kumquat-buildroot/package/freeswitch/0001-fix-build-SWITCH_BYTE_ORDER-__BIG_ENDIAN.patch

From 68039d344d8e826e8b403c9cd0284fd07b4495ac Mon Sep 17 00:00:00 2001
From: Dragos Oancea <dragos@signalwire.com>
Date: Tue, 26 Oct 2021 08:42:58 +0000
Subject: [PATCH] [core] fix build SWITCH_BYTE_ORDER == __BIG_ENDIAN

Downloaded from upstream commit:
https://github.com/signalwire/freeswitch/commit/68039d344d8e826e8b403c9cd0284fd07b4495ac

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 src/switch_rtp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/switch_rtp.c b/src/switch_rtp.c
index 1880bbb19c..843ee81381 100644
--- a/src/switch_rtp.c
+++ b/src/switch_rtp.c
@@ -2155,7 +2155,7 @@ static void switch_send_rtcp_event(switch_rtp_t *rtp_session ,struct switch_rtcp
 				switch_event_add_header_string(event, SWITCH_STACK_BOTTOM, header, value);
 				snprintf(header, sizeof(header), "Source-Lost");
 #if SWITCH_BYTE_ORDER == __BIG_ENDIAN
-				tmpLost = report->lost; /* signed 24bit will extended signess to int32_t automatically */
+				tmpLost = rtcp_report_block->lost; /* signed 24bit will extended signess to int32_t automatically */
 #else
 				tmpLost = ntohl(rtcp_report_block->lost)>>8;
 				tmpLost = tmpLost | ((tmpLost & 0x00800000) ? 0xff000000 : 0x00000000); /* ...and signess compensation */
package/freeswitch: security bump version to 1.10.7 Fixes the following security issues: - CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid SRTP packets When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls can be terminated by remote attackers. This attack can be done continuously, thus denying encrypted calls during the attack. https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36 - CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default By default, SIP requests of the type SUBSCRIBE are not authenticated in the affected versions of FreeSWITCH. https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj - CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests, leading to spam and message spoofing By default, SIP requests of the type MESSAGE (RFC 3428) are not authenticated in the affected versions of FreeSWITCH. MESSAGE requests are relayed to SIP user agents registered with the FreeSWITCH server without requiring any authentication. Although this behaviour can be changed by setting the auth-messages parameter to true, it is not the default setting. https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3 - CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding When flooding FreeSWITCH with SIP messages, it was observed that after a number of seconds the process was killed by the operating system due to memory exhaustion https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m - CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways An attacker can perform a SIP digest leak attack against FreeSWITCH and receive the challenge response of a gateway configured on the FreeSWITCH server. This is done by challenging FreeSWITCH's SIP requests with the realm set to that of the gateway, thus forcing FreeSWITCH to respond with the challenge response which is based on the password of that targeted gateway. https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4 Release notes: https://github.com/signalwire/freeswitch/releases/tag/v1.10.7 Removed patch, upstream applied a different fix: https://github.com/signalwire/freeswitch/commit/e9fde845de5b8885282bf5e70f4be3645c5c3e9b Added optional dependency to libks, needed due to upstream commit https://github.com/signalwire/freeswitch/commit/ed9851666615d283effb76edc7028cc08b07eff9 Added upstream patches to fix build errors. Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> [Peter: mention security fixes] Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2021-11-06 12:11:45 +01:00			`From 68039d344d8e826e8b403c9cd0284fd07b4495ac Mon Sep 17 00:00:00 2001`
			`From: Dragos Oancea <dragos@signalwire.com>`
			`Date: Tue, 26 Oct 2021 08:42:58 +0000`
			`Subject: [PATCH] [core] fix build SWITCH_BYTE_ORDER == __BIG_ENDIAN`

			`Downloaded from upstream commit:`
			`https://github.com/signalwire/freeswitch/commit/68039d344d8e826e8b403c9cd0284fd07b4495ac`

			`Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>`
			`---`
			`src/switch_rtp.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/src/switch_rtp.c b/src/switch_rtp.c`
			`index 1880bbb19c..843ee81381 100644`
			`--- a/src/switch_rtp.c`
			`+++ b/src/switch_rtp.c`
			`@@ -2155,7 +2155,7 @@ static void switch_send_rtcp_event(switch_rtp_t *rtp_session ,struct switch_rtcp`
			`switch_event_add_header_string(event, SWITCH_STACK_BOTTOM, header, value);`
			`snprintf(header, sizeof(header), "Source-Lost");`
			`#if SWITCH_BYTE_ORDER == __BIG_ENDIAN`
			`- tmpLost = report->lost; /* signed 24bit will extended signess to int32_t automatically */`
			`+ tmpLost = rtcp_report_block->lost; /* signed 24bit will extended signess to int32_t automatically */`
			`#else`
			`tmpLost = ntohl(rtcp_report_block->lost)>>8;`
			`tmpLost = tmpLost \| ((tmpLost & 0x00800000) ? 0xff000000 : 0x00000000); /* ...and signess compensation */`