summaryrefslogtreecommitdiff
path: root/net-libs/pjproject
diff options
context:
space:
mode:
authorV3n3RiX <venerix@redcorelinux.org>2021-07-24 02:11:45 +0100
committerV3n3RiX <venerix@redcorelinux.org>2021-07-24 02:11:45 +0100
commitb49088575eb777ced2551f484da86317332d6087 (patch)
treebf9a151cf2d61956340d555659ffc098ee1da466 /net-libs/pjproject
parent514d1bbe260df2521fe60f1a3ec87cfcfde1a829 (diff)
gentoo resync : 24.07.2021
Diffstat (limited to 'net-libs/pjproject')
-rw-r--r--net-libs/pjproject/Manifest2
-rw-r--r--net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch289
-rw-r--r--net-libs/pjproject/pjproject-2.10-r2.ebuild125
3 files changed, 416 insertions, 0 deletions
diff --git a/net-libs/pjproject/Manifest b/net-libs/pjproject/Manifest
index dbfb7c5c2bae..2c98bbfc6a75 100644
--- a/net-libs/pjproject/Manifest
+++ b/net-libs/pjproject/Manifest
@@ -1,8 +1,10 @@
AUX pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch 4724 BLAKE2B a098969ca78f538848a6616d6168dc74dc4d6c09f348e0e6436089341827346f52c3feb43a4de13453df940cad65b02f650c9e3cdfae4b449da0a5140e0fda54 SHA512 49846fd649f664ce29098800d4f9acee95ac4c06ff5499495b5bcc78269a33e9e66e9df126755aba9c48481c3a87040ff0a6bf1e4fc64bdf0492c55d428978f0
AUX pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch 1564 BLAKE2B 30f7af19ae18c071b62e31a6a049e4e67f7b391a65ab52ef8d5270ef504a4057b35679c580ba056c9b1b3e5813fde5ccc8ca863bead4f62156e39f8c2947e4d2 SHA512 9fb5b8961e7c69cf8a902eaa28cb2147faf8f0809467911454758b793832831240992a3c27ecb722a4ea066df909c0cf12b4b1bf139037f647828eb4cc16fee0
+AUX pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch 10321 BLAKE2B 6e69e2476439d2f6ca97cd94376d3ffe924840289abe49bf33ecc10c1b67d33457e4231a47851b1e749600f3d7b4a4980b1e5bada06bfc1df5334f6a51b0e8f1 SHA512 58faf870bae4ec94cfc78ca9397e476b7db26c69bb4de5dd6bdaa63f6a8cca95438a182661b485afb04872899c41a8f8ff72c5cfbad35c41cbdc5e9831813c4a
AUX pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch 3929 BLAKE2B fc7e12b7e8e9ff35556aa153496c2f7decd13bc78493d8c6f24449f063fe9c76b1772f6dc2b6cfc279c9731cc08735b27cd990ac6c4648c18e7f08c2c9fc3810 SHA512 e230041cff87d97947ad8caeb80c4858b8a1d435251d79b281fc0035da04aab549d1d5dc085681d98410da7e37359bb2ed721d132b321cce9a7326e4ff52c40f
AUX pjproject-2.9-config_site.h 2168 BLAKE2B 39d526e7a2ca79ea2c1e453d95d420a6245e7a93641227a908660fea553a8b66d5dfb6b7108b49dc0686de6522c2485b72a6e7511096cbfe50bdb2800d559e6f SHA512 d6456b7fa36b3256613eea515b78f0884fa6b56705817cd421a962f3c3302bf0efa69006432dffca49400ef75dc99ebc7639d270aebe5bc2d4a9a9515cc56408
AUX pjproject-2.9-ssl-enable.patch 3515 BLAKE2B d68479ba509513828d8488b60358ba00651c87d0b39b9bc800fe0d38294f2afad43fd7f4ee5c260bd62044d17b010112c59363277739f4ae7d20940943437539 SHA512 5fd3e681801e6e2cd56ec177d71a65422ec22b788adfad3920562616c737188f71097a545d9c59bd6a3d876ba143f90f731d165d8c68da25aa93b03c009753e8
DIST pjproject-2.10.tar.gz 8768705 BLAKE2B 42d70867e2e0474313426f1e188586d203d6165c28a133a62dedacd2deb2899215212824d9402a48fcc66bb08a17b796d3625e1d51a8aedc9aa4b3a3bf1cb8fa SHA512 a67f083df175b536b4e6a7b7fe39e07d3ee805d6917ec64a50694542a7455c33a100889191044ab3fa679b6656774a6be045621aa53510b5f04cdde9ddd59893
EBUILD pjproject-2.10-r1.ebuild 3339 BLAKE2B 7bdb4fd1731d2a32750b73970f06c70188309227b727f50f13819e435adcb897f42bb9408c0ef5c151a12dd6954a01205740b11aea657cb53ead6112a9c9036a SHA512 6b7f60dd30b96d600197d4ed5d1d3002df152c0101c359c644a45787ed7112dc1667065d96ab8001ffa1f8c9de0e8d505be9040aca3cd188b7cb155fa0caeb54
+EBUILD pjproject-2.10-r2.ebuild 3425 BLAKE2B 5e75ed21cdf7da4b13eee7e6db0e9c3aa8af96c8488eb361f90cbe855e08f3d2de815a4bec2d4d26ce51b0a97331de54143f84a372f20c8933f22ebbb74bca9b SHA512 3c3d63692852d7f34dee7345447267da1f72fe42d7e61d3fbc03a2e5b3dbca1b23d4bce5cacd1129231474e1a3177b178da645f0279f6e36a5a610267989c8c8
MISC metadata.xml 1378 BLAKE2B f5445d873e1167362e054d6010d68e515a237481f64ef50bbc18d7bdaf338fea6f5620297ce165c6ad79022ae0a60665d120dad5fffce44f71f7861acf2af878 SHA512 c76ce7cc7885daa1462cb707cc15d8f6ce385db25bd0358ec4ffc7c02134ebebe27c69d20eaa2923cf834863359453593bf52b89315ae5a8386c9fcdafcbb7d6
diff --git a/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
new file mode 100644
index 000000000000..ba31cf19eda7
--- /dev/null
+++ b/net-libs/pjproject/files/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch
@@ -0,0 +1,289 @@
+From d5f95aa066f878b0aef6a64e60b61e8626e664cd Mon Sep 17 00:00:00 2001
+From: Nanang Izzuddin <nanang@teluu.com>
+Date: Fri, 23 Jul 2021 10:49:21 +0700
+Subject: [PATCH] Merge pull request from GHSA-cv8x-p47p-99wr
+
+* - Avoid SSL socket parent/listener getting destroyed during handshake by increasing parent's reference count.
+- Add missing SSL socket close when the newly accepted SSL socket is discarded in SIP TLS transport.
+
+* - Fix silly mistake: accepted active socket created without group lock in SSL socket.
+- Replace assertion with normal validation check of SSL socket instance in OpenSSL verification callback (verify_cb()) to avoid crash, e.g: if somehow race condition with SSL socket destroy happens or OpenSSL application data index somehow gets corrupted.
+---
+ pjlib/src/pj/ssl_sock_imp_common.c | 47 +++++++++++++++++++++--------
+ pjlib/src/pj/ssl_sock_ossl.c | 45 ++++++++++++++++++++++-----
+ pjsip/src/pjsip/sip_transport_tls.c | 23 +++++++++++++-
+ 3 files changed, 95 insertions(+), 20 deletions(-)
+
+diff --git a/pjlib/src/pj/ssl_sock_imp_common.c b/pjlib/src/pj/ssl_sock_imp_common.c
+index 025832da4..24533b397 100644
+--- a/pjlib/src/pj/ssl_sock_imp_common.c
++++ b/pjlib/src/pj/ssl_sock_imp_common.c
+@@ -255,6 +255,8 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
+
+ /* Accepting */
+ if (ssock->is_server) {
++ pj_bool_t ret = PJ_TRUE;
++
+ if (status != PJ_SUCCESS) {
+ /* Handshake failed in accepting, destroy our self silently. */
+
+@@ -272,6 +274,12 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
+ status);
+ }
+
++ /* Decrement ref count of parent */
++ if (ssock->parent->param.grp_lock) {
++ pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
++ ssock->parent = NULL;
++ }
++
+ /* Originally, this is a workaround for ticket #985. However,
+ * a race condition may occur in multiple worker threads
+ * environment when we are destroying SSL objects while other
+@@ -315,23 +323,29 @@ static pj_bool_t on_handshake_complete(pj_ssl_sock_t *ssock,
+
+ return PJ_FALSE;
+ }
++
+ /* Notify application the newly accepted SSL socket */
+ if (ssock->param.cb.on_accept_complete2) {
+- pj_bool_t ret;
+ ret = (*ssock->param.cb.on_accept_complete2)
+ (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr,
+ pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr),
+ status);
+- if (ret == PJ_FALSE)
+- return PJ_FALSE;
+ } else if (ssock->param.cb.on_accept_complete) {
+- pj_bool_t ret;
+ ret = (*ssock->param.cb.on_accept_complete)
+ (ssock->parent, ssock, (pj_sockaddr_t*)&ssock->rem_addr,
+ pj_sockaddr_get_len((pj_sockaddr_t*)&ssock->rem_addr));
+- if (ret == PJ_FALSE)
+- return PJ_FALSE;
+ }
++
++ /* Decrement ref count of parent and reset parent (we don't need it
++ * anymore, right?).
++ */
++ if (ssock->parent->param.grp_lock) {
++ pj_grp_lock_dec_ref(ssock->parent->param.grp_lock);
++ ssock->parent = NULL;
++ }
++
++ if (ret == PJ_FALSE)
++ return PJ_FALSE;
+ }
+
+ /* Connecting */
+@@ -930,9 +944,13 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
+ if (status != PJ_SUCCESS)
+ goto on_return;
+
++ /* Set parent and add ref count (avoid parent destroy during handshake) */
++ ssock->parent = ssock_parent;
++ if (ssock->parent->param.grp_lock)
++ pj_grp_lock_add_ref(ssock->parent->param.grp_lock);
++
+ /* Update new SSL socket attributes */
+ ssock->sock = newsock;
+- ssock->parent = ssock_parent;
+ ssock->is_server = PJ_TRUE;
+ if (ssock_parent->cert) {
+ status = pj_ssl_sock_set_certificate(ssock, ssock->pool,
+@@ -957,16 +975,20 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
+ ssock->asock_rbuf = (void**)pj_pool_calloc(ssock->pool,
+ ssock->param.async_cnt,
+ sizeof(void*));
+- if (!ssock->asock_rbuf)
+- return PJ_ENOMEM;
++ if (!ssock->asock_rbuf) {
++ status = PJ_ENOMEM;
++ goto on_return;
++ }
+
+ for (i = 0; i<ssock->param.async_cnt; ++i) {
+ ssock->asock_rbuf[i] = (void*) pj_pool_alloc(
+ ssock->pool,
+ ssock->param.read_buffer_size +
+ sizeof(read_data_t*));
+- if (!ssock->asock_rbuf[i])
+- return PJ_ENOMEM;
++ if (!ssock->asock_rbuf[i]) {
++ status = PJ_ENOMEM;
++ goto on_return;
++ }
+ }
+
+ /* If listener socket has group lock, automatically create group lock
+@@ -980,7 +1002,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
+ goto on_return;
+
+ pj_grp_lock_add_ref(glock);
+- asock_cfg.grp_lock = ssock->param.grp_lock = glock;
++ ssock->param.grp_lock = glock;
+ pj_grp_lock_add_handler(ssock->param.grp_lock, ssock->pool, ssock,
+ ssl_on_destroy);
+ }
+@@ -1008,6 +1030,7 @@ static pj_bool_t ssock_on_accept_complete (pj_ssl_sock_t *ssock_parent,
+
+ /* Create active socket */
+ pj_activesock_cfg_default(&asock_cfg);
++ asock_cfg.grp_lock = ssock->param.grp_lock;
+ asock_cfg.async_cnt = ssock->param.async_cnt;
+ asock_cfg.concurrency = ssock->param.concurrency;
+ asock_cfg.whole_data = PJ_TRUE;
+diff --git a/pjlib/src/pj/ssl_sock_ossl.c b/pjlib/src/pj/ssl_sock_ossl.c
+index 88a2a6b94..df4f4f96a 100644
+--- a/pjlib/src/pj/ssl_sock_ossl.c
++++ b/pjlib/src/pj/ssl_sock_ossl.c
+@@ -327,7 +327,8 @@ static pj_status_t STATUS_FROM_SSL_ERR(char *action, pj_ssl_sock_t *ssock,
+ ERROR_LOG("STATUS_FROM_SSL_ERR", err, ssock);
+ }
+
+- ssock->last_err = err;
++ if (ssock)
++ ssock->last_err = err;
+ return GET_STATUS_FROM_SSL_ERR(err);
+ }
+
+@@ -344,7 +345,8 @@ static pj_status_t STATUS_FROM_SSL_ERR2(char *action, pj_ssl_sock_t *ssock,
+ /* Dig for more from OpenSSL error queue */
+ SSLLogErrors(action, ret, err, len, ssock);
+
+- ssock->last_err = ssl_err;
++ if (ssock)
++ ssock->last_err = ssl_err;
+ return GET_STATUS_FROM_SSL_ERR(ssl_err);
+ }
+
+@@ -786,6 +788,13 @@ static pj_status_t init_openssl(void)
+
+ /* Create OpenSSL application data index for SSL socket */
+ sslsock_idx = SSL_get_ex_new_index(0, "SSL socket", NULL, NULL, NULL);
++ if (sslsock_idx == -1) {
++ status = STATUS_FROM_SSL_ERR2("Init", NULL, -1, ERR_get_error(), 0);
++ PJ_LOG(1,(THIS_FILE,
++ "Fatal error: failed to get application data index for "
++ "SSL socket"));
++ return status;
++ }
+
+ #if defined(PJ_SSL_SOCK_OSSL_USE_THREAD_CB) && \
+ PJ_SSL_SOCK_OSSL_USE_THREAD_CB != 0 && OPENSSL_VERSION_NUMBER < 0x10100000L
+@@ -819,21 +828,36 @@ static int password_cb(char *buf, int num, int rwflag, void *user_data)
+ }
+
+
+-/* SSL password callback. */
++/* SSL certificate verification result callback.
++ * Note that this callback seems to be always called from library worker
++ * thread, e.g: active socket on_read_complete callback, which should have
++ * already been equipped with race condition avoidance mechanism (should not
++ * be destroyed while callback is being invoked).
++ */
+ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+ {
+- pj_ssl_sock_t *ssock;
+- SSL *ossl_ssl;
++ pj_ssl_sock_t *ssock = NULL;
++ SSL *ossl_ssl = NULL;
+ int err;
+
+ /* Get SSL instance */
+ ossl_ssl = X509_STORE_CTX_get_ex_data(x509_ctx,
+ SSL_get_ex_data_X509_STORE_CTX_idx());
+- pj_assert(ossl_ssl);
++ if (!ossl_ssl) {
++ PJ_LOG(1,(THIS_FILE,
++ "SSL verification callback failed to get SSL instance"));
++ goto on_return;
++ }
+
+ /* Get SSL socket instance */
+ ssock = SSL_get_ex_data(ossl_ssl, sslsock_idx);
+- pj_assert(ssock);
++ if (!ssock) {
++ /* SSL socket may have been destroyed */
++ PJ_LOG(1,(THIS_FILE,
++ "SSL verification callback failed to get SSL socket "
++ "instance (sslsock_idx=%d).", sslsock_idx));
++ goto on_return;
++ }
+
+ /* Store verification status */
+ err = X509_STORE_CTX_get_error(x509_ctx);
+@@ -911,6 +935,7 @@ static int verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx)
+ if (PJ_FALSE == ssock->param.verify_peer)
+ preverify_ok = 1;
+
++on_return:
+ return preverify_ok;
+ }
+
+@@ -1474,6 +1499,12 @@ static void ssl_destroy(pj_ssl_sock_t *ssock)
+ static void ssl_reset_sock_state(pj_ssl_sock_t *ssock)
+ {
+ ossl_sock_t *ossock = (ossl_sock_t *)ssock;
++
++ /* Detach from SSL instance */
++ if (ossock->ossl_ssl) {
++ SSL_set_ex_data(ossock->ossl_ssl, sslsock_idx, NULL);
++ }
++
+ /**
+ * Avoid calling SSL_shutdown() if handshake wasn't completed.
+ * OpenSSL 1.0.2f complains if SSL_shutdown() is called during an
+diff --git a/pjsip/src/pjsip/sip_transport_tls.c b/pjsip/src/pjsip/sip_transport_tls.c
+index 56a06cf99..24e43ef60 100644
+--- a/pjsip/src/pjsip/sip_transport_tls.c
++++ b/pjsip/src/pjsip/sip_transport_tls.c
+@@ -1333,9 +1333,26 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
+ PJ_UNUSED_ARG(src_addr_len);
+
+ listener = (struct tls_listener*) pj_ssl_sock_get_user_data(ssock);
++ if (!listener) {
++ /* Listener already destroyed, e.g: after TCP accept but before SSL
++ * handshake is completed.
++ */
++ if (new_ssock && accept_status == PJ_SUCCESS) {
++ /* Close the SSL socket if the accept op is successful */
++ PJ_LOG(4,(THIS_FILE,
++ "Incoming TLS connection from %s (sock=%d) is discarded "
++ "because listener is already destroyed",
++ pj_sockaddr_print(src_addr, addr, sizeof(addr), 3),
++ new_ssock));
++
++ pj_ssl_sock_close(new_ssock);
++ }
++
++ return PJ_FALSE;
++ }
+
+ if (accept_status != PJ_SUCCESS) {
+- if (listener && listener->tls_setting.on_accept_fail_cb) {
++ if (listener->tls_setting.on_accept_fail_cb) {
+ pjsip_tls_on_accept_fail_param param;
+ pj_ssl_sock_info ssi;
+
+@@ -1358,6 +1375,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
+ PJ_ASSERT_RETURN(new_ssock, PJ_TRUE);
+
+ if (!listener->is_registered) {
++ pj_ssl_sock_close(new_ssock);
++
+ if (listener->tls_setting.on_accept_fail_cb) {
+ pjsip_tls_on_accept_fail_param param;
+ pj_bzero(&param, sizeof(param));
+@@ -1409,6 +1428,8 @@ static pj_bool_t on_accept_complete2(pj_ssl_sock_t *ssock,
+ ssl_info.grp_lock, &tls);
+
+ if (status != PJ_SUCCESS) {
++ pj_ssl_sock_close(new_ssock);
++
+ if (listener->tls_setting.on_accept_fail_cb) {
+ pjsip_tls_on_accept_fail_param param;
+ pj_bzero(&param, sizeof(param));
+--
+2.31.1
+
diff --git a/net-libs/pjproject/pjproject-2.10-r2.ebuild b/net-libs/pjproject/pjproject-2.10-r2.ebuild
new file mode 100644
index 000000000000..ee620bea10a9
--- /dev/null
+++ b/net-libs/pjproject/pjproject-2.10-r2.ebuild
@@ -0,0 +1,125 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit autotools flag-o-matic toolchain-funcs
+
+DESCRIPTION="Open source SIP, Media, and NAT Traversal Library"
+HOMEPAGE="https://www.pjsip.org/"
+SRC_URI="https://github.com/pjsip/${PN}/archive/${PV}.tar.gz -> ${P}.tar.gz"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+
+LICENSE="GPL-2"
+SLOT="0/${PV}"
+
+# g729 not included due to special bcg729 handling.
+CODEC_FLAGS="g711 g722 g7221 gsm ilbc speex l16"
+VIDEO_FLAGS="sdl ffmpeg v4l2 openh264 libyuv vpx"
+SOUND_FLAGS="alsa portaudio"
+IUSE="amr debug epoll examples ipv6 opus resample silk ssl static-libs webrtc
+ ${CODEC_FLAGS} g729
+ ${VIDEO_FLAGS}
+ ${SOUND_FLAGS}"
+
+PATCHES=(
+ "${FILESDIR}/pjproject-2.9-ssl-enable.patch"
+ "${FILESDIR}/pjproject-2.10-race-condition-between-transport-destroy-and-acquire.patch"
+ "${FILESDIR}/pjproject-2.10-CVE-2020-15260-tls-hostname-check.patch"
+ "${FILESDIR}/pjproject-2.10-CVE-2021-21375-negotiation-failure-crash.patch"
+ "${FILESDIR}/pjproject-2.10-CVE-2021-32686-AST-2021-009-GHSA-cv8x-p47p-99wr.patch"
+)
+
+RDEPEND="net-libs/libsrtp:=
+ alsa? ( media-libs/alsa-lib )
+ amr? ( media-libs/opencore-amr )
+ ffmpeg? ( media-video/ffmpeg:= )
+ g729? ( media-libs/bcg729 )
+ gsm? ( media-sound/gsm )
+ ilbc? ( media-libs/libilbc )
+ openh264? ( media-libs/openh264 )
+ opus? ( media-libs/opus )
+ portaudio? ( media-libs/portaudio )
+ resample? ( media-libs/libsamplerate )
+ sdl? ( media-libs/libsdl )
+ speex? (
+ media-libs/speex
+ media-libs/speexdsp
+ )
+ ssl? (
+ dev-libs/openssl:0=
+ )
+"
+DEPEND="${RDEPEND}"
+BDEPEND="virtual/pkgconfig"
+
+src_prepare() {
+ default
+ rm configure || die "Unable to remove unwanted wrapper"
+ mv aconfigure.ac configure.ac || die "Unable to rename configure script source"
+ eautoreconf
+
+ cp "${FILESDIR}/pjproject-2.9-config_site.h" "${S}/pjlib/include/pj/config_site.h" || die "Unable to create config_site.h"
+}
+
+src_configure() {
+ local myconf=()
+ local videnable="--disable-video"
+ local t
+
+ use debug || append-cflags -DNDEBUG=1
+ use ipv6 && append-cflags -DPJ_HAS_IPV6=1
+ append-cflags -DPJMEDIA_HAS_SRTP=1
+
+ for t in ${CODEC_FLAGS}; do
+ myconf+=( $(use_enable ${t} ${t}-codec) )
+ done
+ myconf+=( $(use_enable g729 bcg729) )
+
+ for t in ${VIDEO_FLAGS}; do
+ myconf+=( $(use_enable ${t}) )
+ use "${t}" && videnable="--enable-video"
+ done
+
+ [ "${videnable}" = "--enable-video" ] && append-cflags -DPJMEDIA_HAS_VIDEO=1
+
+ LD="$(tc-getCC)" econf \
+ --enable-shared \
+ --with-external-srtp \
+ ${videnable} \
+ $(use_enable alsa sound) \
+ $(use_enable amr opencore-amr) \
+ $(use_enable epoll) \
+ $(use_enable opus) \
+ $(use_enable portaudio ext-sound) \
+ $(use_enable resample libsamplerate) \
+ $(use_enable resample resample-dll) \
+ $(use_enable resample) \
+ $(use_enable silk) \
+ $(use_enable speex speex-aec) \
+ $(use_enable ssl) \
+ $(use_with gsm external-gsm) \
+ $(use_with portaudio external-pa) \
+ $(use_with speex external-speex) \
+ $(usex webrtc '' --disable-libwebrtc) \
+ "${myconf[@]}"
+}
+
+src_compile() {
+ emake dep LD="$(tc-getCC)"
+ emake LD="$(tc-getCC)"
+}
+
+src_install() {
+ default
+
+ newbin pjsip-apps/bin/pjsua-${CHOST} pjsua
+ newbin pjsip-apps/bin/pjsystest-${CHOST} pjsystest
+
+ if use examples; then
+ insinto "/usr/share/doc/${PF}/examples"
+ doins -r pjsip-apps/src/samples
+ fi
+
+ use static-libs || rm "${ED}/usr/$(get_libdir)"/*.a || die "Error removing static archives"
+}