Merge branch 'master' into PR288

coturn · Jan 7, 2021 · 05ecf28 · 05ecf28
2 parents 40b39e2 + 5b13fdd
commit 05ecf28
Show file tree

Hide file tree

Showing 38 changed files with 1,095 additions and 644 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -66,11 +66,46 @@ matrix:
         - libhiredis-dev
   - os: osx
     osx_image: xcode11.3
-  - os: osx
-    osx_image: xcode11.6
+ # - os: osx
+ #   osx_image: xcode11.6
   - os: osx
     osx_image: xcode12
-
+  - os: linux
+    arch: ppc64le
+    dist: xenial
+    sudo: required
+    addons:
+      apt:
+        packages:
+        - mysql-client
+        - debhelper
+        - dpkg-dev
+        - libssl-dev
+        - libevent-dev
+        - sqlite3
+        - libsqlite3-dev
+        - postgresql-client
+        - libpq-dev
+        - libmysqlclient-dev
+        - libhiredis-dev
+  - os: linux
+    arch: ppc64le
+    dist: bionic
+    sudo: required
+    addons:
+      apt:
+        packages:
+        - mysql-client
+        - debhelper
+        - dpkg-dev
+        - libssl-dev
+        - libevent-dev
+        - sqlite3
+        - libsqlite3-dev
+        - postgresql-client
+        - libpq-dev
+        - libmysqlclient-dev
+        - libhiredis-dev
 
 notifications:
   slack:

diff --git a/ChangeLog b/ChangeLog
@@ -1,8 +1,37 @@
 24/06/2020 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
 Version 4.5.2 'dan Eider':
 	- fix null pointer dereference in case of out of memory. (thanks to Thomas Moeller for the report)
-    - merge PR #517 (by wolmi)
+	- merge PR #517 (by wolmi)
 		* add prometheus metrics
+	- merge PR #637 (by David Florness)
+	    * Delete trailing whitespace in example configuration files
+	- merge PR #631 (by Debabrata Deka)
+	    * Add architecture ppc64le to travis build
+	- merge PR #627 (by Samuel)
+		* Fix misleading option in doc (prometheus)
+	- merge PR #643 (by tupelo-schneck)
+		* Allow RFC6062 TCP relay data to look like TLS
+	- merge PR #655 (by plinss)
+		* Add support for proxy protocol V1 
+	- merge PR #618 (by Paul Wayper)
+		* Print full date and time in logs
+		* Add new options: "new-log-timestamp" and "new-log-timestamp-format"
+	- merge PR #599 (by Cédric Krier)
+		* Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL
+	- update Docker mongoDB and fix with workaround the missing systemctl
+	- merge PR #660 (by Camden Narzt)
+		* fix compilation on macOS Big Sur
+	- merge PR #546 (by jelmd)
+		* Add ACME redirect url
+	- merge PR #551 (by jelmd)
+		* support of --acme-redirect <URL>
+	- merge PR #672 further acme fixes (by jemld)
+		* fix acme security, redundancy, consistency
+	- Disable binding request logging to avoid DoS attacks. (Breaking change!)
+		* Add new --log-binding option to enable binding request logging
+	- Fix stale-nonce documentation. Resolves #604
+	- Version number is changed to semver 2.0
+
 24/06/2020 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
 Version 4.5.1.3 'dan Eider':
 	- merge PR #575: (by osterik)

diff --git a/Makefile.in b/Makefile.in
@@ -21,7 +21,7 @@ COMMON_MODS = src/apps/common/apputils.c src/apps/common/ns_turn_utils.c src/app
 COMMON_DEPS = ${LIBCLIENTTURN_DEPS} ${COMMON_MODS} ${COMMON_HEADERS}
 
 IMPL_HEADERS = src/apps/relay/ns_ioalib_impl.h src/apps/relay/ns_sm.h src/apps/relay/turn_ports.h
-IMPL_MODS = src/apps/relay/ns_ioalib_engine_impl.c src/apps/relay/turn_ports.c src/apps/relay/http_server.c
+IMPL_MODS = src/apps/relay/ns_ioalib_engine_impl.c src/apps/relay/turn_ports.c src/apps/relay/http_server.c src/apps/relay/acme.c
 IMPL_DEPS = ${COMMON_DEPS} ${IMPL_HEADERS} ${IMPL_MODS}
 
 HIREDIS_HEADERS = src/apps/common/hiredis_libevent2.h

diff --git a/README.md b/README.md
@@ -121,7 +121,8 @@ Contact information:
 
 https://groups.google.com/forum/#!forum/turn-server-project-rfc5766-turn-server
 
-email:mom040267@gmail.com
+email:misi@majd.eu
+      mom040267@gmail.com
 
 ### Feedback is very welcome (bugs, issues, suggestions, stories, questions). ###
 

diff --git a/README.turnadmin b/README.turnadmin
@@ -271,4 +271,8 @@ to see the man page.
 
 	Bradley T. Hughes <bradleythughes@fastmail.fm>
 
-        Mihaly Meszaros <misi@majd.eu>
+	Mihály Mészáros <misi@majd.eu>
+
+  ACTIVE MAINTAINERS
+
+	Mihály Mészáros <misi@majd.eu>
diff --git a/README.turnserver b/README.turnserver
@@ -225,6 +225,12 @@ Flags:
 			name will be constructed as-is, without PID and date appendage.
 			This option can be used, for example, together with the logrotate tool.
 
+--new-log-timestamp				Enable full ISO-8601 timestamp in all logs.
+
+--new-log-timestamp-format    	<format>	Set timestamp format (in strftime(1) format)
+
+--log-binding					Log STUN binding request. It is now disabled by default to avoid DoS attacks.
+
 --secure-stun		Require authentication of the STUN Binding request.
 			By default, the clients are allowed anonymous access to the STUN Binding functionality.
 
@@ -265,8 +271,8 @@ Flags:
 			check: across the session, all requests must have the same
 			main ORIGIN attribute value (if the ORIGIN was
 			initially used by the session).
- --no-prometheus	Disable prometheus metrics. By default it is
-			enabled and listening on port 9641 unther the path /metrics
+ --prometheus		Enable prometheus metrics. By default it is
+			disabled. Would listen on port 9641 unther the path /metrics
 			also the path / on this port can be used as a health check
 
 -h			Help.
@@ -275,6 +281,7 @@ Options with values:
 
 --stale-nonce[=<value>]		Use extra security with nonce value having
 							limited lifetime, in seconds (default 600 secs).
+							Set it to 0 for unlimited nonce lifetime.
 
 --max-allocate-lifetime		Set the maximum value for the allocation lifetime.
 							Default to 3600 secs.
@@ -543,6 +550,12 @@ Options with values:
 			Default is /var/run/turnserver.pid (if superuser account is used) or
 			/var/tmp/turnserver.pid .
 
+--acme-redirect  <URL>	Redirect ACME/RFC8555 (like Let's Encrypt challenge) requests, i.e.
+			HTTP GET requests matching '^/.well-known/acme-challenge/(.*)'
+			to <URL>$1 with $1 == (.*). No validation of <URL> will be done,
+			so make sure you do not forget the trailing slash. If <URL> is an empty
+			string (the default value), no special handling of such requests will be done.
+
 --proc-user		User name to run the process. After the initialization, the turnserver process
 			will make an attempt to change the current user ID to that user.
 
@@ -997,4 +1010,8 @@ https://groups.google.com/forum/?fromgroups=#!forum/turn-server-project-rfc5766-
 
 	Bradley T. Hughes <bradleythughes@fastmail.fm>
 
-        Mihaly Meszaros <misi@majd.eu>
+    Mihály Mészáros <misi@majd.eu>
+
+  ACTIVE MAINTAINERS
+
+	Mihály Mészáros <misi@majd.eu>
diff --git a/README.turnutils b/README.turnutils
@@ -474,4 +474,8 @@ SEE ALSO
 
 	Bradley T. Hughes <bradleythughes@fastmail.fm>
 
-        Mihaly Meszaros <misi@majd.eu>
+	Mihály Mészáros <misi@majd.eu>
+
+  ACTIVE MAINTAINERS
+
+	Mihály Mészáros <misi@majd.eu>
diff --git a/configure b/configure
@@ -423,6 +423,17 @@ if [ "${SYSTEM}" = "NetBSD" ] ; then
 	fi
 fi
 
+# If acme_redirect does not work, send_data_from_ioa_socket_nbh() probably
+# does not work. Set LIBEV_OK=1 to use a workaround for it.
+if [ -z "${LIBEV_OK}" ]; then
+	LIBEV_OK=1
+	if [ "${SYSTEM}" = "Linux" ]; then
+		OS=$( lsb_release -si 2>/dev/null )
+		[ "${OS}" = "Ubuntu" ] && LIBEV_OK=0
+	fi
+fi
+[ "${LIBEV_OK}" = "1" ] && OSCFLAGS="${OSCFLAGS} -DLIBEV_OK"
+
 ###########################
 # Install shell commands
 ###########################

diff --git a/docker/coturn/Dockerfile b/docker/coturn/Dockerfile
@@ -13,7 +13,7 @@ WORKDIR ${BUILD_PREFIX}
 RUN git clone https://github.com/coturn/coturn.git
 
 # Build Coturn
-WORKDIR coturn
+WORKDIR ${BUILD_PREFIX}/coturn
 RUN ./configure
 RUN make
 
@@ -34,14 +34,17 @@ COPY --from=coturn-build ${BUILD_PREFIX}/coturn/turndb ${INSTALL_PREFIX}/turndb
 # Install lib dependencies
 RUN export DEBIAN_FRONTEND=noninteractive && \
 	apt-get update && \
-	apt-get install -y libc6>=2.15 libevent-core-2.1-6>=libevent-core-2.1-6 libevent-extra-2.1-6>=2.1.8-stable-4 libevent-openssl-2.1-6>=2.1.8-stable-4 libevent-pthreads-2.1-6>=2.1.8-stable-4 libhiredis0.14>=0.14.0 libmariadbclient-dev>=10.3.17 libpq5>=8.4~ libsqlite3-0>=3.6.0 libssl1.1>=1.1.0 libmongoc-1.0 libbson-1.0
+	apt-get install -y libc6 libevent-core-2.1-6 libevent-extra-2.1-6 libevent-openssl-2.1-6 libevent-pthreads-2.1-6 libhiredis0.14 libmariadbclient-dev libpq5 libsqlite3-0 libssl1.1 libmongoc-1.0-0 libbson-1.0-0
 RUN apt-get install -y default-mysql-client postgresql-client redis-tools
 
+# Workaround for MongoDB
+RUN ln -s /bin/echo /bin/systemctl
+
 # Install MongoDB
 RUN apt-get update && \
   apt-get install -y wget gnupg && \
-  wget -qO - https://www.mongodb.org/static/pgp/server-4.0.asc | apt-key add - && \
-  echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main" | tee /etc/apt/sources.list.d/mongodb-org-4.0.list && \
+  wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | apt-key add - && \
+  echo "deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.4 main" | tee /etc/apt/sources.list.d/mongodb-org-4.4.list && \
   echo "deb http://deb.debian.org/debian/ stretch main" | tee /etc/apt/sources.list.d/debian-stretch.list && \
   apt-get update && \
   apt-get install -y libcurl3 mongodb-org mongodb-org-server mongodb-org