Debian Bug report logs - #537272
siproxd: FTBFS on kfreebsd-amd64 (outdated libtool)

version graph

Package: siproxd; Maintainer for siproxd is Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>; Source for siproxd is src:siproxd.

Reported by: Petr Salinger <Petr.Salinger@seznam.cz>

Date: Thu, 16 Jul 2009 16:00:02 UTC

Severity: important

Tags: patch

Found in version siproxd/1:0.7.1-2

Fixed in version siproxd/1:0.8.1-1

Done: Mark Purcell <msp@debian.org>

Bug is archived. No further changes may be made.

Forwarded to Thomas Ries <tries@gmx.net>

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>:
Bug#537272; Package siproxd. (Thu, 16 Jul 2009 16:00:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Petr Salinger <Petr.Salinger@seznam.cz>:
New Bug report received and forwarded. Copy sent to Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>. (Thu, 16 Jul 2009 16:00:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Petr Salinger <Petr.Salinger@seznam.cz>
To: submit@bugs.debian.org
Subject: siproxd: FTBFS on kfreebsd-amd64 (outdated libtool)
Date: Thu, 16 Jul 2009 18:22:48 +0200 (CEST)
Package: siproxd
Severity: important
Version: 1:0.7.1-2
Tags: patch
User: glibc-bsd-devel@lists.alioth.debian.org
Usertags: kfreebsd


Hi,

the current version fails to build on kfreebsd-amd64.

It is due to outdated libtool, libtool 1.5.2-1 or later is need.
Please apply patch bellow and after that run:

  sh autogen.sh

It would also be nice if you can ask upstream to update libtool
in their next release.

Thanks in advance

                         Petr

--- autogen.sh
+++ autogen.sh
@@ -9,6 +9,6 @@
 set -e
 aclocal
 autoheader
-libtoolize --ltdl --copy
+libtoolize --ltdl --copy --force
 automake --add-missing --copy
 autoconf





Reply sent to Mark Purcell <msp@debian.org>:
You have marked Bug as forwarded. (Fri, 19 Feb 2010 22:42:06 GMT) Full text and rfc822 format available.

Message #8 received at 537272-forwarded@bugs.debian.org (full text, mbox):

From: Mark Purcell <msp@debian.org>
To: Thomas Ries <tries@gmx.net>
Cc: Petr Salinger <Petr.Salinger@seznam.cz>, 537272-forwarded@bugs.debian.org
Subject: Fwd: Bug#537272: siproxd: FTBFS on kfreebsd-amd64 (outdated libtool)
Date: Fri, 19 Feb 2010 23:40:42 +0100
[Message part 1 (text/plain, inline)]
Thomas,

Another issue, building on kfreebsd-amd64 this time.

Apparently your shipped libtool is quite old. 

Would you be able to update with the next release of siproxd?

Thanks,
Mark

----------  Forwarded Message  ----------

Subject: Bug#537272: siproxd: FTBFS on kfreebsd-amd64 (outdated libtool)
Date: Friday 17 July 2009
From: Petr Salinger <Petr.Salinger@seznam.cz>
To: submit@bugs.debian.org

Package: siproxd
Severity: important
Version: 1:0.7.1-2
Tags: patch
User: glibc-bsd-devel@lists.alioth.debian.org
Usertags: kfreebsd


Hi,

the current version fails to build on kfreebsd-amd64.

It is due to outdated libtool, libtool 1.5.2-1 or later is need.
Please apply patch bellow and after that run:

   sh autogen.sh

It would also be nice if you can ask upstream to update libtool
in their next release.

Thanks in advance

                          Petr

--- autogen.sh
+++ autogen.sh
@@ -9,6 +9,6 @@
  set -e
  aclocal
  autoheader
-libtoolize --ltdl --copy
+libtoolize --ltdl --copy --force
  automake --add-missing --copy
  autoconf






-------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]

Message #9 received at 537272-forwarded@bugs.debian.org (full text, mbox):

From: Thomas Ries <tries@gmx.net>
To: Mark Purcell <msp@debian.org>
Cc: Petr Salinger <Petr.Salinger@seznam.cz>, 537272-forwarded@bugs.debian.org, Michael Gilbert <michael.s.gilbert@gmail.com>, 559827-forwarded@bugs.debian.org
Subject: siproxd: Bug#537272: FTBFS on kfreebsd-amd64 / Bug#559827: CVE-2009-3736
Date: Sat, 20 Feb 2010 01:21:56 +0100 (CET)
[Message part 1 (text/plain, INLINE)]
Hello Mark,

The libtoolincluded with siproxd has been upgraded and hopefully it
should build now on kfreebsd-amd64.

Concerning CVE-2009-3736:
./configure has been changed and checks for the existence of an
*installed* version of libltdl first. The supplied convenience version
of libltdl is only used as fallback if no installed libltdl is found.


Would you mind to check the latest snapshot and tell me if it is ok?

http://siproxd.tuxworld.ch/siproxd-20Feb2010.tar.gz


I'll see to get release out during the next days or week.

Regards,
/Thomas
[Message part 2 (application/pgp-signature, inline)]

Message #10 received at 537272-forwarded@bugs.debian.org (full text, mbox):

From: Mark Purcell <msp@debian.org>
To: Thomas Ries <tries@gmx.net>
Cc: Petr Salinger <Petr.Salinger@seznam.cz>, 537272-forwarded@bugs.debian.org, Michael Gilbert <michael.s.gilbert@gmail.com>, 559827-forwarded@bugs.debian.org
Subject: Re: siproxd: Bug#537272: FTBFS on kfreebsd-amd64 / Bug#559827: CVE-2009-3736
Date: Sat, 20 Feb 2010 19:46:21 +1100
[Message part 1 (text/plain, inline)]
On Saturday 20 February 2010 11:21:56 Thomas Ries wrote:
> Hello Mark,

Thomas,

Thanks for turning around so quickly.

> The libtoolincluded with siproxd has been upgraded and hopefully it
> should build now on kfreebsd-amd64.

Great, looks good.

> Concerning CVE-2009-3736:
> ./configure has been changed and checks for the existence of an
> *installed* version of libltdl first. The supplied convenience version
> of libltdl is only used as fallback if no installed libltdl is found.

It does detect installed libltdl, but tries to use the convenience copy a 
bit further during the build process:

/bin/sh ../libtool --tag=CC   --mode=link gcc -Wall -D_GNU_SOURCE -DBUILDSTR="\"`cat .buildno`\"" -g -O2 -pthread -D_POSIX_THREAD_SAFE_FUNCTIONS -export-dynamic  -o siproxd siproxd.o proxy.o register.o sock.o utils.o sip_utils.o sip_layer.o log.o readconf.o rtpproxy.o rtpproxy_relay.o accessctl.o route_processing.o security.o auth.o fwapi.o resolve.o dejitter.o plugins.o ../libltdl/libltdlc.la -dlopen plugin_demo.la -dlopen plugin_shortdial.la -dlopen plugin_logcall.la -dlopen plugin_defaulttarget.la -dlopen plugin_fix_bogus_via.la -dlopen plugin_stun.la -lresolv -lresolv -losipparser2 -losip2   -lltdl
libtool: link: cannot find the library `../libltdl/libltdlc.la' or unhandled argument `../libltdl/libltdlc.la'
make[2]: *** [siproxd] Error 1
make[2]: Leaving directory `/home/mark/src/pkg-voip/build-area/siproxd-0.7.2+20Feb2010/src'

> Would you mind to check the latest snapshot and tell me if it is ok?
> 
> http://siproxd.tuxworld.ch/siproxd-20Feb2010.tar.gz

Happy to test..

> I'll see to get release out during the next days or week.

That would be great!

Mark
[signature.asc (application/pgp-signature, inline)]

Message #11 received at 537272-forwarded@bugs.debian.org (full text, mbox):

From: Thomas Ries <tries@gmx.net>
To: Siproxd-users <siproxd-users@lists.sourceforge.net>
Cc: Mark Purcell <msp@debian.org>, Petr Salinger <Petr.Salinger@seznam.cz>, 537272-forwarded@bugs.debian.org, Michael Gilbert <michael.s.gilbert@gmail.com>, 559827-forwarded@bugs.debian.org
Subject: New siproxd release 0.8.0
Date: Sun, 28 Feb 2010 20:22:59 +0100 (CET)
[Message part 1 (text/plain, INLINE)]
This release fixes CVE-2009-3736, includes a better handling of symmetric RTP 
and provides support for the UPDATE method. Everybody, please move ahead to this 
version.

CVE-2009-3736: Local privilege escalation:
Siproxd does include a so called convenience copy of libldtl. Recently a 
local privilege escalation issue has been found and reported:

"ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, attempts 
to open a .la file in the current working directory, which allows local users 
to gain privileges via a Trojan horse file."

Find out more about CVE-2009-3736 from MITRE CVE:
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3736>

Two measures have been implemented with siproxd:
- Siproxd does use a system provided libltdl, if available. The included 
convenienve copy will only be used as a fallback if no libltdl is provided 
on the building host.
- The included convenience copy in the siproxd package has been updated to 
a version that has this issue fixed.


Release Notes for siproxd-0.8.0
===============================

Major changes since 0.7.2:
 - CVE-2009-3736: use libltdl on host if existing and fall 
   back using convenienve libltdl (with a config warning)
 - updated libtool version
 - Support for UPDATE (RFC3311)
 - Basic TCP support for SIP signalling
 - Better handling of symmetric RTP
 - STUN plugin to determine the public (outbound) IP address

Upgrade Notes 0.7.2 to 0.8.0:
 - Merge the configuration file

General Overview:
 - SIP (RFC3261) Proxy for SIP based softphones hidden behind a
   masquerading firewall
 - Support for PRACK messages (RFC3262)
 - Support for UPDATE messages (RFC3311)
 - SIP UDP and TCP supported
 - Works with "dial-up" conenctions (dynamic IP addresses)
 - Multiple local users/hosts can be masqueraded simultaneously
 - Access control (IP based) for incoming traffic
 - Proxy Authentication for registration of local clients (User Agents)
   with individual passwords for each user
 - May be used as pure Outbound proxy (registration of local UAs
   to a 3rd party registrar)
 - Fli4l OPT_SIP (still experimental) available, check
   http://home.arcor.de/jsffm/fli4l/
 - runs on various operating systems (see below)
 - Full duplex RTP data stream proxy for *incoming* and *outgoing*
   audio data - no firewall masquerading entries needed
 - Port range to be used for RTP traffic is configurable
   (-> easy to set up apropriate firewall rules for RTP traffic)
 - RTP proxy can handle multiple RTP streams (eg. audio + video)
   within a single SIP session.
 - Symmetric RTP support
 - Symmetric SIP signalling support
 - Supports running in a chroot jail and changing user-ID after startup
 - All configuration done via one simple ascii configuration file
 - Logging to syslog in daemon mode
 - RPM package (Spec file)
 - The host part of UA registration entries can be masqueraded
   (mask_host, masked_host config items). Some Siemens SIP phones seem to
   need this 'feature'.
 - Provider specific outbound proxies can be configured
 - Can run "in front of" a NAT router.(in the local LAN segment)
 - supports "Short-Dials"
 - configurable RFC3581 (rport) support for sent SIP packets

Requirements:
 - pthreads (Linux)
 - glibc2 / libc5 / uClibc
 - libosip2 (3.x.x)

Mainly tested on:
- CentOS 5, 32bit Linux 
  This is my main development and testing environment. Other platforms
  are not extensively tested.

Builds on (tested by dev-team or reported to build):
- Linux:	Fedora
		CentOS/RedHat
(		Fedora 64bit		)*
(		WRT54g (133mhz mipsel router))*
(- FreeBSD:	FreeBSD 4.10-BETA	)*
(- OpenBSD:	OpenBSD 3.4 GENERIC#18	)*
(- SunOS:	SunOS 5.9		)*
(- Mac OS X:	Darwin 6.8		)*

* Note: As the compile farm of sourceforge.net has been discontinued our
        building test possibilities are now very limited. Currently
        no explicit testing for systems/distributions other than
        Fedora/CentOS (x86 architecture) is made. We'll be looking into
        possibilities to perform some broader testing in future.
        Of course, external help will be welcome :-)

Reported interoperability with softphones:
 - Grandstream BudgeTone-100 series
 - Linphone (local and remote UA) (http://www.linphone.org)
 - Kphone (local and remote UA) (http://www.wirlab.net/kphone/)
 - MSN messenger 4.6 (remote and local UA)
 - X-Lite (Win XP Professional)
 - SJPhone softphone
 - Asterisk PBX (using a SIP Trunk, masqueraded via siproxd)
 - Ekiga
 - FreePBX

Reported interoperability with SIP service providers:
 - Sipphone	(http://www.sipphone.com)
 - Sipgate	(http://www.sipgate.de)
 - Stanaphone	(SIP Gateway to PSTN)
 - Sipcall.ch	(Swiss VoIP provider)
 - Ekiga
 - Gizmo	(actually sipphone.com)


 If you have siproxd successfully running with another SIP phone
 and/or service provider, please drop me a short note so I can update
 the list.

Known interoperability issues with SIP service providers:
 - callcentric.com	(afaik callcentric fails with "500 network failure"
 			during REGISTER if more than one Via header is
			present in a SIP packet. Having multiple Via headers
			is completely in compliance with RFC3261. This might
			be related to their "NAT problem avoidance magic".
			There is nothing that can be done within siproxd
			to avoid this issue as callcentric does not comply
			with the SIP specification.

 - asterisk PBX		Asterisk has an issue finding the proper peer
			if multiple peers originate from the same IP/port
			tuple (a is the case if multiple phones are proxied
			via siproxd to the same asterisk instance).
			This is caused by the SIP implementation in 
			asterisk (chan_sip).
			Note: This seems to be no longer valid with
			      asterisk version 1.6 and up.


Known bugs:
   - SRV DNS records are not yet looked up, only A records
   There will be more for sure...

If you port siproxd to a new platform or do other kinds of changes
or bugfixes that might be of general interest, please drop me a
line. Also if you intend to include siproxd into a software
distribution I'd be happy to get a short notice.


-----
Signatures for siproxd-0.8.0.tar.gz archive:
MD5 Hash:	a39bc2a06a1c9abb6118ca3482e98f3c
SHA-256 Hash:	1a0306dbf5dd65f2c6d779bd449cbabba8c1a4cc79ca034e9cc83836c60f8542

GnuPG signature:
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBLirh2B2xLpFxU+GURAtm5AJ9re2s9XG5N2zeA8V+jRmy1CdBTOgCffchn
huYlFw+MwcBhyBFUbhvewpU=
=cl+h
-----END PGP SIGNATURE-----


GnuPG: pub  1024D/87BCDC94 2000-03-19 Thomas Ries (tries at gmx.net)
-      Fingerprint = 13D1 19F5 77D0 4CEC 8D3F  A24E 09FC C18A 87BC DC94
-      Key via pgp.openpkg.org / http://www.ries.ch.vu/87BCDC94.pub
VoIP:  sip:17476691342@proxy01.sipphone.com | sip:431783@fwd.pulver.com

[Message part 2 (application/pgp-signature, inline)]

Added tag(s) pending. Request was from Mark Purcell <msp@debian.org> to control@bugs.debian.org. (Mon, 01 Mar 2010 04:00:04 GMT) Full text and rfc822 format available.

Reply sent to Mark Purcell <msp@debian.org>:
You have taken responsibility. (Sun, 22 Jan 2012 07:51:03 GMT) Full text and rfc822 format available.

Notification sent to Petr Salinger <Petr.Salinger@seznam.cz>:
Bug acknowledged by developer. (Sun, 22 Jan 2012 07:51:04 GMT) Full text and rfc822 format available.

Message #18 received at 537272-close@bugs.debian.org (full text, mbox):

From: Mark Purcell <msp@debian.org>
To: 537272-close@bugs.debian.org
Subject: Bug#537272: fixed in siproxd 1:0.8.1-1
Date: Sun, 22 Jan 2012 07:48:21 +0000
Source: siproxd
Source-Version: 1:0.8.1-1

We believe that the bug you reported is fixed in the latest version of
siproxd, which is due to be installed in the Debian FTP archive:

siproxd_0.8.1-1.diff.gz
  to main/s/siproxd/siproxd_0.8.1-1.diff.gz
siproxd_0.8.1-1.dsc
  to main/s/siproxd/siproxd_0.8.1-1.dsc
siproxd_0.8.1-1_amd64.deb
  to main/s/siproxd/siproxd_0.8.1-1_amd64.deb
siproxd_0.8.1.orig.tar.gz
  to main/s/siproxd/siproxd_0.8.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 537272@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mark Purcell <msp@debian.org> (supplier of updated siproxd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 22 Jan 2012 18:18:21 +1100
Source: siproxd
Binary: siproxd
Architecture: source amd64
Version: 1:0.8.1-1
Distribution: unstable
Urgency: low
Maintainer: Debian VoIP Team <pkg-voip-maintainers@lists.alioth.debian.org>
Changed-By: Mark Purcell <msp@debian.org>
Description: 
 siproxd    - SIP proxy/redirect/registrar
Closes: 537272 559827
Changes: 
 siproxd (1:0.8.1-1) unstable; urgency=low
 .
   * New upstream release
     - fixes CVE-2009-3736 local privilege esclation (Closes: #559827)
     - fixed embedded libltdl convenience copy
     - Updated libtool (Closes: #537272)
 .
   * Add init.d-script-missing-dependency-on-remote_fs
   * Fix package-lacks-versioned-build-depends-on-debhelper
 .
   * BUG: FTBFS with system provided libltdl-dev
     - Better to ship with libltdl convenience copy - addressing CVE-2009-3736
     - lintian error embedded-library
     - Build-Conflcits libltdl-dev
     - TODO: Fix plugins.c:65: undefined reference to
       `lt__PROGRAM__LTX_preloaded_symbols'
     - Added debian/siproxd.lintian-overrides
Checksums-Sha1: 
 a3d2832dd7b8131eecee43e90e7dca4e427113f0 1451 siproxd_0.8.1-1.dsc
 6226ee04b6f0080bb323cb7364ed758d1cbcbba1 833170 siproxd_0.8.1.orig.tar.gz
 04ec1ba233314965d12622ace6bb88788bc38116 8315 siproxd_0.8.1-1.diff.gz
 b2acbef3204f9662cafd5ea59a66588c4364398a 567106 siproxd_0.8.1-1_amd64.deb
Checksums-Sha256: 
 7482f359e25a1bdaad93d512072b44982d2a9ef66fc7becba4de54609c1da5ab 1451 siproxd_0.8.1-1.dsc
 df2df04faf5bdb4980cbdfd5516a47898fc47ca1ebc2c628aa48305b20a09dad 833170 siproxd_0.8.1.orig.tar.gz
 3b0f5b7ebf9979742ecd085b45c8aba35fa2c491b9fb1e9f7ee572328506a2bc 8315 siproxd_0.8.1-1.diff.gz
 c6fac193370a99a3f6d45efe6772962fc581a0f04225bab4cc5261062a7972d9 567106 siproxd_0.8.1-1_amd64.deb
Files: 
 bcab50a4d31d4bd19ccc4bb5e37c5fcb 1451 net optional siproxd_0.8.1-1.dsc
 1a6f9d13aeb2d650375c9a346ac6cbaf 833170 net optional siproxd_0.8.1.orig.tar.gz
 10a856ec336afc63defdc55c5878735e 8315 net optional siproxd_0.8.1-1.diff.gz
 fd320e991997c7c791ba7c53dd6a3c2f 567106 net optional siproxd_0.8.1-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8bui8ACgkQoCzanz0IthKwcwCgiKi9bQNjqwyyUdrfyKfncOE6
KK4An3c0BvwrMUuYZGz0EgfCGks4jUZY
=5Hgy
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 20 Feb 2012 07:42:26 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 14:29:07 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.