package/freeswitch: security bump version to 1.10.7

Fixes the following security issues:

- CVE-2021-41105: FreeSWITCH susceptible to Denial of Service via invalid
  SRTP packets

  When handling SRTP calls, FreeSWITCH is susceptible to a DoS where calls
  can be terminated by remote attackers.  This attack can be done
  continuously, thus denying encrypted calls during the attack.

  https://github.com/signalwire/freeswitch/security/advisories/GHSA-jh42-prph-gp36

- CVE-2021-41157: FreeSWITCH does not authenticate SIP SUBSCRIBE requests by default

  By default, SIP requests of the type SUBSCRIBE are not authenticated in
  the affected versions of FreeSWITCH.

  https://github.com/signalwire/freeswitch/security/advisories/GHSA-g7xg-7c54-rmpj

- CVE-2021-37624: FreeSWITCH does not authenticate SIP MESSAGE requests,
  leading to spam and message spoofing

  By default, SIP requests of the type MESSAGE (RFC 3428) are not
  authenticated in the affected versions of FreeSWITCH.  MESSAGE requests
  are relayed to SIP user agents registered with the FreeSWITCH server
  without requiring any authentication.  Although this behaviour can be
  changed by setting the auth-messages parameter to true, it is not the
  default setting.

  https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3

- CVE-2021-41145: FreeSWITCH susceptible to Denial of Service via SIP flooding

  When flooding FreeSWITCH with SIP messages, it was observed that after a
  number of seconds the process was killed by the operating system due to
  memory exhaustion

  https://github.com/signalwire/freeswitch/security/advisories/GHSA-jvpq-23v4-gp3m

- CVE-2021-41158: FreeSWITCH vulnerable to SIP digest leak for configured gateways

  An attacker can perform a SIP digest leak attack against FreeSWITCH and
  receive the challenge response of a gateway configured on the FreeSWITCH
  server.  This is done by challenging FreeSWITCH's SIP requests with the
  realm set to that of the gateway, thus forcing FreeSWITCH to respond with
  the challenge response which is based on the password of that targeted
  gateway.

  https://github.com/signalwire/freeswitch/security/advisories/GHSA-3v3f-99mv-qvj4

Release notes:
https://github.com/signalwire/freeswitch/releases/tag/v1.10.7

Removed patch, upstream applied a different fix:
e9fde845de

Added optional dependency to libks, needed due to upstream commit
ed98516666

Added upstream patches to fix build errors.

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[Peter: mention security fixes]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/freeswitch/0001-fix-build-SWITCH_BYTE_ORDER-__BIG_ENDIAN.patch

@@ -0,0 +1,26 @@
+From 68039d344d8e826e8b403c9cd0284fd07b4495ac Mon Sep 17 00:00:00 2001
+From: Dragos Oancea <dragos@signalwire.com>
+Date: Tue, 26 Oct 2021 08:42:58 +0000
+Subject: [PATCH] [core] fix build SWITCH_BYTE_ORDER == __BIG_ENDIAN
+
+Downloaded from upstream commit:
+https://github.com/signalwire/freeswitch/commit/68039d344d8e826e8b403c9cd0284fd07b4495ac
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+---
+ src/switch_rtp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/switch_rtp.c b/src/switch_rtp.c
+index 1880bbb19c..843ee81381 100644
+--- a/src/switch_rtp.c
++++ b/src/switch_rtp.c
+@@ -2155,7 +2155,7 @@ static void switch_send_rtcp_event(switch_rtp_t *rtp_session ,struct switch_rtcp
+ 				switch_event_add_header_string(event, SWITCH_STACK_BOTTOM, header, value);
+ 				snprintf(header, sizeof(header), "Source-Lost");
+ #if SWITCH_BYTE_ORDER == __BIG_ENDIAN
+-				tmpLost = report->lost; /* signed 24bit will extended signess to int32_t automatically */
++				tmpLost = rtcp_report_block->lost; /* signed 24bit will extended signess to int32_t automatically */
+ #else
+ 				tmpLost = ntohl(rtcp_report_block->lost)>>8;
+ 				tmpLost = tmpLost | ((tmpLost & 0x00800000) ? 0xff000000 : 0x00000000); /* ...and signess compensation */

package/freeswitch/0001-src-mod-applications-mod_cv-mod_cv.cpp-fix-build-wit.patch

@@ -1,44 +0,0 @@
-From 575409a14e62f73e83309daf8ff6642a235f250c Mon Sep 17 00:00:00 2001
-From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-Date: Fri, 16 Oct 2020 23:06:36 +0200
-Subject: [PATCH] src/mod/applications/mod_cv/mod_cv.cpp: fix build with opencv
- 3.4.9
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Use cvScalar instead of CV_RGB to avoid the following build failure with
-opencv 3.4.9:
-
-mod_cv.cpp:693:24: error: conversion from ‘cv::Scalar {aka cv::Scalar_<double>}’ to non-scalar type ‘CvScalar’ requested
-         CvScalar col = CV_RGB((float)255 * object_neighbors / max_neighbors, 0, 0);
-                        ^
-
-Indeed, CV_RGB is defined as cv::Scalar instead of cvScalar since
-version 3.4.2 and
-https://github.com/opencv/opencv/commit/7f9253ea0a9fe2635926379420002dbf0c3fce0f
-
-It should be noted that CV_RGB(r,g,b) = cvScalar(b,g,r,0)
-
-Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
-[Upstream status: https://github.com/signalwire/freeswitch/pull/914]
----
- src/mod/applications/mod_cv/mod_cv.cpp | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/mod/applications/mod_cv/mod_cv.cpp b/src/mod/applications/mod_cv/mod_cv.cpp
-index 582f925abf..bbec755e91 100644
---- a/src/mod/applications/mod_cv/mod_cv.cpp
-+++ b/src/mod/applications/mod_cv/mod_cv.cpp
-@@ -690,7 +690,7 @@ void detectAndDraw(cv_context_t *context)
- 		//printf("WTF %d\n", object_neighbors);
-         //cout << "Detected " << object_neighbors << " object neighbors" << endl;
-         const int rect_height = cvRound((float)img.rows * object_neighbors / max_neighbors);
--        CvScalar col = CV_RGB((float)255 * object_neighbors / max_neighbors, 0, 0);
-+        CvScalar col = cvScalar(0, 0, (float)255 * object_neighbors / max_neighbors, 0);
-         rectangle(img, cvPoint(0, img.rows), cvPoint(img.cols/10, img.rows - rect_height), col, -1);
- 
-         parse_stats(&context->nestDetected, nestedObjects.size(), context->skip);
--- 
-2.28.0
-

package/freeswitch/0002-core-fix--disable-libyuv.patch

@@ -0,0 +1,129 @@
+From a2ce46c6fde38d6ac54a8a2ee1a5b391e2ed2071 Mon Sep 17 00:00:00 2001
+From: Sebastian Kemper <sebastian_ml@gmx.net>
+Date: Mon, 1 Nov 2021 09:59:09 +0100
+Subject: [PATCH] [core] fix "--disable-libyuv"
+
+Recent changes made it impossible to compile freeswitch without libyuv
+support.
+
+src/switch_core_video.c: In function 'switch_img_read_from_file':
+src/switch_core_video.c:3139:4: error: implicit declaration of function 'RAWToI420' [-Werror=implicit-function-declaration]
+RAWToI420(data, width * 3,
+^
+src/switch_core_video.c:3148:4: error: implicit declaration of function 'ABGRToARGB' [-Werror=implicit-function-declaration]
+ABGRToARGB(data, width * 4, img->planes[SWITCH_PLANE_PACKED], img->stride[SWITCH_PLANE_PACKED], width, height);
+^
+
+Fix this my adding/moving the checks for "SWITCH_HAVE_YUV".
+
+Downloaded from upstream commit:
+https://github.com/signalwire/freeswitch/commit/a2ce46c6fde38d6ac54a8a2ee1a5b391e2ed2071
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
+Signed-off-by: Sebastian Kemper <sebastian_ml@gmx.net>
+---
+ src/switch_core_video.c        | 12 ++++++++++++
+ tests/unit/switch_core_video.c |  4 ++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/switch_core_video.c b/src/switch_core_video.c
+index 7dbd685d6ee..0d377f9c3e4 100644
+--- a/src/switch_core_video.c
++++ b/src/switch_core_video.c
+@@ -3116,6 +3116,7 @@ SWITCH_DECLARE(switch_status_t) switch_img_data_url_png(switch_image_t *img, cha
+ 
+ SWITCH_DECLARE(switch_image_t *) switch_img_read_from_file(const char* file_name, switch_img_fmt_t img_fmt)
+ {
++#ifdef SWITCH_HAVE_YUV
+ 	int width = 0, height = 0, channels = 0;
+ 	int comp = STBI_rgb;
+ 	unsigned char *data = NULL;
+@@ -3155,12 +3156,16 @@ SWITCH_DECLARE(switch_image_t *) switch_img_read_from_file(const char* file_name
+ 	} else if (data) {
+ 		stbi_image_free(data);
+ 	}
++#endif
+ 
+ 	return NULL;
+ }
+ 
+ SWITCH_DECLARE(switch_status_t) switch_img_write_to_file(switch_image_t *img, const char* file_name, int quality)
+ {
++#ifndef SWITCH_HAVE_YUV
++	return SWITCH_STATUS_FALSE;
++#else
+ 	int comp = STBI_rgb;
+ 	unsigned char *data = NULL;
+ 	const char *ext = strrchr(file_name, '.');
+@@ -3217,6 +3222,7 @@ SWITCH_DECLARE(switch_status_t) switch_img_write_to_file(switch_image_t *img, co
+ 	free(data);
+ 
+ 	return ret ? SWITCH_STATUS_SUCCESS : SWITCH_STATUS_FALSE;
++#endif
+ }
+ 
+ typedef struct data_url_context_s {
+@@ -3224,14 +3230,19 @@ typedef struct data_url_context_s {
+ 	char **urlP;
+ } data_url_context_t;
+ 
++#ifdef SWITCH_HAVE_YUV
+ static void data_url_write_func(void *context, void *data, int size)
+ {
+ 	switch_buffer_t *buffer = (switch_buffer_t *)context;
+ 	switch_buffer_write(buffer, data, size);
+ }
++#endif
+ 
+ SWITCH_DECLARE(switch_status_t) switch_img_data_url(switch_image_t *img, char **urlP, const char *type, int quality)
+ {
++#ifndef SWITCH_HAVE_YUV
++	return SWITCH_STATUS_FALSE;
++#else
+ 	int comp = STBI_rgb;
+ 	unsigned char *data = NULL;
+ 	int stride_in_bytes = 0;
+@@ -3300,6 +3311,7 @@ SWITCH_DECLARE(switch_status_t) switch_img_data_url(switch_image_t *img, char **
+ 	switch_buffer_destroy(&buffer);
+ 
+ 	return ret ? SWITCH_STATUS_SUCCESS : SWITCH_STATUS_FALSE;
++#endif /* SWITCH_HAVE_YUV */
+ }
+ 
+ 
+diff --git a/tests/unit/switch_core_video.c b/tests/unit/switch_core_video.c
+index 27c96102929..e395db474d5 100644
+--- a/tests/unit/switch_core_video.c
++++ b/tests/unit/switch_core_video.c
+@@ -48,6 +48,7 @@ FST_CORE_BEGIN("./conf")
+ 		}
+ 		FST_TEARDOWN_END()
+ 
++#ifdef SWITCH_HAVE_YUV
+ 		FST_TEST_BEGIN(data_url_test)
+ 		{
+ 			char *data_url = NULL;
+@@ -88,6 +89,7 @@ FST_CORE_BEGIN("./conf")
+ 			unlink(argb_filename);
+ 		}
+ 		FST_TEST_END()
++#endif /* SWITCH_HAVE_YUV */
+ 
+ 		FST_TEST_BEGIN(img_patch)
+ 		{
+@@ -239,6 +241,7 @@ FST_CORE_BEGIN("./conf")
+ 		}
+ 		FST_TEST_END()
+ 
++#ifdef SWITCH_HAVE_YUV
+ 		FST_TEST_BEGIN(stb_data_url)
+ 		{
+ 			switch_image_t *img = switch_img_alloc(NULL, SWITCH_IMG_FMT_I420, 120, 60, 1);
+@@ -321,6 +324,7 @@ FST_CORE_BEGIN("./conf")
+ 			unlink(jpg_write_filename);
+ 		}
+ 		FST_TEST_END()
++#endif /* SWITCH_HAVE_YUV */
+ 	}
+ 	FST_SUITE_END()
+ }

package/freeswitch/freeswitch.hash

@@ -1,5 +1,5 @@
-# From https://files.freeswitch.org/freeswitch-releases/freeswitch-1.10.6.-release.tar.xz.sha256
-sha256  9a08d4e184e6d715e1c12c43a0f901597151752ef236f0a37e40996272b5c38d  freeswitch-1.10.6.-release.tar.xz
+# From https://files.freeswitch.org/freeswitch-releases/freeswitch-1.10.7.-release.tar.xz.sha256
+sha256  0919bddc2ea9cab2e4944314e71637bea9dd4f40d510722a74ea032104594c41  freeswitch-1.10.7.-release.tar.xz
 # Locally computed
 sha256  75c933202f40939cdc3827fce20a1efdaa38291e2b5a65d234eb16e2cffda66a  COPYING
 sha256  c3e3388768dae8bf4edcc4108f95be815b8a05c0b0aef6e4c3d8df81affdfa34  docs/OPENH264_BINARY_LICENSE.txt

package/freeswitch/freeswitch.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-FREESWITCH_VERSION = 1.10.6
+FREESWITCH_VERSION = 1.10.7
 FREESWITCH_SOURCE = freeswitch-$(FREESWITCH_VERSION).-release.tar.xz
 FREESWITCH_SITE = https://files.freeswitch.org/freeswitch-releases
 # External modules need headers/libs from staging
@@ -120,7 +120,6 @@ FREESWITCH_ENABLED_MODULES += \
 	endpoints/mod_rtc \
 	endpoints/mod_rtmp \
 	endpoints/mod_sofia \
-	endpoints/mod_verto \
 	event_handlers/mod_cdr_csv \
 	event_handlers/mod_cdr_sqlite \
 	event_handlers/mod_event_socket \
@@ -209,6 +208,11 @@ FREESWITCH_DEPENDENCIES += libilbc
 FREESWITCH_ENABLED_MODULES += codecs/mod_ilbc
 endif
 
+ifeq ($(BR2_PACKAGE_LIBKS),y)
+FREESWITCH_DEPENDENCIES += libks
+FREESWITCH_ENABLED_MODULES += endpoints/mod_verto
+endif
+
 ifeq ($(BR2_PACKAGE_LIBLDNS),y)
 FREESWITCH_DEPENDENCIES += libldns
 FREESWITCH_ENABLED_MODULES += applications/mod_enum