From 4a5cc2c78dbb89ccd18c3f2f527478921cb1f260 Mon Sep 17 00:00:00 2001 From: Adam Samalik Date: Mon, 10 Jul 2023 12:57:54 +0200 Subject: [PATCH] re-import sources as agreed with the maintainer --- .gitignore | 3 +- libsrtp-1.4.4-CVE20132139.patch | 48 ++++++++++++++++++++ libsrtp-1.4.4-shared.patch | 75 ++++++++++++++++++++++++++++++++ libsrtp-1.5.0-shared.patch | 77 +++++++++++++++++++++++++++++++++ 4 files changed, 202 insertions(+), 1 deletion(-) create mode 100644 libsrtp-1.4.4-CVE20132139.patch create mode 100644 libsrtp-1.4.4-shared.patch create mode 100644 libsrtp-1.5.0-shared.patch diff --git a/.gitignore b/.gitignore index 7f246ef..a32ba35 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ -SOURCES/v1.5.4.tar.gz +/srtp-1.4.4-20101004cvs.tar.bz2 +/v1.5.0.tar.gz /v1.5.4.tar.gz diff --git a/libsrtp-1.4.4-CVE20132139.patch b/libsrtp-1.4.4-CVE20132139.patch new file mode 100644 index 0000000..ebcc7e1 --- /dev/null +++ b/libsrtp-1.4.4-CVE20132139.patch @@ -0,0 +1,48 @@ +diff -up srtp/srtp/srtp.c.CVE20132139 srtp/srtp/srtp.c +--- srtp/srtp/srtp.c.CVE20132139 2013-12-30 11:47:39.477223492 -0500 ++++ srtp/srtp/srtp.c 2013-12-30 11:49:44.580162545 -0500 +@@ -2045,22 +2045,21 @@ crypto_policy_set_from_profile_for_rtp(c + switch(profile) { + case srtp_profile_aes128_cm_sha1_80: + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); ++ /* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +- crypto_policy_set_null_cipher_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_80: + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); ++ /* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + /* the following profiles are not (yet) supported */ +@@ -2082,7 +2081,7 @@ crypto_policy_set_from_profile_for_rtcp( + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); ++ crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +@@ -2091,7 +2090,7 @@ crypto_policy_set_from_profile_for_rtcp( + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); ++ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: diff --git a/libsrtp-1.4.4-shared.patch b/libsrtp-1.4.4-shared.patch new file mode 100644 index 0000000..b1703ad --- /dev/null +++ b/libsrtp-1.4.4-shared.patch @@ -0,0 +1,75 @@ +diff -up srtp/Makefile.in.shared srtp/Makefile.in +--- srtp/Makefile.in.shared 2010-05-21 13:45:35.000000000 -0400 ++++ srtp/Makefile.in 2010-10-04 15:53:29.132116130 -0400 +@@ -8,7 +8,7 @@ + # runtest runs test applications + # test builds test applications + # libcrypt.a static library implementing crypto engine +-# libsrtp.a static library implementing srtp ++# libsrtp.so shared library implementing srtp + # clean removes objects, libs, and executables + # distribution cleans and builds a .tgz + # tags builds etags file from all .c and .h files +@@ -97,13 +97,13 @@ kernel = crypto/kernel/crypto_kernel.o + + cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay) + +-# libsrtp.a (implements srtp processing) ++# libsrtp (implements srtp processing) + + srtpobj = srtp/srtp.o srtp/ekt.o + +-libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi) +- ar cr libsrtp.a $^ +- $(RANLIB) libsrtp.a ++libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi) ++ $(COMPILE) -shared -pthread -lm -Wl,--no-undefined -Wl,-soname,$@.0 -z noexecstack -o $@.0.0.0 $^ ++ ln -s $@.0.0.0 $@ + + # libcryptomath.a contains general-purpose routines that are used to + # generate tables and verify cryptoalgorithm implementations - this +@@ -127,19 +127,19 @@ testapp = $(crypto_testapp) test/srtp_dr + test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \ + test/dtls_srtp_driver$(EXE) + +-$(testapp): libsrtp.a ++$(testapp): libsrtp.so + + test/rtpw$(EXE): test/rtpw.c test/rtp.c test/getopt_s.c +- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) ++ $(COMPILE) $(LDFLAGS) -o $@ test/rtpw.c test/rtp.c test/getopt_s.c $(LIBS) $(SRTPLIB) + + test/srtp_driver$(EXE): test/srtp_driver.c test/getopt_s.c +- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) ++ $(COMPILE) $(LDFLAGS) -o $@ test/srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB) + + test/rdbx_driver$(EXE): test/rdbx_driver.c test/getopt_s.c +- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) ++ $(COMPILE) $(LDFLAGS) -o $@ test/rdbx_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB) + + test/dtls_srtp_driver$(EXE): test/dtls_srtp_driver.c test/getopt_s.c +- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) ++ $(COMPILE) $(LDFLAGS) -o $@ test/dtls_srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB) + + test: $(testapp) + @echo "Build done. Please run '$(MAKE) runtest' to run self tests." +@@ -197,16 +197,16 @@ install: + cp $(srcdir)/include/*.h $(DESTDIR)$(includedir)/srtp + cp $(srcdir)/crypto/include/*.h $(DESTDIR)$(includedir)/srtp + if [ "$(srcdir)" != "." ]; then cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp; fi +- if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi ++ if [ -f libsrtp.so.0.0.0 ]; then cp libsrtp.so.0.0.0 $(DESTDIR)$(libdir)/; fi + + uninstall: + rm -f $(DESTDIR)$(includedir)/srtp/*.h +- rm -f $(DESTDIR)$(libdir)/libsrtp.a ++ rm -f $(DESTDIR)$(libdir)/libsrtp.so* + -rmdir $(DESTDIR)$(includedir)/srtp + + clean: + rm -rf $(cryptobj) $(srtpobj) $(cryptomath) TAGS \ +- libcryptomath.a libsrtp.a core *.core test/core ++ libcryptomath.a libsrtp.so* core *.core test/core + for a in * */* */*/*; do \ + if [ -f "$$a~" ] ; then rm -f $$a~; fi; \ + done; diff --git a/libsrtp-1.5.0-shared.patch b/libsrtp-1.5.0-shared.patch new file mode 100644 index 0000000..6b55e27 --- /dev/null +++ b/libsrtp-1.5.0-shared.patch @@ -0,0 +1,77 @@ +diff -up libsrtp-1.5.0/Makefile.in.shared libsrtp-1.5.0/Makefile.in +--- libsrtp-1.5.0/Makefile.in.shared 2014-10-13 10:35:33.000000000 -0400 ++++ libsrtp-1.5.0/Makefile.in 2014-11-14 10:14:01.604954699 -0500 +@@ -113,17 +113,13 @@ kernel = crypto/kernel/crypto_kernel.o + + cryptobj = $(ciphers) $(hashes) $(math) $(stat) $(kernel) $(replay) + +-# libsrtp.a (implements srtp processing) ++# libsrtp (implements srtp processing) + + srtpobj = srtp/srtp.o srtp/ekt.o + +-libsrtp.a: $(srtpobj) $(cryptobj) $(gdoi) +- ar cr libsrtp.a $^ +- $(RANLIB) libsrtp.a +- +-libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi) +- $(CC) -shared -Wl,-soname,libsrtp.so \ +- -o libsrtp.so $^ $(LDFLAGS) ++libsrtp.so: $(srtpobj) $(cryptobj) $(gdoi) ++ $(COMPILE) -shared -pthread -lm -Wl,--no-undefined -Wl,-soname,$@.1 -z noexecstack -o $@.1.0.0 $^ ++ ln -s $@.1.0.0 $@ + + # libcryptomath.a contains general-purpose routines that are used to + # generate tables and verify cryptoalgorithm implementations - this +@@ -150,19 +146,19 @@ testapp = $(crypto_testapp) test/srtp_dr + test/roc_driver$(EXE) test/rdbx_driver$(EXE) test/rtpw$(EXE) \ + test/dtls_srtp_driver$(EXE) + +-$(testapp): libsrtp.a ++$(testapp): libsrtp.so + + test/rtpw$(EXE): test/rtpw.c test/rtp.c test/getopt_s.c +- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) ++ $(COMPILE) $(LDFLAGS) -o $@ test/rtpw.c test/rtp.c test/getopt_s.c $(LIBS) $(SRTPLIB) + + test/srtp_driver$(EXE): test/srtp_driver.c test/getopt_s.c +- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) ++ $(COMPILE) $(LDFLAGS) -o $@ test/srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB) + + test/rdbx_driver$(EXE): test/rdbx_driver.c test/getopt_s.c +- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) ++ $(COMPILE) $(LDFLAGS) -o $@ test/rdbx_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB) + + test/dtls_srtp_driver$(EXE): test/dtls_srtp_driver.c test/getopt_s.c +- $(COMPILE) $(LDFLAGS) -o $@ $^ $(LIBS) $(SRTPLIB) ++ $(COMPILE) $(LDFLAGS) -o $@ test/dtls_srtp_driver.c test/getopt_s.c $(LIBS) $(SRTPLIB) + + test: $(testapp) + @echo "Build done. Please run '$(MAKE) runtest' to run self tests." +@@ -220,7 +216,7 @@ install: + cp $(srcdir)/include/*.h $(DESTDIR)$(includedir)/srtp + cp $(srcdir)/crypto/include/*.h $(DESTDIR)$(includedir)/srtp + if [ "$(srcdir)" != "." ]; then cp crypto/include/*.h $(DESTDIR)$(includedir)/srtp; fi +- if [ -f libsrtp.a ]; then cp libsrtp.a $(DESTDIR)$(libdir)/; fi ++ if [ -f libsrtp.so.0.0.0 ]; then cp libsrtp.so.0.0.0 $(DESTDIR)$(libdir)/; fi + if [ -f libsrtp.so ]; then cp libsrtp.so $(DESTDIR)$(libdir)/; fi + if [ "$(pkgconfig_DATA)" != "" ]; then \ + $(INSTALL) -d $(DESTDIR)$(pkgconfigdir); \ +@@ -229,7 +225,7 @@ install: + + uninstall: + rm -f $(DESTDIR)$(includedir)/srtp/*.h +- rm -f $(DESTDIR)$(libdir)/libsrtp.a ++ rm -f $(DESTDIR)$(libdir)/libsrtp.so* + rm -f $(DESTDIR)$(libdir)/libsrtp.so + -rmdir $(DESTDIR)$(includedir)/srtp + if [ "$(pkgconfig_DATA)" != "" ]; then \ +@@ -238,7 +234,7 @@ uninstall: + + clean: + rm -rf $(cryptobj) $(srtpobj) $(cryptomath) TAGS \ +- libcryptomath.a libsrtp.a libsrtp.so core *.core test/core ++ libcryptomath.a libsrtp.so* core *.core test/core + for a in * */* */*/*; do \ + if [ -f "$$a~" ] ; then rm -f $$a~; fi; \ + done;