[Pkg-voip-commits] r4667 - in /asterisk/trunk/debian: changelog control patches/series patches/tos-libcap rules

paravoid at alioth.debian.org paravoid at alioth.debian.org
Fri Oct 5 05:13:05 UTC 2007


Author: paravoid
Date: Fri Oct  5 05:13:05 2007
New Revision: 4667

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=4667
Log:
* Remove versioned dependency on dpkg-dev since that particular version is
  present since etch (sarge is not supported as a backport target anymore).
* Backport a patch from trunk so that Asterisk can set the IP ToS bits when
  it is run as a simple user (as we do).

Added:
    asterisk/trunk/debian/patches/tos-libcap
Modified:
    asterisk/trunk/debian/changelog
    asterisk/trunk/debian/control
    asterisk/trunk/debian/patches/series
    asterisk/trunk/debian/rules

Modified: asterisk/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/changelog?rev=4667&op=diff
==============================================================================
--- asterisk/trunk/debian/changelog (original)
+++ asterisk/trunk/debian/changelog Fri Oct  5 05:13:05 2007
@@ -12,8 +12,12 @@
     make doesn't fail on clean.
   * Pass NOISY_BUILD to make so that the GCC arguments can be examined in
     build logs.
-
- -- Faidon Liambotis <paravoid at debian.org>  Fri, 05 Oct 2007 05:11:56 +0300
+  * Remove versioned dependency on dpkg-dev since that particular version is
+    present since etch (sarge is not supported as a backport target anymore).
+  * Backport a patch from trunk so that Asterisk can set the IP ToS bits when
+    it is run as a simple user (as we do).
+
+ -- Faidon Liambotis <paravoid at debian.org>  Fri, 05 Oct 2007 06:11:27 +0300
 
 asterisk (1:1.4.11~dfsg-4) unstable; urgency=low
 

Modified: asterisk/trunk/debian/control
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/control?rev=4667&op=diff
==============================================================================
--- asterisk/trunk/debian/control (original)
+++ asterisk/trunk/debian/control Fri Oct  5 05:13:05 2007
@@ -3,7 +3,7 @@
 Section: comm
 Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
 Uploaders: Mark Purcell <msp at debian.org>, Kilian Krause <kilian at debian.org>, Jose Carlos Garcia Sogo <jsogo at debian.org>, Santiago Garcia Mantinan <manty at debian.org>, Simon Richter <sjr at debian.org>, Tzafrir Cohen <tzafrir.cohen at xorcom.com>, Faidon Liambotis <paravoid at debian.org>
-Build-Depends: debhelper (>= 5), zlib1g-dev, libreadline5-dev, libgsm1-dev, libssl-dev, libtonezone-dev (>= 1:1.4.1~0), bison, libasound2-dev, libpq-dev, unixodbc-dev, libpri-dev (>= 1.4.1-1), quilt, zaptel-source (>= 1:1.4.1~0), autotools-dev, libnewt-dev, libsqlite-dev, libspeex-dev, graphviz, libcurl4-openssl-dev | libcurl-dev, doxygen, gsfonts, libpopt-dev, libopenh323-dev (>= 1.17.4-1), libiksemel-dev, libradiusclient-ng-dev, freetds-dev, libvorbis-dev, libsnmp-dev, dpkg-dev (>= 1.13.19)
+Build-Depends: debhelper (>= 5), zlib1g-dev, libreadline5-dev, libgsm1-dev, libssl-dev, libtonezone-dev (>= 1:1.4.1~0), bison, libasound2-dev, libpq-dev, unixodbc-dev, libpri-dev (>= 1.4.1-1), quilt, zaptel-source (>= 1:1.4.1~0), autotools-dev, libnewt-dev, libsqlite-dev, libspeex-dev, graphviz, libcurl4-openssl-dev | libcurl-dev, doxygen, gsfonts, libpopt-dev, libopenh323-dev (>= 1.17.4-1), libiksemel-dev, libradiusclient-ng-dev, freetds-dev, libvorbis-dev, libsnmp-dev, libcap-dev
 Standards-Version: 3.7.2
 Homepage: http://www.asterisk.org/
 XS-Vcs-Svn: svn://svn.debian.org/pkg-voip/asterisk/trunk/

Modified: asterisk/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/series?rev=4667&op=diff
==============================================================================
--- asterisk/trunk/debian/patches/series (original)
+++ asterisk/trunk/debian/patches/series Fri Oct  5 05:13:05 2007
@@ -9,6 +9,7 @@
 # new features
 pubkey_jnctn
 func_devstate
+tos-libcap
 
 ### bristuff
 bristuff/bristuff-notice

Added: asterisk/trunk/debian/patches/tos-libcap
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/patches/tos-libcap?rev=4667&op=file
==============================================================================
--- asterisk/trunk/debian/patches/tos-libcap (added)
+++ asterisk/trunk/debian/patches/tos-libcap Fri Oct  5 05:13:05 2007
@@ -1,0 +1,723 @@
+Backport capability patch from trunk (1.5/1.6).
+When asterisk runs as a plain user (as Debian init scripts do), it can't set
+the Type of Service (ToS) field of IP to mark the packets as realtime traffic.
+
+This patch allows Asterisk to keep the CAP_NET_ADMIN capability when dropping
+privileges.
+
+ -- Faidon Liambotis <paravoid at debian.org>
+
+--- asterisk-1.4.12~dfsg.orig/configure
++++ asterisk-1.4.12~dfsg/configure
+@@ -724,6 +724,10 @@ CURL_LIB
+ CURL_INCLUDE
+ CURL_DIR
+ PBX_CURL
++CAP_LIB
++CAP_INCLUDE
++CAP_DIR
++PBX_CAP
+ CURSES_LIB
+ CURSES_INCLUDE
+ CURSES_DIR
+@@ -1504,6 +1508,7 @@ Optional Packages:
+   --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
+   --with-asound=PATH      use Advanced Linux Sound Architecture files in PATH
+   --with-curl=PATH        use cURL files in PATH
++  --with-cap=PATH         use POSIX 1.e capabilities files in PATH
+   --with-curses=PATH      use curses files in PATH
+   --with-gnutls=PATH      use GNU TLS support (used for iksemel only) files in
+                           PATH
+@@ -7635,6 +7640,34 @@ PBX_CURL=0
+ 
+ 
+ 
++CAP_DESCRIP="POSIX 1.e capabilities"
++CAP_OPTION="cap"
++
++# Check whether --with-cap was given.
++if test "${with_cap+set}" = set; then
++  withval=$with_cap;
++case ${withval} in
++     n|no)
++     USE_CAP=no
++     ;;
++     y|ye|yes)
++     CAP_MANDATORY="yes"
++     ;;
++     *)
++     CAP_DIR="${withval}"
++     CAP_MANDATORY="yes"
++     ;;
++esac
++
++fi
++
++PBX_CAP=0
++
++
++
++
++
++
+ CURSES_DESCRIP="curses"
+ CURSES_OPTION="curses"
+ 
+@@ -16967,6 +17000,417 @@ echo "$as_me: *** without explicitly spe
+ fi
+ 
+ 
++if test "x${host_os}" = "xlinux-gnu" ; then
++
++if test "${USE_CAP}" != "no"; then
++   pbxlibdir=""
++   if test "x${CAP_DIR}" != "x"; then
++      if test -d ${CAP_DIR}/lib; then
++      	 pbxlibdir="-L${CAP_DIR}/lib"
++      else
++      	 pbxlibdir="-L${CAP_DIR}"
++      fi
++   fi
++   { echo "$as_me:$LINENO: checking for cap_from_text in -lcap" >&5
++echo $ECHO_N "checking for cap_from_text in -lcap... $ECHO_C" >&6; }
++if test "${ac_cv_lib_cap_cap_from_text+set}" = set; then
++  echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++  ac_check_lib_save_LIBS=$LIBS
++LIBS="-lcap ${pbxlibdir}  $LIBS"
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h.  */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h.  */
++
++/* Override any GCC internal prototype to avoid an error.
++   Use char because int might match the return type of a GCC
++   builtin and then its argument prototype would still apply.  */
++#ifdef __cplusplus
++extern "C"
++#endif
++char cap_from_text ();
++int
++main ()
++{
++return cap_from_text ();
++  ;
++  return 0;
++}
++_ACEOF
++rm -f conftest.$ac_objext conftest$ac_exeext
++if { (ac_try="$ac_link"
++case "(($ac_try" in
++  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++  *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++  (eval "$ac_link") 2>conftest.er1
++  ac_status=$?
++  grep -v '^ *+' conftest.er1 >conftest.err
++  rm -f conftest.er1
++  cat conftest.err >&5
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); } && {
++	 test -z "$ac_c_werror_flag" ||
++	 test ! -s conftest.err
++       } && test -s conftest$ac_exeext &&
++       $as_test_x conftest$ac_exeext; then
++  ac_cv_lib_cap_cap_from_text=yes
++else
++  echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++	ac_cv_lib_cap_cap_from_text=no
++fi
++
++rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
++      conftest$ac_exeext conftest.$ac_ext
++LIBS=$ac_check_lib_save_LIBS
++fi
++{ echo "$as_me:$LINENO: result: $ac_cv_lib_cap_cap_from_text" >&5
++echo "${ECHO_T}$ac_cv_lib_cap_cap_from_text" >&6; }
++if test $ac_cv_lib_cap_cap_from_text = yes; then
++  AST_CAP_FOUND=yes
++else
++  AST_CAP_FOUND=no
++fi
++
++
++   if test "${AST_CAP_FOUND}" = "yes"; then
++      CAP_LIB="-lcap "
++      CAP_HEADER_FOUND="1"
++      if test "x${CAP_DIR}" != "x"; then
++         CAP_LIB="${pbxlibdir} ${CAP_LIB}"
++	 CAP_INCLUDE="-I${CAP_DIR}/include"
++	 saved_cppflags="${CPPFLAGS}"
++	 CPPFLAGS="${CPPFLAGS} -I${CAP_DIR}/include"
++	 if test "xsys/capability.h" != "x" ; then
++	    as_ac_Header=`echo "ac_cv_header_${CAP_DIR}/include/sys/capability.h" | $as_tr_sh`
++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
++  { echo "$as_me:$LINENO: checking for ${CAP_DIR}/include/sys/capability.h" >&5
++echo $ECHO_N "checking for ${CAP_DIR}/include/sys/capability.h... $ECHO_C" >&6; }
++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
++  echo $ECHO_N "(cached) $ECHO_C" >&6
++fi
++ac_res=`eval echo '${'$as_ac_Header'}'`
++	       { echo "$as_me:$LINENO: result: $ac_res" >&5
++echo "${ECHO_T}$ac_res" >&6; }
++else
++  # Is the header compilable?
++{ echo "$as_me:$LINENO: checking ${CAP_DIR}/include/sys/capability.h usability" >&5
++echo $ECHO_N "checking ${CAP_DIR}/include/sys/capability.h usability... $ECHO_C" >&6; }
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h.  */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h.  */
++$ac_includes_default
++#include <${CAP_DIR}/include/sys/capability.h>
++_ACEOF
++rm -f conftest.$ac_objext
++if { (ac_try="$ac_compile"
++case "(($ac_try" in
++  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++  *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++  (eval "$ac_compile") 2>conftest.er1
++  ac_status=$?
++  grep -v '^ *+' conftest.er1 >conftest.err
++  rm -f conftest.er1
++  cat conftest.err >&5
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); } && {
++	 test -z "$ac_c_werror_flag" ||
++	 test ! -s conftest.err
++       } && test -s conftest.$ac_objext; then
++  ac_header_compiler=yes
++else
++  echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++	ac_header_compiler=no
++fi
++
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
++echo "${ECHO_T}$ac_header_compiler" >&6; }
++
++# Is the header present?
++{ echo "$as_me:$LINENO: checking ${CAP_DIR}/include/sys/capability.h presence" >&5
++echo $ECHO_N "checking ${CAP_DIR}/include/sys/capability.h presence... $ECHO_C" >&6; }
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h.  */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h.  */
++#include <${CAP_DIR}/include/sys/capability.h>
++_ACEOF
++if { (ac_try="$ac_cpp conftest.$ac_ext"
++case "(($ac_try" in
++  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++  *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
++  ac_status=$?
++  grep -v '^ *+' conftest.er1 >conftest.err
++  rm -f conftest.er1
++  cat conftest.err >&5
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); } >/dev/null && {
++	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
++	 test ! -s conftest.err
++       }; then
++  ac_header_preproc=yes
++else
++  echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++  ac_header_preproc=no
++fi
++
++rm -f conftest.err conftest.$ac_ext
++{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
++echo "${ECHO_T}$ac_header_preproc" >&6; }
++
++# So?  What about this header?
++case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
++  yes:no: )
++    { echo "$as_me:$LINENO: WARNING: ${CAP_DIR}/include/sys/capability.h: accepted by the compiler, rejected by the preprocessor!" >&5
++echo "$as_me: WARNING: ${CAP_DIR}/include/sys/capability.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
++    { echo "$as_me:$LINENO: WARNING: ${CAP_DIR}/include/sys/capability.h: proceeding with the compiler's result" >&5
++echo "$as_me: WARNING: ${CAP_DIR}/include/sys/capability.h: proceeding with the compiler's result" >&2;}
++    ac_header_preproc=yes
++    ;;
++  no:yes:* )
++    { echo "$as_me:$LINENO: WARNING: ${CAP_DIR}/include/sys/capability.h: present but cannot be compiled" >&5
++echo "$as_me: WARNING: ${CAP_DIR}/include/sys/capability.h: present but cannot be compiled" >&2;}
++    { echo "$as_me:$LINENO: WARNING: ${CAP_DIR}/include/sys/capability.h:     check for missing prerequisite headers?" >&5
++echo "$as_me: WARNING: ${CAP_DIR}/include/sys/capability.h:     check for missing prerequisite headers?" >&2;}
++    { echo "$as_me:$LINENO: WARNING: ${CAP_DIR}/include/sys/capability.h: see the Autoconf documentation" >&5
++echo "$as_me: WARNING: ${CAP_DIR}/include/sys/capability.h: see the Autoconf documentation" >&2;}
++    { echo "$as_me:$LINENO: WARNING: ${CAP_DIR}/include/sys/capability.h:     section \"Present But Cannot Be Compiled\"" >&5
++echo "$as_me: WARNING: ${CAP_DIR}/include/sys/capability.h:     section \"Present But Cannot Be Compiled\"" >&2;}
++    { echo "$as_me:$LINENO: WARNING: ${CAP_DIR}/include/sys/capability.h: proceeding with the preprocessor's result" >&5
++echo "$as_me: WARNING: ${CAP_DIR}/include/sys/capability.h: proceeding with the preprocessor's result" >&2;}
++    { echo "$as_me:$LINENO: WARNING: ${CAP_DIR}/include/sys/capability.h: in the future, the compiler will take precedence" >&5
++echo "$as_me: WARNING: ${CAP_DIR}/include/sys/capability.h: in the future, the compiler will take precedence" >&2;}
++    ( cat <<\_ASBOX
++## ------------------------------- ##
++## Report this to www.asterisk.org ##
++## ------------------------------- ##
++_ASBOX
++     ) | sed "s/^/$as_me: WARNING:     /" >&2
++    ;;
++esac
++{ echo "$as_me:$LINENO: checking for ${CAP_DIR}/include/sys/capability.h" >&5
++echo $ECHO_N "checking for ${CAP_DIR}/include/sys/capability.h... $ECHO_C" >&6; }
++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
++  echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++  eval "$as_ac_Header=\$ac_header_preproc"
++fi
++ac_res=`eval echo '${'$as_ac_Header'}'`
++	       { echo "$as_me:$LINENO: result: $ac_res" >&5
++echo "${ECHO_T}$ac_res" >&6; }
++
++fi
++if test `eval echo '${'$as_ac_Header'}'` = yes; then
++  CAP_HEADER_FOUND=1
++else
++  CAP_HEADER_FOUND=0
++fi
++
++
++	 fi
++	 CPPFLAGS="${saved_cppflags}"
++      else
++	 if test "xsys/capability.h" != "x" ; then
++            if test "${ac_cv_header_sys_capability_h+set}" = set; then
++  { echo "$as_me:$LINENO: checking for sys/capability.h" >&5
++echo $ECHO_N "checking for sys/capability.h... $ECHO_C" >&6; }
++if test "${ac_cv_header_sys_capability_h+set}" = set; then
++  echo $ECHO_N "(cached) $ECHO_C" >&6
++fi
++{ echo "$as_me:$LINENO: result: $ac_cv_header_sys_capability_h" >&5
++echo "${ECHO_T}$ac_cv_header_sys_capability_h" >&6; }
++else
++  # Is the header compilable?
++{ echo "$as_me:$LINENO: checking sys/capability.h usability" >&5
++echo $ECHO_N "checking sys/capability.h usability... $ECHO_C" >&6; }
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h.  */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h.  */
++$ac_includes_default
++#include <sys/capability.h>
++_ACEOF
++rm -f conftest.$ac_objext
++if { (ac_try="$ac_compile"
++case "(($ac_try" in
++  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++  *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++  (eval "$ac_compile") 2>conftest.er1
++  ac_status=$?
++  grep -v '^ *+' conftest.er1 >conftest.err
++  rm -f conftest.er1
++  cat conftest.err >&5
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); } && {
++	 test -z "$ac_c_werror_flag" ||
++	 test ! -s conftest.err
++       } && test -s conftest.$ac_objext; then
++  ac_header_compiler=yes
++else
++  echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++	ac_header_compiler=no
++fi
++
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
++echo "${ECHO_T}$ac_header_compiler" >&6; }
++
++# Is the header present?
++{ echo "$as_me:$LINENO: checking sys/capability.h presence" >&5
++echo $ECHO_N "checking sys/capability.h presence... $ECHO_C" >&6; }
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h.  */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h.  */
++#include <sys/capability.h>
++_ACEOF
++if { (ac_try="$ac_cpp conftest.$ac_ext"
++case "(($ac_try" in
++  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++  *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
++  ac_status=$?
++  grep -v '^ *+' conftest.er1 >conftest.err
++  rm -f conftest.er1
++  cat conftest.err >&5
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); } >/dev/null && {
++	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
++	 test ! -s conftest.err
++       }; then
++  ac_header_preproc=yes
++else
++  echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++  ac_header_preproc=no
++fi
++
++rm -f conftest.err conftest.$ac_ext
++{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
++echo "${ECHO_T}$ac_header_preproc" >&6; }
++
++# So?  What about this header?
++case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
++  yes:no: )
++    { echo "$as_me:$LINENO: WARNING: sys/capability.h: accepted by the compiler, rejected by the preprocessor!" >&5
++echo "$as_me: WARNING: sys/capability.h: accepted by the compiler, rejected by the preprocessor!" >&2;}
++    { echo "$as_me:$LINENO: WARNING: sys/capability.h: proceeding with the compiler's result" >&5
++echo "$as_me: WARNING: sys/capability.h: proceeding with the compiler's result" >&2;}
++    ac_header_preproc=yes
++    ;;
++  no:yes:* )
++    { echo "$as_me:$LINENO: WARNING: sys/capability.h: present but cannot be compiled" >&5
++echo "$as_me: WARNING: sys/capability.h: present but cannot be compiled" >&2;}
++    { echo "$as_me:$LINENO: WARNING: sys/capability.h:     check for missing prerequisite headers?" >&5
++echo "$as_me: WARNING: sys/capability.h:     check for missing prerequisite headers?" >&2;}
++    { echo "$as_me:$LINENO: WARNING: sys/capability.h: see the Autoconf documentation" >&5
++echo "$as_me: WARNING: sys/capability.h: see the Autoconf documentation" >&2;}
++    { echo "$as_me:$LINENO: WARNING: sys/capability.h:     section \"Present But Cannot Be Compiled\"" >&5
++echo "$as_me: WARNING: sys/capability.h:     section \"Present But Cannot Be Compiled\"" >&2;}
++    { echo "$as_me:$LINENO: WARNING: sys/capability.h: proceeding with the preprocessor's result" >&5
++echo "$as_me: WARNING: sys/capability.h: proceeding with the preprocessor's result" >&2;}
++    { echo "$as_me:$LINENO: WARNING: sys/capability.h: in the future, the compiler will take precedence" >&5
++echo "$as_me: WARNING: sys/capability.h: in the future, the compiler will take precedence" >&2;}
++    ( cat <<\_ASBOX
++## ------------------------------- ##
++## Report this to www.asterisk.org ##
++## ------------------------------- ##
++_ASBOX
++     ) | sed "s/^/$as_me: WARNING:     /" >&2
++    ;;
++esac
++{ echo "$as_me:$LINENO: checking for sys/capability.h" >&5
++echo $ECHO_N "checking for sys/capability.h... $ECHO_C" >&6; }
++if test "${ac_cv_header_sys_capability_h+set}" = set; then
++  echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++  ac_cv_header_sys_capability_h=$ac_header_preproc
++fi
++{ echo "$as_me:$LINENO: result: $ac_cv_header_sys_capability_h" >&5
++echo "${ECHO_T}$ac_cv_header_sys_capability_h" >&6; }
++
++fi
++if test $ac_cv_header_sys_capability_h = yes; then
++  CAP_HEADER_FOUND=1
++else
++  CAP_HEADER_FOUND=0
++fi
++
++
++	 fi
++      fi
++      if test "x${CAP_HEADER_FOUND}" = "x0" ; then
++         if test -n "${CAP_MANDATORY}" ;
++         then
++            { echo "$as_me:$LINENO: ***" >&5
++echo "$as_me: ***" >&6;}
++            { echo "$as_me:$LINENO: *** It appears that you do not have the cap development package installed." >&5
++echo "$as_me: *** It appears that you do not have the cap development package installed." >&6;}
++            { echo "$as_me:$LINENO: *** Please install it to include ${CAP_DESCRIP} support, or re-run configure" >&5
++echo "$as_me: *** Please install it to include ${CAP_DESCRIP} support, or re-run configure" >&6;}
++            { echo "$as_me:$LINENO: *** without explicitly specifying --with-${CAP_OPTION}" >&5
++echo "$as_me: *** without explicitly specifying --with-${CAP_OPTION}" >&6;}
++            exit 1
++         fi
++         CAP_LIB=""
++         CAP_INCLUDE=""
++         PBX_CAP=0
++      else
++         PBX_CAP=1
++
++cat >>confdefs.h <<_ACEOF
++#define HAVE_CAP 1
++_ACEOF
++
++      fi
++   elif test -n "${CAP_MANDATORY}";
++   then
++      { echo "$as_me:$LINENO: ***" >&5
++echo "$as_me: ***" >&6;}
++      { echo "$as_me:$LINENO: *** The ${CAP_DESCRIP} installation on this system appears to be broken." >&5
++echo "$as_me: *** The ${CAP_DESCRIP} installation on this system appears to be broken." >&6;}
++      { echo "$as_me:$LINENO: *** Either correct the installation, or run configure" >&5
++echo "$as_me: *** Either correct the installation, or run configure" >&6;}
++      { echo "$as_me:$LINENO: *** without explicitly specifying --with-${CAP_OPTION}" >&5
++echo "$as_me: *** without explicitly specifying --with-${CAP_OPTION}" >&6;}
++      exit 1
++   fi
++fi
++
++fi
++
+ GSM_INTERNAL="yes"
+ 
+ GSM_SYSTEM="yes"
+@@ -33705,6 +34149,10 @@ CURL_LIB!$CURL_LIB$ac_delim
+ CURL_INCLUDE!$CURL_INCLUDE$ac_delim
+ CURL_DIR!$CURL_DIR$ac_delim
+ PBX_CURL!$PBX_CURL$ac_delim
++CAP_LIB!$CAP_LIB$ac_delim
++CAP_INCLUDE!$CAP_INCLUDE$ac_delim
++CAP_DIR!$CAP_DIR$ac_delim
++PBX_CAP!$PBX_CAP$ac_delim
+ CURSES_LIB!$CURSES_LIB$ac_delim
+ CURSES_INCLUDE!$CURSES_INCLUDE$ac_delim
+ CURSES_DIR!$CURSES_DIR$ac_delim
+@@ -33790,10 +34238,6 @@ PWLIB_INCLUDE!$PWLIB_INCLUDE$ac_delim
+ PWLIB_DIR!$PWLIB_DIR$ac_delim
+ PBX_PWLIB!$PBX_PWLIB$ac_delim
+ OPENH323_LIB!$OPENH323_LIB$ac_delim
+-OPENH323_INCLUDE!$OPENH323_INCLUDE$ac_delim
+-OPENH323_DIR!$OPENH323_DIR$ac_delim
+-PBX_OPENH323!$PBX_OPENH323$ac_delim
+-QT_LIB!$QT_LIB$ac_delim
+ _ACEOF
+ 
+   if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
+@@ -33835,6 +34279,10 @@ _ACEOF
+ ac_delim='%!_!# '
+ for ac_last_try in false false false false false :; do
+   cat >conf$$subs.sed <<_ACEOF
++OPENH323_INCLUDE!$OPENH323_INCLUDE$ac_delim
++OPENH323_DIR!$OPENH323_DIR$ac_delim
++PBX_OPENH323!$PBX_OPENH323$ac_delim
++QT_LIB!$QT_LIB$ac_delim
+ QT_INCLUDE!$QT_INCLUDE$ac_delim
+ QT_DIR!$QT_DIR$ac_delim
+ PBX_QT!$PBX_QT$ac_delim
+@@ -33928,12 +34376,53 @@ GTK_LIB!$GTK_LIB$ac_delim
+ PKGCONFIG!$PKGCONFIG$ac_delim
+ PBX_GTK2!$PBX_GTK2$ac_delim
+ GTK2_INCLUDE!$GTK2_INCLUDE$ac_delim
++_ACEOF
++
++  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
++    break
++  elif $ac_last_try; then
++    { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
++echo "$as_me: error: could not make $CONFIG_STATUS" >&2;}
++   { (exit 1); exit 1; }; }
++  else
++    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
++  fi
++done
++
++ac_eof=`sed -n '/^CEOF[0-9]*$/s/CEOF/0/p' conf$$subs.sed`
++if test -n "$ac_eof"; then
++  ac_eof=`echo "$ac_eof" | sort -nru | sed 1q`
++  ac_eof=`expr $ac_eof + 1`
++fi
++
++cat >>$CONFIG_STATUS <<_ACEOF
++cat >"\$tmp/subs-3.sed" <<\CEOF$ac_eof
++/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
++_ACEOF
++sed '
++s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
++s/^/s,@/; s/!/@,|#_!!_#|/
++:n
++t n
++s/'"$ac_delim"'$/,g/; t
++s/$/\\/; p
++N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g; b n
++' >>$CONFIG_STATUS <conf$$subs.sed
++rm -f conf$$subs.sed
++cat >>$CONFIG_STATUS <<_ACEOF
++CEOF$ac_eof
++_ACEOF
++
++
++ac_delim='%!_!# '
++for ac_last_try in false false false false false :; do
++  cat >conf$$subs.sed <<_ACEOF
+ GTK2_LIB!$GTK2_LIB$ac_delim
+ CURL_CONFIG!$CURL_CONFIG$ac_delim
+ LTLIBOBJS!$LTLIBOBJS$ac_delim
+ _ACEOF
+ 
+-  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 96; then
++  if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 3; then
+     break
+   elif $ac_last_try; then
+     { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
+@@ -33951,8 +34440,8 @@ if test -n "$ac_eof"; then
+ fi
+ 
+ cat >>$CONFIG_STATUS <<_ACEOF
+-cat >"\$tmp/subs-3.sed" <<\CEOF$ac_eof
+-/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
++cat >"\$tmp/subs-4.sed" <<\CEOF$ac_eof
++/@[a-zA-Z_][a-zA-Z_0-9]*@/!b end
+ _ACEOF
+ sed '
+ s/[,\\&]/\\&/g; s/@/@|#_!!_#|/g
+@@ -33965,6 +34454,8 @@ N; s/^.*\n//; s/[,\\&]/\\&/g; s/@/@|#_!!
+ ' >>$CONFIG_STATUS <conf$$subs.sed
+ rm -f conf$$subs.sed
+ cat >>$CONFIG_STATUS <<_ACEOF
++:end
++s/|#_!!_#|//g
+ CEOF$ac_eof
+ _ACEOF
+ 
+@@ -34212,7 +34703,7 @@ s&@abs_builddir@&$ac_abs_builddir&;t t
+ s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+ s&@INSTALL@&$ac_INSTALL&;t t
+ $ac_datarootdir_hack
+-" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" | sed -f "$tmp/subs-3.sed" | sed 's/|#_!!_#|//g' >$tmp/out
++" $ac_file_inputs | sed -f "$tmp/subs-1.sed" | sed -f "$tmp/subs-2.sed" | sed -f "$tmp/subs-3.sed" | sed -f "$tmp/subs-4.sed" >$tmp/out
+ 
+ test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+   { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+--- asterisk-1.4.12~dfsg.orig/configure.ac
++++ asterisk-1.4.12~dfsg/configure.ac
+@@ -172,6 +172,7 @@ AC_SUBST(AST_DEVMODE)
+ 
+ AST_EXT_LIB_SETUP([ALSA], [Advanced Linux Sound Architecture], [asound])
+ AST_EXT_LIB_SETUP([CURL], [cURL], [curl])
++AST_EXT_LIB_SETUP([CAP], [POSIX 1.e capabilities], [cap])
+ AST_EXT_LIB_SETUP([CURSES], [curses], [curses])
+ AST_EXT_LIB_SETUP([GNUTLS], [GNU TLS support (used for iksemel only)], [gnutls])
+ AST_EXT_LIB_SETUP([GSM], [GSM], [gsm], [, or 'internal'])
+@@ -396,6 +397,10 @@ AST_EXT_LIB_CHECK([ALSA], [asound], [snd
+ 
+ AST_EXT_LIB_CHECK([CURSES], [curses], [initscr], [curses.h])
+ 
++if test "x${host_os}" = "xlinux-gnu" ; then
++  AST_EXT_LIB_CHECK([CAP], [cap], [cap_from_text], [sys/capability.h])
++fi
++
+ GSM_INTERNAL="yes"
+ AC_SUBST(GSM_INTERNAL)
+ GSM_SYSTEM="yes"
+--- asterisk-1.4.12~dfsg.orig/doc/security.txt
++++ asterisk-1.4.12~dfsg/doc/security.txt
+@@ -28,6 +28,13 @@ The IAX2 protocol supports strong RSA ke
+ AES encryption of voice and signalling. The SIP channel does not
+ support encryption in this version of Asterisk.
+ 
++By default, if you have libcap available, Asterisk will try to retain the
++CAP_NET_ADMIN capability when running as a non-root user. If you do not need
++that capability you may want to configure Asterisk with --without-cap; however,
++this will prevent Asterisk from being able to mark high ToS bits under Linux.
++More information on CAP_NET_ADMIN is available at:
++http://www.lids.org/lids-howto/node48.html
++
+ * DIALPLAN SECURITY
+ 
+ First and foremost remember this:
+--- asterisk-1.4.12~dfsg.orig/main/asterisk.c
++++ asterisk-1.4.12~dfsg/main/asterisk.c
+@@ -82,13 +82,12 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revisi
+ #include <sys/stat.h>
+ #ifdef linux
+ #include <sys/prctl.h>
+-#endif
++#ifdef HAVE_CAP
++#include <sys/capability.h>
++#endif /* HAVE_CAP */
++#endif /* linux */
+ #include <regex.h>
+ 
+-#ifdef linux
+-#include <sys/prctl.h>
+-#endif
+-
+ #if  defined(__FreeBSD__) || defined( __NetBSD__ ) || defined(SOLARIS)
+ #include <netdb.h>
+ #if defined(SOLARIS)
+@@ -2727,12 +2726,21 @@ int main(int argc, char *argv[])
+ 	}
+ 
+ 	if (!is_child_of_nonroot && runuser) {
++#ifdef HAVE_CAP
++		int has_cap = 1;
++#endif /* HAVE_CAP */
+ 		struct passwd *pw;
+ 		pw = getpwnam(runuser);
+ 		if (!pw) {
+ 			ast_log(LOG_WARNING, "No such user '%s'!\n", runuser);
+ 			exit(1);
+ 		}
++#ifdef HAVE_CAP
++		if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0)) {
++			ast_log(LOG_WARNING, "Unable to keep capabilities.\n");
++			has_cap = 0;
++		}
++#endif /* HAVE_CAP */
+ 		if (!rungroup) {
+ 			if (setgid(pw->pw_gid)) {
+ 				ast_log(LOG_WARNING, "Unable to setgid to %d!\n", (int)pw->pw_gid);
+@@ -2750,6 +2758,19 @@ int main(int argc, char *argv[])
+ 		setenv("ASTERISK_ALREADY_NONROOT", "yes", 1);
+ 		if (option_verbose)
+ 			ast_verbose("Running as user '%s'\n", runuser);
++#ifdef HAVE_CAP
++		if (has_cap) {
++			cap_t cap;
++
++			cap = cap_from_text("cap_net_admin=ep");
++
++			if (cap_set_proc(cap))
++				ast_log(LOG_WARNING, "Unable to install capabilities.\n");
++
++			if (cap_free(cap))
++				ast_log(LOG_WARNING, "Unable to drop capabilities.\n");
++		}
++#endif /* HAVE_CAP */
+ 	}
+ 
+ #endif /* __CYGWIN__ */
+--- asterisk-1.4.12~dfsg.orig/main/Makefile
++++ asterisk-1.4.12~dfsg/main/Makefile
+@@ -55,6 +55,9 @@ ifneq ($(findstring $(OSARCH), linux-gnu
+   ifneq ($(findstring LOADABLE_MODULES,$(MENUSELECT_CFLAGS)),)
+   AST_LIBS+=-ldl
+   endif
++  ifneq (x$(CAP_LIB),x)
++    AST_LIBS+=$(CAP_LIB)
++  endif
+   AST_LIBS+=-lpthread $(EDITLINE_LIB) -lm -lresolv
+ else
+   AST_LIBS+=$(EDITLINE_LIB) -lm
+--- asterisk-1.4.12~dfsg.orig/makeopts.in
++++ asterisk-1.4.12~dfsg/makeopts.in
+@@ -178,6 +178,9 @@ MISDN_LIB=@MISDN_LIB@
+ SUPPSERV_INCLUDE=@SUPPSERV_INCLUDE@
+ SUPPSERV_LIB=@SUPPSERV_LIB@
+ 
++CAP_LIB=@CAP_LIB@
++CAP_INCLUDE=@CAP_INCLUDE@
++
+ TERMCAP_INCLUDE=@TERMCAP_INCLUDE@
+ TERMCAP_LIB=@TERMCAP_LIB@
+ TERMCAP_DIR=@TERMCAP_DIR@

Modified: asterisk/trunk/debian/rules
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/trunk/debian/rules?rev=4667&op=diff
==============================================================================
--- asterisk/trunk/debian/rules (original)
+++ asterisk/trunk/debian/rules Fri Oct  5 05:13:05 2007
@@ -73,6 +73,7 @@
 		--prefix=/usr \
 		--mandir=\$${prefix}/share/man \
 		--infodir=\$${prefix}/share/info \
+		--with-cap \
 		--with-gsm \
 		--with-pwlib=/usr/share/pwlib/include/ \
 		--with-h323=/usr/share/openh323/ 




More information about the Pkg-voip-commits mailing list