From e68cf6ab4b4bc228eea37d38376e5baa498a8da0 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Thu, 22 Oct 2020 22:09:16 +0000 Subject: [PATCH] import libsrtp-1.5.4-8.el8 --- .gitignore | 1 + .libsrtp.metadata | 1 + ...nges-for-OpenSSL-1.1.0-compatibility.patch | 502 ++++++++++++++++++ SOURCES/config.h | 18 + SOURCES/libsrtp-1.5.4-shared-fix.patch | 36 ++ .../libsrtp-fix-name-collision-on-MIPS.patch | 55 ++ SOURCES/libsrtp-sha1-name-fix.patch | 174 ++++++ SOURCES/libsrtp-srtp_aes_encrypt.patch | 129 +++++ SPECS/libsrtp.spec | 161 ++++++ 9 files changed, 1077 insertions(+) create mode 100644 .gitignore create mode 100644 .libsrtp.metadata create mode 100644 SOURCES/0001-Changes-for-OpenSSL-1.1.0-compatibility.patch create mode 100644 SOURCES/config.h create mode 100644 SOURCES/libsrtp-1.5.4-shared-fix.patch create mode 100644 SOURCES/libsrtp-fix-name-collision-on-MIPS.patch create mode 100644 SOURCES/libsrtp-sha1-name-fix.patch create mode 100644 SOURCES/libsrtp-srtp_aes_encrypt.patch create mode 100644 SPECS/libsrtp.spec diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2aae70c --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/v1.5.4.tar.gz diff --git a/.libsrtp.metadata b/.libsrtp.metadata new file mode 100644 index 0000000..3938189 --- /dev/null +++ b/.libsrtp.metadata @@ -0,0 +1 @@ +568030da728a03b1d39d3dc1a5c31c3228fa73d5 SOURCES/v1.5.4.tar.gz diff --git a/SOURCES/0001-Changes-for-OpenSSL-1.1.0-compatibility.patch b/SOURCES/0001-Changes-for-OpenSSL-1.1.0-compatibility.patch new file mode 100644 index 0000000..af2c176 --- /dev/null +++ b/SOURCES/0001-Changes-for-OpenSSL-1.1.0-compatibility.patch @@ -0,0 +1,502 @@ +From b1858f6b5fa33b9ef9eeea1f6152185d54bba323 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Mon, 3 Sep 2018 13:19:44 +0200 +Subject: [PATCH] Changes for OpenSSL 1.1.0 compatibility + +--- + crypto/cipher/aes_gcm_ossl.c | 36 +++++---- + crypto/cipher/aes_icm_ossl.c | 18 +++-- + crypto/hash/hmac_ossl.c | 135 ++++++++++++---------------------- + crypto/include/aes_gcm_ossl.h | 2 +- + crypto/include/aes_icm_ossl.h | 2 +- + crypto/include/sha1.h | 14 ++-- + 6 files changed, 89 insertions(+), 118 deletions(-) + +diff --git a/crypto/cipher/aes_gcm_ossl.c b/crypto/cipher/aes_gcm_ossl.c +index dce2a33..943dbd5 100644 +--- a/crypto/cipher/aes_gcm_ossl.c ++++ b/crypto/cipher/aes_gcm_ossl.c +@@ -116,6 +116,13 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) + (*c)->state = allptr + sizeof(cipher_t); + gcm = (aes_gcm_ctx_t *)(*c)->state; + ++ gcm->ctx = EVP_CIPHER_CTX_new(); ++ if (gcm->ctx == NULL) { ++ crypto_free(*c); ++ *c = NULL; ++ return (err_status_alloc_fail); ++ } ++ + /* increment ref_count */ + switch (key_len) { + case AES_128_GCM_KEYSIZE_WSALT: +@@ -136,7 +143,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) + + /* set key size */ + (*c)->key_len = key_len; +- EVP_CIPHER_CTX_init(&gcm->ctx); + + return (err_status_ok); + } +@@ -151,7 +157,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c) + + ctx = (aes_gcm_ctx_t*)c->state; + if (ctx) { +- EVP_CIPHER_CTX_cleanup(&ctx->ctx); ++ EVP_CIPHER_CTX_free(ctx->ctx); + /* decrement ref_count for the appropriate engine */ + switch (ctx->key_size) { + case AES_256_KEYSIZE: +@@ -197,7 +203,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key) + + debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key)); + +- EVP_CIPHER_CTX_cleanup(&c->ctx); ++ EVP_CIPHER_CTX_cleanup(c->ctx); + + return (err_status_ok); + } +@@ -231,19 +237,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv, + break; + } + +- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, ++ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, + NULL, (c->dir == direction_encrypt ? 1 : 0))) { + return (err_status_init_fail); + } + + /* set IV len and the IV value, the followiong 3 calls are required */ +- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { ++ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { + return (err_status_init_fail); + } +- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { ++ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { + return (err_status_init_fail); + } +- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { ++ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { + return (err_status_init_fail); + } + +@@ -267,9 +273,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c, unsigned char *aad, + * Set dummy tag, OpenSSL requires the Tag to be set before + * processing AAD + */ +- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); ++ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); + +- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len); ++ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len); + if (rv != aad_len) { + return (err_status_algo_fail); + } else { +@@ -295,7 +301,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c, unsigned char *buf, + /* + * Encrypt the data + */ +- EVP_Cipher(&c->ctx, buf, buf, *enc_len); ++ EVP_Cipher(c->ctx, buf, buf, *enc_len); + + return (err_status_ok); + } +@@ -317,12 +323,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c, unsigned char *buf, + /* + * Calculate the tag + */ +- EVP_Cipher(&c->ctx, NULL, NULL, 0); ++ EVP_Cipher(c->ctx, NULL, NULL, 0); + + /* + * Retreive the tag + */ +- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); ++ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); + + /* + * Increase encryption length by desired tag size +@@ -351,14 +357,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c, unsigned char *buf, + /* + * Set the tag before decrypting + */ +- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, ++ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, + buf + (*enc_len - c->tag_len)); +- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len); ++ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len); + + /* + * Check the tag + */ +- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) { ++ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) { + return (err_status_auth_fail); + } + +diff --git a/crypto/cipher/aes_icm_ossl.c b/crypto/cipher/aes_icm_ossl.c +index eb58539..1ddd39e 100644 +--- a/crypto/cipher/aes_icm_ossl.c ++++ b/crypto/cipher/aes_icm_ossl.c +@@ -143,6 +143,13 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) + (*c)->state = allptr + sizeof(cipher_t); + icm = (aes_icm_ctx_t*)(*c)->state; + ++ icm->ctx = EVP_CIPHER_CTX_new(); ++ if (icm->ctx == NULL) { ++ crypto_free(*c); ++ *c = NULL; ++ return err_status_alloc_fail; ++ } ++ + /* increment ref_count */ + switch (key_len) { + case AES_128_KEYSIZE_WSALT: +@@ -169,7 +176,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) + + /* set key size */ + (*c)->key_len = key_len; +- EVP_CIPHER_CTX_init(&icm->ctx); + + return err_status_ok; + } +@@ -191,7 +197,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c) + */ + ctx = (aes_icm_ctx_t*)c->state; + if (ctx != NULL) { +- EVP_CIPHER_CTX_cleanup(&ctx->ctx); ++ EVP_CIPHER_CTX_free(ctx->ctx); + /* decrement ref_count for the appropriate engine */ + switch (ctx->key_size) { + case AES_256_KEYSIZE: +@@ -271,7 +277,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, + debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key)); + debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); + +- EVP_CIPHER_CTX_cleanup(&c->ctx); ++ EVP_CIPHER_CTX_cleanup(c->ctx); + + return err_status_ok; + } +@@ -312,7 +318,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir) + break; + } + +- if (!EVP_EncryptInit_ex(&c->ctx, evp, ++ if (!EVP_EncryptInit_ex(c->ctx, evp, + NULL, c->key.v8, c->counter.v8)) { + return err_status_fail; + } else { +@@ -334,12 +340,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c, unsigned char *buf, unsi + + debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); + +- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) { ++ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) { + return err_status_cipher_fail; + } + *enc_len = len; + +- if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) { ++ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) { + return err_status_cipher_fail; + } + *enc_len += len; +diff --git a/crypto/hash/hmac_ossl.c b/crypto/hash/hmac_ossl.c +index f62ce57..3f6f97d 100644 +--- a/crypto/hash/hmac_ossl.c ++++ b/crypto/hash/hmac_ossl.c +@@ -49,8 +49,10 @@ + #include "hmac.h" + #include "alloc.h" + #include ++#include + +-#define HMAC_KEYLEN_MAX 20 ++#define HMAC_KEYLEN_MAX 20 ++#define SHA1_DIGEST_SIZE 20 + + /* the debug module for authentiation */ + +@@ -64,8 +66,6 @@ err_status_t + hmac_alloc (auth_t **a, int key_len, int out_len) + { + extern auth_type_t hmac; +- uint8_t *pointer; +- hmac_ctx_t *new_hmac_ctx; + + debug_print(mod_hmac, "allocating auth func with key length %d", key_len); + debug_print(mod_hmac, " tag length %d", out_len); +@@ -79,25 +79,28 @@ hmac_alloc (auth_t **a, int key_len, int out_len) + } + + /* check output length - should be less than 20 bytes */ +- if (out_len > HMAC_KEYLEN_MAX) { ++ if (out_len > SHA1_DIGEST_SIZE) { + return err_status_bad_param; + } + + /* allocate memory for auth and hmac_ctx_t structures */ +- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); +- if (pointer == NULL) { ++ *a = crypto_alloc(sizeof(auth_t)); ++ if (*a == NULL) { ++ return err_status_alloc_fail; ++ } ++ ++ (*a)->state = HMAC_CTX_new(); ++ if ((*a)->state == NULL) { ++ crypto_free(*a); ++ *a = NULL; + return err_status_alloc_fail; + } + + /* set pointers */ +- *a = (auth_t*)pointer; + (*a)->type = &hmac; +- (*a)->state = pointer + sizeof(auth_t); + (*a)->out_len = out_len; + (*a)->key_len = key_len; + (*a)->prefix_len = 0; +- new_hmac_ctx = (hmac_ctx_t*)((*a)->state); +- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t)); + + /* increment global count of all hmac uses */ + hmac.ref_count++; +@@ -109,19 +112,14 @@ err_status_t + hmac_dealloc (auth_t *a) + { + extern auth_type_t hmac; +- hmac_ctx_t *hmac_ctx; ++ HMAC_CTX *hmac_ctx; + +- hmac_ctx = (hmac_ctx_t*)a->state; +- if (hmac_ctx->ctx_initialized) { +- EVP_MD_CTX_cleanup(&hmac_ctx->ctx); +- } +- if (hmac_ctx->init_ctx_initialized) { +- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx); +- } ++ hmac_ctx = (HMAC_CTX*)a->state; ++ ++ HMAC_CTX_free(hmac_ctx); + + /* zeroize entire state*/ +- octet_string_set_to_zero((uint8_t*)a, +- sizeof(hmac_ctx_t) + sizeof(auth_t)); ++ octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t)); + + /* free memory */ + crypto_free(a); +@@ -133,109 +131,68 @@ hmac_dealloc (auth_t *a) + } + + err_status_t +-hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len) ++hmac_start (hmac_ctx_t *statev) + { +- int i; +- uint8_t ipad[64]; +- +- /* +- * check key length - note that we don't support keys larger +- * than 20 bytes yet +- */ +- if (key_len > HMAC_KEYLEN_MAX) { +- return err_status_bad_param; +- } +- +- /* +- * set values of ipad and opad by exoring the key into the +- * appropriate constant values +- */ +- for (i = 0; i < key_len; i++) { +- ipad[i] = key[i] ^ 0x36; +- state->opad[i] = key[i] ^ 0x5c; +- } +- /* set the rest of ipad, opad to constant values */ +- for (; i < sizeof(ipad); i++) { +- ipad[i] = 0x36; +- ((uint8_t*)state->opad)[i] = 0x5c; +- } +- +- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad))); ++ HMAC_CTX *state = (HMAC_CTX *)statev; + +- /* initialize sha1 context */ +- sha1_init(&state->init_ctx); +- state->init_ctx_initialized = 1; ++ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0) ++ return err_status_auth_fail; + +- /* hash ipad ^ key */ +- sha1_update(&state->init_ctx, ipad, sizeof(ipad)); +- return (hmac_start(state)); ++ return err_status_ok; + } + + err_status_t +-hmac_start (hmac_ctx_t *state) ++hmac_init (hmac_ctx_t *statev, const uint8_t *key, int key_len) + { +- if (state->ctx_initialized) { +- EVP_MD_CTX_cleanup(&state->ctx); +- } +- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) { ++ HMAC_CTX *state = (HMAC_CTX *)statev; ++ ++ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0) + return err_status_auth_fail; +- } else { +- state->ctx_initialized = 1; +- return err_status_ok; +- } ++ ++ return err_status_ok; + } + + err_status_t +-hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets) ++hmac_update (hmac_ctx_t *statev, const uint8_t *message, int msg_octets) + { ++ HMAC_CTX *state = (HMAC_CTX *)statev; ++ + debug_print(mod_hmac, "input: %s", + octet_string_hex_string(message, msg_octets)); + +- /* hash message into sha1 context */ +- sha1_update(&state->ctx, message, msg_octets); ++ if (HMAC_Update(state, message, msg_octets) == 0) ++ return err_status_auth_fail; + + return err_status_ok; + } + + err_status_t +-hmac_compute (hmac_ctx_t *state, const void *message, ++hmac_compute (hmac_ctx_t *statev, const void *message, + int msg_octets, int tag_len, uint8_t *result) + { +- uint32_t hash_value[5]; +- uint32_t H[5]; ++ HMAC_CTX *state = (HMAC_CTX *)statev; ++ uint8_t hash_value[SHA1_DIGEST_SIZE]; + int i; ++ unsigned int len; + + /* check tag length, return error if we can't provide the value expected */ +- if (tag_len > HMAC_KEYLEN_MAX) { ++ if (tag_len > SHA1_DIGEST_SIZE) { + return err_status_bad_param; + } + + /* hash message, copy output into H */ +- sha1_update(&state->ctx, message, msg_octets); +- sha1_final(&state->ctx, H); +- +- /* +- * note that we don't need to debug_print() the input, since the +- * function hmac_update() already did that for us +- */ +- debug_print(mod_hmac, "intermediate state: %s", +- octet_string_hex_string((uint8_t*)H, sizeof(H))); +- +- /* re-initialize hash context */ +- sha1_init(&state->ctx); +- +- /* hash opad ^ key */ +- sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad)); ++ if (HMAC_Update(state, message, msg_octets) == 0) ++ return err_status_auth_fail; + +- /* hash the result of the inner hash */ +- sha1_update(&state->ctx, (uint8_t*)H, sizeof(H)); ++ if (HMAC_Final(state, hash_value, &len) == 0) ++ return err_status_auth_fail; + +- /* the result is returned in the array hash_value[] */ +- sha1_final(&state->ctx, hash_value); ++ if (len < tag_len) ++ return err_status_auth_fail; + + /* copy hash_value to *result */ + for (i = 0; i < tag_len; i++) { +- result[i] = ((uint8_t*)hash_value)[i]; ++ result[i] = hash_value[i]; + } + + debug_print(mod_hmac, "output: %s", +diff --git a/crypto/include/aes_gcm_ossl.h b/crypto/include/aes_gcm_ossl.h +index 8e7711d..4f49b51 100644 +--- a/crypto/include/aes_gcm_ossl.h ++++ b/crypto/include/aes_gcm_ossl.h +@@ -55,7 +55,7 @@ typedef struct { + v256_t key; + int key_size; + int tag_len; +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX* ctx; + cipher_direction_t dir; + } aes_gcm_ctx_t; + +diff --git a/crypto/include/aes_icm_ossl.h b/crypto/include/aes_icm_ossl.h +index b4ec40a..af23320 100644 +--- a/crypto/include/aes_icm_ossl.h ++++ b/crypto/include/aes_icm_ossl.h +@@ -72,7 +72,7 @@ typedef struct { + v128_t offset; /* initial offset value */ + v256_t key; + int key_size; +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX* ctx; + } aes_icm_ctx_t; + + err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir); +diff --git a/crypto/include/sha1.h b/crypto/include/sha1.h +index 2ce53e8..fb5bd95 100644 +--- a/crypto/include/sha1.h ++++ b/crypto/include/sha1.h +@@ -56,8 +56,6 @@ + #include + #include + +-typedef EVP_MD_CTX sha1_ctx_t; +- + /* + * sha1_init(&ctx) initializes the SHA1 context ctx + * +@@ -72,23 +70,27 @@ typedef EVP_MD_CTX sha1_ctx_t; + * + */ + ++typedef EVP_MD_CTX* sha1_ctx_t; ++ + static inline void sha1_init (sha1_ctx_t *ctx) + { +- EVP_MD_CTX_init(ctx); +- EVP_DigestInit(ctx, EVP_sha1()); ++ *ctx = EVP_MD_CTX_new(); ++ EVP_DigestInit(*ctx, EVP_sha1()); + } + + static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg) + { +- EVP_DigestUpdate(ctx, M, octets_in_msg); ++ EVP_DigestUpdate(*ctx, M, octets_in_msg); + } + + static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output) + { + unsigned int len = 0; + +- EVP_DigestFinal(ctx, (unsigned char*)output, &len); ++ EVP_DigestFinal(*ctx, (unsigned char*)output, &len); ++ EVP_MD_CTX_free(*ctx); + } ++ + #else + #include "datatypes.h" + +-- +2.17.1 + diff --git a/SOURCES/config.h b/SOURCES/config.h new file mode 100644 index 0000000..d0860ba --- /dev/null +++ b/SOURCES/config.h @@ -0,0 +1,18 @@ +/* This file is here to prevent a file conflict on multiarch systems. A + * conflict will frequently occur because arch-specific build-time + * configuration options are stored (and used, so they can't just be stripped + * out) in config.h. The original config.h has been renamed. + * DO NOT INCLUDE THE NEW FILE DIRECTLY -- ALWAYS INCLUDE THIS ONE INSTEAD. */ + +#ifdef srtp_multilib_redirection_h +#error "Do not define srtp_multilib_redirection_h!" +#endif +#define srtp_multilib_redirection_h + +#if defined(__x86_64__) || defined(__PPC64__) || (defined(__sparc__) && defined(__arch64__)) || defined(__s390x__) || defined(__aarch64__) +#include "srtp/config-64.h" +#else +#include "srtp/config-32.h" +#endif + +#undef srtp_multilib_redirection_h diff --git a/SOURCES/libsrtp-1.5.4-shared-fix.patch b/SOURCES/libsrtp-1.5.4-shared-fix.patch new file mode 100644 index 0000000..b720709 --- /dev/null +++ b/SOURCES/libsrtp-1.5.4-shared-fix.patch @@ -0,0 +1,36 @@ +diff -up libsrtp-1.5.4/Makefile.in.sharedfix libsrtp-1.5.4/Makefile.in +--- libsrtp-1.5.4/Makefile.in.sharedfix 2016-02-02 14:56:49.000000000 -0500 ++++ libsrtp-1.5.4/Makefile.in 2016-02-12 09:38:18.228208296 -0500 +@@ -84,12 +84,14 @@ pkgconfigdir = $(libdir)/pkgconfig + pkgconfig_DATA = libsrtp.pc + endif + +-SHAREDLIBVERSION = 1 ++SHAREDLIBMINIVER = 1 ++SHAREDLIBVERSION = $(SHAREDLIBMINIVER).0.0 + ifeq (linux,$(findstring linux,@host@)) + SHAREDLIB_DIR = $(libdir) +-SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@ + SHAREDLIBSUFFIXNOVER = so + SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION) ++SHAREDLIBMINISUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBMINIVER) ++SHAREDLIB_LDFLAGS = -shared -Wl,-soname,libsrtp.$(SHAREDLIBMINISUFFIX) + else ifeq (mingw,$(findstring mingw,@host@)) + SHAREDLIB_DIR = $(bindir) + SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp.dll.a +@@ -148,6 +150,7 @@ libsrtp.$(SHAREDLIBSUFFIX): $(srtpobj) $ + $(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \ + $^ $(LDFLAGS) $(LIBS) + if [ -n "$(SHAREDLIBVERSION)" ]; then \ ++ ln -sfn $@ libsrtp.$(SHAREDLIBMINISUFFIX); \ + ln -sfn $@ libsrtp.$(SHAREDLIBSUFFIXNOVER); \ + fi + +@@ -274,6 +277,7 @@ install: + $(INSTALL) -d $(DESTDIR)$(SHAREDLIB_DIR); \ + cp libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/; \ + ln -sfn libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp.$(SHAREDLIBSUFFIXNOVER); \ ++ ln -sfn libsrtp.$(SHAREDLIBSUFFIX) $(DESTDIR)$(SHAREDLIB_DIR)/libsrtp.$(SHAREDLIBMINISUFFIX); \ + fi + if [ "$(pkgconfig_DATA)" != "" ]; then \ + $(INSTALL) -d $(DESTDIR)$(pkgconfigdir); \ diff --git a/SOURCES/libsrtp-fix-name-collision-on-MIPS.patch b/SOURCES/libsrtp-fix-name-collision-on-MIPS.patch new file mode 100644 index 0000000..c9b4a34 --- /dev/null +++ b/SOURCES/libsrtp-fix-name-collision-on-MIPS.patch @@ -0,0 +1,55 @@ +diff -urp libsrtp-1.5.0/test/srtp_driver.c l/test/srtp_driver.c +--- libsrtp-1.5.0/test/srtp_driver.c 2014-10-13 16:35:33.000000000 +0200 ++++ libsrtp-1.5.4/test/srtp_driver.c 2015-09-18 06:41:50.740727805 +0200 +@@ -341,7 +341,7 @@ main (int argc, char *argv[]) { + if (do_codec_timing) { + srtp_policy_t policy; + int ignore; +- double mips = mips_estimate(1000000000, &ignore); ++ double mips_est = mips_estimate(1000000000, &ignore); + + crypto_policy_set_rtp_default(&policy.rtp); + crypto_policy_set_rtcp_default(&policy.rtcp); +@@ -353,33 +353,33 @@ main (int argc, char *argv[]) { + policy.allow_repeat_tx = 0; + policy.next = NULL; + +- printf("mips estimate: %e\n", mips); ++ printf("mips estimate: %e\n", mips_est); + + printf("testing srtp processing time for voice codecs:\n"); + printf("codec\t\tlength (octets)\t\tsrtp instructions/second\n"); + printf("G.711\t\t%d\t\t\t%e\n", 80, +- (double) mips * (80 * 8) / ++ (double) mips_est * (80 * 8) / + srtp_bits_per_second(80, &policy) / .01 ); + printf("G.711\t\t%d\t\t\t%e\n", 160, +- (double) mips * (160 * 8) / ++ (double) mips_est * (160 * 8) / + srtp_bits_per_second(160, &policy) / .02); + printf("G.726-32\t%d\t\t\t%e\n", 40, +- (double) mips * (40 * 8) / ++ (double) mips_est * (40 * 8) / + srtp_bits_per_second(40, &policy) / .01 ); + printf("G.726-32\t%d\t\t\t%e\n", 80, +- (double) mips * (80 * 8) / ++ (double) mips_est * (80 * 8) / + srtp_bits_per_second(80, &policy) / .02); + printf("G.729\t\t%d\t\t\t%e\n", 10, +- (double) mips * (10 * 8) / ++ (double) mips_est * (10 * 8) / + srtp_bits_per_second(10, &policy) / .01 ); + printf("G.729\t\t%d\t\t\t%e\n", 20, +- (double) mips * (20 * 8) / ++ (double) mips_est * (20 * 8) / + srtp_bits_per_second(20, &policy) / .02 ); + printf("Wideband\t%d\t\t\t%e\n", 320, +- (double) mips * (320 * 8) / ++ (double) mips_est * (320 * 8) / + srtp_bits_per_second(320, &policy) / .01 ); + printf("Wideband\t%d\t\t\t%e\n", 640, +- (double) mips * (640 * 8) / ++ (double) mips_est * (640 * 8) / + srtp_bits_per_second(640, &policy) / .02 ); + } + diff --git a/SOURCES/libsrtp-sha1-name-fix.patch b/SOURCES/libsrtp-sha1-name-fix.patch new file mode 100644 index 0000000..4295039 --- /dev/null +++ b/SOURCES/libsrtp-sha1-name-fix.patch @@ -0,0 +1,174 @@ +diff -rup libsrtp-1.5.0/crypto/hash/hmac.c libsrtp-1.5.0/crypto/hash/hmac.c +--- libsrtp-1.5.0/crypto/hash/hmac.c 2014-10-13 10:35:33.000000000 -0400 ++++ libsrtp-1.5.0/crypto/hash/hmac.c 2014-10-31 09:15:20.666474444 -0400 +@@ -141,10 +141,10 @@ hmac_init(hmac_ctx_t *state, const uint8 + debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, 64)); + + /* initialize sha1 context */ +- sha1_init(&state->init_ctx); ++ crypto_sha1_init(&state->init_ctx); + + /* hash ipad ^ key */ +- sha1_update(&state->init_ctx, ipad, 64); ++ crypto_sha1_update(&state->init_ctx, ipad, 64); + memcpy(&state->ctx, &state->init_ctx, sizeof(sha1_ctx_t)); + + return err_status_ok; +@@ -165,7 +165,7 @@ hmac_update(hmac_ctx_t *state, const uin + octet_string_hex_string(message, msg_octets)); + + /* hash message into sha1 context */ +- sha1_update(&state->ctx, message, msg_octets); ++ crypto_sha1_update(&state->ctx, message, msg_octets); + + return err_status_ok; + } +@@ -183,7 +183,7 @@ hmac_compute(hmac_ctx_t *state, const vo + + /* hash message, copy output into H */ + hmac_update(state, (const uint8_t*)message, msg_octets); +- sha1_final(&state->ctx, H); ++ crypto_sha1_final(&state->ctx, H); + + /* + * note that we don't need to debug_print() the input, since the +@@ -193,16 +193,16 @@ hmac_compute(hmac_ctx_t *state, const vo + octet_string_hex_string((uint8_t *)H, 20)); + + /* re-initialize hash context */ +- sha1_init(&state->ctx); ++ crypto_sha1_init(&state->ctx); + + /* hash opad ^ key */ +- sha1_update(&state->ctx, (uint8_t *)state->opad, 64); ++ crypto_sha1_update(&state->ctx, (uint8_t *)state->opad, 64); + + /* hash the result of the inner hash */ +- sha1_update(&state->ctx, (uint8_t *)H, 20); ++ crypto_sha1_update(&state->ctx, (uint8_t *)H, 20); + + /* the result is returned in the array hash_value[] */ +- sha1_final(&state->ctx, hash_value); ++ crypto_sha1_final(&state->ctx, hash_value); + + /* copy hash_value to *result */ + for (i=0; i < tag_len; i++) +diff -rup libsrtp-1.5.0/crypto/hash/sha1.c libsrtp-1.5.0/crypto/hash/sha1.c +--- libsrtp-1.5.0/crypto/hash/sha1.c 2014-10-13 10:35:33.000000000 -0400 ++++ libsrtp-1.5.0/crypto/hash/sha1.c 2014-10-31 09:15:20.667474449 -0400 +@@ -77,12 +77,12 @@ uint32_t SHA_K2 = 0x8F1BBCDC; /* Kt fo + uint32_t SHA_K3 = 0xCA62C1D6; /* Kt for 60 <= t <= 79 */ + + void +-sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) { ++crypto_sha1(const uint8_t *msg, int octets_in_msg, uint32_t hash_value[5]) { + sha1_ctx_t ctx; + +- sha1_init(&ctx); +- sha1_update(&ctx, msg, octets_in_msg); +- sha1_final(&ctx, hash_value); ++ crypto_sha1_init(&ctx); ++ crypto_sha1_update(&ctx, msg, octets_in_msg); ++ crypto_sha1_final(&ctx, hash_value); + + } + +@@ -99,7 +99,7 @@ sha1(const uint8_t *msg, int octets_in_ + */ + + void +-sha1_core(const uint32_t M[16], uint32_t hash_value[5]) { ++crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]) { + uint32_t H0; + uint32_t H1; + uint32_t H2; +@@ -186,7 +186,7 @@ sha1_core(const uint32_t M[16], uint32_t + } + + void +-sha1_init(sha1_ctx_t *ctx) { ++crypto_sha1_init(sha1_ctx_t *ctx) { + + /* initialize state vector */ + ctx->H[0] = 0x67452301; +@@ -204,7 +204,7 @@ sha1_init(sha1_ctx_t *ctx) { + } + + void +-sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { ++crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *msg, int octets_in_msg) { + int i; + uint8_t *buf = (uint8_t *)ctx->M; + +@@ -229,7 +229,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8 + + debug_print(mod_sha1, "(update) running sha1_core()", NULL); + +- sha1_core(ctx->M, ctx->H); ++ crypto_sha1_core(ctx->M, ctx->H); + + } else { + +@@ -252,7 +252,7 @@ sha1_update(sha1_ctx_t *ctx, const uint8 + */ + + void +-sha1_final(sha1_ctx_t *ctx, uint32_t *output) { ++crypto_sha1_final(sha1_ctx_t *ctx, uint32_t *output) { + uint32_t A, B, C, D, E, TEMP; + uint32_t W[80]; + int i, t; +diff -rup libsrtp-1.5.0/crypto/include/sha1.h libsrtp-1.5.0/crypto/include/sha1.h +--- libsrtp-1.5.0/crypto/include/sha1.h 2014-10-13 10:35:33.000000000 -0400 ++++ libsrtp-1.5.0/crypto/include/sha1.h 2014-10-31 09:16:10.367733196 -0400 +@@ -103,7 +103,7 @@ typedef struct { + */ + + void +-sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]); ++crypto_sha1(const uint8_t *message, int octets_in_msg, uint32_t output[5]); + + /* + * sha1_init(&ctx) initializes the SHA1 context ctx +@@ -117,13 +117,13 @@ sha1(const uint8_t *message, int octets + */ + + void +-sha1_init(sha1_ctx_t *ctx); ++crypto_sha1_init(sha1_ctx_t *ctx); + + void +-sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); ++crypto_sha1_update(sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg); + + void +-sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); ++crypto_sha1_final(sha1_ctx_t *ctx, uint32_t output[5]); + + /* + * The sha1_core function is INTERNAL to SHA-1, but it is declared +@@ -141,7 +141,7 @@ sha1_final(sha1_ctx_t *ctx, uint32_t out + */ + + void +-sha1_core(const uint32_t M[16], uint32_t hash_value[5]); ++crypto_sha1_core(const uint32_t M[16], uint32_t hash_value[5]); + + #endif /* else OPENSSL */ + +diff -rup libsrtp-1.5.0/crypto/test/sha1_driver.c libsrtp-1.5.0/crypto/test/sha1_driver.c +--- libsrtp-1.5.0/crypto/test/sha1_driver.c 2014-10-13 10:35:33.000000000 -0400 ++++ libsrtp-1.5.0/crypto/test/sha1_driver.c 2014-10-31 09:15:20.668474454 -0400 +@@ -113,9 +113,9 @@ sha1_test_case_validate(const hash_test_ + if (test_case->data_len > MAX_HASH_DATA_LEN) + return err_status_bad_param; + +- sha1_init(&ctx); +- sha1_update(&ctx, test_case->data, test_case->data_len); +- sha1_final(&ctx, hash_value); ++ crypto_sha1_init(&ctx); ++ crypto_sha1_update(&ctx, test_case->data, test_case->data_len); ++ crypto_sha1_final(&ctx, hash_value); + if (0 == memcmp(test_case->hash, hash_value, 20)) { + #if VERBOSE + printf("PASSED: reference value: %s\n", diff --git a/SOURCES/libsrtp-srtp_aes_encrypt.patch b/SOURCES/libsrtp-srtp_aes_encrypt.patch new file mode 100644 index 0000000..3b78e18 --- /dev/null +++ b/SOURCES/libsrtp-srtp_aes_encrypt.patch @@ -0,0 +1,129 @@ +diff -rup a/crypto/cipher/aes.c b/crypto/cipher/aes.c +--- a/crypto/cipher/aes.c 2014-10-13 10:35:33.000000000 -0400 ++++ b/crypto/cipher/aes.c 2014-10-31 09:25:20.603597823 -0400 +@@ -2002,7 +2002,7 @@ aes_inv_final_round(v128_t *state, const + + + void +-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) { ++srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key) { + + /* add in the subkey */ + v128_xor_eq(plaintext, &exp_key->round[0]); +diff -rup a/crypto/cipher/aes_cbc.c b/crypto/cipher/aes_cbc.c +--- a/crypto/cipher/aes_cbc.c 2014-10-13 10:35:33.000000000 -0400 ++++ b/crypto/cipher/aes_cbc.c 2014-10-31 09:25:20.604597828 -0400 +@@ -192,7 +192,7 @@ aes_cbc_encrypt(aes_cbc_ctx_t *c, + debug_print(mod_aes_cbc, "inblock: %s", + v128_hex_string(&c->state)); + +- aes_encrypt(&c->state, &c->expanded_key); ++ srtp_aes_encrypt(&c->state, &c->expanded_key); + + debug_print(mod_aes_cbc, "outblock: %s", + v128_hex_string(&c->state)); +diff -rup a/crypto/cipher/aes_icm.c b/crypto/cipher/aes_icm.c +--- a/crypto/cipher/aes_icm.c 2014-10-13 10:35:33.000000000 -0400 ++++ b/crypto/cipher/aes_icm.c 2014-10-31 09:25:20.604597828 -0400 +@@ -260,7 +260,7 @@ aes_icm_set_octet(aes_icm_ctx_t *c, + /* fill keystream buffer, if needed */ + if (tail_num) { + v128_copy(&c->keystream_buffer, &c->counter); +- aes_encrypt(&c->keystream_buffer, &c->expanded_key); ++ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key); + c->bytes_in_buffer = sizeof(v128_t); + + debug_print(mod_aes_icm, "counter: %s", +@@ -316,7 +316,7 @@ static inline void + aes_icm_advance_ismacryp(aes_icm_ctx_t *c, uint8_t forIsmacryp) { + /* fill buffer with new keystream */ + v128_copy(&c->keystream_buffer, &c->counter); +- aes_encrypt(&c->keystream_buffer, &c->expanded_key); ++ srtp_aes_encrypt(&c->keystream_buffer, &c->expanded_key); + c->bytes_in_buffer = sizeof(v128_t); + + debug_print(mod_aes_icm, "counter: %s", +diff -rup a/crypto/include/aes.h b/crypto/include/aes.h +--- a/crypto/include/aes.h 2014-10-13 10:35:33.000000000 -0400 ++++ b/crypto/include/aes.h 2014-10-31 09:25:20.604597828 -0400 +@@ -68,7 +68,7 @@ aes_expand_decryption_key(const uint8_t + aes_expanded_key_t *expanded_key); + + void +-aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key); ++srtp_aes_encrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key); + + void + aes_decrypt(v128_t *plaintext, const aes_expanded_key_t *exp_key); +diff -rup a/crypto/rng/prng.c b/crypto/rng/prng.c +--- a/crypto/rng/prng.c 2014-10-13 10:35:33.000000000 -0400 ++++ b/crypto/rng/prng.c 2014-10-31 09:25:20.605597833 -0400 +@@ -112,7 +112,7 @@ x917_prng_get_octet_string(uint8_t *dest + v128_copy(&buffer, &x917_prng.state); + + /* apply aes to buffer */ +- aes_encrypt(&buffer, &x917_prng.key); ++ srtp_aes_encrypt(&buffer, &x917_prng.key); + + /* write data to output */ + *dest++ = buffer.v8[0]; +@@ -136,7 +136,7 @@ x917_prng_get_octet_string(uint8_t *dest + buffer.v32[0] ^= t; + + /* encrypt buffer */ +- aes_encrypt(&buffer, &x917_prng.key); ++ srtp_aes_encrypt(&buffer, &x917_prng.key); + + /* copy buffer into state */ + v128_copy(&x917_prng.state, &buffer); +@@ -154,7 +154,7 @@ x917_prng_get_octet_string(uint8_t *dest + v128_copy(&buffer, &x917_prng.state); + + /* apply aes to buffer */ +- aes_encrypt(&buffer, &x917_prng.key); ++ srtp_aes_encrypt(&buffer, &x917_prng.key); + + /* write data to output */ + for (i=0; i < tail_len; i++) { +@@ -167,7 +167,7 @@ x917_prng_get_octet_string(uint8_t *dest + buffer.v32[0] ^= t; + + /* encrypt buffer */ +- aes_encrypt(&buffer, &x917_prng.key); ++ srtp_aes_encrypt(&buffer, &x917_prng.key); + + /* copy buffer into state */ + v128_copy(&x917_prng.state, &buffer); +diff -rup a/crypto/test/aes_calc.c b/crypto/test/aes_calc.c +--- a/crypto/test/aes_calc.c 2014-10-13 10:35:33.000000000 -0400 ++++ b/crypto/test/aes_calc.c 2014-10-31 09:25:20.605597833 -0400 +@@ -109,7 +109,7 @@ main (int argc, char *argv[]) { + exit(1); + } + +- aes_encrypt(&data, &exp_key); ++ srtp_aes_encrypt(&data, &exp_key); + + /* write ciphertext to output */ + if (verbose) { +diff -rup a/tables/aes_tables.c b/tables/aes_tables.c +--- a/tables/aes_tables.c 2014-10-13 10:35:33.000000000 -0400 ++++ b/tables/aes_tables.c 2014-10-31 09:25:20.605597833 -0400 +@@ -298,7 +298,7 @@ main(void) { + + #if AES_INVERSE_TEST + /* +- * test that aes_encrypt and aes_decrypt are actually ++ * test that srtp_aes_encrypt and aes_decrypt are actually + * inverses of each other + */ + +@@ -335,7 +335,7 @@ aes_test_inverse(void) { + v128_copy_octet_string(&x, plaintext); + aes_expand_encryption_key(k, expanded_key); + aes_expand_decryption_key(k, decrypt_key); +- aes_encrypt(&x, expanded_key); ++ srtp_aes_encrypt(&x, expanded_key); + aes_decrypt(&x, decrypt_key); + + /* compare to expected value then report */ diff --git a/SPECS/libsrtp.spec b/SPECS/libsrtp.spec new file mode 100644 index 0000000..c4bfe26 --- /dev/null +++ b/SPECS/libsrtp.spec @@ -0,0 +1,161 @@ +%global shortname srtp + +Name: libsrtp +Version: 1.5.4 +Release: 8%{?dist} +Summary: An implementation of the Secure Real-time Transport Protocol (SRTP) +Group: System Environment/Libraries +License: BSD +URL: https://github.com/cisco/libsrtp +Source0: https://github.com/cisco/libsrtp/archive/v%{version}.tar.gz +# Universal config.h +Source2: config.h +# Fix shared lib so ldconfig doesn't complain +Patch0: libsrtp-1.5.4-shared-fix.patch +Patch1: libsrtp-srtp_aes_encrypt.patch +Patch2: libsrtp-sha1-name-fix.patch +Patch3: libsrtp-fix-name-collision-on-MIPS.patch +Patch4: 0001-Changes-for-OpenSSL-1.1.0-compatibility.patch + +BuildRequires: openssl-devel >= 1.1.0 + +%description +This package provides an implementation of the Secure Real-time +Transport Protocol (SRTP), the Universal Security Transform (UST), and +a supporting cryptographic kernel. + +%package devel +Summary: Development files for %{name} +Group: Development/Libraries +Requires: %{name}%{?_isa} = %{version}-%{release} +Requires: pkgconfig + +%description devel +The %{name}-devel package contains libraries and header files for +developing applications that use %{name}. + +%prep +%setup -q -n %{name}-%{version} +%patch0 -p1 -b .sharedfix +%patch1 -p1 -b .srtp_aes_encrypt +%patch2 -p1 -b .sha1-name-fix +%patch3 -p1 -b .mips-name-fix +%patch4 -p1 -b .4 + +%if 0%{?rhel} > 0 +%ifarch ppc64 +sed -i 's/-z noexecstack//' Makefile.in +%endif +%endif + +%build +export CFLAGS="%{optflags} -fPIC" +%configure --enable-openssl +make %{?_smp_mflags} shared_library + +%install +make install DESTDIR=%{buildroot} +find %{buildroot} -name '*.la' -exec rm -f {} ';' + +# Handle multilib issues with config.h +mv %{buildroot}%{_includedir}/%{shortname}/config.h %{buildroot}%{_includedir}/%{shortname}/config-%{__isa_bits}.h +cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h + +%post -p /sbin/ldconfig +%postun -p /sbin/ldconfig + +%files +%license LICENSE +%doc CHANGES README TODO VERSION doc/*.txt doc/*.pdf +%{_libdir}/*.so.* + +%files devel +%{_includedir}/%{shortname}/ +%{_libdir}/pkgconfig/libsrtp.pc +%{_libdir}/*.so + +%changelog +* Mon Sep 03 2018 Wim Taymans - 1.5.4-8 +- Port to openssl 1.1.0 +- Build against openssl +- Resolves: rhbz#1618747 + +* Wed Feb 07 2018 Fedora Release Engineering - 1.5.4-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 1.5.4-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 1.5.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 1.5.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Mar 2 2016 Tom Callaway - 1.5.4-3 +- use upstream provided .pc file (bz1313590) + +* Fri Feb 12 2016 Tom Callaway - 1.5.4-2 +- fix shared lib generation to silence ldconfig + +* Thu Feb 11 2016 Tom Callaway - 1.5.4-1 +- update to 1.5.4 +- fix MIPS name collision (bz1305950 ) Thanks to Michal Toman + +* Thu Feb 04 2016 Fedora Release Engineering - 1.5.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 1.5.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Nov 14 2014 Tom Callaway - 1.5.0-2 +- fix library linking typo + +* Fri Nov 14 2014 Tom Callaway +- api changes between 1.4.4 and 1.5.0, bump sover to 1.0.0 +- fix linking issue to make proper libsrtp.so.1 + +* Fri Oct 31 2014 Leif Madsen - 1.5.0-1 +- Update for 1.5.0 release. + +* Sun Aug 17 2014 Fedora Release Engineering - 1.4.4-13.20101004cvs +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 1.4.4-12.20101004cvs +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Thu May 15 2014 Dennis Gilmore - 1.4.4-11.20101004cvs +- update the config.h header aarch64 is a 64 bit arch though there is no multilib + +* Mon Feb 10 2014 Tom Callaway - 1.4.4-10.20101004cvs +- rename internal functions to avoid conflicts (bz 956340) + +* Mon Dec 30 2013 Tom Callaway - 1.4.4-9.20101004cvs +- apply fix for CVE-2013-2139 from https://github.com/cisco/libsrtp/pull/27 + +* Sat Aug 03 2013 Fedora Release Engineering - 1.4.4-8.20101004cvs +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering - 1.4.4-7.20101004cvs +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Sep 25 2012 Karsten Hopp 1.4.4-6.20101004cvs +- use __PPC64__, not __ppc64__ which is undefined on PPC64 arch + +* Thu Jul 19 2012 Fedora Release Engineering - 1.4.4-5.20101004cvs +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Feb 21 2012 Tom Callaway - 1.4.4-4.20101004cvs +- handle config.h multilib (bz787537) + +* Fri Jan 13 2012 Fedora Release Engineering - 1.4.4-3.20101004cvs +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Tue Feb 08 2011 Fedora Release Engineering - 1.4.4-2.20101004cvs +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Tue Jan 25 2011 Jeffrey C. Ollie +- Don't use '-z noexecstack' option for linker on PPC64 (EL6) + +* Mon Oct 4 2010 Tom "spot" Callaway - 1.4.4-1.20101004cvs +- initial package