Hello ports@,
Diff below is already OK lucas@, but more eyes definitely welcome.
Here's a long overdue update for turnserver/coturn. Apparently they
release via github these days. 6.4.3 incidentally was released
yesterday.
There appear to be 2 branches of releases, the main 6.4.3 release, and
the -r<n> releases which are annotated as for docker. While the release
notes give the impression that there are only docker related changes, a
got diff on the tags shows that there are also code changes included in
there. For this reason it seemed best to lucas and me to follow the
latter.
Ports wise I've made the following changes:
- enable ignore_sigpipe(). From experience I've learned that coturn's
conditional SIGPIPE handling doesn't play nice on OpenBSD when a
tcp/tls port is exposed to the big bad internet.
- Empty out the default pidfile definition. This eliminates the need
for the rc_pre and the --pidfile in the rc-file.
We also discussed the daemon_user vs --proc-user merits, but decided
to keep it as is, since if people want to use e.g. restricted ports they
can use rcctl/rc.conf.local to change the user to root and set the
flags appropriately, while keeping the rc file a little cleaner.
OK?
martijn@
Index: Makefile
===================================================================
RCS file: /cvs/ports/telephony/coturn/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- Makefile 30 Aug 2024 19:16:43 -0000 1.18
+++ Makefile 12 Dec 2024 14:33:19 -0000
@@ -1,8 +1,9 @@
COMMENT = coturn STUN/TURN server
-V = 4.5.2
-DISTNAME = turnserver-${V}
-REVISION = 5
+V = 4.6.3-r0
+DISTFILES = ${V}.tar.gz
+DISTNAME = coturn-docker-${V}
+PKGNAME = turnserver-${V:S/-/./}
CATEGORIES = telephony
@@ -15,7 +16,7 @@ WANTLIB += c crypto event_core event_ext
WANTLIB += hiredis intl mariadb pq pthread sqlite3 ssl m z
PORTROACH = site:https://github.com/coturn/coturn/releases/
-SITES = https://coturn.net/turnserver/v${V}/
+SITES = https://github.com/coturn/coturn/archive/refs/tags/docker/
LIB_DEPENDS = databases/mariadb \
databases/postgresql \
Index: distinfo
===================================================================
RCS file: /cvs/ports/telephony/coturn/distinfo,v
retrieving revision 1.5
diff -u -p -r1.5 distinfo
--- distinfo 30 Apr 2021 07:52:33 -0000 1.5
+++ distinfo 12 Dec 2024 14:33:19 -0000
@@ -1,2 +1,2 @@
-SHA256 (turnserver-4.5.2.tar.gz) = HL74jNSrDeDU1wEfTn6vOaNEtIXponLzBV61PdMDtuE=
-SIZE (turnserver-4.5.2.tar.gz) = 444865
+SHA256 (4.6.3-r0.tar.gz) = yIFrwM9YQT5Y6r8EDtTCHp8kHKk6cEVja1Dow0BsTrk=
+SIZE (4.6.3-r0.tar.gz) = 535329
Index: patches/patch-src_apps_common_apputils_c
===================================================================
RCS file: patches/patch-src_apps_common_apputils_c
diff -N patches/patch-src_apps_common_apputils_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_apps_common_apputils_c 12 Dec 2024 14:33:19 -0000
@@ -0,0 +1,12 @@
+Index: src/apps/common/apputils.c
+--- src/apps/common/apputils.c.orig
++++ src/apps/common/apputils.c
+@@ -1179,7 +1179,7 @@ char *find_config_file(const char *config_file) {
+ /////////////////// SYS SETTINGS ///////////////////////
+
+ void ignore_sigpipe(void) {
+-#if defined(__linux__) || defined(__APPLE__)
++#if defined(__linux__) || defined(__APPLE__) || defined(__OpenBSD__)
+ /* Ignore SIGPIPE from TCP sockets */
+ if (signal(SIGPIPE, SIG_IGN) == SIG_ERR) {
+ perror("Cannot set SIGPIPE handler");
Index: patches/patch-src_apps_relay_mainrelay_c
===================================================================
RCS file: /cvs/ports/telephony/coturn/patches/patch-src_apps_relay_mainrelay_c,v
retrieving revision 1.2
diff -u -p -r1.2 patch-src_apps_relay_mainrelay_c
--- patches/patch-src_apps_relay_mainrelay_c 11 Mar 2022 19:58:30 -0000 1.2
+++ patches/patch-src_apps_relay_mainrelay_c 12 Dec 2024 14:33:19 -0000
@@ -1,33 +1,44 @@
+Don't create a default pidfile
+
Use accessors instead of reaching into DH to fix build with opaque DH
in LibreSSL 3.5
Index: src/apps/relay/mainrelay.c
--- src/apps/relay/mainrelay.c.orig
+++ src/apps/relay/mainrelay.c
-@@ -2710,7 +2710,7 @@ static DH *get_dh566(void) {
+@@ -126,7 +126,7 @@ turn_params_t turn_params = {
+
+ 0, /* do_not_use_config_file */
+
+- "/var/run/turnserver.pid", /* pidfile */
++ "", /* pidfile */
+ "", /* acme_redirect */
- if ((dh = DH_new()) == NULL )
- return (NULL );
+ //////////////// Listener server /////////////////
+@@ -3504,7 +3504,7 @@ static DH *get_dh566(void) {
+ if ((dh = DH_new()) == NULL) {
+ return (NULL);
+ }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- dh->p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL );
- dh->g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL );
- if ((dh->p == NULL )|| (dh->g == NULL)){ DH_free(dh); return(NULL);}
-@@ -2748,7 +2748,7 @@ static DH *get_dh1066(void) {
-
- if ((dh = DH_new()) == NULL )
- return (NULL );
+ dh->p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL);
+ dh->g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+@@ -3541,7 +3541,7 @@ static DH *get_dh1066(void) {
+ if ((dh = DH_new()) == NULL) {
+ return (NULL);
+ }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- dh->p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL );
- dh->g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL );
- if ((dh->p == NULL )|| (dh->g == NULL)){ DH_free(dh); return(NULL);}
-@@ -2799,7 +2799,7 @@ static DH *get_dh2066(void) {
-
- if ((dh = DH_new()) == NULL )
- return (NULL );
+ dh->p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL);
+ dh->g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL)) {
+@@ -3587,7 +3587,7 @@ static DH *get_dh2066(void) {
+ if ((dh = DH_new()) == NULL) {
+ return (NULL);
+ }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- dh->p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL );
- dh->g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL );
- if ((dh->p == NULL )|| (dh->g == NULL)){ DH_free(dh); return(NULL);}
+ dh->p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL);
+ dh->g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL);
+ if ((dh->p == NULL) || (dh->g == NULL)) {
Index: patches/patch-src_apps_relay_ns_ioalib_engine_impl_c
===================================================================
RCS file: patches/patch-src_apps_relay_ns_ioalib_engine_impl_c
diff -N patches/patch-src_apps_relay_ns_ioalib_engine_impl_c
--- patches/patch-src_apps_relay_ns_ioalib_engine_impl_c 11 Mar 2022 19:58:30
-0000 1.2
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,23 +0,0 @@
-Do not leak rbio and use SSL_set0_rbio()
-
-Index: src/apps/relay/ns_ioalib_engine_impl.c
---- src/apps/relay/ns_ioalib_engine_impl.c.orig
-+++ src/apps/relay/ns_ioalib_engine_impl.c
-@@ -1833,7 +1833,7 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network
- BIO* rbio = BIO_new_mem_buf(buffer, old_buffer_len);
- BIO_set_mem_eof_return(rbio, -1);
-
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- ssl->rbio = rbio;
- #else
- SSL_set0_rbio(ssl,rbio);
-@@ -1928,7 +1928,7 @@ int ssl_read(evutil_socket_t fd, SSL* ssl, ioa_network
- if(ret>0) {
- ioa_network_buffer_add_offset_size(nbh, (uint16_t)buf_size, 0, (size_t)ret);
- }
--#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
- ssl->rbio = NULL;
- BIO_free(rbio);
- #else
Index: pkg/turnserver.rc
===================================================================
RCS file: /cvs/ports/telephony/coturn/pkg/turnserver.rc,v
retrieving revision 1.4
diff -u -p -r1.4 turnserver.rc
--- pkg/turnserver.rc 13 Mar 2023 11:12:38 -0000 1.4
+++ pkg/turnserver.rc 12 Dec 2024 14:33:19 -0000
@@ -1,15 +1,10 @@
#!/bin/ksh
daemon="${TRUEPREFIX}/bin/turnserver --daemon"
-daemon_flags="--pidfile=/var/run/turnserver/turnserver.pid"
daemon_user="_turnserver"
. /etc/rc.d/rc.subr
rc_reload=NO
-
-rc_pre() {
- install -d -o ${daemon_user} /var/run/turnserver
-}
rc_cmd $1
