Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 775005 - net-misc/asterisk: injects some CFLAGS
Summary: net-misc/asterisk: injects some CFLAGS
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Jaco Kroon
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2021-03-09 09:50 UTC by Sam James
Modified: 2021-03-19 08:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-09 09:50:38 UTC
[09:26:41]  <@sam_> jkroon:
[09:26:41]  <@sam_> x86_64-pc-linux-gnu-gcc -o src/gsm_print.o -c src/gsm_print.c -MD -MT src/gsm_print.o -MF .src_gsm_print.o.d -MP -pthread -I/var/tmp/portage/net-misc/asterisk-16.16.2/work/asterisk-16.16.2/include -O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches  -I/usr/include/libxml2 -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations   -g3 -O3 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fPIC  -c
[09:26:41]  <@sam_>  -DNeedFunctionPrototypes=1 -funroll-loops -O3 -DSASR -DNDEBUG    -DWAV49   -I./inc -O3 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches
[09:26:52]  <@sam_> it's forcing -O3 -funroll-loops
[09:27:01]  <@sam_> (asterisk 16)
[09:29:15]  <@sam_> oh, asterisk 13 does it too. Pff.
[09:29:44]  <ionen> -O3 three times huh, lost in the end but still
[09:29:56]  <@sam_> the unroll loops wouldn't be lost, but yeah
Comment 1 Larry the Git Cow gentoo-dev 2021-03-19 08:52:08 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c21e28747944f84b98359b37cfe4d2f2e0b7bb0b

commit c21e28747944f84b98359b37cfe4d2f2e0b7bb0b
Author:     Jaco Kroon <jaco@uls.co.za>
AuthorDate: 2021-03-13 19:59:24 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-03-19 08:51:49 +0000

    net-misc/asterisk: rev bump for 16.
    
    Same changes as for 13, except that format_ogg_speex isn't being dropped
    since it it was introduced in 16.
    
    Closes: https://bugs.gentoo.org/772821
    Introduce USE=deprecated to enable deprecated apps/funcs/features.  For
    now, this is only app_macro.
    
    Closes: https://bugs.gentoo.org/775005
    net-misc/asterisk: injects some CFLAGS.  Thanks Sam.
    
    Closes: https://bugs.gentoo.org/767262
    systemd automagic dependency.
    
    Closes: https://bugs.gentoo.org/775353
    Make asterisk depend on the pjproject SUBSLOT.  Ie, rebuild if pjproject
    gets updated.
    
    Closes: https://bugs.gentoo.org/761442
    Repair "security" issue in that /var/lib/asterisk can now be root:root.
    The problem with having it asterisk: is that any arbitrary code vuln
    becomes a data modification one.  So with this as root:root we can at
    least prevent modifications to /var/lib/asterisk whilst still allowing
    /var/lib/asterisk/astdb to be modified as required.
    
    Repair default voicemail selection.  Thank you pkgcheck scan.
    
    Drop ASTCFLAGS= and ASTLDFLAGS since ./configure already imports these.
    I believe Tony added this as a hammer to deal with 775005 above since
    these got re-added again after the asterisk injected ones.   By setting
    DEBUG= and OPTIMIZE= this problem should now be something of the past.
    
    Introduce GENTOO_ASTERISK_CUSTOM_MENUSELECT= environment variable that
    can be set from make.conf and takes a string similar to USE flags,
    except that these gets passed to menuselect one by one, if -option as
    --disable option, else --enable option.  Prefixes + and - is supported,
    and will be stripped before passing to menuselect.
    
    menuselect has been patched to exit non-zero in case of invalid option
    passed to --enable or --disable, resulting in above being reliable (if
    you have something invalid in there, it will die).
    
    Accordingly drop format_ogg_speex which doesn't exist in asterisk 13.
    
    Drop no longer required ncurses dependencies (system libedit).
    
    Explicitly pass ASTCACHEDIR=/var/cache/asterisk, and update install
    patch to not install this path, handle in tmpfiles and initd since we're
    not supposed to install into /var/cache either ...
    
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Jaco Kroon <jaco@uls.co.za>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 net-misc/asterisk/asterisk-16.16.2-r1.ebuild       | 365 +++++++++++++++++++++
 .../asterisk-16.16.2-no-var-run-install.patch      |   2 +-
 net-misc/asterisk/files/asterisk.tmpfiles3.conf    |   2 +
 net-misc/asterisk/files/confd-16.16.2-r1           | 171 ++++++++++
 net-misc/asterisk/files/initd-16.16.2-r1           | 363 ++++++++++++++++++++
 net-misc/asterisk/metadata.xml                     |   3 +-
 6 files changed, 904 insertions(+), 2 deletions(-)

Additionally, it has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c7d0aa6515bffacdaed2237cd28231100465422

commit 2c7d0aa6515bffacdaed2237cd28231100465422
Author:     Jaco Kroon <jaco@uls.co.za>
AuthorDate: 2021-03-13 12:13:02 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-03-19 08:51:49 +0000

    net-misc/asterisk: version bump for 13.
    
    This is primarily aimed to fixing bugs, asterisk 13 is sec-only
    upstream, so no further fixes will be made except to address bugs
    reported to bus.gentoo.org.
    
    Note that bugs aren't being closed since 16* is still affected (will be
    fixed on next bump, just waiting for 16.17.0 to be cut).
    
    Bug: https://bugs.gentoo.org/775005
    net-misc/asterisk: injects some CFLAGS.  Thanks Sam.
    
    Bug: https://bugs.gentoo.org/767262
    systemd automagic dependency.
    
    Bug: https://bugs.gentoo.org/775353
    Make asterisk depend on the pjproject SUBSLOT.  Ie, rebuild if pjproject
    gets updated.
    
    Bug: https://bugs.gentoo.org/761442
    Repair "security" issue in that /var/lib/asterisk can now be root:root.
    The problem with having it asterisk: is that any arbitrary code vuln
    becomes a data modification one.  So with this as root:root we can at
    least prevent modifications to /var/lib/asterisk whilst still allowing
    /var/lib/asterisk/astdb to be modified as required.
    
    Repair default voicemail selection.  Thank you pkgcheck scan.
    
    Drop ASTCFLAGS= and ASTLDFLAGS since ./configure already imports these.
    I believe Tony added this as a hammer to deal with 775005 above since
    these got re-added again after the asterisk injected ones.   By setting
    DEBUG= and OPTIMIZE= this problem should now be something of the past.
    
    Introduce GENTOO_ASTERISK_CUSTOM_MENUSELECT= environment variable that
    can be set from make.conf and takes a string similar to USE flags,
    except that these gets passed to menuselect one by one, if -option as
    --disable option, else --enable option.  Prefixes + and - is supported,
    and will be stripped before passing to menuselect.
    
    menuselect has been patched to exit non-zero in case of invalid option
    passed to --enable or --disable, resulting in above being reliable (if
    you have something invalid in there, it will die).
    
    Accordingly drop format_ogg_speex which doesn't exist in asterisk 13.
    
    Drop no longer required ncurses dependencies (system libedit).
    
    Signed-off-by: Jaco Kroon <jaco@uls.co.za>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 net-misc/asterisk/asterisk-13.38.2-r1.ebuild       | 348 +++++++++++++++++++++
 .../asterisk-13.38.2-r1-menuselect-exitcodes.patch |  67 ++++
 2 files changed, 415 insertions(+)