[Pkg-voip-commits] [kamailio] 02/03: Add upstream patches

Victor Seva Lopez maniac-guest at moszumanska.debian.org
Wed Mar 26 20:38:10 UTC 2014 

This is an automated email from the git hooks/post-receive script.

maniac-guest pushed a commit to branch master
in repository kamailio.

commit 414c74331d8e48b076cd5a61a1713d4fc261308f
Author: Victor Seva <linuxmaniac at torreviejawireless.org>
Date:   Tue Mar 25 20:43:09 2014 +0100

    Add upstream patches
---
 debian/patches/series                              |   3 +
 ...rpc-xmlrpc-scalar-int-value-can-be-positi.patch |  26 ++++
 ...x-copy-paste-error-that-can-lead-to-a-cra.patch |  27 ++++
 ...port-for-Elliptic-Curve-Diffie-Hellman-Ci.patch | 149 +++++++++++++++++++++
 4 files changed, 205 insertions(+)

diff --git a/debian/patches/series b/debian/patches/series
index 097470b..55f8fe5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,6 @@
+upstream/0001-modules-xmlrpc-xmlrpc-scalar-int-value-can-be-positi.patch
+upstream/0010-xhttp_pi-fix-copy-paste-error-that-can-lead-to-a-cra.patch
+upstream/0011-tls-Add-support-for-Elliptic-Curve-Diffie-Hellman-Ci.patch
 no_lib64_on_64_bits.patch
 no_INSTALL_file.patch
 fix_export.patch
diff --git a/debian/patches/upstream/0001-modules-xmlrpc-xmlrpc-scalar-int-value-can-be-positi.patch b/debian/patches/upstream/0001-modules-xmlrpc-xmlrpc-scalar-int-value-can-be-positi.patch
new file mode 100644
index 0000000..50eb993
--- /dev/null
+++ b/debian/patches/upstream/0001-modules-xmlrpc-xmlrpc-scalar-int-value-can-be-positi.patch
@@ -0,0 +1,26 @@
+From 18376e35ebbc1ba82fcce78c4eaa7f7b04e00aa8 Mon Sep 17 00:00:00 2001
+From: Juha Heinanen <jh at tutpro.com>
+Date: Fri, 7 Mar 2014 23:54:05 +0200
+Subject: [PATCH] modules/xmlrpc: xmlrpc scalar <int> value can be positive or
+ negative (cherry picked from commit 67c2101fc60e4a963a6133f7a71f5faf510ca214)
+
+---
+ modules/xmlrpc/xmlrpc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/xmlrpc/xmlrpc.c b/modules/xmlrpc/xmlrpc.c
+index 4fa9b15..5522a8f 100644
+--- a/modules/xmlrpc/xmlrpc.c
++++ b/modules/xmlrpc/xmlrpc.c
+@@ -993,7 +993,7 @@ static int print_value(struct xmlrpc_reply* res,
+ 	case 'd':
+ 		prefix = int_prefix;
+ 		suffix = int_suffix;
+-		body.s = int2str(va_arg(*ap, int), &body.len);
++		body.s = sint2str(va_arg(*ap, int), &body.len);
+ 		break;
+ 
+ 	case 'f':
+-- 
+1.9.0
+
diff --git a/debian/patches/upstream/0010-xhttp_pi-fix-copy-paste-error-that-can-lead-to-a-cra.patch b/debian/patches/upstream/0010-xhttp_pi-fix-copy-paste-error-that-can-lead-to-a-cra.patch
new file mode 100644
index 0000000..3eb21c1
--- /dev/null
+++ b/debian/patches/upstream/0010-xhttp_pi-fix-copy-paste-error-that-can-lead-to-a-cra.patch
@@ -0,0 +1,27 @@
+From 6245e35a43d68e074064ded56333d7784478b8c2 Mon Sep 17 00:00:00 2001
+From: Ovidiu Sas <osas at voipembedded.com>
+Date: Wed, 19 Mar 2014 22:36:47 -0400
+Subject: [PATCH] xhttp_pi: fix copy/paste error that can lead to a crash when
+ 'order_by_cols' are used (cherry picked from commit
+ 216faa86af3d6db70fae9186ab2776efc27a5f55)
+
+---
+ modules/xhttp_pi/xhttp_pi_fnc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/modules/xhttp_pi/xhttp_pi_fnc.c b/modules/xhttp_pi/xhttp_pi_fnc.c
+index 761a277..71f6fbc 100644
+--- a/modules/xhttp_pi/xhttp_pi_fnc.c
++++ b/modules/xhttp_pi/xhttp_pi_fnc.c
+@@ -1357,7 +1357,7 @@ int ph_getCmds(ph_db_table_t *ph_db_tables, int ph_db_tables_size,
+ 								NULL,
+ 								&cmds->o_keys,
+ 								NULL,
+-								&cmds->q_vals,
++								NULL,
+ 								&cmds->o_keys_size,
+ 								cmd_cols)!=0)
+ 							return -1;
+-- 
+1.9.0
+
diff --git a/debian/patches/upstream/0011-tls-Add-support-for-Elliptic-Curve-Diffie-Hellman-Ci.patch b/debian/patches/upstream/0011-tls-Add-support-for-Elliptic-Curve-Diffie-Hellman-Ci.patch
new file mode 100644
index 0000000..6d375cd
--- /dev/null
+++ b/debian/patches/upstream/0011-tls-Add-support-for-Elliptic-Curve-Diffie-Hellman-Ci.patch
@@ -0,0 +1,149 @@
+From f8430785ec9c46b2535b2d29898853ee50cc76e0 Mon Sep 17 00:00:00 2001
+From: Carsten Bock <carsten at ng-voice.com>
+Date: Sat, 22 Mar 2014 15:30:27 +0100
+Subject: [PATCH] tls: Add support for Elliptic-Curve Diffie-Hellman Ciphers
+ (ECDH)
+
+---
+ modules/tls/tls_domain.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++
+ modules/tls/tls_mod.c    |  8 +++--
+ 2 files changed, 97 insertions(+), 2 deletions(-)
+
+diff --git a/modules/tls/tls_domain.c b/modules/tls/tls_domain.c
+index b832c63..a814818 100644
+--- a/modules/tls/tls_domain.c
++++ b/modules/tls/tls_domain.c
+@@ -42,6 +42,91 @@
+ #include "tls_domain.h"
+ #include "tls_cfg.h"
+ 
++/*
++ * ECDHE is enabled only on OpenSSL 1.0.0e and later.
++ * See http://www.openssl.org/news/secadv_20110906.txt
++ * for details.
++ */
++#ifndef OPENSSL_NO_ECDH
++static void setup_ecdh(SSL_CTX *ctx)
++{
++   EC_KEY *ecdh;
++
++   if (SSLeay() < 0x1000005fL) {
++      return;
++   }
++
++   ecdh = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
++   SSL_CTX_set_options(ctx, SSL_OP_SINGLE_ECDH_USE);
++   SSL_CTX_set_tmp_ecdh(ctx, ecdh);
++
++   EC_KEY_free(ecdh);
++}
++#endif
++
++#ifndef OPENSSL_NO_DH
++
++static unsigned char dh3072_p[] = {
++   0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xC9,0x0F,0xDA,0xA2,
++   0x21,0x68,0xC2,0x34,0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
++   0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,0x02,0x0B,0xBE,0xA6,
++   0x3B,0x13,0x9B,0x22,0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
++   0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,0x30,0x2B,0x0A,0x6D,
++   0xF2,0x5F,0x14,0x37,0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
++   0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,0xF4,0x4C,0x42,0xE9,
++   0xA6,0x37,0xED,0x6B,0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
++   0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,0xAE,0x9F,0x24,0x11,
++   0x7C,0x4B,0x1F,0xE6,0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
++   0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,0x98,0xDA,0x48,0x36,
++   0x1C,0x55,0xD3,0x9A,0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
++   0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,0x1C,0x62,0xF3,0x56,
++   0x20,0x85,0x52,0xBB,0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
++   0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,0xF1,0x74,0x6C,0x08,
++   0xCA,0x18,0x21,0x7C,0x32,0x90,0x5E,0x46,0x2E,0x36,0xCE,0x3B,
++   0xE3,0x9E,0x77,0x2C,0x18,0x0E,0x86,0x03,0x9B,0x27,0x83,0xA2,
++   0xEC,0x07,0xA2,0x8F,0xB5,0xC5,0x5D,0xF0,0x6F,0x4C,0x52,0xC9,
++   0xDE,0x2B,0xCB,0xF6,0x95,0x58,0x17,0x18,0x39,0x95,0x49,0x7C,
++   0xEA,0x95,0x6A,0xE5,0x15,0xD2,0x26,0x18,0x98,0xFA,0x05,0x10,
++   0x15,0x72,0x8E,0x5A,0x8A,0xAA,0xC4,0x2D,0xAD,0x33,0x17,0x0D,
++   0x04,0x50,0x7A,0x33,0xA8,0x55,0x21,0xAB,0xDF,0x1C,0xBA,0x64,
++   0xEC,0xFB,0x85,0x04,0x58,0xDB,0xEF,0x0A,0x8A,0xEA,0x71,0x57,
++   0x5D,0x06,0x0C,0x7D,0xB3,0x97,0x0F,0x85,0xA6,0xE1,0xE4,0xC7,
++   0xAB,0xF5,0xAE,0x8C,0xDB,0x09,0x33,0xD7,0x1E,0x8C,0x94,0xE0,
++   0x4A,0x25,0x61,0x9D,0xCE,0xE3,0xD2,0x26,0x1A,0xD2,0xEE,0x6B,
++   0xF1,0x2F,0xFA,0x06,0xD9,0x8A,0x08,0x64,0xD8,0x76,0x02,0x73,
++   0x3E,0xC8,0x6A,0x64,0x52,0x1F,0x2B,0x18,0x17,0x7B,0x20,0x0C,
++   0xBB,0xE1,0x17,0x57,0x7A,0x61,0x5D,0x6C,0x77,0x09,0x88,0xC0,
++   0xBA,0xD9,0x46,0xE2,0x08,0xE2,0x4F,0xA0,0x74,0xE5,0xAB,0x31,
++   0x43,0xDB,0x5B,0xFC,0xE0,0xFD,0x10,0x8E,0x4B,0x82,0xD1,0x20,
++   0xA9,0x3A,0xD2,0xCA,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
++
++};
++
++static unsigned char dh3072_g[] = { 0x02 };
++
++static void setup_dh(SSL_CTX *ctx)
++{
++   DH *dh;
++
++   dh = DH_new();
++   if (dh == NULL) {
++      return;
++   }
++
++   dh->p = BN_bin2bn(dh3072_p, sizeof(dh3072_p), NULL);
++   dh->g = BN_bin2bn(dh3072_g, sizeof(dh3072_g), NULL);
++   if (dh->p == NULL || dh->g == NULL) {
++      DH_free(dh);
++      return;
++   }
++
++   SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
++   SSL_CTX_set_tmp_dh(ctx, dh);
++
++   DH_free(dh);
++}
++#endif
++
+ 
+ /**
+  * @brief Create a new TLS domain structure
+@@ -543,6 +628,12 @@ static int set_cipher_list(tls_domain_t* d)
+ 					tls_domain_str(d), cipher_list);
+ 			return -1;
+ 		}
++#ifndef OPENSSL_NO_ECDH
++                setup_ecdh(d->ctx[i]);
++#endif
++#ifndef OPENSSL_NO_DH
++                setup_dh(d->ctx[i]);
++#endif
+ 	}
+ 	return 0;
+ }
+diff --git a/modules/tls/tls_mod.c b/modules/tls/tls_mod.c
+index b206bf6..c81a8e9 100644
+--- a/modules/tls/tls_mod.c
++++ b/modules/tls/tls_mod.c
+@@ -57,8 +57,6 @@
+ 	#error "conflict: CORE_TLS must _not_ be defined"
+ #endif
+ 
+-
+-
+ /*
+  * FIXME:
+  * - How do we ask for secret key password ? Mod_init is called after
+@@ -344,6 +342,12 @@ static int mod_init(void)
+ 	if (tls_check_sockets(*tls_domains_cfg) < 0)
+ 		goto error;
+ 
++#ifndef OPENSSL_NO_ECDH
++	LM_INFO("With ECDH-Support!\n");
++#endif
++#ifndef OPENSSL_NO_DH
++	LM_INFO("With Diffie Hellman\n");
++#endif
+ 	return 0;
+ error:
+ 	destroy_tls_h();
+-- 
+1.9.0
+

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/kamailio.git

More information about the Pkg-voip-commits mailing list