Bumps
[actions/upload-artifact](https://github.com/actions/upload-artifact)
from 2 to 3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v3.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update default runtime to node16 (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/293">#293</a>)</li>
<li>Update package-lock.json file version to 2 (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/302">#302</a>)</li>
</ul>
<h3>Breaking Changes</h3>
<p>With the update to Node 16, all scripts will now be run with Node 16
rather than Node 12.</p>
<h2>v2.3.1</h2>
<p>Fix for empty fails on Windows failing on upload <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/281">#281</a></p>
<h2>v2.3.0 Upload Artifact</h2>
<ul>
<li>Optimizations for faster uploads of larger files that are already
compressed</li>
<li>Significantly improved logging when there are chunked uploads</li>
<li>Clarifications in logs around the upload size and prohibited
characters that aren't allowed in the artifact name or any uploaded
files</li>
<li>Various other small bugfixes & optimizations</li>
</ul>
<h2>v2.2.4</h2>
<ul>
<li>Retry on HTTP 500 responses from the service</li>
</ul>
<h2>v2.2.3</h2>
<ul>
<li>Fixes for proxy related issues</li>
</ul>
<h2>v2.2.2</h2>
<ul>
<li>Improved retryability and error handling</li>
</ul>
<h2>v2.2.1</h2>
<ul>
<li>Update used actions/core package to the latest version</li>
</ul>
<h2>v2.2.0</h2>
<ul>
<li>Support for artifact retention</li>
</ul>
<h2>v2.1.4</h2>
<ul>
<li>Add Third Party License Information</li>
</ul>
<h2>v2.1.3</h2>
<ul>
<li>Use updated version of the <code>@action/artifact</code> NPM
package</li>
</ul>
<h2>v2.1.2</h2>
<ul>
<li>Increase upload chunk size from 4MB to 8MB</li>
<li>Detect case insensitive file uploads</li>
</ul>
<h2>v2.1.1</h2>
<ul>
<li>Fix for certain symlinks not correctly being identified as
directories before starting uploads</li>
</ul>
<h2>v2.1.0</h2>
<ul>
<li>Support for uploading artifacts with multiple paths</li>
<li>Support for using exclude paths</li>
<li>Updates to dependencies</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="83fd05a356"><code>83fd05a</code></a>
Bump actions-core to v1.10.0 (<a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/356">#356</a>)</li>
<li><a
href="3cea537223"><code>3cea537</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/327">#327</a>
from actions/robherley/artifact-1.1.0</li>
<li><a
href="849aa7758a"><code>849aa77</code></a>
nvm use 12 & npm run release</li>
<li><a
href="4d3986961d"><code>4d39869</code></a>
recompile with correct ncc version</li>
<li><a
href="2e0d362ec5"><code>2e0d362</code></a>
bump <code>@actions/artifact</code> to 1.1.0</li>
<li><a
href="09a5d6a283"><code>09a5d6a</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/320">#320</a>
from actions/dependabot/npm_and_yarn/ansi-regex-4.1.1</li>
<li><a
href="189315d910"><code>189315d</code></a>
Bump ansi-regex from 4.1.0 to 4.1.1</li>
<li><a
href="d159c2d80b"><code>d159c2d</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/297">#297</a>
from actions/dependabot/npm_and_yarn/ajv-6.12.6</li>
<li><a
href="c26a7ba4b5"><code>c26a7ba</code></a>
Bump ajv from 6.11.0 to 6.12.6</li>
<li><a
href="6ed6c72922"><code>6ed6c72</code></a>
Merge pull request <a
href="https://github-redirect.dependabot.com/actions/upload-artifact/issues/303">#303</a>
from actions/dependabot/npm_and_yarn/yargs-parser-13.1.2</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/v2...v3">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The `sm_allocated` field is an array of `size_t` values. Therefore its
size must be calculated as `n * sizeof(size_t)`.
Our static code analysis tool complained:
```
Sizeof not portable (SIZEOF_MISMATCH)
suspicious_sizeof: Passing argument r->sm_allocated of type size_t * and argument (r->sm_chunk + 1) * 8UL /* sizeof (size_t *) */ to function realloc is suspicious. In this case, sizeof (size_t *) is equal to sizeof (size_t), but this is not a portable assumption.
```
Fix: #1045
`TURN_NO_HIREDIS` is defined when hiredis library is not present and any
redis functionality must be disabled
While all above is correct, it does not require ifdef-ing out all
related code.
For example, redis related fields in `turn_params` do not need to be
compiled out. Same for certain function parameters.
This PR reduces amount of places in code where `TURN_NO_HIREDIS` is used
to make code simpler by moving as much usage of this define into
dbd_redis.h/c files and compiling them unconditionally.
- Always compile/link `dbd_redis.c`
- Move many `TURN_NO_HIREDIS` decisions into `dbd_redis.c`
- Delete empty function redis_async_init
Disables default log output to stdout if stdout is set as logfile.
When execute `turnutils_stunclient` , the output will be duplicated as
in the following example.
```
$ ./turnutils_stunclient stun.example.com
0: : IPv4. UDP reflexive addr: 203.0.113.1:10000
0: : IPv4. UDP reflexive addr: 203.0.113.1:10000
```
This is because stdout is set in `set_logfile` and furthermore log
output to stdout is done by default.
In this change, call `set_no_stdout_log` to disable default log output
to stdout when stdout is set as logfile.
This solves the problem of duplicate output to stdout of the same log.
`TURN_NO_PROMETHEUS` is defined when prometheus libraries are not
present and any prometheus functionality must be disabled
While all above is correct, it does not require ifdef-ing out all
related code.
For example, prometheus related fields in turn_params do not need to be
compiled out. Same for certain function parameters.
This PR reduces amount of places in code where `TURN_NO_PROMETHEUS` is
used to make code simpler by moving as much usage of this define into
prom_server.h/c files and compiling them unconditionally.
- Always compile/link prom_server.c
- Move many TURN_NO_PROMETHEUS decisions into prom_server.c
The following changes have been made:
1. Replace deprecated functions with new standard functions
2. Add corresponding MSVC functions for non-standard functions
3. Remove warnings about unsafe functions
4. CMAKE: modify find pack Libevent and openssl
5. Modify include files
6. Use pthread4W
7. Modify socket in windows
8. Add CI - github action
8.1. msvc
8.2. mingw
10. The database:
9.1. sqlite, pgsql, hiredis, mongo is test compiled.
9.2. mysql, isnot test compiled.
11. The applications、server can be compiled and run successfully!
12. Add vcpkg manifest mode in cmake.
Modify SSL backlog buffer from LIFO to queue/FIFO
If data ends up in the ssl_backlog_buffer because we are waiting for a
handshake to finish, then this change ensures that the data is sent out
in the proper order once the handshake completes. Previous code was
sending in LIFO order.
Fix the issue https://github.com/coturn/coturn/issues/118 that prevent
the process to start as coturn never send the notification to systemd
thus preventing the startup.
Cherry-picked from #990 thanks to @rapsys
Rewriting openssl initialization code (threading support to make it
cleaner
- Regroup functions so that there is one ifdef (for old code and new
code)
- Modern openssl (>1.0.2) does not need any synchornization routines so
they are empty
- Old openssl (<=1.0.2) now require `OPENSSL_THREADS` which allows
running multiple threads in turnserver. Not having turnserver
multi-threaded is a huge waste. `OPENSSL_THREADS` is now a requirement.
Test Plan:
- CI builds pass for openssl versions 1.0.2, 1.1.1, 3.0, including tests
Adding fuzzing to finding memory-corruption-related bugs.
Hello coturn team,
Can you check this pr harness suite for creating harnesses and compiling
harnesses?
Any other thoughts on adding a new interface for fuzzing support ?
Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>
Signed-off-by: 0x34d <ajsinghyadav00@gmail.com>
Essentially, for a DTLS client (that we haven't heard from before), the code in handle_udp_packet will have created the chs/ioa_socket in the block just above my change (see dtls_server_input_handler's call to dtls_accept_client_connection that calls create_ioa_socket_from_ssl). This only happens if the first message received from a client is a DTLS handshake. Otherwise, we have received UDP data from a new endpoint that is not a DTLS handshake, so it is raw UDP and the code just below my if statement will have created a UDP_SOCKET in the create_ioa_socket_from_fd call, allowing further processing of the RAW UDP.
This was tested by trying to perform a TURN allocation via UDP (not DTLS) when no-udp setting was enabled.
Store sanitized version of DB connection string with password masked
(replace all chars with * which exposes its length)
Use sanitized version when logging connection string
Fixes#1017 and #272
turnserver includes support for SCTP and tries to initialize listener
sockets with SCTP protocol. On machines where SCTP definitions exist but
the protocol is not provided - socket() returns error which shows up as
`socket: protocol not supported`
This change improves a few related pieces of code:
- Log error instead of perror
- config script detect sctp.h and if not present - defines TURN_NO_SCTP
- CMake fully disables SCTP (for now - requires custom module to detect
SCTP presence)
Fixes#492
Hello,
while using the `redis-statsdb` option, I found that coturn is leaking
sockets (and memory) in case of redis reconnection.
This occurs a lot to me, because in my setup I have a `coturn -> haproxy
-> redis` and if all my redis servers are down, HaProxy abruptly close
the connection to coturn and coturn reconnects periodically. After some
time I can see thousands of pending sockets (`CLOSE_WAIT`) :
```
user@server[11:32:48 UTC]:~$ sudo lsof -i | grep turn
turnserve 461797 root 15u IPv4 12856075 0t0 TCP server:3478 (LISTEN)
turnserve 461797 root 22u IPv4 12856081 0t0 TCP server:3478 (LISTEN)
turnserve 461797 root 23u IPv4 12857384 0t0 UDP server:3478
turnserve 461797 root 24u IPv4 12857385 0t0 UDP server:3478
turnserve 461797 root 36u IPv4 12857390 0t0 TCP server:5766 (LISTEN)
turnserve 461797 root 43u IPv4 12856096 0t0 TCP server:10059->haproxy-server:redis (CLOSE_WAIT)
turnserve 461797 root 46u IPv4 12857403 0t0 TCP server:10087->haproxy-server:redis (CLOSE_WAIT)
turnserve 461797 root 48u IPv4 12856124 0t0 TCP server:53867->haproxy-server:redis (CLOSE_WAIT)
turnserve 461797 root 50u IPv4 12857633 0t0 TCP server:53875->haproxy-server:redis (CLOSE_WAIT)
turnserve 461797 root 51u IPv4 12856138 0t0 TCP server:53877->haproxy-server:redis (CLOSE_WAIT)
turnserve 461797 root 54u IPv4 12857738 0t0 TCP server:10001->haproxy-server:redis (CLOSE_WAIT)
turnserve 461797 root 55u IPv4 12856152 0t0 TCP server:10003->haproxy-server:redis (CLOSE_WAIT)
.... (many many lines)
```
After searching and using valgrind I found 2 interesting leaks:
```
...
==460721== 32 bytes in 1 blocks are definitely lost in loss record 586 of 1,053
==460721== at 0x483877F: malloc (vg_replace_malloc.c:307)
==460721== by 0x1414FF: RyconninfoParse (dbd_redis.c:69)
==460721== by 0x141B04: get_redis_async_connection (dbd_redis.c:169)
==460721== by 0x110D7B: create_ioa_engine (ns_ioalib_engine_impl.c:407)
==460721== by 0x12ECB0: setup_admin_thread (turn_admin_server.c:1309)
==460721== by 0x127724: run_admin_server_thread (netengine.c:1815)
==460721== by 0x4DA9EA6: start_thread (pthread_create.c:477)
==460721== by 0x4EC0AEE: clone (clone.S:95)
...
==460979== 2,170 (688 direct, 1,482 indirect) bytes in 2 blocks are definitely lost in loss record 1,029 of 1,049
==460979== at 0x483AD7B: realloc (vg_replace_malloc.c:834)
==460979== by 0x49A1BD0: ??? (in /usr/lib/x86_64-linux-gnu/libhiredis.so.0.14)
==460979== by 0x49A2829: redisAsyncConnect (in /usr/lib/x86_64-linux-gnu/libhiredis.so.0.14)
==460979== by 0x13DB37: redis_reconnect (hiredis_libevent2.c:331)
==460979== by 0x13D1A7: redisLibeventReadEvent (hiredis_libevent2.c:101)
==460979== by 0x4D5135E: ??? (in /usr/lib/x86_64-linux-gnu/libevent_core-2.1.so.7.0.1)
==460979== by 0x4D51A9E: event_base_loop (in /usr/lib/x86_64-linux-gnu/libevent_core-2.1.so.7.0.1)
==460979== by 0x126D5A: run_events (netengine.c:1579)
==460979== by 0x127272: run_general_relay_thread (netengine.c:1707)
==460979== by 0x4DA9EA6: start_thread (pthread_create.c:477)
==460979== by 0x4EC0AEE: clone (clone.S:95)
==460979==
...
```
I made 1 commit for each fix.
Obviously with these fixes, I don't have anymore the leaks of thousands
of sockets (even after some time)
Thanks & hope it helps.
Thibaut
```
==6418==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x4e7530 in bcmp /src/llvm-project/compiler-rt/lib/sanitizer_common/sanitizer_common_interceptors.inc:906:10
#1 0x55463d in stun_check_message_integrity_by_key_str coturn/src/client/ns_turn_msg.c:1989:5
#2 0x554acc in stun_check_message_integrity_str coturn/src/client/ns_turn_msg.c:2008:9
#3 0x5358c0 in LLVMFuzzerTestOneInput coturn/fuzz/FuzzStun.c:37:5
#4 0x43ede3 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:611:15
#5 0x42a542 in fuzzer::RunOneTest(fuzzer::Fuzzer*, char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:324:6
#6 0x42fdec in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:860:9
#7 0x459322 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
#8 0x7f4cb21790b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/libc-start.c:308:16
#9 0x42070d in _start
Uninitialized value was created by an allocation of 'new_hmac' in the stack frame of function 'stun_check_message_integrity_by_key_str'
#0 0x5538c0 in stun_check_message_integrity_by_key_str coturn/src/client/ns_turn_msg.c:1927
```
Split out work on libtelnet from #855
Required to update libtelnet to introduce compatibility with Windows
This change contains vanilla code of
[libtelnet](https://github.com/seanmiddleditch/libtelnet) v0.23 (latest
tag)
Test Plan:
- run turnserver locally, set cli password, connect to the turnserver
cli interface
- run a few commands - get output
This code is in as back as git can see. Removed for now as it has no use
at all.
Also reduces traffic to redis (though will not reduce any load on redis)
Refs #150
Using clang-tidy to detect unused header files
Inspired by #855
Test Plan:
- Rebuild all on mac, review no warnings/errors
- Pass builds/docker build - review for no issues
Similar to #989, use a single SSL context for all versions of DTLS
protocol
- Add support for modern API (protocol version independent APIs)
- Add DTLS test to the CI test
- Removing calls to `SSL_CTX_set_read_ahead` in DTLS context (does
nothing as DTLS is datagram protocol - we always get the whole datagram
so this call has no impact)
Fixes#924
Hello, and thank you for this great project!
When sending a mobility refresh request, the server is responding with
an invalid stun packet. Specifically, only the last 24 bytes generated
for message integrity are sent.
Request:
Response:
This appears to be caused by the buffer length not being updated when
`STUN_ATTRIBUTE_SOFTWARE` is added to the response, as it's being
assigned to a `len` variable scoped to that conditional.
As a result, the next call to `stun_get_command_message_len_str` when
handling message integrity returns `-1` and resizes the buffer, etc.
Passing in the original `len` to `stun_attr_add_str` for attribute
software fixes the issue, but apologies if this is not the right way to
fix this!
STRCPY macro makes pointer comparison which creates a warning
In those places, replace the macro with `strncpy` with careful review of
destination buffer size
With this change I do not get compiler warnings at all
Install dependencies and build with prometheus support during CI builds
Ubuntu 16.04 has issues supporting `MHD_USE_EPOLL_INTERNAL_THREAD` so
disabling it (using SELECT)
Should not impact anything as the only reason we use Ubuntu 16.04 is to
validate build against openssl-1.0.2
Fixes #998
openssl allows multiple TLS version support through a single SSL_CTX
object.
This PR replaces 4 per-version SSL_CTX objects with a single object
(DTLS is not yet changed).
SSL context initialization code for openssl with modern API (>=1.1.0)
uses `TLS_server_method` and `SSL_CTX_set_min_proto_version` instead of
enabling specific TLS version. Byproduct of this is TLSv1_3 support when
used with openssl-1.1.1 and above
TLS 1.2 and TLS 1.3 cannot be disabled (as before)
Test plan:
- run_tests.sh script now runs turnserver with SSL certificate (which
enables TLS support)
- run_tests.sh now has one more basic test that uses TLS protocol
Co-authored-by: Pavel Punsky <pavel.punsky@epicgames.com>
Before:
```
./bin/turnserver --prometheus -m 32
...
Socket descriptor larger than FD_SETSIZE: 2660 > 1024
0: : ERROR: Could not start Prometheus collector!
```
After:
```
./bin/turnserver --prometheus -m 32
...
0: : Prometheus collector started successfully.
```
Also added `MHD_USE_ERROR_LOG` so the actual problems during startup of
promhttp are printed. Without it the `Socket descriptor larger than
FD_SETSIZE: 2660 > 1024` error was not visible and finding the cause of
the startup problems of promhttp was not obvious at first.
