merge sequence like: pjproject-2.9 asterisk-13.??? pjproject-2.10 Results in broken asterisk. It's unclear what the ABI versioning from upstream pjproject is, neither am I receiving responses to my queries. Suggest we subslot pjproject on ${PV}, then asterisk can depend on pjproject:=. Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=69e63f7c831f2a585cd34cb74a3f8bbff901f798 commit 69e63f7c831f2a585cd34cb74a3f8bbff901f798 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2021-03-11 07:34:54 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-03-11 08:19:44 +0000 net-libs/pjproject: security rev bump to 2.10-r1 Upstream didn't release a new version as one would expect. Instead patches are applied locally. Also add subslot because they are equally good at maintaining ABI compatibility, and SONAME is never updated, thus we need to be able to depend on subslots to rebuild (preserved-rebuild is no good). Bug: https://bugs.gentoo.org/775359 Bug: https://bugs.gentoo.org/775353 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Closes: https://github.com/gentoo/gentoo/pull/19876 Signed-off-by: Sam James <sam@gentoo.org> ...ct-2.10-CVE-2020-15260-tls-hostname-check.patch | 125 +++++++++++++++++++++ ...-CVE-2021-21375-negotiation-failure-crash.patch | 45 ++++++++ ...ion-between-transport-destroy-and-acquire.patch | 108 ++++++++++++++++++ net-libs/pjproject/pjproject-2.10-r1.ebuild | 125 +++++++++++++++++++++ 4 files changed, 403 insertions(+)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c21e28747944f84b98359b37cfe4d2f2e0b7bb0b commit c21e28747944f84b98359b37cfe4d2f2e0b7bb0b Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2021-03-13 19:59:24 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-03-19 08:51:49 +0000 net-misc/asterisk: rev bump for 16. Same changes as for 13, except that format_ogg_speex isn't being dropped since it it was introduced in 16. Closes: https://bugs.gentoo.org/772821 Introduce USE=deprecated to enable deprecated apps/funcs/features. For now, this is only app_macro. Closes: https://bugs.gentoo.org/775005 net-misc/asterisk: injects some CFLAGS. Thanks Sam. Closes: https://bugs.gentoo.org/767262 systemd automagic dependency. Closes: https://bugs.gentoo.org/775353 Make asterisk depend on the pjproject SUBSLOT. Ie, rebuild if pjproject gets updated. Closes: https://bugs.gentoo.org/761442 Repair "security" issue in that /var/lib/asterisk can now be root:root. The problem with having it asterisk: is that any arbitrary code vuln becomes a data modification one. So with this as root:root we can at least prevent modifications to /var/lib/asterisk whilst still allowing /var/lib/asterisk/astdb to be modified as required. Repair default voicemail selection. Thank you pkgcheck scan. Drop ASTCFLAGS= and ASTLDFLAGS since ./configure already imports these. I believe Tony added this as a hammer to deal with 775005 above since these got re-added again after the asterisk injected ones. By setting DEBUG= and OPTIMIZE= this problem should now be something of the past. Introduce GENTOO_ASTERISK_CUSTOM_MENUSELECT= environment variable that can be set from make.conf and takes a string similar to USE flags, except that these gets passed to menuselect one by one, if -option as --disable option, else --enable option. Prefixes + and - is supported, and will be stripped before passing to menuselect. menuselect has been patched to exit non-zero in case of invalid option passed to --enable or --disable, resulting in above being reliable (if you have something invalid in there, it will die). Accordingly drop format_ogg_speex which doesn't exist in asterisk 13. Drop no longer required ncurses dependencies (system libedit). Explicitly pass ASTCACHEDIR=/var/cache/asterisk, and update install patch to not install this path, handle in tmpfiles and initd since we're not supposed to install into /var/cache either ... Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/asterisk-16.16.2-r1.ebuild | 365 +++++++++++++++++++++ .../asterisk-16.16.2-no-var-run-install.patch | 2 +- net-misc/asterisk/files/asterisk.tmpfiles3.conf | 2 + net-misc/asterisk/files/confd-16.16.2-r1 | 171 ++++++++++ net-misc/asterisk/files/initd-16.16.2-r1 | 363 ++++++++++++++++++++ net-misc/asterisk/metadata.xml | 3 +- 6 files changed, 904 insertions(+), 2 deletions(-) Additionally, it has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c7d0aa6515bffacdaed2237cd28231100465422 commit 2c7d0aa6515bffacdaed2237cd28231100465422 Author: Jaco Kroon <jaco@uls.co.za> AuthorDate: 2021-03-13 12:13:02 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2021-03-19 08:51:49 +0000 net-misc/asterisk: version bump for 13. This is primarily aimed to fixing bugs, asterisk 13 is sec-only upstream, so no further fixes will be made except to address bugs reported to bus.gentoo.org. Note that bugs aren't being closed since 16* is still affected (will be fixed on next bump, just waiting for 16.17.0 to be cut). Bug: https://bugs.gentoo.org/775005 net-misc/asterisk: injects some CFLAGS. Thanks Sam. Bug: https://bugs.gentoo.org/767262 systemd automagic dependency. Bug: https://bugs.gentoo.org/775353 Make asterisk depend on the pjproject SUBSLOT. Ie, rebuild if pjproject gets updated. Bug: https://bugs.gentoo.org/761442 Repair "security" issue in that /var/lib/asterisk can now be root:root. The problem with having it asterisk: is that any arbitrary code vuln becomes a data modification one. So with this as root:root we can at least prevent modifications to /var/lib/asterisk whilst still allowing /var/lib/asterisk/astdb to be modified as required. Repair default voicemail selection. Thank you pkgcheck scan. Drop ASTCFLAGS= and ASTLDFLAGS since ./configure already imports these. I believe Tony added this as a hammer to deal with 775005 above since these got re-added again after the asterisk injected ones. By setting DEBUG= and OPTIMIZE= this problem should now be something of the past. Introduce GENTOO_ASTERISK_CUSTOM_MENUSELECT= environment variable that can be set from make.conf and takes a string similar to USE flags, except that these gets passed to menuselect one by one, if -option as --disable option, else --enable option. Prefixes + and - is supported, and will be stripped before passing to menuselect. menuselect has been patched to exit non-zero in case of invalid option passed to --enable or --disable, resulting in above being reliable (if you have something invalid in there, it will die). Accordingly drop format_ogg_speex which doesn't exist in asterisk 13. Drop no longer required ncurses dependencies (system libedit). Signed-off-by: Jaco Kroon <jaco@uls.co.za> Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/asterisk/asterisk-13.38.2-r1.ebuild | 348 +++++++++++++++++++++ .../asterisk-13.38.2-r1-menuselect-exitcodes.patch | 67 ++++ 2 files changed, 415 insertions(+)
