changeset
Warning, downgrading software version due to TLS or TCP blocking defects in newest vendor version.
Wed, 21 Sep 2011 16:06:14 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Wed, 21 Sep 2011 16:06:14 +0200
- changeset 382
- b972dc20871f
- parent 381
- 8ddd39bcf2ec
- child 383
- ff9d497ea16d
Warning, downgrading software version due to TLS or TCP blocking defects in newest vendor version.
1.1 --- a/opensips/opensips.cfg Wed Sep 21 14:31:41 2011 +0200 1.2 +++ b/opensips/opensips.cfg Wed Sep 21 16:06:14 2011 +0200 1.3 @@ -115,6 +115,7 @@ 1.4 modparam("usrloc|uri|auth_db", "db_url", "text://@l_prefix@/var/opensips/db") 1.5 1.6 # ----- rr params ----- 1.7 +modparam("rr", "enable_full_lr", 1) # add value to ;lr param for broken UAs 1.8 modparam("rr", "append_fromtag", 1) # important when using detect_direction 1.9 1.10 # ----- usrloc params ----- 1.11 @@ -129,6 +130,7 @@ 1.12 modparam("acc", "db_url", "dbtext://@l_prefix@/var/opensips/db") 1.13 #modparam("acc", "db_url", "flatstore:@l_prefix@/var/opensips/acc") 1.14 modparam("acc", "early_media", 1) 1.15 +modparam("acc", "report_ack", 1) 1.16 modparam("acc", "report_cancels", 1) 1.17 modparam("acc", "detect_direction", 1) 1.18 modparam("acc", "log_level", 2)
2.1 --- a/opensips/opensips.patch Wed Sep 21 14:31:41 2011 +0200 2.2 +++ b/opensips/opensips.patch Wed Sep 21 16:06:14 2011 +0200 2.3 @@ -2,7 +2,7 @@ 2.4 diff -Nau main.c.orig main.c 2.5 --- main.c.orig 2009-12-10 14:11:03.590141302 +0100 2.6 +++ main.c 2009-12-10 14:11:07.246237908 +0100 2.7 -@@ -1038,6 +1038,10 @@ 2.8 +@@ -952,6 +952,10 @@ 2.9 ret=-1; 2.10 my_argc=argc; my_argv=argv; 2.11 2.12 @@ -13,7 +13,7 @@ 2.13 /*init pkg mallocs (before parsing cfg or cmd line !)*/ 2.14 if (init_pkg_mallocs()==-1) 2.15 goto error00; 2.16 -@@ -1370,6 +1374,11 @@ 2.17 +@@ -1284,6 +1288,11 @@ 2.18 2.19 /* init_daemon? */ 2.20 if (!dont_fork){ 2.21 @@ -29,7 +29,7 @@ 2.22 diff -Nau Makefile.defs.orig Makefile.defs 2.23 --- Makefile.defs.orig 2007-12-13 14:39:06.000000000 +0100 2.24 +++ Makefile.defs 2008-01-14 16:48:02.811615000 +0100 2.25 -@@ -220,7 +220,7 @@ 2.26 +@@ -216,7 +216,7 @@ 2.27 else 2.28 doc-dir = doc/$(MAIN_NAME)/ 2.29 man-dir = man/ 2.30 @@ -38,7 +38,7 @@ 2.31 LOCALBASE ?= $(SYSBASE)/local 2.32 endif 2.33 endif 2.34 -@@ -1432,6 +1432,10 @@ 2.35 +@@ -1427,6 +1427,10 @@ 2.36 LIBS+= -lsctp 2.37 endif 2.38 2.39 @@ -74,7 +74,7 @@ 2.40 use IO::Socket; 2.41 use Socket; 2.42 #use Net::IP; 2.43 -@@ -378,6 +377,12 @@ 2.44 +@@ -396,6 +395,12 @@ 2.45 } 2.46 } 2.47 2.48 @@ -119,17 +119,17 @@ 2.49 diff -Nau modules/nathelper/nathelper.c.orig modules/nathelper/nathelper.c 2.50 --- modules/nathelper/nathelper.c.orig 2010-12-20 14:33:50.000000000 +0100 2.51 +++ modules/nathelper/nathelper.c 2011-01-26 17:48:40.685941382 +0100 2.52 -@@ -288,6 +288,9 @@ 2.53 - return 0; 2.54 - } 2.55 +@@ -273,6 +273,9 @@ 2.56 + #define MI_RECHECK_TICKS "recheck_ticks" 2.57 + #define MI_RECHECK_T_LEN (sizeof(MI_RECHECK_TICKS)-1) 2.58 2.59 +/* MSvB macros */ 2.60 +#define OPENSIPS_NOOP ((void)0) 2.61 + 2.62 2.63 2.64 - 2.65 -@@ -805,6 +808,7 @@ 2.66 + /* Supported version of the RTP proxy command protocol */ 2.67 +@@ -1921,6 +1925,7 @@ 2.68 #define FIX_MEDIP 0x02 2.69 #define ADD_ANORTPPROXY 0x04 2.70 #define FIX_ORGIP 0x08 2.71 @@ -137,7 +137,20 @@ 2.72 2.73 #define ADIRECTION "a=direction:active" 2.74 #define ADIRECTION_LEN (sizeof(ADIRECTION) - 1) 2.75 -@@ -821,7 +825,9 @@ 2.76 +@@ -2050,6 +2055,12 @@ 2.77 + return -1; 2.78 + } 2.79 + 2.80 ++ if (level & FIX_RTCPIP) { 2.81 ++ /* Iterate all a=rtcp: and replace ips in them. */ 2.82 ++ if (replace_sdp_ip(msg, &body, "a=rtcp:", str2?&ip:0)==-1) 2.83 ++ return -1; 2.84 ++ } 2.85 ++ 2.86 + return 1; 2.87 + } 2.88 + 2.89 +@@ -2215,7 +2226,9 @@ 2.90 { 2.91 char *buf; 2.92 int offset; 2.93 @@ -147,14 +160,14 @@ 2.94 str omip, nip, oip; 2.95 2.96 /* check that updating mediaip is really necessary */ 2.97 -@@ -852,7 +858,19 @@ 2.98 +@@ -2246,7 +2259,19 @@ 2.99 memcpy(buf, CRLF, CRLF_LEN); 2.100 memcpy(buf + CRLF_LEN, omip.s, omip.len); 2.101 memcpy(buf + CRLF_LEN + omip.len, oldip->s, oldip->len); 2.102 - if (insert_new_lump_after(anchor, buf, 2.103 + 2.104 -+ /* if the oldmediaip string is already */ 2.105 -+ /* in the body then don't add it again */ 2.106 ++ /* if the oldmediaip string is already */ 2.107 ++ /* in the body then don't add it again */ 2.108 + binlump = 0; 2.109 + for (templump = msg->body_lumps; templump; templump = templump->next) 2.110 + if (templump->op == LUMP_ADD && strstr(templump->u.value, buf)) 2.111 @@ -168,19 +181,6 @@ 2.112 omip.len + oldip->len + CRLF_LEN, 0) == NULL) { 2.113 LM_ERR("insert_new_lump_after failed\n"); 2.114 pkg_free(buf); 2.115 -@@ -1038,6 +1056,12 @@ 2.116 - p= p->next; 2.117 - } 2.118 - 2.119 -+ if (level & FIX_RTCPIP) { 2.120 -+ /* Iterate all a=rtcp: and replace ips in them. */ 2.121 -+ if (replace_sdp_ip(msg, &body, "a=rtcp:", str2?&ip:0)==-1) 2.122 -+ return -1; 2.123 -+ } 2.124 -+ 2.125 - return 1; 2.126 - } 2.127 - 2.128 Index: parser/sdp/sdp_helpr_funcs.c 2.129 diff -Nau parser/sdp/sdp_helpr_funcs.c.orig parser/sdp/sdp_helpr_funcs.c 2.130 --- parser/sdp/sdp_helpr_funcs.c.orig 2010-12-08 15:14:06.000000000 +0100
3.1 --- a/opensips/opensips.patch.reg Wed Sep 21 14:31:41 2011 +0200 3.2 +++ b/opensips/opensips.patch.reg Wed Sep 21 16:06:14 2011 +0200 3.3 @@ -2,7 +2,7 @@ 3.4 diff -Nau modules/registrar/save.c.orig modules/registrar/save.c 3.5 --- modules/registrar/save.c.orig 2008-08-03 15:53:57.000000000 +0200 3.6 +++ modules/registrar/save.c 2009-03-24 21:44:46.182865192 +0100 3.7 -@@ -76,7 +76,7 @@ 3.8 +@@ -74,7 +74,7 @@ 3.9 struct save_ctx { 3.10 unsigned int flags; 3.11 str aor; 3.12 @@ -11,7 +11,7 @@ 3.13 }; 3.14 3.15 3.16 -@@ -388,7 +388,7 @@ 3.17 +@@ -386,7 +386,7 @@ 3.18 if (e == 0) 3.19 continue; 3.20 3.21 @@ -20,7 +20,7 @@ 3.22 if (_sctx->flags®_SAVE_FORCE_REG_FLAG) { 3.23 /* we are overflowing the number of maximum contacts, 3.24 so remove the first (oldest) one to prevent this */ 3.25 -@@ -494,6 +494,7 @@ 3.26 +@@ -492,6 +492,7 @@ 3.27 contact_t* _c, struct save_ctx *_sctx) 3.28 { 3.29 ucontact_info_t *ci; 3.30 @@ -28,7 +28,7 @@ 3.31 ucontact_t* c; 3.32 int e; 3.33 unsigned int cflags; 3.34 -@@ -554,7 +555,7 @@ 3.35 +@@ -552,7 +553,7 @@ 3.36 continue; 3.37 3.38 /* we need to add a new contact -> too many ?? */ 3.39 @@ -37,7 +37,7 @@ 3.40 if (_sctx->flags®_SAVE_FORCE_REG_FLAG) { 3.41 /* we are overflowing the number of maximum contacts, 3.42 so remove the first (oldest) one to prevent this */ 3.43 -@@ -581,6 +582,23 @@ 3.44 +@@ -579,6 +580,23 @@ 3.45 goto error; 3.46 } 3.47
4.1 --- a/opensips/opensips.patch.uac Wed Sep 21 14:31:41 2011 +0200 4.2 +++ b/opensips/opensips.patch.uac Wed Sep 21 16:06:14 2011 +0200 4.3 @@ -2,7 +2,7 @@ 4.4 diff -Nau modules/uac/auth.c.orig modules/uac/auth.c 4.5 --- modules/uac/auth.c.orig 2008-08-03 15:53:40.000000000 +0200 4.6 +++ modules/uac/auth.c 2009-03-24 21:48:53.478867420 +0100 4.7 -@@ -143,14 +143,172 @@ 4.8 +@@ -375,14 +375,172 @@ 4.9 HASHHEX response; 4.10 str *new_hdr; 4.11 4.12 @@ -70,7 +70,7 @@ 4.13 + crd->passwd = pv_val.rs; 4.14 + 4.15 + if (nret) { /* if not found, look into predefined credentials */ 4.16 -+ tst = uac_auth_api._lookup_realm(&crd->realm); 4.17 ++ tst = lookup_realm(&crd->realm); 4.18 + 4.19 + if (tst==0) { /* found? */ 4.20 + LM_DBG("no credential for realm \"%.*s\"\n", \ 4.21 @@ -121,25 +121,25 @@ 4.22 + 4.23 + /* set the nonce from existing UAC message */ 4.24 + tmp_hdr = msg->proxy_auth; 4.25 -+ auth->nonce.len = 0; 4.26 -+ auth->nonce.s = 0; 4.27 ++ auth.nonce.len = 0; 4.28 ++ auth.nonce.s = 0; 4.29 + while (tmp_hdr) { 4.30 + if(pv_get_spec_value(msg, &auth_realm_spec, &pv_val)==0 \ 4.31 + && pv_val.rs.len>0) /* ensure realm is the desired one */ 4.32 + if (strncmp(crd->realm.s, pv_val.rs.s, crd->realm.len)==0) { 4.33 -+ auth->nonce.s = strchr(strstr(tmp_hdr->body.s, "nonce="), '"') + 1; 4.34 -+ auth->nonce.len = strchr(auth->nonce.s, '"') - auth->nonce.s; 4.35 ++ auth.nonce.s = strchr(strstr(tmp_hdr->body.s, "nonce="), '"') + 1; 4.36 ++ auth.nonce.len = strchr(auth.nonce.s, '"') - auth.nonce.s; 4.37 + } 4.38 + tmp_hdr = tmp_hdr->sibling; 4.39 + } 4.40 -+ if (auth->nonce.s == 0) { 4.41 ++ if (auth.nonce.s == 0) { 4.42 + LM_DBG("failed to retrieve nonce from UAC message\n"); 4.43 + pkg_free(crd); 4.44 + goto error; 4.45 + } 4.46 + 4.47 + /* do authentication */ 4.48 -+ uac_auth_api._do_uac_auth(msg, newuri, crd, auth, &auth_nc_cnonce, response); 4.49 ++ do_uac_auth(msg, newuri, crd, &auth, response); 4.50 + if (response==0) { 4.51 + LM_ERR("failed to calculate challenge response\n"); 4.52 + pkg_free(crd); 4.53 @@ -147,7 +147,7 @@ 4.54 + } 4.55 + 4.56 + /* build the authorization header */ 4.57 -+ new_hdr = uac_auth_api._build_authorization_hdr(407, newuri, crd, auth, &auth_nc_cnonce, response); 4.58 ++ new_hdr = build_authorization_hdr(407, newuri, crd, &auth, response); 4.59 + if (new_hdr==0) { 4.60 + LM_ERR("failed to build authorization hdr\n"); 4.61 + pkg_free(crd); 4.62 @@ -184,7 +184,7 @@ 4.63 diff -Nau modules/uac/uac.c.orig modules/uac/uac.c 4.64 --- modules/uac/uac.c.orig 2008-08-03 15:53:40.000000000 +0200 4.65 +++ modules/uac/uac.c 2009-03-24 21:49:48.922890737 +0100 4.66 -@@ -117,7 +117,7 @@ 4.67 +@@ -106,7 +106,7 @@ 4.68 REQUEST_ROUTE|BRANCH_ROUTE|FAILURE_ROUTE }, 4.69 {"uac_auth", (cmd_function)w_uac_auth, 0, 4.70 0, 0,
5.1 --- a/opensips/opensips.spec Wed Sep 21 14:31:41 2011 +0200 5.2 +++ b/opensips/opensips.spec Wed Sep 21 16:06:14 2011 +0200 5.3 @@ -22,6 +22,8 @@ 5.4 ## 5.5 5.6 # package options 5.7 +%define V_major 1.6.4 5.8 +%define V_minor 2 5.9 %define V_rtpproxy 1.2.1 5.10 5.11 # package information 5.12 @@ -34,8 +36,8 @@ 5.13 Class: PLUS 5.14 Group: VoIP 5.15 License: GPL 5.16 -Version: 1.7.0 5.17 -Release: 20110912 5.18 +Version: %{V_major}.%{V_minor} 5.19 +Release: 20110200 5.20 5.21 # package options 5.22 %option with_cons yes 5.23 @@ -57,7 +59,7 @@ 5.24 %option with_dbgmem no 5.25 5.26 # list of sources 5.27 -Source0: http://www.opensips.org/pub/opensips/%{version}/src/opensips-%{version}_src.tar.gz 5.28 +Source0: http://www.opensips.org/pub/opensips/%{V_major}/src/opensips-%{V_major}-%{V_minor}-tls_src.tar.gz 5.29 Source1: http://www.b2bua.org/chrome/site/rtpproxy-%{V_rtpproxy}.tar.gz 5.30 Source2: rc.opensips 5.31 Source3: fsl.opensips 5.32 @@ -65,8 +67,9 @@ 5.33 Patch0: opensips.patch 5.34 Patch1: opensips.patch.dict 5.35 Patch2: opensips.patch.uac 5.36 -Patch3: opensips.patch.reg 5.37 -Patch4: opensips.patch.rtpproxy 5.38 +Patch3: opensips.patch.lcr 5.39 +Patch4: opensips.patch.reg 5.40 +Patch5: opensips.patch.rtpproxy 5.41 5.42 # build information 5.43 Prefix: %{l_prefix} 5.44 @@ -166,11 +169,11 @@ 5.45 5.46 %track 5.47 prog opensips = { 5.48 - version = %{version} 5.49 + version = %{V_major}-%{V_minor} 5.50 url = http://www.opensips.org/pub/opensips/ 5.51 regex = (\d+\.\d+\.\d+)/ 5.52 url = http://www.opensips.org/pub/opensips/__NEWVER__/src/ 5.53 - regex = opensips-(__VER__)_src\.tar\.gz 5.54 + regex = opensips-(__VER__)-tls_src\.tar\.gz 5.55 } 5.56 prog opensips:rtpproxy = { 5.57 version = %{V_rtpproxy} 5.58 @@ -179,14 +182,15 @@ 5.59 } 5.60 5.61 %prep 5.62 - %setup -q -n opensips-%{version}-tls 5.63 - %setup -q -n opensips-%{version}-tls -T -D -a 1 5.64 + %setup -q -n opensips-%{V_major}-%{V_minor}-tls 5.65 + %setup -q -n opensips-%{V_major}-%{V_minor}-tls -T -D -a 1 5.66 %patch -p0 5.67 %patch -p0 -P 1 5.68 %patch -p0 -P 2 5.69 %patch -p0 -P 3 5.70 + %patch -p0 -P 4 5.71 ( cd rtpproxy-%{V_rtpproxy} 5.72 - %patch -p0 -P 4 5.73 + %patch -p0 -P 5 5.74 ) || exit $? 5.75 %{l_shtool} subst \ 5.76 -e 's;^#! */bin/sh;#! %{l_prefix}/bin/bash;' \ 5.77 @@ -302,6 +306,9 @@ 5.78 -e 's;\(script_flags(int\));\1,null);' \ 5.79 scripts/dbtext/opensips/dialog 5.80 %{l_shtool} subst \ 5.81 + -e 's;\(gw_name(string).*\) *$;\1 user(string,null) realm(string,null) passwd(string,null);' \ 5.82 + scripts/dbtext/opensips/gw 5.83 + %{l_shtool} subst \ 5.84 -e 's;body(string);body(blob);' \ 5.85 -e 's;sender(string);sender(string,null);' \ 5.86 scripts/dbtext/opensips/presentity
