_transport2() + * +@@ -2176,8 +2214,9 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, + pjsip_tpfactory *factory; + pj_status_t status; +- TRACE_((THIS_FILE,"Acquiring transport type=%s, remote=%s:%d", ++ TRACE_((THIS_FILE,"Acquiring transport type=%s, sel=%s remote=%s:%d", + pjsip_transport_get_type_name(type), ++ print_tpsel_info(sel), + addr_string(remote), + pj_sockaddr_get_port(remote))); + +@@ -2194,6 +2233,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, + /* See if the transport is (not) suitable */ + if (seltp->key.type != type) { + pj_lock_release(mgr->lock); ++ TRACE_((THIS_FILE, "Transport type in tpsel not matched")); + return PJSIP_ETPNOTSUITABLE; + } + +@@ -2234,6 +2274,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, + { + if (sel->u.listener->type != type) { + pj_lock_release(mgr->lock); ++ TRACE_((THIS_FILE, "Listener type in tpsel not matched")); + return PJSIP_ETPNOTSUITABLE; + } + } +@@ -2249,21 +2290,25 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, + tp_entry = (transport *)pj_hash_get(mgr->table, &key, key_len, + NULL); + if (tp_entry) { +- if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER) { +- transport *tp_iter = tp_entry; +- do { ++ transport *tp_iter = tp_entry; ++ do { ++ /* Don't use transport being shutdown */ ++ if (!tp_iter->tp->is_shutdown) { + if (sel && sel->type == PJSIP_TPSELECTOR_LISTENER && +- sel->u.listener && +- tp_iter->tp->factory == sel->u.listener) ++ sel->u.listener) + { ++ /* Match listener if selector is set */ ++ if (tp_iter->tp->factory == sel->u.listener) { ++ tp_ref = tp_iter->tp; ++ break; ++ } ++ } else { + tp_ref = tp_iter->tp; + break; + } +- tp_iter = tp_iter->next; +- } while (tp_iter != tp_entry); +- } else { +- tp_ref = tp_entry->tp; +- } ++ } ++ tp_iter = tp_iter->next; ++ } while (tp_iter != tp_entry); + } + } + +@@ -2276,7 +2321,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, + + /* Ignore address for loop transports. */ + if (type == PJSIP_TRANSPORT_LOOP || +- type == PJSIP_TRANSPORT_LOOP_DGRAM) ++ type == PJSIP_TRANSPORT_LOOP_DGRAM) + { + pj_sockaddr *addr = &key.rem_addr; + +@@ -2315,6 +2360,7 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, + * 'duplicate' of the existing transport (same type & remote addr, + * but different factory). + */ ++ TRACE_((THIS_FILE, "Transport found but from different listener")); + } + + if (tp_ref!=NULL && !tp_ref->is_shutdown) { +@@ -2347,10 +2393,13 @@ PJ_DEF(pj_status_t) pjsip_tpmgr_acquire_transport2(pjsip_tpmgr *mgr, + */ + + /* Verify that the listener type matches the destination type */ ++ /* Already checked above. */ ++ /* + if (sel->u.listener->type != type) { + pj_lock_release(mgr->lock); + return PJSIP_ETPNOTSUITABLE; + } ++ */ + + /* We'll use this listener to create transport */ + factory = sel->u.listener; -- 2.21.0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911021443.xA2EhvY2069912>