diff --git a/libnice-0.1.22-fix-openscanhub-findings.patch b/libnice-0.1.22-fix-openscanhub-findings.patch new file mode 100644 index 0000000000000000000000000000000000000000..7ba3fc9efe417eff0e2903e3b5179e79213d7218 --- /dev/null +++ b/libnice-0.1.22-fix-openscanhub-findings.patch @@ -0,0 +1,161 @@ +From b9ab0407ba298454e502f6061d6d15e6160c2ece Mon Sep 17 00:00:00 2001 +From: Stefan Becker +Date: Thu, 1 May 2025 17:54:23 +0300 +Subject: [PATCH 1/3] stun: fix OpenScanHub findings + +- check return value from memory allocations +- assert that pointer parameter is non-NULL +- don't call exit() from signal handler +--- + stun/debug.c | 3 +++ + stun/tools/stund.c | 10 +++++----- + stun/usages/bind.c | 1 + + stun/usages/ice.c | 3 +++ + 4 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/stun/debug.c b/stun/debug.c +index 9d3d59b4..7cdbeb62 100644 +--- a/stun/debug.c ++++ b/stun/debug.c +@@ -97,6 +97,9 @@ void stun_debug_bytes (const char *prefix, const void *data, size_t len) + return; + + bytes = malloc (prefix_len + 2 + (len * 2) + 1); ++ if (bytes == NULL) ++ return; ++ + bytes[0] = 0; + strcpy (bytes, prefix); + strcpy (bytes + prefix_len, "0x"); +diff --git a/stun/tools/stund.c b/stun/tools/stund.c +index 5d0987a2..18f7a359 100644 +--- a/stun/tools/stund.c ++++ b/stun/tools/stund.c +@@ -255,6 +255,7 @@ send_buf: + return (len < buf_len) ? -1 : 0; + } + ++static int running = 1; + + static int run (int family, int protocol, unsigned port) + { +@@ -269,17 +270,16 @@ static int run (int family, int protocol, unsigned port) + stun_agent_init (&newagent, known_attributes, + STUN_COMPATIBILITY_RFC5389, STUN_AGENT_USAGE_USE_FINGERPRINT); + +- for (;;) ++ while (running) + dgram_process (sock, &oldagent, &newagent); +-} + ++ return 0; ++} + +-/* Pretty useless dummy signal handler... +- * But calling exit() is needed for gcov to work properly. */ + static void exit_handler (int signum) + { + (void)signum; +- exit (0); ++ running = 0; + } + + +diff --git a/stun/usages/bind.c b/stun/usages/bind.c +index 504bd89b..bd2d5770 100644 +--- a/stun/usages/bind.c ++++ b/stun/usages/bind.c +@@ -225,6 +225,7 @@ stun_trans_init (StunTransport *tr, int fd, + const struct sockaddr *srv, socklen_t srvlen) + { + assert (fd != -1); ++ assert (srv != NULL); + + if ((size_t) srvlen > sizeof (tr->dst)) + return STUN_USAGE_TRANS_RETURN_INVALID_ADDRESS; +diff --git a/stun/usages/ice.c b/stun/usages/ice.c +index 2d76ff0d..bc89a1c5 100644 +--- a/stun/usages/ice.c ++++ b/stun/usages/ice.c +@@ -113,6 +113,9 @@ stun_usage_ice_conncheck_create (StunAgent *agent, StunMessage *msg, + // Avoid a coverify false positive + assert (attribute_len >= identifier_len); + buf = malloc(attribute_len); ++ if (buf == NULL) ++ return 0; ++ + memset(buf, 0, attribute_len); + memcpy(buf, candidate_identifier, identifier_len); + +-- +2.49.0 + +From da6fa56d33e0b5074167cf244c0b3675111ec0bf Mon Sep 17 00:00:00 2001 +From: Stefan Becker +Date: Thu, 1 May 2025 17:57:38 +0300 +Subject: [PATCH 2/3] tests: fix OpenScanHub findings + +- initialize variables +--- + tests/test-bsd.c | 1 + + tests/test-pseudotcp-fin.c | 2 +- + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tests/test-bsd.c b/tests/test-bsd.c +index f8185a57..d83b9b18 100644 +--- a/tests/test-bsd.c ++++ b/tests/test-bsd.c +@@ -157,6 +157,7 @@ test_zero_send_recv (void) + g_assert_cmpint (socket_recv (sock, &tmp, 0, NULL), ==, 0); + + /* And again with messages. */ ++ memset(&local_out_message, 0, sizeof(local_out_message)); + g_assert_cmpint (nice_socket_send_messages (sock, &tmp, + &local_out_message, 0), ==, 0); + g_assert_cmpint (nice_socket_send_messages (sock, &tmp, NULL, 0), ==, 0); +diff --git a/tests/test-pseudotcp-fin.c b/tests/test-pseudotcp-fin.c +index d007513a..90ca6aa4 100644 +--- a/tests/test-pseudotcp-fin.c ++++ b/tests/test-pseudotcp-fin.c +@@ -169,7 +169,7 @@ write_packet (PseudoTcpSocket *sock, const gchar *buffer, guint32 len, + { + Data *data = user_data; + gchar *str; /* owned */ +- GQueue/**/ *queue; /* unowned */ ++ GQueue/**/ *queue = NULL; /* unowned */ + GBytes *segment; /* owned */ + + /* Debug output. */ +-- +2.49.0 + +From ac6b17b8fc090f5aac2f164393ae842d244d0376 Mon Sep 17 00:00:00 2001 +From: Stefan Becker +Date: Thu, 1 May 2025 19:00:43 +0300 +Subject: [PATCH 3/3] agent: fix OpenScanHub findings + +- use the correct local variable name so that the data flow analyzer can + detect that we are *NOT* returning a pointer to the stack. +--- + agent/agent.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/agent/agent.c b/agent/agent.c +index d98b5b2a..27e1b584 100644 +--- a/agent/agent.c ++++ b/agent/agent.c +@@ -4585,9 +4585,9 @@ agent_recv_message_unlocked ( + gboolean is_turn; + + /* We need an address for packet parsing, below. */ +- if (message->from == NULL) { ++ if (provided_message->from == NULL) { + nice_address_init (&from); +- message->from = &from; ++ provided_message->from = &from; + } + + /* ICE-TCP requires that all packets be framed with RFC4571 */ +-- +2.49.0 + diff --git a/libnice-0.1.22-fix-test-new-trickle-for-glib-2.83.patch b/libnice-0.1.22-fix-test-new-trickle-for-glib-2.83.patch new file mode 100644 index 0000000000000000000000000000000000000000..112b95dbba44c74b1795f0441b29779d71a17ef2 --- /dev/null +++ b/libnice-0.1.22-fix-test-new-trickle-for-glib-2.83.patch @@ -0,0 +1,226 @@ +From 37eeeb1a750bf2dd6d5769d759069e95dd1b8493 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Olivier=20Cr=C3=AAte?= +Date: Thu, 14 Nov 2024 11:16:14 -0500 +Subject: [PATCH] test-new-trickle: Remove cancellable as a wakeup mechanism + +Just wake up the main context directly instead. This was causing a regression +with GLib 2.83 + +Fixes #198 +--- + tests/test-new-trickle.c | 36 +++--------------------------------- + 1 file changed, 3 insertions(+), 33 deletions(-) + +diff --git a/tests/test-new-trickle.c b/tests/test-new-trickle.c +index da808dae..e80048e5 100644 +--- a/tests/test-new-trickle.c ++++ b/tests/test-new-trickle.c +@@ -67,7 +67,6 @@ static GCond *stun_thread_signal_ptr = &stun_thread_signal; + + static NiceComponentState global_lagent_state = NICE_COMPONENT_STATE_LAST; + static NiceComponentState global_ragent_state = NICE_COMPONENT_STATE_LAST; +-static GCancellable *global_cancellable; + static gboolean exit_stun_thread = FALSE; + static gboolean lagent_candidate_gathering_done = FALSE; + static gboolean ragent_candidate_gathering_done = FALSE; +@@ -225,7 +224,7 @@ recv_packet: + buf_len = stun_agent_finish_message (agent, &response, NULL, 0); + + send_buf: +- g_cancellable_cancel (global_cancellable); ++ g_main_context_wakeup (NULL); + g_debug ("Ready to send a STUN response"); + g_assert_true (g_mutex_trylock (stun_mutex_ptr)); + got_stun_packet = TRUE; +@@ -292,7 +291,6 @@ static void cb_candidate_gathering_done(NiceAgent *agent, guint stream_id, gpoin + g_debug ("ragent finished gathering candidates"); + ragent_candidate_gathering_done = TRUE; + } +- g_cancellable_cancel (global_cancellable); + } + + static void cb_nice_recv (NiceAgent *agent, guint stream_id, guint component_id, guint len, gchar *buf, gpointer user_data) +@@ -309,7 +307,7 @@ static void cb_nice_recv (NiceAgent *agent, guint stream_id, guint component_id, + g_debug ("test-tricklemode:%s: ragent recieved %d bytes : quit mainloop", + G_STRFUNC, len); + data_received = TRUE; +- g_cancellable_cancel (global_cancellable); ++ g_main_context_wakeup (NULL); + } + } + +@@ -333,7 +331,7 @@ static void cb_component_state_changed (NiceAgent *agent, guint stream_id, guint + send_stun = TRUE; + g_cond_signal (stun_signal_ptr); + g_mutex_unlock (stun_mutex_ptr); +- g_cancellable_cancel (global_cancellable); ++ g_main_context_wakeup (NULL); + } + + if(GPOINTER_TO_UINT(data) == 1 && state == NICE_COMPONENT_STATE_READY) { +@@ -492,7 +490,6 @@ static void standard_test(NiceAgent *lagent, NiceAgent *ragent) + nice_agent_gather_candidates (ragent, global_rs_id); + while (!ragent_candidate_gathering_done) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + g_assert_true (ragent_candidate_gathering_done); + g_assert_true (nice_agent_peer_candidate_gathering_done (lagent, global_ls_id)); + +@@ -503,7 +500,6 @@ static void standard_test(NiceAgent *lagent, NiceAgent *ragent) + + while (!data_received) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + g_assert_true (global_lagent_state >= NICE_COMPONENT_STATE_CONNECTED && + data_received); + +@@ -513,14 +509,12 @@ static void standard_test(NiceAgent *lagent, NiceAgent *ragent) + + while (!lagent_candidate_gathering_done) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + + g_assert_true (lagent_candidate_gathering_done); + g_assert_true (nice_agent_peer_candidate_gathering_done (ragent, global_rs_id)); + + while (global_ragent_state < NICE_COMPONENT_STATE_CONNECTED) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + + g_assert_cmpint (global_lagent_state, ==, NICE_COMPONENT_STATE_READY); + g_assert_cmpint (global_ragent_state, >=, NICE_COMPONENT_STATE_CONNECTED); +@@ -542,14 +536,12 @@ static void bad_credentials_test(NiceAgent *lagent, NiceAgent *ragent) + nice_agent_gather_candidates (lagent, global_ls_id); + while (!got_stun_packet) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + g_assert_true (global_lagent_state == NICE_COMPONENT_STATE_GATHERING && + !lagent_candidate_gathering_done); + + nice_agent_gather_candidates (ragent, global_rs_id); + while (!ragent_candidate_gathering_done) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + g_assert_true (ragent_candidate_gathering_done); + g_assert_true (nice_agent_peer_candidate_gathering_done (lagent, global_ls_id)); + +@@ -558,7 +550,6 @@ static void bad_credentials_test(NiceAgent *lagent, NiceAgent *ragent) + + while (global_lagent_state != NICE_COMPONENT_STATE_FAILED) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + + // Set the correct credentials and swap candidates + g_debug ("Setting local candidates of ragent as remote candidates of lagent"); +@@ -571,7 +562,6 @@ static void bad_credentials_test(NiceAgent *lagent, NiceAgent *ragent) + + while (!data_received) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + + g_assert_true (data_received); + g_assert_cmpint (global_lagent_state, ==, NICE_COMPONENT_STATE_READY); +@@ -580,7 +570,6 @@ static void bad_credentials_test(NiceAgent *lagent, NiceAgent *ragent) + // Wait for lagent to finish gathering candidates + while (!lagent_candidate_gathering_done) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + + g_assert_true (lagent_candidate_gathering_done); + g_assert_true (nice_agent_peer_candidate_gathering_done (ragent, global_rs_id)); +@@ -599,14 +588,12 @@ static void bad_candidate_test(NiceAgent *lagent,NiceAgent *ragent) + nice_agent_gather_candidates (lagent, global_ls_id); + while (!got_stun_packet) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + g_assert_true (global_lagent_state == NICE_COMPONENT_STATE_GATHERING && + !lagent_candidate_gathering_done); + + nice_agent_gather_candidates (ragent, global_rs_id); + while (!ragent_candidate_gathering_done) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + + g_assert_true (ragent_candidate_gathering_done); + g_assert_true (nice_agent_peer_candidate_gathering_done (lagent, global_ls_id)); +@@ -616,14 +603,12 @@ static void bad_candidate_test(NiceAgent *lagent,NiceAgent *ragent) + // lagent will finish candidate gathering causing this mainloop to quit + while (!lagent_candidate_gathering_done) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + + g_assert_true (nice_agent_peer_candidate_gathering_done (ragent, global_rs_id)); + + // connchecks will fail causing this mainloop to quit + while (global_lagent_state != NICE_COMPONENT_STATE_FAILED) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + + g_assert_true (global_lagent_state == NICE_COMPONENT_STATE_FAILED && + !data_received); +@@ -638,7 +623,6 @@ static void bad_candidate_test(NiceAgent *lagent,NiceAgent *ragent) + + while (!data_received) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + + g_assert_true (lagent_candidate_gathering_done); + +@@ -659,20 +643,17 @@ static void new_candidate_test(NiceAgent *lagent, NiceAgent *ragent) + nice_agent_gather_candidates (lagent, global_ls_id); + while (!got_stun_packet) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + g_assert_true (global_lagent_state == NICE_COMPONENT_STATE_GATHERING && + !lagent_candidate_gathering_done); + + nice_agent_gather_candidates (ragent, global_rs_id); + while (!ragent_candidate_gathering_done) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + g_assert_true (nice_agent_peer_candidate_gathering_done (lagent, global_ls_id)); + + // Wait for data + while (!data_received) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + g_assert_true (data_received); + + // Data arrived, signal STUN thread to send STUN response +@@ -684,7 +665,6 @@ static void new_candidate_test(NiceAgent *lagent, NiceAgent *ragent) + // Wait for lagent to finish gathering candidates + while (!lagent_candidate_gathering_done) + g_main_context_iteration (NULL, TRUE); +- g_cancellable_reset (global_cancellable); + g_assert_true (nice_agent_peer_candidate_gathering_done (ragent, global_rs_id)); + + g_assert_true (lagent_candidate_gathering_done); +@@ -719,14 +699,8 @@ int main(void) + NiceAgent *lagent = NULL, *ragent = NULL; + GThread *stun_thread = NULL; + NiceAddress baseaddr; +- GSource *src; + int sock; + +- global_cancellable = g_cancellable_new (); +- src = g_cancellable_source_new (global_cancellable); +- g_source_set_dummy_callback (src); +- g_source_attach (src, NULL); +- + sock = listen_socket (&stun_port); + + if (sock == -1) { +@@ -795,10 +769,6 @@ int main(void) + g_object_unref (ragent); + + g_thread_join (stun_thread); +- g_object_unref (global_cancellable); +- +- g_source_destroy (src); +- g_source_unref (src); + + WAIT_UNTIL_UNSET (lagent, NULL); + WAIT_UNTIL_UNSET (ragent, NULL); +-- +GitLab + diff --git a/libnice.spec b/libnice.spec index 51c8fc7aad1c6d32c712d0b9cfadca78e48da535..8b3d65a61bcceba941157817d3a09e94d5ddc76a 100644 --- a/libnice.spec +++ b/libnice.spec @@ -1,18 +1,22 @@ Name: libnice Version: 0.1.22 -Release: 1 +Release: 2 Summary: An implementation of ICE standard -License: LGPLv2 and MPLv1.1 +License: LGPL-2.1-or-later OR MPL-1.1 URL: https://libnice.freedesktop.org/ Source0: https://nice.freedesktop.org/releases/%{name}-%{version}.tar.gz Patch0: libnice-gupnp-1.6.patch - -BuildRequires: autoconf automake glib2-devel gnutls-devel >= 2.12.0 -BuildRequires: gobject-introspection-devel gstreamer1-devel >= 0.11.91 -BuildRequires: gstreamer1-plugins-base-devel >= 0.11.91 -BuildRequires: gtk-doc gupnp-igd-devel >= 0.1.2 graphviz meson -BuildRequires: cmake gnupg2 +Patch1: libnice-0.1.22-fix-test-new-trickle-for-glib-2.83.patch +Patch2: libnice-0.1.22-fix-openscanhub-findings.patch +BuildRequires: meson >= 0.52 +BuildRequires: pkgconfig(gio-2.0) >= 2.54 +BuildRequires: pkgconfig(gnutls) >= 2.12.0 +BuildRequires: pkgconfig(gstreamer-base-1.0) >= 1.0.0 +BuildRequires: pkgconfig(gthread-2.0) +BuildRequires: pkgconfig(gupnp-igd-1.6) >= 0.2.4 +BuildRequires: /usr/bin/g-ir-scanner +BuildRequires: gtk-doc %description Libnice is an implementation of the IETF's Interactive Connectivity @@ -32,7 +36,7 @@ This package provides a gstreamer 1.0 plugin for libnice. %package devel Summary: Development files for libnice -Requires: %{name} = %{version}-%{release} glib2-devel pkgconfig +Requires: %{name} = %{version}-%{release} %description devel This package provides Libraries and header files for libnice. @@ -47,29 +51,33 @@ sed -e "s/^ 'test-set-port-range'/#&/" -i tests/meson.build %install %meson_install -%delete_la %check %meson_test -%post -p /sbin/ldconfig -%postun -p /sbin/ldconfig - %files %doc NEWS README %license COPYING COPYING.LGPL COPYING.MPL -%{_bindir}/{stunbdc,stund} -%{_libdir}/{*.so.*,girepository-1.0/Nice-0.1.typelib} +%{_bindir}/stunbdc +%{_bindir}/stund +%{_libdir}/*.so.* +%{_libdir}/girepository-1.0/Nice-0.1.typelib %files gstreamer1 %{_libdir}/gstreamer-1.0/libgstnice.so %files devel %{_includedir}/* -%{_libdir}/{*.so,pkgconfig/nice.pc} -%{_datadir}/{gtk-doc/html/libnice/,gir-1.0/Nice-0.1.gir} +%{_libdir}/*.so +%{_libdir}/pkgconfig/nice.pc +%doc %{_datadir}/gtk-doc/html/libnice +%{_datadir}/gir-1.0/Nice-0.1.gir %changelog +* Thu Jul 31 2025 Funda Wang - 0.1.22-2 +- add patches from fedora +- cleanup spec + * Wed Nov 13 2024 xu_ping <707078654@qq.com> - 0.1.22-1 - Update to 0.1.22 - Make nice_address_is_local() available to applications.