From f0985f9c77642b70a2a3b082957ac4fe2cb7d592 Mon Sep 17 00:00:00 2001 From: Tom Callaway Date: Mon, 30 Dec 2013 11:53:27 -0500 Subject: [PATCH] fix for CVE-2013-2139 --- libsrtp-1.4.4-CVE20132139.patch | 48 +++++++++++++++++++++++++++++++++ libsrtp.spec | 7 ++++- 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 libsrtp-1.4.4-CVE20132139.patch diff --git a/libsrtp-1.4.4-CVE20132139.patch b/libsrtp-1.4.4-CVE20132139.patch new file mode 100644 index 0000000..ebcc7e1 --- /dev/null +++ b/libsrtp-1.4.4-CVE20132139.patch @@ -0,0 +1,48 @@ +diff -up srtp/srtp/srtp.c.CVE20132139 srtp/srtp/srtp.c +--- srtp/srtp/srtp.c.CVE20132139 2013-12-30 11:47:39.477223492 -0500 ++++ srtp/srtp/srtp.c 2013-12-30 11:49:44.580162545 -0500 +@@ -2045,22 +2045,21 @@ crypto_policy_set_from_profile_for_rtp(c + switch(profile) { + case srtp_profile_aes128_cm_sha1_80: + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); ++ /* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +- crypto_policy_set_null_cipher_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_80: + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); ++ /* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + /* the following profiles are not (yet) supported */ +@@ -2082,7 +2081,7 @@ crypto_policy_set_from_profile_for_rtcp( + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); ++ crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +@@ -2091,7 +2090,7 @@ crypto_policy_set_from_profile_for_rtcp( + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); ++ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: diff --git a/libsrtp.spec b/libsrtp.spec index e6a3311..a84c4c9 100644 --- a/libsrtp.spec +++ b/libsrtp.spec @@ -3,7 +3,7 @@ Name: lib%{shortname} Version: 1.4.4 -Release: 8.%{cvsver}%{?dist} +Release: 9.%{cvsver}%{?dist} Summary: An implementation of the Secure Real-time Transport Protocol (SRTP) Group: System Environment/Libraries License: BSD @@ -20,6 +20,7 @@ Source2: config.h # Seriously. Who doesn't do shared libs these days? # And how does Chromium always manage to find these projects and use them? Patch0: libsrtp-1.4.4-shared.patch +Patch1: libsrtp-1.4.4-CVE20132139.patch %description This package provides an implementation of the Secure Real-time @@ -39,6 +40,7 @@ developing applications that use %{name}. %prep %setup -q -n %{shortname} %patch0 -p1 -b .shared +%patch1 -p1 -b .CVE20132139 # Fix end-of-line encoding sed -i 's/\r//g' doc/draft-irtf-cfrg-icm-00.txt @@ -89,6 +91,9 @@ cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h %{_libdir}/*.so %changelog +* Mon Dec 30 2013 Tom Callaway - 1.4.4-9.20101004cvs +- apply fix for CVE-2013-2139 from https://github.com/cisco/libsrtp/pull/27 + * Sat Aug 03 2013 Fedora Release Engineering - 1.4.4-8.20101004cvs - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild