net-libs/pjproject: Version bump to 2.7.2

Fixed SSL flipflop logic by Felix Janda replaces my own failed first attempt.
Upstream has two security fixes around malformed SDP, a crash due to an invalid
ftmp attribute and a crash due to an invalid media format description.

Package-Manager: Portage-2.3.24, Repoman-2.3.6

3 files changed, 214 insertions, 0 deletions

diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index f4403851ca6..12e01535ff4 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1 +1,2 @@
 DIST pjproject-2.7.1.tar.bz2 4880007 BLAKE2B 33fca89f07abc0b9662b1070c96b903c236a60149734755286dad3111411dbeef5779077a77d21112be6db2957cb7e18c5c833b3c5fd32c26be44d4550fb215e SHA512 cd15afee2a02659668ff228b2652d2bd179393e3b5031afae1c326354fb9676babc08eb689e466165536abc360684299b4fdb41dbb1148aed89afe1ce7e5d979
+DIST pjproject-2.7.2.tar.bz2 4994233 BLAKE2B 44ecaf0997d5dd9b18e0b811cead7c9104e63894fa06fb1d64e79b60fa4210968fd90ef47e5f5be3629675363c8756ce3bc1834caa9700654ab4c53efe676ee7 SHA512 3d355ffcbbeed62cfc711e574a987dc06043ccf4f2625820adffa89167022b8306fcee3fada71d3d45e7b902fc9c65ac8221de101cbafed25362a3921f702afd
diff --git a/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
new file mode 100644
index 00000000000..c984bc62962
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.7.2-ssl-flipflop.patch
@@ -0,0 +1,103 @@
+--- pjproject-2.7.1.ORIG/aconfigure.ac	2018-02-06 11:34:20.973411193 +0000
++++ pjproject-2.7.1/aconfigure.ac	2018-02-06 13:33:31.525015674 +0000
+@@ -1551,57 +1551,56 @@
+     enable_ssl=no
+ fi
+ 
+-dnl # Include SSL support
++dnl # Correct --enable vs --disable SSL flipflop logic
+ AC_SUBST(ac_no_ssl)
+ AC_SUBST(ac_ssl_has_aes_gcm,0)
+ AC_ARG_ENABLE(ssl,
+ 	      AS_HELP_STRING([--disable-ssl],
+ 			     [Exclude SSL support the build (default: autodetect)])
+-	      ,
+-	      [
+-		if test "$enable_ssl" = "no"; then
+-		 [ac_no_ssl=1]
+-		 AC_MSG_RESULT([Checking if SSL support is disabled... yes])
+-	        fi
+-	      ],
+-	      [
+-		AC_MSG_RESULT([checking for OpenSSL installations..])
+-                if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
+-                    CFLAGS="$CFLAGS -I$with_ssl/include"
+-                    LDFLAGS="$LDFLAGS -L$with_ssl/lib"
+-                    AC_MSG_RESULT([Using SSL prefix... $with_ssl])
+-                fi
+-		AC_SUBST(openssl_h_present)
+-		AC_SUBST(libssl_present)
+-		AC_SUBST(libcrypto_present)
+-		AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
+-		AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
+-		AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
+-		if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
+-	        	AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
+-			
+-			# Check if SRTP should be compiled with OpenSSL
+-			# support, to enable cryptos such as AES GCM.
+-			
+-			# EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
+-			# Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
+-			# so we can omit EVP_CIPHER_CTX definition check now.
+-			AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
+-							  [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
+-					  [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
+-			if test "x$ac_ssl_has_aes_gcm" = "x1"; then
+-				AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
+-			else
+-				AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
+-			fi
+-
+-			# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
+-			#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
+-			AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
++)
++
++dnl # OpenSSL detection
++AC_MSG_CHECKING([OpenSSL installations])
++if test "x$enable_ssl" = "xno"; then
++	ac_no_ssl=1
++	AC_MSG_RESULT([explicitly disabled])
++else
++	if test "x$with_ssl" != "xno" -a "x$with_ssl" != "x"; then
++		CFLAGS="$CFLAGS -I$with_ssl/include"
++		LDFLAGS="$LDFLAGS -L$with_ssl/lib"
++		AC_MSG_RESULT([Using SSL prefix... $with_ssl])
++	fi
++	AC_SUBST(openssl_h_present)
++	AC_SUBST(libssl_present)
++	AC_SUBST(libcrypto_present)
++	AC_CHECK_HEADER(openssl/ssl.h,[openssl_h_present=1])
++	AC_CHECK_LIB(crypto,ERR_load_BIO_strings,[libcrypto_present=1 && LIBS="-lcrypto $LIBS"])
++	AC_CHECK_LIB(ssl,SSL_CTX_new,[libssl_present=1 && LIBS="-lssl $LIBS"])
++	if test "x$openssl_h_present" = "x1" -a "x$libssl_present" = "x1" -a "x$libcrypto_present" = "x1"; then
++	       	AC_MSG_RESULT([OpenSSL library found, SSL support enabled])
++
++		# Check if SRTP should be compiled with OpenSSL
++		# support, to enable cryptos such as AES GCM.
++
++		# EVP_CIPHER_CTX is now opaque in OpenSSL 1.1.0, libsrtp 1.5.4 uses it as a transparent type.
++		# Update 2.7: our bundled libsrtp has been upgraded to 2.1.0,
++		# so we can omit EVP_CIPHER_CTX definition check now.
++		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/evp.h>]],
++						  [EVP_CIPHER_CTX *ctx;EVP_aes_128_gcm();])],
++				  [AC_CHECK_LIB(crypto,EVP_aes_128_gcm,[ac_ssl_has_aes_gcm=1])])
++		if test "x$ac_ssl_has_aes_gcm" = "x1"; then
++			AC_MSG_RESULT([OpenSSL has AES GCM support, SRTP will use OpenSSL])
+ 		else
+-			AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
++			AC_MSG_RESULT([OpenSSL AES GCM support not found, SRTP will only support AES CM cryptos])
+ 		fi
+-	      ])
++
++		# PJSIP_HAS_TLS_TRANSPORT setting follows PJ_HAS_SSL_SOCK
++		#AC_DEFINE(PJSIP_HAS_TLS_TRANSPORT, 1)
++		AC_DEFINE(PJ_HAS_SSL_SOCK, 1)
++	else
++		AC_MSG_RESULT([** OpenSSL libraries not found, disabling SSL support **])
++	fi
++fi
+ 
+ dnl # Obsolete option --with-opencore-amrnb
+ AC_ARG_WITH(opencore-amrnb,
diff --git a/net-libs/pjproject/pjproject-2.7.2.ebuild b/net-libs/pjproject/pjproject-2.7.2.ebuild
new file mode 100644
index 00000000000..e4d25565824
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.7.2.ebuild
@@ -0,0 +1,110 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit autotools flag-o-matic
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="http://www.pjsip.org/"
+SRC_URI="http://www.pjsip.org/release/${PV}/${P}.tar.bz2"
+KEYWORDS="~amd64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0"
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv"
+SOUND_FLAGS="alsa oss portaudio"
+IUSE="amr debug doc epoll examples ipv6 opus resample silk ssl static-libs webrtc ${CODEC_FLAGS} ${VIDEO_FLAGS} ${SOUND_FLAGS}"
+
+PATCHES=( "${FILESDIR}"/${P}-ssl-flipflop.patch )
+
+RDEPEND="alsa? ( media-libs/alsa-lib )
+	oss? ( media-libs/portaudio[oss] )
+	portaudio? ( media-libs/portaudio )
+
+	amr? ( media-libs/opencore-amr )
+	gsm? ( media-sound/gsm )
+	ilbc? ( dev-libs/ilbc-rfc3951 )
+	opus? ( media-libs/opus )
+	speex? ( media-libs/speexdsp )
+
+	ffmpeg? ( virtual/ffmpeg:= )
+	sdl? ( media-libs/libsdl )
+	openh264? ( media-libs/openh264 )
+	resample? ( media-libs/libsamplerate )
+
+	ssl? ( dev-libs/openssl:= )
+
+	net-libs/libsrtp:0"
+DEPEND="${RDEPEND}
+	virtual/pkgconfig"
+
+REQUIRED_USE="?? ( ${SOUND_FLAGS} )"
+
+src_prepare() {
+	default
+	rm configure || die "Unable to remove unwanted wrapper"
+	mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+	eautoreconf
+}
+
+src_configure() {
+	local myconf=()
+	local videnable="--disable-video"
+	local t
+
+	use ipv6 && append-cflags -DPJ_HAS_IPV6=1
+	use debug || append-cflags -DNDEBUG=1
+
+	for t in ${CODEC_FLAGS}; do
+		myconf+=( $(use_enable ${t} ${t}-codec) )
+	done
+
+	for t in ${VIDEO_FLAGS}; do
+		myconf+=( $(use_enable ${t}) )
+		use "${t}" && videnable="--enable-video"
+	done
+
+	econf \
+		--enable-shared \
+		--with-external-srtp \
+		${videnable} \
+		$(use_enable epoll) \
+		$(use_with gsm external-gsm) \
+		$(use_with speex external-speex) \
+		$(use_enable speex speex-aec) \
+		$(use_enable resample) \
+		$(use_enable resample libsamplerate) \
+		$(use_enable resample resample-dll) \
+		$(use_enable alsa sound) \
+		$(use_enable oss) \
+		$(use_with portaudio external-pa) \
+		$(use_enable portaudio ext-sound) \
+		$(use_enable amr opencore-amr) \
+		$(use_enable silk) \
+		$(use_enable opus) \
+		$(use_enable ssl) \
+		$(use_enable webrtc libwebrtc) \
+		"${myconf[@]}"
+}
+
+src_compile() {
+	emake dep
+	emake
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	if use doc; then
+		dodoc README.txt README-RTEMS
+	fi
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r pjsip-apps/src/samples
+	fi
+
+	use static-libs || rm "${D}/usr/$(get_libdir)/*.a"
+}