aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMaxim Cournoyer <maxim.cournoyer@gmail.com>2020-08-01 15:05:09 -0400
committerMaxim Cournoyer <maxim.cournoyer@gmail.com>2021-04-02 07:41:16 -0400
commit3d913c1ed80470fde408a6f4509e8ae1277f40fb (patch)
tree4091fccbc3025a3101ba69cd5036858e7d031be5
parent45136b3673bcdba21fa0d1fd6edb3d388a645fcc (diff)
downloadguix-3d913c1ed80470fde408a6f4509e8ae1277f40fb.tar
guix-3d913c1ed80470fde408a6f4509e8ae1277f40fb.tar.gz
gnu: pjproject-jami: Fix CVE-2020-15260 and CVE-2021-21375.
The custom pjproject package used by Jami is updated with the latest patches found in the 20210326.1.cfba013 release of Jami. * gnu/packages/jami.scm (%jami-version): Update to 20210326.1.cfba013. (jami-source) [snippet]: Update comment. Add client-electron and client-ios to the list of deleted directories. Remove client-windows from the list, as it no longer exists. (jami-apply-dependency-patches): Update comment. Ignore whitespace when applying patches, otherwise the pjproject patches would not apply. (pjproject-jami): Add comment. [source]: Define the source; the parent pjproject package was updated was updated to 2.11, but the patches only apply against 2.10. [phases] <apply-patches>: Update the list of patches used with those found in the release tarball.
-rw-r--r--gnu/packages/jami.scm52
1 files changed, 36 insertions, 16 deletions
diff --git a/gnu/packages/jami.scm b/gnu/packages/jami.scm
index 3773c1ab0a..35d84bb37b 100644
--- a/gnu/packages/jami.scm
+++ b/gnu/packages/jami.scm
@@ -2,7 +2,7 @@
;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
;;; Copyright © 2020 Vincent Legoll <vincent.legoll@gmail.com>
;;; Copyright © 2019, 2020 Jan Wielkiewicz <tona_kosmicznego_smiecia@interia.pl>
-;;; Copyright © 2020 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2020, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -63,7 +63,7 @@
#:use-module (guix utils)
#:use-module (srfi srfi-1))
-(define %jami-version "20200710.1.6bd18d2")
+(define %jami-version "20210326.1.cfba013")
(define* (jami-source #:key keep-contrib-patches?)
"Return an origin object of the tarball release sources archive of Jami.
@@ -78,7 +78,7 @@ of Jami."
(modules '((guix build utils)))
(snippet
`(begin
- ;; Delete over 200 MiB of bundled tarballs. The contrib directory
+ ;; Delete multiple MiBs of bundled tarballs. The contrib directory
;; contains the custom patches for pjproject and other libraries used
;; by Savoir-faire Linux.
(if ,keep-contrib-patches?
@@ -86,21 +86,21 @@ of Jami."
(delete-file-recursively "daemon/contrib"))
;; Remove code from unused Jami clients.
(for-each delete-file-recursively '("client-android"
+ "client-electron"
+ "client-ios"
"client-macosx"
- "client-uwp"
- "client-windows"))
- #t))
+ "client-uwp"))))
(sha256
(base32
- "0lg61jv39x7kc9lq30by246xb6gcgp1rzj49ak7ff8nqpfzyfvva"))))
+ "1h0avma8bdzyznkz39crjyv2888bii4f49md15jg7970dyp5pdyz"))))
(define %sfl-patches (jami-source #:keep-contrib-patches? #t))
(define %jami-sources (jami-source))
-;; Savoir-faire Linux modifies many libraries to add features
-;; to Jami. This procedure makes applying patches to a given
-;; package easy.
+;; Savoir-faire Linux maintains a set of patches for some key dependencies
+;; (currently pjproject and ffmpeg) of Jami that haven't yet been integrated
+;; upstream. This procedure simplifies the process of applying these patches.x
(define jami-apply-dependency-patches
'(lambda* (#:key inputs dep-name patches)
(let ((patches-directory "sfl-patches"))
@@ -112,15 +112,30 @@ of Jami."
dep-name))
(for-each
(lambda (file)
- (invoke "patch" "--force" "-p1" "-i"
+ (invoke "patch" "--force" "--ignore-whitespace" "-p1" "-i"
(string-append patches-directory "/"
file ".patch")))
patches))))
+;;; Jami maintains pjproject patches that add the ability to do ICE over TCP,
+;;; among other things. The patches are currently based on pjproject 2.10.
(define-public pjproject-jami
(package
(inherit pjproject)
(name "pjproject-jami")
+ (version "2.10")
+ (source (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "https://github.com/pjsip/pjproject")
+ (commit version)))
+ (file-name (git-file-name name version))
+ (sha256
+ (base32
+ "1aklicpgwc88578k03i5d5cm5h8mfm7hmx8vfprchbmaa2p8f4z0"))
+ (patches (search-patches
+ "pjproject-correct-the-cflags-field.patch"
+ "pjproject-fix-pkg-config-ldflags.patch"))))
(native-inputs
`(("sfl-patches" ,%sfl-patches)
,@(package-native-inputs pjproject)))
@@ -140,14 +155,19 @@ of Jami."
"0004-multiple_listeners"
"0005-fix_ebusy_turn"
"0006-ignore_ipv6_on_transport_check"
- "0007-pj_ice_sess"
+ "0007-upnp-srflx-nat-assisted-cand"
"0008-fix_ioqueue_ipv6_sendto"
"0009-add-config-site"
- ;; Note: The base pjproject is already patched with
- ;; "0010-fix-pkgconfig".
+ ;; Already taken care of via the origin patches.
+ ;;"0010-fix-pkgconfig"
"0011-fix-tcp-death-detection"
- "0012-fix-turn-shutdown-crash"))
- #t))))))))
+ "0012-fix-turn-shutdown-crash"
+ "0013-Assign-unique-local-preferences-for-candidates-with-"
+ "0014-Add-new-compile-time-setting-PJ_ICE_ST_USE_TURN_PERM"
+ "0015-update-local-preference-for-peer-reflexive-candidate"
+ "0016-use-addrinfo-instead-CFHOST"
+ "0017-CVE-2020-15260"
+ "0018-CVE-2021-21375"))))))))))
;; The following variables are configure flags used by ffmpeg-jami. They're
;; from the ring-project/daemon/contrib/src/ffmpeg/rules.mak file. We try to