nixpkgs/pkgs/servers/coturn/default.nix

{ lib
, stdenv
, fetchFromGitHub
, fetchpatch
, openssl
, libevent
, pkg-config
, libprom
, libpromhttp
, libmicrohttpd
, sqlite
, nixosTests
}:

stdenv.mkDerivation rec {
  pname = "coturn";
  version = "4.6.2";

  src = fetchFromGitHub {
    owner = "coturn";
    repo = "coturn";
    rev = "refs/tags/${version}";
    hash = "sha256-BKIto762W7UkKjzIm3eVU18oiHpYUMQYJihebYxBOZs=";
  };

  nativeBuildInputs = [
    pkg-config
  ];

  buildInputs = [
    openssl
    (libevent.override { inherit openssl; })
    libprom
    libpromhttp
    libmicrohttpd
    sqlite.dev
  ];

  patches = [
    ./pure-configure.patch
  ];

  # Workaround build failure on -fno-common toolchains like upstream
  # gcc-10. Otherwise build fails as:
  #   ld: ...-libprom-0.1.1/include/prom_collector_registry.h:37: multiple definition of
  #     `PROM_COLLECTOR_REGISTRY_DEFAULT'; ...-libprom-0.1.1/include/prom_collector_registry.h:37: first defined here
  # Should be fixed in libprom-1.2.0 and later: https://github.com/digitalocean/prometheus-client-c/pull/25
  env.NIX_CFLAGS_COMPILE = "-fcommon";

  passthru.tests.coturn = nixosTests.coturn;

  meta = with lib; {
    description = "A TURN server";
    homepage = "https://coturn.net/";
    changelog = "https://github.com/coturn/coturn/blob/${version}/ChangeLog";
    license = with licenses; [ bsd3 ];
    platforms = platforms.all;
    maintainers = with maintainers; [ ralith _0x4A6F ];
    broken = stdenv.isDarwin; # 2018-10-21
  };
}
coturn: 4.5.1.3 -> 4.5.2 Version 4.5.2 'dan Eider': - fix null pointer dereference in case of out of memory. (thanks to Thomas Moeller for the report) - merge PR 517 (by wolmi) * add prometheus metrics - merge PR 637 (by David Florness) * Delete trailing whitespace in example configuration files - merge PR 631 (by Debabrata Deka) * Add architecture ppc64le to travis build - merge PR 627 (by Samuel) * Fix misleading option in doc (prometheus) - merge PR 643 (by tupelo-schneck) * Allow RFC6062 TCP relay data to look like TLS - merge PR 655 (by plinss) * Add support for proxy protocol V1 - merge PR 618 (by Paul Wayper) * Print full date and time in logs * Add new options: "new-log-timestamp" and "new-log-timestamp-format" - merge PR 599 (by Cédric Krier) * Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL - update Docker mongoDB and fix with workaround the missing systemctl - merge PR 660 (by Camden Narzt) * fix compilation on macOS Big Sur - merge PR 546 (by jelmd) * Add ACME redirect url - merge PR 551 (by jelmd) * support of --acme-redirect <URL> - merge PR 672 further acme fixes (by jemld) * fix acme security, redundancy, consistency - Disable binding request logging to avoid DoS attacks. (Breaking change!) * Add new --log-binding option to enable binding request logging - Fix stale-nonce documentation. Resolves 604 - Version number is changed to semver 2.0 - Merge PR 288 (by Hristo Venev) * pkg-config, and various cleanups in configure file - Add systemd notification for better systemd integration - Fix Issue 621 (by ycaibb) * Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function - Fix Issue 600 (by ycaibb) * Fix: use-after-free vulnerability on write_to_peerchannel function - Fix Issue 601 (by ycaibb) * Fix: use-after-free vulnerability on write_client_connection function - Little refactoring prometheus * Fix c++ support * Simplify (as agreed in Issue 666) * Remove session id/allocation labels * Remove per session metrics. We should later add more counters. - Fix CVE-2020-26262 (credits: Enable-Security) * Fix ipv6 ::1 loopback check * Not allow allocate peer address 0.0.0.0/8 and ::/128 * For more details see the github security advisory: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p 2021-01-11 10:27:59 +00:00			`{ lib`
			`, stdenv`
			`, fetchFromGitHub`
			`, fetchpatch`
			`, openssl`
			`, libevent`
			`, pkg-config`
			`, libprom`
			`, libpromhttp`
			`, libmicrohttpd`
coturn: enable sqlite support Coturn uses SQL databases to store authentication credentials. Most users of coturn are going to expect sqlite support, since that's the default db Without this being available during build, the default configure script disabled SQLite support, providing a coturn on NixOS that does not behave in the default manner. 2022-08-30 03:51:38 +00:00			`, sqlite`
coturn: add test for static-auth-secret-file Adds passthru.tests.coturn = nixosTests.coturn; 2021-07-03 07:33:39 +00:00			`, nixosTests`
coturn: 4.5.1.3 -> 4.5.2 Version 4.5.2 'dan Eider': - fix null pointer dereference in case of out of memory. (thanks to Thomas Moeller for the report) - merge PR 517 (by wolmi) * add prometheus metrics - merge PR 637 (by David Florness) * Delete trailing whitespace in example configuration files - merge PR 631 (by Debabrata Deka) * Add architecture ppc64le to travis build - merge PR 627 (by Samuel) * Fix misleading option in doc (prometheus) - merge PR 643 (by tupelo-schneck) * Allow RFC6062 TCP relay data to look like TLS - merge PR 655 (by plinss) * Add support for proxy protocol V1 - merge PR 618 (by Paul Wayper) * Print full date and time in logs * Add new options: "new-log-timestamp" and "new-log-timestamp-format" - merge PR 599 (by Cédric Krier) * Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL - update Docker mongoDB and fix with workaround the missing systemctl - merge PR 660 (by Camden Narzt) * fix compilation on macOS Big Sur - merge PR 546 (by jelmd) * Add ACME redirect url - merge PR 551 (by jelmd) * support of --acme-redirect <URL> - merge PR 672 further acme fixes (by jemld) * fix acme security, redundancy, consistency - Disable binding request logging to avoid DoS attacks. (Breaking change!) * Add new --log-binding option to enable binding request logging - Fix stale-nonce documentation. Resolves 604 - Version number is changed to semver 2.0 - Merge PR 288 (by Hristo Venev) * pkg-config, and various cleanups in configure file - Add systemd notification for better systemd integration - Fix Issue 621 (by ycaibb) * Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function - Fix Issue 600 (by ycaibb) * Fix: use-after-free vulnerability on write_to_peerchannel function - Fix Issue 601 (by ycaibb) * Fix: use-after-free vulnerability on write_client_connection function - Little refactoring prometheus * Fix c++ support * Simplify (as agreed in Issue 666) * Remove session id/allocation labels * Remove per session metrics. We should later add more counters. - Fix CVE-2020-26262 (credits: Enable-Security) * Fix ipv6 ::1 loopback check * Not allow allocate peer address 0.0.0.0/8 and ::/128 * For more details see the github security advisory: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p 2021-01-11 10:27:59 +00:00			`}:`
coturn: init at 4.5.0.3 (#16284) 2016-06-21 10:59:29 +00:00
			`stdenv.mkDerivation rec {`
treewide: name -> pname (easy cases) (#66585) treewide replacement of stdenv.mkDerivation rec { name = "-${version}"; version = ""; to pname 2019-08-15 12:41:18 +00:00			`pname = "coturn";`
coturn: 4.6.1 -> 4.6.2 2023-05-10 18:35:21 +00:00			`version = "4.6.2";`
coturn: init at 4.5.0.3 (#16284) 2016-06-21 10:59:29 +00:00
			`src = fetchFromGitHub {`
			`owner = "coturn";`
			`repo = "coturn";`
coturn: add changelog to meta 2022-12-05 08:17:34 +00:00			`rev = "refs/tags/${version}";`
coturn: 4.6.1 -> 4.6.2 2023-05-10 18:35:21 +00:00			`hash = "sha256-BKIto762W7UkKjzIm3eVU18oiHpYUMQYJihebYxBOZs=";`
coturn: init at 4.5.0.3 (#16284) 2016-06-21 10:59:29 +00:00			`};`

coturn: add changelog to meta 2022-12-05 08:17:34 +00:00			`nativeBuildInputs = [`
			`pkg-config`
			`];`

coturn: 4.5.1.3 -> 4.5.2 Version 4.5.2 'dan Eider': - fix null pointer dereference in case of out of memory. (thanks to Thomas Moeller for the report) - merge PR 517 (by wolmi) * add prometheus metrics - merge PR 637 (by David Florness) * Delete trailing whitespace in example configuration files - merge PR 631 (by Debabrata Deka) * Add architecture ppc64le to travis build - merge PR 627 (by Samuel) * Fix misleading option in doc (prometheus) - merge PR 643 (by tupelo-schneck) * Allow RFC6062 TCP relay data to look like TLS - merge PR 655 (by plinss) * Add support for proxy protocol V1 - merge PR 618 (by Paul Wayper) * Print full date and time in logs * Add new options: "new-log-timestamp" and "new-log-timestamp-format" - merge PR 599 (by Cédric Krier) * Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL - update Docker mongoDB and fix with workaround the missing systemctl - merge PR 660 (by Camden Narzt) * fix compilation on macOS Big Sur - merge PR 546 (by jelmd) * Add ACME redirect url - merge PR 551 (by jelmd) * support of --acme-redirect <URL> - merge PR 672 further acme fixes (by jemld) * fix acme security, redundancy, consistency - Disable binding request logging to avoid DoS attacks. (Breaking change!) * Add new --log-binding option to enable binding request logging - Fix stale-nonce documentation. Resolves 604 - Version number is changed to semver 2.0 - Merge PR 288 (by Hristo Venev) * pkg-config, and various cleanups in configure file - Add systemd notification for better systemd integration - Fix Issue 621 (by ycaibb) * Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function - Fix Issue 600 (by ycaibb) * Fix: use-after-free vulnerability on write_to_peerchannel function - Fix Issue 601 (by ycaibb) * Fix: use-after-free vulnerability on write_client_connection function - Little refactoring prometheus * Fix c++ support * Simplify (as agreed in Issue 666) * Remove session id/allocation labels * Remove per session metrics. We should later add more counters. - Fix CVE-2020-26262 (credits: Enable-Security) * Fix ipv6 ::1 loopback check * Not allow allocate peer address 0.0.0.0/8 and ::/128 * For more details see the github security advisory: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p 2021-01-11 10:27:59 +00:00			`buildInputs = [`
			`openssl`
coturn: override libevent openssl libevent propagates openssl coturn crashes when it has two different versions of openssl 2022-12-14 21:30:55 +00:00			`(libevent.override { inherit openssl; })`
coturn: 4.5.1.3 -> 4.5.2 Version 4.5.2 'dan Eider': - fix null pointer dereference in case of out of memory. (thanks to Thomas Moeller for the report) - merge PR 517 (by wolmi) * add prometheus metrics - merge PR 637 (by David Florness) * Delete trailing whitespace in example configuration files - merge PR 631 (by Debabrata Deka) * Add architecture ppc64le to travis build - merge PR 627 (by Samuel) * Fix misleading option in doc (prometheus) - merge PR 643 (by tupelo-schneck) * Allow RFC6062 TCP relay data to look like TLS - merge PR 655 (by plinss) * Add support for proxy protocol V1 - merge PR 618 (by Paul Wayper) * Print full date and time in logs * Add new options: "new-log-timestamp" and "new-log-timestamp-format" - merge PR 599 (by Cédric Krier) * Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL - update Docker mongoDB and fix with workaround the missing systemctl - merge PR 660 (by Camden Narzt) * fix compilation on macOS Big Sur - merge PR 546 (by jelmd) * Add ACME redirect url - merge PR 551 (by jelmd) * support of --acme-redirect <URL> - merge PR 672 further acme fixes (by jemld) * fix acme security, redundancy, consistency - Disable binding request logging to avoid DoS attacks. (Breaking change!) * Add new --log-binding option to enable binding request logging - Fix stale-nonce documentation. Resolves 604 - Version number is changed to semver 2.0 - Merge PR 288 (by Hristo Venev) * pkg-config, and various cleanups in configure file - Add systemd notification for better systemd integration - Fix Issue 621 (by ycaibb) * Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function - Fix Issue 600 (by ycaibb) * Fix: use-after-free vulnerability on write_to_peerchannel function - Fix Issue 601 (by ycaibb) * Fix: use-after-free vulnerability on write_client_connection function - Little refactoring prometheus * Fix c++ support * Simplify (as agreed in Issue 666) * Remove session id/allocation labels * Remove per session metrics. We should later add more counters. - Fix CVE-2020-26262 (credits: Enable-Security) * Fix ipv6 ::1 loopback check * Not allow allocate peer address 0.0.0.0/8 and ::/128 * For more details see the github security advisory: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p 2021-01-11 10:27:59 +00:00			`libprom`
			`libpromhttp`
			`libmicrohttpd`
coturn: enable sqlite support Coturn uses SQL databases to store authentication credentials. Most users of coturn are going to expect sqlite support, since that's the default db Without this being available during build, the default configure script disabled SQLite support, providing a coturn on NixOS that does not behave in the default manner. 2022-08-30 03:51:38 +00:00			`sqlite.dev`
coturn: 4.5.1.3 -> 4.5.2 Version 4.5.2 'dan Eider': - fix null pointer dereference in case of out of memory. (thanks to Thomas Moeller for the report) - merge PR 517 (by wolmi) * add prometheus metrics - merge PR 637 (by David Florness) * Delete trailing whitespace in example configuration files - merge PR 631 (by Debabrata Deka) * Add architecture ppc64le to travis build - merge PR 627 (by Samuel) * Fix misleading option in doc (prometheus) - merge PR 643 (by tupelo-schneck) * Allow RFC6062 TCP relay data to look like TLS - merge PR 655 (by plinss) * Add support for proxy protocol V1 - merge PR 618 (by Paul Wayper) * Print full date and time in logs * Add new options: "new-log-timestamp" and "new-log-timestamp-format" - merge PR 599 (by Cédric Krier) * Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL - update Docker mongoDB and fix with workaround the missing systemctl - merge PR 660 (by Camden Narzt) * fix compilation on macOS Big Sur - merge PR 546 (by jelmd) * Add ACME redirect url - merge PR 551 (by jelmd) * support of --acme-redirect <URL> - merge PR 672 further acme fixes (by jemld) * fix acme security, redundancy, consistency - Disable binding request logging to avoid DoS attacks. (Breaking change!) * Add new --log-binding option to enable binding request logging - Fix stale-nonce documentation. Resolves 604 - Version number is changed to semver 2.0 - Merge PR 288 (by Hristo Venev) * pkg-config, and various cleanups in configure file - Add systemd notification for better systemd integration - Fix Issue 621 (by ycaibb) * Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function - Fix Issue 600 (by ycaibb) * Fix: use-after-free vulnerability on write_to_peerchannel function - Fix Issue 601 (by ycaibb) * Fix: use-after-free vulnerability on write_client_connection function - Little refactoring prometheus * Fix c++ support * Simplify (as agreed in Issue 666) * Remove session id/allocation labels * Remove per session metrics. We should later add more counters. - Fix CVE-2020-26262 (credits: Enable-Security) * Fix ipv6 ::1 loopback check * Not allow allocate peer address 0.0.0.0/8 and ::/128 * For more details see the github security advisory: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p 2021-01-11 10:27:59 +00:00			`];`
coturn: init at 4.5.0.3 (#16284) 2016-06-21 10:59:29 +00:00
coturn: apply patch for CVE-2020-6061/6062 Fixes: CVE-2020-6061, CVE-2020-6062 An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. 2020-04-28 23:11:43 +00:00			`patches = [`
			`./pure-configure.patch`
			`];`
coturn: init at 4.5.0.3 (#16284) 2016-06-21 10:59:29 +00:00
coturn: add -fcommon workaround Workaround build failure on -fno-common toolchains like upstream gcc-10. Otherwise build fails as: ld: ...-libprom-0.1.1/include/prom_collector_registry.h:37: multiple definition of `PROM_COLLECTOR_REGISTRY_DEFAULT'; ...-libprom-0.1.1/include/prom_collector_registry.h:37: first defined here 2022-06-05 17:51:08 +00:00			`# Workaround build failure on -fno-common toolchains like upstream`
			`# gcc-10. Otherwise build fails as:`
			`# ld: ...-libprom-0.1.1/include/prom_collector_registry.h:37: multiple definition of`
			# `PROM_COLLECTOR_REGISTRY_DEFAULT'; ...-libprom-0.1.1/include/prom_collector_registry.h:37: first defined here
			`# Should be fixed in libprom-1.2.0 and later: https://github.com/digitalocean/prometheus-client-c/pull/25`
treewide: move NIX_CFLAGS_COMPILE to the env attrset with structuredAttrs lists will be bash arrays which cannot be exported which will be a issue with some patches and some wrappers like cc-wrapper this makes it clearer that NIX_CFLAGS_COMPILE must be a string as lists in env cause a eval failure 2023-02-19 19:23:32 +00:00			`env.NIX_CFLAGS_COMPILE = "-fcommon";`
coturn: add -fcommon workaround Workaround build failure on -fno-common toolchains like upstream gcc-10. Otherwise build fails as: ld: ...-libprom-0.1.1/include/prom_collector_registry.h:37: multiple definition of `PROM_COLLECTOR_REGISTRY_DEFAULT'; ...-libprom-0.1.1/include/prom_collector_registry.h:37: first defined here 2022-06-05 17:51:08 +00:00
coturn: add test for static-auth-secret-file Adds passthru.tests.coturn = nixosTests.coturn; 2021-07-03 07:33:39 +00:00			`passthru.tests.coturn = nixosTests.coturn;`

treewide: with stdenv.lib; in meta -> with lib; Part of: https://github.com/NixOS/nixpkgs/issues/108938 meta = with stdenv.lib; is a widely used pattern. We want to slowly remove the `stdenv.lib` indirection and encourage people to use `lib` directly. Thus let’s start with the meta field. This used a rewriting script to mostly automatically replace all occurances of this pattern, and add the `lib` argument to the package header if it doesn’t exist yet. The script in its current form is available at https://cs.tvl.fyi/depot@2f807d7f141068d2d60676a89213eaa5353ca6e0/-/blob/users/Profpatsch/nixpkgs-rewriter/default.nix 2021-01-11 07:54:33 +00:00			`meta = with lib; {`
coturn: add changelog to meta 2022-12-05 08:17:34 +00:00			`description = "A TURN server";`
treewide: Per RFC45, remove all unquoted URLs 2020-04-01 01:11:51 +00:00			`homepage = "https://coturn.net/";`
coturn: fix typo 2022-12-05 08:18:14 +00:00			`changelog = "https://github.com/coturn/coturn/blob/${version}/ChangeLog";`
coturn: init at 4.5.0.3 (#16284) 2016-06-21 10:59:29 +00:00			`license = with licenses; [ bsd3 ];`
			`platforms = platforms.all;`
coturn: 4.5.1.3 -> 4.5.2 Version 4.5.2 'dan Eider': - fix null pointer dereference in case of out of memory. (thanks to Thomas Moeller for the report) - merge PR 517 (by wolmi) * add prometheus metrics - merge PR 637 (by David Florness) * Delete trailing whitespace in example configuration files - merge PR 631 (by Debabrata Deka) * Add architecture ppc64le to travis build - merge PR 627 (by Samuel) * Fix misleading option in doc (prometheus) - merge PR 643 (by tupelo-schneck) * Allow RFC6062 TCP relay data to look like TLS - merge PR 655 (by plinss) * Add support for proxy protocol V1 - merge PR 618 (by Paul Wayper) * Print full date and time in logs * Add new options: "new-log-timestamp" and "new-log-timestamp-format" - merge PR 599 (by Cédric Krier) * Do not use FIPS and remove hardcode OPENSSL_VERSION_NUMBER with LibreSSL - update Docker mongoDB and fix with workaround the missing systemctl - merge PR 660 (by Camden Narzt) * fix compilation on macOS Big Sur - merge PR 546 (by jelmd) * Add ACME redirect url - merge PR 551 (by jelmd) * support of --acme-redirect <URL> - merge PR 672 further acme fixes (by jemld) * fix acme security, redundancy, consistency - Disable binding request logging to avoid DoS attacks. (Breaking change!) * Add new --log-binding option to enable binding request logging - Fix stale-nonce documentation. Resolves 604 - Version number is changed to semver 2.0 - Merge PR 288 (by Hristo Venev) * pkg-config, and various cleanups in configure file - Add systemd notification for better systemd integration - Fix Issue 621 (by ycaibb) * Fix: Null pointer dereference on tcp_client_input_handler_rfc6062data function - Fix Issue 600 (by ycaibb) * Fix: use-after-free vulnerability on write_to_peerchannel function - Fix Issue 601 (by ycaibb) * Fix: use-after-free vulnerability on write_client_connection function - Little refactoring prometheus * Fix c++ support * Simplify (as agreed in Issue 666) * Remove session id/allocation labels * Remove per session metrics. We should later add more counters. - Fix CVE-2020-26262 (credits: Enable-Security) * Fix ipv6 ::1 loopback check * Not allow allocate peer address 0.0.0.0/8 and ::/128 * For more details see the github security advisory: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p 2021-01-11 10:27:59 +00:00			`maintainers = with maintainers; [ ralith _0x4A6F ];`
coturn: add changelog to meta 2022-12-05 08:17:34 +00:00			`broken = stdenv.isDarwin; # 2018-10-21`
coturn: init at 4.5.0.3 (#16284) 2016-06-21 10:59:29 +00:00			`};`
			`}`