fix for CVE-2013-2139

2013-12-30 11:53:27 -05:00 · 2013-12-30 11:53:27 -05:00 · f0985f9c77
commit f0985f9c77
parent adec826852
2 changed files with 54 additions and 1 deletions
--- a/libsrtp-1.4.4-CVE20132139.patch
+++ b/libsrtp-1.4.4-CVE20132139.patch
@ -0,0 +1,48 @@
 diff -up srtp/srtp/srtp.c.CVE20132139 srtp/srtp/srtp.c
 --- srtp/srtp/srtp.c.CVE20132139	2013-12-30 11:47:39.477223492 -0500
 +++ srtp/srtp/srtp.c	2013-12-30 11:49:44.580162545 -0500
@@ -2045,22 +2045,21 @@ crypto_policy_set_from_profile_for_rtp(c
   switch(profile) {
   case srtp_profile_aes128_cm_sha1_80:
     crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
 -    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes128_cm_sha1_32:
 -    crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
 +    /* We do not honor the 32-bit auth tag request since
 +     * this is not compliant with RFC 3711 */
     crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
     break;
   case srtp_profile_null_sha1_80:
     crypto_policy_set_null_cipher_hmac_sha1_80(policy);
 -    crypto_policy_set_null_cipher_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes256_cm_sha1_80:
     crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
 -    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes256_cm_sha1_32:
 -    crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
 +    /* We do not honor the 32-bit auth tag request since
 +     * this is not compliant with RFC 3711 */
     crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
     break;
     /* the following profiles are not (yet) supported */
@@ -2082,7 +2081,7 @@ crypto_policy_set_from_profile_for_rtcp(
     crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes128_cm_sha1_32:
 -    crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
 +    crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
     break;
   case srtp_profile_null_sha1_80:
     crypto_policy_set_null_cipher_hmac_sha1_80(policy);
@@ -2091,7 +2090,7 @@ crypto_policy_set_from_profile_for_rtcp(
     crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
     break;
   case srtp_profile_aes256_cm_sha1_32:
 -    crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
 +    crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
     break;
     /* the following profiles are not (yet) supported */
   case srtp_profile_null_sha1_32:
--- a/libsrtp.spec
+++ b/libsrtp.spec
@ -3,7 +3,7 @@
 Name:		lib%{shortname}
 Version:	1.4.4
-Release:	8.%{cvsver}%{?dist}
+Release:	9.%{cvsver}%{?dist}
 Summary:	An implementation of the Secure Real-time Transport Protocol (SRTP)
 Group:		System Environment/Libraries
 License:	BSD
@ -20,6 +20,7 @@ Source2:	config.h
 # Seriously. Who doesn't do shared libs these days?
 # And how does Chromium always manage to find these projects and use them?
 Patch0:		libsrtp-1.4.4-shared.patch
 Patch1:		libsrtp-1.4.4-CVE20132139.patch
 %description
 This package provides an implementation of the Secure Real-time
@ -39,6 +40,7 @@ developing applications that use %{name}.
 %prep
 %setup -q -n %{shortname}
 %patch0 -p1 -b .shared
 %patch1 -p1 -b .CVE20132139
 # Fix end-of-line encoding
 sed -i 's/\r//g' doc/draft-irtf-cfrg-icm-00.txt
@ -89,6 +91,9 @@ cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{shortname}/config.h
 %{_libdir}/*.so
 %changelog
 * Mon Dec 30 2013 Tom Callaway <spot@fedoraproject.org> - 1.4.4-9.20101004cvs
 - apply fix for CVE-2013-2139 from https://github.com/cisco/libsrtp/pull/27
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.4.4-8.20101004cvs
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild