Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 775005 - net-misc/asterisk: injects some CFLAGS
Summary: net-misc/asterisk: injects some CFLAGS
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Jaco Kroon
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2021-03-09 09:50 UTC by Sam James
Modified: 2021-03-19 08:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-03-09 09:50:38 UTC 
[09:26:41]  <@sam_> jkroon:
[09:26:41]  <@sam_> x86_64-pc-linux-gnu-gcc -o src/gsm_print.o -c src/gsm_print.c -MD -MT src/gsm_print.o -MF .src_gsm_print.o.d -MP -pthread -I/var/tmp/portage/net-misc/asterisk-16.16.2/work/asterisk-16.16.2/include -O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches  -I/usr/include/libxml2 -Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations   -g3 -O3 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -fPIC  -c
[09:26:41]  <@sam_>  -DNeedFunctionPrototypes=1 -funroll-loops -O3 -DSASR -DNDEBUG    -DWAV49   -I./inc -O3 -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -O2 -pipe -march=native -fdiagnostics-color=always -frecord-gcc-switches
[09:26:52]  <@sam_> it's forcing -O3 -funroll-loops
[09:27:01]  <@sam_> (asterisk 16)
[09:29:15]  <@sam_> oh, asterisk 13 does it too. Pff.
[09:29:44]  <ionen> -O3 three times huh, lost in the end but still
[09:29:56]  <@sam_> the unroll loops wouldn't be lost, but yeah
Comment 1 Larry the Git Cow gentoo-dev 2021-03-19 08:52:08 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c21e28747944f84b98359b37cfe4d2f2e0b7bb0b

commit c21e28747944f84b98359b37cfe4d2f2e0b7bb0b
Author:     Jaco Kroon <jaco@uls.co.za>
AuthorDate: 2021-03-13 19:59:24 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-03-19 08:51:49 +0000

    net-misc/asterisk: rev bump for 16.
    
    Same changes as for 13, except that format_ogg_speex isn't being dropped
    since it it was introduced in 16.
    
    Closes: https://bugs.gentoo.org/772821
    Introduce USE=deprecated to enable deprecated apps/funcs/features.  For
    now, this is only app_macro.
    
    Closes: https://bugs.gentoo.org/775005
    net-misc/asterisk: injects some CFLAGS.  Thanks Sam.
    
    Closes: https://bugs.gentoo.org/767262
    systemd automagic dependency.
    
    Closes: https://bugs.gentoo.org/775353
    Make asterisk depend on the pjproject SUBSLOT.  Ie, rebuild if pjproject
    gets updated.
    
    Closes: https://bugs.gentoo.org/761442
    Repair "security" issue in that /var/lib/asterisk can now be root:root.
    The problem with having it asterisk: is that any arbitrary code vuln
    becomes a data modification one.  So with this as root:root we can at
    least prevent modifications to /var/lib/asterisk whilst still allowing
    /var/lib/asterisk/astdb to be modified as required.
    
    Repair default voicemail selection.  Thank you pkgcheck scan.
    
    Drop ASTCFLAGS= and ASTLDFLAGS since ./configure already imports these.
    I believe Tony added this as a hammer to deal with 775005 above since
    these got re-added again after the asterisk injected ones.   By setting
    DEBUG= and OPTIMIZE= this problem should now be something of the past.
    
    Introduce GENTOO_ASTERISK_CUSTOM_MENUSELECT= environment variable that
    can be set from make.conf and takes a string similar to USE flags,
    except that these gets passed to menuselect one by one, if -option as
    --disable option, else --enable option.  Prefixes + and - is supported,
    and will be stripped before passing to menuselect.
    
    menuselect has been patched to exit non-zero in case of invalid option
    passed to --enable or --disable, resulting in above being reliable (if
    you have something invalid in there, it will die).
    
    Accordingly drop format_ogg_speex which doesn't exist in asterisk 13.
    
    Drop no longer required ncurses dependencies (system libedit).
    
    Explicitly pass ASTCACHEDIR=/var/cache/asterisk, and update install
    patch to not install this path, handle in tmpfiles and initd since we're
    not supposed to install into /var/cache either ...
    
    Package-Manager: Portage-3.0.13, Repoman-3.0.2
    Signed-off-by: Jaco Kroon <jaco@uls.co.za>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 net-misc/asterisk/asterisk-16.16.2-r1.ebuild       | 365 +++++++++++++++++++++
 .../asterisk-16.16.2-no-var-run-install.patch      |   2 +-
 net-misc/asterisk/files/asterisk.tmpfiles3.conf    |   2 +
 net-misc/asterisk/files/confd-16.16.2-r1           | 171 ++++++++++
 net-misc/asterisk/files/initd-16.16.2-r1           | 363 ++++++++++++++++++++
 net-misc/asterisk/metadata.xml                     |   3 +-
 6 files changed, 904 insertions(+), 2 deletions(-)

Additionally, it has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c7d0aa6515bffacdaed2237cd28231100465422

commit 2c7d0aa6515bffacdaed2237cd28231100465422
Author:     Jaco Kroon <jaco@uls.co.za>
AuthorDate: 2021-03-13 12:13:02 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-03-19 08:51:49 +0000

    net-misc/asterisk: version bump for 13.
    
    This is primarily aimed to fixing bugs, asterisk 13 is sec-only
    upstream, so no further fixes will be made except to address bugs
    reported to bus.gentoo.org.
    
    Note that bugs aren't being closed since 16* is still affected (will be
    fixed on next bump, just waiting for 16.17.0 to be cut).
    
    Bug: https://bugs.gentoo.org/775005
    net-misc/asterisk: injects some CFLAGS.  Thanks Sam.
    
    Bug: https://bugs.gentoo.org/767262
    systemd automagic dependency.
    
    Bug: https://bugs.gentoo.org/775353
    Make asterisk depend on the pjproject SUBSLOT.  Ie, rebuild if pjproject
    gets updated.
    
    Bug: https://bugs.gentoo.org/761442
    Repair "security" issue in that /var/lib/asterisk can now be root:root.
    The problem with having it asterisk: is that any arbitrary code vuln
    becomes a data modification one.  So with this as root:root we can at
    least prevent modifications to /var/lib/asterisk whilst still allowing
    /var/lib/asterisk/astdb to be modified as required.
    
    Repair default voicemail selection.  Thank you pkgcheck scan.
    
    Drop ASTCFLAGS= and ASTLDFLAGS since ./configure already imports these.
    I believe Tony added this as a hammer to deal with 775005 above since
    these got re-added again after the asterisk injected ones.   By setting
    DEBUG= and OPTIMIZE= this problem should now be something of the past.
    
    Introduce GENTOO_ASTERISK_CUSTOM_MENUSELECT= environment variable that
    can be set from make.conf and takes a string similar to USE flags,
    except that these gets passed to menuselect one by one, if -option as
    --disable option, else --enable option.  Prefixes + and - is supported,
    and will be stripped before passing to menuselect.
    
    menuselect has been patched to exit non-zero in case of invalid option
    passed to --enable or --disable, resulting in above being reliable (if
    you have something invalid in there, it will die).
    
    Accordingly drop format_ogg_speex which doesn't exist in asterisk 13.
    
    Drop no longer required ncurses dependencies (system libedit).
    
    Signed-off-by: Jaco Kroon <jaco@uls.co.za>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 net-misc/asterisk/asterisk-13.38.2-r1.ebuild       | 348 +++++++++++++++++++++
 .../asterisk-13.38.2-r1-menuselect-exitcodes.patch |  67 ++++
 2 files changed, 415 insertions(+)