New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net-libs/pjproject: Version 2.12.1 (security release). #21761
Conversation
Pull Request assignmentSubmitter: @jkroonza net-libs/pjproject: @jkroonza, @gentoo/proxy-maint Linked bugsBugs linked: 803614 In order to force reassignment and/or bug reference scan, please append Docs: Code of Conduct ● Copyright policy (expl.) ● Devmanual ● GitHub PRs ● Proxy-maint guide |
Pull request CI reportReport generated at: 2021-07-24 08:49 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't seem to be able build asterisk[pjproject] with this version (2.10 is fine)
/usr/lib/gcc/x86_64-pc-linux-gnu/11.1.0/../../../../x86_64-pc-linux-gnu/bin/ld: cannot find -lpjsua2
collect2: error: ld returned 1 exit status
make[1]: *** [/tmp/portage/net-misc/asterisk-18.5.1/work/asterisk-18.5.1/Makefile.rules:193: chan_pjsip.so] Error 1
And indeed there's no libpjsua2.so installed with 2.11, but it's there with 2.10.
Also (not a new issue, this could wait for another time):
* QA Notice: Files built without respecting LDFLAGS have been detected
* Please include the following list of files in your report:
* /usr/lib64/libg7221codec.so.2
* /usr/lib64/libilbccodec.so.2
* /usr/lib64/libwebrtc.so.2
* /usr/lib64/libyuv.so.2
Upstream parallel build issue I've not been able to track down. Reference https://bugs.gentoo.org/765799 I'm not convinced just using -j1 is any such case is the right fix as it's dependent on the way in which make resolves dependencies (tomorrow it could decide to build in a different order then the issue is back). Two (three) options:
|
The log snipplet I shown was from asterisk with USE=pjproject, not pjproject itself. pjproject built fine, but one library is missing causing asterisk to fail. |
i.e.
Where did libpjsua2.so go? If it breaks its only rdep there's probably not much sense in merging this as-is. |
I'm going to take this to draft, doesn't look like asterisk will currently compile with 2.11, I did however back-port the asterisk-affecting security patch to 2.10-r2 in 93f6d97. (After an initial round on -r1 which we should probably at this point remove) |
7dc78e5
to
2f8f8e7
Compare
Known problem:
Previously these were all just silent failure not working at all, so in my opinion still an improvement, need some sleep now though. |
Pull request CI reportReport generated at: 2022-06-09 20:55 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
Upstream release. Remove the need for custom patches (which is still required but no longer applies, instead, rely on ./configure detecting openssl, we do depend on it, and only --disable-ssl works, passing --enable-ssl also effectively disables ssl). Compile tested asterisk 13, 16 and 18 (in-tree versions) against this. Would appreciate a double-check on this one. One version from each is sufficient. Since the two libraries that were the target of parallel build failures are now one, I believe the parallel build issue is fixed too. Included patch for CVE-2022-31031 Closes: https://bugs.gentoo.org/833765 Closes: https://bugs.gentoo.org/817803 Closes: https://bugs.gentoo.org/808099 Closes: https://bugs.gentoo.org/834491 Bug: https://bugs.gentoo.org/803614 Bug: https://bugs.gentoo.org/765799 Bug: https://bugs.gentoo.org/829894 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Jaco Kroon <jaco@uls.co.za>
2f8f8e7
to
2fcce0e
Compare
Pull request CI reportReport generated at: 2022-06-09 21:16 UTC There are existing issues already. Please look into the report to make sure none of them affect the packages in question: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems to work now.
# Copyright 1999-2021 Gentoo Authors | ||
# Distributed under the terms of the GNU General Public License v2 | ||
|
||
EAPI=7 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
# Copyright 1999-2021 Gentoo Authors | |
# Distributed under the terms of the GNU General Public License v2 | |
EAPI=7 | |
# Copyright 1999-2022 Gentoo Authors | |
# Distributed under the terms of the GNU General Public License v2 | |
EAPI=8 |
Whilst I submitted version yesterday back-porting the security fixes,
and official release has now been made available, bump to it instead.
Bug: https://bugs.gentoo.org/803614
Package-Manager: Portage-3.0.20, Repoman-3.0.2
Signed-off-by: Jaco Kroon jaco@uls.co.za