Hello community, here is the log from the commit of package libsrtp for openSUSE:Factory checked in at 2016-03-09 15:15:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsrtp (Old) and /work/SRC/openSUSE:Factory/.libsrtp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsrtp" Changes: -------- --- /work/SRC/openSUSE:Factory/libsrtp/libsrtp.changes 2016-01-28 17:18:52.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libsrtp.new/libsrtp.changes 2016-03-09 15:15:47.000000000 +0100 @@ -1,0 +2,7 @@ +Fri Mar 4 07:46:25 UTC 2016 - [email protected] + +- Update to 1.5.4: + * Use BE byte ordering of RTCP trailer. + * Allow zero length payload on unprotect. + +------------------------------------------------------------------- Old: ---- libsrtp-1.5.3.tar.gz New: ---- libsrtp-1.5.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsrtp.spec ++++++ --- /var/tmp/diff_new_pack.tD3X5S/_old 2016-03-09 15:15:48.000000000 +0100 +++ /var/tmp/diff_new_pack.tD3X5S/_new 2016-03-09 15:15:48.000000000 +0100 @@ -18,20 +18,21 @@ %define soname 1 Name: libsrtp -Version: 1.5.3 +Version: 1.5.4 Release: 0 Summary: Secure Real-Time Transport Protocol (SRTP) library License: BSD-3-Clause Group: Development/Libraries/C and C++ Url: https://github.com/cisco/libsrtp -#Git-Clone: git://github.com/cisco/libsrtp +#Git-Clone: git://github.com/cisco/libsrtp.git Source: https://github.com/cisco/libsrtp/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz Source99: baselibs.conf BuildRequires: gcc BuildRequires: pkg-config BuildRequires: pkgconfig(openssl) -Provides: srtp = %{version}-%{release} -Obsoletes: srtp < %{version}-%{release} +# srtp was last used in openSUSE 13.1. +Provides: srtp = %{version} +Obsoletes: srtp < %{version} %description The libSRTP library is an open source implementation of the Secure @@ -56,7 +57,8 @@ Summary: Secure Real-Time Transport Protocol (SRTP) library Group: Development/Libraries/C and C++ Requires: %{name}%{soname} = %{version} -Provides: srtp-devel = %{version}-%{release} +# srtp-devel was last used in openSUSE 13.1. +Provides: srtp-devel = %{version} Obsoletes: srtp-devel < %{version} %description devel @@ -81,7 +83,6 @@ # FIXME: Does not work: # --enable-kernel-linux -# Build both shared and static libraries. make shared_library %{?_smp_mflags} %install @@ -115,7 +116,6 @@ done %post -n %{name}%{soname} -p /sbin/ldconfig - %postun -n %{name}%{soname} -p /sbin/ldconfig %files -n %{name}%{soname} ++++++ libsrtp-1.5.3.tar.gz -> libsrtp-1.5.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsrtp-1.5.3/CHANGES new/libsrtp-1.5.4/CHANGES --- old/libsrtp-1.5.3/CHANGES 2015-11-25 16:24:25.000000000 +0100 +++ new/libsrtp-1.5.4/CHANGES 2016-02-02 20:56:49.000000000 +0100 @@ -1,5 +1,11 @@ Changelog +1.5.4 + + Use BE byte ordering of RTCP trailer. + + Allow zero length payload on unprotect. + 1.5.3 Fix for CVE-2015-6360. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsrtp-1.5.3/VERSION new/libsrtp-1.5.4/VERSION --- old/libsrtp-1.5.3/VERSION 2015-11-25 16:24:25.000000000 +0100 +++ new/libsrtp-1.5.4/VERSION 2016-02-02 20:56:49.000000000 +0100 @@ -1 +1 @@ -1.5.3 +1.5.4 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsrtp-1.5.3/configure new/libsrtp-1.5.4/configure --- old/libsrtp-1.5.3/configure 2015-11-25 16:24:25.000000000 +0100 +++ new/libsrtp-1.5.4/configure 2016-02-02 20:56:49.000000000 +0100 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libsrtp 1.5.3. +# Generated by GNU Autoconf 2.69 for libsrtp 1.5.4. # # Report bugs to <https://github.com/cisco/libsrtp/issues>. # @@ -580,8 +580,8 @@ # Identity of this package. PACKAGE_NAME='libsrtp' PACKAGE_TARNAME='libsrtp' -PACKAGE_VERSION='1.5.3' -PACKAGE_STRING='libsrtp 1.5.3' +PACKAGE_VERSION='1.5.4' +PACKAGE_STRING='libsrtp 1.5.4' PACKAGE_BUGREPORT='https://github.com/cisco/libsrtp/issues' PACKAGE_URL='' @@ -1256,7 +1256,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libsrtp 1.5.3 to adapt to many kinds of systems. +\`configure' configures libsrtp 1.5.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1321,7 +1321,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libsrtp 1.5.3:";; + short | recursive ) echo "Configuration of libsrtp 1.5.4:";; esac cat <<\_ACEOF @@ -1414,7 +1414,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libsrtp configure 1.5.3 +libsrtp configure 1.5.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2020,7 +2020,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libsrtp $as_me 1.5.3, which was +It was created by libsrtp $as_me 1.5.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -6516,7 +6516,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libsrtp $as_me 1.5.3, which was +This file was extended by libsrtp $as_me 1.5.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6578,7 +6578,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libsrtp config.status 1.5.3 +libsrtp config.status 1.5.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsrtp-1.5.3/configure.in new/libsrtp-1.5.4/configure.in --- old/libsrtp-1.5.3/configure.in 2015-11-25 16:24:25.000000000 +0100 +++ new/libsrtp-1.5.4/configure.in 2016-02-02 20:56:49.000000000 +0100 @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT([libsrtp], [1.5.3], [https://github.com/cisco/libsrtp/issues]) +AC_INIT([libsrtp], [1.5.4], [https://github.com/cisco/libsrtp/issues]) dnl Must come before AC_PROG_CC if test -z "$CFLAGS"; then diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libsrtp-1.5.3/srtp/srtp.c new/libsrtp-1.5.4/srtp/srtp.c --- old/libsrtp-1.5.3/srtp/srtp.c 2015-11-25 16:24:25.000000000 +0100 +++ new/libsrtp-1.5.4/srtp/srtp.c 2016-02-02 20:56:49.000000000 +0100 @@ -1077,7 +1077,7 @@ srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t*)enc_start; enc_start += (ntohs(xtn_hdr->length) + 1); } - if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len))) + if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len))) return err_status_parse_err; /* * We pass the tag down to the cipher when doing GCM mode @@ -1596,7 +1596,7 @@ srtp_hdr_xtnd_t *xtn_hdr = (srtp_hdr_xtnd_t *)enc_start; enc_start += (ntohs(xtn_hdr->length) + 1); } - if (!((uint8_t*)enc_start < (uint8_t*)hdr + (*pkt_octet_len - tag_len))) + if (!((uint8_t*)enc_start <= (uint8_t*)hdr + (*pkt_octet_len - tag_len))) return err_status_parse_err; enc_octet_len = (uint32_t)(*pkt_octet_len - tag_len - ((uint8_t*)enc_start - (uint8_t*)hdr)); @@ -2379,9 +2379,9 @@ } } /* - * put the idx# into network byte order and process it as AAD + * Process the sequence# as AAD */ - tseq = htonl(*trailer); + tseq = *trailer; status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, sizeof(srtcp_trailer_t)); if (status) { @@ -2530,9 +2530,9 @@ } /* - * put the idx# into network byte order, and process it as AAD + * Process the sequence# as AAD */ - tseq = htonl(*trailer); + tseq = *trailer; status = cipher_set_aad(stream->rtcp_cipher, (uint8_t*)&tseq, sizeof(srtcp_trailer_t)); if (status) {
