Mercurial > hgrepos > FreeBSD > ports > net > turnserver

changeset 18:4a6383e57d12

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Compile with coturn 4.5.1.3 (GitHub): some security patches are already included now -- "socket" Redis option is included again
author Franz Glasner <fzglas.hg@dom66.de>
date Wed, 02 Sep 2020 22:38:36 +0200
parents af52962aeb56
children 45f84c2bbf43
files Makefile distinfo files/patch-examples_etc_turnserver.conf files/patch-src_apps_common_hiredis__libevent2.c files/patch-src_apps_common_ns__turn__utils.c files/patch-src_apps_relay_dbdrivers_dbd__redis.c files/patch-src_apps_relay_http__server.c files/patch-src_client_ns__turn__msg.c
diffstat 8 files changed, 48 insertions(+), 246 deletions(-) [+]
line wrap: on
line diff
--- a/Makefile	Sat Mar 28 18:27:46 2020 +0100
+++ b/Makefile	Wed Sep 02 22:38:36 2020 +0200
@@ -1,8 +1,7 @@
 ## $FreeBSD: head/net/turnserver/Makefile 507877 2019-08-02 13:30:40Z jbeich $
 
 PORTNAME=	turnserver
-PORTVERSION=	4.5.1.1
-PORTREVISION=	1
+PORTVERSION=	4.5.1.3
 CATEGORIES=	net
 MASTER_SITES=	http://turnserver.open-sys.org/downloads/extradocs/:xdocs \
 		http://coturn.net/turnserver/extradocs/:xdocs
--- a/distinfo	Sat Mar 28 18:27:46 2020 +0100
+++ b/distinfo	Wed Sep 02 22:38:36 2020 +0200
@@ -1,5 +1,5 @@
-TIMESTAMP = 1551644566
+TIMESTAMP = 1599074740
 SHA256 (turn.extra.docs-2.0.0.1.tar.gz) = 3a86600fd0a30ce7aeb547e80402ce68ea9959f7dd58697e5b47fda6e33ab9ce
 SIZE (turn.extra.docs-2.0.0.1.tar.gz) = 485379
-SHA256 (coturn-coturn-4.5.1.1_GH0.tar.gz) = 8eabe4c241ad9a74655d8516c69b1fa3275e020e7f7fca50a6cb822809e7c220
-SIZE (coturn-coturn-4.5.1.1_GH0.tar.gz) = 420069
+SHA256 (coturn-coturn-4.5.1.3_GH0.tar.gz) = 4ff1f8c041ac71445018d81321d4b66e5dce4f171ef73a348d858dc9a0cc1cce
+SIZE (coturn-coturn-4.5.1.3_GH0.tar.gz) = 437084
--- a/files/patch-examples_etc_turnserver.conf	Sat Mar 28 18:27:46 2020 +0100
+++ b/files/patch-examples_etc_turnserver.conf	Wed Sep 02 22:38:36 2020 +0200
@@ -1,11 +1,11 @@
---- examples/etc/turnserver.conf.orig	2019-03-02 21:06:19 UTC
+--- examples/etc/turnserver.conf.orig
 +++ examples/etc/turnserver.conf
-@@ -315,17 +315,17 @@
+@@ -322,17 +322,17 @@
  # as the user database.
  # This database can be used for long-term credential mechanism
- # and it can store the secret value for secret-based timed authentication in TURN RESP API. 
--# Use string format as below (space separated parameters, all optional):
-+# Use string format as below (space separated parameters, all optional, "socket" has higher prio than "ip"):
+ # and it can store the secret value for secret-based timed authentication in TURN REST API. 
+-# Use the string format below (space separated parameters, all optional):
++# Use the string format below (space separated parameters, all optional, "socket" has higher prio then "ip"):
  #
 -#redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
 +#redis-userdb="ip=<ip-address> socket=<unix-domain-socket-path> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
@@ -14,11 +14,11 @@
  # This database keeps allocations status information, and it can be also used for publishing
  # and delivering traffic and allocation event notifications.
  # The connection string has the same parameters as redis-userdb connection string. 
--# Use string format as below (space separated parameters, all optional):
-+# Use string format as below (space separated parameters, all optional, "socket" has higher prio than "ip"):
+-# Use the string format below (space separated parameters, all optional):
++# Use the string format below (space separated parameters, all optional, "socket" has higher prio than "ip"):
  #
 -#redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
 +#redis-statsdb="ip=<ip-address> socket=<unix-domain-socket-path> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
  
  # The default realm to be used for the users when no explicit 
- # origin/realm relationship was found in the database, or if the TURN
+ # origin/realm relationship is found in the database, or if the TURN
--- a/files/patch-src_apps_common_hiredis__libevent2.c	Sat Mar 28 18:27:46 2020 +0100
+++ b/files/patch-src_apps_common_hiredis__libevent2.c	Wed Sep 02 22:38:36 2020 +0200
@@ -1,6 +1,6 @@
---- src/apps/common/hiredis_libevent2.c.orig	2019-03-02 21:06:19 UTC
+--- src/apps/common/hiredis_libevent2.c.orig
 +++ src/apps/common/hiredis_libevent2.c
-@@ -55,6 +55,7 @@ struct redisLibeventEvents
+@@ -55,6 +55,7 @@
  	char *ip;
  	int port;
  	char *pwd;
@@ -8,7 +8,7 @@
  	int db;
  };
  
-@@ -223,12 +224,13 @@ void send_message_to_redis(redis_context_handle rch, c
+@@ -223,12 +224,13 @@
  
  ///////////////////////// Attach /////////////////////////////////
  
@@ -23,7 +23,7 @@
    char ip[256];
    if(ip0 && ip0[0])
  	  STRCPY(ip,ip0);
-@@ -239,7 +241,14 @@ redis_context_handle redisLibeventAttach(struct event_
+@@ -239,7 +241,14 @@
    if(port0>0)
  	  port=port0;
  
@@ -39,27 +39,32 @@
    if (!ac) {
    	fprintf(stderr,"Error: %s:%s\n", ac->errstr, ac->c.errstr);
    	return NULL;
-@@ -256,6 +265,11 @@ redis_context_handle redisLibeventAttach(struct event_
+@@ -256,6 +265,11 @@
    e->port = port;
    if(pwd)
- 	  e->pwd = turn_strdup(pwd);
-+  if (usocket) {
-+	  e->usocket = turn_strdup(usocket);
+ 	  e->pwd = strdup(pwd);
++  if(usocket) {
++	  e->usocket = strdup(usocket);
 +  } else {
 +	  e->usocket = NULL;
-+  }
++  }  
    e->db = db;
  
    /* Register functions to start/stop listening for events */
-@@ -277,6 +291,7 @@ redis_context_handle redisLibeventAttach(struct event_
+@@ -277,6 +291,12 @@
    		     e);
  
    if (e->rev == NULL || e->wev == NULL) {
-+	  /* XXX FIXME TBD: free e->ip, e->pwd, e->usocket */
- 	  turn_free(e, sizeof(struct redisLibeventEvents));
++          if(e->rev)
++          	    event_free(e->rev);
++          if(e->wev)
++          	    event_free(e->wev);
++          free(e->ip);
++          free(e->pwd);
+ 	  free(e);
  	  return NULL;
    }
-@@ -327,7 +342,11 @@ static void redis_reconnect(struct redisLibeventEvents
+@@ -327,7 +347,11 @@
  	  e->context = NULL;
    }
  
--- a/files/patch-src_apps_common_ns__turn__utils.c	Sat Mar 28 18:27:46 2020 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,58 +0,0 @@
---- src/apps/common/ns_turn_utils.c.orig	2019-03-02 21:06:19 UTC
-+++ src/apps/common/ns_turn_utils.c
-@@ -370,7 +370,7 @@ static void set_rtpfile(void)
- 				no_stdout_log = 1;
- 			} else {
- 				set_log_file_name(log_fn_base,log_fn);
--				_rtpfile = fopen(log_fn, "w");
-+				_rtpfile = fopen(log_fn, "a");
- 				if(_rtpfile)
- 					TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", log_fn);
- 			}
-@@ -397,32 +397,32 @@ static void set_rtpfile(void)
- 
- 		set_log_file_name(logbase, logf);
- 
--		_rtpfile = fopen(logf, "w");
-+		_rtpfile = fopen(logf, "a");
- 		if(_rtpfile)
- 			TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
- 		else {
- 			snprintf(logbase, FILE_STR_LEN, "/var/log/%s", logtail);
- 
- 			set_log_file_name(logbase, logf);
--			_rtpfile = fopen(logf, "w");
-+			_rtpfile = fopen(logf, "a");
- 			if(_rtpfile)
- 				TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
- 			else {
- 				snprintf(logbase, FILE_STR_LEN, "/var/tmp/%s", logtail);
- 				set_log_file_name(logbase, logf);
--				_rtpfile = fopen(logf, "w");
-+				_rtpfile = fopen(logf, "a");
- 				if(_rtpfile)
- 					TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
- 				else {
- 					snprintf(logbase, FILE_STR_LEN, "/tmp/%s", logtail);
- 					set_log_file_name(logbase, logf);
--					_rtpfile = fopen(logf, "w");
-+					_rtpfile = fopen(logf, "a");
- 					if(_rtpfile)
- 						TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
- 					else {
- 						snprintf(logbase, FILE_STR_LEN, "%s", logtail);
- 						set_log_file_name(logbase, logf);
--						_rtpfile = fopen(logf, "w");
-+						_rtpfile = fopen(logf, "a");
- 						if(_rtpfile)
- 							TURN_LOG_FUNC(TURN_LOG_LEVEL_INFO, "log file opened: %s\n", logf);
- 						else {
-@@ -556,7 +556,7 @@ int get_default_protocol_port(const char* scheme, size
- 				return 21;
- 			if(!memcmp("svn",scheme,3))
- 				return 3690;
--			if(!memcmp("ssh",scheme,4))
-+			if(!memcmp("ssh",scheme,3))
- 				return 22;
- 			if(!memcmp("sip",scheme,3))
- 				return 5060;
--- a/files/patch-src_apps_relay_dbdrivers_dbd__redis.c	Sat Mar 28 18:27:46 2020 +0100
+++ b/files/patch-src_apps_relay_dbdrivers_dbd__redis.c	Wed Sep 02 22:38:36 2020 +0200
@@ -1,6 +1,6 @@
---- src/apps/relay/dbdrivers/dbd_redis.c.orig	2019-03-02 21:06:19 UTC
+--- src/apps/relay/dbdrivers/dbd_redis.c.orig
 +++ src/apps/relay/dbdrivers/dbd_redis.c
-@@ -50,6 +50,7 @@ struct _Ryconninfo {
+@@ -50,6 +50,7 @@
  	char *host;
  	char *dbname;
  	char *password;
@@ -8,24 +8,24 @@
  	unsigned int connect_timeout;
  	unsigned int port;
  };
-@@ -61,6 +62,7 @@ static void RyconninfoFree(Ryconninfo *co) {
- 		if(co->host) turn_free(co->host, strlen(co->host)+1);
- 		if(co->dbname) turn_free(co->dbname, strlen(co->dbname)+1);
- 		if(co->password) turn_free(co->password, strlen(co->password)+1);
-+		if(co->usocket) turn_free(co->usocket, strlen(co->usocket)+1);
- 		ns_bzero(co,sizeof(Ryconninfo));
+@@ -61,6 +62,7 @@
+ 		if(co->host) free(co->host);
+ 		if(co->dbname) free(co->dbname);
+ 		if(co->password) free(co->password);
++       		if(co->usocket) free(co->usocket);
+ 		bzero(co,sizeof(Ryconninfo));
  	}
  }
-@@ -103,6 +105,8 @@ static Ryconninfo *RyconninfoParse(const char *userdb,
- 				co->host = turn_strdup(seq + 1);
+@@ -103,6 +105,8 @@
+ 				co->host = strdup(seq + 1);
  			else if (!strcmp(s, "hostaddr"))
- 				co->host = turn_strdup(seq + 1);
+ 				co->host = strdup(seq + 1);
 +			else if (!strcmp(s, "socket"))
-+				co->usocket = turn_strdup(seq + 1);
++				co->usocket = strdup(seq + 1);
  			else if (!strcmp(s, "dbname"))
- 				co->dbname = turn_strdup(seq + 1);
+ 				co->dbname = strdup(seq + 1);
  			else if (!strcmp(s, "db"))
-@@ -185,6 +189,7 @@ redis_context_handle get_redis_async_connection(struct
+@@ -185,6 +189,7 @@
  				redisContext *rc = NULL;
  
  				char ip[256] = "\0";
@@ -33,7 +33,7 @@
  				int port = DEFAULT_REDIS_PORT;
  				if (co->host)
  					STRCPY(ip,co->host);
-@@ -194,13 +199,24 @@ redis_context_handle get_redis_async_connection(struct
+@@ -194,13 +199,24 @@
  				if (co->port)
  					port = (int) (co->port);
  
@@ -60,7 +60,7 @@
  				}
  
  				if (!rc) {
-@@ -248,7 +264,7 @@ redis_context_handle get_redis_async_connection(struct
+@@ -248,7 +264,7 @@
  				}
  			}
  
@@ -69,7 +69,7 @@
  
  			if (!ret) {
  				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot initialize Redis DB connection\n");
-@@ -294,12 +310,16 @@ static redisContext *get_redis_connection(void) {
+@@ -294,12 +310,16 @@
  			RyconninfoFree(co);
  		} else {
  			char ip[256] = "\0";
@@ -86,7 +86,7 @@
  			if (co->port)
  				port = (int) (co->port);
  
-@@ -307,9 +327,17 @@ static redisContext *get_redis_connection(void) {
+@@ -307,9 +327,17 @@
  				struct timeval tv;
  				tv.tv_usec = 0;
  				tv.tv_sec = (time_t) (co->connect_timeout);
--- a/files/patch-src_apps_relay_http__server.c	Sat Mar 28 18:27:46 2020 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,76 +0,0 @@
---- src/apps/relay/http_server.c.orig	2019-03-02 21:06:19 UTC
-+++ src/apps/relay/http_server.c
-@@ -103,36 +103,45 @@ const char* get_http_date_header()
- 
- static struct headers_list * post_parse(char *data, size_t data_len)
- {
--	while((*data=='\r')||(*data=='\n')) ++data;
--	char *post_data = (char*)calloc(data_len + 1, sizeof(char));
--	memcpy(post_data, data, data_len);
--	char *fmarker = NULL;
--	char *fsplit = strtok_r(post_data, "&", &fmarker);
--	struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list));
--	ns_bzero(list,sizeof(struct headers_list));
--	while (fsplit != NULL) {
--		char *vmarker = NULL;
--		char *key = strtok_r(fsplit, "=", &vmarker);
--		char *value = strtok_r(NULL, "=", &vmarker);
--		char empty[1];
--		empty[0]=0;
--		value = value ? value : empty;
--		value = evhttp_decode_uri(value);
--		char *p = value;
--		while (*p) {
--			if (*p == '+')
--				*p = ' ';
--			p++;
-+	while((*data=='\r')||(*data=='\n')) { ++data; --data_len; }
-+	if (data_len) {
-+		char *post_data = (char*)calloc(data_len + 1, sizeof(char));
-+		if (post_data != NULL) {
-+			memcpy(post_data, data, data_len);
-+			char *fmarker = NULL;
-+			char *fsplit = strtok_r(post_data, "&", &fmarker);
-+			struct headers_list *list = (struct headers_list*)malloc(sizeof(struct headers_list));
-+			bzero(list,sizeof(struct headers_list));
-+			while (fsplit != NULL) {
-+				char *vmarker = NULL;
-+				char *key = strtok_r(fsplit, "=", &vmarker);
-+				if (key == NULL)
-+					break;
-+				else {
-+					char *value = strtok_r(NULL, "=", &vmarker);
-+					char empty[1];
-+					empty[0]=0;
-+					value = value ? value : empty;
-+					value = evhttp_decode_uri(value);
-+					char *p = value;
-+					while (*p) {
-+						if (*p == '+')
-+							*p = ' ';
-+						p++;
-+					}
-+					list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1));
-+					list->keys[list->n] = strdup(key);
-+					list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1));
-+					list->values[list->n] = value;
-+					++(list->n);
-+					fsplit = strtok_r(NULL, "&", &fmarker);
-+				}
-+			}
-+			free(post_data);
-+			return list;
- 		}
--		list->keys = (char**)realloc(list->keys,sizeof(char*)*(list->n+1));
--		list->keys[list->n] = strdup(key);
--		list->values = (char**)realloc(list->values,sizeof(char*)*(list->n+1));
--		list->values[list->n] = value;
--		++(list->n);
--		fsplit = strtok_r(NULL, "&", &fmarker);
- 	}
--	free(post_data);
--	return list;
-+	return NULL;
- }
- 
- static struct http_request* parse_http_request_1(struct http_request* ret, char* request, int parse_post)
--- a/files/patch-src_client_ns__turn__msg.c	Sat Mar 28 18:27:46 2020 +0100
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,68 +0,0 @@
---- src/client/ns_turn_msg.c.orig	2019-03-02 21:06:19 UTC
-+++ src/client/ns_turn_msg.c
-@@ -360,7 +360,13 @@ int stun_get_command_message_len_str(const u08bits* bu
- {
- 	if (len < STUN_HEADER_LENGTH)
- 		return -1;
--	return (int) (nswap16(((const u16bits*)(buf))[1]) + STUN_HEADER_LENGTH);
-+	/* Validate the size the buffer claims to be */
-+	size_t bufLen = (size_t) (nswap16(((const u16bits*)(buf))[1]) + STUN_HEADER_LENGTH);
-+	if (bufLen > len) {
-+		return -1;
-+	}
-+
-+	return bufLen;
- }
- 
- static int stun_set_command_message_len_str(u08bits* buf, int len) {
-@@ -1351,10 +1357,34 @@ stun_attr_ref stun_attr_get_first_by_type_str(const u0
-   return NULL;
- }
- 
-+static stun_attr_ref stun_attr_check_valid(stun_attr_ref attr, size_t remaining) {
-+
-+  if(remaining >= 4) {
-+    /* Read the size of the attribute */
-+    size_t attrlen = stun_attr_get_len(attr);
-+    remaining -= 4;
-+
-+    /* Round to boundary */
-+    uint16_t rem4 = ((uint16_t)attrlen) & 0x0003;
-+    if(rem4) {
-+      attrlen = attrlen+4-rem4;
-+    }
-+
-+    /* Check that there's enough space remaining */
-+    if(attrlen <= remaining) {
-+      return attr;
-+    }
-+  }
-+
-+  return NULL;
-+}
-+
- stun_attr_ref stun_attr_get_first_str(const u08bits* buf, size_t len) {
- 
--  if(stun_get_command_message_len_str(buf,len)>STUN_HEADER_LENGTH) {
--    return (stun_attr_ref)(buf+STUN_HEADER_LENGTH);
-+  int bufLen = stun_get_command_message_len_str(buf,len);
-+  if(bufLen > STUN_HEADER_LENGTH) {
-+    stun_attr_ref attr = (stun_attr_ref)(buf+STUN_HEADER_LENGTH);
-+    return stun_attr_check_valid(attr, bufLen - STUN_HEADER_LENGTH);
-   }
- 
-   return NULL;
-@@ -1370,8 +1400,11 @@ stun_attr_ref stun_attr_get_next_str(const u08bits* bu
-     if(rem4) {
-       attrlen = attrlen+4-(int)rem4;
-     }
--    const u08bits* attr_end=(const u08bits*)prev+4+attrlen;
--    if(attr_end<end) return attr_end;
-+    /* Note the order here: operations on attrlen are untrusted as they may overflow */
-+    if(attrlen < end - (const u08bits*)prev - 4) {
-+      const u08bits* attr_end=(const u08bits*)prev+4+attrlen;
-+      return stun_attr_check_valid(attr_end, end - attr_end);
-+    }
-     return NULL;
-   }
- }