ring (20210112.2.b757bac~ds1-1+deb11u1) bullseye-security; urgency=medium * Non-maintainer upload by the LTS team. * d/gbp.conf: set debian-branch * d/.gitlab-ci.yml: add CI setup * CVE-2021-32686 The embedded copy of pjproject is affected by this CVE. A race condition between callback and destroy, due to the accepted socket having no group lock. Additionally, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. * CVE-2021-37706 The embedded copy of pjproject is affected by this CVE. If the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim's network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. * CVE-2021-43299, CVE-2021-43300, CVE-2021-43301, CVE-2021-43302 and CVE-2021-43303 The embedded copy of pjproject is affected by these CVEs. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. * CVE-2021-43804 The embedded copy of pjproject is affected by this CVE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. * CVE-2021-43845 The embedded copy of pjproject is affected by this CVE. If incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. * CVE-2022-21722 The embedded copy of pjproject is affected by this CVE. There are various cases where it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. * CVE-2022-21723 The embedded copy of pjproject is affected by this CVE. Parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. * CVE-2022-23537 The embedded copy of pjproject is affected by this CVE. Buffer overread is possible when parsing a specially crafted STUN message with unknown attribute. * CVE-2022-23547 The embedded copy of pjproject is affected by this CVE. Possible buffer overread when parsing a certain STUN message. * CVE-2022-23608 The embedded copy of pjproject is affected by this CVE. When in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. * CVE-2022-24754 The embedded copy of pjproject is affected by this CVE. There is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials (credentials with data_type `PJSIP_CRED_DATA_DIGEST`). * CVE-2022-24763 The embedded copy of pjproject is affected by this CVE. A denial-of-service vulnerability affects PJSIP users that consume PJSIP's XML parsing in their apps. * CVE-2022-24764 The embedded copy of pjproject is affected by this CVE. A stack buffer overflow vulnerability affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. * CVE-2022-24793 The embedded copy of pjproject is affected by this CVE. A buffer overflow vulnerability in affects applications that use PJSIP DNS resolution. * CVE-2022-31031 The embedded copy of pjproject is affected by this CVE. A stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. * CVE-2022-39244.patch The embedded copy of pjproject is affected by this CVE. The PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. * CVE-2023-27585 The embedded copy of pjproject is affected by this CVE. A buffer overflow vulnerability affects applications that use PJSIP DNS resolver. -- Roberto C. Sánchez Thu, 12 Sep 2024 20:14:43 -0400 ring (20210112.2.b757bac~ds1-1) unstable; urgency=medium [ Alexandre Viau ] * New upstream snapshot. * d/copyright: ignore ONNX Runtime. [ Thorsten Alteholz ] * CVE-2020-15260 (Closes: #986815) Adding remote hostname authentication when reusing transport connections to the same IP address. * CVE-2021-21375 The embedded copy of pjproject is affected by this CVE. Due to bad handling of two consecutive crafted answers to an INVITE, the attacker is able to crash the server resulting in a denial of service. [ Amin Bandali ] * d/patches: add upstream patch for fixing SIP calls to zoom. (Closes: #980571) * d/patches: add patch for improving the appstream description. [ Bruno Kleinert ] * d/control: improve package description. (Closes: #979492) -- Alexandre Viau Sun, 17 Jan 2021 16:39:58 -0500 ring (20210104.4.dda80df~ds1-1) unstable; urgency=medium * New upstream changelog. -- Alexandre Viau Wed, 06 Jan 2021 11:51:21 -0500 ring (20201217.1.80217fa~ds1-2) unstable; urgency=medium [ Alexandre Viau ] * d/rules: remove transitional ring packages. * d/rules: Rules-Requires-Root: no. [ Amin Bandali ] * d/compat: bump debhelper compat level up to 10. * d/control: remove autotools-dev from Build-Depends (not needed as of debhelper >= 10). * d/rules: add --without autoreconf, needed as of debhelper >= 10. * d/control: bump Standards-Version up to 4.5.1. * d/copyright: update SFL's copyright years for some entries, update the Files path for several entries with moved or removed files, and add entry for client-gnome/jami-gnome.appdata.xml with License: CC-BY-SA-3.0 along with a copy of the license. * d/source/lintian-overrides: remove seemingly unused lintian source-is-missing override override. -- Alexandre Viau Sun, 20 Dec 2020 15:47:25 -0500 ring (20201217.1.80217fa~ds1-1) unstable; urgency=medium * d/copyright: Exclude libarchive and opencv. * Refresh dont-build-gnutls.patch. * Refresh jsoncpp-rename.patch. * d/rules: --disable-libarchive + add dependency. -- Alexandre Viau Sun, 20 Dec 2020 12:41:50 -0500 ring (20191214.1.07edb5e~ds1-1) unstable; urgency=medium [ Alexandre Viau ] * New upstream version. (Closes: #959510) * d/watch: ring.cx -> jami.net. * d/watch: expect jami_ prefix. * d/copyright: ignore new vendored libraries. * Remove deprecated namedirectory-old-restbed.patch. * Refresh dont-build-gnutls.patch. * Refresh jsoncpp-rename.patch. * d/rules: disable build for - asio - restinio - fmt - http_parser * d/control: depend on libfmt-dev. * d/control: depend on libhttp-parser-dev. * d/control: depend on libopendht-dev >= 2.1.1. * d/source: add lintian overrides for source-is-missing. [ Amin Bandali ] * Fix OpenDHT build. (Closes: #961837) * Fix FTBFS. (Closes: #957766) * d/rules: use clean in lrc Makefile. * Change ring.cx references to Jami. [ Petter Reinholdtsen ] * d/watch: Updated version and URL path based on patch from Amy Kos. -- Alexandre Viau Tue, 13 Oct 2020 12:22:05 -0400 ring (20190215.1.f152c98~ds1-1) unstable; urgency=medium * New upstream version. * Refresh patches. -- Alexandre Viau Mon, 18 Feb 2019 22:46:25 -0500 ring (20190110.1.e572469~ds1-1) unstable; urgency=medium * New upstream version. -- Alexandre Viau Mon, 14 Jan 2019 10:23:11 -0500 ring (20190101.3.5315d84~ds1-2) unstable; urgency=medium * Remove unused libsrtp dependency. (Closes: 918543) -- Alexandre Viau Mon, 14 Jan 2019 10:08:09 -0500 ring (20190101.3.5315d84~ds1-1) unstable; urgency=medium * New upstream version. * Rename binary packages to jami. Upstream has not fully completed the transition yet and there are still things that use the Ring name. However, this is a step in the right direction. -- Alexandre Viau Sat, 05 Jan 2019 21:53:29 -0500 ring (20181001.4.a99aaec~ds6-2) unstable; urgency=medium * Build with LFS. (Closes: #913186) -- Alexandre Viau Thu, 08 Nov 2018 13:02:52 -0500 ring (20181001.4.a99aaec~ds6-1) unstable; urgency=medium * Exclude graddle jar. -- Alexandre Viau Thu, 08 Nov 2018 11:55:47 -0500 ring (20181001.4.a99aaec~ds5-1) unstable; urgency=medium * New upstream version. -- Alexandre Viau Thu, 08 Nov 2018 11:46:08 -0500 ring (20180816.2.e26b79f~ds1-3) unstable; urgency=medium * New upstream version. -- Alexandre Viau Thu, 23 Aug 2018 19:43:53 -0400 ring (20180712.2.f3b87a6~ds1-2) unstable; urgency=medium * No longer depend on boost. (Closes: #904498) -- Alexandre Viau Thu, 23 Aug 2018 16:08:06 -0400 ring (20180712.2.f3b87a6~ds1-1) unstable; urgency=medium * New upstream version. -- Alexandre Viau Tue, 17 Jul 2018 18:25:52 -0400 ring (20180625.1.8dd3bf1~ds1-1) unstable; urgency=medium * Document build requirements. (Closes: #896648) * d/rules: --disable-upnp. -- Alexandre Viau Tue, 26 Jun 2018 18:04:49 -0400 ring (20180419.1.01da897~ds1-1) unstable; urgency=medium * New upstream version. * Switch to Ayatana AppIndicator. (Closes: #894651) -- Alexandre Viau Thu, 19 Apr 2018 14:01:32 -0400 ring (20180414.2.2c51f89~ds1-1) unstable; urgency=medium * New upstream version. * d/copyright: ignore contrib/portable* * Build-Depend on libssl-dev. -- Alexandre Viau Thu, 19 Apr 2018 10:55:00 -0400 ring (20180228.1.503da2b~ds1-1) unstable; urgency=medium * New upstream version. -- Alexandre Viau Wed, 28 Feb 2018 12:19:23 -0500 ring (20180222.1.7bffde2~ds2-2) unstable; urgency=medium * Depend on libqt5sql5-sqlite (Closes: #891460) -- Alexandre Viau Tue, 27 Feb 2018 01:43:36 -0500 ring (20180222.1.7bffde2~ds2-1) unstable; urgency=medium * New upstream version. * d/copyright: exclude vendored kashmir. * Exclude pjsip-apps from tarball. * Depend on opendht >= 1.6.0. * d/copyright: fix insecure-copyright-format-uri. * d/copyright: remove unused sections. -- Alexandre Viau Tue, 27 Feb 2018 01:33:04 -0500 ring (20180119.1.9e06f94~ds1-3) unstable; urgency=medium * Cleanup d/changelog. * Build msgpack-c v2 API. -- Alexandre Viau Thu, 01 Feb 2018 17:49:53 +0000 ring (20180119.1.9e06f94~ds1-2) unstable; urgency=medium * Build with gcc-7. (Closes: #853642) -- Alexandre Viau Thu, 01 Feb 2018 01:00:59 -0500 ring (20180119.1.9e06f94~ds1-1) unstable; urgency=medium * New upstream snapshot. * Don't depend on libwebkit2gtk-3.0-dev. (Closes: #871962) * Depend on libcanberra-gtk3-dev. * Move to libnm. (Closes: #862764) -- Alexandre Viau Fri, 26 Jan 2018 10:28:47 -0500 ring (20171129.2.cf5bbff~ds1-2) unstable; urgency=medium * Move to salsa.debian.org -- Alexandre Viau Thu, 28 Dec 2017 16:54:31 -0500 ring (20171129.2.cf5bbff~ds1-1) unstable; urgency=medium * New upstream release. (Closes: #882625) -- Alexandre Viau Mon, 04 Dec 2017 23:40:21 -0500 ring (20171024.1.eadbdeb~ds1-2) unstable; urgency=medium * Update to OpenDHT 1.5.1. (Closes: #882625) -- Alexandre Viau Sat, 25 Nov 2017 15:10:59 -0500 ring (20171024.1.eadbdeb~ds1-1) unstable; urgency=medium * New upstream release. * d/rules: disable dbus-cpp and secp256k1. * d/rules: build-depend on libsecp256k1-dev. * d/control: priority extra -> optional. -- Alexandre Viau Wed, 15 Nov 2017 21:22:02 -0500 ring (20170912.1.912f772~dfsg1-2) unstable; urgency=medium * Build using older msgpack-c API. (Closes: #866796) -- Alexandre Viau Wed, 04 Oct 2017 15:57:45 -0400 ring (20170912.1.912f772~dfsg1-1) unstable; urgency=medium * New upstream release. (Closes: #873010) -- Alexandre Viau Sat, 16 Sep 2017 15:27:06 -0400 ring (20170803.2.5fcfe3f~dfsg1-1) unstable; urgency=medium * New upstream release * Depend on libvdpau-dev * Use gcc-6 -- Alexandre Viau Fri, 04 Aug 2017 22:25:59 -0400 ring (20170720.2.5bf0a65~dfsg1-1) unstable; urgency=medium * New upstream release -- Alexandre Viau Wed, 26 Jul 2017 17:34:22 -0400 ring (20170626.1.1335994~dfsg1-1) unstable; urgency=medium * New upstream snapshot * d/copyright: exclude: - client-electron* - daemon/contrib/tarballs/argon2* * d/rules: --disable-gmp * d/rules: --disable-gnutls * Add dont-build-gnutls.patch * Bump Standards-Version to 4.0.0 -- Alexandre Viau Wed, 28 Jun 2017 01:16:21 -0400 ring (20170202.1.23df36f~dfsg2-1) unstable; urgency=medium * New upstream snapshot * d/copyright: exclude client-uwp/* * Remove triggers which were autogenerated * Depend on libopendht-dev >= 1.3.3 -- Alexandre Viau Thu, 02 Feb 2017 13:50:40 -0500 ring (20161221.2.7bd7d91~dfsg1-1) unstable; urgency=medium * New upstream snapshot -- Alexandre Viau Sun, 25 Dec 2016 23:42:25 -0500 ring (20161207.2.7a29ace~dfsg1-1) unstable; urgency=medium * New upstream snapshot * d/copyright: remove jquery section -- Alexandre Viau Thu, 08 Dec 2016 12:16:02 -0500 ring (20161116.1.e59aaa5~dfsg1-1) unstable; urgency=medium * New upstream snapshot * No longer leak system user by default (Closes: #843645) -- Alexandre Viau Mon, 21 Nov 2016 14:14:10 -0500 ring (20161107.1.0ac5fac~dfsg1-1) unstable; urgency=high * Urgency high because no Beta2 version has hit testing yet. * New upstream version. * Build with opendht-dev only. -- Alexandre Viau Tue, 08 Nov 2016 10:49:03 -0500 ring (20161104.4.17a0616~dfsg1-2) unstable; urgency=high * Fixed lintian override -- Alexandre Viau Sat, 05 Nov 2016 00:34:01 -0400 ring (20161104.4.17a0616~dfsg1-1) unstable; urgency=high * New upstream snapshot * Depend on libopendht-dev (>= 1.2.1~dfsg1-3) * Remove unneeded opendht-libs.patch * Parallelize contrib build * high urgency because of Beta2 release, which breaks backwards compatibility -- Alexandre Viau Fri, 04 Nov 2016 16:51:58 -0400 ring (20161103.1.60700d3~dfsg1-1) unstable; urgency=medium * d/copyright: exclude opendht * d/copyright: mention ringdht files * Daemon configure: disable many packages * Add dependencies: - librestbed-dev - libva-dev - libwebkit2gtk-4.0-dev - libopendht-dev - libasio-dev - libcrypto++-dev - libboost-system-dev - libboost-random-dev - opendht dependencies... * Refresh jsoncpp-rename.patch * d/copyright: - remove opendht section - mention new web files -- Alexandre Viau Thu, 03 Nov 2016 23:20:47 -0400 ring (20160901.1.204c604~dfsg2-2) unstable; urgency=medium * Daemon configure: -DGSETTINGS_LOCALCOMPILE=OFF -- Alexandre Viau Tue, 06 Sep 2016 14:21:10 -0400 ring (20160901.1.204c604~dfsg2-1) unstable; urgency=medium * Remove msgpack from the tarball * Added libmsgpack-dev dependency (>= 1.4.2) * d/copyright: Exclude restbed -- Alexandre Viau Tue, 06 Sep 2016 11:41:47 -0400 ring (20160818.1.eb4fbc8~dfsg1-2) unstable; urgency=medium * d/rules: Check for Makefile before distclean (Closes: #833926) -- Alexandre Viau Mon, 22 Aug 2016 11:40:25 -0400 ring (20160818.1.eb4fbc8~dfsg1-1) unstable; urgency=medium * New upstream version. * Daemon contrib: --disable-natpmp * Daemon configure: --disable-shared -- Alexandre Viau Mon, 22 Aug 2016 09:15:05 -0400 ring (20160804.3.dfb2548~dfsg1-1) unstable; urgency=medium * New upstream version. * Removed obsolete fix-sdesnegotiator-negotiate.patch. -- Alexandre Viau Wed, 10 Aug 2016 10:34:13 -0400 ring (20160729.2.7a7dbd6~dfsg1-2) unstable; urgency=high * Don't remove dring from /usr/lib -- Alexandre Viau Fri, 05 Aug 2016 09:52:23 -0400 ring (20160729.2.7a7dbd6~dfsg1-1) unstable; urgency=high * d/rules: bootstrap: use --no-checksums. * Remove deprecated dring-usr-bin.patch. * Backport Gerrit I0ef022486e00b5fef91d2552b83d57463282a683: - sdes: fix SdesNegotiator::negotiate() -- Alexandre Viau Wed, 27 Jul 2016 16:03:24 -0400 ring (20160726.1.da5343f~dfsg1-1) unstable; urgency=medium * New upstream version. * Removed unused dependencies: - libticonv-dev - chrpath - git-core * Re-order dependencies. * Stop using deprecated configure options. * Depend on libnm-glib-dev. * Remove check-for-gsm.patch, replaced by confiure option. -- Alexandre Viau Fri, 22 Jul 2016 12:00:44 -0400 ring (20160720.3.73cfbb9~dfsg1-5) unstable; urgency=medium * Move dring to /usr/bin. (Closes: #831978) -- Alexandre Viau Wed, 20 Jul 2016 19:05:07 -0400 ring (20160720.3.73cfbb9~dfsg1-4) unstable; urgency=medium * d/rules: build contrib with V=1 -- Alexandre Viau Wed, 20 Jul 2016 18:12:57 -0400 ring (20160720.3.73cfbb9~dfsg1-3) unstable; urgency=medium * Implement Petter Reinholdtsen's feedback: - d/rules: build with V=1 - d/rules: 'cd dir && make' -> 'make -C dir' -- Alexandre Viau Wed, 20 Jul 2016 17:40:19 -0400 ring (20160720.3.73cfbb9~dfsg1-2) unstable; urgency=medium * Build Dependencies: libappindicator-dev -> libappindicator3-dev -- Alexandre Viau Wed, 20 Jul 2016 15:31:06 -0400 ring (20160720.3.73cfbb9~dfsg1-1) unstable; urgency=medium * New upstream snapshot: - Closes: #831339 * Build Dependencies: - re-organize order - +libappindicator-dev * Build lrc with debug symbols. * README.Debian: updated tarballs location url. * d/rules: pass --disable-downloads to bootstrap script. -- Alexandre Viau Wed, 20 Jul 2016 12:59:19 -0400 ring (20160712.1.66bea8b~dfsg1-1) unstable; urgency=medium * d/watch: gpl.savoirfairelinux.net -> dl.ring.cx. * remove deprecated use-debian-gnutls.patch. * depend on libgnutls28-dev (>= 3.4.14). * d/coptright: exclude client-ios. * d/copyright: exclude libnatpmp. * build depend on libnatpmp-dev. * create use-debian-pmp.patch. -- Alexandre Viau Fri, 01 Jul 2016 19:06:06 +0200 ring (20160630.3.52c5ef6~dfsg1-1) unstable; urgency=medium * New upstream snapshot. -- Alexandre Viau Fri, 01 Jul 2016 13:15:29 +0200 ring (20160630.2.b3d131f~dfsg1-2) unstable; urgency=medium * Create ring-daemon package. -- Alexandre Viau Fri, 01 Jul 2016 00:09:22 +0200 ring (20160630.2.b3d131f~dfsg1-1) unstable; urgency=medium * New upstream release. * Remove .sum-iax. * d/copyright: reflect changes in msgpack. * Add patch to use Debian's GnuTLS. * Don't parallelize contrib build. * d/rules: remove ring -> ring.cx. * d/copyright: updated OpenDHT's ax_cxx_compile_stdcxx.m4 section -- Alexandre Viau Thu, 30 Jun 2016 19:09:51 +0200 ring (20160422.1.3c07c8e~dfsg2-1) unstable; urgency=medium * Remove libiax due to copyright issues -- Alexandre Viau Thu, 30 Jun 2016 14:44:15 +0200 ring (20160422.1.3c07c8e~dfsg1-4) unstable; urgency=medium * Fix maintscript-calls-ldconfig lintian warning. * Bump Standards-Version to 3.9.8. -- Alexandre Viau Tue, 28 Jun 2016 00:08:01 +0200 ring (20160422.1.3c07c8e~dfsg1-3) unstable; urgency=medium * Added mising argon2 copyright section * README.Debian: don't mention libgsm * d/copyright: mention April2016 pjsip thread -- Alexandre Viau Mon, 27 Jun 2016 22:54:48 +0200 ring (20160422.1.3c07c8e~dfsg1-2) unstable; urgency=medium * Removed ring binary (conflicts with alliance package) * Removed empty cmake directory -- Alexandre Viau Sat, 23 Apr 2016 21:31:24 -0400 ring (20160422.1.3c07c8e~dfsg1-1) unstable; urgency=medium * Initial release. (Closes: #816707) -- Alexandre Viau Fri, 04 Mar 2016 13:16:17 -0500