asterisk: 18.16.0 -> 18.17.1, 20.1.0 -> 20.2.1

pjsip 2.13.0 and related security patches have been added
2024-11-22 06:53:01 +00:00 · 2023-04-19 12:02:06 +02:00 · 2023-04-19 12:02:06 +02:00 · f51c667a29
commit f51c667a29
parent 24d6aa1a90
2 changed files with 38 additions and 32 deletions
--- a/pkgs/servers/asterisk/default.nix
+++ b/pkgs/servers/asterisk/default.nix
@ -37,24 +37,20 @@

 let
  # remove when upgrading to pjsip >2.13
-  pjsip_patches = [
+  pjsip_2_13_patches = [
    (fetchpatch {
-      name = "0152-CVE-2022-39269.patch";
-      url = "https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc.patch";
-      sha256 = "sha256-bKE/MrRAqN1FqD2ubhxIOOf5MgvZluHHeVXPjbR12iQ=";
+      name = "CVE-2022-23537.patch";
+      url = "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1.patch";
+      sha256 = "sha256-7ueQCHIiJ7MLaWtR4+GmBc/oKaP+jmEajVnEYqiwLRA=";
    })
    (fetchpatch {
-      name = "pjsip-2.12.1-CVE-2022-23537.patch";
-      url = "https://raw.githubusercontent.com/NixOS/nixpkgs/ca2b44568eb0ffbd0b5a22eb70feb6dbdcda8e9c/pkgs/applications/networking/pjsip/1.12.1-CVE-2022-23537.patch";
-      sha256 = "sha256-KNSnHt0/o1qJk4r2z5bxbYxKAa7WBtzGOhRXkru3VK4=";
-    })
-    (fetchpatch {
-      name = "pjsip-2.12.1-CVE-2022-23547.patch";
-      url = "https://raw.githubusercontent.com/NixOS/nixpkgs/ca2b44568eb0ffbd0b5a22eb70feb6dbdcda8e9c/pkgs/applications/networking/pjsip/1.12.1-CVE-2022-23547.patch";
-      sha256 = "sha256-0iEr/Z4UQpWsTXYWVYzWWk7MQDOFnTQ1BBYpynGLTVQ=";
+      name = "CVE-2022-23547.patch";
+      url = "https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36.patch";
+      sha256 = "sha256-bpc8e8VAQpfyl5PX96G++6fzkFpw3Or1PJKNPKl7N5k=";
    })
  ];
-  common = { version, sha256, externals }: stdenv.mkDerivation {
+
+  common = { version, sha256, externals, pjsip_patches ? [ ] }: stdenv.mkDerivation {
    inherit version;
    pname = "asterisk"
      + lib.optionalString ldapSupport "-ldap";
@ -159,9 +155,12 @@ let
    };
  };

-  pjproject_2_12_1 = fetchurl {
-    url = "https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/2.12.1/pjproject-2.12.1.tar.bz2";
-    hash = "sha256-DiNH1hB5ZheYzyUjFyk1EtlsMJlgjf+QRVKjEk+hNjc=";
+  pjproject_2_13 = fetchurl
+    {
+      url = "https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/2.13/pjproject-2.13.tar.bz2";
+      hash = "sha256-Zj93PUAct13KVR5taOWEbQdKq76wicaBTNHpHC0rICY=";
+    } // {
+    pjsip_patches = pjsip_2_13_patches;
  };

  mp3-202 = fetchsvn {
@ -180,13 +179,18 @@ let

  # auto-generated by update.py
  versions = lib.mapAttrs
-    (_: { version, sha256 }: common {
-      inherit version sha256;
-      externals = {
-        "externals_cache/pjproject-2.12.1.tar.bz2" = pjproject_2_12_1;
-        "addons/mp3" = mp3-202;
-      };
-    })
+    (_: { version, sha256 }:
+      let
+        pjsip = pjproject_2_13;
+      in
+      common {
+        inherit version sha256;
+        inherit (pjsip) pjsip_patches;
+        externals = {
+          "externals_cache/${pjsip.name}" = pjsip;
+          "addons/mp3" = mp3-202;
+        };
+      })
    (lib.importJSON ./versions.json);

  updateScript_python = python39.withPackages (p: with p; [ packaging beautifulsoup4 requests ]);
@ -197,18 +201,20 @@ let

 in
 {
-  # Supported releases (as of 2022-04-05).
+  # Supported releases (as of 2023-04-19).
+  # v16 and v19 have been dropped because they go EOL before the NixOS 23.11 release.
  # Source: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
  # Exact version can be found at https://www.asterisk.org/downloads/asterisk/all-asterisk-versions/
  #
  # Series  Type       Rel. Date   Sec. Fixes  EOL
-  # 16.x    LTS        2018-10-09  2022-10-09  2023-10-09
+  # 16.x    LTS        2018-10-09  2022-10-09  2023-10-09 (dropped)
  # 18.x    LTS        2020-10-20  2024-10-20  2025-10-20
-  # 19.x    Standard   2021-11-02  2022-11-02  2023-11-02
+  # 19.x    Standard   2021-11-02  2022-11-02  2023-11-02 (dropped)
  # 20.x    LTS        2022-11-02  2026-10-19  2027-10-19
+  # 21.x    Standard   2023-10-18  2025-10-18  2026-10-18 (unreleased)
  asterisk-lts = versions.asterisk_18;
-  asterisk-stable = versions.asterisk_19;
-  asterisk = versions.asterisk_19.overrideAttrs (o: {
+  asterisk-stable = versions.asterisk_20;
+  asterisk = versions.asterisk_20.overrideAttrs (o: {
    passthru = (o.passthru or { }) // { inherit updateScript; };
  });

--- a/pkgs/servers/asterisk/versions.json
+++ b/pkgs/servers/asterisk/versions.json
@ -4,15 +4,15 @@
    "version": "16.30.0"
  },
  "asterisk_18": {
-    "sha256": "2d280794ae7505ed3dfc58b3190774cb491aa74c339fbde1a11740e6be79b466",
-    "version": "18.16.0"
+    "sha256": "66f0e55d84f9e5bf4e79a56255d35a034448acce00d219c3bf4930b1ebb0e88e",
+    "version": "18.17.1"
  },
  "asterisk_19": {
    "sha256": "f0c56d1f8e39e0427455edfe25d24ff088c756bdc32dd1278c9f7a320815cbaa",
    "version": "19.8.0"
  },
  "asterisk_20": {
-    "sha256": "4364dc762652e2fd4d3e7dc8428c83550ebae090b8a0e9d4820583e081778883",
-    "version": "20.1.0"
+    "sha256": "df12e47000fbac42bb780bb06172aa8bb8ac26faf77cc9f95184695b0cec69c3",
+    "version": "20.2.1"
  }
 }