fix for CVE-2013-2139
This commit is contained in:
parent
adec826852
commit
f0985f9c77
48
libsrtp-1.4.4-CVE20132139.patch
Normal file
48
libsrtp-1.4.4-CVE20132139.patch
Normal file
@ -0,0 +1,48 @@
|
||||
diff -up srtp/srtp/srtp.c.CVE20132139 srtp/srtp/srtp.c
|
||||
--- srtp/srtp/srtp.c.CVE20132139 2013-12-30 11:47:39.477223492 -0500
|
||||
+++ srtp/srtp/srtp.c 2013-12-30 11:49:44.580162545 -0500
|
||||
@@ -2045,22 +2045,21 @@ crypto_policy_set_from_profile_for_rtp(c
|
||||
switch(profile) {
|
||||
case srtp_profile_aes128_cm_sha1_80:
|
||||
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
||||
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
||||
break;
|
||||
case srtp_profile_aes128_cm_sha1_32:
|
||||
- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
|
||||
+ /* We do not honor the 32-bit auth tag request since
|
||||
+ * this is not compliant with RFC 3711 */
|
||||
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
||||
break;
|
||||
case srtp_profile_null_sha1_80:
|
||||
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
||||
- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
||||
break;
|
||||
case srtp_profile_aes256_cm_sha1_80:
|
||||
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
||||
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
||||
break;
|
||||
case srtp_profile_aes256_cm_sha1_32:
|
||||
- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
|
||||
+ /* We do not honor the 32-bit auth tag request since
|
||||
+ * this is not compliant with RFC 3711 */
|
||||
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
||||
break;
|
||||
/* the following profiles are not (yet) supported */
|
||||
@@ -2082,7 +2081,7 @@ crypto_policy_set_from_profile_for_rtcp(
|
||||
crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
||||
break;
|
||||
case srtp_profile_aes128_cm_sha1_32:
|
||||
- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
|
||||
+ crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
|
||||
break;
|
||||
case srtp_profile_null_sha1_80:
|
||||
crypto_policy_set_null_cipher_hmac_sha1_80(policy);
|
||||
@@ -2091,7 +2090,7 @@ crypto_policy_set_from_profile_for_rtcp(
|
||||
crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
||||
break;
|
||||
case srtp_profile_aes256_cm_sha1_32:
|
||||
- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
|
||||
+ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
|
||||
break;
|
||||
/* the following profiles are not (yet) supported */
|
||||
case srtp_profile_null_sha1_32:
|
@ -3,7 +3,7 @@
|
||||
|
||||
Name: lib%{shortname}
|
||||
Version: 1.4.4
|
||||
Release: 8.%{cvsver}%{?dist}
|
||||
Release: 9.%{cvsver}%{?dist}
|
||||
Summary: An implementation of the Secure Real-time Transport Protocol (SRTP)
|
||||
Group: System Environment/Libraries
|
||||
License: BSD
|
||||
@ -20,6 +20,7 @@ Source2: config.h
|
||||
# Seriously. Who doesn't do shared libs these days?
|
||||
# And how does Chromium always manage to find these projects and use them?
|
||||
Patch0: libsrtp-1.4.4-shared.patch
|
||||
Patch1: libsrtp-1.4.4-CVE20132139.patch
|
||||
|
||||
%description
|
||||
This package provides an implementation of the Secure Real-time
|
||||
@ -39,6 +40,7 @@ developing applications that use %{name}.
|
||||
%prep
|
||||
%setup -q -n %{shortname}
|
||||
%patch0 -p1 -b .shared
|
||||
%patch1 -p1 -b .CVE20132139
|
||||
|
||||
# Fix end-of-line encoding
|
||||
sed -i 's/\r//g' doc/draft-irtf-cfrg-icm-00.txt
|
||||
@ -89,6 +91,9 @@ cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h
|
||||
%{_libdir}/*.so
|
||||
|
||||
%changelog
|
||||
* Mon Dec 30 2013 Tom Callaway <spot@fedoraproject.org> - 1.4.4-9.20101004cvs
|
||||
- apply fix for CVE-2013-2139 from https://github.com/cisco/libsrtp/pull/27
|
||||
|
||||
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-8.20101004cvs
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user