From a63b79afd0f547e16bc2ae8b33aa2e98d86404b7 Mon Sep 17 00:00:00 2001 From: Peter Lemenkov Date: Oct 04 2017 13:57:25 +0000 Subject: Ver. 2.2.5 Signed-off-by: Peter Lemenkov --- diff --git a/.gitignore b/.gitignore index 50895f3..2a62bd0 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ opensips-1.6.3-tls_src.tar.gz /opensips-1.11.9.tar.gz /opensips-2.2.2.tar.gz /opensips-2.2.3.tar.gz +/opensips-2.2.5.tar.gz diff --git a/1164.patch b/1164.patch deleted file mode 100644 index 0f0c3e7..0000000 --- a/1164.patch +++ /dev/null @@ -1,41 +0,0 @@ -From 302cd2b4b101990483ee30dee6473890d0095e99 Mon Sep 17 00:00:00 2001 -From: Augusto Caringi -Date: Thu, 20 Jul 2017 15:07:16 +0200 -Subject: [PATCH] db_mysql: fix build against MariaDB 10.2 - -Fixes the following build error while building against MariaDB 10.2 -library: - -my_con.c: In function 'db_mysql_connect': -my_con.c:68:10: error: 'MYSQL {aka struct st_mysql}' has no member named -'reconnect' -ptr->con->reconnect = 0; - ^~ - -In this new version of the library the reconnect field was moved to -another struct. Setting it through API seems to be a better approach. ---- - modules/db_mysql/my_con.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/modules/db_mysql/my_con.c b/modules/db_mysql/my_con.c -index ba1a7379b..d93287304 100644 ---- a/modules/db_mysql/my_con.c -+++ b/modules/db_mysql/my_con.c -@@ -34,6 +34,7 @@ extern struct tls_domain *tls_dom; - - int db_mysql_connect(struct my_con* ptr) - { -+ my_bool reconnect = 0; - /* if connection already in use, close it first*/ - if (ptr->init) - mysql_close(ptr->con); -@@ -81,7 +82,7 @@ int db_mysql_connect(struct my_con* ptr) - return -1; - } - /* force no auto reconnection */ -- ptr->con->reconnect = 0; -+ mysql_options(ptr->con, MYSQL_OPT_RECONNECT, &reconnect); - - LM_DBG("connection type is %s\n", mysql_get_host_info(ptr->con)); - LM_DBG("protocol version is %d\n", mysql_get_proto_info(ptr->con)); diff --git a/opensips-0001-Consistently-use-rtpproxy-switches.patch b/opensips-0001-Consistently-use-rtpproxy-switches.patch index 69b85f0..2c9b97b 100644 --- a/opensips-0001-Consistently-use-rtpproxy-switches.patch +++ b/opensips-0001-Consistently-use-rtpproxy-switches.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Consistently use rtpproxy switches Signed-off-by: Peter Lemenkov diff --git a/modules/rtpproxy/doc/rtpproxy_admin.xml b/modules/rtpproxy/doc/rtpproxy_admin.xml -index 1d9c818..000562f 100644 +index 1d9c81868..000562f0f 100644 --- a/modules/rtpproxy/doc/rtpproxy_admin.xml +++ b/modules/rtpproxy/doc/rtpproxy_admin.xml @@ -542,7 +542,7 @@ modparam("rtpproxy", "rtpp_notify_socket", "tcp:10.10.10.10:9999") @@ -18,7 +18,7 @@ index 1d9c818..000562f 100644 diff --git a/modules/rtpproxy/rtpproxy.c b/modules/rtpproxy/rtpproxy.c -index 15aa230..f00e796 100644 +index 15aa23084..f00e796da 100644 --- a/modules/rtpproxy/rtpproxy.c +++ b/modules/rtpproxy/rtpproxy.c @@ -3533,8 +3533,6 @@ force_rtp_proxy_body(struct sip_msg* msg, struct force_rtpp_args *args, pv_spec_ diff --git a/opensips-0002-Cleanup-Oracle-s-makefiles.patch b/opensips-0002-Cleanup-Oracle-s-makefiles.patch index f29cc44..138e4be 100644 --- a/opensips-0002-Cleanup-Oracle-s-makefiles.patch +++ b/opensips-0002-Cleanup-Oracle-s-makefiles.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Cleanup Oracle's makefiles Signed-off-by: Peter Lemenkov diff --git a/modules/db_oracle/Makefile b/modules/db_oracle/Makefile -index bd0d82a..d2e0f13 100644 +index bd0d82a6e..d2e0f133f 100644 --- a/modules/db_oracle/Makefile +++ b/modules/db_oracle/Makefile @@ -6,77 +6,8 @@ include ../../Makefile.defs @@ -89,7 +89,7 @@ index bd0d82a..d2e0f13 100644 include ../../Makefile.modules diff --git a/utils/db_oracle/Makefile b/utils/db_oracle/Makefile -index 1f1af8e..9565134 100644 +index 1f1af8ed6..956513423 100644 --- a/utils/db_oracle/Makefile +++ b/utils/db_oracle/Makefile @@ -10,72 +10,8 @@ NAME=opensips_orasel diff --git a/opensips-0003-Removed-all-async-Oracle-operations-they-didn-t-work.patch b/opensips-0003-Removed-all-async-Oracle-operations-they-didn-t-work.patch index d915369..18750e5 100644 --- a/opensips-0003-Removed-all-async-Oracle-operations-they-didn-t-work.patch +++ b/opensips-0003-Removed-all-async-Oracle-operations-they-didn-t-work.patch @@ -6,7 +6,7 @@ Subject: [PATCH] Removed all async Oracle operations - they didn't work well diff --git a/modules/db_oracle/db_oracle.c b/modules/db_oracle/db_oracle.c -index 7e37d85..19800be 100644 +index 7e37d8509..19800be43 100644 --- a/modules/db_oracle/db_oracle.c +++ b/modules/db_oracle/db_oracle.c @@ -29,7 +29,7 @@ @@ -19,7 +19,7 @@ index 7e37d85..19800be 100644 static int oracle_mod_init(void); static void destroy(void); diff --git a/modules/db_oracle/dbase.c b/modules/db_oracle/dbase.c -index c859cbe..3a4d610 100644 +index c859cbe68..3a4d6109f 100644 --- a/modules/db_oracle/dbase.c +++ b/modules/db_oracle/dbase.c @@ -34,7 +34,7 @@ @@ -126,7 +126,7 @@ index c859cbe..3a4d610 100644 } diff --git a/modules/db_oracle/ora_con.c b/modules/db_oracle/ora_con.c -index 0b79df3..60c8ef5 100644 +index 0b79df362..60c8ef555 100644 --- a/modules/db_oracle/ora_con.c +++ b/modules/db_oracle/ora_con.c @@ -20,9 +20,10 @@ @@ -261,7 +261,7 @@ index 0b79df3..60c8ef5 100644 return status; } diff --git a/modules/db_oracle/ora_con.h b/modules/db_oracle/ora_con.h -index 8fd7570..1e59eeb 100644 +index 8fd7570e0..1e59eeb9b 100644 --- a/modules/db_oracle/ora_con.h +++ b/modules/db_oracle/ora_con.h @@ -53,6 +53,7 @@ struct ora_con { @@ -273,7 +273,7 @@ index 8fd7570..1e59eeb 100644 query_data_t* pqdata; /* Temporary: cb data for submit_query/store_result */ diff --git a/modules/db_oracle/res.c b/modules/db_oracle/res.c -index 3c54bce..a693524 100644 +index 3c54bce20..a6935249a 100644 --- a/modules/db_oracle/res.c +++ b/modules/db_oracle/res.c @@ -30,7 +30,7 @@ @@ -421,7 +421,7 @@ index 3c54bce..a693524 100644 diff --git a/modules/db_oracle/timer.c b/modules/db_oracle/timer.c new file mode 100644 -index 0000000..50484f4 +index 000000000..50484f43a --- /dev/null +++ b/modules/db_oracle/timer.c @@ -0,0 +1,131 @@ @@ -559,7 +559,7 @@ index 0000000..50484f4 \ No newline at end of file diff --git a/modules/db_oracle/timer.h b/modules/db_oracle/timer.h new file mode 100644 -index 0000000..24aa4a9 +index 000000000..24aa4a973 --- /dev/null +++ b/modules/db_oracle/timer.h @@ -0,0 +1,22 @@ diff --git a/opensips-0004-db_oracle-Fix-default-ret-result.patch b/opensips-0004-db_oracle-Fix-default-ret-result.patch index 8ba7866..cd4ddc4 100644 --- a/opensips-0004-db_oracle-Fix-default-ret-result.patch +++ b/opensips-0004-db_oracle-Fix-default-ret-result.patch @@ -5,7 +5,7 @@ Subject: [PATCH] [db_oracle] Fix default ret result Signed-off-by: Peter Lemenkov diff --git a/modules/db_oracle/res.c b/modules/db_oracle/res.c -index a693524..6866e4b 100644 +index a6935249a..6866e4bcf 100644 --- a/modules/db_oracle/res.c +++ b/modules/db_oracle/res.c @@ -213,8 +213,8 @@ set_int: diff --git a/opensips-0005-Return-actual-payload-ID-in-case-of-a-dynamic-payloa.patch b/opensips-0005-Return-actual-payload-ID-in-case-of-a-dynamic-payloa.patch index 9134dc8..0ed6a7d 100644 --- a/opensips-0005-Return-actual-payload-ID-in-case-of-a-dynamic-payloa.patch +++ b/opensips-0005-Return-actual-payload-ID-in-case-of-a-dynamic-payloa.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Return actual payload ID in case of a dynamic payload Signed-off-by: Peter Lemenkov diff --git a/modules/sipmsgops/codecs.c b/modules/sipmsgops/codecs.c -index 114ec13..7a2563a 100644 +index 114ec1365..7a2563aa6 100644 --- a/modules/sipmsgops/codecs.c +++ b/modules/sipmsgops/codecs.c @@ -32,6 +32,7 @@ diff --git a/opensips-0006-Use-additional-auth-field-Sip-Source-IP-Address.patch b/opensips-0006-Use-additional-auth-field-Sip-Source-IP-Address.patch index 5325a35..190167d 100644 --- a/opensips-0006-Use-additional-auth-field-Sip-Source-IP-Address.patch +++ b/opensips-0006-Use-additional-auth-field-Sip-Source-IP-Address.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Use additional auth field - Sip-Source-IP-Address Signed-off-by: Peter Lemenkov diff --git a/aaa/aaa_avp.h b/aaa/aaa_avp.h -index 08a3131..2c215f7 100644 +index 08a3131e9..2c215f740 100644 --- a/aaa/aaa_avp.h +++ b/aaa/aaa_avp.h @@ -56,7 +56,8 @@ @@ -19,7 +19,7 @@ index 08a3131..2c215f7 100644 #define V_STATUS_START 0 #define V_STATUS_STOP 1 diff --git a/modules/auth_aaa/authaaa_mod.c b/modules/auth_aaa/authaaa_mod.c -index 55b8cf5..33d5dc5 100644 +index 55b8cf53c..33d5dc5f0 100644 --- a/modules/auth_aaa/authaaa_mod.c +++ b/modules/auth_aaa/authaaa_mod.c @@ -137,6 +137,7 @@ static int mod_init(void) @@ -31,7 +31,7 @@ index 55b8cf5..33d5dc5 100644 attrs[A_DIGEST_ALGORITHM].name = "Digest-Algorithm"; attrs[A_DIGEST_BODY_DIGEST].name = "Digest-Body-Digest"; diff --git a/modules/auth_aaa/sterman.c b/modules/auth_aaa/sterman.c -index e65cd38..cdbd054 100644 +index e65cd3882..cdbd054c0 100644 --- a/modules/auth_aaa/sterman.c +++ b/modules/auth_aaa/sterman.c @@ -87,6 +87,7 @@ int aaa_authorize_sterman(struct sip_msg* _msg, dig_cred_t* _cred, str* _method, diff --git a/opensips-0007-Don-t-remove-pthread-library-explicitly-from-mi_xmlr.patch b/opensips-0007-Don-t-remove-pthread-library-explicitly-from-mi_xmlr.patch index f77bba8..7c66faf 100644 --- a/opensips-0007-Don-t-remove-pthread-library-explicitly-from-mi_xmlr.patch +++ b/opensips-0007-Don-t-remove-pthread-library-explicitly-from-mi_xmlr.patch @@ -5,7 +5,7 @@ Subject: [PATCH] Don't remove pthread library explicitly from mi_xmlrpc Signed-off-by: Peter Lemenkov diff --git a/obsolete_modules/mi_xmlrpc/Makefile b/obsolete_modules/mi_xmlrpc/Makefile -index 762c2dd..955528f 100644 +index 762c2dda2..955528f10 100644 --- a/obsolete_modules/mi_xmlrpc/Makefile +++ b/obsolete_modules/mi_xmlrpc/Makefile @@ -76,7 +76,7 @@ ifeq ($(NEW),yes) diff --git a/opensips-0008-Add-support-for-openssl-1.1.0.patch b/opensips-0008-Add-support-for-openssl-1.1.0.patch deleted file mode 100644 index 56d74fd..0000000 --- a/opensips-0008-Add-support-for-openssl-1.1.0.patch +++ /dev/null @@ -1,303 +0,0 @@ -From: Razvan Crainea -Date: Tue, 29 Nov 2016 14:16:11 +0200 -Subject: [PATCH] Add support for openssl 1.1.0 - -Reported by Petr Pisar in issue #996 - -diff --git a/modules/tls_mgm/tls.h b/modules/tls_mgm/tls.h -index 97ac01c..04cb78c 100644 ---- a/modules/tls_mgm/tls.h -+++ b/modules/tls_mgm/tls.h -@@ -64,41 +64,50 @@ - #warning "" - #endif - --static int tls_static_locks_no=0; --static gen_lock_set_t* tls_static_locks=NULL; -- - static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1]; - - #define VERIFY_DEPTH_S 3 - - --struct CRYPTO_dynlock_value { -- gen_lock_t lock; --}; -- --static unsigned long tls_get_id(void) --{ -- return my_pid(); --} -- - /* - * Wrappers around OpenSIPS shared memory functions - * (which can be macros) - */ -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+static void* os_malloc(size_t size, const char *file, int line) -+#else - static void* os_malloc(size_t size) -+#endif - { -+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) -+ return _shm_malloc(size, file, __FUNCTION__, line); -+#else - return shm_malloc(size); -+#endif - } - - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+static void* os_realloc(void *ptr, size_t size, const char *file, int line) -+#else - static void* os_realloc(void *ptr, size_t size) -+#endif - { -+#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) -+ return _shm_realloc(ptr, size, file, __FUNCTION__, line); -+#else - return shm_realloc(ptr, size); -+#endif - } - - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+static void os_free(void *ptr, const char *file, int line) -+#else - static void os_free(void *ptr) -+#endif - { -+ /* TODO: also handle free file and line */ - if (ptr) - shm_free(ptr); - } -@@ -106,21 +115,17 @@ static void os_free(void *ptr) - - - --static void tls_static_locks_ops(int mode, int n, const char* file, int line) --{ -- if (n<0 || n>tls_static_locks_no) { -- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); -- abort(); -- } -+/* these locks can not be used in 1.1.0, because the interface has changed */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+struct CRYPTO_dynlock_value { -+ gen_lock_t lock; -+}; - -- if (mode & CRYPTO_LOCK) { -- lock_set_get(tls_static_locks,n); -- } else { -- lock_set_release(tls_static_locks,n); -- } -+static unsigned long tls_get_id(void) -+{ -+ return my_pid(); - } - -- - static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file, - int line) - { -@@ -158,5 +163,6 @@ static void tls_dyn_lock_destroy(struct CRYPTO_dynlock_value *dyn_lock, - lock_destroy(&dyn_lock->lock); - shm_free(dyn_lock); - } -+#endif - - #endif /* _PROTO_TLS_H_ */ -diff --git a/modules/tls_mgm/tls_conn_ops.h b/modules/tls_mgm/tls_conn_ops.h -index acb5c66..ca901bd 100644 ---- a/modules/tls_mgm/tls_conn_ops.h -+++ b/modules/tls_mgm/tls_conn_ops.h -@@ -116,12 +116,14 @@ static int tls_conn_init(struct tcp_connection* c, struct tls_mgm_binds *api) - return -1; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #ifndef OPENSSL_NO_KRB5 - if ( ((SSL *)c->extra_data)->kssl_ctx ) { - kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx ); - ((SSL *)c->extra_data)->kssl_ctx = 0; - } - #endif -+#endif - - if ( c->proto_flags & F_TLS_DO_ACCEPT ) { - LM_DBG("Setting in ACCEPT mode (server)\n"); -diff --git a/modules/tls_mgm/tls_conn_server.h b/modules/tls_mgm/tls_conn_server.h -index 4a4fe7a..2409632 100644 ---- a/modules/tls_mgm/tls_conn_server.h -+++ b/modules/tls_mgm/tls_conn_server.h -@@ -148,17 +148,21 @@ static int tls_accept(struct tcp_connection *c, short *poll_events) - } - - ssl = (SSL *) c->extra_data; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #ifndef OPENSSL_NO_KRB5 - if ( ssl->kssl_ctx==NULL ) - ssl->kssl_ctx = kssl_ctx_new( ); - #endif -+#endif - ret = SSL_accept(ssl); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - #ifndef OPENSSL_NO_KRB5 - if ( ssl->kssl_ctx ) { - kssl_ctx_free( ssl->kssl_ctx ); - ssl->kssl_ctx = 0; - } - #endif -+#endif - if (ret > 0) { - LM_INFO("New TLS connection from %s:%d accepted\n", - ip_addr2a(&c->rcv.src_ip), c->rcv.src_port); -diff --git a/modules/tls_mgm/tls_mgm.c b/modules/tls_mgm/tls_mgm.c -index a6ea0a8..c5c5e6c 100644 ---- a/modules/tls_mgm/tls_mgm.c -+++ b/modules/tls_mgm/tls_mgm.c -@@ -557,11 +557,10 @@ int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx) { - LM_NOTICE("subject = %s\n", buf); - LM_NOTICE("verify error:num=%d:%s\n", - err, X509_verify_cert_error_string(err)); -- LM_NOTICE("error code is %d\n", ctx->error); - -- switch (ctx->error) { -+ switch (err) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: -- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), -+ X509_NAME_oneline(X509_get_issuer_name(err_cert), - buf,sizeof buf); - LM_NOTICE("issuer= %s\n",buf); - break; -@@ -611,7 +610,7 @@ int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx) { - - default: - LM_NOTICE("something wrong with the cert" -- " ... error code is %d (check x509_vfy.h)\n", ctx->error); -+ " ... error code is %d (check x509_vfy.h)\n", err); - break; - } - -@@ -1074,9 +1073,11 @@ static int init_tls_domains(struct tls_domain *d) - return 0; - } - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - static int check_for_krb(void) - { - SSL_CTX *xx; -+ - int j; - - xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]); -@@ -1096,6 +1097,27 @@ static int check_for_krb(void) - SSL_CTX_free(xx); - return 0; - } -+#endif -+ -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+static int tls_static_locks_no=0; -+static gen_lock_set_t* tls_static_locks=NULL; -+ -+static void tls_static_locks_ops(int mode, int n, const char* file, int line) -+{ -+ if (n<0 || n>tls_static_locks_no) { -+ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); -+ abort(); -+ } -+ -+ if (mode & CRYPTO_LOCK) { -+ lock_set_get(tls_static_locks,n); -+ } else { -+ lock_set_release(tls_static_locks,n); -+ } -+} -+ -+ - - static int tls_init_multithread(void) - { -@@ -1126,6 +1148,7 @@ static int tls_init_multithread(void) - - return 0; - } -+#endif - - /* - * initialize ssl methods -@@ -1135,19 +1158,31 @@ init_ssl_methods(void) - { - LM_DBG("entered\n"); - -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method(); -+ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method(); -+ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method(); -+#else - ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method(); - ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method(); - ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method(); -+#endif - - ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method(); - ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method(); - ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method(); - - #if OPENSSL_VERSION_NUMBER >= 0x10001000L -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method(); -+ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method(); -+ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method(); -+#else - ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method(); - ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method(); - ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method(); - #endif -+#endif - } - - /* reloads data from the db */ -@@ -1274,9 +1309,10 @@ static int mod_init(void){ - */ - if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) { - LM_ERR("unable to set the memory allocation functions\n"); -- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this " -- "version is know to be broken; if so, you need to upgrade or " -- "downgrade to a differen openssl version !!\n"); -+ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other " -+ "FIPS version of openssl, as this is known to be broken; if so, " -+ "you need to upgrade or downgrade to a different openssl version!\n"); -+ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION)); - return -1; - } - -@@ -1291,15 +1327,18 @@ static int mod_init(void){ - sk_SSL_COMP_zero(comp_methods); - } - #endif -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - if (tls_init_multithread() < 0) { - LM_ERR("failed to init multi-threading support\n"); - return -1; - } -+#endif - - SSL_library_init(); - SSL_load_error_strings(); - init_ssl_methods(); - -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) - n = check_for_krb(); - if (n==-1) { - LM_ERR("kerberos check failed\n"); -@@ -1318,6 +1357,7 @@ static int mod_init(void){ - (n==1)?"":"no ",(n!=1)?"no ":""); - return -1; - } -+#endif - - /* - * finish setting up the tls default domains diff --git a/opensips-0008-Dont-try-modifying-CFLAGS.patch b/opensips-0008-Dont-try-modifying-CFLAGS.patch new file mode 100644 index 0000000..370d107 --- /dev/null +++ b/opensips-0008-Dont-try-modifying-CFLAGS.patch @@ -0,0 +1,537 @@ +From: Peter Lemenkov +Date: Fri, 13 Jan 2017 14:24:36 +0300 +Subject: [PATCH] Dont' try modifying CFLAGS + +Signed-off-by: Peter Lemenkov + +diff --git a/Makefile.defs b/Makefile.defs +index 144b7e9da..38a0376e5 100644 +--- a/Makefile.defs ++++ b/Makefile.defs +@@ -763,526 +763,8 @@ endif + CFLAGS=$(shell echo "$${CFLAGS}") + LDFLAGS+= + +-ifneq (,$(findstring DBG_MALLOC, $(DEFS))) +- CC_OPTIMIZE_FLAG?=-O0 +-endif +- +-ifeq ($(CC_NAME), gcc) +- CC_OPTIMIZE_FLAG?=-O9 +-endif +-ifeq ($(CC_NAME), icc) +- CC_OPTIMIZE_FLAG?=-O3 +-endif +-ifeq ($(CC_NAME), clang) +- CC_OPTIMIZE_FLAG?=-O3 +-endif +- + ifeq (,$(CFLAGS)) + +-#common stuff +-CFLAGS+=$(DEBUGSYM) +- +-# setting more CFLAGS +-ifeq ($(mode), release) +- +-#if i386 +-ifeq ($(ARCH), i386) +- # These CPU optimization assumes that you run a Intel processor. +- # If you use a AMD CPU, you could ajust the settings here for better +- # performance. For gcc 4.x use CPU_TYPE ?= athlon-xp +- # if gcc +-ifeq ($(CC_NAME), gcc) +- #common stuff +- CFLAGS+=-m32 $(CC_OPTIMIZE_FLAG) -funroll-loops -Wcast-align $(PROFILE) \ +- -Wall +- LDFLAGS+=-m32 +- #if gcc 4.0+ +-ifeq ($(CC_CLASS), 4.x) +- ARCH_VER=$(shell $(GETARCH)) +-ifeq ($(ARCH_VER), i386) +- CPU_TYPE ?= i686 +-else +- CPU_TYPE ?= prescott +-endif +- CFLAGS+=-minline-all-stringops \ +- -falign-loops \ +- -ftree-vectorize \ +- -mtune=$(CPU_TYPE) \ +- -Wold-style-definition -Wmissing-field-initializers -Wredundant-decls +- +-else +- #if gcc 3.0+ +-ifeq ($(CC_CLASS), 3.x) +- CPU_TYPE ?= pentium4 +- CFLAGS+=-minline-all-stringops \ +- -falign-loops +-ifeq (X,$(shell echo "$(CC_SHORTVER)" | sed -e 's/3\.[0-3]/X/')) +- CFLAGS+=-mcpu=$(CPU_TYPE) +-else +- CFLAGS+=-mtune=$(CPU_TYPE) +-endif +-else +-ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) +-$(warning Old gcc detected ($(CC_SHORTVER)), use gcc >= 3.1 \ +- for better results) +- +- CFLAGS+=-m486 \ +- -malign-loops=4 +-else +- #really old version +-$(warning You are using an old and unsupported gcc \ +- version ($(CC_SHORTVER)), compile at your own risk!) +- +-endif # CC_CLASS, 2.9x +-endif # CC_CLASS, 3.x +-endif # CC_CLASS, 4.x +- +-else # CC_NAME, gcc +-ifeq ($(CC_NAME), icc) +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -ipo -ipo_obj -unroll $(PROFILE) \ +- -tpp6 -xK #-openmp #optimize for PIII +- # -prefetch doesn't seem to work +- #( ty to inline acroos files, unroll loops,prefetch, +- # optimize for PIII, use PIII instructions & vect., +- # mutlithread loops) +-else #CC_NAME, icc +-ifeq ($(CC_NAME), suncc) +- CFLAGS+=-xO5 -fast -native -xCC \ +- -xc99=no_lib # C99 support +- # -Dinline="" # add this if cc < 5.3 (define inline as null) +-else +-ifeq ($(CC_NAME), clang) +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops +-else +- #other compilers +-$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) +-endif #CC_NAME, clang +-endif #CC_NAME, suncc +-endif #CC_NAME, icc +-endif #CC_NAME, gcc +-endif #ARCH, i386 +- +-#x86_64 +-ifeq ($(ARCH), x86_64) +- # These CPU optimization assumes that you run a Intel 64 processor. +- # If you use a AMD 64 CPU, you could ajust the settings here for better +- # performance. For gcc 4.x use CPU_TYPE ?= athlon64 +- # Perhaps it makes sense to use '-m64' here? +- # if gcc +-ifeq ($(CC_NAME), gcc) +- #common stuff +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops -Wcast-align $(PROFILE) \ +- -Wall +- #if gcc 4.0+ +-ifeq ($(CC_CLASS), 4.x) +- CPU_TYPE ?= nocona +- CFLAGS+=-minline-all-stringops \ +- -falign-loops \ +- -ftree-vectorize \ +- -mtune=$(CPU_TYPE) \ +- -Wold-style-definition -Wmissing-field-initializers -Wredundant-decls +-else +- #if gcc 3.0+ +-ifeq ($(CC_CLASS), 3.x) +- CPU_TYPE ?= nocona +- CFLAGS+=-minline-all-stringops \ +- -falign-loops \ +- -mtune=$(CPU_TYPE) +-else +-ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) +-$(warning Old gcc detected ($(CC_SHORTVER)), use gcc >= 3.1 \ +- for better results) +- +- CFLAGS+=-m486 \ +- -malign-loops=4 +-else +- #really old version +-$(warning You are using an old and unsupported gcc \ +- version ($(CC_SHORTVER)), compile at your own risk!) +- +-endif # CC_CLASS, 2.9x +-endif # CC_CLASS, 3.x +-endif # CC_CLASS, 4.x +- +-else # CC_NAME, gcc +-ifeq ($(CC_NAME), icc) +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -ipo -ipo_obj -unroll $(PROFILE) \ +- -tpp6 -xK #-openmp #optimize for PIII +- # -prefetch doesn't seem to work +- #( ty to inline acroos files, unroll loops,prefetch, +- # optimize for PIII, use PIII instructions & vect., +- # mutlithread loops) +-else +-ifeq ($(CC_NAME), suncc) +- CFLAGS+=-xO5 -fast -native -xCC \ +- -xc99=no_lib # C99 support +- # -Dinline="" # add this if cc < 5.3 (define inline as null) +-else +-ifeq ($(CC_NAME), clang) +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops +-else +- #other compilers +-$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) +-endif #CC_NAME, clang +-endif #CC_NAME, icc +-endif #CC_NAME, gcc +-endif #CC_NAME, suncc +-endif #ARCH, x86_64 +- +- #if sparc +-ifeq ($(ARCH), sparc64) +- #if gcc +-ifeq ($(CC_NAME), gcc) +- #common stuff +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops $(PROFILE) \ +- -Wall\ +- #-Wcast-align \ +- #-Wmissing-prototypes +- #if gcc 4.x +-ifeq ($(CC_CLASS), 4.x) +- +- # Processors of Family UltraSparc II +- ifeq ($(CHIP), ultrasparc-ii) +- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc -mtune=ultrasparc -mvis +- endif +- +- # Processors of Family UltraSparc III (III, III, IIIi, IIICu) +- ifeq ($(CHIP), ultrasparc-iiii) +- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis +- endif +- +- ifeq ($(CHIP), ultrasparc-iii) +- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis +- endif +- +- ifeq ($(CHIP), ultrasparc-iiicu) +- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis +- endif +- +- # Processors of Family UltraSparc T1 +- ifeq ($(CHIP), ultrasparc-t1) +- # niagara switch is not supported on GCC < 4.2 +- # Sets to default ultrasparc +- ifeq ($(CC_SHORTVER), 4.2) +- CFLAGS+= -ftree-vectorize -mcpu=niagara -mtune=niagara -mvis +- else +- ifeq ($(CC_SHORTVER), 4.3) +- CFLAGS+= -ftree-vectorize -mcpu=niagara -mtune=niagara -mvis +- else +- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc -mtune=ultrasparc -mvis +- endif +- endif +- endif +- +- # If processor detection fails, defaults to UltraSPARC without VIS +- ifeq (,$(CHIP)) +- #CPU_TYPE=ultrasparc +- CFLAGS += -mcpu=ultrasparc -mtune=ultrasparc +- endif +- +- # use -m64 to force 64 bit (but add it also to LDFLAGS), +- # -m32 for 32 bit (default on solaris), +- # nothing for arch. default +- # -mcpu=v9 or ultrasparc? # -mtune implied by -mcpu +- #-mno-epilogue #try to inline function exit code +- #-mflat # omit save/restore +- #-,faster-structs #faster non Sparc ABI structure copy ops +- +-else +- #if gcc 3.0+ +-ifeq ($(CC_CLASS), 3.x) +- +- # Processors of Family UltraSparc II +- ifeq ($(CHIP), ultrasparc-ii) +- #CPU_TYPE=ultrasparc +- CFLAGS+= -mcpu=ultrasparc -mtune=ultrasparc -mvis +- endif +- +- # Processors of Family UltraSparc III +- ifeq ($(CHIP), ultrasparc-iiii) +- CFLAGS+= -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis +- endif +- +- ifeq ($(CHIP), ultrasparc-iiii) +- CFLAGS+= -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis +- endif +- +- ifeq ($(CHIP), ultrasparc-iiicu) +- CFLAGS+= -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis +- endif +- +- # Processors of Family UltraSparc T1 +- ifeq ($(CHIP), ultrasparc-t1) +- # niagara switch is not supported on GCC < 4.2 +- # Sets to default ultrasparc +- CFLAGS+= -mcpu=ultrasparc -mtune=ultrasparc -mvis +- endif +- +- # If processor detection fails, defaults to UltraSPARC without VIS +- ifeq (,$(CHIP)) +- #CPU_TYPE=ultrasparc +- CFLAGS += -mcpu=ultrasparc -mtune=ultrasparc +- endif +- +- # use -m64 to force 64 bit (but add it also to LDFLAGS), +- # -m32 for 32 bit (default on solaris), +- # nothing for arch. default +- # -mcpu=v9 or ultrasparc? # -mtune implied by -mcpu +- #-mno-epilogue #try to inline function exit code +- #-mflat # omit save/restore +- #-,faster-structs #faster non Sparc ABI structure copy ops +- +-else # CC_CLASS, 3.0 +-ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) +-$(warning Old gcc detected ($(CC_SHORTVER)), use gcc >= 3.1 \ +- for better results) +-ifneq ($(OS), netbsd) +- # on netbsd/sparc64, gcc 2.95.3 does not compile +- # opensips with -mv8 +- CFLAGS+= -mv8 +-endif +-ifeq ($(ASTYPE), solaris) +- CFLAGS+= -Wa,-xarch=v8plus +-endif +-else #CC_CLASS, 2.9x +- #really old version +-$(warning You are using an old and unsupported gcc \ +- version ($(CC_SHORTVER)), compile at your own risk!) +- +- CFLAGS+= -mv8 +-ifeq ($(ASTYPE), solaris) +- CFLAGS+= -Wa,-xarch=v8plus +-endif +- +-endif #CC_CLASS, 2.9x +-endif #CC_CLASS, 3.x +-endif #CC_CLASS, 4.x +- +-else #CC_NAME, gcc +-ifeq ($(CC_NAME), suncc) +- CFLAGS+=-xO5 -fast -native -xarch=v8plusa -xCC \ +- -xc99=no_lib # C99 support +- # -Dinline="" # add this if cc < 5.3 (define inline as null) +-else +- #other compilers +-$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) +-endif #CC_NAME, suncc +-endif #CC_NAME, gcc +-endif #ARCH, sparc64 +- +- #if ipaq/netwinder +-ifeq ($(ARCH), arm) +- # if gcc +-ifeq ($(CC_NAME), gcc) +- #common stuff +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops -Wcast-align $(PROFILE) \ +- -Wall -marm +- #if gcc 4.x+ +-ifeq ($(CC_CLASS), 4.x) +- CFLAGS+=-mcpu=strongarm1100 -minline-all-stringops \ +- -ftree-vectorize +-else +- #if gcc 3.0+ +-ifeq ($(CC_CLASS), 3.x) +- CFLAGS+= -mcpu=strongarm1100 +-else +-ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) +-$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ +- for better results) +- +- CFLAGS+= +-else +- #really old version +-$(warning You are using an old and unsupported gcc \ +- version ($(CC_SHORTVER)), compile at your own risk!) +- +-endif # CC_CLASS, 2.9x +-endif # CC_CLASS, 3.x +-endif # CC_CLASS, 4.x +- +-else # CC_NAME, gcc +- #other compilers +-$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) +-endif #CC_NAME, gcc +-endif #ARCH, arm +- +- #if mips (R3000) +-ifeq ($(ARCH), mips) +- # if gcc +-ifeq ($(CC_NAME), gcc) +- #common stuff +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops -Wcast-align $(PROFILE) \ +- -Wall +- #if gcc 4.0+ +-ifeq ($(CC_CLASS), 4.x) +- CFLAGS+=-mcpu=r3000 -minline-all-stringops \ +- -ftree-vectorize +-else +- #if gcc 3.0+ +-ifeq ($(CC_CLASS), 3.x) +- CFLAGS+= -mcpu=r3000 +- #-mcpu=athlon +-else +-ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) +-$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ +- for better results) +- +- CFLAGS+=-mcpu=r3000 +-else +- #really old version +-$(warning You are using an old and unsupported gcc \ +- version ($(CC_SHORTVER)), compile at your own risk!) +- +-endif # CC_CLASS, 2.9x +-endif # CC_CLASS, 3.x +-endif # CC_CLASS, 4.x +- +-else # CC_NAME, gcc +- #other compilers +-$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) +-endif #CC_NAME, gcc +-endif #ARCH, mips +- +- #if >=mips2 (R4000, R5000, R6000 ....) +-ifeq ($(ARCH), mips2) +- # if gcc +-ifeq ($(CC_NAME), gcc) +- #common stuff +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -mips2 -funroll-loops $(PROFILE) \ +- -Wall +- #if gcc 4.0+ +-ifeq ($(CC_CLASS), 4.x) +- CFLAGS+=-minline-all-stringops -ftree-vectorize +-else +- #if gcc 3.0+ +-ifeq ($(CC_CLASS), 3.x) +- CFLAGS+= +-else +-ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) +-$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ +- for better results) +- CFLAGS+= +-else +- #really old version +-$(warning You are using an old and unsupported gcc \ +- version ($(CC_SHORTVER)), compile at your own risk!) +- +-endif # CC_CLASS, 2.9x +-endif # CC_CLASS, 3.x +-endif # CC_CLASS, 4.x +- +-else # CC_NAME, gcc +- #other compilers +-$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) +-endif #CC_NAME, gcc +-endif #ARCH, mips2 +- +-#if alpha +-ifeq ($(ARCH), alpha) +- # if gcc +-ifeq ($(CC_NAME), gcc) +- #common stuff +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops $(PROFILE) -Wall +- #if gcc 4.0+ +-ifeq ($(CC_CLASS), 4.x) +- CFLAGS+=-minline-all-stringops +-else +- #if gcc 3.0+ +-ifeq ($(CC_CLASS), 3.x) +- CFLAGS+= +-else +-ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) +-$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ +- for better results) +- CFLAGS+= +-else +- #really old version +-$(warning You are using an old and unsupported gcc \ +- version ($(CC_SHORTVER)), compile at your own risk!) +- +-endif # CC_CLASS, 2.9x +-endif # CC_CLASS, 3.x +-endif # CC_CLASS, 4.x +- +-else # CC_NAME, gcc +- #other compilers +-$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) +-endif #CC_NAME, gcc +-endif #ARCH, alpha +- +-#if ppc +-ifeq ($(ARCH), ppc) +- # if gcc +-ifeq ($(CC_NAME), gcc) +- #common stuff +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops $(PROFILE) -Wall +- #if gcc 4.0+ +-ifeq ($(CC_CLASS), 4.x) +- CPU_TYPE ?= powerpc +- CFLAGS+=-ftree-vectorize \ +- -mtune=$(CPU_TYPE) -maltivec +-else +- #if gcc 3.0+ +-ifeq ($(CC_CLASS), 3.x) +- CFLAGS+= +-else +-ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) +-$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ +- for better results) +- CFLAGS+= +-else +- #really old version +-$(warning You are using an old and unsupported gcc \ +- version ($(CC_SHORTVER)), compile at your own risk!) +- +-endif # CC_CLASS, 2.9x +-endif # CC_CLASS, 3.x +-endif # CC_CLASS, 4.x +- +-else # CC_NAME, gcc +- #other compilers +-$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) +-endif #CC_NAME, gcc +-endif #ARCH, ppc +- +-#if ppc64 +-ifeq ($(ARCH), ppc64) +- # if gcc +-ifeq ($(CC_NAME), gcc) +- #common stuff +- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops $(PROFILE) -Wall +-ifeq ($(CC_CLASS), 4.x) +- CPU_TYPE ?= powerpc64 +- CFLAGS+=-ftree-vectorize \ +- -mtune=$(CPU_TYPE) -maltivec +-else +- #if gcc 3.0+ +-ifeq ($(CC_CLASS), 3.x) +- CFLAGS+= +-else +-ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) +-$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ +- for better results) +- CFLAGS+= +-else +- #really old version +-$(warning You are using an old and unsupported gcc \ +- version ($(CC_SHORTVER)), compile at your own risk!) +- +-endif # CC_CLASS, 2.9x +-endif # CC_CLASS, 3.x +-endif # CC_CLASS, 4.x +- +-else # CC_NAME, gcc +- #other compilers +-$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) +-endif #CC_NAME, gcc +-endif #ARCH, ppc +- +-endif # CFLAGS not set +- +-CFLAGS+= $(CC_EXTRA_OPTS) +- + LD_EXTRA_OPTS ?= + + # setting LDFLAGS diff --git a/opensips-0009-Add-support-for-openssl-1.1.0.patch b/opensips-0009-Add-support-for-openssl-1.1.0.patch new file mode 100644 index 0000000..d1d508c --- /dev/null +++ b/opensips-0009-Add-support-for-openssl-1.1.0.patch @@ -0,0 +1,301 @@ +From: Razvan Crainea +Date: Tue, 29 Nov 2016 14:16:11 +0200 +Subject: [PATCH] Add support for openssl 1.1.0 + +Reported by Petr Pisar in issue #996 + +diff --git a/modules/tls_mgm/tls.h b/modules/tls_mgm/tls.h +index 97ac01ca2..04cb78cfd 100644 +--- a/modules/tls_mgm/tls.h ++++ b/modules/tls_mgm/tls.h +@@ -64,41 +64,50 @@ + #warning "" + #endif + +-static int tls_static_locks_no=0; +-static gen_lock_set_t* tls_static_locks=NULL; +- + static SSL_METHOD *ssl_methods[TLS_USE_TLSv1_2 + 1]; + + #define VERIFY_DEPTH_S 3 + + +-struct CRYPTO_dynlock_value { +- gen_lock_t lock; +-}; +- +-static unsigned long tls_get_id(void) +-{ +- return my_pid(); +-} +- + /* + * Wrappers around OpenSIPS shared memory functions + * (which can be macros) + */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++static void* os_malloc(size_t size, const char *file, int line) ++#else + static void* os_malloc(size_t size) ++#endif + { ++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ return _shm_malloc(size, file, __FUNCTION__, line); ++#else + return shm_malloc(size); ++#endif + } + + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++static void* os_realloc(void *ptr, size_t size, const char *file, int line) ++#else + static void* os_realloc(void *ptr, size_t size) ++#endif + { ++#if (defined DBG_MALLOC && OPENSSL_VERSION_NUMBER >= 0x10100000L) ++ return _shm_realloc(ptr, size, file, __FUNCTION__, line); ++#else + return shm_realloc(ptr, size); ++#endif + } + + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++static void os_free(void *ptr, const char *file, int line) ++#else + static void os_free(void *ptr) ++#endif + { ++ /* TODO: also handle free file and line */ + if (ptr) + shm_free(ptr); + } +@@ -106,21 +115,17 @@ static void os_free(void *ptr) + + + +-static void tls_static_locks_ops(int mode, int n, const char* file, int line) +-{ +- if (n<0 || n>tls_static_locks_no) { +- LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); +- abort(); +- } ++/* these locks can not be used in 1.1.0, because the interface has changed */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++struct CRYPTO_dynlock_value { ++ gen_lock_t lock; ++}; + +- if (mode & CRYPTO_LOCK) { +- lock_set_get(tls_static_locks,n); +- } else { +- lock_set_release(tls_static_locks,n); +- } ++static unsigned long tls_get_id(void) ++{ ++ return my_pid(); + } + +- + static struct CRYPTO_dynlock_value* tls_dyn_lock_create(const char* file, + int line) + { +@@ -158,5 +163,6 @@ static void tls_dyn_lock_destroy(struct CRYPTO_dynlock_value *dyn_lock, + lock_destroy(&dyn_lock->lock); + shm_free(dyn_lock); + } ++#endif + + #endif /* _PROTO_TLS_H_ */ +diff --git a/modules/tls_mgm/tls_conn_ops.h b/modules/tls_mgm/tls_conn_ops.h +index acb5c66fa..ca901bde6 100644 +--- a/modules/tls_mgm/tls_conn_ops.h ++++ b/modules/tls_mgm/tls_conn_ops.h +@@ -116,11 +116,13 @@ static int tls_conn_init(struct tcp_connection* c, struct tls_mgm_binds *api) + return -1; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #ifndef OPENSSL_NO_KRB5 + if ( ((SSL *)c->extra_data)->kssl_ctx ) { + kssl_ctx_free( ((SSL *)c->extra_data)->kssl_ctx ); + ((SSL *)c->extra_data)->kssl_ctx = 0; + } ++#endif + #endif + + if ( c->proto_flags & F_TLS_DO_ACCEPT ) { +diff --git a/modules/tls_mgm/tls_conn_server.h b/modules/tls_mgm/tls_conn_server.h +index 4a4fe7a78..240963271 100644 +--- a/modules/tls_mgm/tls_conn_server.h ++++ b/modules/tls_mgm/tls_conn_server.h +@@ -148,16 +148,20 @@ static int tls_accept(struct tcp_connection *c, short *poll_events) + } + + ssl = (SSL *) c->extra_data; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #ifndef OPENSSL_NO_KRB5 + if ( ssl->kssl_ctx==NULL ) + ssl->kssl_ctx = kssl_ctx_new( ); ++#endif + #endif + ret = SSL_accept(ssl); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + #ifndef OPENSSL_NO_KRB5 + if ( ssl->kssl_ctx ) { + kssl_ctx_free( ssl->kssl_ctx ); + ssl->kssl_ctx = 0; + } ++#endif + #endif + if (ret > 0) { + LM_INFO("New TLS connection from %s:%d accepted\n", +diff --git a/modules/tls_mgm/tls_mgm.c b/modules/tls_mgm/tls_mgm.c +index 80fccaf86..2427ecddc 100644 +--- a/modules/tls_mgm/tls_mgm.c ++++ b/modules/tls_mgm/tls_mgm.c +@@ -557,11 +557,10 @@ int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx) { + LM_NOTICE("subject = %s\n", buf); + LM_NOTICE("verify error:num=%d:%s\n", + err, X509_verify_cert_error_string(err)); +- LM_NOTICE("error code is %d\n", ctx->error); + +- switch (ctx->error) { ++ switch (err) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: +- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), ++ X509_NAME_oneline(X509_get_issuer_name(err_cert), + buf,sizeof buf); + LM_NOTICE("issuer= %s\n",buf); + break; +@@ -611,7 +610,7 @@ int verify_callback(int pre_verify_ok, X509_STORE_CTX *ctx) { + + default: + LM_NOTICE("something wrong with the cert" +- " ... error code is %d (check x509_vfy.h)\n", ctx->error); ++ " ... error code is %d (check x509_vfy.h)\n", err); + break; + } + +@@ -1155,9 +1154,11 @@ static int init_tls_domains(struct tls_domain **dom, int skip) + return 0; + } + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + static int check_for_krb(void) + { + SSL_CTX *xx; ++ + int j; + + xx = SSL_CTX_new(ssl_methods[tls_default_method - 1]); +@@ -1177,6 +1178,27 @@ static int check_for_krb(void) + SSL_CTX_free(xx); + return 0; + } ++#endif ++ ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++static int tls_static_locks_no=0; ++static gen_lock_set_t* tls_static_locks=NULL; ++ ++static void tls_static_locks_ops(int mode, int n, const char* file, int line) ++{ ++ if (n<0 || n>tls_static_locks_no) { ++ LM_ERR("BUG - SSL Lib attempting to acquire bogus lock\n"); ++ abort(); ++ } ++ ++ if (mode & CRYPTO_LOCK) { ++ lock_set_get(tls_static_locks,n); ++ } else { ++ lock_set_release(tls_static_locks,n); ++ } ++} ++ ++ + + static int tls_init_multithread(void) + { +@@ -1207,6 +1229,7 @@ static int tls_init_multithread(void) + + return 0; + } ++#endif + + /* + * initialize ssl methods +@@ -1216,19 +1239,31 @@ init_ssl_methods(void) + { + LM_DBG("entered\n"); + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLS_client_method(); ++ ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLS_server_method(); ++ ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLS_method(); ++#else + ssl_methods[TLS_USE_TLSv1_cli-1] = (SSL_METHOD*)TLSv1_client_method(); + ssl_methods[TLS_USE_TLSv1_srv-1] = (SSL_METHOD*)TLSv1_server_method(); + ssl_methods[TLS_USE_TLSv1-1] = (SSL_METHOD*)TLSv1_method(); ++#endif + + ssl_methods[TLS_USE_SSLv23_cli-1] = (SSL_METHOD*)SSLv23_client_method(); + ssl_methods[TLS_USE_SSLv23_srv-1] = (SSL_METHOD*)SSLv23_server_method(); + ssl_methods[TLS_USE_SSLv23-1] = (SSL_METHOD*)SSLv23_method(); + + #if OPENSSL_VERSION_NUMBER >= 0x10001000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLS_client_method(); ++ ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLS_server_method(); ++ ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLS_method(); ++#else + ssl_methods[TLS_USE_TLSv1_2_cli-1] = (SSL_METHOD*)TLSv1_2_client_method(); + ssl_methods[TLS_USE_TLSv1_2_srv-1] = (SSL_METHOD*)TLSv1_2_server_method(); + ssl_methods[TLS_USE_TLSv1_2-1] = (SSL_METHOD*)TLSv1_2_method(); + #endif ++#endif + } + + /* reloads data from the db */ +@@ -1354,9 +1389,10 @@ static int mod_init(void){ + */ + if (!CRYPTO_set_mem_functions(os_malloc, os_realloc, os_free)) { + LM_ERR("unable to set the memory allocation functions\n"); +- LM_ERR("NOTE: check if you have openssl 1.0.1e-fips, as this " +- "version is know to be broken; if so, you need to upgrade or " +- "downgrade to a differen openssl version !!\n"); ++ LM_ERR("NOTE: check if you are using openssl 1.0.1e-fips, (or other " ++ "FIPS version of openssl, as this is known to be broken; if so, " ++ "you need to upgrade or downgrade to a different openssl version!\n"); ++ LM_ERR("current version: %s\n", SSLeay_version(SSLEAY_VERSION)); + return -1; + } + +@@ -1371,15 +1407,18 @@ static int mod_init(void){ + sk_SSL_COMP_zero(comp_methods); + } + #endif ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + if (tls_init_multithread() < 0) { + LM_ERR("failed to init multi-threading support\n"); + return -1; + } ++#endif + + SSL_library_init(); + SSL_load_error_strings(); + init_ssl_methods(); + ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) + n = check_for_krb(); + if (n==-1) { + LM_ERR("kerberos check failed\n"); +@@ -1398,6 +1437,7 @@ static int mod_init(void){ + (n!=1)?"":"no ",(n!=1)?"no ":""); + return -1; + } ++#endif + + /* + * finish setting up the tls default domains diff --git a/opensips-0009-identity-add-support-for-openssl-1.1.0.patch b/opensips-0009-identity-add-support-for-openssl-1.1.0.patch deleted file mode 100644 index 5edcba4..0000000 --- a/opensips-0009-identity-add-support-for-openssl-1.1.0.patch +++ /dev/null @@ -1,97 +0,0 @@ -From: Razvan Crainea -Date: Wed, 30 Nov 2016 20:39:14 +0200 -Subject: [PATCH] identity: add support for openssl 1.1.0 - -Reported by Petr Pisar in issue #996 - -diff --git a/modules/identity/identity.c b/modules/identity/identity.c -index 3daeee6..1d54b6d 100644 ---- a/modules/identity/identity.c -+++ b/modules/identity/identity.c -@@ -831,7 +831,12 @@ static int addIdentity(char * dateHF, struct sip_msg * msg) - { - #define IDENTITY_HDR_S "Identity: \"" - #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1) -- EVP_MD_CTX ctx; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX *pctx; -+#else -+#define W_EVP_CTX_free EVP_MD_CTX_cleanup -+ EVP_MD_CTX ctx, *pctx = &ctx; -+#endif - unsigned int siglen = 0; - int b64len = 0; - unsigned char * sig = NULL; -@@ -843,27 +848,30 @@ static int addIdentity(char * dateHF, struct sip_msg * msg) - LM_ERR("error making digest string\n"); - return 0; - } -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ pctx = EVP_MD_CTX_new(); -+#endif - -- EVP_SignInit(&ctx, EVP_sha1()); -+ EVP_SignInit(pctx, EVP_sha1()); - -- EVP_SignUpdate(&ctx, digestString, strlen(digestString)); -+ EVP_SignUpdate(pctx, digestString, strlen(digestString)); - - sig = pkg_malloc(EVP_PKEY_size(privKey_evp)); - if(!sig) - { -- EVP_MD_CTX_cleanup(&ctx); -+ W_EVP_CTX_free(pctx); - LM_ERR("failed allocating memory\n"); - return 0; - } - -- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp)) -+ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp)) - { -- EVP_MD_CTX_cleanup(&ctx); -+ W_EVP_CTX_free(pctx); - pkg_free(sig); - LM_ERR("error calculating signature\n"); - return 0; - } -- EVP_MD_CTX_cleanup(&ctx); -+ W_EVP_CTX_free(pctx); - - /* ###Base64-encoding### */ - /* annotation: The next few lines are based on example 7-11 of [VIE-02] */ -@@ -1138,6 +1146,10 @@ static int checkAuthority(X509 * cert, struct sip_msg * msg) - const unsigned char * data; - STACK_OF(CONF_VALUE) * val; - CONF_VALUE * nval; -+ int len; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ ASN1_OCTET_STRING *adata; -+#endif - - if(!cert || !msg) - { -@@ -1190,15 +1202,22 @@ static int checkAuthority(X509 * cert, struct sip_msg * msg) - LM_ERR("X509V3_EXT_get failed\n"); - return 0; - } -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ adata = X509_EXTENSION_get_data(cext); -+ data = ASN1_STRING_get0_data(adata); -+ len = ASN1_STRING_length(adata); -+#else - data = cext->value->data; -+ len = cext->value->length; -+#endif - if(meth->it) - { - ext_str = ASN1_item_d2i(NULL, &data, -- cext->value->length, ASN1_ITEM_ptr(meth->it)); -+ len, ASN1_ITEM_ptr(meth->it)); - } - else - { -- ext_str = meth->d2i(NULL, &data, cext->value->length); -+ ext_str = meth->d2i(NULL, &data, len); - } - - val = meth->i2v(meth, ext_str, NULL); diff --git a/opensips-0010-identity-add-support-for-openssl-1.1.0.patch b/opensips-0010-identity-add-support-for-openssl-1.1.0.patch new file mode 100644 index 0000000..4a76837 --- /dev/null +++ b/opensips-0010-identity-add-support-for-openssl-1.1.0.patch @@ -0,0 +1,97 @@ +From: Razvan Crainea +Date: Wed, 30 Nov 2016 20:39:14 +0200 +Subject: [PATCH] identity: add support for openssl 1.1.0 + +Reported by Petr Pisar in issue #996 + +diff --git a/modules/identity/identity.c b/modules/identity/identity.c +index 3daeee691..1d54b6d25 100644 +--- a/modules/identity/identity.c ++++ b/modules/identity/identity.c +@@ -831,7 +831,12 @@ static int addIdentity(char * dateHF, struct sip_msg * msg) + { + #define IDENTITY_HDR_S "Identity: \"" + #define IDENTITY_HDR_L (sizeof(IDENTITY_HDR_S)-1) +- EVP_MD_CTX ctx; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX *pctx; ++#else ++#define W_EVP_CTX_free EVP_MD_CTX_cleanup ++ EVP_MD_CTX ctx, *pctx = &ctx; ++#endif + unsigned int siglen = 0; + int b64len = 0; + unsigned char * sig = NULL; +@@ -843,27 +848,30 @@ static int addIdentity(char * dateHF, struct sip_msg * msg) + LM_ERR("error making digest string\n"); + return 0; + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ pctx = EVP_MD_CTX_new(); ++#endif + +- EVP_SignInit(&ctx, EVP_sha1()); ++ EVP_SignInit(pctx, EVP_sha1()); + +- EVP_SignUpdate(&ctx, digestString, strlen(digestString)); ++ EVP_SignUpdate(pctx, digestString, strlen(digestString)); + + sig = pkg_malloc(EVP_PKEY_size(privKey_evp)); + if(!sig) + { +- EVP_MD_CTX_cleanup(&ctx); ++ W_EVP_CTX_free(pctx); + LM_ERR("failed allocating memory\n"); + return 0; + } + +- if(!EVP_SignFinal(&ctx, sig, &siglen, privKey_evp)) ++ if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp)) + { +- EVP_MD_CTX_cleanup(&ctx); ++ W_EVP_CTX_free(pctx); + pkg_free(sig); + LM_ERR("error calculating signature\n"); + return 0; + } +- EVP_MD_CTX_cleanup(&ctx); ++ W_EVP_CTX_free(pctx); + + /* ###Base64-encoding### */ + /* annotation: The next few lines are based on example 7-11 of [VIE-02] */ +@@ -1138,6 +1146,10 @@ static int checkAuthority(X509 * cert, struct sip_msg * msg) + const unsigned char * data; + STACK_OF(CONF_VALUE) * val; + CONF_VALUE * nval; ++ int len; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ ASN1_OCTET_STRING *adata; ++#endif + + if(!cert || !msg) + { +@@ -1190,15 +1202,22 @@ static int checkAuthority(X509 * cert, struct sip_msg * msg) + LM_ERR("X509V3_EXT_get failed\n"); + return 0; + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ adata = X509_EXTENSION_get_data(cext); ++ data = ASN1_STRING_get0_data(adata); ++ len = ASN1_STRING_length(adata); ++#else + data = cext->value->data; ++ len = cext->value->length; ++#endif + if(meth->it) + { + ext_str = ASN1_item_d2i(NULL, &data, +- cext->value->length, ASN1_ITEM_ptr(meth->it)); ++ len, ASN1_ITEM_ptr(meth->it)); + } + else + { +- ext_str = meth->d2i(NULL, &data, cext->value->length); ++ ext_str = meth->d2i(NULL, &data, len); + } + + val = meth->i2v(meth, ext_str, NULL); diff --git a/opensips-0010-identity-complete-port-to-openssl-1.1.0.patch b/opensips-0010-identity-complete-port-to-openssl-1.1.0.patch deleted file mode 100644 index f6b2261..0000000 --- a/opensips-0010-identity-complete-port-to-openssl-1.1.0.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Razvan Crainea -Date: Wed, 30 Nov 2016 20:44:46 +0200 -Subject: [PATCH] identity: complete port to openssl 1.1.0 - -Reported by Petr Pisar in issue #996 - -diff --git a/modules/identity/identity.c b/modules/identity/identity.c -index 1d54b6d..9024e61 100644 ---- a/modules/identity/identity.c -+++ b/modules/identity/identity.c -@@ -1734,8 +1734,9 @@ static int verify_callback(int ok, X509_STORE_CTX * stor) - { - if (!ok) - { -+ int err = X509_STORE_CTX_get_error(stor); - LM_INFO("certificate validation failed: %s\n", -- X509_verify_cert_error_string(stor->error)); -+ X509_verify_cert_error_string(err)); - } - - return ok; diff --git a/opensips-0011-Finalize-OpenSSL-1.1.0-migration.patch b/opensips-0011-Finalize-OpenSSL-1.1.0-migration.patch deleted file mode 100644 index 9209bc8..0000000 --- a/opensips-0011-Finalize-OpenSSL-1.1.0-migration.patch +++ /dev/null @@ -1,96 +0,0 @@ -From: Peter Lemenkov -Date: Thu, 12 Jan 2017 17:57:06 +0300 -Subject: [PATCH] Finalize OpenSSL 1.1.0 migration - -Signed-off-by: Peter Lemenkov - -diff --git a/modules/identity/identity.c b/modules/identity/identity.c -index 9024e61..ccde589 100644 ---- a/modules/identity/identity.c -+++ b/modules/identity/identity.c -@@ -859,19 +859,31 @@ static int addIdentity(char * dateHF, struct sip_msg * msg) - sig = pkg_malloc(EVP_PKEY_size(privKey_evp)); - if(!sig) - { -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX_free(pctx); -+#else - W_EVP_CTX_free(pctx); -+#endif - LM_ERR("failed allocating memory\n"); - return 0; - } - - if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp)) - { -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX_free(pctx); -+#else - W_EVP_CTX_free(pctx); -+#endif - pkg_free(sig); - LM_ERR("error calculating signature\n"); - return 0; - } -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX_free(pctx); -+#else - W_EVP_CTX_free(pctx); -+#endif - - /* ###Base64-encoding### */ - /* annotation: The next few lines are based on example 7-11 of [VIE-02] */ -@@ -1270,7 +1282,12 @@ static int checkSign(X509 * cert, char * identityHF, struct sip_msg * msg) - int siglen = -1; - unsigned char * sigbuf = NULL; - int b64len = 0; -- EVP_MD_CTX ctx; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX *pctx; -+#else -+#define W_EVP_CTX_free EVP_MD_CTX_cleanup -+ EVP_MD_CTX ctx, *pctx = &ctx; -+#endif - int result = 0; - char *p; - unsigned long err; -@@ -1314,22 +1331,34 @@ static int checkSign(X509 * cert, char * identityHF, struct sip_msg * msg) - p=strstr(identityHF , "="); - siglen-=strspn(p , "="); - -- EVP_VerifyInit(&ctx, EVP_sha1()); -- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString)); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ pctx = EVP_MD_CTX_new(); -+#endif -+ -+ EVP_VerifyInit(pctx, EVP_sha1()); -+ EVP_VerifyUpdate(pctx, digestString, strlen(digestString)); - - pubkey = X509_get_pubkey(cert); - if(!pubkey) - { -- EVP_MD_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX_free(pctx); -+#else -+ W_EVP_CTX_free(pctx); -+#endif - pkg_free(sigbuf); - LM_ERR("error reading pubkey from cert\n"); - return 0; - } - -- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey); -+ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey); - - EVP_PKEY_free(pubkey); -- EVP_MD_CTX_cleanup(&ctx); -+#if OPENSSL_VERSION_NUMBER >= 0x10100000L -+ EVP_MD_CTX_free(pctx); -+#else -+ W_EVP_CTX_free(pctx); -+#endif - pkg_free(sigbuf); - - switch(result) diff --git a/opensips-0011-identity-complete-port-to-openssl-1.1.0.patch b/opensips-0011-identity-complete-port-to-openssl-1.1.0.patch new file mode 100644 index 0000000..6e14722 --- /dev/null +++ b/opensips-0011-identity-complete-port-to-openssl-1.1.0.patch @@ -0,0 +1,21 @@ +From: Razvan Crainea +Date: Wed, 30 Nov 2016 20:44:46 +0200 +Subject: [PATCH] identity: complete port to openssl 1.1.0 + +Reported by Petr Pisar in issue #996 + +diff --git a/modules/identity/identity.c b/modules/identity/identity.c +index 1d54b6d25..9024e617e 100644 +--- a/modules/identity/identity.c ++++ b/modules/identity/identity.c +@@ -1734,8 +1734,9 @@ static int verify_callback(int ok, X509_STORE_CTX * stor) + { + if (!ok) + { ++ int err = X509_STORE_CTX_get_error(stor); + LM_INFO("certificate validation failed: %s\n", +- X509_verify_cert_error_string(stor->error)); ++ X509_verify_cert_error_string(err)); + } + + return ok; diff --git a/opensips-0012-Dont-try-modifying-CFLAGS.patch b/opensips-0012-Dont-try-modifying-CFLAGS.patch deleted file mode 100644 index 5694cc8..0000000 --- a/opensips-0012-Dont-try-modifying-CFLAGS.patch +++ /dev/null @@ -1,537 +0,0 @@ -From: Peter Lemenkov -Date: Fri, 13 Jan 2017 14:24:36 +0300 -Subject: [PATCH] Dont' try modifying CFLAGS - -Signed-off-by: Peter Lemenkov - -diff --git a/Makefile.defs b/Makefile.defs -index 395109c..169ec7f 100644 ---- a/Makefile.defs -+++ b/Makefile.defs -@@ -763,526 +763,8 @@ endif - CFLAGS=$(shell echo "$${CFLAGS}") - LDFLAGS+= - --ifneq (,$(findstring DBG_MALLOC, $(DEFS))) -- CC_OPTIMIZE_FLAG?=-O0 --endif -- --ifeq ($(CC_NAME), gcc) -- CC_OPTIMIZE_FLAG?=-O9 --endif --ifeq ($(CC_NAME), icc) -- CC_OPTIMIZE_FLAG?=-O3 --endif --ifeq ($(CC_NAME), clang) -- CC_OPTIMIZE_FLAG?=-O3 --endif -- - ifeq (,$(CFLAGS)) - --#common stuff --CFLAGS+=$(DEBUGSYM) -- --# setting more CFLAGS --ifeq ($(mode), release) -- --#if i386 --ifeq ($(ARCH), i386) -- # These CPU optimization assumes that you run a Intel processor. -- # If you use a AMD CPU, you could ajust the settings here for better -- # performance. For gcc 4.x use CPU_TYPE ?= athlon-xp -- # if gcc --ifeq ($(CC_NAME), gcc) -- #common stuff -- CFLAGS+=-m32 $(CC_OPTIMIZE_FLAG) -funroll-loops -Wcast-align $(PROFILE) \ -- -Wall -- LDFLAGS+=-m32 -- #if gcc 4.0+ --ifeq ($(CC_CLASS), 4.x) -- ARCH_VER=$(shell $(GETARCH)) --ifeq ($(ARCH_VER), i386) -- CPU_TYPE ?= i686 --else -- CPU_TYPE ?= prescott --endif -- CFLAGS+=-minline-all-stringops \ -- -falign-loops \ -- -ftree-vectorize \ -- -mtune=$(CPU_TYPE) \ -- -Wold-style-definition -Wmissing-field-initializers -Wredundant-decls -- --else -- #if gcc 3.0+ --ifeq ($(CC_CLASS), 3.x) -- CPU_TYPE ?= pentium4 -- CFLAGS+=-minline-all-stringops \ -- -falign-loops --ifeq (X,$(shell echo "$(CC_SHORTVER)" | sed -e 's/3\.[0-3]/X/')) -- CFLAGS+=-mcpu=$(CPU_TYPE) --else -- CFLAGS+=-mtune=$(CPU_TYPE) --endif --else --ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) --$(warning Old gcc detected ($(CC_SHORTVER)), use gcc >= 3.1 \ -- for better results) -- -- CFLAGS+=-m486 \ -- -malign-loops=4 --else -- #really old version --$(warning You are using an old and unsupported gcc \ -- version ($(CC_SHORTVER)), compile at your own risk!) -- --endif # CC_CLASS, 2.9x --endif # CC_CLASS, 3.x --endif # CC_CLASS, 4.x -- --else # CC_NAME, gcc --ifeq ($(CC_NAME), icc) -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -ipo -ipo_obj -unroll $(PROFILE) \ -- -tpp6 -xK #-openmp #optimize for PIII -- # -prefetch doesn't seem to work -- #( ty to inline acroos files, unroll loops,prefetch, -- # optimize for PIII, use PIII instructions & vect., -- # mutlithread loops) --else #CC_NAME, icc --ifeq ($(CC_NAME), suncc) -- CFLAGS+=-xO5 -fast -native -xCC \ -- -xc99=no_lib # C99 support -- # -Dinline="" # add this if cc < 5.3 (define inline as null) --else --ifeq ($(CC_NAME), clang) -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops --else -- #other compilers --$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) --endif #CC_NAME, clang --endif #CC_NAME, suncc --endif #CC_NAME, icc --endif #CC_NAME, gcc --endif #ARCH, i386 -- --#x86_64 --ifeq ($(ARCH), x86_64) -- # These CPU optimization assumes that you run a Intel 64 processor. -- # If you use a AMD 64 CPU, you could ajust the settings here for better -- # performance. For gcc 4.x use CPU_TYPE ?= athlon64 -- # Perhaps it makes sense to use '-m64' here? -- # if gcc --ifeq ($(CC_NAME), gcc) -- #common stuff -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops -Wcast-align $(PROFILE) \ -- -Wall -- #if gcc 4.0+ --ifeq ($(CC_CLASS), 4.x) -- CPU_TYPE ?= nocona -- CFLAGS+=-minline-all-stringops \ -- -falign-loops \ -- -ftree-vectorize \ -- -mtune=$(CPU_TYPE) \ -- -Wold-style-definition -Wmissing-field-initializers -Wredundant-decls --else -- #if gcc 3.0+ --ifeq ($(CC_CLASS), 3.x) -- CPU_TYPE ?= nocona -- CFLAGS+=-minline-all-stringops \ -- -falign-loops \ -- -mtune=$(CPU_TYPE) --else --ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) --$(warning Old gcc detected ($(CC_SHORTVER)), use gcc >= 3.1 \ -- for better results) -- -- CFLAGS+=-m486 \ -- -malign-loops=4 --else -- #really old version --$(warning You are using an old and unsupported gcc \ -- version ($(CC_SHORTVER)), compile at your own risk!) -- --endif # CC_CLASS, 2.9x --endif # CC_CLASS, 3.x --endif # CC_CLASS, 4.x -- --else # CC_NAME, gcc --ifeq ($(CC_NAME), icc) -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -ipo -ipo_obj -unroll $(PROFILE) \ -- -tpp6 -xK #-openmp #optimize for PIII -- # -prefetch doesn't seem to work -- #( ty to inline acroos files, unroll loops,prefetch, -- # optimize for PIII, use PIII instructions & vect., -- # mutlithread loops) --else --ifeq ($(CC_NAME), suncc) -- CFLAGS+=-xO5 -fast -native -xCC \ -- -xc99=no_lib # C99 support -- # -Dinline="" # add this if cc < 5.3 (define inline as null) --else --ifeq ($(CC_NAME), clang) -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops --else -- #other compilers --$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) --endif #CC_NAME, clang --endif #CC_NAME, icc --endif #CC_NAME, gcc --endif #CC_NAME, suncc --endif #ARCH, x86_64 -- -- #if sparc --ifeq ($(ARCH), sparc64) -- #if gcc --ifeq ($(CC_NAME), gcc) -- #common stuff -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops $(PROFILE) \ -- -Wall\ -- #-Wcast-align \ -- #-Wmissing-prototypes -- #if gcc 4.x --ifeq ($(CC_CLASS), 4.x) -- -- # Processors of Family UltraSparc II -- ifeq ($(CHIP), ultrasparc-ii) -- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc -mtune=ultrasparc -mvis -- endif -- -- # Processors of Family UltraSparc III (III, III, IIIi, IIICu) -- ifeq ($(CHIP), ultrasparc-iiii) -- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -- endif -- -- ifeq ($(CHIP), ultrasparc-iii) -- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -- endif -- -- ifeq ($(CHIP), ultrasparc-iiicu) -- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -- endif -- -- # Processors of Family UltraSparc T1 -- ifeq ($(CHIP), ultrasparc-t1) -- # niagara switch is not supported on GCC < 4.2 -- # Sets to default ultrasparc -- ifeq ($(CC_SHORTVER), 4.2) -- CFLAGS+= -ftree-vectorize -mcpu=niagara -mtune=niagara -mvis -- else -- ifeq ($(CC_SHORTVER), 4.3) -- CFLAGS+= -ftree-vectorize -mcpu=niagara -mtune=niagara -mvis -- else -- CFLAGS+= -ftree-vectorize -mcpu=ultrasparc -mtune=ultrasparc -mvis -- endif -- endif -- endif -- -- # If processor detection fails, defaults to UltraSPARC without VIS -- ifeq (,$(CHIP)) -- #CPU_TYPE=ultrasparc -- CFLAGS += -mcpu=ultrasparc -mtune=ultrasparc -- endif -- -- # use -m64 to force 64 bit (but add it also to LDFLAGS), -- # -m32 for 32 bit (default on solaris), -- # nothing for arch. default -- # -mcpu=v9 or ultrasparc? # -mtune implied by -mcpu -- #-mno-epilogue #try to inline function exit code -- #-mflat # omit save/restore -- #-,faster-structs #faster non Sparc ABI structure copy ops -- --else -- #if gcc 3.0+ --ifeq ($(CC_CLASS), 3.x) -- -- # Processors of Family UltraSparc II -- ifeq ($(CHIP), ultrasparc-ii) -- #CPU_TYPE=ultrasparc -- CFLAGS+= -mcpu=ultrasparc -mtune=ultrasparc -mvis -- endif -- -- # Processors of Family UltraSparc III -- ifeq ($(CHIP), ultrasparc-iiii) -- CFLAGS+= -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -- endif -- -- ifeq ($(CHIP), ultrasparc-iiii) -- CFLAGS+= -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -- endif -- -- ifeq ($(CHIP), ultrasparc-iiicu) -- CFLAGS+= -mcpu=ultrasparc3 -mtune=ultrasparc3 -mvis -- endif -- -- # Processors of Family UltraSparc T1 -- ifeq ($(CHIP), ultrasparc-t1) -- # niagara switch is not supported on GCC < 4.2 -- # Sets to default ultrasparc -- CFLAGS+= -mcpu=ultrasparc -mtune=ultrasparc -mvis -- endif -- -- # If processor detection fails, defaults to UltraSPARC without VIS -- ifeq (,$(CHIP)) -- #CPU_TYPE=ultrasparc -- CFLAGS += -mcpu=ultrasparc -mtune=ultrasparc -- endif -- -- # use -m64 to force 64 bit (but add it also to LDFLAGS), -- # -m32 for 32 bit (default on solaris), -- # nothing for arch. default -- # -mcpu=v9 or ultrasparc? # -mtune implied by -mcpu -- #-mno-epilogue #try to inline function exit code -- #-mflat # omit save/restore -- #-,faster-structs #faster non Sparc ABI structure copy ops -- --else # CC_CLASS, 3.0 --ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) --$(warning Old gcc detected ($(CC_SHORTVER)), use gcc >= 3.1 \ -- for better results) --ifneq ($(OS), netbsd) -- # on netbsd/sparc64, gcc 2.95.3 does not compile -- # opensips with -mv8 -- CFLAGS+= -mv8 --endif --ifeq ($(ASTYPE), solaris) -- CFLAGS+= -Wa,-xarch=v8plus --endif --else #CC_CLASS, 2.9x -- #really old version --$(warning You are using an old and unsupported gcc \ -- version ($(CC_SHORTVER)), compile at your own risk!) -- -- CFLAGS+= -mv8 --ifeq ($(ASTYPE), solaris) -- CFLAGS+= -Wa,-xarch=v8plus --endif -- --endif #CC_CLASS, 2.9x --endif #CC_CLASS, 3.x --endif #CC_CLASS, 4.x -- --else #CC_NAME, gcc --ifeq ($(CC_NAME), suncc) -- CFLAGS+=-xO5 -fast -native -xarch=v8plusa -xCC \ -- -xc99=no_lib # C99 support -- # -Dinline="" # add this if cc < 5.3 (define inline as null) --else -- #other compilers --$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) --endif #CC_NAME, suncc --endif #CC_NAME, gcc --endif #ARCH, sparc64 -- -- #if ipaq/netwinder --ifeq ($(ARCH), arm) -- # if gcc --ifeq ($(CC_NAME), gcc) -- #common stuff -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops -Wcast-align $(PROFILE) \ -- -Wall -marm -- #if gcc 4.x+ --ifeq ($(CC_CLASS), 4.x) -- CFLAGS+=-mcpu=strongarm1100 -minline-all-stringops \ -- -ftree-vectorize --else -- #if gcc 3.0+ --ifeq ($(CC_CLASS), 3.x) -- CFLAGS+= -mcpu=strongarm1100 --else --ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) --$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ -- for better results) -- -- CFLAGS+= --else -- #really old version --$(warning You are using an old and unsupported gcc \ -- version ($(CC_SHORTVER)), compile at your own risk!) -- --endif # CC_CLASS, 2.9x --endif # CC_CLASS, 3.x --endif # CC_CLASS, 4.x -- --else # CC_NAME, gcc -- #other compilers --$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) --endif #CC_NAME, gcc --endif #ARCH, arm -- -- #if mips (R3000) --ifeq ($(ARCH), mips) -- # if gcc --ifeq ($(CC_NAME), gcc) -- #common stuff -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops -Wcast-align $(PROFILE) \ -- -Wall -- #if gcc 4.0+ --ifeq ($(CC_CLASS), 4.x) -- CFLAGS+=-mcpu=r3000 -minline-all-stringops \ -- -ftree-vectorize --else -- #if gcc 3.0+ --ifeq ($(CC_CLASS), 3.x) -- CFLAGS+= -mcpu=r3000 -- #-mcpu=athlon --else --ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) --$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ -- for better results) -- -- CFLAGS+=-mcpu=r3000 --else -- #really old version --$(warning You are using an old and unsupported gcc \ -- version ($(CC_SHORTVER)), compile at your own risk!) -- --endif # CC_CLASS, 2.9x --endif # CC_CLASS, 3.x --endif # CC_CLASS, 4.x -- --else # CC_NAME, gcc -- #other compilers --$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) --endif #CC_NAME, gcc --endif #ARCH, mips -- -- #if >=mips2 (R4000, R5000, R6000 ....) --ifeq ($(ARCH), mips2) -- # if gcc --ifeq ($(CC_NAME), gcc) -- #common stuff -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -mips2 -funroll-loops $(PROFILE) \ -- -Wall -- #if gcc 4.0+ --ifeq ($(CC_CLASS), 4.x) -- CFLAGS+=-minline-all-stringops -ftree-vectorize --else -- #if gcc 3.0+ --ifeq ($(CC_CLASS), 3.x) -- CFLAGS+= --else --ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) --$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ -- for better results) -- CFLAGS+= --else -- #really old version --$(warning You are using an old and unsupported gcc \ -- version ($(CC_SHORTVER)), compile at your own risk!) -- --endif # CC_CLASS, 2.9x --endif # CC_CLASS, 3.x --endif # CC_CLASS, 4.x -- --else # CC_NAME, gcc -- #other compilers --$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) --endif #CC_NAME, gcc --endif #ARCH, mips2 -- --#if alpha --ifeq ($(ARCH), alpha) -- # if gcc --ifeq ($(CC_NAME), gcc) -- #common stuff -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops $(PROFILE) -Wall -- #if gcc 4.0+ --ifeq ($(CC_CLASS), 4.x) -- CFLAGS+=-minline-all-stringops --else -- #if gcc 3.0+ --ifeq ($(CC_CLASS), 3.x) -- CFLAGS+= --else --ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) --$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ -- for better results) -- CFLAGS+= --else -- #really old version --$(warning You are using an old and unsupported gcc \ -- version ($(CC_SHORTVER)), compile at your own risk!) -- --endif # CC_CLASS, 2.9x --endif # CC_CLASS, 3.x --endif # CC_CLASS, 4.x -- --else # CC_NAME, gcc -- #other compilers --$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) --endif #CC_NAME, gcc --endif #ARCH, alpha -- --#if ppc --ifeq ($(ARCH), ppc) -- # if gcc --ifeq ($(CC_NAME), gcc) -- #common stuff -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops $(PROFILE) -Wall -- #if gcc 4.0+ --ifeq ($(CC_CLASS), 4.x) -- CPU_TYPE ?= powerpc -- CFLAGS+=-ftree-vectorize \ -- -mtune=$(CPU_TYPE) -maltivec --else -- #if gcc 3.0+ --ifeq ($(CC_CLASS), 3.x) -- CFLAGS+= --else --ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) --$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ -- for better results) -- CFLAGS+= --else -- #really old version --$(warning You are using an old and unsupported gcc \ -- version ($(CC_SHORTVER)), compile at your own risk!) -- --endif # CC_CLASS, 2.9x --endif # CC_CLASS, 3.x --endif # CC_CLASS, 4.x -- --else # CC_NAME, gcc -- #other compilers --$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) --endif #CC_NAME, gcc --endif #ARCH, ppc -- --#if ppc64 --ifeq ($(ARCH), ppc64) -- # if gcc --ifeq ($(CC_NAME), gcc) -- #common stuff -- CFLAGS+=$(CC_OPTIMIZE_FLAG) -funroll-loops $(PROFILE) -Wall --ifeq ($(CC_CLASS), 4.x) -- CPU_TYPE ?= powerpc64 -- CFLAGS+=-ftree-vectorize \ -- -mtune=$(CPU_TYPE) -maltivec --else -- #if gcc 3.0+ --ifeq ($(CC_CLASS), 3.x) -- CFLAGS+= --else --ifeq ($(CC_CLASS), 2.9x) #older gcc version (2.9[1-5]) --$(warning Old gcc detected ($(CC_SHORTVER)), use gcc 3.0.x \ -- for better results) -- CFLAGS+= --else -- #really old version --$(warning You are using an old and unsupported gcc \ -- version ($(CC_SHORTVER)), compile at your own risk!) -- --endif # CC_CLASS, 2.9x --endif # CC_CLASS, 3.x --endif # CC_CLASS, 4.x -- --else # CC_NAME, gcc -- #other compilers --$(error Unsupported compiler ($(CC):$(CC_NAME)), try gcc) --endif #CC_NAME, gcc --endif #ARCH, ppc -- --endif # CFLAGS not set -- --CFLAGS+= $(CC_EXTRA_OPTS) -- - LD_EXTRA_OPTS ?= - - # setting LDFLAGS diff --git a/opensips-0012-Finalize-OpenSSL-1.1.0-migration.patch b/opensips-0012-Finalize-OpenSSL-1.1.0-migration.patch new file mode 100644 index 0000000..984b3cf --- /dev/null +++ b/opensips-0012-Finalize-OpenSSL-1.1.0-migration.patch @@ -0,0 +1,96 @@ +From: Peter Lemenkov +Date: Thu, 12 Jan 2017 17:57:06 +0300 +Subject: [PATCH] Finalize OpenSSL 1.1.0 migration + +Signed-off-by: Peter Lemenkov + +diff --git a/modules/identity/identity.c b/modules/identity/identity.c +index 9024e617e..ccde589f5 100644 +--- a/modules/identity/identity.c ++++ b/modules/identity/identity.c +@@ -859,19 +859,31 @@ static int addIdentity(char * dateHF, struct sip_msg * msg) + sig = pkg_malloc(EVP_PKEY_size(privKey_evp)); + if(!sig) + { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(pctx); ++#else + W_EVP_CTX_free(pctx); ++#endif + LM_ERR("failed allocating memory\n"); + return 0; + } + + if(!EVP_SignFinal(pctx, sig, &siglen, privKey_evp)) + { ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(pctx); ++#else + W_EVP_CTX_free(pctx); ++#endif + pkg_free(sig); + LM_ERR("error calculating signature\n"); + return 0; + } ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(pctx); ++#else + W_EVP_CTX_free(pctx); ++#endif + + /* ###Base64-encoding### */ + /* annotation: The next few lines are based on example 7-11 of [VIE-02] */ +@@ -1270,7 +1282,12 @@ static int checkSign(X509 * cert, char * identityHF, struct sip_msg * msg) + int siglen = -1; + unsigned char * sigbuf = NULL; + int b64len = 0; +- EVP_MD_CTX ctx; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX *pctx; ++#else ++#define W_EVP_CTX_free EVP_MD_CTX_cleanup ++ EVP_MD_CTX ctx, *pctx = &ctx; ++#endif + int result = 0; + char *p; + unsigned long err; +@@ -1314,22 +1331,34 @@ static int checkSign(X509 * cert, char * identityHF, struct sip_msg * msg) + p=strstr(identityHF , "="); + siglen-=strspn(p , "="); + +- EVP_VerifyInit(&ctx, EVP_sha1()); +- EVP_VerifyUpdate(&ctx, digestString, strlen(digestString)); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ pctx = EVP_MD_CTX_new(); ++#endif ++ ++ EVP_VerifyInit(pctx, EVP_sha1()); ++ EVP_VerifyUpdate(pctx, digestString, strlen(digestString)); + + pubkey = X509_get_pubkey(cert); + if(!pubkey) + { +- EVP_MD_CTX_cleanup(&ctx); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(pctx); ++#else ++ W_EVP_CTX_free(pctx); ++#endif + pkg_free(sigbuf); + LM_ERR("error reading pubkey from cert\n"); + return 0; + } + +- result = EVP_VerifyFinal(&ctx, sigbuf, siglen, pubkey); ++ result = EVP_VerifyFinal(pctx, sigbuf, siglen, pubkey); + + EVP_PKEY_free(pubkey); +- EVP_MD_CTX_cleanup(&ctx); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ EVP_MD_CTX_free(pctx); ++#else ++ W_EVP_CTX_free(pctx); ++#endif + pkg_free(sigbuf); + + switch(result) diff --git a/opensips-0013-Fix-milliseconds-for-call-duration-consistency-acros.patch b/opensips-0013-Fix-milliseconds-for-call-duration-consistency-acros.patch new file mode 100644 index 0000000..76774b1 --- /dev/null +++ b/opensips-0013-Fix-milliseconds-for-call-duration-consistency-acros.patch @@ -0,0 +1,249 @@ +From: Bogdan-Andrei Iancu +Date: Thu, 6 Jul 2017 14:49:05 +0300 +Subject: [PATCH] Fix milliseconds (for call duration) consistency across ACC + backends. + +Each backend was evaluating the END time by itself, leading to discrepencies in the reported milliseconds between different backends (when multiple backends were used for CDR reporting). +The fix consists in having a single END time value shared to all ACC backends. + +diff --git a/modules/acc/acc.c b/modules/acc/acc.c +index 673f1b795..d06370389 100644 +--- a/modules/acc/acc.c ++++ b/modules/acc/acc.c +@@ -264,19 +264,18 @@ void acc_log_init(void) + SET_LOG_ATTR(n,CREATED); + } + +-int acc_log_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) ++int acc_log_cdrs(struct dlg_cell *dlg, struct sip_msg *msg, ++ struct timeval *end) + { + static char log_msg[MAX_SYSLOG_SIZE]; + static char *log_msg_end=log_msg+MAX_SYSLOG_SIZE-2; + char *p; + int nr_vals, i, j, ret, res = -1, n; + time_t created; +- struct timeval start_time,end; ++ struct timeval start_time; + str core_s, leg_s, extra_s; + short nr_legs; + +- gettimeofday(&end,NULL); +- + core_s.s = extra_s.s = leg_s.s = 0; + + ret = prebuild_core_arr(dlg, &core_s, &start_time); +@@ -368,8 +367,8 @@ int acc_log_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) + "%.*screated=%lu;call_start_time=%lu;duration=%lu;ms_duration=%lu;setuptime=%lu%s", + acc_env.text.len, acc_env.text.s,(unsigned long)created, + (unsigned long)start_time.tv_sec, +- (unsigned long)(end.tv_sec-start_time.tv_sec), +- (unsigned long)((end.tv_sec-start_time.tv_sec)*1000+(end.tv_usec-start_time.tv_usec)%1000), ++ (unsigned long)(end->tv_sec-start_time.tv_sec), ++ (unsigned long)((end->tv_sec-start_time.tv_sec)*1000+(end->tv_usec-start_time.tv_usec)%1000), + (unsigned long)(start_time.tv_sec - created), log_msg); + + res = 1; +@@ -668,12 +667,13 @@ int acc_db_request( struct sip_msg *rq, struct sip_msg *rpl, + return 1; + } + +-int acc_db_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) ++int acc_db_cdrs(struct dlg_cell *dlg, struct sip_msg *msg, ++ struct timeval *end) + { + int total, nr_vals, i, ret, res = -1, nr_bye_vals = 0, j; + int remaining_bye_vals = 0; + time_t created; +- struct timeval start_time,end; ++ struct timeval start_time; + str core_s, leg_s, extra_s, table; + short nr_legs; + static db_ps_t my_ps = NULL; +@@ -685,7 +685,6 @@ int acc_db_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) + } + + core_s.s = extra_s.s = leg_s.s = 0; +- gettimeofday(&end,NULL); + + ret = prebuild_core_arr(dlg, &core_s, &start_time); + if (ret < 0) { +@@ -729,9 +728,9 @@ int acc_db_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) + VAL_TIME(db_vals_cdrs+ACC_CORE_LEN) = start_time.tv_sec; + VAL_INT(db_vals_cdrs+ret+nr_vals+nr_bye_vals+1) = start_time.tv_sec - created; + VAL_TIME(db_vals_cdrs+ret+nr_vals+nr_bye_vals+2) = created; +- VAL_INT(db_vals_cdrs+ret+nr_vals+nr_bye_vals+3) = end.tv_sec - start_time.tv_sec; ++ VAL_INT(db_vals_cdrs+ret+nr_vals+nr_bye_vals+3) = end->tv_sec - start_time.tv_sec; + VAL_INT(db_vals_cdrs+ret+nr_vals+nr_bye_vals+4) = +- (end.tv_sec-start_time.tv_sec)*1000+(end.tv_usec-start_time.tv_usec)%1000; ++ (end->tv_sec-start_time.tv_sec)*1000+(end->tv_usec-start_time.tv_usec)%1000; + + total = ret + 5; + acc_dbf.use_table(db_handle, &table); +@@ -982,18 +981,18 @@ error: + return -1; + } + +-int acc_aaa_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) ++int acc_aaa_cdrs(struct dlg_cell *dlg, struct sip_msg *msg, ++ struct timeval *end) + { + int nr_vals, i, j, ret, res = -1; + time_t created; +- struct timeval start_time,end; ++ struct timeval start_time; + str core_s, leg_s, extra_s; + short nr_legs; + aaa_message *send = NULL; + int offset, av_type; + aaa_map *r_stat; + +- gettimeofday(&end,NULL); + core_s.s = extra_s.s = leg_s.s = 0; + + ret = prebuild_core_arr(dlg, &core_s, &start_time); +@@ -1053,9 +1052,9 @@ int acc_aaa_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) + offset = ret + 2; + + /* add duration and setup values */ +- av_type = (uint32_t)(end.tv_sec - start_time.tv_sec); ++ av_type = (uint32_t)(end->tv_sec - start_time.tv_sec); + ADD_AAA_AVPAIR( offset + nr_vals, &av_type, -1); +- av_type = (uint32_t)((end.tv_sec-start_time.tv_sec)*1000+(end.tv_usec-start_time.tv_usec)%1000); ++ av_type = (uint32_t)((end->tv_sec-start_time.tv_sec)*1000+(end->tv_usec-start_time.tv_usec)%1000); + ADD_AAA_AVPAIR( offset + nr_vals + 1, &av_type, -1); + av_type = (uint32_t)(start_time.tv_sec - created); + ADD_AAA_AVPAIR( offset + nr_vals + 2, &av_type, -1); +@@ -1529,12 +1528,13 @@ end: + return ret; + } + +-int acc_evi_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) ++int acc_evi_cdrs(struct dlg_cell *dlg, struct sip_msg *msg, ++ struct timeval *end) + { + int nr_vals, i, ret, res = -1, nr_bye_vals = 0, j; + int aux_time; + time_t created; +- struct timeval start_time,end; ++ struct timeval start_time; + str core_s, leg_s, extra_s; + short nr_legs; + +@@ -1547,7 +1547,6 @@ int acc_evi_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) + if (!evi_probe_event(acc_cdr_event)) + return 1; + +- gettimeofday(&end,NULL); + core_s.s = extra_s.s = leg_s.s = 0; + + ret = prebuild_core_arr(dlg, &core_s, &start_time); +@@ -1597,12 +1596,13 @@ int acc_evi_cdrs(struct dlg_cell *dlg, struct sip_msg *msg) + LM_ERR("cannot set start_time parameter\n"); + goto end; + } +- aux_time = end.tv_sec - start_time.tv_sec; ++ aux_time = end->tv_sec - start_time.tv_sec; + if (evi_param_set_int(evi_params[ret+nr_vals+nr_bye_vals+1], &aux_time) < 0) { + LM_ERR("cannot set duration parameter\n"); + goto end; + } +- aux_time = (end.tv_sec-start_time.tv_sec)*1000+(end.tv_usec-start_time.tv_usec)%1000; ++ aux_time = (end->tv_sec-start_time.tv_sec)*1000 ++ + (end->tv_usec-start_time.tv_usec)%1000; + if (evi_param_set_int(evi_params[ret+nr_vals+nr_bye_vals+2], &aux_time) < 0) { + LM_ERR("cannot set duration parameter\n"); + goto end; +diff --git a/modules/acc/acc.h b/modules/acc/acc.h +index 878fc77f3..2be0fabd1 100644 +--- a/modules/acc/acc.h ++++ b/modules/acc/acc.h +@@ -81,7 +81,8 @@ extern struct dlg_binds dlg_api; + + void acc_log_init(); + int acc_log_request( struct sip_msg *req, struct sip_msg *rpl, int cdr_flag); +-int acc_log_cdrs(struct dlg_cell *dlg, struct sip_msg *msg); ++int acc_log_cdrs(struct dlg_cell *dlg, struct sip_msg *msg, ++ struct timeval *end); + int store_log_extra_values(struct dlg_cell *dlg, struct sip_msg *req, + struct sip_msg *reply); + +@@ -90,14 +91,16 @@ int acc_db_init_child(const str* db_url); + void acc_db_close(); + int acc_db_request( struct sip_msg *req, struct sip_msg *rpl, + query_list_t **ins_list, int cdr_flag); +-int acc_db_cdrs(struct dlg_cell *dlg, struct sip_msg *msg); ++int acc_db_cdrs(struct dlg_cell *dlg, struct sip_msg *msg, ++ struct timeval *end); + int store_db_extra_values(struct dlg_cell *dlg, struct sip_msg *req, + struct sip_msg *reply); + + int init_acc_aaa(char* aaa_proto_url, int srv_type); + int acc_aaa_request( struct sip_msg *req, struct sip_msg *rpl, int cdr_flag); + int acc_aaa_cdrs_request(struct dlg_cell *dlg); +-int acc_aaa_cdrs(struct dlg_cell *dlg, struct sip_msg *msg); ++int acc_aaa_cdrs(struct dlg_cell *dlg, struct sip_msg *msg, ++ struct timeval *end); + int store_aaa_extra_values(struct dlg_cell *dlg, struct sip_msg *req, + struct sip_msg *reply); + +@@ -107,7 +110,8 @@ int create_acc_dlg(struct sip_msg* req); + + int init_acc_evi(void); + int acc_evi_request( struct sip_msg *req, struct sip_msg *rpl, int cdr_flag); +-int acc_evi_cdrs(struct dlg_cell *dlg, struct sip_msg *msg); ++int acc_evi_cdrs(struct dlg_cell *dlg, struct sip_msg *msg, ++ struct timeval *end); + int store_evi_extra_values(struct dlg_cell *dlg, struct sip_msg *req, + struct sip_msg *reply); + extern event_id_t acc_cdr_event; +diff --git a/modules/acc/acc_logic.c b/modules/acc/acc_logic.c +index a92acdf74..6d21f676f 100644 +--- a/modules/acc/acc_logic.c ++++ b/modules/acc/acc_logic.c +@@ -739,6 +739,7 @@ static void acc_dlg_callback(struct dlg_cell *dlg, int type, + struct dlg_cb_params *_params) + { + unsigned long long flags; ++ struct timeval end; + + if (!_params) { + LM_ERR("not enough info\n"); +@@ -764,9 +765,11 @@ static void acc_dlg_callback(struct dlg_cell *dlg, int type, + */ + set_dlg_cb_used(*((unsigned long long*)*_params->param)); + ++ gettimeofday(&end,NULL); ++ + if (is_evi_acc_on(flags)) { + env_set_event(acc_cdr_event); +- if (acc_evi_cdrs(dlg, _params->msg) < 0) { ++ if (acc_evi_cdrs(dlg, _params->msg, &end) < 0) { + LM_ERR("cannot send accounting events\n"); + return; + } +@@ -774,7 +777,7 @@ static void acc_dlg_callback(struct dlg_cell *dlg, int type, + + if (is_log_acc_on(flags)) { + env_set_text( ACC_ENDED, ACC_ENDED_LEN); +- if (acc_log_cdrs(dlg, _params->msg) < 0) { ++ if (acc_log_cdrs(dlg, _params->msg, &end) < 0) { + LM_ERR("Cannot log values\n"); + return; + } +@@ -782,13 +785,13 @@ static void acc_dlg_callback(struct dlg_cell *dlg, int type, + + if (is_db_acc_on(flags)) { + env_set_text( db_table_acc.s, db_table_acc.len); +- if (acc_db_cdrs(dlg, _params->msg) < 0) { ++ if (acc_db_cdrs(dlg, _params->msg, &end) < 0) { + LM_ERR("Cannot insert into database\n"); + return; + } + } + +- if (is_aaa_acc_on(flags) && acc_aaa_cdrs(dlg, _params->msg) < 0) { ++ if (is_aaa_acc_on(flags) && acc_aaa_cdrs(dlg, _params->msg, &end) < 0) { + LM_ERR("Cannot create radius accounting\n"); + return; + } diff --git a/opensips-0014-acc-restore-new_uri-in-case-an-error-occurs-on-reply.patch b/opensips-0014-acc-restore-new_uri-in-case-an-error-occurs-on-reply.patch new file mode 100644 index 0000000..59b286a --- /dev/null +++ b/opensips-0014-acc-restore-new_uri-in-case-an-error-occurs-on-reply.patch @@ -0,0 +1,76 @@ +From: Razvan Crainea +Date: Wed, 12 Jul 2017 14:47:54 +0300 +Subject: [PATCH] acc: restore new_uri in case an error occurs on reply + +(cherry picked from commit e2f9d8fc73a8414fc80430abd4ba5975cb1bfe89) + +diff --git a/modules/acc/acc_logic.c b/modules/acc/acc_logic.c +index 6d21f676f..47daf4204 100644 +--- a/modules/acc/acc_logic.c ++++ b/modules/acc/acc_logic.c +@@ -653,27 +653,27 @@ static inline void acc_onreply( struct cell* t, struct sip_msg *req, + /* if dialog module loaded and INVITE and success reply */ + if (store_core_leg_values(dlg, req) < 0) { + LM_ERR("cannot store core and leg values\n"); +- return; ++ goto restore; + } + + if(is_log_acc_on(*flags) && store_log_extra_values(dlg,req,reply)<0){ + LM_ERR("cannot store string values\n"); +- return; ++ goto restore; + } + + if(is_aaa_acc_on(*flags) && store_aaa_extra_values(dlg, req, reply)<0){ + LM_ERR("cannot store aaa extra values\n"); +- return; ++ goto restore; + } + + if (is_db_acc_on(*flags) && store_db_extra_values(dlg,req,reply)<0) { + LM_ERR("cannot store database extra values\n"); +- return; ++ goto restore; + } + + if (is_evi_acc_on(*flags) && store_evi_extra_values(dlg,req,reply)<0) { + LM_ERR("cannot store database extra values\n"); +- return; ++ goto restore; + } + + flags_s.s = (char*)flags; +@@ -682,13 +682,13 @@ static inline void acc_onreply( struct cell* t, struct sip_msg *req, + /* store flags into dlg */ + if ( dlg_api.store_dlg_value(dlg, &flags_str, &flags_s) < 0) { + LM_ERR("cannot store flag value into dialog\n"); +- return; ++ goto restore; + } + + /* store flags into dlg */ + if ( dlg_api.store_dlg_value(dlg, &table_str, &table.s) < 0) { + LM_ERR("cannot store the table name into dialog\n"); +- return; ++ goto restore; + } + + /* report that flags shall be freed only by dialog module +@@ -699,7 +699,7 @@ static inline void acc_onreply( struct cell* t, struct sip_msg *req, + if (dlg_api.register_dlgcb(dlg, DLGCB_TERMINATED | + DLGCB_EXPIRED, acc_dlg_callback,flags, dlg_free_acc_mask) != 0) { + LM_ERR("cannot register callback for database accounting\n"); +- return; ++ goto restore; + } + } else { + /* do old accounting */ +@@ -728,6 +728,7 @@ static inline void acc_onreply( struct cell* t, struct sip_msg *req, + acc_diam_request( req, reply ); + #endif + ++restore: + if (new_uri_bk.len>=0) { + req->new_uri = new_uri_bk; + req->dst_uri = dst_uri_bk; diff --git a/opensips-0015-drouting-fix-parameters-specifications-for-gw-detect.patch b/opensips-0015-drouting-fix-parameters-specifications-for-gw-detect.patch new file mode 100644 index 0000000..dc74968 --- /dev/null +++ b/opensips-0015-drouting-fix-parameters-specifications-for-gw-detect.patch @@ -0,0 +1,29 @@ +From: Razvan Crainea +Date: Thu, 13 Jul 2017 14:13:05 +0300 +Subject: [PATCH] drouting: fix parameters specifications for gw detection + functions + +(cherry picked from commit 991b3ef4fabb4a21dd0f95ea18a5e934261be01c) + +diff --git a/modules/drouting/drouting.c b/modules/drouting/drouting.c +index 49c931ea2..a73112e7e 100644 +--- a/modules/drouting/drouting.c ++++ b/modules/drouting/drouting.c +@@ -4286,7 +4286,7 @@ static int goes_to_gw_1(struct sip_msg* msg, char * part, char* _type, char* fla + GET_NEXT_HOP(msg)); + } else { + gw_attrs_spec = (pv_spec_p)flags_pv; +- return _is_dr_uri_gw(msg, NULL, _type, (!part ? -1 : (int)(long)part), ++ return _is_dr_uri_gw(msg, NULL, flags_pv, (!_type ? -1 : (int)(long)_type), + GET_NEXT_HOP(msg)); + } + } +@@ -4325,7 +4325,7 @@ static int dr_is_gw(struct sip_msg* msg, char * part, char* src_pv, char* type_s + return -1; + } + gw_attrs_spec = (pv_spec_p)flags_pv; +- return _is_dr_uri_gw(msg, NULL, type_s ,!src_pv ? -1:(int)(long)src_pv ++ return _is_dr_uri_gw(msg, NULL, flags_pv ,!type_s ? -1:(int)(long)type_s + ,&src.rs); + } + } diff --git a/opensips-0016-Fix-incorrect-bug-log.patch b/opensips-0016-Fix-incorrect-bug-log.patch new file mode 100644 index 0000000..c023f51 --- /dev/null +++ b/opensips-0016-Fix-incorrect-bug-log.patch @@ -0,0 +1,19 @@ +From: Bogdan-Andrei Iancu +Date: Fri, 14 Jul 2017 18:30:44 +0300 +Subject: [PATCH] Fix incorrect bug log. + +A missing tracing context in the SL_reply_out callback is perfectly valid - if you send from script a reply (se_send_reply) without doing any sip_trace() before. + +diff --git a/modules/siptrace/siptrace.c b/modules/siptrace/siptrace.c +index 885d84ad9..f626e5ab9 100644 +--- a/modules/siptrace/siptrace.c ++++ b/modules/siptrace/siptrace.c +@@ -1663,7 +1663,7 @@ static void trace_slreply_out(struct sip_msg* req, str *buffer,int rpl_code, + + info = context_get_ptr(CONTEXT_GLOBAL, current_processing_ctx, sl_ctx_idx); + if (info == NULL) { +- LM_BUG("null trace info!something is wrong here \n"); ++ LM_DBG("no sip_trace() done so far\n"); + return; + } + diff --git a/opensips-0017-Fix-replicating-NULL-socket-in-contact.patch b/opensips-0017-Fix-replicating-NULL-socket-in-contact.patch new file mode 100644 index 0000000..4711310 --- /dev/null +++ b/opensips-0017-Fix-replicating-NULL-socket-in-contact.patch @@ -0,0 +1,100 @@ +From: Bogdan-Andrei Iancu +Date: Mon, 17 Jul 2017 13:38:44 +0300 +Subject: [PATCH] Fix replicating NULL socket in contact + +A contact added by ul_add MI contact has a NULL contact, so take care on this during contact replication. Also, when receiving a replicated contact with NULL socket, do not discard it, but simply set NULL socket. + +Reported by Samusenko Andrej on user mailing list + +(cherry picked from commit d1d897ebc1f7cdd0c817952c28d5c5877b51f304) + +diff --git a/modules/usrloc/ureplication.c b/modules/usrloc/ureplication.c +index b4b68295e..90670f215 100644 +--- a/modules/usrloc/ureplication.c ++++ b/modules/usrloc/ureplication.c +@@ -98,7 +98,7 @@ void replicate_ucontact_insert(urecord_t *r, str *contact, ucontact_info_t *ci) + st.len = sizeof ci->q; + bin_push_str(&st); + +- bin_push_str(&ci->sock->sock_str); ++ bin_push_str(ci->sock?&ci->sock->sock_str:NULL); + bin_push_int(ci->cseq); + bin_push_int(ci->flags); + bin_push_int(ci->cflags); +@@ -142,7 +142,7 @@ void replicate_ucontact_update(urecord_t *r, str *contact, ucontact_info_t *ci) + st.len = sizeof ci->q; + bin_push_str(&st); + +- bin_push_str(&ci->sock->sock_str); ++ bin_push_str(ci->sock?&ci->sock->sock_str:NULL); + bin_push_int(ci->cseq); + bin_push_int(ci->flags); + bin_push_int(ci->cflags); +@@ -289,21 +289,21 @@ static int receive_ucontact_insert(void) + + bin_pop_str(&sock); + +- if (!sock.s || sock.s[0] == 0) { +- LM_ERR("bad received socket: '%.*s'\n", sock.len, sock.s); +- goto error; +- } ++ if (sock.s && sock.s[0]) { ++ if (parse_phostport(sock.s, sock.len, &host.s, &host.len, ++ &port, &proto) != 0) { ++ LM_ERR("bad socket <%.*s>\n", sock.len, sock.s); ++ goto error; ++ } + +- if (parse_phostport(sock.s, sock.len, &host.s, &host.len, +- &port, &proto) != 0) { +- LM_ERR("bad socket <%.*s>\n", sock.len, sock.s); +- goto error; ++ ci.sock = grep_sock_info(&host, (unsigned short) port, ++ (unsigned short) proto); ++ if (!ci.sock) ++ LM_DBG("non-local socket <%.*s>\n", sock.len, sock.s); ++ } else { ++ ci.sock = NULL; + } + +- ci.sock = grep_sock_info(&host, (unsigned short) port, (unsigned short) proto); +- if (!ci.sock) +- LM_DBG("non-local socket <%.*s>\n", sock.len, sock.s); +- + bin_pop_int(&ci.cseq); + bin_pop_int(&ci.flags); + bin_pop_int(&ci.cflags); +@@ -388,21 +388,21 @@ static int receive_ucontact_update(void) + + bin_pop_str(&sock); + +- if (!sock.s || sock.s[0] == 0) { +- LM_ERR("bad received socket: '%.*s'\n", sock.len, sock.s); +- goto error; +- } ++ if (sock.s && sock.s[0]) { ++ if (parse_phostport(sock.s, sock.len, &host.s, &host.len, ++ &port, &proto) != 0) { ++ LM_ERR("bad socket <%.*s>\n", sock.len, sock.s); ++ goto error; ++ } + +- if (parse_phostport(sock.s, sock.len, &host.s, &host.len, +- &port, &proto) != 0) { +- LM_ERR("bad socket <%.*s>\n", sock.len, sock.s); +- goto error; ++ ci.sock = grep_sock_info(&host, (unsigned short) port, ++ (unsigned short) proto); ++ if (!ci.sock) ++ LM_DBG("non-local socket <%.*s>\n", sock.len, sock.s); ++ } else { ++ ci.sock = NULL; + } + +- ci.sock = grep_sock_info(&host, (unsigned short) port, (unsigned short) proto); +- if (!ci.sock) +- LM_DBG("non-local socket <%.*s>\n", sock.len, sock.s); +- + bin_pop_int(&ci.cseq); + bin_pop_int(&ci.flags); + bin_pop_int(&ci.cflags); diff --git a/opensips-0018-b2b_entities-fix-b2b-key-memory-leak.patch b/opensips-0018-b2b_entities-fix-b2b-key-memory-leak.patch new file mode 100644 index 0000000..dde9c3d --- /dev/null +++ b/opensips-0018-b2b_entities-fix-b2b-key-memory-leak.patch @@ -0,0 +1,49 @@ +From: Razvan Crainea +Date: Mon, 24 Jul 2017 17:06:25 +0300 +Subject: [PATCH] b2b_entities: fix b2b key memory leak + +(cherry picked from commit 8ba6567f2d81d9a912a6ab9dd0d23d265c77ba41) + +diff --git a/modules/b2b_entities/dlg.c b/modules/b2b_entities/dlg.c +index 3dc941624..36ebe2a48 100644 +--- a/modules/b2b_entities/dlg.c ++++ b/modules/b2b_entities/dlg.c +@@ -1530,19 +1530,22 @@ void free_tm_dlg(dlg_t* td) + int b2b_send_indlg_req(b2b_dlg_t* dlg, enum b2b_entity_type et, + str* b2b_key, str* method, str* ehdr, str* body, unsigned int no_cb) + { +- str* b2b_key_shm; ++ str* b2b_key_shm = NULL; + dlg_t* td = NULL; + transaction_cb* tm_cback; + build_dlg_f build_dlg; + int method_value = dlg->last_method; + int result; + +- b2b_key_shm= b2b_key_copy_shm(b2b_key); +- if(b2b_key_shm== NULL) +- { +- LM_ERR("no more shared memory\n"); +- return -1; ++ if (!no_cb) { ++ b2b_key_shm= b2b_key_copy_shm(b2b_key); ++ if(b2b_key_shm== NULL) ++ { ++ LM_ERR("no more shared memory\n"); ++ return -1; ++ } + } ++ + if(et == B2B_SERVER) + { + build_dlg = b2b_server_build_dlg; +@@ -1560,7 +1563,8 @@ int b2b_send_indlg_req(b2b_dlg_t* dlg, enum b2b_entity_type et, + { + LM_ERR("Failed to build tm dialog structure, was asked to send [%.*s]" + " request\n", method->len, method->s); +- shm_free(b2b_key_shm); ++ if (b2b_key_shm) ++ shm_free(b2b_key_shm); + return -1; + } + diff --git a/opensips-0019-Fixed-wrong-TLS-parameters.patch b/opensips-0019-Fixed-wrong-TLS-parameters.patch new file mode 100644 index 0000000..f8da89f --- /dev/null +++ b/opensips-0019-Fixed-wrong-TLS-parameters.patch @@ -0,0 +1,81 @@ +From: Bogdan-Andrei Iancu +Date: Tue, 25 Jul 2017 14:18:08 +0300 +Subject: [PATCH] Fixed wrong TLS parameters. + +TLS configuration parameters were moved from proto_tls to tls_mgm module. +Credits to Mike Tesliuk for reporting this. + +(cherry picked from commit f0e36896be10c69581ebf77def209df084c82d13) + +diff --git a/menuconfig/configs/opensips_loadbalancer.m4 b/menuconfig/configs/opensips_loadbalancer.m4 +index fcd468394..98506c3f1 100644 +--- a/menuconfig/configs/opensips_loadbalancer.m4 ++++ b/menuconfig/configs/opensips_loadbalancer.m4 +@@ -145,12 +145,13 @@ loadmodule "proto_udp.so" + + ifelse(ENABLE_TCP, `yes', `loadmodule "proto_tcp.so"' , `') + ifelse(ENABLE_TLS, `yes', `loadmodule "proto_tls.so" +-modparam("proto_tls","verify_cert", "1") +-modparam("proto_tls","require_cert", "0") +-modparam("proto_tls","tls_method", "TLSv1") +-modparam("proto_tls","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem") +-modparam("proto_tls","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem") +-modparam("proto_tls","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem") ++loadmodule "tls_mgm.so" ++modparam("tls_mgm","verify_cert", "1") ++modparam("tls_mgm","require_cert", "0") ++modparam("tls_mgm","tls_method", "TLSv1") ++modparam("tls_mgm","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem") ++modparam("tls_mgm","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem") ++modparam("tls_mgm","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem") + + ' , `') + +diff --git a/menuconfig/configs/opensips_residential.m4 b/menuconfig/configs/opensips_residential.m4 +index 94b9d6cc3..7018fa326 100644 +--- a/menuconfig/configs/opensips_residential.m4 ++++ b/menuconfig/configs/opensips_residential.m4 +@@ -197,12 +197,13 @@ loadmodule "proto_udp.so" + + ifelse(ENABLE_TCP, `yes', `loadmodule "proto_tcp.so"' , `') + ifelse(ENABLE_TLS, `yes', `loadmodule "proto_tls.so" +-modparam("proto_tls","verify_cert", "1") +-modparam("proto_tls","require_cert", "0") +-modparam("proto_tls","tls_method", "TLSv1") +-modparam("proto_tls","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem") +-modparam("proto_tls","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem") +-modparam("proto_tls","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem") ++loadmodule "tls_mgm.so" ++modparam("tls_mgm","verify_cert", "1") ++modparam("tls_mgm","require_cert", "0") ++modparam("tls_mgm","tls_method", "TLSv1") ++modparam("tls_mgm","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem") ++modparam("tls_mgm","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem") ++modparam("tls_mgm","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem") + + ' , `') + +diff --git a/menuconfig/configs/opensips_trunking.m4 b/menuconfig/configs/opensips_trunking.m4 +index 9b9500c05..6d2df2fac 100644 +--- a/menuconfig/configs/opensips_trunking.m4 ++++ b/menuconfig/configs/opensips_trunking.m4 +@@ -141,12 +141,13 @@ loadmodule "proto_udp.so" + + ifelse(ENABLE_TCP, `yes', `loadmodule "proto_tcp.so"' , `') + ifelse(ENABLE_TLS, `yes', `loadmodule "proto_tls.so" +-modparam("proto_tls","verify_cert", "1") +-modparam("proto_tls","require_cert", "0") +-modparam("proto_tls","tls_method", "TLSv1") +-modparam("proto_tls","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem") +-modparam("proto_tls","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem") +-modparam("proto_tls","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem") ++loadmodule "tls_mgm.so" ++modparam("tls_mgm","verify_cert", "1") ++modparam("tls_mgm","require_cert", "0") ++modparam("tls_mgm","tls_method", "TLSv1") ++modparam("tls_mgm","certificate", "/usr/local/etc/opensips/tls/user/user-cert.pem") ++modparam("tls_mgm","private_key", "/usr/local/etc/opensips/tls/user/user-privkey.pem") ++modparam("tls_mgm","ca_list", "/usr/local/etc/opensips/tls/user/user-calist.pem") + + ' , `') + diff --git a/opensips-0020-db_mysql-fix-build-against-MariaDB-10.2.patch b/opensips-0020-db_mysql-fix-build-against-MariaDB-10.2.patch new file mode 100644 index 0000000..b06effd --- /dev/null +++ b/opensips-0020-db_mysql-fix-build-against-MariaDB-10.2.patch @@ -0,0 +1,40 @@ +From: Augusto Caringi +Date: Thu, 20 Jul 2017 15:07:16 +0200 +Subject: [PATCH] db_mysql: fix build against MariaDB 10.2 + +Fixes the following build error while building against MariaDB 10.2 +library: + +my_con.c: In function 'db_mysql_connect': +my_con.c:68:10: error: 'MYSQL {aka struct st_mysql}' has no member named +'reconnect' +ptr->con->reconnect = 0; + ^~ + +In this new version of the library the reconnect field was moved to +another struct. Setting it through API seems to be a better approach. + +diff --git a/modules/db_mysql/my_con.c b/modules/db_mysql/my_con.c +index 1f192dfed..cc7109be1 100644 +--- a/modules/db_mysql/my_con.c ++++ b/modules/db_mysql/my_con.c +@@ -30,6 +30,7 @@ + + int db_mysql_connect(struct my_con* ptr) + { ++ my_bool reconnect = 0; + /* if connection already in use, close it first*/ + if (ptr->init) + mysql_close(ptr->con); +@@ -65,7 +66,11 @@ int db_mysql_connect(struct my_con* ptr) + return -1; + } + /* force no auto reconnection */ ++#if MYSQL_VERSION_ID >= 50013 ++ mysql_options(ptr->con, MYSQL_OPT_RECONNECT, &reconnect); ++#else + ptr->con->reconnect = 0; ++#endif + + LM_DBG("connection type is %s\n", mysql_get_host_info(ptr->con)); + LM_DBG("protocol version is %d\n", mysql_get_proto_info(ptr->con)); diff --git a/opensips-0021-event_xmlrpc-rebuild-buffer-for-each-event.patch b/opensips-0021-event_xmlrpc-rebuild-buffer-for-each-event.patch new file mode 100644 index 0000000..e97ace4 --- /dev/null +++ b/opensips-0021-event_xmlrpc-rebuild-buffer-for-each-event.patch @@ -0,0 +1,33 @@ +From: Razvan Crainea +Date: Wed, 16 Aug 2017 11:25:47 +0300 +Subject: [PATCH] event_xmlrpc: rebuild buffer for each event + +This prenvets crashes when multiple xmlrpc subscribers are used + +(cherry picked from commit 1885c0d4679f4b7b62b00512aa9b23de8880bff4) + +diff --git a/modules/event_xmlrpc/xmlrpc_send.c b/modules/event_xmlrpc/xmlrpc_send.c +index ca3413cf8..ab1a2601e 100644 +--- a/modules/event_xmlrpc/xmlrpc_send.c ++++ b/modules/event_xmlrpc/xmlrpc_send.c +@@ -374,11 +374,6 @@ int xmlrpc_build_buffer(str *event_name, evi_reply_sock *sock, + char *b, *p; + evi_param_p param; + +- if (params && (params->flags & XMLRPC_FLAG)) { +- LM_DBG("buffer already built\n"); +- return 0; +- } +- + b_len = XMLRPC_DEFAULT_BUFFER_SIZE; + b = xmlrpc_body_buf; + +@@ -473,8 +468,6 @@ int xmlrpc_build_buffer(str *event_name, evi_reply_sock *sock, + LM_ERR("cannot build send msg\n"); + return -1; + } +- if (params) +- params->flags |= XMLRPC_FLAG; + + return 0; + } diff --git a/opensips-0022-dialog-do-not-allow-callbacks-in-state-DELETED.patch b/opensips-0022-dialog-do-not-allow-callbacks-in-state-DELETED.patch new file mode 100644 index 0000000..b0ea17a --- /dev/null +++ b/opensips-0022-dialog-do-not-allow-callbacks-in-state-DELETED.patch @@ -0,0 +1,27 @@ +From: Razvan Crainea +Date: Tue, 29 Aug 2017 12:29:13 +0300 +Subject: [PATCH] dialog: do not allow callbacks in state DELETED + +If these callbacks would have been registered, they will be never ran, +but the free function will still be called. This breaks some modules +(such as acc), which rely the function will be called. + +(cherry picked from commit 83669d2caec38823ce79ccd12eec4ed013e2d867) + +diff --git a/modules/dialog/dlg_cb.c b/modules/dialog/dlg_cb.c +index 3d7327c79..d1cca0264 100644 +--- a/modules/dialog/dlg_cb.c ++++ b/modules/dialog/dlg_cb.c +@@ -127,6 +127,12 @@ int register_dlgcb(struct dlg_cell *dlg, int types, dialog_cb f, + return -1; + } + } ++ /* XXX: do not register callbacks in DELETED state */ ++ if (dlg && dlg->state == DLG_STATE_DELETED) { ++ LM_WARN("Cannot register callbacks in DELETED state (type %x)!\n", types); ++ return -1; ++ } ++ + cb = (struct dlg_callback*)shm_malloc(sizeof(struct dlg_callback)); + if (cb==0) { + LM_ERR("no more shm mem\n"); diff --git a/opensips-0023-ratelimit-fix-buffer-overflow-when-using-SBT-algorit.patch b/opensips-0023-ratelimit-fix-buffer-overflow-when-using-SBT-algorit.patch new file mode 100644 index 0000000..36ebdc0 --- /dev/null +++ b/opensips-0023-ratelimit-fix-buffer-overflow-when-using-SBT-algorit.patch @@ -0,0 +1,24 @@ +From: Razvan Crainea +Date: Thu, 31 Aug 2017 15:40:02 +0300 +Subject: [PATCH] ratelimit: fix buffer overflow when using SBT algorithm + +Make sure the window doesn't overflow +Fixes #1176 + +(cherry picked from commit d8854637e9329e7d6a52b87aa5cc4601450011c3) + +diff --git a/modules/ratelimit/ratelimit.c b/modules/ratelimit/ratelimit.c +index cb77a5438..2cfb9c686 100644 +--- a/modules/ratelimit/ratelimit.c ++++ b/modules/ratelimit/ratelimit.c +@@ -555,8 +555,8 @@ static inline int hist_check(rl_pipe_t *pipe) + pipe->rwin.start_index = first_good_index; + + /* count current call; it will be the last element in the window */ +- pipe->rwin.window[(pipe->rwin.start_index) +- + (pipe->rwin.window_size-1) % pipe->rwin.window_size]++; ++ pipe->rwin.window[((pipe->rwin.start_index) ++ + (pipe->rwin.window_size-1)) % pipe->rwin.window_size]++; + + } else { /* now_total - start_total < rl_win_ms */ + /* no need to modify the window, the value is inside it; diff --git a/opensips-0024-siptrace-fix-type-for-message-DB-column-value-str-in.patch b/opensips-0024-siptrace-fix-type-for-message-DB-column-value-str-in.patch new file mode 100644 index 0000000..cdee170 --- /dev/null +++ b/opensips-0024-siptrace-fix-type-for-message-DB-column-value-str-in.patch @@ -0,0 +1,131 @@ +From: rvlad-patrascu +Date: Thu, 31 Aug 2017 15:08:16 +0300 +Subject: [PATCH] siptrace: fix type for message DB column value, str instead + of blob + +(cherry picked from commit 36f43169e238a53f7c077832f4d968ca8be38b4f) + +Conflicts: + modules/siptrace/siptrace.c + +diff --git a/modules/siptrace/siptrace.c b/modules/siptrace/siptrace.c +index f626e5ab9..73b7b3cf9 100644 +--- a/modules/siptrace/siptrace.c ++++ b/modules/siptrace/siptrace.c +@@ -744,7 +744,7 @@ static void init_db_cols(void) + } while(0); + + +- COL_INIT(msg, 0, BLOB); ++ COL_INIT(msg, 0, STR); + COL_INIT(callid, 1, STR); + COL_INIT(method, 2, STR); + COL_INIT(status, 3, STR); +@@ -952,8 +952,8 @@ static int save_siptrace(struct sip_msg *msg, db_key_t *keys, db_val_t *vals, + + break; + case TYPE_SIP: +- if (trace_send_duplicate(db_vals[0].val.blob_val.s, +- db_vals[0].val.blob_val.len, &it->el.uri) < 0) { ++ if (trace_send_duplicate(db_vals[0].val.str_val.s, ++ db_vals[0].val.str_val.len, &it->el.uri) < 0) { + LM_ERR("Faield to duplicate with sip to <%.*s:%.*s>\n", + it->el.uri.host.len, it->el.uri.host.s, + it->el.uri.port.len, it->el.uri.port.s); +@@ -1557,8 +1557,8 @@ static int sip_trace(struct sip_msg *msg, trace_info_p info) + + + LM_DBG("sip_trace called \n"); +- db_vals[0].val.blob_val.s = msg->buf; +- db_vals[0].val.blob_val.len = msg->len; ++ db_vals[0].val.str_val.s = msg->buf; ++ db_vals[0].val.str_val.len = msg->len; + + db_vals[1].val.str_val.s = msg->callid->body.s; + db_vals[1].val.str_val.len = msg->callid->body.len; +@@ -1679,8 +1679,8 @@ static void trace_slreply_out(struct sip_msg* req, str *buffer,int rpl_code, + return; + } + +- db_vals[0].val.blob_val.s = (buffer)?buffer->s:""; +- db_vals[0].val.blob_val.len = (buffer)?buffer->len:0; ++ db_vals[0].val.str_val.s = (buffer)?buffer->s:""; ++ db_vals[0].val.str_val.len = (buffer)?buffer->len:0; + + /* check Call-ID header */ + if(req->callid==NULL || req->callid->body.s==NULL) +@@ -1770,11 +1770,11 @@ static void trace_msg_out(struct sip_msg* msg, str *sbuf, + + if(sbuf!=NULL && sbuf->len>0) + { +- db_vals[0].val.blob_val.s = sbuf->s; +- db_vals[0].val.blob_val.len = sbuf->len; ++ db_vals[0].val.str_val.s = sbuf->s; ++ db_vals[0].val.str_val.len = sbuf->len; + } else { +- db_vals[0].val.blob_val.s = "No request buffer"; +- db_vals[0].val.blob_val.len = sizeof("No request buffer")-1; ++ db_vals[0].val.str_val.s = "No request buffer"; ++ db_vals[0].val.str_val.len = sizeof("No request buffer")-1; + } + + /* check Call-ID header */ +@@ -1886,11 +1886,11 @@ static void trace_onreply_in(struct cell* t, int type, struct tmcb_params *ps) + } + + if(msg->len>0) { +- db_vals[0].val.blob_val.s = msg->buf; +- db_vals[0].val.blob_val.len = msg->len; ++ db_vals[0].val.str_val.s = msg->buf; ++ db_vals[0].val.str_val.len = msg->len; + } else { +- db_vals[0].val.blob_val.s = "No reply buffer"; +- db_vals[0].val.blob_val.len = sizeof("No reply buffer")-1; ++ db_vals[0].val.str_val.s = "No reply buffer"; ++ db_vals[0].val.str_val.len = sizeof("No reply buffer")-1; + } + + /* check Call-ID header */ +@@ -1987,28 +1987,28 @@ static void trace_onreply_out(struct cell* t, int type, struct tmcb_params *ps) + if(faked==0) + { + if(sbuf!=0 && sbuf->len>0) { +- db_vals[0].val.blob_val.s = sbuf->s; +- db_vals[0].val.blob_val.len = sbuf->len; ++ db_vals[0].val.str_val.s = sbuf->s; ++ db_vals[0].val.str_val.len = sbuf->len; + } else if(t->uas.response.buffer.s!=NULL) { +- db_vals[0].val.blob_val.s = t->uas.response.buffer.s; +- db_vals[0].val.blob_val.len = t->uas.response.buffer.len; ++ db_vals[0].val.str_val.s = t->uas.response.buffer.s; ++ db_vals[0].val.str_val.len = t->uas.response.buffer.len; + } else if(msg->len>0) { +- db_vals[0].val.blob_val.s = msg->buf; +- db_vals[0].val.blob_val.len = msg->len; ++ db_vals[0].val.str_val.s = msg->buf; ++ db_vals[0].val.str_val.len = msg->len; + } else { +- db_vals[0].val.blob_val.s = "No reply buffer"; +- db_vals[0].val.blob_val.len = sizeof("No reply buffer")-1; ++ db_vals[0].val.str_val.s = "No reply buffer"; ++ db_vals[0].val.str_val.len = sizeof("No reply buffer")-1; + } + } else { + if(sbuf!=0 && sbuf->len>0) { +- db_vals[0].val.blob_val.s = sbuf->s; +- db_vals[0].val.blob_val.len = sbuf->len; ++ db_vals[0].val.str_val.s = sbuf->s; ++ db_vals[0].val.str_val.len = sbuf->len; + } else if(t->uas.response.buffer.s==NULL) { +- db_vals[0].val.blob_val.s = "No reply buffer"; +- db_vals[0].val.blob_val.len = sizeof("No reply buffer")-1; ++ db_vals[0].val.str_val.s = "No reply buffer"; ++ db_vals[0].val.str_val.len = sizeof("No reply buffer")-1; + } else { +- db_vals[0].val.blob_val.s = t->uas.response.buffer.s; +- db_vals[0].val.blob_val.len = t->uas.response.buffer.len; ++ db_vals[0].val.str_val.s = t->uas.response.buffer.s; ++ db_vals[0].val.str_val.len = t->uas.response.buffer.len; + } + } + diff --git a/opensips-0025-parse_fline-fix-implicit-cast-sign.patch b/opensips-0025-parse_fline-fix-implicit-cast-sign.patch new file mode 100644 index 0000000..fb826d3 --- /dev/null +++ b/opensips-0025-parse_fline-fix-implicit-cast-sign.patch @@ -0,0 +1,19 @@ +From: Razvan Crainea +Date: Tue, 12 Sep 2017 11:36:40 +0300 +Subject: [PATCH] parse_fline: fix implicit cast sign + +(cherry picked from commit b0eb928e7241e9c8c2fcfff3e3bb3704fbfddae6) + +diff --git a/parser/parse_fline.c b/parser/parse_fline.c +index a7a202242..20548141b 100644 +--- a/parser/parse_fline.c ++++ b/parser/parse_fline.c +@@ -1275,7 +1275,7 @@ error: + if (prn) { + for (t=0; t +Date: Tue, 12 Sep 2017 11:10:56 +0300 +Subject: [PATCH] proto_wss: write all TLS chunks under a single lock + +Reported by Eric Tamme from OnSIP + +(cherry picked from commit e113e147c71b2fa4f84bed3621b91d1ed1de38f6) + +diff --git a/modules/proto_tls/proto_tls.c b/modules/proto_tls/proto_tls.c +index 7257fc066..27dfe83b9 100644 +--- a/modules/proto_tls/proto_tls.c ++++ b/modules/proto_tls/proto_tls.c +@@ -110,7 +110,12 @@ static int proto_tls_send(struct socket_info* send_sock, + static int w_tls_blocking_write(struct tcp_connection *c, int fd, const char *buf, + size_t len) + { +- return tls_blocking_write(c, fd, buf, len, &tls_mgm_api); ++ int ret; ++ ++ lock_get(&c->write_lock); ++ ret = tls_blocking_write(c, fd, buf, len, &tls_mgm_api); ++ lock_release(&c->write_lock); ++ return ret; + } + + /* buffer to be used for reading all TCP SIP messages +@@ -343,7 +348,9 @@ static int proto_tls_send(struct socket_info* send_sock, + send_it: + LM_DBG("sending via fd %d...\n",fd); + ++ lock_get(&c->write_lock); + n = tls_blocking_write(c, fd, buf, len, &tls_mgm_api); ++ lock_release(&c->write_lock); + tcp_conn_set_lifetime( c, tcp_con_lifetime); + + LM_DBG("after write: c= %p n=%d fd=%d\n",c, n, fd); +diff --git a/modules/proto_wss/proto_wss.c b/modules/proto_wss/proto_wss.c +index 4c4685a4b..ec3ed2050 100644 +--- a/modules/proto_wss/proto_wss.c ++++ b/modules/proto_wss/proto_wss.c +@@ -451,6 +451,7 @@ static int wss_raw_writev(struct tcp_connection *c, int fd, + #endif + + #ifndef TLS_DONT_WRITE_FRAGMENTS ++ lock_get(&c->write_lock); + for (i = 0; i < iovcnt; i++) { + n = tls_blocking_write(c, fd, iov[i].iov_base, iov[i].iov_len, &tls_mgm_api); + if (n < 0) { +@@ -459,6 +460,7 @@ static int wss_raw_writev(struct tcp_connection *c, int fd, + } + ret += n; + } ++ lock_release(&c->write_lock); + #else + n = 0; + for (i = 0; i < iovcnt; i++) +@@ -473,7 +475,9 @@ static int wss_raw_writev(struct tcp_connection *c, int fd, + memcpy(buf + n, iov[i].iov_base, iov[i].iov_len); + n += iov[i].iov_len; + } ++ lock_get(&c->write_lock); + n = tls_blocking_write(c, fd, buf, n, &tls_mgm_api); ++ lock_release(&c->write_lock); + + #endif /* TLS_DONT_WRITE_FRAGMENTS */ + +diff --git a/modules/tls_mgm/tls_conn_server.h b/modules/tls_mgm/tls_conn_server.h +index 240963271..af6c2b309 100644 +--- a/modules/tls_mgm/tls_conn_server.h ++++ b/modules/tls_mgm/tls_conn_server.h +@@ -422,8 +422,6 @@ static int tls_blocking_write(struct tcp_connection *c, int fd, const char *buf, + goto error; + } + +- lock_get(&c->write_lock); +- + if (tls_update_fd(c, fd) < 0) + goto error; + +@@ -474,7 +472,6 @@ again: + /* + * successful full write + */ +- lock_release(&c->write_lock); + return written; + } + +@@ -516,7 +513,6 @@ poll_loop: + } + + error: +- lock_release(&c->write_lock); + return -1; + } + diff --git a/opensips-0027-proto_wss-release-lock-even-if-write-fails.patch b/opensips-0027-proto_wss-release-lock-even-if-write-fails.patch new file mode 100644 index 0000000..aa5b066 --- /dev/null +++ b/opensips-0027-proto_wss-release-lock-even-if-write-fails.patch @@ -0,0 +1,32 @@ +From: Razvan Crainea +Date: Wed, 13 Sep 2017 17:45:33 +0300 +Subject: [PATCH] proto_wss: release lock even if write fails + +Detected and fixed by Eric Tamme from OnSIP + +(cherry picked from commit 99af2fc44f0b8216bdbe7320d41adb208144ada0) + +diff --git a/modules/proto_wss/proto_wss.c b/modules/proto_wss/proto_wss.c +index ec3ed2050..83c91b6bc 100644 +--- a/modules/proto_wss/proto_wss.c ++++ b/modules/proto_wss/proto_wss.c +@@ -460,7 +460,6 @@ static int wss_raw_writev(struct tcp_connection *c, int fd, + } + ret += n; + } +- lock_release(&c->write_lock); + #else + n = 0; + for (i = 0; i < iovcnt; i++) +@@ -477,10 +476,9 @@ static int wss_raw_writev(struct tcp_connection *c, int fd, + } + lock_get(&c->write_lock); + n = tls_blocking_write(c, fd, buf, n, &tls_mgm_api); +- lock_release(&c->write_lock); +- + #endif /* TLS_DONT_WRITE_FRAGMENTS */ + + end: ++ lock_release(&c->write_lock); + return ret; + } diff --git a/opensips-0028-Fix-bogus-error-message-probabaly-copy-paste-error.patch b/opensips-0028-Fix-bogus-error-message-probabaly-copy-paste-error.patch new file mode 100644 index 0000000..022b406 --- /dev/null +++ b/opensips-0028-Fix-bogus-error-message-probabaly-copy-paste-error.patch @@ -0,0 +1,21 @@ +From: Bogdan-Andrei Iancu +Date: Thu, 14 Sep 2017 20:09:36 +0300 +Subject: [PATCH] Fix bogus error message (probabaly copy paste error) + +Credits for the fix go to Michael Mavroudis. + +(cherry picked from commit 9e497ea4ab03c67cb073bdf0dccef2b16bff80e2) + +diff --git a/scripts/opensipsdbctl b/scripts/opensipsdbctl +index fdaa5175c..8bfefa1c4 100755 +--- a/scripts/opensipsdbctl ++++ b/scripts/opensipsdbctl +@@ -126,7 +126,7 @@ case $DBENGINE in + USED_DBENGINE="sqlite" + DBNAME=$DB_PATH + else +- merr "could not load the script in $MYLIBDIR/opensipsdbctl.db_berkeley for database engine $DBENGINE" ++ merr "could not load the script in $MYLIBDIR/opensipsdbctl.sqlite for database engine $DBENGINE" + fi + ;; + diff --git a/opensips-0029-siptrace-allow-capturing-on-any-port.patch b/opensips-0029-siptrace-allow-capturing-on-any-port.patch new file mode 100644 index 0000000..1031ff5 --- /dev/null +++ b/opensips-0029-siptrace-allow-capturing-on-any-port.patch @@ -0,0 +1,31 @@ +From: Razvan Crainea +Date: Fri, 15 Sep 2017 17:13:41 +0300 +Subject: [PATCH] siptrace: allow capturing on any port + +reported by Eric Tamme from OnSIP + +(cherry picked from commit b7f9ca3316f4d6c740fc62599a55bae97026efbd) + +diff --git a/modules/siptrace/siptrace.c b/modules/siptrace/siptrace.c +index 73b7b3cf9..ddc83eda9 100644 +--- a/modules/siptrace/siptrace.c ++++ b/modules/siptrace/siptrace.c +@@ -2377,17 +2377,8 @@ static int pipport2su (str *sproto, str *ip, unsigned short port, + return -1; + } + +- if (port == 0) { ++ if (port == 0) + port = SIP_PORT; +- } +- else{ +- /*the address contains a port number*/ +- if (port<1024 || port>65535) +- { +- LM_ERR("invalid port number; must be in [1024,65536]\n"); +- return -1; +- } +- } + LM_DBG("proto %d, host %.*s , port %d \n",*proto, ip->len, ip->s, port); + + /* now IPv6 address has no brakets. It should be fixed! */ diff --git a/opensips-0030-Merge-pull-request-1191-from-etamme-master.patch b/opensips-0030-Merge-pull-request-1191-from-etamme-master.patch new file mode 100644 index 0000000..2e6b970 --- /dev/null +++ b/opensips-0030-Merge-pull-request-1191-from-etamme-master.patch @@ -0,0 +1,23 @@ +From: Bogdan Andrei IANCU +Date: Thu, 21 Sep 2017 12:01:44 +0300 +Subject: [PATCH] Merge pull request #1191 from etamme/master + +fix memory leak in cpl-c write_to_db +(cherry picked from commit 2a64a1455d63fdabf9d9130811d2932e245afd1e) + +diff --git a/modules/cpl_c/cpl_db.c b/modules/cpl_c/cpl_db.c +index 61b510f8a..6e21bd79b 100644 +--- a/modules/cpl_c/cpl_db.c ++++ b/modules/cpl_c/cpl_db.c +@@ -242,8 +242,11 @@ int write_to_db(str *username, str *domain, str *xml, str *bin) + } + } + ++ cpl_dbf.free_result( db_hdl, res); + return 1; + error: ++ if (res) ++ cpl_dbf.free_result( db_hdl, res); + return -1; + } + diff --git a/opensips-0031-Merge-pull-request-1195-from-etamme-master.patch b/opensips-0031-Merge-pull-request-1195-from-etamme-master.patch new file mode 100644 index 0000000..8967b39 --- /dev/null +++ b/opensips-0031-Merge-pull-request-1195-from-etamme-master.patch @@ -0,0 +1,23 @@ +From: =?UTF-8?q?R=C4=83zvan=20Crainea?= +Date: Mon, 25 Sep 2017 17:54:29 +0300 +Subject: [PATCH] Merge pull request #1195 from etamme/master + +check if trace id node exists before de-reference (fix segfault) + +(cherry picked from commit 675164c747e4f538dfa34fcdfb46b9adbf3567e4) + +diff --git a/modules/siptrace/siptrace.c b/modules/siptrace/siptrace.c +index ddc83eda9..5553b22fe 100644 +--- a/modules/siptrace/siptrace.c ++++ b/modules/siptrace/siptrace.c +@@ -2192,6 +2192,10 @@ static struct mi_root* sip_trace_mi(struct mi_root* cmd_tree, void* param ) + } + + it=get_list_start(&node->value); ++ if (!it) { ++ return init_mi_tree( 400, MI_SSTR(MI_BAD_PARM)); ++ } ++ + hash=it->hash; + + for (;it&&it->hash==hash;it=it->next) diff --git a/opensips.spec b/opensips.spec index 3fc02ad..41aaf76 100644 --- a/opensips.spec +++ b/opensips.spec @@ -4,8 +4,8 @@ Summary: Open Source SIP Server Name: opensips -Version: 2.2.3 -Release: 11%{?dist} +Version: 2.2.5 +Release: 1%{?dist} License: GPLv2+ Group: System Environment/Daemons Source0: https://github.com/%{name}/%{name}/archive/%{version}/%{name}-%{version}.tar.gz @@ -17,19 +17,32 @@ Patch4: opensips-0004-db_oracle-Fix-default-ret-result.patch Patch5: opensips-0005-Return-actual-payload-ID-in-case-of-a-dynamic-payloa.patch Patch6: opensips-0006-Use-additional-auth-field-Sip-Source-IP-Address.patch Patch7: opensips-0007-Don-t-remove-pthread-library-explicitly-from-mi_xmlr.patch +Patch8: opensips-0008-Dont-try-modifying-CFLAGS.patch # Backported from master branch -Patch8: opensips-0008-Add-support-for-openssl-1.1.0.patch -Patch9: opensips-0009-identity-add-support-for-openssl-1.1.0.patch -Patch10: opensips-0010-identity-complete-port-to-openssl-1.1.0.patch -Patch11: opensips-0011-Finalize-OpenSSL-1.1.0-migration.patch - -# Don't setup our own CFLAGS -Patch12: opensips-0012-Dont-try-modifying-CFLAGS.patch - -# Fix build with MariaDB 10.2 -# https://patch-diff.githubusercontent.com/raw/OpenSIPS/opensips/pull/1164 -Patch13: 1164.patch +Patch9: opensips-0009-Add-support-for-openssl-1.1.0.patch +Patch10: opensips-0010-identity-add-support-for-openssl-1.1.0.patch +Patch11: opensips-0011-identity-complete-port-to-openssl-1.1.0.patch +Patch12: opensips-0012-Finalize-OpenSSL-1.1.0-migration.patch +Patch13: opensips-0013-Fix-milliseconds-for-call-duration-consistency-acros.patch +Patch14: opensips-0014-acc-restore-new_uri-in-case-an-error-occurs-on-reply.patch +Patch15: opensips-0015-drouting-fix-parameters-specifications-for-gw-detect.patch +Patch16: opensips-0016-Fix-incorrect-bug-log.patch +Patch17: opensips-0017-Fix-replicating-NULL-socket-in-contact.patch +Patch18: opensips-0018-b2b_entities-fix-b2b-key-memory-leak.patch +Patch19: opensips-0019-Fixed-wrong-TLS-parameters.patch +Patch20: opensips-0020-db_mysql-fix-build-against-MariaDB-10.2.patch +Patch21: opensips-0021-event_xmlrpc-rebuild-buffer-for-each-event.patch +Patch22: opensips-0022-dialog-do-not-allow-callbacks-in-state-DELETED.patch +Patch23: opensips-0023-ratelimit-fix-buffer-overflow-when-using-SBT-algorit.patch +Patch24: opensips-0024-siptrace-fix-type-for-message-DB-column-value-str-in.patch +Patch25: opensips-0025-parse_fline-fix-implicit-cast-sign.patch +Patch26: opensips-0026-proto_wss-write-all-TLS-chunks-under-a-single-lock.patch +Patch27: opensips-0027-proto_wss-release-lock-even-if-write-fails.patch +Patch28: opensips-0028-Fix-bogus-error-message-probabaly-copy-paste-error.patch +Patch29: opensips-0029-siptrace-allow-capturing-on-any-port.patch +Patch30: opensips-0030-Merge-pull-request-1191-from-etamme-master.patch +Patch31: opensips-0031-Merge-pull-request-1195-from-etamme-master.patch URL: https://opensips.org @@ -747,25 +760,9 @@ the exchange of instant messages between SIP clients and XMPP(jabber) clients. %prep -%setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 +%autosetup -p1 rm -f modules/db_oracle/asynch.c rm -f modules/db_oracle/asynch.h -%patch4 -p1 -%patch5 -p1 -b .return_actual_payload_id -%patch6 -p1 -b .additional_auth_field_src_ip -%patch7 -p1 -b .restore_pthread_linkage - -# OpenSSL 1.1.0 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 - -%patch12 -p1 -b .cflags -%patch13 -p1 -b .mariadb %build LOCALBASE=/usr NICER=0 CFLAGS="%{optflags} -fgnu89-inline" LDFLAGS="%{?__global_ldflags}" %{?_with_oracle:ORAHOME="$ORACLE_HOME"} %{__make} all %{?_smp_mflags} TLS=1 \ @@ -1358,6 +1355,9 @@ useradd -r -g %{name} -d %{_localstatedir}/run/%{name} -s /sbin/nologin \ %doc docdir/README.xmpp %changelog +* Wed Oct 04 2017 Peter Lemenkov - 2.2.5-1 +- Ver. 2.2.5 + * Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 2.2.3-11 - Add Provides for the old name without %%_isa diff --git a/sources b/sources index fab8044..7a58a97 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (opensips-2.2.3.tar.gz) = b959600af4495479bcc6305a693b87f4f317e8cee7954caaf30dc6e70b6deba607a5041a3ffac02b259a81b2bc490ab6c31e47ce64e23ee5b769088698af65a9 +SHA512 (opensips-2.2.5.tar.gz) = 1b4a8ecf6793a1489b995ab808ebb89a00e8c777686309acdcea3a1c93a839a0e68798eff290b247ce899f23e072a5c97de7e4f7bba6475e3b1a1f93d69edbdc