Date: Mon, 12 Apr 2021 09:18:52 GMT From: Adriaan de Groot <adridg@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 0400c882914a - main - devel/libzrtpcpp: mark BROKEN Message-ID: <202104120918.13C9IqMs082295@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by adridg: URL: https://cgit.FreeBSD.org/ports/commit/?id=0400c882914a168367eb67680d215563a5836029 commit 0400c882914a168367eb67680d215563a5836029 Author: Adriaan de Groot <adridg@FreeBSD.org> AuthorDate: 2021-04-11 23:38:59 +0000 Commit: Adriaan de Groot <adridg@FreeBSD.org> CommitDate: 2021-04-12 09:14:53 +0000 devel/libzrtpcpp: mark BROKEN Does not compile on the cluster or 13- locally, because base SSL: hmac384.cpp:56:14: error: variable has incomplete type 'HMAC_CTX' (aka 'hmac_ctx_st') HMAC_CTX ctx; /usr/include/openssl/ossl_typ.h:102:16: note: forward declaration of 'hmac_ctx_st' typedef struct hmac_ctx_st HMAC_CTX; There is no definition of that type anywhere in /usr/include. The only consumer of this library is -- or was -- net/opal, and the use of this library was .if 0'ed out. Remove that non-use of the library as well. The library should also be marked BROKEN because the code is, well, broken. Clang rightfully complains: ZrtpPacketCommit.h:124:42: warning: 'memcpy' will always overflow; destination buffer has size 0, but size argument is 8 [-Wfortify-source] void setHMACMulti(uint8_t* hash) { memcpy(commitHeader->hmac-4*ZRTP_WORD_SIZE, hash, sizeof(commitHeader->hmac)); }; ZrtpQueue.cpp:147:9: warning: 'delete' applied to a pointer that was allocated with 'new[]'; did you mean 'delete[]'? [-Wmismatched-new-delete] delete buffer; ZrtpQueue.cpp:144:29: note: allocated with 'new[]' here unsigned char* buffer = new unsigned char[nextSize]; The first warning is *possibly* spurious: it's doing memcpy() into a struct intended for bit-banging, and is overwriting part of a previous field. Since there's no member there, there's no size information for fortify-source to use. The other two warnings are plain old UB, they were UB when this library was last released / updated in 2013, they're still UB, now. There **are** newer releases of this project, but not entirely under the GNU banner; https://github.com/wernerd/ZRTPCPP seems to be the right source for that, but I'm not going to chase updating this. --- devel/libzrtpcpp/Makefile | 3 ++- net/opal/Makefile | 13 ------------- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/devel/libzrtpcpp/Makefile b/devel/libzrtpcpp/Makefile index bc831bccc73a..d81844438067 100644 --- a/devel/libzrtpcpp/Makefile +++ b/devel/libzrtpcpp/Makefile @@ -9,6 +9,8 @@ MASTER_SITES= GNU/ccrtp MAINTAINER= acm@FreeBSD.org COMMENT= ZRTP extension for GNU ccRTP +BROKEN= incompatible with current SSL, bad C++ code + LIB_DEPENDS= libccrtp.so:devel/ccrtp \ libgcrypt.so:security/libgcrypt @@ -20,7 +22,6 @@ CMAKE_ARGS+= -DBUILD_SHARED_LIBS:BOOL=ON \ CXXFLAGS+= -I${LOCALBASE}/include -I${OPENSSLINC} LDFLAGS+= -L${LOCALBASE}/lib -L${OPENSSLLIB} USE_LDCONFIG= yes -CONFLICTS_BUILD=libzrtpcppcore post-patch: @${FIND} ${WRKSRC}/src -type f | ${XARGS} ${REINPLACE_CMD} -i "" \ diff --git a/net/opal/Makefile b/net/opal/Makefile index ec2256f232bb..396faed4736b 100644 --- a/net/opal/Makefile +++ b/net/opal/Makefile @@ -24,13 +24,11 @@ LDFLAGS+= -L${LOCALBASE}/lib OPTIONS_DEFINE= JAVA CELT ILBC GSM SPEEX THEORA FFMPEG X264 SIP H323 IAX \ H224 H281 FAX MSRP SIPIM RTPTEXT H450 H460 H501 LID UVIDEO \ AEC DEBUG RUBY -# ZRTP # MSRP = plist extra line vpd? # RTPTEXT disable == build fail, so make it default? OPTIONS_DEFAULT=CELT GSM SPEEX FFMPEG X264 SIP H224 H281 FAX MSRP SIPIM \ RTPTEXT LID AEC DEBUG_DESC= Install debug library -ZRTP_DESC= ZRTP protocol support JAVA_DESC= Java JNI support RUBY_DESC= Ruby support CELT_DESC= Celt codec from ports @@ -78,18 +76,7 @@ ALL_TARGET= opt PLIST_SUB+= DEBUG="@comment " .endif -# libzrtpcpp uses port ssl, which will conflict with this port since we use -# base ssl. -#.if ${PORT_OPTIONS:MZRTP} -.if 0 -.if !defined(SAFE_ZRTP) -IGNORE= please build devel/libzrtpcpp WITHOUT ports SSL and re-run build with SAFE_ZRTP set -.endif -LIB_DEPENDS+= libzrtpcpp.so:devel/libzrtpcpp -CONFIGURE_ARGS+= --enable-zrtp -.else CONFIGURE_ARGS+= --disable-zrtp -.endif .if ${PORT_OPTIONS:MGSM} LIB_DEPENDS+= libgsm.so:audio/gsm
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202104120918.13C9IqMs082295>