debian/0000775000000000000000000000000012506517672007203 5ustar debian/repro.postinst0000664000000000000000000000342612441103142012121 0ustar #!/bin/sh # currently comment out because otherwise it freezes #. /usr/share/debconf/confmodule set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package # $1 = version of the package being upgraded. install() { REPRO_GROUP=repro if ! getent group "$REPRO_GROUP" >/dev/null; then addgroup --system "$REPRO_GROUP" || exit 1 fi REPRO_HOME=/var/lib/repro REPRO_USER=repro if ! getent passwd "$REPRO_USER" >/dev/null; then adduser --system \ --home "${REPRO_HOME}" \ --shell /bin/false \ --no-create-home \ --ingroup "$REPRO_GROUP" \ --disabled-password \ --disabled-login \ --gecos "repro SIP proxy daemon" \ "$REPRO_USER" || exit 1 fi chown ${REPRO_USER}:${REPRO_GROUP} "${REPRO_HOME}" chmod 0700 "${REPRO_HOME}" chown ${REPRO_USER}:${REPRO_GROUP} /var/log/repro chmod 0750 /var/log/repro } case "$1" in configure) install "$2" ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/resiprocate-turn-server.init0000664000000000000000000000406112441103142014660 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: resiprocate-turn-server # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: reTurn Server # Description: STUN and TURN Relay for VoIP media streams ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin NAME=reTurnServer BIN=reTurnServer DESC="TURN relay" DAEMON=/usr/sbin/$BIN USER=return GROUP=return PIDFILE="/var/run/$BIN/$NAME.pid" PIDFILE_DIR=`dirname $PIDFILE` LOG_DIR=/var/log/reTurnServer . /lib/lsb/init-functions test -x $DAEMON || exit 1 umask 002 # Include defaults if available if [ -f /etc/default/$NAME ] ; then . /etc/default/$NAME fi DAEMON_OPTS="/etc/reTurn/reTurnServer.config --Daemonize=true --PidFile=${PIDFILE}" if [ ! -d "$PIDFILE_DIR" ];then mkdir -p "$PIDFILE_DIR" chown $USER:$GROUP "$PIDFILE_DIR" fi if [ ! -d "$LOG_DIR" ];then mkdir -p "$LOG_DIR" chown $USER:$GROUP "$LOG_DIR" fi set -e case "$1" in start) log_daemon_msg "Starting $DESC ($NAME)" $BIN start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS ;; stop) log_daemon_msg "Stopping $DESC ($NAME)" $BIN start-stop-daemon --stop --quiet --oknodo --user $USER --pidfile $PIDFILE --exec $DAEMON ;; status) echo -n "Status $DESC: " PID=$(cat $PIDFILE) kill -0 $PID rc=$? # Check exit code if [ "$rc" -ne 0 ] then echo "$NAME is NOT running." exit 7 else echo "$NAME is running with PID: $PID" fi ;; reload|force-reload) log_daemon_msg "Reloading $DESC ($NAME)" $BIN if [ -f "$PIDFILE" ] ; then start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE || rc=$? fi ;; restart) log_daemon_msg "Restarting $DESC ($NAME)" $BIN start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON sleep 1 start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|status|restart|reload|force-reload}" >&2 exit 1 ;; esac exit 0 debian/sipdialer.manpages0000664000000000000000000000003112441103142012643 0ustar apps/sipdial/sipdialer.1 debian/control0000664000000000000000000001702012506517576010611 0ustar Source: resiprocate Section: libs Priority: extra Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Debian VoIP Team Uploaders: Daniel Pocock Build-Depends: debhelper (>= 9.0.0), gperf, libasio-dev, libboost-dev, libc-ares-dev (>= 1.6.0), libdb++-dev, libpopt-dev, libssl-dev (>= 0.9.8), perl, libmysqlclient-dev, libfreeradius-client-dev, libcppunit-dev, autotools-dev, libpcre3-dev, dpkg-dev (>= 1.16.1~), libsipxtapi-dev (>= 3.3.0~test15) [linux-any], libsrtp-dev [linux-any], libcajun-dev, python-cxx-dev, dh-autoreconf, pkg-config Homepage: http://www.resiprocate.org/ Standards-Version: 3.9.5 Vcs-Git: git://git.debian.org/pkg-voip/resiprocate.git Vcs-Browser: http://git.debian.org/?p=pkg-voip/resiprocate.git;a=summary Package: libresiprocate-1.9 Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Description: reSIProcate SIP stack - shared libraries reSIProcate is a framework that aims to fully implement the SIP protocol in first class C++. It is intended for use in other applications, such as the repro SIP proxy. . This package provides the core libraries: librutil (utilities), libresip (SIP stack/RFC compliant message parsing) and libdum (SIP Dialog Usage Manager, a state machine for SIP dialogs). Package: libresiprocate-1.9-dev Section: libdevel Architecture: any Depends: libresiprocate-1.9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, libc-ares-dev, libssl-dev, libfreeradius-client-dev Provides: libresiprocate-dev Conflicts: libresiprocate-dev, libresiprocate-1.8-dev Replaces: libresiprocate-dev, libresiprocate-1.8-dev Description: reSIProcate SIP stack - development files reSIProcate is a framework that aims to fully implement the SIP protocol in first class C++. It is intended for use in other applications, such as the repro SIP proxy. . This package provides header files needed for developing applications based on the core reSIProcate libraries. Package: librecon-1.9 Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} Depends: libresiprocate-1.9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, libsipxtapi (>= 3.3.0~test15) Description: reSIProcate conversation manager - shared libraries reSIProcate is a framework that aims to fully implement the SIP protocol in first class C++. It is intended for use in other applications, such as the repro SIP proxy. . This package provides the conversation manager library, librecon, implementing the core functionality of a back-to-back user agent (B2BUA), session border controller (SBC) and conferencing server. . As reSIProcate has no built-in media framework, this package depends on the media framework from the sipXtapi project. However, it does not utilise any other features of sipXtapi for the session control. Future versions of recon aim to support multiple media frameworks using an abstraction layer. Package: librecon-1.9-dev Section: libdevel Depends: librecon-1.9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, libresiprocate-1.9-dev (= ${binary:Version}), libresiprocate-turn-client-1.9-dev (= ${binary:Version}), libsipxtapi-dev, libsrtp-dev Architecture: linux-any Provides: librecon-dev Conflicts: librecon-dev, librecon-1.8-dev Replaces: librecon-dev, librecon-1.8-dev Description: reSIProcate conversation manager - development files reSIProcate is a framework that aims to fully implement the SIP protocol in first class C++. It is intended for use in other applications, such as the repro SIP proxy. . This package provides header files needed for developing applications based on librecon. Package: libresiprocate-turn-client-1.9 Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: libresiprocate-1.9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Description: reSIProcate TURN client (reTurn) - shared libraries reTurn is the TURN component of the reSIProcate project. This package provides a shared library implementing the TURN protocol for NAT traversal, typically used in VoIP applications such as SIP and Jabber/XMPP. It is a successor to STUN and is an important part of the Interactive Connectivity Establishment (ICE) protocol. . reSIProcate is a framework that aims to fully implement the SIP protocol in first class C++. It is intended for use in other applications, such as the repro SIP proxy. Package: libresiprocate-turn-client-1.9-dev Section: libdevel Architecture: any Depends: libresiprocate-turn-client-1.9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, libresiprocate-1.9-dev (= ${binary:Version}), libasio-dev (>= 1.2.0), libboost-dev Provides: libresiprocate-turn-client-dev Conflicts: libresiprocate-turn-client-dev, libresiprocate-turn-client-1.8-dev Replaces: libresiprocate-turn-client-dev, libresiprocate-turn-client-1.8-dev Description: reSIProcate TURN client (reTurn) - development files This package provides header files needed for developing applications based on the reSIProcate reTurn client library. . reSIProcate is a framework that aims to fully implement the SIP protocol in first class C++. It is intended for use in other applications, such as the repro SIP proxy. Package: repro Section: net Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: libresiprocate-1.9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, adduser Recommends: apache2-utils, openssl, stun-server | turn-server Suggests: jscommunicator-web-phone Provides: sip-router Description: reSIProcate SIP stack - lightweight SIP proxy daemon repro is the SIP proxy developed as part of the reSIProcate project. It provides a high-quality, low maintenance solution for serving small and large IP telephony installations. . reSIProcate is a framework that aims to fully implement the SIP protocol in first class C++. It is intended for use in other applications, such as the repro SIP proxy. Package: resiprocate-turn-server Section: net Architecture: any Pre-Depends: ${misc:Pre-Depends} Depends: libresiprocate-1.9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends}, adduser Recommends: openssl Suggests: sip-router, xmpp-server, jscommunicator-web-phone Provides: stun-server, turn-server Description: reSIProcate SIP stack - ICE/TURN server reTurn is the TURN server developed as part of the reSIProcate project. TURN (RFC 5766) provides a standardised solution for VoIP applications to find the most efficient way to route media streams when NAT and firewall devices may be present. . reTurn provides a high-quality, low maintenance solution for serving small and large IP telephony installations. It has been used successfully with a variety of SIP and Jabber applications, including Lumicall, Jitsi, Empathy and Psi. . reSIProcate is a framework that aims to fully implement the SIP protocol in first class C++. It is intended for use in other applications, such as the repro SIP proxy. Package: sipdialer Section: net Architecture: any Depends: libresiprocate-1.9 (= ${binary:Version}), ${shlibs:Depends}, ${misc:Depends} Description: reSIProcate SIP stack - click-to-call utility sipdialer is a click-to-call application that uses the SIP REFER method to force a SIP phone (for example, the phone on your desk) to dial another number. It can be registered in GConf to handle clicks on sip:, sips: and tel: URIs in other applications and the web browser. . reSIProcate is a framework that aims to fully implement the SIP protocol in first class C++. It is intended for use in other applications, such as the repro SIP proxy. debian/libresiprocate-turn-client-1.9-dev.install0000664000000000000000000000006012441103142017076 0ustar usr/include/reTurn usr/lib/*/libreTurnClient.so debian/libresiprocate-1.9.install0000664000000000000000000000014412441103142014063 0ustar usr/lib/*/librutil-*.so* usr/lib/*/libresip-*.so* usr/lib/*/libdum-*.so* usr/lib/*/libsipdial-*.so* debian/resiprocate-turn-server.postrm0000664000000000000000000000130212441103142015234 0ustar #!/bin/sh set -e if [ "$1" = "purge" ] ; then if getent passwd return >/dev/null; then userdel return fi if getent group return >/dev/null; then groupdel return fi if [ -d /var/log/reTurnServer ]; then rm -rf /var/log/reTurnServer fi fi dpkg-maintscript-helper mv_conffile \ /etc/reTurnServer.config /etc/reTurn/reTurnServer.config 1.9.0~beta10-1 -- "$@" dpkg-maintscript-helper mv_conffile \ /etc/reTurnServer-users.txt /etc/reTurn/users.txt 1.9.0~beta10-1 -- "$@" # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/librecon-1.9.install0000664000000000000000000000006312441103142012651 0ustar usr/lib/*/librecon-*.so* usr/lib/*/libreflow-*.so* debian/README.source0000664000000000000000000000025412441103142011340 0ustar NMUs are welcome Please make your changes in the git VCS, push the changes and make a signed tag when you NMU, otherwise your changes will be lost on the next upload. debian/repro.postrm0000664000000000000000000000125112441103142011554 0ustar #!/bin/sh set -e if [ "$1" = "purge" ] ; then # MySQL uses debconf to get user confirmation before # wiping it's lib database directory, a similar # approach might be desirable for repro rm -rf /var/lib/repro rm -rf /var/run/repro if getent passwd repro >/dev/null; then userdel repro fi if getent group repro >/dev/null; then groupdel repro fi if [ -d /var/log/repro ]; then rm -rf /var/log/repro fi fi # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/resiprocate-turn-server.lintian-overrides0000664000000000000000000000010612441103142017347 0ustar resiprocate-turn-server binary: possible-gpl-code-linked-with-openssl debian/repro.README.Debian0000664000000000000000000000745212441103142012357 0ustar Background ---------- The original goal of repro was to provide a SIP proxy that is very easy to get started with. That was summarised in a post to the mailing list from Cullen Jennings in 2004: "I thought I would just start an email thread on thins that would be nice in an open source proxy. The key thing is the out of box experience, you can go from nothing to having a running proxy that allows phone A to call phone B in 15 minutes. The key property of it is that it provides what is needed for secure phone calls with devices behind a NAT." http://list.resiprocate.org/archive/resiprocate-devel/msg00639.html This package aims to help fulfil that promise. Important - upgrades from v1.8.x to v1.9.0 and beyond ----------------------------------------------------- Earlier versions of repro stored the web admin password in repro.config. As of v1.9.0, the web admin password is stored in a separate file, using a format compatible with the Apache htdigest utility. It is necessary to specify the location of the users.txt file in repro.config, for example, like this: HttpAdminUserFile = /etc/repro/users.txt and manually set the admin password. The easiest way to create the users.txt file and set the password is using the htdigest utility, for example: # htdigest -c /etc/repro/users.txt repro admin In this example, the realm value, 'repro', must match the HttpAdminRealm value in repro.config (if not specified, the default realm name is repro). Quick start ----------- After installing the package, the daemon starts. There is a built-in web server listening on port 5080 with username = admin, password = admin. You can (and definitely should) change the password in /etc/repro/repro.config Using the web interface, you can: - add SIP accounts for your devices - set routing rules for calls between devices or calls to external gateways Most other things (e.g. setting up SSL/TLS) is currently done by modifying /etc/repro/repro.config More complete documentation is here: http://www.resiprocate.org/Using_Repro SSL/TLS on Debian ----------------- The normal place for certs on Debian is in /etc/ssl Before repro v1.9.0~beta9, repro had particular expectations about certificate filenames and permissions. In particular, they needed to have names matching a particular template. Now, however, it is possible to specify any arbitrary certificate and key filenames on a per-transport basis, e.g. Transport1TlsCertificate = /etc/ssl/ssl.crt/sip-server.example.org.crt Transport1TlsPrivateKey = /etc/ssl/ssl.key/sip-server.example.org.key The TlsCertificate file should also contain any intermediate certificates. The server certificate should be first and the intermiediate certificates should be listed in order, starting with the one that signed your certificate and finishing with the one below the root. Intermediate certificates ------------------------- Sometimes the CA provides an intermediate certificate. The intermediate certificate(s) should be appended to the file containing the server certificate. repro will read all the certificates in the file and present them to the TLS client. Please be aware that some older IP phones may not work with intermediate certificates, 4096 bit certificates, high-security hash algorithms such as SHA256. Testing TLS with OpenSSL ------------------------ You can make a test connection like this: openssl s_client \ -connect secure.trendhosting.net:5061 \ -tls1 \ -CAfile /etc/ssl/certs/ca-certificates.crt Once the connection is confirmed, you can cut and paste SIP messages and see the replies from repro. Getting help ------------ Please feel free to join the repro-users mailing list if you have questions: http://list.resiprocate.org/mailman/listinfo debian/sipdialer.install0000664000000000000000000000002212441103142012516 0ustar usr/bin/sipdialer debian/changelog0000664000000000000000000002306112506517557011061 0ustar resiprocate (1:1.9.7-4~ubuntu14.04.1) trusty; urgency=medium * Rebuild for Ubuntu 14.04 LTS. (LP: #1420956) -- Marc Deslauriers Tue, 31 Mar 2015 09:21:16 -0400 resiprocate (1:1.9.7-4) unstable; urgency=medium * Use SSLv23_method instead of TLSv1_method and avoid TLS 1.2 when acting as client. (Closes: #772632) -- Daniel Pocock Tue, 09 Dec 2014 11:34:48 +0100 resiprocate (1.9.7-1) unstable; urgency=medium * New upstream release. -- Daniel Pocock Sat, 31 May 2014 12:51:05 +0200 resiprocate (1.9.6-1) unstable; urgency=medium * New upstream release. -- Daniel Pocock Thu, 10 Apr 2014 10:04:36 +0200 resiprocate (1.9.5-2) unstable; urgency=high * Fix/suppress lintian issues -- Daniel Pocock Thu, 27 Mar 2014 10:12:28 +0100 resiprocate (1.9.5-1) unstable; urgency=high * New upstream release * Fix crash when not checking return value of getenv * Fix other potential misuse of return values from dynamic_cast * librecon now disables inband DTMF tones -- Daniel Pocock Wed, 26 Mar 2014 15:45:21 +0100 resiprocate (1.9.4-1) unstable; urgency=high * New upstream release * Fix crash in librecon when UA is not using a UserProfile derived from ConversationProfile (Closes: #742638) * Ensure consistent use of milliseconds in DTMF tone API. -- Daniel Pocock Tue, 25 Mar 2014 21:34:22 +0100 resiprocate (1.9.3-1) unstable; urgency=high * New upstream release * Fix issue with reTurn-client failing to send media on sockets that do not involve a TURN relay (Closes: #742506) -- Daniel Pocock Mon, 24 Mar 2014 15:59:43 +0100 resiprocate (1.9.2-2) unstable; urgency=high * Add pkg-config to build-deps -- Daniel Pocock Sun, 09 Mar 2014 23:02:41 +0100 resiprocate (1.9.2-1) unstable; urgency=high * New upstream release * Fix issues found by ASan (Closes: #740232) * Invoke dh-autoreconf -- Daniel Pocock Sun, 09 Mar 2014 21:06:22 +0100 resiprocate (1.9.1-1) unstable; urgency=medium * New upstream release * Support for libasio-dev v1.10.1 * Log an error if repro.config doesn't specify HttpAdminUserFile (when a legacy repro.config is present) * Eliminate log messages about trying to write a PEM file -- Daniel Pocock Thu, 20 Feb 2014 16:35:46 +0100 resiprocate (1.9.0-3) unstable; urgency=medium * Add range for libasio-dev version -- Daniel Pocock Tue, 11 Feb 2014 20:26:34 +0100 resiprocate (1.9.0-2) unstable; urgency=low * Add upper bound on libasio-dev version -- Daniel Pocock Tue, 11 Feb 2014 15:50:12 +0100 resiprocate (1.9.0-1) unstable; urgency=low * New upstream release -- Daniel Pocock Mon, 10 Feb 2014 20:28:29 +0100 resiprocate (1.9.0~rc2-1) unstable; urgency=low * New upstream release * Change from syslog to dedicated logging -- Daniel Pocock Mon, 27 Jan 2014 20:18:53 +0100 resiprocate (1.9.0~rc1-1) unstable; urgency=low * New upstream release -- Daniel Pocock Tue, 21 Jan 2014 19:46:37 +0100 resiprocate (1.9.0~beta11-1) unstable; urgency=low * New upstream release -- Daniel Pocock Wed, 15 Jan 2014 12:41:18 +0100 resiprocate (1.9.0~beta10-3) unstable; urgency=low * Improve dhparam file handling -- Daniel Pocock Tue, 14 Jan 2014 16:25:45 +0100 resiprocate (1.9.0~beta10-2) unstable; urgency=low * New upstream release -- Daniel Pocock Mon, 13 Jan 2014 12:51:45 +0100 resiprocate (1.9.0~beta10-1) unstable; urgency=low * New upstream release -- Daniel Pocock Sun, 12 Jan 2014 11:46:45 +0100 resiprocate (1.9.0~beta9-1) unstable; urgency=low * New upstream release -- Daniel Pocock Sun, 12 Jan 2014 09:00:18 +0100 resiprocate (1.9.0~beta8-5) unstable; urgency=low * Ensure recon-dev package depends on srtp headers -- Daniel Pocock Sun, 29 Dec 2013 16:06:59 +0100 resiprocate (1.9.0~beta8-4) unstable; urgency=low * Ensure reTurn dev package depends on boost and asio headers * Add binary version restriction to dev header interdependencies * Fix conflicts/replaces specifications for dev packages -- Daniel Pocock Sun, 29 Dec 2013 09:33:55 +0100 resiprocate (1.9.0~beta8-3) unstable; urgency=low * Ensure dev packages depend on dependency headers -- Daniel Pocock Sun, 29 Dec 2013 08:47:06 +0100 resiprocate (1.9.0~beta8-2) unstable; urgency=low * Ensure dev packages depend on libresiprocate-1.9-dev -- Daniel Pocock Sat, 28 Dec 2013 23:21:43 +0100 resiprocate (1.9.0~beta8-1) unstable; urgency=low * New upstream release * Adds Python plugin support -- Daniel Pocock Thu, 19 Dec 2013 21:29:54 +0100 resiprocate (1.9.0~beta7-1) unstable; urgency=low * New upstream release * Enable DTLS support * Enable repro plugins and ship repro headers in dev package -- Daniel Pocock Mon, 09 Dec 2013 20:20:09 +0100 resiprocate (1.9.0~beta6-2) unstable; urgency=low * Workaround for kFreeBSD testTcp issue -- Daniel Pocock Mon, 04 Nov 2013 23:33:45 +0100 resiprocate (1.9.0~beta6-1) unstable; urgency=low * New upstream release -- Daniel Pocock Thu, 10 Oct 2013 14:44:31 +0200 resiprocate (1.9.0~beta5-1) unstable; urgency=low * New upstream release -- Daniel Pocock Wed, 09 Oct 2013 13:03:13 +0200 resiprocate (1.9.0~beta4-1) unstable; urgency=low * New upstream release -- Daniel Pocock Tue, 08 Oct 2013 15:42:37 +0200 resiprocate (1.8.14-1) unstable; urgency=low * New upstream release -- Daniel Pocock Sat, 28 Sep 2013 20:47:51 +0200 resiprocate (1.8.13-1) unstable; urgency=high * New upstream release -- Daniel Pocock Tue, 10 Sep 2013 20:01:27 +0200 resiprocate (1.8.12-4) unstable; urgency=high * Only required libsrtp-dev on Linux builds -- Daniel Pocock Fri, 06 Sep 2013 13:21:53 +0200 resiprocate (1.8.12-3) unstable; urgency=high * Use provides/replaces to allow upgrade to v1.9 (Closes: #717977) -- Daniel Pocock Fri, 06 Sep 2013 10:16:01 +0200 resiprocate (1.8.12-2) unstable; urgency=high * Suppress recon tests on non-Intel builds due to sipXtapi bug -- Daniel Pocock Tue, 06 Aug 2013 10:19:09 +0200 resiprocate (1.8.12-1) unstable; urgency=high * New upstream release * Upstream has fixed various issues, Debian patches dropped -- Daniel Pocock Mon, 05 Aug 2013 22:26:40 +0200 resiprocate (1.8.11-4) unstable; urgency=high * Fix for 64-bit IPv6 Tuple comparison issue -- Daniel Pocock Fri, 19 Jul 2013 12:36:53 +0200 resiprocate (1.8.11-3) unstable; urgency=low * Fix for big-endian build issues * Stop distributing libb2bua -- Daniel Pocock Thu, 18 Jul 2013 20:51:23 +0200 resiprocate (1.8.11-2) unstable; urgency=low * Disable librecon build on non-Linux architectures -- Daniel Pocock Thu, 18 Jul 2013 13:48:31 +0200 resiprocate (1.8.11-1) unstable; urgency=low * New upstream release -- Daniel Pocock Thu, 18 Jul 2013 11:10:22 +0200 resiprocate (1.8.10-5) unstable; urgency=low * Disable recon test cases -- Daniel Pocock Sun, 23 Jun 2013 14:10:53 +0200 resiprocate (1.8.10-4) unstable; urgency=low * Disable apps/clicktocall test case -- Daniel Pocock Sun, 23 Jun 2013 12:09:33 +0200 resiprocate (1.8.10-3) unstable; urgency=low * Remove DM-Upload-Allowed * Update for standards version 3.9.4 * Enable test cases -- Daniel Pocock Sat, 22 Jun 2013 17:52:06 +0200 resiprocate (1.8.10-2) unstable; urgency=low * Disable MOHParkServer build -- Daniel Pocock Sat, 22 Jun 2013 13:12:54 +0200 resiprocate (1.8.10-1) unstable; urgency=low * New upstream release -- Daniel Pocock Sat, 22 Jun 2013 12:19:23 +0200 resiprocate (1.8.9-1) unstable; urgency=low * New upstream release -- Daniel Pocock Thu, 20 Jun 2013 23:45:01 +0200 resiprocate (1.8.8-2) unstable; urgency=low * Add libsrtp-dev to build-depends -- Daniel Pocock Wed, 08 May 2013 14:27:23 +0200 resiprocate (1.8.8-1) unstable; urgency=low * New upstream release -- Daniel Pocock Tue, 07 May 2013 22:38:49 +0200 resiprocate (1.8.7-1) unstable; urgency=low * New upstream release -- Daniel Pocock Fri, 05 Apr 2013 17:40:45 +0200 resiprocate (1.8.5-1) unstable; urgency=low * New upstream release * Make sure repro hashed passwords are not world readable * Remove /var/lib/repro on purge (Closes: #675273) * Delay in postrm in case process hasn't finished stopping * Fix support for multiple ENUM carriers * Fix issue with help text causing crash * Fix clash between DIGEST and mutual TLS when used concurrently -- Daniel Pocock Wed, 08 Aug 2012 15:02:03 +0200 resiprocate (1.8.2-1) unstable; urgency=low * Initial release (Closes: #412427) -- Daniel Pocock Thu, 17 May 2012 19:29:59 +0000 debian/repro.dirs0000664000000000000000000000011712441103142011171 0ustar etc/repro/ssl usr/share/doc/repro/examples/pyroute var/lib/repro var/log/repro debian/librecon-1.9-dev.install0000664000000000000000000000012212441103142013421 0ustar usr/include/recon usr/include/reflow usr/lib/*/librecon.so usr/lib/*/libreflow.so debian/repro.lintian-overrides0000664000000000000000000000103612441103142013667 0ustar # library bundled with the repro binary, not used by other packages repro binary: package-name-doesnt-match-sonames # code is Vovida (BSD-like) licensed, only packaging is GPL repro binary: possible-gpl-code-linked-with-openssl # this is needed because of bug #673112 repro binary: hardening-no-fortify-functions # repro db files contain passwords, can't be world readable repro binary: non-standard-dir-perm # this lintian check is broken and gives a false positive repro binary: maintainer-script-should-not-use-adduser-system-without-home debian/libresiprocate-1.9.lintian-overrides0000664000000000000000000000115512441103142016056 0ustar # library package contains multiple libs that are always used together libresiprocate-1.9 binary: package-name-doesnt-match-sonames # code is Vovida (BSD-like) licensed, only packaging is GPL libresiprocate-1.9 binary: possible-gpl-code-linked-with-openssl # this is currently needed because the lintian check doesn't # seem to recognise libs created with libtool -release # (rather than the preferred libtool -version-info) # discussed on debian-mentors 2012-05-21 libresiprocate-1.9 binary: dev-pkg-without-shlib-symlink # this is needed because of bug #673112 libresiprocate-1.9 binary: hardening-no-fortify-functions debian/resiprocate-turn-server.postinst0000664000000000000000000000444712441103142015610 0ustar #!/bin/sh set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-remove' # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package dpkg-maintscript-helper mv_conffile \ /etc/reTurnServer.config /etc/reTurn/reTurnServer.config 1.9.0~beta10-1 -- "$@" dpkg-maintscript-helper mv_conffile \ /etc/reTurnServer-users.txt /etc/reTurn/users.txt 1.9.0~beta10-1 -- "$@" sed -i -e 's!^UserDatabaseFile = /etc/reTurnServer-users.txt!UserDatabaseFile = /etc/reTurn/users.txt!' /etc/reTurn/reTurnServer.config sed -i -e 's!^TlsTempDhFilename = /etc/reTurnServer-dh512.pem!TlsTempDhFilename = /etc/reTurn/dh512.pem!' /etc/reTurn/reTurnServer.config # $1 = version of the package being upgraded. install() { RETURN_GROUP=return if ! getent group "$RETURN_GROUP" >/dev/null; then addgroup --system "$RETURN_GROUP" || exit 1 fi RETURN_USER=return if ! getent passwd "$RETURN_USER" >/dev/null; then adduser --system \ --home / \ --shell /bin/false \ --no-create-home \ --ingroup "$RETURN_GROUP" \ --disabled-password \ --disabled-login \ --gecos "reTurnServer daemon" \ "$RETURN_USER" || exit 1 fi #DH_PARAM_FILE=/etc/reTurn/dh512.pem #if [ ! -f ${DH_PARAM_FILE} ]; #then # echo "Generating DH parameters..." # openssl dhparam -outform PEM -out ${DH_PARAM_FILE} 512 > /dev/null #fi chown ${RETURN_USER}:${RETURN_GROUP} /var/log/reTurnServer chmod 0750 /var/log/reTurnServer } case "$1" in configure) install "$2" ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/source/0000775000000000000000000000000012441103142010460 5ustar debian/source/format0000664000000000000000000000001412441103142011666 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000212441103142010356 0ustar 9 debian/conf/0000775000000000000000000000000012441546015010117 5ustar debian/conf/repro.config0000664000000000000000000011441312441546015012441 0ustar ######################################################## # repro configuration file ######################################################## ######################################################## # Log settings ######################################################## # Logging Type: syslog|cerr|cout|file # Note: Logging to cout can negatively effect performance. # When repro is placed into production 'file' or # 'syslog' should be used. LoggingType = file # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK LogLevel = WARNING # Log Filename LogFilename = /var/log/repro/repro.log # Log file Max Bytes LogFileMaxBytes = 0 # Instance name to be shown in logs, very useful when multiple instances # logging to syslog concurrently # If unspecified, defaults to argv[0] (name of the executable) #LoggingInstanceName = repro-dev ######################################################## # Transport settings ######################################################## # Set an upper limit on the maximum size of a SIP message payload # that the stack will accept. If a payload received over a # connection-oriented transport exceeds this size, the # connection will be dropped. # This applies to TCP, TLS and WebSocket transports. # UDP payload sizes are limited by the maximum datagram size # and any fragmentation constraints. #StreamMessageSizeLimit = 65536 # Local IP Address to bind SIP transports to. If left blank # repro will bind to all adapters. #IPAddress = 192.168.1.106 #IPAddress = 2001:5c0:1000:a::6d IPAddress = # Local port to listen on for SIP messages over UDP - 0 to disable UDPPort = 5060 # Local port to listen on for SIP messages over TCP - 0 to disable TCPPort = 5060 # Local port to listen on for SIP messages over TLS - 0 to disable TLSPort = 0 # Local port to listen on for SIP messages over WS (WebSocket) - 0 to disable WSPort = 0 # Local port to listen on for SIP messages over WSS (WebSocket TLS) - 0 to disable WSSPort = 0 # Local port to listen on for SIP messages over DTLS - 0 to disable DTLSPort = 0 # TLS domain name for this server (note: domain cert for this domain must be present) TLSDomainName = # PEM-encoded X.509 certificate for TLS # Must contain any intermediate certificates from the CA # The TLSCertificate and TLSPrivateKey parameters are optional. The stack # will also try to automatically detect any suitable certificates # in the directory specified by CertificatePath TLSCertificate = # PEM-encoded private key for TLS TLSPrivateKey = # Whether or not we ask for (Optional) or expect (Mandatory) TLS # clients to present a client certificate # Possible values: # None: client can connect without any cert, if a cert is sent, it is not checked # Optional: client can connect without any cert, if a cert is sent, it must be acceptable to us # Mandatory: client can not connect without any cert, cert must be acceptable to us # How we decide if a cert is acceptable: it must meet two criteria: # 1. it must be signed by a CA that we trust (see CADirectory) # 2. the domain or full sip: URI in the cert must match the From: URI of all # SIP messages coming from the peer TLSClientVerification = None # Whether we accept the subjectAltName email address as if it was a SIP # address (when checking the validity of a client certificate) # Very few commercial CAs offer support for SIP addresses in subjectAltName # For many purposes, an email address subjectAltName may be considered # equivalent within a specific domain. # Currently, this accepts such certs globally (for any incoming connection), # not just for connections from the local users. TLSUseEmailAsSIP = false # Alternate and more flexible method to specify transports to bind to. If specified here # then IPAddress, and port settings above are ignored. # Transports MUST be numbered in sequential order, starting from 1. Possible settings are: # TransportInterface = : - Note: For IPv6 addresses last colon separates # IP Address and Port - square bracket notation # is not used. # TransportType = <'TCP'|'UDP'|'TLS'|'DTLS'|'WS'|'WSS'> - default is UDP if missing # TransportTlsDomain = - only required if transport is TLS, DTLS or WSS # TransportTlsCertificate = - only for TLS, DTLS or WSS # TransportTlsPrivateKey = - only for TLS, DTLS or WSS # TransportTlsClientVerification = <'None'|'Optional'|'Mandatory'> - default is None # TransportRecordRouteUri = <'auto'|URI> - if set to auto then record route URI # is automatically generated from the other # transport settings. Otherwise explicity # enter the full URI you want repro to use. # Do not specify 'auto' if you specified # the IPAddress as INADDR_ANY (0.0.0.0). # If nothing is specified then repro will # use the global RecordRouteUri setting. # # TransportRcvBufLen = - currently only applies to UDP transports, # leave empty to use OS default # Example: # Transport1Interface = 192.168.1.106:5060 # Transport1Type = TCP # Transport1RecordRouteUri = auto # # Transport2Interface = 192.168.1.106:5060 # Transport2Type = UDP # Transport2RecordRouteUri = auto # Transport2RcvBufLen = 10000 # # Transport3Interface = 192.168.1.106:5061 # Transport3Type = TLS # Transport3TlsDomain = sipdomain.com # Transport3TlsCertificate = /etc/ssl/crt/sipdomain.com.crt # Transport3TlsPrivateKey = /etc/ssl/private/sipdomain.com.key # Transport3TlsClientVerification = Mandatory # Transport3RecordRouteUri = sip:h1.sipdomain.com;transport=TLS # # Transport4Interface = 2666:f0d0:1008:88::4:5060 # Transport4Type = UDP # Transport4RecordRouteUri = auto # Transport5Interface = 192.168.1.106:5062 # Transport5Type = WS # Transport5RecordRouteUri = auto # Transport6Interface = 192.168.1.106:5063 # Transport6Type = WSS # Transport6TlsDomain = sipdomain.com # Transport6TlsClientVerification = None # Transport6RecordRouteUri = sip:h1.sipdomain.com;transport=WS # Comma separated list of DNS servers, overrides default OS detected list (leave blank # for default) DNSServers = # Enable IPv6 EnableIPv6 = true # Enable IPv4 DisableIPv4 = false # Comma separated list of IP addresses used for binding the HTTP configuration interface # and/or certificate server. If left blank it will bind to all adapters. HttpBindAddress = 127.0.0.1, ::1 # Port on which to run the HTTP configuration interface and/or certificate server # 0 to disable (default: 5080) HttpPort = 5080 # disable HTTP challenges for web based configuration GUI DisableHttpAuth = false # Realm to use for HTTP admin interface digest authentication HttpAdminRealm = repro # File containing user/password details # # The format is: # # username:realm:HA1 # # where # # user = admin # realm = the value from HttpAdminRealm # HA1 = `echo -n user:realm:password | md5sum` # # You can use the htdigest utility from Apache to create and # manage this file # HttpAdminUserFile = /etc/repro/users.txt # Comma separated list of IP addresses used for binding the Command Server listeners. # If left blank it will bind to all adapters. CommandBindAddress = 127.0.0.1, ::1 # Port on which to listen for and send XML RPC messaging used in command processing # 0 to disable (default: 5081) CommandPort = 5081 # Port on which to listen for and send XML RPC messaging used in registration sync # process - 0 to disable (default: 0) RegSyncPort = 0 # Hostname/ip address of another instance of repro to synchronize registrations with # (note xmlrpcport must also be specified) RegSyncPeer = # Non-outbound connections over this age (expressed in seconds) are # considered eligible for garbage collection. # If not set but FlowTimer is set, then this value defaults to 7200 seconds # Otherwise, there is no garbage collection at all unless an error occurs # when making an outgoing connection. TCPConnectionGCAge = 7200 # File descriptor headroom threshold for emergency garbage collection # If the difference between the number of permitted FDs # (reported by periodic calls to getrlimit()) and the number # of active stream connections falls below this threshold, # the garbage collector will overlook TCPConnectionGCAge and # FlowTimer settings and more aggressively close connections # By default, this feature is not enabled # Remember that the value must be high enough to allow file descriptors # for each shared library that is open, each database connection, # each listening socket and any sockets/files accessed by plugins #TCPMinimumGCHeadroom = ######################################################## # Misc settings ######################################################## # Directory where plugins are located # The default is determined at build time depending upon the # target environment and the installation prefix passed to # the configure script #PluginDirectory = /usr/lib/repro/plugins # List of plugins to load (comma-separated list) # These are the names of the plugins and not the full filenames # Order is important: the plugins will always be loaded and # initialized in the order specified here # Plugins are not supported on all platforms and plugin support is an # optional feature that must be enabled at compile time. # # For example, to load the plugin named "example", which is in libexample.so: #LoadPlugins = example # Drop privileges and run as some other user and group # If RunAsUser is specified and RunAsGroup is not specified, # then setgid will be invoked using the default group for # the specified user # If neither option is specified, then no attempt will be made # to call setuid/setgid (there is no default value) RunAsUser = repro RunAsGroup = repro # Must be true or false, default = false, not supported on Windows Daemonize = true # On UNIX it is normal to create a PID file # if unspecified, no attempt will be made to create a PID file PidFile = /var/run/repro/repro.pid # Path to load certificates from (optional, there is no default) # Note that repro loads ALL root certificates found by any of the settings # # CertificatePath # CADirectory # CAFile # # Setting one option does not disable the other options. # # Certificates in this location have to match one of the filename # patterns expected by the legacy reSIProcate SSL code: # # domain_cert_NAME.pem, root_cert_NAME.pem, ... # # For domain certificates, it is recommended to use the options # for individual transports, such as TransportXTlsCertificate and # TransportXTlsPrivateKey and not set CertificatePath at all. # CertificatePath = # Path to load root certificates from # Iff this directory is specified, all files in the directory # will be loaded as root certificates, prefixes and suffixes are # not considered # Note that repro loads ALL root certificates found by the settings # CertificatePath, CADirectory and CAFile. Setting one option does # not disable the other options. # On Debian, the typical location is /etc/ssl/certs CADirectory = /etc/ssl/certs # Specify a single file containing one or more root certificates # and possible chain/intermediate certificates to be loaded # Iff this filename is specified, the certificates in the file will # be loaded as root certificates # # This does NOT currently support bundles of unrelated root certificates # stored in the same PEM file, it ONLY supports related/chained root # certificates. If multiple roots must be supported, use the CADirectory # option. # # In the future, this behavior may change to load a bundle, # such as /etc/ssl/certs/ca-certificates.txt on Debian and # /etc/pki/tls/cert.pem on Red Hat/CentOS # # Note that repro loads ALL root certificates found by the settings # CertificatePath, CADirectory and CAFile. Setting one option does # not disable the other options. # # This example loads just the CACert.org chain, which typically # includes the class 1 root and the class 3 root (signed by the class 1 root) #CAFile = /etc/ssl/certs/cacert.org.pem # The Path to read and write Berkely DB database files DatabasePath = /var/lib/repro # The hostname running MySQL server to connect to, leave blank to use BerkelyDB. # The value of host may be either a host name or an IP address. If host is "localhost", # a connection to the local host is assumed. For Windows, the client connects using a # shared-memory connection, if the server has shared-memory connections enabled. Otherwise, # TCP/IP is used. For Unix, the client connects using a Unix socket file. For a host value of # "." on Windows, the client connects using a named pipe, if the server has named-pipe # connections enabled. If named-pipe connections are not enabled, an error occurs. # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work. MySQLServer = # The MySQL login ID to use when connecting to the MySQL Server. If user is empty string "", # the current user is assumed. Under Unix, this is the current login name. Under Windows, # the current user name must be specified explicitly. MySQLUser = root # The password for the MySQL login ID specified. MySQLPassword = root # The database name on the MySQL server that contains the repro tables MySQLDatabaseName = repro # If port is not 0, the value is used as the port number for the TCP/IP connection. Note that # the host parameter determines the type of the connection. MySQLPort = 3306 # The Users and MessageSilo database tables are different from the other repro configuration # database tables, in that they are accessed at runtime as SIP requests arrive. It may be # desirable to use BerkeleyDb for the other repro tables (which are read at starup time, then # cached in memory), and MySQL for the runtime accessed tables; or two seperate MySQL instances # for these different table sets. Use the following settings in order to specify a seperate # MySQL instance for use by the Users and MessageSilo tables. # # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work. # # Note: If this setting is left blank then repro will fallback all remaining my sql # settings to use the global MySQLServer settings. If the MySQLServer setting is also # blank, then repro will use BerkelyDB for all configuration tables. See the # documentation on the global MySQLServer settings for more details on the following # individual settings. RuntimeMySQLServer = RuntimeMySQLUser = root RuntimeMySQLPassword = root RuntimeMySQLDatabaseName = repro RuntimeMySQLPort = 3306 # If you would like to be able to authenticate users from a MySQL source other than the repro user # database table itself, then specify the query here. The following conditions apply: # 1. The database table must reside on the same MySQL server instance as the repro database # or Runtime tables database. # 2. The statement provided will be UNION'd with the hardcoded repro query, so that auth from # both sources is possible. Note: If the same user exists in both tables, then the repro # auth info will be used. # 3. The provided SELECT statement must return the SIP A1 password hash of the user in question. # 4. The provided SELECT statement must contain two tags embedded into the query: $user and $domain # These tags should be used in the WHERE clause, and repro will replace these tags with the # actual user and domain being queried. # Example: SELECT sip_password_ha1 FROM directory.users WHERE sip_userid = '$user' AND # sip_domain = '$domain' AND account_status = 'active' MySQLCustomUserAuthQuery = # Session Accounting - When enabled resiprocate will push a JSON formatted # events for sip session related messaging that the proxy receives, # to a persistent message queue that uses berkeleydb backed storage. # The following session events are logged: # Session Created - INVITE passing authentication was received # Session Routed - received INVITE was forward to a target # Session Redirected - session was 3xx redirected or REFERed # Session Established - there was 2xx answer to an INVITE (only generate for first 2xx) # Session Cancelled - CANCEL was received # Session Ended - BYE was received from either end # Session Error - a 4xx, 5xx, or 6xx response was sent to the inviter # Consuming Accounting Events: # Users must ensure that this message queue is consumed, or it will grow without # bound. A queuetostream consumer process is provided, that will consume the # events from the message queue and stream them to stdout. This output stream can # be consumed by linux scripting tools and converted to database records or some # other relevant representation of the data. # For example: ./queuetostream ./sessioneventqueue > streamconsumer # In the future a MySQL consumer may also be provided in order to update # session accounting records in a MySQL database table. SessionAccountingEnabled = false # The following setting determines if repro will add routing header information # (ie. Route, and Record-Route headers)to the Session Created, Session Routed # and Session Established events. SessionAccountingAddRoutingHeaders = false # The following setting determines if we will add via header information to # the Session Created event. SessionAccountingAddViaHeaders = false # Registration Accounting - When enabled resiprocate will push a JSON formatted # events for every registration, re-registration, and unregistration message # received to a persistent message queue that uses berkeleydb backed storage. # The following registration events are logged: # Registration Added - initial registration received # Registration Refreshed - registration refresh received / re-register # Registration Removed - registration removed by client / unregister # Registration Removed All - all contacts registration remove / unregister # Consuming Accounting Events: # Users must ensure that this message queue is consumed, or it will grow without # bound. A queuetostream consumer process is provided, that will consume the # events from the message queue and stream them to stdout. This output stream can # be consumed by linux scripting tools and converted to database records or some # other relevant representation of the data. # For example: ./queuetostream ./regeventqueue > streamconsumer # In the future a MySQL consumer may also be provided in order to update # login/registration accounting records in a MySQL database table. RegistrationAccountingEnabled = false # The following setting determines if repro will add routing header information # (ie. Route and Path headers)to registration accounting events. RegistrationAccountingAddRoutingHeaders = false # The following setting determines if we will add via header information to # the registration accounting events. RegistrationAccountingAddViaHeaders = false # The following setting determines if we log the RegistrationRefreshed events RegistrationAccountingLogRefreshes = false # Run a Certificate Server - Allows PUBLISH and SUBSCRIBE for certificates EnableCertServer = false # Value of server and user agent headers for local UAS and registration # server responses # # Default value is "repro PACKAGE_VERSION" if PACKAGE_VERSION is defined # during compilation and no header is generated at all otherwise # #ServerText = # Enables Congestion Management CongestionManagement = true # Congestion Management Metric - can take one of the following values: # SIZE : Based solely on the number of messages in each fifo # TIME_DEPTH : Based on the age of the oldest (front-most) message # in each fifo. # WAIT_TIME : Based on the expected wait time for each fifo; this is # calculated by multiplying the size by the average service time. # This is the recommended metric. CongestionManagementMetric = WAIT_TIME # Congestion Management Tolerance for the given metric. This determines when the RejectionBehavior # changes. # 0-80 percent of max tolerance -> NORMAL (Not rejecting any work.) # 80-100 percent of max tolerance -> REJECTING_NEW_WORK (Refuses new work, # not continuation of old work.) # >100 percent of max tolerance -> REJECTING_NON_ESSENTIAL (Rejecting all work # that is non-essential to the health of the system (ie, if dropping # something is liable to cause a leak, instability, or state-bloat, don't drop it. # Otherwise, reject it.) # Units specified are dependent on Metric specified above: # If Metric is SIZE then units are number of messages # If Metric is TIME_DEPTH then units are the number seconds old the oldest message is # If Metric is WAIT_TIME then units are the expected wait time of each fifo in milliseconds CongestionManagementTolerance = 200 # Specify the number of seconds between writes of the stack statistics block to the log files. # Specifying 0 will disable the statistics collection entirely. If disabled the statistics # also cannot be retreived using the reprocmd interface. StatisticsLogInterval = 3600 # Use MultipleThreads stack processing. ThreadedStack = true # The number of worker threads used to asynchronously retrieve user authentication information # from the database store. NumAuthGrabberWorkerThreads = 2 # The number of worker threads in Async Processor tread pool. Used by all Async Processors # (ie. RequestFilter) NumAsyncProcessorWorkerThreads = 2 # Specify domains for which this proxy is authorative (in addition to those specified on web # interface) - comma separate list # Notes: * Domains specified here cannot be used when creating users, domains used in user # AORs must be specified on the web interface. # * In previous versions of repro, localhost, 127.0.0.1, the machine's hostname, # and all interface addresses would automatically be appended to this # configuration parameter. From now on, such values must be listed # here explicitly if required, e.g. # # Domains = localhost, 127.0.0.1, sip-server.example.org, 10.83.73.80 # # although when using TLS only, it is not desirable or necessary to # add such values. # Domains = # Uri to use as Record-Route RecordRouteUri = # Force record-routing # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using # the alternate transport specification mechanism and defining a RecordRouteUri per # transport: TransportXRecordRouteUri ForceRecordRouting = false # Assume path option AssumePath = false # Disable registrar DisableRegistrar = false # Specify a comma separate list of enum suffixes to search for enum dns resolution EnumSuffixes = # Specify the target domain(s) for ENUM logic support. When a dialed SIP URI # is addressed to +number@somedomain, # where somedomain is an element of EnumDomains, # the ENUM logic will be applied for the number # If empty, ENUM is never used EnumDomains = # Specify length of timer C in sec (0 or negative will disable timer C) - default 180 TimerC = 180 # Override the default value of T1 in ms (you probably should not change this) - leave # as 0 to use default of 500ms) TimerT1 = 0 # Disable outbound support (RFC5626) # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using # the alternate transport specification mechanism and defining a RecordRouteUri per # transport: TransportXRecordRouteUri DisableOutbound = true # Set the draft version of outbound to support (default: RFC5626) # Other accepted values are the versions of the IETF drafts, before RFC5626 was issued # (ie. 5, 8, etc.) OutboundVersion = 5626 # There are cases where the first hop in a particular network supports the concept of outbound # and ensures all messaging for a client is delivered over the same connection used for # registration. This could be a SBC or other NAT traversal aid router that uses the Path # header. However such endpoints may not be 100% compliant with outbound RFC and may not # include a ;ob parameter in the path header. This parameter is required in order for repro # to have knowledge that the first hop does support outbound, and it will reject registrations # that appear to be using outboud (ie. instanceId and regId) with a 439 (First Hop Lacks Outbound # Support). In this case it can be desirable when using repro as the registrar to not reject # REGISTRATION requests that contain an instanceId and regId with a 439. # If this setting is enabled, then repro will assume the first hop supports outbound # and not return this error. AssumeFirstHopSupportsOutbound = false # Enable use of flow-tokens in non-outbound cases # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using # the alternate transport specification mechanism and defining a RecordRouteUri per # transport: TransportXRecordRouteUri EnableFlowTokens = false # Enable use of flow-tokens in non-outbound cases for clients detected to be behind a NAT. # This a more selective flow token hack mode for clients not supporting RFC5626. The # original flow token hack (EnableFlowTokens) will use flow tokens on all client requests. # Possible values are: DISABLED, ENABLED and PRIVATE_TO_PUBLIC. # WARNING: Before enabling this, ensure you have a RecordRouteUri setup, or are using # the alternate transport specification mechanism and defining a RecordRouteUri per # transport: TransportXRecordRouteUri ClientNatDetectionMode = DISABLED # Set to greater than 0 to enable addition of Flow-Timer header to REGISTER responses if # outbound is enabled (default: 0) FlowTimer = 0 ######################################################## # CertificateAuthenticator Monkey Settings ######################################################## # Enables certificate authenticator - note you MUST use a TlsTransport # with TlsClientVerification set to Optional or Mandatory. # There are two levels of checking: # a) cert must be signed by a CA trusted by the stack # b) the CN or one of the subjectAltName values must match the From: # header of each SIP message on the TlsConnection # Examples: # Cert 1: # common name = daniel@pocock.com.au # => From: is the only value that will pass # Cert 2: # subjectAltName = pocock.com.au # => From: <@pocock.com.au> will be accepted # Typically, case 1 is for a real client connection (e.g. Jitsi), case 2 # (whole domain) is for federated SIP proxy-to-proxy communication (RFC 5922) EnableCertificateAuthenticator = false # A static text file that contains mappings of X.509 Common Names to # permitted SIP `From:' addresses # # Without this file, the default behavior of the CertificateAuthenticator # ensures that the `From:' address in SIP messages must match the # Common Name or one of the subjectAltNames from the X.509 certificate # # When this file is supplied, the CertificateAuthenticator will continue # to allow SIP messages where there is an exact match between the # certificate and the `From:' address, but it will also allow # the holder of a particular certificate to use any of the `mapped' # `From:' addresses specified in the mappings file # # Default: there is no default value: if this filename is not specified, # repro will not look for it # # File format: # common name,,... # # where: # is exactly one tab # is `user@domain' or just `domain' # #CommonNameMappings = /etc/repro/tlsUserMappings.txt ######################################################## # DigestAuthenticator Monkey Settings ######################################################## # Disable DIGEST challenges - disables this monkey DisableAuth = false # Always use a specified realm name to challenge # Default behavior (if StaticRealm not specified) is to challenge # using the hostname from the request URI as the realm StaticRealm = # Enable RADIUS lookups (only works if DIGEST enabled) # Default: false #EnableRADIUS = true # Specify the configuration file the RADIUS client should use # This is the file that specifies the name of the RADIUS server to # use and other essential parameters. # If different processes each have different RADIUS parameters, # they can copy the radiusclient.conf file to a non-standard location # and modify it as required. # # Note the following: # - the seqfile specified in the RADIUS configuration file # must be writeable by the user the repro process runs as. # It is a good idea to locate that file in a directory such as /var/run/repro # owned by repro # - the dictionary must include various elements such as Sip-Session, # copy these from the sample dictionary.sip file # Default: /etc/radiusclient/radiusclient.conf #RADIUSConfiguration = # Http hostname for this server (used in Identity headers) HttpHostname = # Disable adding identity headers DisableIdentity = false # Enable addition and processing of P-Asserted-Identity headers EnablePAssertedIdentityProcessing = false # Disable auth-int DIGEST challenges DisableAuthInt = false # Send 403 if a client sends a bad nonce in their credentials (will send a new # challenge otherwise) RejectBadNonces = false # allow To tag in registrations AllowBadReg = false ######################################################## # Cookie Authentication Settings ######################################################## # Shared secret for cookie HMAC validation. If there is no WSCookieAuthSharedSecret # there will be no cookie validation. # # See # http://www.resiprocate.org/SIP_Over_WebSocket_Cookies # for details of the cookie authentication scheme # # WSCookieAuthSharedSecret = # Names of the cookies to use for the cookie authentication protocol # These are the default values: #WSCookieNameInfo = WSSessionInfo #WSCookieNameExtra = WSSessionExtra #WSCookieNameMAC = WSSessionMAC # Name of the extension header that must match the content of # the authenticated WSSessionExtra cookie #WSCookieExtraHeaderName = X-WS-Session-Extra ######################################################## # RequestFilter Monkey Settings ######################################################## # Disable RequestFilter monkey processing DisableRequestFilterProcessor = false # Default behavior for when no matching filter is found. Leave empty to allow # request processing to continue. Otherwise set to a SIP status error code # (400-699) that should be used to reject the request (ie. 500, Server Internal # Error). # The status code can optionally be followed by a , and SIP reason text. RequestFilterDefaultNoMatchBehavior = # Default behavior for SQL Query db errors. Leave empty to allow request processing # to continue. Otherwise set to a SIP status error code (400-699) that should be # used to reject the request (ie. 500 - Server Internal Error). # The status code can optionally be followed by a , and SIP reason text. # Note: DB support for this action requires MySQL support. RequestFilterDefaultDBErrorBehavior = 500, Server Internal DB Error # The hostname running MySQL server to connect to for any blocked entries # that are configured to used a SQL statement. # WARNING: repro must be compiled with the USE_MYSQL flag in order for this work. # # Note: If this setting is left blank then repro will fallback all remaining my sql # settings to use the global RuntimeMySQLServer or MySQLServer settings. See the # documentation on the global MySQLServer settings for more details on the following # individual settings. RequestFilterMySQLServer = RequestFilterMySQLUser = root RequestFilterMySQLPassword = root RequestFilterMySQLDatabaseName = RequestFilterMySQLPort = 3306 ######################################################## # StaticRoute Monkey Settings ######################################################## # Specify where to route requests that are in this proxy's domain - disables the # routes in the web interface and uses a SimpleStaticRoute monkey instead. # A comma seperated list of routes can be specified here and each route will # be added to the outbound Requests with the RequestUri left in tact. Routes = # Parallel fork to all matching static routes ParallelForkStaticRoutes = false # By default (false) we will stop looking for more Targets if we have found # matching routes. Setting this value to true will allow the LocationServer Monkey # to run after StaticRoutes have been found. In this case the matching # StaticRoutes become fallback targets, processed only after all location server # targets fail. ContinueProcessingAfterRoutesFound = false # Challenge calls from third-party domains to local domains # If certificate authentication is enabled and a # request arrives over TLS, they will still not be # challenged anyway if their domain certificate # validates their message. # Default: true if DIGEST challenge is enabled ChallengeThirdPartiesCallingLocalDomains = false ######################################################## # Message Silo Monkey Settings ######################################################## # Specify where the Message Silo is enabled or not. If enabled, # then repro will store MESSAGE requests for users that are not online. # When the user is back online (ie. registers with repro), the stored # messages will be delivered. MessageSiloEnabled = false # A regular expression that can be used to filter which URI's not to # do message storage (siloing) for. Destination/To URI's matching # this regular expression will not be silo'd. MessageSiloDestFilterRegex = # A regular expression that can be used to filter which body/content/mime # types not to do message storage (siloing) for. Content-Type's matching # this regular expression will not be silo'd. MessageSiloMimeTypeFilterRegex = application\/im\-iscomposing\+xml # The number of seconds a message request will be stored in the message silo. # Messages older than this time, are candidates for deletion. # Default (259200 seconds = 30 days) MessageSiloExpirationTime = 2592000 # Flag to indicate if a Date header should be added to replayed SIP # MESSAGEs from the silo, when a user registers. MessageSiloAddDateHeader = true # Defines the maximum message content length (bytes) that will be stored in # the message silo. Messages with a Content-Length larger than this # value will be discarded. # WARNING: Do not increasing this value beyond the capabilities of the # database storage or internal buffers. # Note: AbstractDb uses a read buffer size of 8192 - do not exceed this size. MessageSiloMaxContentLength = 4096 # The status code returned to the sender when a messages is successfully # silo'd. MessageSiloSuccessStatusCode = 202 # The status code returned to the sender when a messages mime-type matches # the MessageSiloMimeTypeFilterRegex. Can be used to avoid sending errors # to isComposing mime bodies that don't need to be silod. Set to 0 to use # repro standard response (ie. 480). MessageSiloFilteredMimeTypeStatusCode = 200 # The status code returned to the sender when a messages is not silo'd due # to the MaxContentLength being exceeded. MessageSiloFailureStatusCode = 480 ######################################################## # Recursive Redirect Lemur Settings ######################################################## # Handle 3xx responses in the proxy - enables the Recursive Redirect Lemur RecursiveRedirect = false ######################################################## # Geo Proximity Target Sorter Baboon Settings ######################################################## # If enabled, then this baboon can post-process the target list. # This includes targets from the StaticRoute monkey and/or targets # from the LocationServer monkey. Requests that meet the filter # criteria will have their Target list, flatened (serialized) and # ordered based on the proximity of the target to the client sending # the request. Proximity is determined by looking for a # x-repro-geolocation="," parameter on the Contact # header of a received request, or the Contact headers of Registration # requests. If this parameter is not found, then this processor will # attempt to determine the public IP address closest to the client or # target and use the MaxMind Geo IP library to lookup the geo location. GeoProximityTargetSorting = false # Specify the full path to the IPv4 Geo City database file # Note: A free version of the database can be downloaded from here: # http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz # For a more accurate database, please see the details here: # http://www.maxmind.com/app/city GeoProximityIPv4CityDatabaseFile = GeoLiteCity.dat # Specify the full path to the IPv6 Geo City database file # Note: A free version of the database can be downloaded from here: # http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/ # For a more accurate database, please see the details here: # http://www.maxmind.com/app/city # Leave blank to disable V6 lookups. Saves memory (if not required). #GeoProximityIPv6CityDatabaseFile = GeoLiteCityv6.dat GeoProximityIPv6CityDatabaseFile = # This setting specifies a PCRE compliant regular expression to attempt # to match against the request URI of inbound requests. Any requests # matching this expression, will have their targets sorted as described # above. Leave blank to match all requests. GeoProximityRequestUriFilter = ^sip:mediaserver.*@mydomain.com$ # The distance (in Kilometers) to use for proximity sorting, when the # Geo Location of a target cannot be determined. GeoProximityDefaultDistance = 0 # If enabled, then targets that are determined to be of equal distance # from the client, will be placed in a random order. LoadBalanceEqualDistantTargets = true ######################################################## # Q-Value Target Handler Baboon Settings ######################################################## # Enable sequential q-value processing - enables the Baboon QValue = true # Specify forking behavior for q-value targets: FULL_SEQUENTIAL, EQUAL_Q_PARALLEL, # or FULL_PARALLEL QValueBehavior = EQUAL_Q_PARALLEL # Whether to cancel groups of parallel forks after the period specified by the # QValueMsBeforeCancel parameter. QValueCancelBetweenForkGroups = true # msec to wait before cancelling parallel fork groups when QValueCancelBetweenForkGroups # is true QValueMsBeforeCancel = 30000 # Whether to wait for parallel fork groups to terminate before starting new fork-groups. QValueWaitForTerminateBetweenForkGroups = true # msec to wait before starting new groups of parallel forks when # QValueWaitForTerminateBetweenForkGroups is false QValueMsBetweenForkGroups = 3000 debian/conf/reTurn/0000775000000000000000000000000012441103142011364 5ustar debian/conf/reTurn/users.txt0000664000000000000000000000130412441103142013264 0ustar # # reTurnServer user database file # # The format of each line is: # # login:password:realm:state # # Note: as of v1.9.0, the Debian packages enable # UserDatabaseHashedPasswords and so the password field must be # a HA1 hashed password. # # Typically, the realm field must match the value of AuthenticationRealm # defined in reTurnServer.config # # The state field (not case sensitive) can be one of: # # authorized (user authorized) # refused (user denied access) # restricted (for when bandwidth limiting is implemented) # # This file format is interchangeable with TurnServer.org's user database # # Comments can be inserted by starting a line with # # test:foobar:example.org:REFUSED debian/conf/reTurnServer.config0000664000000000000000000002010412441103142013737 0ustar ######################################################## # reTurnServer configuration file ######################################################## # Software name to include in STUN messages # Set this to an empty string to reveal no software # name information in STUN messages. # Default: reTURNServer (RFC5389) # The default also includes the software version on # those platforms where PACKAGE_VERSION is defined # at compile time. #SoftwareName = # Whether or not to pad the SoftwareName value to # a multiple of four bytes for compatibility with # legacy clients. Default: true #PadSoftwareName = true ######################################################## # Transport settings ######################################################## # Local IP Address to bind base STUN/TURN transports to. # Note: This is the IP Address that clients should be configured to # send STUN/TURN traffic to. # Warning: If you are enabling RFC3489 backwards compatability # (see AltStunAddress and AltStunPort settings), then do # not leave this set to INADDR_ANY (0.0.0.0), place # a valid IP address from a local NIC here. TurnAddress = 0.0.0.0 # Local IPv6 Address to bind base STUN/TURN transports to. # Note: This is the IP Address that IPv6 clients should be configured to # send STUN/TURN traffic to. # Not currently supported with RFC3489 backwards compatability TurnV6Address = ::0 # Local UDP/TCP Port to bind base STUN/TURN transports to. # Note: This is the port that clients should be configured to # send STUN/TURN traffic over UDP and TCP. # reTurn will always bind on this port using both UDP and TCP. TurnPort = 3478 # Local TLS Port to bind base STUN/TURN transports to. # Note: This is the port that clients should be configured to # send STUN/TURN traffic over TLS. # Set this to 0 to disable TLS support. # The default port for STUN over TLS is 5349 # It is often necessary to use port 443 instead so that # users can connect through a HTTP proxy that only allows # traffic that appears to be going to a HTTPS server. TlsTurnPort = 0 # Local IP Address to bind the transports used in Classic Stun # NAT type discovery. Note: This address is only required if # you need Classic Stun (RFC3489) support. # It must be different from the TurnAddress setting, and a valid # local IP Address. Use 0.0.0.0 to disable RFC3489 backwards compatbility # support. # Note: The STUN/TURN Client should not be configured with this # address anywhere. This address is discovered by clients # in Binding responses that are sent to the TurnAddress. AltStunAddress = 0.0.0.0 # Local UDP Port to bind classic STUN (RFC3489) transports to. # Set AltStunPort to 0 to disable any RFC3489 backwards compatibility, # if you do not have a need to support the NAT type discovery procedures # of RFC3489. # Note: STUN/TURN Client should not be configured with this port anywhere. # This port is discovered by clients in Binding responses that are # sent to the TurnAddress/TurnPort. AltStunPort = 0 ######################################################## # Logging settings ######################################################## # Logging Type: syslog|cerr|cout|file LoggingType = file # Logging level: NONE|CRIT|ERR|WARNING|INFO|DEBUG|STACK LoggingLevel = WARNING # Log Filename LogFilename = /var/log/reTurnServer/reTurnServer.log # Log file Max Size LogFileMaxLines = 0 ######################################################## # UNIX related settings ######################################################## # Must be true or false, default = false, not supported on Windows Daemonize = true # On UNIX it is normal to create a PID file # if unspecified, no attempt will be made to create a PID file PidFile = /var/run/reTurnServer/reTurnServer.pid # UNIX account information to run process as RunAsUser = return RunAsGroup = return ######################################################## # Authentication settings ######################################################## # Authentication Realm for Long Term Passwords AuthenticationRealm = reTurn # File containing user authentication data. # The format of each line is: # # login:password:realm:state # # Typically, the realm field must match the value of AuthenticationRealm # defined above. # # The state field can be one of: # # authorized (user authorized) # refused (user denied access) # restricted (for when bandwidth limiting is implemented) # # This file format is interchangeable with TurnServer.org's user database # UserDatabaseFile = /etc/reTurn/users.txt # Hashed passwords in the user database file # This option specifies whether the passwords are plain text # or hashed with the scheme H(A1) # # When hashed passwords are enabled by this configuration setting, # the values in the password column are the MD5 hash # represented in hexadecimal # # To create a hashed password for the following credentials: # # user: bob # realm: example.org # password: foobar # # you can issue a command such as: # # echo -n bob:example.org:foobar | md5sum # # WARNING: the hashing scheme prevents recovery of the plain text # password. However, H(A1) hash values must still be kept # secret as they can be used to impersonate the user. # Therefore, the user database file should always be readable # only by the reTurn process and no other regular users. # UserDatabaseHashedPasswords = true # How frequently to check the user database file for changes # Set to 0 to only load the file once at startup # Default = 60 seconds UserDatabaseCheckInterval = 60 ######################################################## # TURN Allocation settings ######################################################## NonceLifetime = 3600 # The starting port number to use for TURN allocations. # This number MUST be an even number, in order to ensure # proper operation for allocation of RTP port pairs. # Default: 49152 (start of the Dynamic and/or Private Port range # - recommended by RFC) AllocationPortRangeMin = 49152 # The ending port number to use for TURN allocations. # This number MUST be an odd number, in order to ensure # proper operation for allocation of RTP port pairs. # Default: 65535 (end of the Dynamic and/or Private Port range # - recommended by RFC) AllocationPortRangeMax = 65535 # Default time (in seconds) that an allocation will expire if an allocation # refresh request is not sent. Default is 600 (10 minutes). DefaultAllocationLifetime = 600 # Maximum time (in seconds) allowed that will be accepted in an allocation requests # lifetime header (ie. between TURN allocation refreshes). If an allocation is # received with a higher lifetime, then the response will be returned with this # value instead. Default is 3600 (1 hour). MaxAllocationLifetime = 3600 ######################################################## # SSL/TLS Certificate settings ######################################################## # TLS Server Certificate Filename (loaded from working directory) # The PEM formated file that contains the server certificate. # If the CA supplies an intermediate certificate chain, those # certificates should also be appened to this file. # The private key may optionally be included in this file # or in a separate key file specified by TlsServerPrivateKeyFilename TlsServerCertificateFilename = server.pem # TLS Server Private Key Filename (loaded from working directory) # The PEM formated file that contains the private key of the certificate # that will be presented to clients connecting over TLS. # If not specified, reTurn will also try to find the private key # in the file specified by TlsServerCertificateFilename TlsServerPrivateKeyFilename = server-key.pem # TLS temporary Diffie-Hellman parameters file (loaded from working directory) # Can be generated with the command: # # openssl dhparam -outform PEM -out dh512.pem 512 # TlsTempDhFilename = /etc/reTurn/dh512.pem # TLS server private key certificate password required to read # from PEM file. Leave blank if key is not encrypted. TlsPrivateKeyPassword = debian/conf/repro/0000775000000000000000000000000012441103142011234 5ustar debian/conf/repro/users.txt0000664000000000000000000000012612441103142013135 0ustar # default user admin with password admin admin:repro:587c67fddee5b46eef47c36d93016965 debian/resiprocate-turn-server.install0000664000000000000000000000015112441103142015357 0ustar usr/sbin/reTurnServer debian/conf/reTurnServer.config etc/reTurn debian/conf/reTurn/users.txt etc/reTurn debian/sipdialer.docs0000664000000000000000000000011012441103142011776 0ustar apps/sipdial/README.txt apps/sipdial/test.html apps/sipdial/sipdial.cfg debian/patches/0000775000000000000000000000000012441552660010624 5ustar debian/patches/series0000664000000000000000000000007512441550014012032 0ustar 0001-use-SSLv23_method.patch 0002-client-avoid-TLSv1_2.patch debian/patches/0002-client-avoid-TLSv1_2.patch0000664000000000000000000000104012441550005015714 0ustar diff --git a/resip/stack/ssl/TlsConnection.cxx b/resip/stack/ssl/TlsConnection.cxx index c3537aa..145d089 100644 --- a/resip/stack/ssl/TlsConnection.cxx +++ b/resip/stack/ssl/TlsConnection.cxx @@ -122,6 +122,11 @@ TlsConnection::TlsConnection( Transport* transport, const Tuple& tuple, } SSL_set_verify(mSsl, verify_mode, 0); } + else + { + // some TLS v1.2 servers have been troublesome + SSL_set_options(mSsl, SSL_OP_NO_TLSv1_2); + } mBio = BIO_new_socket((int)fd,0/*close flag*/); assert( mBio ); debian/patches/0001-use-SSLv23_method.patch0000664000000000000000000000764312441547533015366 0ustar diff --git a/repro/ReproRunner.cxx b/repro/ReproRunner.cxx index 929392b..a2f09de 100644 --- a/repro/ReproRunner.cxx +++ b/repro/ReproRunner.cxx @@ -1338,6 +1338,7 @@ ReproRunner::addTransports(bool& allTransportsSpecifyRecordRoute) wsCookieContextFactory.reset(new BasicWsCookieContextFactory(infoCookieName, extraCookieName, macCookieName)); } + SecurityTypes::SSLType defaultSSLType = SecurityTypes::SSLv23; try { // Check if advanced transport settings are provided @@ -1448,7 +1449,7 @@ ReproRunner::addTransports(bool& allTransportsSpecifyRecordRoute) ipAddr, // interface to bind to tlsDomain, Data::Empty, // private key passphrase - not currently used - SecurityTypes::TLSv1, // sslType + defaultSSLType, // sslType 0, // transport flags tlsCertificate, tlsPrivateKey, cvm, // tls client verification mode @@ -1576,8 +1577,8 @@ ReproRunner::addTransports(bool& allTransportsSpecifyRecordRoute) } if (tlsPort) { - if (mUseV4) mSipStack->addTransport(TLS, tlsPort, V4, StunEnabled, Data::Empty, tlsDomain, Data::Empty, SecurityTypes::TLSv1, 0, tlsCertificate, tlsPrivateKey, cvm, useEmailAsSIP); - if (mUseV6) mSipStack->addTransport(TLS, tlsPort, V6, StunEnabled, Data::Empty, tlsDomain, Data::Empty, SecurityTypes::TLSv1, 0, tlsCertificate, tlsPrivateKey, cvm, useEmailAsSIP); + if (mUseV4) mSipStack->addTransport(TLS, tlsPort, V4, StunEnabled, Data::Empty, tlsDomain, Data::Empty, defaultSSLType, 0, tlsCertificate, tlsPrivateKey, cvm, useEmailAsSIP); + if (mUseV6) mSipStack->addTransport(TLS, tlsPort, V6, StunEnabled, Data::Empty, tlsDomain, Data::Empty, defaultSSLType, 0, tlsCertificate, tlsPrivateKey, cvm, useEmailAsSIP); } if (wsPort) { @@ -1586,13 +1587,13 @@ ReproRunner::addTransports(bool& allTransportsSpecifyRecordRoute) } if (wssPort) { - if (mUseV4) mSipStack->addTransport(WSS, wssPort, V4, StunEnabled, Data::Empty, tlsDomain, Data::Empty, SecurityTypes::TLSv1, 0, tlsCertificate, tlsPrivateKey, cvm, useEmailAsSIP, basicWsConnectionValidator, wsCookieContextFactory); - if (mUseV6) mSipStack->addTransport(WSS, wssPort, V6, StunEnabled, Data::Empty, tlsDomain, Data::Empty, SecurityTypes::TLSv1, 0, tlsCertificate, tlsPrivateKey, cvm, useEmailAsSIP, basicWsConnectionValidator, wsCookieContextFactory); + if (mUseV4) mSipStack->addTransport(WSS, wssPort, V4, StunEnabled, Data::Empty, tlsDomain, Data::Empty, defaultSSLType, 0, tlsCertificate, tlsPrivateKey, cvm, useEmailAsSIP, basicWsConnectionValidator, wsCookieContextFactory); + if (mUseV6) mSipStack->addTransport(WSS, wssPort, V6, StunEnabled, Data::Empty, tlsDomain, Data::Empty, defaultSSLType, 0, tlsCertificate, tlsPrivateKey, cvm, useEmailAsSIP, basicWsConnectionValidator, wsCookieContextFactory); } if (dtlsPort) { - if (mUseV4) mSipStack->addTransport(DTLS, dtlsPort, V4, StunEnabled, Data::Empty, tlsDomain, Data::Empty, SecurityTypes::TLSv1, 0, tlsCertificate, tlsPrivateKey); - if (mUseV6) mSipStack->addTransport(DTLS, dtlsPort, V6, StunEnabled, Data::Empty, tlsDomain, Data::Empty, SecurityTypes::TLSv1, 0, tlsCertificate, tlsPrivateKey); + if (mUseV4) mSipStack->addTransport(DTLS, dtlsPort, V4, StunEnabled, Data::Empty, tlsDomain, Data::Empty, defaultSSLType, 0, tlsCertificate, tlsPrivateKey); + if (mUseV6) mSipStack->addTransport(DTLS, dtlsPort, V6, StunEnabled, Data::Empty, tlsDomain, Data::Empty, defaultSSLType, 0, tlsCertificate, tlsPrivateKey); } } } debian/resiprocate-turn-server.dirs0000664000000000000000000000004012441103142014647 0ustar etc/reTurn var/log/reTurnServer debian/resiprocate-turn-server.README.Debian0000664000000000000000000000605712441103142016042 0ustar Configuration changes in v1.9 ----------------------------- The following two options from /etc/reTurnServer.config are no longer used and will be ignored: LongTermAuthUsername LongTermAuthPassword reTurn v1.9 is now reading a list of permitted usernames and passwords from a file. The filename must be specified in /etc/reTurnServer.config using the new configuration parameter UserDatabaseFile, for example: UserDatabaseFile = /etc/reTurnServer-users.txt Credentials are not required for STUN but they are mandatory for TURN. The reTurn server will not run without this configuration parameter. The users.tx file format is identical to the format used by the TurnServer.org project from the Jitsi community. Quickstart ---------- Everything is controlled from /etc/reTurnServer.config The daemon must be restarted after changing the config. Background ---------- Internet Connectivity Establishment (ICE) provides a solid solution to the problem of getting VoIP calls (both SIP and Jabber) through NAT environments. In particular, devices supporting ICE are able to probe the network topology to find the most efficient way to route RTP media streams. In some cases, the devices discover they are both on the same NAT network, and they can route RTP media to each other without any translation issues. In other cases, the devices discover that there is a co-operative NAT router that works with STUN. In about 10% of cases, the NAT routers are not co-operating, and a relay is needed. reTurnServer provides a solid implementation of such a relay. Recommendations --------------- As the ICE protocol is defined in a formal RFC and supported by a wide range of devices, it is highly recommended to use a solution like reTurn instead of solutions like rtpproxy (such solutions mangle the SIP packets and sometimes impose a relay when it is not actually required). When using ICE and TURN, it is highly recommended that SIP packets are routed over TLS (not regular TCP or UDP), for two reasons: - UDP packets are not big enough to store all the ICE route discovery attributes, such packets can be truncated or lost in the network - TCP and UDP can sometimes be mangled by SIP-aware routers that are trying to help you. In fact, this `help' was sometimes useful before ICE was invented, but when you are using ICE, a SIP-aware router can actually mangle the ICE attributes, and prevent call establishment. Bottom line: always use TLS. Practical stuff --------------- Set up DNS SRV records to help your devices discover the TURN server automatically. This makes it really easy. Lumicall, for example, will automatically discover TURN servers in this way. Some devices (such as Lumicall) will automatically try to authenticate their TURN session using the same credentials that they use for SIP. Therefore, it is a good idea to use RADIUS or some other mechanism to share credentials between the SIP proxy and TURN server. Getting help ------------ Please feel free to join the *-users mailing lists if you have questions: http://list.resiprocate.org/mailman/listinfo debian/resiprocate-turn-server.logrotate0000664000000000000000000000031612441103142015714 0ustar /var/log/reTurnServer/reTurnServer.log { rotate 14 daily compress missingok postrotate start-stop-daemon -K -p /var/run/reTurnServer/reTurnServer.pid -s HUP -x /usr/sbin/reTurnServer -q endscript } debian/copyright0000664000000000000000000002716612441103142011127 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: reSIProcate Upstream-Contact: reSIProcate developers Source: https://svn.resiprocate.org/viewsvn/resiprocate/main/ Files: * Copyright: 2000, Vovida Networks, Inc. 2000, Massachusetts Institute of Technology 2000, Jacob Butcher 2002, The Internet Society 2003, Jason Fischl 2004, Pingtel Corp. 2005, Purplecomm, Inc. 2005, Scott Godin / SIP Spectrum Inc. 2006, Peter Gutmann 2006, SIPfoundry Inc. 2007, Marcus Mueller and Helge Hess 2007, Plantronics, Inc. 2007, Eric Rescorla and Derek MacDonald 2008, RTFM, Inc. 2007-2012, Daniel Pocock 2012, Ready Technology (UK) Limited License: Vovida Comment: All work was originally licensed under the 4-clause Vovida license. Upstream developers have been contributing new material to the project using a 3-clause BSD license. Therefore, the overall project remains constrained by the 4th clause. Each file has comments inside indicating whether it was contributed under the 4-clause or less restrictive 3-clause license. When the product is used as a whole, the more restrictive 4-clause license is in effect. . This copyright file includes a copy of the Vovida license and also a copy of the BSD licenses used for newer parts of the code. . The project links against libradiusclient-ng2 which also has a BSD-derived 4-clause license. The 4th clause of the Vovida and libradiusclient-ng2 licenses are compatible and cumulative when used together. . The project links against OpenSSL which has a 5-clause license. The OpenSSL license clauses are compatible and cumulative when used together. Files: aclocal.m4 Makefile.in configure Copyright: 1992-2010, Free Software Foundation, Inc. License: autotools-artefacts Comment: The artefacts created by the autotools build system contain material copyright (C) Free Software Foundation, but with unlimited use rather than GPL. Files: b2bua/* apps/sipdial/* Copyright: 2012, Daniel Pocock License: BSD Files: apps/sipdial/MacOS/* Copyright: 2007, Marcus Mueller and Helge Hess License: BSD Files: rutil/dns/ares/* Copyright: 1998, Massachusetts Institute of Technology License: MIT Files: apps/clicktocall/* apps/ichat-gw/* Copyright: 2009, SIP Spectrum, Inc. License: BSD-SIPSpectrum Files: p2p/* Copyright: 2008, Various contributors to the Resiprocate project License: BSD Files: p2p/s2c/s2c/* Copyright: 2008, RTFM, Inc License: BSD Files: reflow/* resip/recon/* Copyright: 2007-2008, Plantronics, Inc. License: BSD-Plantronics and BSD-SIPSpectrum Files: reTurn/* Copyright: 2007-2008, Plantronics, Inc. 2011-2012, Daniel Pocock License: BSD-Plantronics and BSD Files: tfm/* Copyright: 2005, PurpleComm, Inc. 2000-2005 Vovida Networks, Inc License: BSD-PurpleComm Files: debian/* Copyright: 2012, Daniel Pocock and 2009, Gregor Jasny License: GPL-3+ On Debian systems, the full text of the GNU General Public License version 3 can be found in the file `/usr/share/common-licenses/GPL-3'. License: Vovida The Vovida Software License, Version 1.0 . Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . 3. The names "VOCAL", "Vovida Open Communication Application Library", and "Vovida Open Communication Application Library (VOCAL)" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact vocal@vovida.org. . 4. Products derived from this software may not be called "VOCAL", nor may "VOCAL" appear in their name, without prior written permission of Vovida Networks, Inc. . THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON-INFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL VOVIDA NETWORKS, INC. OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT DAMAGES IN EXCESS OF $1,000, NOR FOR ANY INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: BSD Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . 3. Neither the name of the author(s) nor the names of any contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: MIT Permission to use, copy, modify, and distribute this software and its documentation for any purpose and without fee is hereby granted, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission notice appear in supporting documentation, and that the name of M.I.T. not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. M.I.T. makes no representations about the suitability of this software for any purpose. It is provided "as is" without express or implied warranty. License: BSD-PurpleComm Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of PurpleComm, Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: BSD-SIPSpectrum Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . 3. Neither the name of SIP Spectrum nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: BSD-Plantronics Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: . 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. . 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. . 3. Neither the name of Plantronics nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. License: autotools-artefacts This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. debian/librecon-1.9.lintian-overrides0000664000000000000000000000112512441103142014641 0ustar # library package contains multiple libs that are always used together librecon-1.9 binary: package-name-doesnt-match-sonames # code is Vovida (BSD-like) licensed, only packaging is GPL librecon-1.9 binary: possible-gpl-code-linked-with-openssl # this is currently needed because the lintian check doesn't # seem to recognise libs created with libtool -release # (rather than the preferred libtool -version-info) # discussed on debian-mentors 2012-05-21 librecon-1.9 binary: dev-pkg-without-shlib-symlink # this is needed because of bug #673112 librecon-1.9 binary: hardening-no-fortify-functions debian/watch0000664000000000000000000000014012441103142010204 0ustar version=3 http://www.resiprocate.org/files/pub/reSIProcate/releases/resiprocate-(\d.+)\.tar\.gz debian/resiprocate-turn-server.docs0000664000000000000000000000002212441103142014636 0ustar reTurn/README.txt debian/libresiprocate-turn-client-1.9.lintian-overrides0000664000000000000000000000110212441103142020310 0ustar # package follows naming convention of other members of the reSIProcate suite libresiprocate-turn-client-1.9 binary: package-name-doesnt-match-sonames # this is a false positive, libreTurnClient is Vovida licensed, not GPL libresiprocate-turn-client-1.9 binary: possible-gpl-code-linked-with-openssl # this is currently needed because the lintian check doesn't # seem to recognise libs created with libtool -release # (rather than the preferred libtool -version-info) # discussed on debian-mentors 2012-05-21 libresiprocate-turn-client-1.9 binary: dev-pkg-without-shlib-symlink debian/repro.manpages0000664000000000000000000000004712441103142012025 0ustar repro/doc/repro.8 repro/doc/reprocmd.8 debian/libresiprocate-turn-client-1.9.install0000664000000000000000000000004012441103142016320 0ustar usr/lib/*/libreTurnClient-*.so* debian/repro.docs0000664000000000000000000000006612441103142011163 0ustar repro/README_MySQL.txt repro/create_mysql_reprodb.sql debian/repro.install0000664000000000000000000000046212441103142011701 0ustar usr/lib/*/librepro-*.so* usr/lib/*/resiprocate/repro/plugins/*.so usr/sbin/repro usr/sbin/reprocmd debian/conf/repro.config etc/repro debian/conf/repro/users.txt etc/repro repro/plugins/pyroute/*.py usr/share/doc/repro/examples/pyroute repro/plugins/pyroute/README.txt usr/share/doc/repro/examples/pyroute debian/resiprocate-turn-server.manpages0000664000000000000000000000002612441103142015505 0ustar reTurn/reTurnServer.8 debian/libresiprocate-1.9.README.Debian0000664000000000000000000000122212441103142014531 0ustar About this package ------------------ This package just contains the shared libraries It is built against the SSL and RADIUS libraries, so you can use those features of the stack if you want to. Documentation for developers ---------------------------- There is a large amount of documentation in various formats in the reSIProcate source tree. The documentation conventions (e.g. file formats and location) are not consistent throughout the whole project, so they are only represented in the package on a best-efforts basis. All the files can be obtained if necessary from the upstream source repository or by executing `apt-get source resiprocate' debian/repro.init0000664000000000000000000000410712441103142011176 0ustar #! /bin/sh ### BEGIN INIT INFO # Provides: repro # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: repro SIP Server # Description: repro SIP proxy server from the reSIProcate suite ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin NAME=repro BIN=repro DESC="SIP proxy" DAEMON=/usr/sbin/$BIN USER=repro GROUP=repro PIDFILE="/var/run/$BIN/$NAME.pid" PIDFILE_DIR=`dirname $PIDFILE` LOG_DIR=/var/log/repro KILL_SPEC=TERM/20/KILL/5 . /lib/lsb/init-functions test -x $DAEMON || exit 1 umask 002 # Include defaults if available if [ -f /etc/default/$NAME ] ; then . /etc/default/$NAME fi DAEMON_OPTS="/etc/repro/${NAME}.config --Daemonize=true --PidFile=${PIDFILE}" if [ ! -d "$PIDFILE_DIR" ];then mkdir -p "$PIDFILE_DIR" chown $USER:$GROUP "$PIDFILE_DIR" fi if [ ! -d "$LOG_DIR" ];then mkdir -p "$LOG_DIR" chown $USER:$GROUP "$LOG_DIR" fi set -e case "$1" in start) log_daemon_msg "Starting $DESC ($NAME)" $BIN start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS ;; stop) log_daemon_msg "Stopping $DESC ($NAME)" $BIN start-stop-daemon --stop --quiet --oknodo --user $USER --pidfile $PIDFILE --retry=${KILL_SPEC} --exec $DAEMON ;; status) echo -n "Status $DESC: " PID=$(cat $PIDFILE) kill -0 $PID rc=$? # Check exit code if [ "$rc" -ne 0 ] then echo "$NAME is NOT running." exit 7 else echo "$NAME is running with PID: $PID" fi ;; reload|force-reload) log_daemon_msg "Reloading $DESC ($NAME)" $BIN if [ -f "$PIDFILE" ] ; then start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE || rc=$? fi ;; restart) log_daemon_msg "Restarting $DESC ($NAME)" $BIN #start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON $0 stop #start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS $0 start ;; *) N=/etc/init.d/$NAME echo "Usage: $N {start|stop|status|restart|reload|force-reload}" >&2 exit 1 ;; esac exit 0 debian/resiprocate-turn-server.preinst0000664000000000000000000000057412441103142015406 0ustar #!/bin/sh set -e dpkg-maintscript-helper mv_conffile \ /etc/reTurnServer.config /etc/reTurn/reTurnServer.config 1.9.0~beta10-1 -- "$@" dpkg-maintscript-helper mv_conffile \ /etc/reTurnServer-users.txt /etc/reTurn/users.txt 1.9.0~beta10-1 -- "$@" # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts. #DEBHELPER# exit 0 debian/libresiprocate-1.9-dev.install0000664000000000000000000000041412441103142014637 0ustar usr/include/rutil usr/include/repro usr/include/repro/monkeys usr/include/repro/stateAgents usr/include/resip/dum usr/include/resip/stack usr/include/sipdial usr/lib/*/librutil.so usr/lib/*/libresip.so usr/lib/*/libdum.so usr/lib/*/libsipdial.so usr/lib/*/librepro.so debian/rules0000775000000000000000000000460612441103142010246 0ustar #!/usr/bin/make -f DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 include /usr/share/dpkg/buildflags.mk #CPPFLAGS:=$(shell dpkg-buildflags --get CPPFLAGS) #CFLAGS:=$(shell dpkg-buildflags --get CFLAGS) $(CPPFLAGS) #CXXFLAGS:=$(shell dpkg-buildflags --get CXXFLAGS) $(CPPFLAGS) #LDFLAGS:=$(shell dpkg-buildflags --get LDFLAGS) #include /usr/share/cdbs/1/rules/debhelper.mk #include /usr/share/cdbs/1/class/autotools.mk DEB_DH_INSTALL_ARGS := --sourcedir=debian/tmp #CPPFLAGS += -DRESIP_FIXED_POINT # this is just temporary, reSIProcate 1.9.x should not need this: CPPFLAGS += -I/usr/include/sipxtapi # these are also temporary, should be implemented in reSIProcate's build system, for sipXtapi # with librecon: CPPFLAGS += -D__pingtel_on_posix__ -D_linux_ -D_REENTRANT -D_FILE_OFFS CPPFLAGS += -DDEFAULT_BRIDGE_MAX_IN_OUTPUTS=20 CPPFLAGS += -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS CXXFLAGS += -fpermissive LDFLAGS += -lcares CFG_ARGS := --with-ssl \ --with-popt \ --with-mysql \ --with-apps \ --enable-ipv6 \ --enable-dtls \ --with-freeradius \ --with-repro \ --enable-repro-plugins \ --with-python \ --with-c-ares # on kfreebsd, sipxtapi is not available and recon can't be built # upstream hopes to eliminate the dependency on sipxtapi in a future release # so there is no attempt to port sipxtapi # on sparc, libsrtp is not available (fails with a bus error during test cases) ifeq ($(DEB_HOST_ARCH_OS),linux) CFG_ARGS += --with-recon endif PYVERSION=2.7 override_dh_auto_configure: dh_auto_configure -- $(CFG_ARGS) DEPS_PYTHON_CFLAGS="`/usr/bin/python$(PYVERSION)-config --cflags`" DEPS_PYTHON_LIBS="`/usr/bin/python$(PYVERSION)-config --ldflags`" PYCXX_SRCDIR=/usr/share/python$(PYVERSION)/CXX/Python2 ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) # this is due to a problem with the test case rather than the stack itself # upstream is investigating sed -i -e 's/assert.!failedToReceiveGoodMessage);//' resip/stack/test/testTcp.cxx endif override_dh_auto_build: dh_auto_build --parallel # let the test cases run #override_dh_auto_test: # true # force building in the pkgroot or it won't build %: dh $@ --with autoreconf --builddirectory=. #install/repro:: # cp debian/repro.config-sample debian/repro/etc/repro/repro.config #install/resiprocate-turn-server:: # cp debian/reTurnServer.config-sample debian/resiprocate-turn-server/etc/reTurnServer.config debian/repro.logrotate0000664000000000000000000000025312441103142012231 0ustar /var/log/repro/repro.log { rotate 14 daily compress missingok postrotate start-stop-daemon -K -p /var/run/repro/repro.pid -s HUP -x /usr/sbin/repro -q endscript }