public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/coturn] main: Upgrade to 4.14.0 (#2491257)
@ 2026-06-23 18:45 Robert Scheck
0 siblings, 0 replies; only message in thread
From: Robert Scheck @ 2026-06-23 18:45 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/coturn
Branch : main
Commit : 36a263173abf35b21503b4f9392da5bff455d338
Author : Robert Scheck <robert@fedoraproject.org>
Date : 2026-06-23T20:45:32+02:00
Stats : +192/-177 in 4 file(s)
URL : https://src.fedoraproject.org/rpms/coturn/c/36a263173abf35b21503b4f9392da5bff455d338?branch=main
Log:
Upgrade to 4.14.0 (#2491257)
---
diff --git a/coturn-4.10.0-openssl-1.1.patch b/coturn-4.10.0-openssl-1.1.patch
deleted file mode 100644
index ac39701..0000000
--- a/coturn-4.10.0-openssl-1.1.patch
+++ /dev/null
@@ -1,174 +0,0 @@
-Patch by Robert Scheck <robert@fedoraproject.org> for coturn <= 4.10.0 to restore OpenSSL >= 1.1.1
-support removed by https://github.com/coturn/coturn/commit/4c674289a8a288dd310e87490334684b05d61381
-by upstream for EPEL 8, because RHEL 8 contains OpenSSL 1.1.1. Linking against OpenSSL 3.5 in EPEL
-8 is unfortunately not possible, because coturn shall be linked against libevent_openssl-2.1.so.6,
-libmariadb.so.3 and libpq.so.5 from RHEL 8, which are linked against OpenSSL 1.1.1, too.
-
-Patch was suggested to upstream: https://github.com/coturn/coturn/pull/1817
-
---- coturn-4.10.0/src/apps/relay/mainrelay.c 2026-04-14 00:16:42.000000000 +0200
-+++ coturn-4.10.0/src/apps/relay/mainrelay.c.openssl-1.1 2026-04-16 01:36:00.488073267 +0200
-@@ -3503,8 +3503,12 @@
- adjust_key_file_name(turn_params.dh_file, "DH key", 0);
- }
- }
--static EVP_PKEY *get_dh566(void) {
-
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-+static EVP_PKEY *get_dh566(void) {
-+#else
-+static DH *get_dh566(void) {
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- unsigned char dh566_p[] = {0x36, 0x53, 0xA8, 0x9C, 0x3C, 0xF1, 0xD1, 0x1B, 0x2D, 0xA2, 0x64, 0xDE, 0x59, 0x3B, 0xE3,
- 0x8C, 0x27, 0x74, 0xC2, 0xBE, 0x9B, 0x6D, 0x56, 0xE7, 0xDF, 0xFF, 0x67, 0x6A, 0xD2, 0x0C,
- 0xE8, 0x9E, 0x52, 0x00, 0x05, 0xB3, 0x53, 0xF7, 0x1C, 0x41, 0xB2, 0xAC, 0x38, 0x16, 0x32,
-@@ -3518,6 +3522,7 @@
-
- unsigned char dh566_g[] = {0x05};
-
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- BIGNUM *p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL);
- BIGNUM *g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL);
- if (!p || !g) {
-@@ -3541,9 +3546,22 @@
- EVP_PKEY_CTX_free(pctx);
- OSSL_PARAM_free(params);
- return pkey;
-+#else
-+ DH *dh;
-+
-+ if ((dh = DH_new()) == NULL) {
-+ return (NULL);
-+ }
-+ DH_set0_pqg(dh, BN_bin2bn(dh566_p, sizeof(dh566_p), NULL), NULL, BN_bin2bn(dh566_g, sizeof(dh566_g), NULL));
-+ return (dh);
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- }
-
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- static EVP_PKEY *get_dh1066(void) {
-+#else
-+static DH *get_dh1066(void) {
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
-
- unsigned char dh1066_p[] = {0x02, 0x0E, 0x26, 0x6F, 0xAA, 0x9F, 0xA8, 0xE5, 0x3F, 0x70, 0x88, 0xF1, 0xA9, 0x29, 0xAE,
- 0x1A, 0x2B, 0xA8, 0x2F, 0xE8, 0xE5, 0x0E, 0x81, 0x78, 0xD7, 0x12, 0x41, 0xDC, 0xE2, 0xD5,
-@@ -3563,6 +3581,7 @@
-
- unsigned char dh1066_g[] = {0x02};
-
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- BIGNUM *p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL);
- BIGNUM *g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL);
- if (!p || !g) {
-@@ -3586,9 +3605,22 @@
- EVP_PKEY_CTX_free(pctx);
- OSSL_PARAM_free(params);
- return pkey;
-+#else
-+ DH *dh;
-+
-+ if ((dh = DH_new()) == NULL) {
-+ return (NULL);
-+ }
-+ DH_set0_pqg(dh, BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL), NULL, BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL));
-+ return (dh);
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- }
-
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- static EVP_PKEY *get_dh2066(void) {
-+#else
-+static DH *get_dh2066(void) {
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
-
- unsigned char dh2066_p[] = {
- 0x03, 0x31, 0x77, 0x20, 0x58, 0xA6, 0x69, 0xA3, 0x9D, 0x2D, 0x5E, 0xE0, 0x5C, 0x46, 0x82, 0x0F, 0x9E, 0x80, 0xF0,
-@@ -3617,6 +3649,7 @@
-
- unsigned char dh2066_g[] = {0x05};
-
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- BIGNUM *p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL);
- BIGNUM *g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL);
- if (!p || !g) {
-@@ -3640,6 +3673,15 @@
- EVP_PKEY_CTX_free(pctx);
- OSSL_PARAM_free(params);
- return pkey;
-+#else
-+ DH *dh;
-+
-+ if ((dh = DH_new()) == NULL) {
-+ return (NULL);
-+ }
-+ DH_set0_pqg(dh, BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL), NULL, BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL));
-+ return (dh);
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- }
-
- static int pem_password_func(char *buf, int size, int rwflag, void *password) {
-@@ -3791,12 +3833,17 @@
-
- { // DH algorithms:
-
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- EVP_PKEY *dh = NULL;
-+#else
-+ DH *dh = NULL;
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- if (turn_params.dh_file[0]) {
- FILE *paramfile = fopen(turn_params.dh_file, "r");
- if (!paramfile) {
- TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot open DH file: %s\n", strerror(errno));
- } else {
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- OSSL_DECODER_CTX *dctx =
- OSSL_DECODER_CTX_new_for_pkey(&dh, "PEM", NULL, "DH", EVP_PKEY_KEY_PARAMETERS, NULL, NULL);
- if (dctx) {
-@@ -3805,6 +3852,9 @@
- }
- OSSL_DECODER_CTX_free(dctx);
- }
-+#else
-+ dh = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- fclose(paramfile);
- if (dh) {
- turn_params.dh_key_size = DH_CUSTOM;
-@@ -3826,11 +3876,19 @@
- TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: cannot allocate DH suite\n", __FUNCTION__);
- err = 1;
- } else {
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- if (1 != SSL_CTX_set0_tmp_dh_pkey(ctx, dh)) {
-+#else
-+ if (1 != SSL_CTX_set_tmp_dh(ctx, dh)) {
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: cannot set DH\n", __FUNCTION__);
- err = 1;
- }
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- // No EVP_PKEY_free: SSL_CTX_set0_tmp_dh_pkey always takes ownership
-+#else
-+ DH_free(dh);
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- }
- }
-
---- coturn-4.10.0/src/apps/relay/mainrelay.h 2026-02-24 02:04:31.000000000 +0100
-+++ coturn-4.10.0/src/apps/relay/mainrelay.h.openssl-1.1 2026-02-24 22:29:37.006653449 +0100
-@@ -87,9 +87,13 @@
- #include "ns_ioalib_impl.h"
-
- #include <openssl/aes.h>
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- #include <openssl/decoder.h>
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- #include <openssl/err.h>
-+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- #include <openssl/param_build.h>
-+#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
- #include <openssl/pem.h>
- #include <openssl/ssl.h>
-
diff --git a/coturn-4.14.0-openssl-1.1.patch b/coturn-4.14.0-openssl-1.1.patch
new file mode 100644
index 0000000..5a9cac8
--- /dev/null
+++ b/coturn-4.14.0-openssl-1.1.patch
@@ -0,0 +1,186 @@
+From c1110e6816c9c76668e6986efd282b9f57ef4fde Mon Sep 17 00:00:00 2001
+From: Robert Scheck <robert@fedoraproject.org>
+Date: Thu, 16 Apr 2026 01:49:25 +0200
+Subject: [PATCH] Restore support for OpenSSL >= 1.1.1 (for
+ AlmaLinux/RHEL/Rocky Linux 8)
+
+Conditionalize changes from commit 4c674289a8a288dd310e87490334684b05d61381
+to support building using OpenSSL 1.1.1 in AlmaLinux/RHEL/Rocky Linux 8.
+While OpenSSL 3.5 is in EPEL 8 it unfortunately can not be used, because
+other (to be linked) libraries (libevent_openssl, libmariadb and libpq)
+in RHEL 8 are built and linked against OpenSSL 1.1.1 from RHEL 8.
+---
+ src/apps/relay/mainrelay.c | 60 +++++++++++++++++++++++++++++++++++++-
+ src/apps/relay/mainrelay.h | 4 +++
+ 2 files changed, 63 insertions(+), 1 deletion(-)
+
+diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
+index b18b269f6..974575d6d 100644
+--- a/src/apps/relay/mainrelay.c
++++ b/src/apps/relay/mainrelay.c
+@@ -3503,8 +3503,12 @@ static void adjust_key_file_names(void) {
+ adjust_key_file_name(turn_params.dh_file, "DH key", 0);
+ }
+ }
+-static EVP_PKEY *get_dh566(void) {
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
++static EVP_PKEY *get_dh566(void) {
++#else
++static DH *get_dh566(void) {
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ unsigned char dh566_p[] = {0x36, 0x53, 0xA8, 0x9C, 0x3C, 0xF1, 0xD1, 0x1B, 0x2D, 0xA2, 0x64, 0xDE, 0x59, 0x3B, 0xE3,
+ 0x8C, 0x27, 0x74, 0xC2, 0xBE, 0x9B, 0x6D, 0x56, 0xE7, 0xDF, 0xFF, 0x67, 0x6A, 0xD2, 0x0C,
+ 0xE8, 0x9E, 0x52, 0x00, 0x05, 0xB3, 0x53, 0xF7, 0x1C, 0x41, 0xB2, 0xAC, 0x38, 0x16, 0x32,
+@@ -3518,6 +3522,7 @@ static EVP_PKEY *get_dh566(void) {
+
+ unsigned char dh566_g[] = {0x05};
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ BIGNUM *p = BN_bin2bn(dh566_p, sizeof(dh566_p), NULL);
+ BIGNUM *g = BN_bin2bn(dh566_g, sizeof(dh566_g), NULL);
+ if (!p || !g) {
+@@ -3541,9 +3546,22 @@ static EVP_PKEY *get_dh566(void) {
+ EVP_PKEY_CTX_free(pctx);
+ OSSL_PARAM_free(params);
+ return pkey;
++#else
++ DH *dh;
++
++ if ((dh = DH_new()) == NULL) {
++ return (NULL);
++ }
++ DH_set0_pqg(dh, BN_bin2bn(dh566_p, sizeof(dh566_p), NULL), NULL, BN_bin2bn(dh566_g, sizeof(dh566_g), NULL));
++ return (dh);
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ static EVP_PKEY *get_dh1066(void) {
++#else
++static DH *get_dh1066(void) {
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
+ unsigned char dh1066_p[] = {0x02, 0x0E, 0x26, 0x6F, 0xAA, 0x9F, 0xA8, 0xE5, 0x3F, 0x70, 0x88, 0xF1, 0xA9, 0x29, 0xAE,
+ 0x1A, 0x2B, 0xA8, 0x2F, 0xE8, 0xE5, 0x0E, 0x81, 0x78, 0xD7, 0x12, 0x41, 0xDC, 0xE2, 0xD5,
+@@ -3563,6 +3581,7 @@ static EVP_PKEY *get_dh1066(void) {
+
+ unsigned char dh1066_g[] = {0x02};
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ BIGNUM *p = BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL);
+ BIGNUM *g = BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL);
+ if (!p || !g) {
+@@ -3586,9 +3605,22 @@ static EVP_PKEY *get_dh1066(void) {
+ EVP_PKEY_CTX_free(pctx);
+ OSSL_PARAM_free(params);
+ return pkey;
++#else
++ DH *dh;
++
++ if ((dh = DH_new()) == NULL) {
++ return (NULL);
++ }
++ DH_set0_pqg(dh, BN_bin2bn(dh1066_p, sizeof(dh1066_p), NULL), NULL, BN_bin2bn(dh1066_g, sizeof(dh1066_g), NULL));
++ return (dh);
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ }
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ static EVP_PKEY *get_dh2066(void) {
++#else
++static DH *get_dh2066(void) {
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
+ unsigned char dh2066_p[] = {
+ 0x03, 0x31, 0x77, 0x20, 0x58, 0xA6, 0x69, 0xA3, 0x9D, 0x2D, 0x5E, 0xE0, 0x5C, 0x46, 0x82, 0x0F, 0x9E, 0x80, 0xF0,
+@@ -3617,6 +3649,7 @@ static EVP_PKEY *get_dh2066(void) {
+
+ unsigned char dh2066_g[] = {0x05};
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ BIGNUM *p = BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL);
+ BIGNUM *g = BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL);
+ if (!p || !g) {
+@@ -3640,6 +3673,15 @@ static EVP_PKEY *get_dh2066(void) {
+ EVP_PKEY_CTX_free(pctx);
+ OSSL_PARAM_free(params);
+ return pkey;
++#else
++ DH *dh;
++
++ if ((dh = DH_new()) == NULL) {
++ return (NULL);
++ }
++ DH_set0_pqg(dh, BN_bin2bn(dh2066_p, sizeof(dh2066_p), NULL), NULL, BN_bin2bn(dh2066_g, sizeof(dh2066_g), NULL));
++ return (dh);
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ }
+
+ static int pem_password_func(char *buf, int size, int rwflag, void *password) {
+@@ -3791,12 +3833,17 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho
+
+ { // DH algorithms:
+
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_PKEY *dh = NULL;
++#else
++ DH *dh = NULL;
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ if (turn_params.dh_file[0]) {
+ FILE *paramfile = fopen(turn_params.dh_file, "r");
+ if (!paramfile) {
+ TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Cannot open DH file: %s\n", strerror(errno));
+ } else {
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ OSSL_DECODER_CTX *dctx =
+ OSSL_DECODER_CTX_new_for_pkey(&dh, "PEM", NULL, "DH", EVP_PKEY_KEY_PARAMETERS, NULL, NULL);
+ if (dctx) {
+@@ -3805,6 +3852,9 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho
+ }
+ OSSL_DECODER_CTX_free(dctx);
+ }
++#else
++ dh = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ fclose(paramfile);
+ if (dh) {
+ turn_params.dh_key_size = DH_CUSTOM;
+@@ -3826,11 +3876,19 @@ static void set_ctx(SSL_CTX **out, const char *protocol, const SSL_METHOD *metho
+ TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: cannot allocate DH suite\n", __FUNCTION__);
+ err = 1;
+ } else {
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (1 != SSL_CTX_set0_tmp_dh_pkey(ctx, dh)) {
++#else
++ if (1 != SSL_CTX_set_tmp_dh(ctx, dh)) {
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: ERROR: cannot set DH\n", __FUNCTION__);
+ err = 1;
+ }
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ // No EVP_PKEY_free: SSL_CTX_set0_tmp_dh_pkey always takes ownership
++#else
++ DH_free(dh);
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ }
+ }
+
+diff --git a/src/apps/relay/mainrelay.h b/src/apps/relay/mainrelay.h
+index 55ce93613..e1ef3583f 100644
+--- a/src/apps/relay/mainrelay.h
++++ b/src/apps/relay/mainrelay.h
+@@ -88,9 +88,13 @@
+ #include "ns_ioalib_impl.h"
+
+ #include <openssl/aes.h>
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #include <openssl/decoder.h>
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ #include <openssl/err.h>
++#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ #include <openssl/param_build.h>
++#endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+ #include <openssl/pem.h>
+ #include <openssl/ssl.h>
+
diff --git a/coturn.spec b/coturn.spec
index a42c2cf..29e361a 100644
--- a/coturn.spec
+++ b/coturn.spec
@@ -1,5 +1,5 @@
Name: coturn
-Version: 4.13.1
+Version: 4.14.0
Release: 1%{?dist}
Summary: TURN/STUN & ICE Server
# MIT (src/{apps/relay/acme.c,server/ns_turn_khash.h} and BSD-3-Clause (the rest)
@@ -10,7 +10,7 @@ Source1: coturn.service
Source2: coturn.tmpfilesd
Source3: coturn.logrotate
Source4: coturn.sysusersd
-Patch0: coturn-4.10.0-openssl-1.1.patch
+Patch0: https://github.com/coturn/coturn/raw/refs/tags/%{version}/patches/openssl-1.1.1/0001-restore-openssl-1.1.1-support.patch#/coturn-4.14.0-openssl-1.1.patch
BuildRequires: gcc
BuildRequires: hiredis-devel
BuildRequires: libevent-devel >= 2.0.0
@@ -226,6 +226,9 @@ ldd %{buildroot}%{_bindir}/turnserver | grep -q libsystemd.so
%{_includedir}/turn/client/*
%changelog
+* Tue Jun 23 2026 Robert Scheck <robert@fedoraproject.org> - 4.14.0-1
+- Upgrade to 4.14.0 (#2491257)
+
* Tue Jun 16 2026 Robert Scheck <robert@fedoraproject.org> - 4.13.1-1
- Upgrade to 4.13.1 (#2488712 #c1)
diff --git a/sources b/sources
index ccbb5cd..3d0243a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (coturn-4.13.1.tar.gz) = 2f98830cbf50edd7410e4c0da88ca05cce3ce8706d91189eb337aa6ac3cbe46d93faf7178130e853c3db827d7a202c75a1ed3323dc8ac65978c8af039d611b8b
+SHA512 (coturn-4.14.0.tar.gz) = 74c6cef6832d73092c52ca0dcab6bfda1dd9f968bad84f9b0977d62e322d26b56524b8723671a76a07b56b7467ee62e53ce8a7ff7699a23909a4a6f0d3621b21
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-23 18:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-23 18:45 [rpms/coturn] main: Upgrade to 4.14.0 (#2491257) Robert Scheck
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox