--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: coturn/4.5.1.1-1
- From: Mészáros Mihály <misi@majd.eu>
- Date: Tue, 19 Mar 2019 09:25:13 +0100
- Message-id: <155298391391.5605.12215334078258253584.reportbug@vps.majd.eu>
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package coturn
The release 4.5.1.0 was a security fix.
To keep it separated form other issues, it doesn't contain an another
very important 64 bit mem alingment fix that we released in upstream: 4.5.1.1.
The 4.5.1.0 has fixed many security issues, but it still contains the mem alingment
problem on all 64 bit arcitectures! And so it is broken in many 64 bit
architectures that don't tolarate and autofix mem alingment issues:
e.g. Arm64, Sparc64 etc.
We had to ignore 64 bit issue in 4.5.1.0-1 to release security fix as soon as possible.
See the "-" sign that ignores the errors:
https://github.com/coturn/coturn/blob/6cce69cf35221bc5270744b842e6f73c0ded9ac0/debian/rules#L20
It is ugly, and it is also removed in 4.5.1.1-1 with the release of the 64bit mem alingment fix.
In 4.5.1.0 we droped root privilege but we didn't considered that in
the defualt file logging it will cause an issue.
In 4.5.1.1-1 we turned on syslog in the preinstalled config to fix this:
https://github.com/coturn/coturn/blob/debian/4.5.1.1-1/debian/patches/Set-logging-to-syslog.patch
We almost catched the freeze deadline with 4.5.1.1-1 (only missed an hour or so).
Please consider to unblock it beacuse of the above.
Thanks!
unblock coturn/4.5.1.1-1
-- System Information:
Debian Release: 9.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/1 CPU core)
Locale: LANG=hu_HU.UTF-8, LC_CTYPE=hu_HU.UTF-8 (charmap=UTF-8), LANGUAGE=hu_HU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
diff -Nru coturn-4.5.1.0/ChangeLog coturn-4.5.1.1/ChangeLog
--- coturn-4.5.1.0/ChangeLog 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/ChangeLog 2019-03-02 23:11:57.000000000 +0100
@@ -1,3 +1,19 @@
+02/03/2019 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
+Version 4.5.1.1 'dan Eider':
+ - merge PR #330 missing \r\n after http Connection:close (by gribunin)
+ - merge PR #303 fix typo enpoint (by Majid Motallebikashani)
+ - merge PR #129 seperate http web-admin listener (by Thibaut ACKERMANN)
+ - regression from 4.5.1.0
+ * readd pwd check
+ * add to config missing web-admin-listen-on-workers option
+ - merge docker branch
+ * Add Docker file for all database backend.
+ - merge sparc64 branch
+ * Fix mem alingment issue on 64 bit architecture
+ That issue caused earlier "bus error" on sparc64 and armhf
+ - merge PR #336 Clarify Debian install (by David-dp-)
+ - merge PR #339 RPM build fix (by Peter Hudec )
+
24/11/2018 Oleg Moskalenko <mom040267@gmail.com> Mihály Mészáros <misi@majd.eu>
Version 4.5.1.0 'dan Eider':
Consider to change config file after upgrade, because it contains some
diff -Nru coturn-4.5.1.0/debian/changelog coturn-4.5.1.1/debian/changelog
--- coturn-4.5.1.0/debian/changelog 2019-01-28 13:16:57.000000000 +0100
+++ coturn-4.5.1.1/debian/changelog 2019-03-03 00:38:30.000000000 +0100
@@ -1,3 +1,14 @@
+coturn (4.5.1.1-1) unstable; urgency=medium
+
+ * [a13ba45] Fix: missing /etc/turnserver.conf
+ * [8a03c32] Revert "Temporary prevent from failing"
+ This reverts commit 218987f4256a8894e06d7876c434b1f37fd0785f.
+ * [96ca6cb] New upstream release (4.5.1.1) (Closes: #916919)
+ * [f399223] Set log to syslog
+ * [7b135b2] Upgrde to debian-policy 4.3
+
+ -- Mészáros Mihály <misi@majd.eu> Sun, 03 Mar 2019 00:38:30 +0100
+
coturn (4.5.1.0-1) unstable; urgency=medium
* Sync to upstream 4.5.1.0
diff -Nru coturn-4.5.1.0/debian/control coturn-4.5.1.1/debian/control
--- coturn-4.5.1.0/debian/control 2019-01-28 12:46:05.000000000 +0100
+++ coturn-4.5.1.1/debian/control 2019-03-03 00:38:30.000000000 +0100
@@ -16,7 +16,7 @@
libssl-dev (>= 1.0.0~),
postgresql-client,
sqlite3
-Standards-Version: 4.2.1
+Standards-Version: 4.3.0
Homepage: https://github.com/coturn/coturn/
Vcs-Git: https://github.com/coturn/coturn.git -b debian/sid
Vcs-Browser: https://github.com/coturn/coturn/tree/debian/sid
diff -Nru coturn-4.5.1.0/debian/coturn.install coturn-4.5.1.1/debian/coturn.install
--- coturn-4.5.1.0/debian/coturn.install 2019-01-28 12:46:05.000000000 +0100
+++ coturn-4.5.1.1/debian/coturn.install 2019-03-03 00:07:47.000000000 +0100
@@ -6,6 +6,7 @@
bin/turnutils_stunclient usr/bin
bin/turnutils_uclient usr/bin
debian/etc/ufw/applications.d/turnserver etc/ufw/applications.d
+examples/etc/turnserver.conf etc
include/turn/client/TurnMsgLib.h usr/include/turn
include/turn/client/ns_turn_ioaddr.h usr/include/turn
include/turn/client/ns_turn_msg.h usr/include/turn
diff -Nru coturn-4.5.1.0/debian/patches/series coturn-4.5.1.1/debian/patches/series
--- coturn-4.5.1.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/debian/patches/series 2019-03-03 00:07:47.000000000 +0100
@@ -0,0 +1 @@
+Set-logging-to-syslog.patch
diff -Nru coturn-4.5.1.0/debian/patches/Set-logging-to-syslog.patch coturn-4.5.1.1/debian/patches/Set-logging-to-syslog.patch
--- coturn-4.5.1.0/debian/patches/Set-logging-to-syslog.patch 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/debian/patches/Set-logging-to-syslog.patch 2019-03-03 00:07:47.000000000 +0100
@@ -0,0 +1,21 @@
+From: =?utf-8?b?TcOpc3rDoXJvcyBNaWjDoWx5?= <misi@majd.eu>
+Date: Sat, 2 Mar 2019 23:26:55 +0100
+Subject: Set logging to syslog
+
+---
+ examples/etc/turnserver.conf | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/examples/etc/turnserver.conf b/examples/etc/turnserver.conf
+index df2535c..778c2bb 100644
+--- a/examples/etc/turnserver.conf
++++ b/examples/etc/turnserver.conf
+@@ -506,7 +506,7 @@
+
+ # Option to redirect all log output into system log (syslog).
+ #
+-#syslog
++syslog
+
+ # This flag means that no log file rollover will be used, and the log file
+ # name will be constructed as-is, without PID and date appendage.
diff -Nru coturn-4.5.1.0/debian/rules coturn-4.5.1.1/debian/rules
--- coturn-4.5.1.0/debian/rules 2019-01-28 12:46:05.000000000 +0100
+++ coturn-4.5.1.1/debian/rules 2019-03-03 00:07:47.000000000 +0100
@@ -16,8 +16,5 @@
override_dh_auto_configure:
dh_auto_configure -- --disable-rpath --turndbdir=/var/lib/turn
-override_dh_auto_test:
- -dh_auto_test
-
%:
dh $@ --builddirectory=.
diff -Nru coturn-4.5.1.0/docker/coturn/coturn.env coturn-4.5.1.1/docker/coturn/coturn.env
--- coturn-4.5.1.0/docker/coturn/coturn.env 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/coturn/coturn.env 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1 @@
+# for future usage
diff -Nru coturn-4.5.1.0/docker/coturn/Dockerfile coturn-4.5.1.1/docker/coturn/Dockerfile
--- coturn-4.5.1.0/docker/coturn/Dockerfile 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/coturn/Dockerfile 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,70 @@
+### 1. stage: create build image
+FROM debian:stable AS coturn-build
+
+ENV BUILD_PREFIX /usr/local/src
+
+# Install build dependencies
+RUN export DEBIAN_FRONTEND=noninteractive && \
+ apt-get update && \
+ apt-get install -y build-essential git debhelper dpkg-dev libssl-dev libevent-dev sqlite3 libsqlite3-dev postgresql-client libpq-dev default-mysql-client default-libmysqlclient-dev libhiredis-dev libmongoc-dev libbson-dev
+
+# Clone coTURN
+WORKDIR ${BUILD_PREFIX}
+RUN git clone https://github.com/coturn/coturn.git
+
+# Build coTURN
+WORKDIR coturn
+RUN ./configure
+RUN make
+
+### 2. stage: create production image
+
+FROM debian:stable AS coturn
+
+ENV INSTALL_PREFIX /usr/local
+ENV BUILD_PREFIX /usr/local/src
+ENV TURNSERVER_GROUP turnserver
+ENV TURNSERVER_USER turnserver
+
+COPY --from=coturn-build ${BUILD_PREFIX}/coturn/bin/ ${INSTALL_PREFIX}/bin/
+COPY --from=coturn-build ${BUILD_PREFIX}/coturn/man/ ${INSTALL_PREFIX}/man/
+#COPY turnserver.conf ${INSTALL_PREFIX}/etc
+COPY --from=coturn-build ${BUILD_PREFIX}/coturn/sqlite/turndb ${INSTALL_PREFIX}/var/db/turndb
+COPY --from=coturn-build ${BUILD_PREFIX}/coturn/turndb ${INSTALL_PREFIX}/turndb
+# Install lib dependencies
+RUN export DEBIAN_FRONTEND=noninteractive && \
+ apt-get update && \
+ apt-get install -y libc6>=2.15 libevent-core-2.0-5>=2.0.10-stable libevent-extra-2.0-5>=2.0.10-stable libevent-openssl-2.0-5>=2.0.10-stable libevent-pthreads-2.0-5>=2.0.10-stable libhiredis0.13>=0.13.1 libmariadbclient18>=5.5.36 libpq5>=8.4~ libsqlite3-0>=3.6.0 libssl1.1>=1.1.0 libmongoc-1.0 libbson-1.0
+RUN apt-get install -y mysql-client postgresql-client redis-tools mongodb-clients
+
+RUN if ! getent group "$TURNSERVER_GROUP" >/dev/null; then \
+ addgroup --system "$TURNSERVER_GROUP" || exit 1 ;\
+ fi \
+ && \
+ if ! getent passwd "$TURNSERVER_USER" >/dev/null; then \
+ adduser --system \
+ --home / \
+ --shell /bin/false \
+ --no-create-home \
+ --ingroup "$TURNSERVER_GROUP" \
+ --disabled-password \
+ --disabled-login \
+ --gecos "turnserver daemon" \
+ "$TURNSERVER_USER" || exit 1; \
+ fi
+
+
+# set startup parameters
+# SUTN/TURN PORTS
+EXPOSE 3478 3479 3478/udp 3479/udp 80 80/udp
+EXPOSE 5349 5350 5349/udp 5350/udp 443 443/udp
+# CLI
+EXPOSE 5766
+# Relay Ports
+EXPOSE 49152-65535 49152-65535/udp
+
+#COPY ./docker-entrypoint.sh /
+#ENTRYPOINT ["/docker-entrypoint.sh"]
+
+WORKDIR ${INSTALL_PREFIX}
+CMD ${INSTALL_PREFIX}/bin/turnserver
diff -Nru coturn-4.5.1.0/docker/coturn/turnserver.conf coturn-4.5.1.1/docker/coturn/turnserver.conf
--- coturn-4.5.1.0/docker/coturn/turnserver.conf 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/coturn/turnserver.conf 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,699 @@
+# Coturn TURN SERVER configuration file
+#
+# Boolean values note: where boolean value is supposed to be used,
+# you can use '0', 'off', 'no', 'false', 'f' as 'false,
+# and you can use '1', 'on', 'yes', 'true', 't' as 'true'
+# If the value is missed, then it means 'true'.
+#
+
+# Listener interface device (optional, Linux only).
+# NOT RECOMMENDED.
+#
+#listening-device=eth0
+
+# TURN listener port for UDP and TCP (Default: 3478).
+# Note: actually, TLS & DTLS sessions can connect to the
+# "plain" TCP & UDP port(s), too - if allowed by configuration.
+#
+listening-port=3478
+
+# TURN listener port for TLS (Default: 5349).
+# Note: actually, "plain" TCP & UDP sessions can connect to the TLS & DTLS
+# port(s), too - if allowed by configuration. The TURN server
+# "automatically" recognizes the type of traffic. Actually, two listening
+# endpoints (the "plain" one and the "tls" one) are equivalent in terms of
+# functionality; but we keep both endpoints to satisfy the RFC 5766 specs.
+# For secure TCP connections, we currently support SSL version 3 and
+# TLS version 1.0, 1.1 and 1.2.
+# For secure UDP connections, we support DTLS version 1.
+#
+tls-listening-port=5349
+
+# Alternative listening port for UDP and TCP listeners;
+# default (or zero) value means "listening port plus one".
+# This is needed for RFC 5780 support
+# (STUN extension specs, NAT behavior discovery). The TURN Server
+# supports RFC 5780 only if it is started with more than one
+# listening IP address of the same family (IPv4 or IPv6).
+# RFC 5780 is supported only by UDP protocol, other protocols
+# are listening to that endpoint only for "symmetry".
+#
+#alt-listening-port=0
+
+# Alternative listening port for TLS and DTLS protocols.
+# Default (or zero) value means "TLS listening port plus one".
+#
+#alt-tls-listening-port=0
+
+# Listener IP address of relay server. Multiple listeners can be specified.
+# If no IP(s) specified in the config file or in the command line options,
+# then all IPv4 and IPv6 system IPs will be used for listening.
+#
+#listening-ip=172.17.19.101
+#listening-ip=10.207.21.238
+#listening-ip=2607:f0d0:1002:51::4
+
+# Auxiliary STUN/TURN server listening endpoint.
+# Aux servers have almost full TURN and STUN functionality.
+# The (minor) limitations are:
+#
+# 1) Auxiliary servers do not have alternative ports and
+# they do not support STUN RFC 5780 functionality (CHANGE REQUEST).
+#
+# 2) Auxiliary servers also are never returning ALTERNATIVE-SERVER reply.
+#
+# Valid formats are 1.2.3.4:5555 for IPv4 and [1:2::3:4]:5555 for IPv6.
+#
+# There may be multiple aux-server options, each will be used for listening
+# to client requests.
+#
+#aux-server=172.17.19.110:33478
+#aux-server=[2607:f0d0:1002:51::4]:33478
+
+# (recommended for older Linuxes only)
+# Automatically balance UDP traffic over auxiliary servers (if configured).
+# The load balancing is using the ALTERNATE-SERVER mechanism.
+# The TURN client must support 300 ALTERNATE-SERVER response for this
+# functionality.
+#
+#udp-self-balance
+
+# Relay interface device for relay sockets (optional, Linux only).
+# NOT RECOMMENDED.
+#
+#relay-device=eth1
+
+# Relay address (the local IP address that will be used to relay the
+# packets to the peer).
+# Multiple relay addresses may be used.
+# The same IP(s) can be used as both listening IP(s) and relay IP(s).
+#
+# If no relay IP(s) specified, then the turnserver will apply the default
+# policy: it will decide itself which relay addresses to be used, and it
+# will always be using the client socket IP address as the relay IP address
+# of the TURN session (if the requested relay address family is the same
+# as the family of the client socket).
+#
+#relay-ip=172.17.19.105
+#relay-ip=2607:f0d0:1002:51::5
+
+# For Amazon EC2 users:
+#
+# TURN Server public/private address mapping, if the server is behind NAT.
+# In that situation, if a -X is used in form "-X <ip>" then that ip will be reported
+# as relay IP address of all allocations. This scenario works only in a simple case
+# when one single relay address is be used, and no RFC5780 functionality is required.
+# That single relay address must be mapped by NAT to the 'external' IP.
+# The "external-ip" value, if not empty, is returned in XOR-RELAYED-ADDRESS field.
+# For that 'external' IP, NAT must forward ports directly (relayed port 12345
+# must be always mapped to the same 'external' port 12345).
+#
+# In more complex case when more than one IP address is involved,
+# that option must be used several times, each entry must
+# have form "-X <public-ip/private-ip>", to map all involved addresses.
+# RFC5780 NAT discovery STUN functionality will work correctly,
+# if the addresses are mapped properly, even when the TURN server itself
+# is behind A NAT.
+#
+# By default, this value is empty, and no address mapping is used.
+#
+#external-ip=60.70.80.91
+#
+#OR:
+#
+#external-ip=60.70.80.91/172.17.19.101
+#external-ip=60.70.80.92/172.17.19.102
+#external-ip=60.70.80.92/172.17.19.102
+external-ip=193.224.22.37
+
+
+# Number of the relay threads to handle the established connections
+# (in addition to authentication thread and the listener thread).
+# If explicitly set to 0 then application runs relay process in a
+# single thread, in the same thread with the listener process
+# (the authentication thread will still be a separate thread).
+#
+# If this parameter is not set, then the default OS-dependent
+# thread pattern algorithm will be employed. Usually the default
+# algorithm is the most optimal, so you have to change this option
+# only if you want to make some fine tweaks.
+#
+# In the older systems (Linux kernel before 3.9),
+# the number of UDP threads is always one thread per network listening
+# endpoint - including the auxiliary endpoints - unless 0 (zero) or
+# 1 (one) value is set.
+#
+#relay-threads=0
+
+# Lower and upper bounds of the UDP relay endpoints:
+# (default values are 49152 and 65535)
+#
+min-port=49152
+max-port=65535
+
+# Uncomment to run TURN server in 'normal' 'moderate' verbose mode.
+# By default the verbose mode is off.
+verbose
+
+# Uncomment to run TURN server in 'extra' verbose mode.
+# This mode is very annoying and produces lots of output.
+# Not recommended under any normal circumstances.
+#
+#Verbose
+
+# Uncomment to use fingerprints in the TURN messages.
+# By default the fingerprints are off.
+#
+fingerprint
+
+# Uncomment to use long-term credential mechanism.
+# By default no credentials mechanism is used (any user allowed).
+#
+lt-cred-mech
+
+# This option is opposite to lt-cred-mech.
+# (TURN Server with no-auth option allows anonymous access).
+# If neither option is defined, and no users are defined,
+# then no-auth is default. If at least one user is defined,
+# in this file or in command line or in usersdb file, then
+# lt-cred-mech is default.
+#
+#no-auth
+
+# TURN REST API flag.
+# (Time Limited Long Term Credential)
+# Flag that sets a special authorization option that is based upon authentication secret.
+#
+# This feature's purpose is to support "TURN Server REST API", see
+# "TURN REST API" link in the project's page
+# https://github.com/coturn/coturn/
+#
+# This option is used with timestamp:
+#
+# usercombo -> "timestamp:userid"
+# turn user -> usercombo
+# turn password -> base64(hmac(secret key, usercombo))
+#
+# This allows TURN credentials to be accounted for a specific user id.
+# If you don't have a suitable id, the timestamp alone can be used.
+# This option is just turning on secret-based authentication.
+# The actual value of the secret is defined either by option static-auth-secret,
+# or can be found in the turn_secret table in the database (see below).
+#
+# Read more about it:
+# - https://tools.ietf.org/html/draft-uberti-behave-turn-rest-00
+# - https://www.ietf.org/proceedings/87/slides/slides-87-behave-10.pdf
+#
+# Be aware that use-auth-secret overrides some part of lt-cred-mech.
+# Notice that this feature depends internally on lt-cred-mech, so if you set
+# use-auth-secret then it enables internally automatically lt-cred-mech option
+# like if you enable both.
+#
+# You can use only one of the to auth mechanisms in the same time because,
+# both mechanism use the username and password validation in different way.
+#
+# This way be aware that you can't use both auth mechnaism in the same time!
+# Use in config either the lt-cred-mech or the use-auth-secret
+# to avoid any confusion.
+#
+#use-auth-secret
+
+# 'Static' authentication secret value (a string) for TURN REST API only.
+# If not set, then the turn server
+# will try to use the 'dynamic' value in turn_secret table
+# in user database (if present). The database-stored value can be changed on-the-fly
+# by a separate program, so this is why that other mode is 'dynamic'.
+#
+#static-auth-secret=north
+
+# Server name used for
+# the oAuth authentication purposes.
+# The default value is the realm name.
+#
+#server-name=blackdow.carleon.gov
+
+# Flag that allows oAuth authentication.
+#
+#oauth
+
+# 'Static' user accounts for long term credentials mechanism, only.
+# This option cannot be used with TURN REST API.
+# 'Static' user accounts are NOT dynamically checked by the turnserver process,
+# so that they can NOT be changed while the turnserver is running.
+#
+#user=username1:key1
+#user=username2:key2
+# OR:
+#user=username1:password1
+#user=username2:password2
+#
+# Keys must be generated by turnadmin utility. The key value depends
+# on user name, realm, and password:
+#
+# Example:
+# $ turnadmin -k -u ninefingers -r north.gov -p youhavetoberealistic
+# Output: 0xbc807ee29df3c9ffa736523fb2c4e8ee
+# ('0x' in the beginning of the key is what differentiates the key from
+# password. If it has 0x then it is a key, otherwise it is a password).
+#
+# The corresponding user account entry in the config file will be:
+#
+#user=ninefingers:0xbc807ee29df3c9ffa736523fb2c4e8ee
+# Or, equivalently, with open clear password (less secure):
+#user=ninefingers:youhavetoberealistic
+#
+
+# SQLite database file name.
+#
+# Default file name is /var/db/turndb or /usr/local/var/db/turndb or
+# /var/lib/turn/turndb.
+#
+#userdb=/var/db/turndb
+
+# PostgreSQL database connection string in the case that we are using PostgreSQL
+# as the user database.
+# This database can be used for long-term credential mechanism
+# and it can store the secret value for secret-based timed authentication in TURN RESP API.
+# See http://www.postgresql.org/docs/8.4/static/libpq-connect.html for 8.x PostgreSQL
+# versions connection string format, see
+# http://www.postgresql.org/docs/9.2/static/libpq-connect.html#LIBPQ-CONNSTRING
+# for 9.x and newer connection string formats.
+#
+#psql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> connect_timeout=30"
+
+#psql-userdb="host=postgresql dbname=coturn user=coturn password=CHANGE_ME connect_timeout=30"
+
+# MySQL database connection string in the case that we are using MySQL
+# as the user database.
+# This database can be used for long-term credential mechanism
+# and it can store the secret value for secret-based timed authentication in TURN RESP API.
+#
+# Optional connection string parameters for the secure communications (SSL):
+# ca, capath, cert, key, cipher
+# (see http://dev.mysql.com/doc/refman/5.1/en/ssl-options.html for the
+# command options description).
+#
+# Use string format as below (space separated parameters, all optional):
+#
+#mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=<database-user-password> port=<port> connect_timeout=<seconds> read_timeout=<seconds>"
+
+mysql-userdb="host=mysql dbname=coturn user=coturn password=CHANGE_ME port=3306 connect_timeout=10 read_timeout=10"
+
+# If you want to use in the MySQL connection string the password in encrypted format,
+# then set in this option the MySQL password encryption secret key file.
+#
+# Warning: If this option is set, then mysql password must be set in "mysql-userdb" in encrypted format!
+# If you want to use cleartext password then do not set this option!
+#
+# This is the file path which contain secret key of aes encryption while using password encryption.
+#
+#secret-key-file=/path/
+
+# MongoDB database connection string in the case that we are using MongoDB
+# as the user database.
+# This database can be used for long-term credential mechanism
+# and it can store the secret value for secret-based timed authentication in TURN RESP API.
+# Use string format is described at http://hergert.me/docs/mongo-c-driver/mongoc_uri.html
+#
+#mongo-userdb="mongodb://[username:password@]host1[:port1][,host2[:port2],...[,hostN[:portN]]][/[database][?options]]"
+
+#mongo-userdb="mongodb://coturn:CHANGE_ME@mongodb/coturn"
+#mongo-userdb="mongodb://mongodb/coturn"
+
+# Redis database connection string in the case that we are using Redis
+# as the user database.
+# This database can be used for long-term credential mechanism
+# and it can store the secret value for secret-based timed authentication in TURN RESP API.
+# Use string format as below (space separated parameters, all optional):
+#
+#redis-userdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
+
+#redis-userdb="ip=redis dbname=2 password=CHANGE_ME connect_timeout=30"
+
+# Redis status and statistics database connection string, if used (default - empty, no Redis stats DB used).
+# This database keeps allocations status information, and it can be also used for publishing
+# and delivering traffic and allocation event notifications.
+# The connection string has the same parameters as redis-userdb connection string.
+# Use string format as below (space separated parameters, all optional):
+#
+#redis-statsdb="ip=<ip-address> dbname=<database-number> password=<database-user-password> port=<port> connect_timeout=<seconds>"
+
+#redis-statsdb="ip=redis dbname=2 password=CHANGE_ME connect_timeout=30"
+
+# The default realm to be used for the users when no explicit
+# origin/realm relationship was found in the database, or if the TURN
+# server is not using any database (just the commands-line settings
+# and the userdb file). Must be used with long-term credentials
+# mechanism or with TURN REST API.
+#
+# Note: If default realm is not specified at all, then realm falls back to the host domain name.
+# If domain name is empty string, or '(None)', then it is initialized to am empty string.
+#
+#realm=mycompany.org
+realm=example.org
+
+# The flag that sets the origin consistency
+# check: across the session, all requests must have the same
+# main ORIGIN attribute value (if the ORIGIN was
+# initially used by the session).
+#
+#check-origin-consistency
+
+# Per-user allocation quota.
+# default value is 0 (no quota, unlimited number of sessions per user).
+# This option can also be set through the database, for a particular realm.
+#
+#user-quota=0
+
+# Total allocation quota.
+# default value is 0 (no quota).
+# This option can also be set through the database, for a particular realm.
+#
+#total-quota=0
+
+# Max bytes-per-second bandwidth a TURN session is allowed to handle
+# (input and output network streams are treated separately). Anything above
+# that limit will be dropped or temporary suppressed (within
+# the available buffer limits).
+# This option can also be set through the database, for a particular realm.
+#
+#max-bps=0
+
+#
+# Maximum server capacity.
+# Total bytes-per-second bandwidth the TURN server is allowed to allocate
+# for the sessions, combined (input and output network streams are treated separately).
+#
+# bps-capacity=0
+
+# Uncomment if no UDP client listener is desired.
+# By default UDP client listener is always started.
+#
+#no-udp
+
+# Uncomment if no TCP client listener is desired.
+# By default TCP client listener is always started.
+#
+#no-tcp
+
+# Uncomment if no TLS client listener is desired.
+# By default TLS client listener is always started.
+#
+#no-tls
+
+# Uncomment if no DTLS client listener is desired.
+# By default DTLS client listener is always started.
+#
+#no-dtls
+
+# Uncomment if no UDP relay endpoints are allowed.
+# By default UDP relay endpoints are enabled (like in RFC 5766).
+#
+#no-udp-relay
+
+# Uncomment if no TCP relay endpoints are allowed.
+# By default TCP relay endpoints are enabled (like in RFC 6062).
+#
+#no-tcp-relay
+
+# Uncomment if extra security is desired,
+# with nonce value having limited lifetime.
+# By default, the nonce value is unique for a session,
+# and has unlimited lifetime.
+# Set this option to limit the nonce lifetime.
+# It defaults to 600 secs (10 min) if no value is provided. After that delay,
+# the client will get 438 error and will have to re-authenticate itself.
+#
+#stale-nonce=600
+
+# Uncomment if you want to set the maximum allocation
+# time before it has to be refreshed.
+# Default is 3600s.
+#
+#max-allocate-lifetime=3600
+
+
+# Uncomment to set the lifetime for the channel.
+# Default value is 600 secs (10 minutes).
+# This value MUST not be changed for production purposes.
+#
+#channel-lifetime=600
+
+# Uncomment to set the permission lifetime.
+# Default to 300 secs (5 minutes).
+# In production this value MUST not be changed,
+# however it can be useful for test purposes.
+#
+#permission-lifetime=300
+
+# Certificate file.
+# Use an absolute path or path relative to the
+# configuration file.
+#
+#cert=/usr/local/etc/turn_server_cert.pem
+cert=/etc/ssl/certs/cert.pem
+
+# Private key file.
+# Use an absolute path or path relative to the
+# configuration file.
+# Use PEM file format.
+#
+#pkey=/usr/local/etc/turn_server_pkey.pem
+pkey=/etc/ssl/private/privkey.pem
+
+# Private key file password, if it is in encoded format.
+# This option has no default value.
+#
+#pkey-pwd=...
+
+# Allowed OpenSSL cipher list for TLS/DTLS connections.
+# Default value is "DEFAULT".
+#
+#cipher-list="DEFAULT"
+
+# CA file in OpenSSL format.
+# Forces TURN server to verify the client SSL certificates.
+# By default it is not set: there is no default value and the client
+# certificate is not checked.
+#
+# Example:
+#CA-file=/etc/ssh/id_rsa.cert
+
+# Curve name for EC ciphers, if supported by OpenSSL
+# library (TLS and DTLS). The default value is prime256v1,
+# if pre-OpenSSL 1.0.2 is used. With OpenSSL 1.0.2+,
+# an optimal curve will be automatically calculated, if not defined
+# by this option.
+#
+#ec-curve-name=prime256v1
+
+# Use 566 bits predefined DH TLS key. Default size of the key is 1066.
+#
+#dh566
+
+# Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
+#
+#dh2066
+
+# Use custom DH TLS key, stored in PEM format in the file.
+# Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.
+#
+#dh-file=<DH-PEM-file-name>
+
+# Flag to prevent stdout log messages.
+# By default, all log messages are going to both stdout and to
+# the configured log file. With this option everything will be
+# going to the configured log only (unless the log file itself is stdout).
+#
+#no-stdout-log
+
+# Option to set the log file name.
+# By default, the turnserver tries to open a log file in
+# /var/log, /var/tmp, /tmp and current directories directories
+# (which open operation succeeds first that file will be used).
+# With this option you can set the definite log file name.
+# The special names are "stdout" and "-" - they will force everything
+# to the stdout. Also, the "syslog" name will force everything to
+# the system log (syslog).
+# In the runtime, the logfile can be reset with the SIGHUP signal
+# to the turnserver process.
+#
+#log-file=/var/tmp/turn.log
+
+# Option to redirect all log output into system log (syslog).
+#
+syslog
+
+# This flag means that no log file rollover will be used, and the log file
+# name will be constructed as-is, without PID and date appendage.
+# This option can be used, for example, together with the logrotate tool.
+#
+#simple-log
+
+# Option to set the "redirection" mode. The value of this option
+# will be the address of the alternate server for UDP & TCP service in form of
+# <ip>[:<port>]. The server will send this value in the attribute
+# ALTERNATE-SERVER, with error 300, on ALLOCATE request, to the client.
+# Client will receive only values with the same address family
+# as the client network endpoint address family.
+# See RFC 5389 and RFC 5766 for ALTERNATE-SERVER functionality description.
+# The client must use the obtained value for subsequent TURN communications.
+# If more than one --alternate-server options are provided, then the functionality
+# can be more accurately described as "load-balancing" than a mere "redirection".
+# If the port number is omitted, then the default port
+# number 3478 for the UDP/TCP protocols will be used.
+# Colon (:) characters in IPv6 addresses may conflict with the syntax of
+# the option. To alleviate this conflict, literal IPv6 addresses are enclosed
+# in square brackets in such resource identifiers, for example:
+# [2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478 .
+# Multiple alternate servers can be set. They will be used in the
+# round-robin manner. All servers in the pool are considered of equal weight and
+# the load will be distributed equally. For example, if we have 4 alternate servers,
+# then each server will receive 25% of ALLOCATE requests. A alternate TURN server
+# address can be used more than one time with the alternate-server option, so this
+# can emulate "weighting" of the servers.
+#
+# Examples:
+#alternate-server=1.2.3.4:5678
+#alternate-server=11.22.33.44:56789
+#alternate-server=5.6.7.8
+#alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
+
+# Option to set alternative server for TLS & DTLS services in form of
+# <ip>:<port>. If the port number is omitted, then the default port
+# number 5349 for the TLS/DTLS protocols will be used. See the previous
+# option for the functionality description.
+#
+# Examples:
+#tls-alternate-server=1.2.3.4:5678
+#tls-alternate-server=11.22.33.44:56789
+#tls-alternate-server=[2001:db8:85a3:8d3:1319:8a2e:370:7348]:3478
+
+# Option to suppress TURN functionality, only STUN requests will be processed.
+# Run as STUN server only, all TURN requests will be ignored.
+# By default, this option is NOT set.
+#
+#stun-only
+
+# Option to suppress STUN functionality, only TURN requests will be processed.
+# Run as TURN server only, all STUN requests will be ignored.
+# By default, this option is NOT set.
+#
+#no-stun
+
+# This is the timestamp/username separator symbol (character) in TURN REST API.
+# The default value is ':'.
+# rest-api-separator=:
+
+# Flag that can be used to disallow peers on the loopback addresses (127.x.x.x and ::1).
+# This is an extra security measure.
+#
+no-loopback-peers
+
+# Flag that can be used to disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).
+# This is an extra security measure.
+#
+#no-multicast-peers
+
+# Option to set the max time, in seconds, allowed for full allocation establishment.
+# Default is 60 seconds.
+#
+#max-allocate-timeout=60
+
+# Option to allow or ban specific ip addresses or ranges of ip addresses.
+# If an ip address is specified as both allowed and denied, then the ip address is
+# considered to be allowed. This is useful when you wish to ban a range of ip
+# addresses, except for a few specific ips within that range.
+#
+# This can be used when you do not want users of the turn server to be able to access
+# machines reachable by the turn server, but would otherwise be unreachable from the
+# internet (e.g. when the turn server is sitting behind a NAT)
+#
+# Examples:
+# denied-peer-ip=83.166.64.0-83.166.95.255
+# allowed-peer-ip=83.166.68.45
+
+# File name to store the pid of the process.
+# Default is /var/run/turnserver.pid (if superuser account is used) or
+# /var/tmp/turnserver.pid .
+#
+#pidfile="/var/run/turnserver.pid"
+
+# Require authentication of the STUN Binding request.
+# By default, the clients are allowed anonymous access to the STUN Binding functionality.
+#
+#secure-stun
+
+# Mobility with ICE (MICE) specs support.
+#
+#mobility
+
+# Allocate Address Family according
+# If enabled then TURN server allocates address family according the TURN
+# Client <=> Server communication address family.
+# (By default coTURN works according RFC 6156.)
+# !!Warning: Enabling this option breaks RFC6156 section-4.2 (violates use default IPv4)!!
+#
+#keep-address-family
+
+
+# User name to run the process. After the initialization, the turnserver process
+# will make an attempt to change the current user ID to that user.
+#
+#proc-user=<user-name>
+
+# Group name to run the process. After the initialization, the turnserver process
+# will make an attempt to change the current group ID to that group.
+#
+#proc-group=<group-name>
+
+# Turn OFF the CLI support.
+# By default it is always ON.
+# See also options cli-ip and cli-port.
+#
+#no-cli
+
+#Local system IP address to be used for CLI server endpoint. Default value
+# is 127.0.0.1.
+#
+cli-ip=127.0.0.1
+
+# CLI server port. Default is 5766.
+#
+cli-port=5766
+
+# CLI access password. Default is empty (no password).
+# For the security reasons, it is recommended to use the encrypted
+# for of the password (see the -P command in the turnadmin utility).
+#
+# Secure form for password 'qwerty':
+#
+#cli-password=$5$79a316b350311570$81df9cfb9af7f5e5a76eada31e7097b663a0670f99a3c07ded3f1c8e59c5658a
+#
+# Or unsecure form for the same password:
+#
+#cli-password=qwerty
+cli-password=CHANGE_ME
+
+# Server relay. NON-STANDARD AND DANGEROUS OPTION.
+# Only for those applications when we want to run
+# server applications on the relay endpoints.
+# This option eliminates the IP permissions check on
+# the packets incoming to the relay endpoints.
+#
+#server-relay
+
+# Maximum number of output sessions in ps CLI command.
+# This value can be changed on-the-fly in CLI. The default value is 256.
+#
+#cli-max-output-sessions
+
+# Set network engine type for the process (for internal purposes).
+#
+#ne=[1|2|3]
+
+# Do not allow an TLS/DTLS version of protocol
+#
+#no-tlsv1
+#no-tlsv1_1
+#no-tlsv1_2
diff -Nru coturn-4.5.1.0/docker/cp-schema.sh coturn-4.5.1.1/docker/cp-schema.sh
--- coturn-4.5.1.0/docker/cp-schema.sh 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/cp-schema.sh 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,3 @@
+#!/bin/bash
+cp ../turndb/schema.sql mysql/
+cp ../turndb/schema.sql postgresql/
diff -Nru coturn-4.5.1.0/docker/docker-compose-all.yml coturn-4.5.1.1/docker/docker-compose-all.yml
--- coturn-4.5.1.0/docker/docker-compose-all.yml 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/docker-compose-all.yml 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,108 @@
+version: "3"
+services:
+
+# MySQL mariadb
+ mysql:
+ build:
+ context: ./mysql
+ restart: unless-stopped
+ volumes:
+ - mysql-data:/var/lib/mysql/data
+ env_file:
+ - mysql/mysql.env
+ networks:
+ - backend
+
+# PostgreSQL
+ postgresql:
+ build:
+ context: ./postgresql
+ restart: unless-stopped
+ volumes:
+ - postgresql-data:/var/lib/postgresql/data
+ env_file:
+ - postgresql/postgresql.env
+ networks:
+ - backend
+
+# Redis
+ redis:
+ build:
+ context: ./redis
+ restart: unless-stopped
+ volumes:
+ - redis-data:/data
+ env_file:
+ - redis/redis.env
+ networks:
+ - backend
+
+# MongoDB
+ mongodb:
+ image: mongo
+ restart: unless-stopped
+ volumes:
+ - mongodb-data:/data/db
+ env_file:
+ - mongodb/mongodb.env
+ networks:
+ - backend
+
+
+# coTURN
+ coturn:
+ build:
+ context: ./coturn
+ restart: always
+ volumes:
+ - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf
+ - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem
+ - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem
+ ports:
+## STUN/TURN
+ - "3478:3478"
+ - "3478:3478/udp"
+ - "3479:3479"
+ - "3479:3479/udp"
+ - "80:80"
+ - "80:80/udp"
+## STUN/TURN SSL
+ - "5349:5349"
+ - "5349:5349/udp"
+ - "5350:5350"
+ - "5350:5350/udp"
+ - "443:443"
+ - "443:443/udp"
+# Relay Ports
+# - "49152-65535:49152-65535"
+# - "49152-65535:49152-65535/udp"
+ networks:
+ - frontend
+ - backend
+ depends_on:
+ - mysql
+ - postgresql
+ - redis
+ - mongodb
+ env_file:
+ - coturn/coturn.env
+# DB
+ - mysql/mysql.env
+ - postgresql/postgresql.env
+ - redis/redis.env
+ - mongodb/mongodb.env
+volumes:
+ mysql-data:
+ postgresql-data:
+ redis-data:
+ mongodb-data:
+
+networks:
+ frontend:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 172.16.238.0/24
+ backend:
+ internal: true
diff -Nru coturn-4.5.1.0/docker/docker-compose-mongodb.yml coturn-4.5.1.1/docker/docker-compose-mongodb.yml
--- coturn-4.5.1.0/docker/docker-compose-mongodb.yml 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/docker-compose-mongodb.yml 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,63 @@
+version: "3"
+services:
+
+# MongoDB
+ mongodb:
+ image: mongo
+ restart: unless-stopped
+ volumes:
+ - mongodb-data:/data/db
+ env_file:
+ - mongodb/mongodb.env
+ networks:
+ - backend
+
+
+# coTURN
+ coturn:
+ build:
+ context: ./coturn
+ restart: always
+ volumes:
+ - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf
+ - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem
+ - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem
+ ports:
+## STUN/TURN
+ - "3478:3478"
+ - "3478:3478/udp"
+ - "3479:3479"
+ - "3479:3479/udp"
+ - "80:80"
+ - "80:80/udp"
+## STUN/TURN SSL
+ - "5349:5349"
+ - "5349:5349/udp"
+ - "5350:5350"
+ - "5350:5350/udp"
+ - "443:443"
+ - "443:443/udp"
+# Relay Ports
+# - "49152-65535:49152-65535"
+# - "49152-65535:49152-65535/udp"
+ networks:
+ - frontend
+ - backend
+ depends_on:
+ - mongodb
+ env_file:
+ - coturn/coturn.env
+# DB
+ - mongodb/mongodb.env
+volumes:
+ mongodb-data:
+
+networks:
+ frontend:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 172.16.238.0/24
+ backend:
+ internal: true
diff -Nru coturn-4.5.1.0/docker/docker-compose-mysql.yml coturn-4.5.1.1/docker/docker-compose-mysql.yml
--- coturn-4.5.1.0/docker/docker-compose-mysql.yml 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/docker-compose-mysql.yml 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,64 @@
+version: "3"
+services:
+
+# MySQL mariadb
+ mysql:
+ build:
+ context: ./mysql
+ restart: unless-stopped
+ volumes:
+ - mysql-data:/var/lib/mysql/data
+ env_file:
+ - mysql/mysql.env
+ networks:
+ - backend
+
+
+# coTURN
+ coturn:
+ build:
+ context: ./coturn
+ restart: always
+ volumes:
+ - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf
+ - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem
+ - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem
+ ports:
+## STUN/TURN
+ - "3478:3478"
+ - "3478:3478/udp"
+ - "3479:3479"
+ - "3479:3479/udp"
+ - "80:80"
+ - "80:80/udp"
+## STUN/TURN SSL
+ - "5349:5349"
+ - "5349:5349/udp"
+ - "5350:5350"
+ - "5350:5350/udp"
+ - "443:443"
+ - "443:443/udp"
+# Relay Ports
+# - "49152-65535:49152-65535"
+# - "49152-65535:49152-65535/udp"
+ networks:
+ - frontend
+ - backend
+ depends_on:
+ - mysql
+ env_file:
+ - coturn/coturn.env
+# DB
+ - mysql/mysql.env
+volumes:
+ mysql-data:
+
+networks:
+ frontend:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 172.16.238.0/24
+ backend:
+ internal: true
diff -Nru coturn-4.5.1.0/docker/docker-compose-postgresql.yml coturn-4.5.1.1/docker/docker-compose-postgresql.yml
--- coturn-4.5.1.0/docker/docker-compose-postgresql.yml 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/docker-compose-postgresql.yml 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,64 @@
+version: "3"
+services:
+
+# PostgreSQL
+ postgresql:
+ build:
+ context: ./postgresql
+ restart: unless-stopped
+ volumes:
+ - postgresql-data:/var/lib/postgresql/data
+ env_file:
+ - postgresql/postgresql.env
+ networks:
+ - backend
+
+
+# coTURN
+ coturn:
+ build:
+ context: ./coturn
+ restart: always
+ volumes:
+ - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf
+ - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem
+ - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem
+ ports:
+## STUN/TURN
+ - "3478:3478"
+ - "3478:3478/udp"
+ - "3479:3479"
+ - "3479:3479/udp"
+ - "80:80"
+ - "80:80/udp"
+## STUN/TURN SSL
+ - "5349:5349"
+ - "5349:5349/udp"
+ - "5350:5350"
+ - "5350:5350/udp"
+ - "443:443"
+ - "443:443/udp"
+# Relay Ports
+# - "49152-65535:49152-65535"
+# - "49152-65535:49152-65535/udp"
+ networks:
+ - frontend
+ - backend
+ depends_on:
+ - postgresql
+ env_file:
+ - coturn/coturn.env
+# DB
+ - postgresql/postgresql.env
+volumes:
+ postgresql-data:
+
+networks:
+ frontend:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 172.16.238.0/24
+ backend:
+ internal: true
diff -Nru coturn-4.5.1.0/docker/docker-compose-redis.yml coturn-4.5.1.1/docker/docker-compose-redis.yml
--- coturn-4.5.1.0/docker/docker-compose-redis.yml 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/docker-compose-redis.yml 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,64 @@
+version: "3"
+services:
+
+# Redis
+ redis:
+ build:
+ context: ./redis
+ restart: unless-stopped
+ volumes:
+ - redis-data:/data
+ env_file:
+ - redis/redis.env
+ networks:
+ - backend
+
+
+# coTURN
+ coturn:
+ build:
+ context: ./coturn
+ restart: always
+ volumes:
+ - ${PWD}/coturn/turnserver.conf:/etc/turnserver.conf
+ - ${PWD}/coturn/privkey.pem:/etc/ssl/private/privkey.pem
+ - ${PWD}/coturn/cert.pem:/etc/ssl/certs/cert.pem
+ ports:
+## STUN/TURN
+ - "3478:3478"
+ - "3478:3478/udp"
+ - "3479:3479"
+ - "3479:3479/udp"
+ - "80:80"
+ - "80:80/udp"
+## STUN/TURN SSL
+ - "5349:5349"
+ - "5349:5349/udp"
+ - "5350:5350"
+ - "5350:5350/udp"
+ - "443:443"
+ - "443:443/udp"
+# Relay Ports
+# - "49152-65535:49152-65535"
+# - "49152-65535:49152-65535/udp"
+ networks:
+ - frontend
+ - backend
+ depends_on:
+ - redis
+ env_file:
+ - coturn/coturn.env
+# DB
+ - redis/redis.env
+volumes:
+ redis-data:
+
+networks:
+ frontend:
+ driver: bridge
+ ipam:
+ driver: default
+ config:
+ - subnet: 172.16.238.0/24
+ backend:
+ internal: true
diff -Nru coturn-4.5.1.0/docker/mongodb/mongodb.env coturn-4.5.1.1/docker/mongodb/mongodb.env
--- coturn-4.5.1.0/docker/mongodb/mongodb.env 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/mongodb/mongodb.env 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,3 @@
+#MONGO_INITDB_ROOT_USERNAME=coturn
+#MONGO_INITDB_ROOT_PASSWORD=CHANGE_ME
+#MONGO_INITDB_DATABASE=coturn
diff -Nru coturn-4.5.1.0/docker/mysql/Dockerfile coturn-4.5.1.1/docker/mysql/Dockerfile
--- coturn-4.5.1.0/docker/mysql/Dockerfile 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/mysql/Dockerfile 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,6 @@
+### init db with coturn schema
+FROM mariadb
+
+ADD init-coturn-db.sql /docker-entrypoint-initdb.d
+
+ADD schema.sql /docker-entrypoint-initdb.d
diff -Nru coturn-4.5.1.0/docker/mysql/init-coturn-db.sql coturn-4.5.1.1/docker/mysql/init-coturn-db.sql
--- coturn-4.5.1.0/docker/mysql/init-coturn-db.sql 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/mysql/init-coturn-db.sql 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1 @@
+ALTER DATABASE coturn CHARACTER SET latin1;
diff -Nru coturn-4.5.1.0/docker/mysql/mysql.env coturn-4.5.1.1/docker/mysql/mysql.env
--- coturn-4.5.1.0/docker/mysql/mysql.env 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/mysql/mysql.env 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,6 @@
+MYSQL_ROOT_PASSWORD=CHANGE_ME
+
+MYSQL_USER=coturn
+MYSQL_PASSWORD=CHANGE_ME
+MYSQL_DATABASE=coturn
+
diff -Nru coturn-4.5.1.0/docker/mysql/schema.sql coturn-4.5.1.1/docker/mysql/schema.sql
--- coturn-4.5.1.0/docker/mysql/schema.sql 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/mysql/schema.sql 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,55 @@
+
+CREATE TABLE turnusers_lt (
+ realm varchar(127) default '',
+ name varchar(512),
+ hmackey char(128),
+ PRIMARY KEY (realm,name)
+);
+
+CREATE TABLE turn_secret (
+ realm varchar(127) default '',
+ value varchar(256),
+ primary key (realm,value)
+);
+
+CREATE TABLE allowed_peer_ip (
+ realm varchar(127) default '',
+ ip_range varchar(256),
+ primary key (realm,ip_range)
+);
+
+CREATE TABLE denied_peer_ip (
+ realm varchar(127) default '',
+ ip_range varchar(256),
+ primary key (realm,ip_range)
+);
+
+CREATE TABLE turn_origin_to_realm (
+ origin varchar(127),
+ realm varchar(127),
+ primary key (origin)
+);
+
+CREATE TABLE turn_realm_option (
+ realm varchar(127) default '',
+ opt varchar(32),
+ value varchar(128),
+ primary key (realm,opt)
+);
+
+CREATE TABLE oauth_key (
+ kid varchar(128),
+ ikm_key varchar(256),
+ timestamp bigint default 0,
+ lifetime integer default 0,
+ as_rs_alg varchar(64) default '',
+ realm varchar(127),
+ primary key (kid)
+);
+
+CREATE TABLE admin_user (
+ name varchar(32),
+ realm varchar(127),
+ password varchar(127),
+ primary key (name)
+);
diff -Nru coturn-4.5.1.0/docker/postgresql/Dockerfile coturn-4.5.1.1/docker/postgresql/Dockerfile
--- coturn-4.5.1.0/docker/postgresql/Dockerfile 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/postgresql/Dockerfile 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,4 @@
+### init db with coturn schema
+FROM postgres
+
+ADD schema.sql /docker-entrypoint-initdb.d
diff -Nru coturn-4.5.1.0/docker/postgresql/postgresql.env coturn-4.5.1.1/docker/postgresql/postgresql.env
--- coturn-4.5.1.0/docker/postgresql/postgresql.env 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/postgresql/postgresql.env 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,3 @@
+POSTGRES_USER=coturn
+POSTGRES_PASSWORD=CHANGE_ME
+POSTGRES_DB=coturn
diff -Nru coturn-4.5.1.0/docker/postgresql/schema.sql coturn-4.5.1.1/docker/postgresql/schema.sql
--- coturn-4.5.1.0/docker/postgresql/schema.sql 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/postgresql/schema.sql 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,55 @@
+
+CREATE TABLE turnusers_lt (
+ realm varchar(127) default '',
+ name varchar(512),
+ hmackey char(128),
+ PRIMARY KEY (realm,name)
+);
+
+CREATE TABLE turn_secret (
+ realm varchar(127) default '',
+ value varchar(256),
+ primary key (realm,value)
+);
+
+CREATE TABLE allowed_peer_ip (
+ realm varchar(127) default '',
+ ip_range varchar(256),
+ primary key (realm,ip_range)
+);
+
+CREATE TABLE denied_peer_ip (
+ realm varchar(127) default '',
+ ip_range varchar(256),
+ primary key (realm,ip_range)
+);
+
+CREATE TABLE turn_origin_to_realm (
+ origin varchar(127),
+ realm varchar(127),
+ primary key (origin)
+);
+
+CREATE TABLE turn_realm_option (
+ realm varchar(127) default '',
+ opt varchar(32),
+ value varchar(128),
+ primary key (realm,opt)
+);
+
+CREATE TABLE oauth_key (
+ kid varchar(128),
+ ikm_key varchar(256),
+ timestamp bigint default 0,
+ lifetime integer default 0,
+ as_rs_alg varchar(64) default '',
+ realm varchar(127),
+ primary key (kid)
+);
+
+CREATE TABLE admin_user (
+ name varchar(32),
+ realm varchar(127),
+ password varchar(127),
+ primary key (name)
+);
diff -Nru coturn-4.5.1.0/docker/README.docker coturn-4.5.1.1/docker/README.docker
--- coturn-4.5.1.0/docker/README.docker 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/README.docker 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,19 @@
+Before you begin
+ * copy db schema run ./cp_schema.sh
+ * edit turnserver/turnserver.cfg according your db selection (mysql or postgresql or redis or mongodb)
+
+# start
+
+ docker-compose -f docker-compose-all.yml up --build --detach
+
+# restart
+Notice: May restart needed for coturn container, if it could not access database yet, due initialization delay.
+ docker restart docker_coturn_1
+
+# stop
+ docker-compose -f docker-compose-all.yml down
+
+
+# Or Stop with volume removal
+ docker-compose down --volumes
+
diff -Nru coturn-4.5.1.0/docker/redis/Dockerfile coturn-4.5.1.1/docker/redis/Dockerfile
--- coturn-4.5.1.0/docker/redis/Dockerfile 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/redis/Dockerfile 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,6 @@
+### init db with coturn schema
+FROM redis
+
+COPY redis.conf /usr/local/etc/redis/redis.conf
+CMD [ "redis-server", "/usr/local/etc/redis/redis.conf" ]
+
diff -Nru coturn-4.5.1.0/docker/redis/redis.conf coturn-4.5.1.1/docker/redis/redis.conf
--- coturn-4.5.1.0/docker/redis/redis.conf 1970-01-01 01:00:00.000000000 +0100
+++ coturn-4.5.1.1/docker/redis/redis.conf 2019-03-02 23:11:57.000000000 +0100
@@ -0,0 +1,3 @@
+timeout 0
+tcp-keepalive 60
+requirepass CHANGE_ME
diff -Nru coturn-4.5.1.0/Dockerfile.build coturn-4.5.1.1/Dockerfile.build
--- coturn-4.5.1.0/Dockerfile.build 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/Dockerfile.build 2019-03-02 23:11:57.000000000 +0100
@@ -7,5 +7,4 @@
libsqlite3-dev \
libevent-dev \
g++ \
- libboost-dev \
- libevent-dev
+ libboost-dev
diff -Nru coturn-4.5.1.0/examples/etc/turnserver.conf coturn-4.5.1.1/examples/etc/turnserver.conf
--- coturn-4.5.1.0/examples/etc/turnserver.conf 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/examples/etc/turnserver.conf 2019-03-02 23:11:57.000000000 +0100
@@ -679,6 +679,11 @@
#
#web-admin-port=8080
+# Web-admin server listen on STUN/TURN worker threads
+# By default it is disabled for security resons! (Not recommended in any production environment!)
+#
+#web-admin-listen-on-workers
+
# Server relay. NON-STANDARD AND DANGEROUS OPTION.
# Only for those applications when we want to run
# server applications on the relay endpoints.
diff -Nru coturn-4.5.1.0/INSTALL coturn-4.5.1.1/INSTALL
--- coturn-4.5.1.0/INSTALL 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/INSTALL 2019-03-02 23:11:57.000000000 +0100
@@ -6,7 +6,9 @@
http://packages.qa.debian.org/r/coturn.html
-If you are using the Debian package from the project download site,
+which can be installed the usual way: apt install coturn
+
+If instead you are using the Debian package from the project download site,
then follow these instructions:
Unpack the archive:
diff -Nru coturn-4.5.1.0/man/man1/coturn.1 coturn-4.5.1.1/man/man1/coturn.1
--- coturn-4.5.1.0/man/man1/coturn.1 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/man/man1/coturn.1 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
-.TH TURN 1 "31 October 2018" "" ""
+.TH TURN 1 "29 January 2019" "" ""
.SH GENERAL INFORMATION
The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
@@ -813,7 +813,7 @@
\fB\-\-web\-admin\-listen\-on\-workers\fP
Enable for web\-admin server to listens on STUN/TURN workers STUN/TURN ports.
By default it is disabled for security resons!
-(This beahvior used to be the default bahavior, and was enabled by default.)
+(This behavior used to be the default behavior, and was enabled by default.)
.TP
.B
\fB\-\-ne\fP=[1|2|3]
diff -Nru coturn-4.5.1.0/man/man1/turnadmin.1 coturn-4.5.1.1/man/man1/turnadmin.1
--- coturn-4.5.1.0/man/man1/turnadmin.1 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/man/man1/turnadmin.1 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
-.TH TURN 1 "31 October 2018" "" ""
+.TH TURN 1 "29 January 2019" "" ""
.SH GENERAL INFORMATION
\fIturnadmin\fP is a TURN administration tool. This tool can be used to manage
diff -Nru coturn-4.5.1.0/man/man1/turnserver.1 coturn-4.5.1.1/man/man1/turnserver.1
--- coturn-4.5.1.0/man/man1/turnserver.1 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/man/man1/turnserver.1 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
-.TH TURN 1 "31 October 2018" "" ""
+.TH TURN 1 "29 January 2019" "" ""
.SH GENERAL INFORMATION
The \fBTURN Server\fP project contains the source code of a TURN server and TURN client
@@ -813,7 +813,7 @@
\fB\-\-web\-admin\-listen\-on\-workers\fP
Enable for web\-admin server to listens on STUN/TURN workers STUN/TURN ports.
By default it is disabled for security resons!
-(This beahvior used to be the default bahavior, and was enabled by default.)
+(This behavior used to be the default behavior, and was enabled by default.)
.TP
.B
\fB\-\-ne\fP=[1|2|3]
diff -Nru coturn-4.5.1.0/man/man1/turnutils.1 coturn-4.5.1.1/man/man1/turnutils.1
--- coturn-4.5.1.0/man/man1/turnutils.1 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/man/man1/turnutils.1 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
-.TH TURN 1 "31 October 2018" "" ""
+.TH TURN 1 "29 January 2019" "" ""
.SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used
diff -Nru coturn-4.5.1.0/man/man1/turnutils_natdiscovery.1 coturn-4.5.1.1/man/man1/turnutils_natdiscovery.1
--- coturn-4.5.1.0/man/man1/turnutils_natdiscovery.1 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/man/man1/turnutils_natdiscovery.1 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
-.TH TURN 1 "31 October 2018" "" ""
+.TH TURN 1 "29 January 2019" "" ""
.SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used
diff -Nru coturn-4.5.1.0/man/man1/turnutils_oauth.1 coturn-4.5.1.1/man/man1/turnutils_oauth.1
--- coturn-4.5.1.0/man/man1/turnutils_oauth.1 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/man/man1/turnutils_oauth.1 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
-.TH TURN 1 "31 October 2018" "" ""
+.TH TURN 1 "29 January 2019" "" ""
.SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used
diff -Nru coturn-4.5.1.0/man/man1/turnutils_peer.1 coturn-4.5.1.1/man/man1/turnutils_peer.1
--- coturn-4.5.1.0/man/man1/turnutils_peer.1 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/man/man1/turnutils_peer.1 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
-.TH TURN 1 "31 October 2018" "" ""
+.TH TURN 1 "29 January 2019" "" ""
.SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used
diff -Nru coturn-4.5.1.0/man/man1/turnutils_stunclient.1 coturn-4.5.1.1/man/man1/turnutils_stunclient.1
--- coturn-4.5.1.0/man/man1/turnutils_stunclient.1 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/man/man1/turnutils_stunclient.1 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
-.TH TURN 1 "31 October 2018" "" ""
+.TH TURN 1 "29 January 2019" "" ""
.SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used
diff -Nru coturn-4.5.1.0/man/man1/turnutils_uclient.1 coturn-4.5.1.1/man/man1/turnutils_uclient.1
--- coturn-4.5.1.0/man/man1/turnutils_uclient.1 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/man/man1/turnutils_uclient.1 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
.\" Text automatically generated by txt2man
-.TH TURN 1 "31 October 2018" "" ""
+.TH TURN 1 "29 January 2019" "" ""
.SH GENERAL INFORMATION
A set of turnutils_* programs provides some utility functionality to be used
diff -Nru coturn-4.5.1.0/README.turnserver coturn-4.5.1.1/README.turnserver
--- coturn-4.5.1.0/README.turnserver 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/README.turnserver 2019-03-02 23:11:57.000000000 +0100
@@ -563,7 +563,7 @@
--web-admin-port=<port> Web-admin server port. Default is 8080.
--web-admin-listen-on-workers Enable for web-admin server to listens on STUN/TURN workers STUN/TURN ports.
By default it is disabled for security resons!
- (This beahvior used to be the default bahavior, and was enabled by default.)
+ (This behavior used to be the default behavior, and was enabled by default.)
--ne=[1|2|3] Set network engine type for the process (for internal purposes).
diff -Nru coturn-4.5.1.0/rpm/build.settings.sh coturn-4.5.1.1/rpm/build.settings.sh
--- coturn-4.5.1.0/rpm/build.settings.sh 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/rpm/build.settings.sh 2019-03-02 23:11:57.000000000 +0100
@@ -2,7 +2,7 @@
# Common settings script.
-TURNVERSION=4.5.1.0
+TURNVERSION=4.5.1.1
BUILDDIR=~/rpmbuild
ARCH=`uname -p`
TURNSERVER_GIT_URL=https://github.com/coturn/coturn.git
diff -Nru coturn-4.5.1.0/rpm/turnserver.spec coturn-4.5.1.1/rpm/turnserver.spec
--- coturn-4.5.1.0/rpm/turnserver.spec 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/rpm/turnserver.spec 2019-03-02 23:11:57.000000000 +0100
@@ -1,5 +1,5 @@
Name: turnserver
-Version: 4.5.1.0
+Version: 4.5.1.1
Release: 0%{dist}
Summary: Coturn TURN Server
@@ -204,6 +204,7 @@
%{_datadir}/%{name}/scripts/peer.sh
%{_datadir}/%{name}/scripts/oauth.sh
%{_datadir}/%{name}/scripts/readme.txt
+%{_datadir}/%{name}/scripts/pack.sh
%dir %{_datadir}/%{name}/scripts/basic
%{_datadir}/%{name}/scripts/basic/dos_attack.sh
%{_datadir}/%{name}/scripts/basic/relay.sh
@@ -295,6 +296,8 @@
%{_includedir}/turn/client/TurnMsgLib.h
%changelog
+* Sat Mar 2 2019 Mészáros Mihály <misi@majd.eu>
+ - Sync to 4.5.1.1
* Thu Dec 6 2018 Mészáros Mihály <misi@majd.eu>
- Sync to 4.5.1.0
* Thu Sep 27 2018 Oleg Moskalenko <mom040267@gmail.com>
diff -Nru coturn-4.5.1.0/src/apps/natdiscovery/natdiscovery.c coturn-4.5.1.1/src/apps/natdiscovery/natdiscovery.c
--- coturn-4.5.1.0/src/apps/natdiscovery/natdiscovery.c 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/src/apps/natdiscovery/natdiscovery.c 2019-03-02 23:11:57.000000000 +0100
@@ -737,7 +737,7 @@
run_stunclient(&local_addr, &remote_addr, &reflexive_addr, &other_addr, &local_port, &rfc5780,0,0,padding);
if(addr_eq(&tmp_addr,&reflexive_addr)){
- discoveryresult("NAT with Enpoint Independent Mapping!");
+ discoveryresult("NAT with Endpoint Independent Mapping!");
} else {
addr_cpy(&tmp_addr, &reflexive_addr);
addr_cpy(&remote_addr, &other_addr);
@@ -767,7 +767,7 @@
int res=0;
res=run_stunclient(&local_addr, &remote_addr, &reflexive_addr, &other_addr, &local_port, &rfc5780,1,1,padding);
if (!res) {
- discoveryresult("NAT with Enpoint Independent Filtering!");
+ discoveryresult("NAT with Endpoint Independent Filtering!");
} else {
res=0;
res=run_stunclient(&local_addr, &remote_addr, &reflexive_addr, &other_addr, &local_port, &rfc5780,0,1,padding);
diff -Nru coturn-4.5.1.0/src/apps/relay/mainrelay.c coturn-4.5.1.1/src/apps/relay/mainrelay.c
--- coturn-4.5.1.0/src/apps/relay/mainrelay.c 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/src/apps/relay/mainrelay.c 2019-03-02 23:11:57.000000000 +0100
@@ -431,7 +431,7 @@
" In more complex case when more than one IP address is involved,\n"
" that option must be used several times in the command line, each entry must\n"
" have form \"-X public-ip/private-ip\", to map all involved addresses.\n"
-" --allow-loopback-peers Allow peers on the loopback addresses (127.x.x.x and ::1).\n"
+" --allow-loopback-peers Allow peers on the loopback addresses (127.x.x.x and ::1).\n"
" --no-multicast-peers Disallow peers on well-known broadcast addresses (224.0.0.0 and above, and FFXX:*).\n"
" -m, --relay-threads <number> Number of relay threads to handle the established connections\n"
" (in addition to authentication thread and the listener thread).\n"
@@ -630,9 +630,9 @@
" --web-admin-ip=<IP> Local system IP address to be used for Web-admin server endpoint. Default value\n"
" is 127.0.0.1.\n"
" --web-admin-port=<port> Web-admin server port. Default is 8080.\n"
-" --web-admin-listen-on-workers Enable for web-admin server to listens on STUN/TURN workers STUN/TURN ports.\n"
+" --web-admin-listen-on-workers Enable for web-admin server to listens on STUN/TURN workers STUN/TURN ports.\n"
" By default it is disabled for security resons!\n"
-" (This beahvior used to be the default bahavior, and was enabled by default.)\n"
+" (This behavior used to be the default behavior, and was enabled by default.)\n"
" --server-relay Server relay. NON-STANDARD AND DANGEROUS OPTION. Only for those applications\n"
" when we want to run server applications on the relay endpoints.\n"
" This option eliminates the IP permissions check on the packets\n"
diff -Nru coturn-4.5.1.0/src/apps/relay/ns_ioalib_engine_impl.c coturn-4.5.1.1/src/apps/relay/ns_ioalib_engine_impl.c
--- coturn-4.5.1.0/src/apps/relay/ns_ioalib_engine_impl.c 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/src/apps/relay/ns_ioalib_engine_impl.c 2019-03-02 23:11:57.000000000 +0100
@@ -2055,7 +2055,7 @@
switch(l) {
case IPPROTO_IP:
switch(t) {
-#if defined(IP_RECVTTL)
+#if defined(IP_RECVTTL) && !defined(__sparc_v9__)
case IP_RECVTTL:
case IP_TTL:
recv_ttl = *((recv_ttl_t *) CMSG_DATA(cmsgh));
@@ -2083,7 +2083,7 @@
break;
case IPPROTO_IPV6:
switch(t) {
-#if defined(IPV6_RECVHOPLIMIT)
+#if defined(IPV6_RECVHOPLIMIT) && !defined(__sparc_v9__)
case IPV6_RECVHOPLIMIT:
case IPV6_HOPLIMIT:
recv_ttl = *((recv_ttl_t *) CMSG_DATA(cmsgh));
diff -Nru coturn-4.5.1.0/src/apps/relay/turn_admin_server.c coturn-4.5.1.1/src/apps/relay/turn_admin_server.c
--- coturn-4.5.1.0/src/apps/relay/turn_admin_server.c 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/src/apps/relay/turn_admin_server.c 2019-03-02 23:11:57.000000000 +0100
@@ -1668,7 +1668,7 @@
send_str_from_ioa_socket_tcp(s,"\r\n");
send_str_from_ioa_socket_tcp(s,get_http_date_header());
if(cclose) {
- send_str_from_ioa_socket_tcp(s,"Connection: close");
+ send_str_from_ioa_socket_tcp(s,"Connection: close\r\n");
}
send_str_from_ioa_socket_tcp(s,"Content-Type: text/html; charset=UTF-8\r\nContent-Length: ");
@@ -3295,7 +3295,7 @@
s->special_session_size = sizeof(struct admin_session);
}
- if(!(as->as_ok) && uname && is_secure_string((const u08bits*)uname,1)) {
+ if(!(as->as_ok) && uname && is_secure_string((const u08bits*)uname,1) && pwd) {
const turn_dbdriver_t * dbd = get_dbdriver();
if (dbd && dbd->get_admin_user) {
password_t password;
diff -Nru coturn-4.5.1.0/src/apps/uclient/uclient.c coturn-4.5.1.1/src/apps/uclient/uclient.c
--- coturn-4.5.1.0/src/apps/uclient/uclient.c 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/src/apps/uclient/uclient.c 2019-03-02 23:11:57.000000000 +0100
@@ -672,14 +672,15 @@
uint16_t chnumber = 0;
- const message_info *mi = NULL;
-
+ message_info mi;
+ int miset=0;
size_t buffers = 1;
if(is_tcp_data) {
- if ((int)elem->in_buffer.len == clmessage_length) {
- mi = (message_info*)(elem->in_buffer.buf);
- }
+ if ((int)elem->in_buffer.len == clmessage_length) {
+ ns_bcopy((elem->in_buffer.buf), &mi, sizeof(message_info));
+ miset=1;
+ }
} else if (stun_is_indication(&(elem->in_buffer))) {
uint16_t method = stun_get_method(&elem->in_buffer);
@@ -726,7 +727,8 @@
const u08bits* data = stun_attr_get_value(sar);
- mi = (const message_info*) data;
+ ns_bcopy(data, &mi, sizeof(message_info));
+ miset=1;
}
} else if (stun_is_success_response(&(elem->in_buffer))) {
@@ -781,7 +783,8 @@
return rc;
}
- mi = (message_info*)(elem->in_buffer.buf + 4);
+ ns_bcopy(elem->in_buffer.buf + 4, &mi, sizeof(message_info));
+ miset=1;
applen = elem->in_buffer.len -4;
}
} else {
@@ -790,15 +793,15 @@
return rc;
}
- if(mi) {
+ if(miset) {
/*
printf("%s: 111.111: msgnum=%d, rmsgnum=%d, sent=%lu, recv=%lu\n",__FUNCTION__,
mi->msgnum,elem->recvmsgnum,(unsigned long)mi->mstime,(unsigned long)current_mstime);
*/
- if(mi->msgnum != elem->recvmsgnum+1)
+ if(mi.msgnum != elem->recvmsgnum+1)
++(elem->loss);
else {
- u64bits clatency = (u64bits)time_minus(current_mstime,mi->mstime);
+ u64bits clatency = (u64bits)time_minus(current_mstime,mi.mstime);
if(clatency>max_latency)
max_latency = clatency;
if(clatency<min_latency)
@@ -816,7 +819,7 @@
}
}
- elem->recvmsgnum = mi->msgnum;
+ elem->recvmsgnum = mi.msgnum;
}
elem->rmsgnum+=buffers;
diff -Nru coturn-4.5.1.0/src/client/ns_turn_ioaddr.c coturn-4.5.1.1/src/client/ns_turn_ioaddr.c
--- coturn-4.5.1.0/src/client/ns_turn_ioaddr.c 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/src/client/ns_turn_ioaddr.c 2019-03-02 23:11:57.000000000 +0100
@@ -106,7 +106,8 @@
if (addr->ss.sa_family == AF_INET) {
ret = hash_int32(addr->s4.sin_addr.s_addr + addr->s4.sin_port);
} else {
- const u64bits *a = (const u64bits *) (&(addr->s6.sin6_addr));
+ u64bits a[2];
+ ns_bcopy(&(addr->s6.sin6_addr), &a, sizeof(a));
ret = (u32bits)((hash_int64(a[0])<<3) + (hash_int64(a[1] + addr->s6.sin6_port)));
}
return ret;
@@ -121,7 +122,8 @@
if (addr->ss.sa_family == AF_INET) {
ret = hash_int32(addr->s4.sin_addr.s_addr);
} else {
- const u64bits *a = (const u64bits *) (&(addr->s6.sin6_addr));
+ u64bits a[2];
+ ns_bcopy(&(addr->s6.sin6_addr), &a, sizeof(a));
ret = (u32bits)((hash_int64(a[0])<<3) + (hash_int64(a[1])));
}
return ret;
@@ -153,10 +155,8 @@
return 1;
}
} else if(a1->ss.sa_family == AF_INET6 && a1->s6.sin6_port == a2->s6.sin6_port) {
- const u64bits *p1=(const u64bits *)(&(a1->s6.sin6_addr));
- const u64bits *p2=(const u64bits *)(&(a2->s6.sin6_addr));
- if(p1[0]==p2[0] && p1[1]==p2[1]) {
- return 1;
+ if( memcmp(&(a1->s6.sin6_addr), &(a2->s6.sin6_addr) ,sizeof(struct in6_addr)) == 0 ) {
+ return 1;
}
}
}
@@ -175,11 +175,9 @@
return 1;
}
} else if(a1->ss.sa_family == AF_INET6) {
- const u64bits *p1=(const u64bits *)(&(a1->s6.sin6_addr));
- const u64bits *p2=(const u64bits *)(&(a2->s6.sin6_addr));
- if(p1[0]==p2[0] && p1[1]==p2[1]) {
- return 1;
- }
+ if( memcmp(&(a1->s6.sin6_addr), &(a2->s6.sin6_addr) ,sizeof(struct in6_addr)) == 0 ) {
+ return 1;
+ }
}
}
return 0;
diff -Nru coturn-4.5.1.0/src/client/ns_turn_msg.c coturn-4.5.1.1/src/client/ns_turn_msg.c
--- coturn-4.5.1.0/src/client/ns_turn_msg.c 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/src/client/ns_turn_msg.c 2019-03-02 23:11:57.000000000 +0100
@@ -1296,7 +1296,9 @@
if(attr) {
const u08bits* value = stun_attr_get_value(attr);
if(value && (stun_attr_get_len(attr) == 8)) {
- return nswap64(((const u64bits*)value)[0]);
+ u64bits token;
+ ns_bcopy(value, &token, sizeof(u64bits));
+ return nswap64(token);
}
}
return 0;
@@ -2432,8 +2434,9 @@
ns_bcopy(dtoken->enc_block.mac_key,orig_field+len,dtoken->enc_block.key_length);
len += dtoken->enc_block.key_length;
- *((uint64_t*)(orig_field+len)) = nswap64(dtoken->enc_block.timestamp);
- len += 8;
+ uint64_t ts = nswap64(dtoken->enc_block.timestamp);
+ ns_bcopy( &ts, (orig_field+len), sizeof(ts));
+ len += sizeof(ts);
*((uint32_t*)(orig_field+len)) = nswap32(dtoken->enc_block.lifetime);
len += 4;
@@ -2608,11 +2611,15 @@
ns_bcopy(decoded_field+len,dtoken->enc_block.mac_key,dtoken->enc_block.key_length);
len += dtoken->enc_block.key_length;
- dtoken->enc_block.timestamp = nswap64(*((uint64_t*)(decoded_field+len)));
- len += 8;
-
- dtoken->enc_block.lifetime = nswap32(*((uint32_t*)(decoded_field+len)));
- len += 4;
+ uint64_t ts;
+ ns_bcopy((decoded_field+len),&ts,sizeof(ts));
+ dtoken->enc_block.timestamp = nswap64(ts);
+ len += sizeof(ts);
+
+ uint32_t lt;
+ ns_bcopy((decoded_field+len),<,sizeof(lt));
+ dtoken->enc_block.lifetime = nswap32(lt);
+ len += sizeof(lt);
return 0;
}
diff -Nru coturn-4.5.1.0/src/ns_turn_defs.h coturn-4.5.1.1/src/ns_turn_defs.h
--- coturn-4.5.1.0/src/ns_turn_defs.h 2019-01-18 13:35:39.000000000 +0100
+++ coturn-4.5.1.1/src/ns_turn_defs.h 2019-03-02 23:11:57.000000000 +0100
@@ -31,7 +31,7 @@
#ifndef __IOADEFS__
#define __IOADEFS__
-#define TURN_SERVER_VERSION "4.5.1.0"
+#define TURN_SERVER_VERSION "4.5.1.1"
#define TURN_SERVER_VERSION_NAME "dan Eider"
#define TURN_SOFTWARE "Coturn-" TURN_SERVER_VERSION " '" TURN_SERVER_VERSION_NAME "'"
--- End Message ---