From f51c667a290311d9abdbb6be1e775ba9917971ec Mon Sep 17 00:00:00 2001
From: Yorick van Pelt <yorick@yorickvanpelt.nl>
Date: Wed, 19 Apr 2023 12:02:06 +0200
Subject: [PATCH] asterisk: 18.16.0 -> 18.17.1, 20.1.0 -> 20.2.1

pjsip 2.13.0 and related security patches have been added
---
 pkgs/servers/asterisk/default.nix   | 62 ++++++++++++++++-------------
 pkgs/servers/asterisk/versions.json |  8 ++--
 2 files changed, 38 insertions(+), 32 deletions(-)

diff --git a/pkgs/servers/asterisk/default.nix b/pkgs/servers/asterisk/default.nix
index c80c747b50c6..c49e5696a676 100644
--- a/pkgs/servers/asterisk/default.nix
+++ b/pkgs/servers/asterisk/default.nix
@@ -37,24 +37,20 @@
 
 let
   # remove when upgrading to pjsip >2.13
-  pjsip_patches = [
+  pjsip_2_13_patches = [
     (fetchpatch {
-      name = "0152-CVE-2022-39269.patch";
-      url = "https://github.com/pjsip/pjproject/commit/d2acb9af4e27b5ba75d658690406cec9c274c5cc.patch";
-      sha256 = "sha256-bKE/MrRAqN1FqD2ubhxIOOf5MgvZluHHeVXPjbR12iQ=";
+      name = "CVE-2022-23537.patch";
+      url = "https://github.com/pjsip/pjproject/commit/d8440f4d711a654b511f50f79c0445b26f9dd1e1.patch";
+      sha256 = "sha256-7ueQCHIiJ7MLaWtR4+GmBc/oKaP+jmEajVnEYqiwLRA=";
     })
     (fetchpatch {
-      name = "pjsip-2.12.1-CVE-2022-23537.patch";
-      url = "https://raw.githubusercontent.com/NixOS/nixpkgs/ca2b44568eb0ffbd0b5a22eb70feb6dbdcda8e9c/pkgs/applications/networking/pjsip/1.12.1-CVE-2022-23537.patch";
-      sha256 = "sha256-KNSnHt0/o1qJk4r2z5bxbYxKAa7WBtzGOhRXkru3VK4=";
-    })
-    (fetchpatch {
-      name = "pjsip-2.12.1-CVE-2022-23547.patch";
-      url = "https://raw.githubusercontent.com/NixOS/nixpkgs/ca2b44568eb0ffbd0b5a22eb70feb6dbdcda8e9c/pkgs/applications/networking/pjsip/1.12.1-CVE-2022-23547.patch";
-      sha256 = "sha256-0iEr/Z4UQpWsTXYWVYzWWk7MQDOFnTQ1BBYpynGLTVQ=";
+      name = "CVE-2022-23547.patch";
+      url = "https://github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36.patch";
+      sha256 = "sha256-bpc8e8VAQpfyl5PX96G++6fzkFpw3Or1PJKNPKl7N5k=";
     })
   ];
-  common = { version, sha256, externals }: stdenv.mkDerivation {
+
+  common = { version, sha256, externals, pjsip_patches ? [ ] }: stdenv.mkDerivation {
     inherit version;
     pname = "asterisk"
       + lib.optionalString ldapSupport "-ldap";
@@ -159,9 +155,12 @@ let
     };
   };
 
-  pjproject_2_12_1 = fetchurl {
-    url = "https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/2.12.1/pjproject-2.12.1.tar.bz2";
-    hash = "sha256-DiNH1hB5ZheYzyUjFyk1EtlsMJlgjf+QRVKjEk+hNjc=";
+  pjproject_2_13 = fetchurl
+    {
+      url = "https://raw.githubusercontent.com/asterisk/third-party/master/pjproject/2.13/pjproject-2.13.tar.bz2";
+      hash = "sha256-Zj93PUAct13KVR5taOWEbQdKq76wicaBTNHpHC0rICY=";
+    } // {
+    pjsip_patches = pjsip_2_13_patches;
   };
 
   mp3-202 = fetchsvn {
@@ -180,13 +179,18 @@ let
 
   # auto-generated by update.py
   versions = lib.mapAttrs
-    (_: { version, sha256 }: common {
-      inherit version sha256;
-      externals = {
-        "externals_cache/pjproject-2.12.1.tar.bz2" = pjproject_2_12_1;
-        "addons/mp3" = mp3-202;
-      };
-    })
+    (_: { version, sha256 }:
+      let
+        pjsip = pjproject_2_13;
+      in
+      common {
+        inherit version sha256;
+        inherit (pjsip) pjsip_patches;
+        externals = {
+          "externals_cache/${pjsip.name}" = pjsip;
+          "addons/mp3" = mp3-202;
+        };
+      })
     (lib.importJSON ./versions.json);
 
   updateScript_python = python39.withPackages (p: with p; [ packaging beautifulsoup4 requests ]);
@@ -197,18 +201,20 @@ let
 
 in
 {
-  # Supported releases (as of 2022-04-05).
+  # Supported releases (as of 2023-04-19).
+  # v16 and v19 have been dropped because they go EOL before the NixOS 23.11 release.
   # Source: https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
   # Exact version can be found at https://www.asterisk.org/downloads/asterisk/all-asterisk-versions/
   #
   # Series  Type       Rel. Date   Sec. Fixes  EOL
-  # 16.x    LTS        2018-10-09  2022-10-09  2023-10-09
+  # 16.x    LTS        2018-10-09  2022-10-09  2023-10-09 (dropped)
   # 18.x    LTS        2020-10-20  2024-10-20  2025-10-20
-  # 19.x    Standard   2021-11-02  2022-11-02  2023-11-02
+  # 19.x    Standard   2021-11-02  2022-11-02  2023-11-02 (dropped)
   # 20.x    LTS        2022-11-02  2026-10-19  2027-10-19
+  # 21.x    Standard   2023-10-18  2025-10-18  2026-10-18 (unreleased)
   asterisk-lts = versions.asterisk_18;
-  asterisk-stable = versions.asterisk_19;
-  asterisk = versions.asterisk_19.overrideAttrs (o: {
+  asterisk-stable = versions.asterisk_20;
+  asterisk = versions.asterisk_20.overrideAttrs (o: {
     passthru = (o.passthru or { }) // { inherit updateScript; };
   });
 
diff --git a/pkgs/servers/asterisk/versions.json b/pkgs/servers/asterisk/versions.json
index b1a6319a51d1..1e6e4e4417ef 100644
--- a/pkgs/servers/asterisk/versions.json
+++ b/pkgs/servers/asterisk/versions.json
@@ -4,15 +4,15 @@
     "version": "16.30.0"
   },
   "asterisk_18": {
-    "sha256": "2d280794ae7505ed3dfc58b3190774cb491aa74c339fbde1a11740e6be79b466",
-    "version": "18.16.0"
+    "sha256": "66f0e55d84f9e5bf4e79a56255d35a034448acce00d219c3bf4930b1ebb0e88e",
+    "version": "18.17.1"
   },
   "asterisk_19": {
     "sha256": "f0c56d1f8e39e0427455edfe25d24ff088c756bdc32dd1278c9f7a320815cbaa",
     "version": "19.8.0"
   },
   "asterisk_20": {
-    "sha256": "4364dc762652e2fd4d3e7dc8428c83550ebae090b8a0e9d4820583e081778883",
-    "version": "20.1.0"
+    "sha256": "df12e47000fbac42bb780bb06172aa8bb8ac26faf77cc9f95184695b0cec69c3",
+    "version": "20.2.1"
   }
 }