Hello community, here is the log from the commit of package libzrtpcpp for openSUSE:Factory checked in at 2017-08-08 11:59:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libzrtpcpp (Old) and /work/SRC/openSUSE:Factory/.libzrtpcpp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzrtpcpp" Tue Aug 8 11:59:16 2017 rev:38 rq:513703 version:4.6.6 Changes: -------- --- /work/SRC/openSUSE:Factory/libzrtpcpp/libzrtpcpp.changes 2016-12-02 16:41:11.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.libzrtpcpp.new/libzrtpcpp.changes 2017-08-08 11:59:18.351463789 +0200 @@ -1,0 +2,7 @@ +Mon Jul 31 22:31:49 UTC 2017 - [email protected] + +- Update to new maintenance release 4.6.6 + * Fix a memory leak, extra buffer length checks added. +- Remove typo.diff (merged) + +------------------------------------------------------------------- Old: ---- V4.6.4.tar.gz typo.diff New: ---- V4.6.6.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libzrtpcpp.spec ++++++ --- /var/tmp/diff_new_pack.xBw82r/_old 2017-08-08 11:59:19.247337611 +0200 +++ /var/tmp/diff_new_pack.xBw82r/_new 2017-08-08 11:59:19.251337048 +0200 @@ -1,7 +1,7 @@ # # spec file for package libzrtpcpp # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ Name: libzrtpcpp %define lname libzrtpcpp4 -Version: 4.6.4 +Version: 4.6.6 Release: 0 Summary: A ccrtp extension for ZRTP support License: GPL-3.0+ @@ -28,7 +28,6 @@ #Git-Clone: git://github.com/wernerd/ZRTPCPP #Git-Web: https://github.com/wernerd/ZRTPCPP Source: https://github.com/wernerd/ZRTPCPP/archive/V%version.tar.gz -Patch1: typo.diff BuildRequires: cmake BuildRequires: gcc-c++ >= 4.7 BuildRequires: pkg-config @@ -38,20 +37,20 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build %description -This library is a GPL licensed extension to the GNU RTP Stack, ccrtp, -that offers compatibility with Phil Zimmermann's zrtp/Zfone voice -encryption, and which can be directly embedded into telephony -applications. +A library that adds RFC6189-compliant ZRTP support to the GNU ccRTP +stack and serves as library for other RTP stacks such as PJSIP and +GStreamer. ZRTP was developed to allow ad-hoc key negotiation to +setup Secure RTP (SRTP) sessions. %package -n %lname Summary: A ccrtp extension for ZRTP support Group: System/Libraries %description -n %lname -This library is a GPL licensed extension to the GNU RTP Stack, ccrtp, -that offers compatibility with Phil Zimmermann's zrtp/Zfone voice -encryption, and which can be directly embedded into telephony -applications. +A library that adds RFC6189-compliant ZRTP support to the GNU ccRTP +stack and serves as library for other RTP stacks such as PJSIP and +GStreamer. ZRTP was developed to allow ad-hoc key negotiation to +setup Secure RTP (SRTP) sessions. %package devel Summary: Headers and link library for libzrtpcpp @@ -60,12 +59,11 @@ Requires: ccrtp-devel >= 2.0.0 %description devel -This package provides the header files, link libraries, and -documentation for building applications that use libzrtpcpp. +This package provides the header files for building applications that +use libzrtpcpp. %prep %setup -qn ZRTPCPP-%version -%patch -P 1 -p1 chmod a-x INSTALL %build @@ -94,8 +92,8 @@ %make_install popd -%post -p /sbin/ldconfig -n %lname -%postun -p /sbin/ldconfig -n %lname +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig %files -n %lname %defattr(-,root,root) ++++++ V4.6.4.tar.gz -> V4.6.6.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.4/CMakeLists.txt new/ZRTPCPP-4.6.6/CMakeLists.txt --- old/ZRTPCPP-4.6.4/CMakeLists.txt 2016-11-10 19:28:11.000000000 +0100 +++ new/ZRTPCPP-4.6.6/CMakeLists.txt 2017-06-02 09:05:34.000000000 +0200 @@ -14,9 +14,9 @@ SET(CPACK_PACKAGE_VERSION_MAJOR 4) SET(CPACK_PACKAGE_VERSION_MINOR 6) -SET(CPACK_PACKAGE_VERSION_PATCH 4) +SET(CPACK_PACKAGE_VERSION_PATCH 6) -set (VERSION 4.6.4) +set (VERSION 4.6.6) set (SOVERSION 4) # Define supported command line parameters. @@ -33,7 +33,7 @@ option(SDES "Include SDES when not building for CCRTP." OFF) option(AXO "Include Axolotl support when not building for CCRTP." OFF) -option(ANDROID "Generate Android makefiles (Android.mk)" ON) +option(ANDROID "Generate Android makefiles (Android.mk)" OFF) option(JAVA "Generate Java support files (requires JDK and SWIG)" OFF) # @@ -155,28 +155,30 @@ endif() -if (SQLITE) - pkg_check_modules(SQLITE3 sqlite3>=3.7) - if (SQLITE3_FOUND) - check_include_files(sqlite3.h HAVE_SQLITE_H) - set(LIBS ${LIBS} -lsqlite3) - MESSAGE(STATUS "Using SQLite based ZRTP cache") - else() - message(FATAL_ERROR "SQLite3 library not found") - endif() -elseif(SQLCIPHER) - pkg_check_modules(SQLCIPHER sqlcipher>=3.7) - if (SQLCIPHER_FOUND) - set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${SQLCIPHER_INCLUDE_DIRS}) - check_include_files(sqlite3.h HAVE_SQLCIPHER_H) - set(LIBS ${LIBS} -lsqlcipher) - MESSAGE(STATUS "Using SQlCipher based ZRTP cache") - add_definitions(-DSQL_CIPHER -DSQLITE_HAS_CODEC) +if (NOT ANDROID) + if (SQLITE) + pkg_check_modules(SQLITE3 sqlite3>=3.7) + if (SQLITE3_FOUND) + check_include_files(sqlite3.h HAVE_SQLITE_H) + set(LIBS ${LIBS} -lsqlite3) + MESSAGE(STATUS "Using SQLite based ZRTP cache") + else() + message(FATAL_ERROR "SQLite3 library not found") + endif() + elseif(SQLCIPHER) + pkg_check_modules(SQLCIPHER sqlcipher>=3.7) + if (SQLCIPHER_FOUND) + set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES} ${SQLCIPHER_INCLUDE_DIRS}) + check_include_files(sqlite3.h HAVE_SQLCIPHER_H) + set(LIBS ${LIBS} -lsqlcipher) + MESSAGE(STATUS "Using SQlCipher based ZRTP cache") + add_definitions(-DSQL_CIPHER -DSQLITE_HAS_CODEC) + else() + message(FATAL_ERROR "SQLCipher library not found") + endif() else() - message(FATAL_ERROR "SQLCipher library not found") + MESSAGE(STATUS "Using file based ZRTP cache") endif() -else() - MESSAGE(STATUS "Using file based ZRTP cache") endif() # necessary and required modules checked, ready to generate config.h in top-level build directory @@ -184,14 +186,11 @@ add_definitions(-g -O2 -fno-strict-aliasing) if(CMAKE_COMPILER_IS_GNUCXX) -# add_definitions(-Wno-long-long -Wno-char-subscripts) -# add_definitions(-Wall -ansi -pedantic) -# add_definitions(-Wall -pedantic) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -pedantic -std=c99") - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -pedantic -std=c++11") add_definitions(-DNEW_STDCPP) endif() +set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -pedantic -std=c++11") + if (AXO) add_definitions(-DAXO_SUPPORT) endif() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.4/NEWS.md new/ZRTPCPP-4.6.6/NEWS.md --- old/ZRTPCPP-4.6.4/NEWS.md 2016-11-10 19:28:11.000000000 +0100 +++ new/ZRTPCPP-4.6.6/NEWS.md 2017-06-02 09:05:34.000000000 +0200 @@ -1,3 +1,15 @@ +## GNU ZRTP 4.6.6 ## + +Small fix in zrtp/crypto/zrtpDh.cpp to fix a small memory leak. + + +## GNU ZRTP 4.6.5 ## + +Cleanup compiler flags, reduce visibility for Android build, +check some buffer length. No functional enhancements, no changes +in API. + + ## GNU ZRTP 4.6.4 ## Some fixes to slience Windows C/C++ compiler, fix a few include diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.4/buildNativeAndroidTivi.sh new/ZRTPCPP-4.6.6/buildNativeAndroidTivi.sh --- old/ZRTPCPP-4.6.4/buildNativeAndroidTivi.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/ZRTPCPP-4.6.6/buildNativeAndroidTivi.sh 2017-06-02 09:05:34.000000000 +0200 @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +# This script builds the specific variant of zrtpcpp as used by Silent Phone +# on Android. The script always runs on a clean build directory and copies +# the resulting static library to the SPA jni directory. +# The script requires some environment variables which are either set by the +# build system (Jenkins for example) or by a shell script that call this script. + +set -x + +if [ ! -d "${WORKSPACE}/silentphone2" ]; then + echo '***** Variable WORKSPACE does not point to correct directory *****' + exit 1 +fi + +if [ "x$ANDROID_NDK" = "x" ]; then + echo '***** Variable ANDROID_NDK not set *****' + exit 1 +fi + +#if [ "x$SC_BUILD_TYPE" = "xDEVELOP" ]; then +# BUILD_TYPE=Debug +# echo "*** building develop configuration" +#else +# BUILD_TYPE="Release" +# echo "*** building release configuration" +#fi + +# remove old build dir and files that may hang around after an unsuccessful build +rm -rf buildTiviAndroid +rm -f buildinfo_*.c + +mkdir buildTiviAndroid +pushd buildTiviAndroid + +cmake -DTIVI=true -DBUILD_STATIC=true -DAXO=true -DANDROID=true .. # -DCMAKE_BUILD_TYPE=$BUILD_TYPE .. + +pushd clients/tivi/android + +if ndk-build; then + echo "ZRTPCPP Android build OK." +else + echo "ZRTPCPP Android build failed!" + exit 1 +fi + +cp obj/local/armeabi-v7a/libzrtpcpp.a ${WORKSPACE}/silentphone2/jni/armeabi-v7a/ + +popd +popd + +# remove build dir and generated temporary files +rm -rf buildTiviAndroid +rm buildinfo_*.c + +exit 0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.4/clients/ccrtp/ZrtpQueue.h new/ZRTPCPP-4.6.6/clients/ccrtp/ZrtpQueue.h --- old/ZRTPCPP-4.6.4/clients/ccrtp/ZrtpQueue.h 2016-11-10 19:28:11.000000000 +0100 +++ new/ZRTPCPP-4.6.6/clients/ccrtp/ZrtpQueue.h 2017-06-02 09:05:34.000000000 +0200 @@ -430,7 +430,7 @@ * * @see setMultiStrParams() */ - DEPRECATED std::string getMultiStrParams() {return getMultiStrParams(NULL); } + DEPRECATED_ZRTP std::string getMultiStrParams() {return getMultiStrParams(NULL); } /** * Set Multi-stream parameters. @@ -450,7 +450,7 @@ * * @see getMultiStrParams() */ - DEPRECATED void setMultiStrParams(std::string parameters) { setMultiStrParams(parameters, NULL);} + DEPRECATED_ZRTP void setMultiStrParams(std::string parameters) { setMultiStrParams(parameters, NULL);} /** * Get Multi-stream parameters. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.4/clients/tivi/android/jni/Android.mk new/ZRTPCPP-4.6.6/clients/tivi/android/jni/Android.mk --- old/ZRTPCPP-4.6.4/clients/tivi/android/jni/Android.mk 2016-11-10 19:28:11.000000000 +0100 +++ new/ZRTPCPP-4.6.6/clients/tivi/android/jni/Android.mk 2017-06-02 09:05:34.000000000 +0200 @@ -28,7 +28,10 @@ $(ROOT_SRC_PATH)/clients/tivi $(ROOT_SRC_PATH)/clients/tivi/android/jni/@sql_include@ LOCAL_CFLAGS := -DSUPPORT_NON_NIST @sql_cipher_define@ -LOCAL_CFLAGS += @axo_support@ + +# For this Android build we can set the visibility to hidden. Access to ZRTP is only inside +# the shared lib that we build later for Silent Phone. +LOCAL_CFLAGS += @axo_support@ -fvisibility=hidden -fvisibility-inlines-hidden LOCAL_SRC_FILES := buildinfo_$(TARGET_ARCH_ABI).c LOCAL_SRC_FILES += @sqlite_src@ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.4/zrtp/crypto/openssl/zrtpDH.cpp new/ZRTPCPP-4.6.6/zrtp/crypto/openssl/zrtpDH.cpp --- old/ZRTPCPP-4.6.4/zrtp/crypto/openssl/zrtpDH.cpp 2016-11-10 19:28:11.000000000 +0100 +++ new/ZRTPCPP-4.6.6/zrtp/crypto/openssl/zrtpDH.cpp 2017-06-02 09:05:34.000000000 +0200 @@ -276,9 +276,12 @@ return DH_compute_key(secret, tmpCtx->pub_key, tmpCtx); } if (pkType == EC25 || pkType == EC38) { - uint8_t buffer[100]; + uint8_t buffer[200]; int32_t ret; int32_t len = getPubKeySize(); + if (len+1 > sizeof(buffer)) { + return -1; + } buffer[0] = POINT_CONVERSION_UNCOMPRESSED; memcpy(buffer+1, pubKeyBytes, len); @@ -341,11 +344,11 @@ return BN_bn2bin(static_cast<DH*>(ctx)->pub_key, buf + prepend); } if (pkType == EC25 || pkType == EC38) { - uint8_t buffer[100]; + uint8_t buffer[200]; int len = EC_POINT_point2oct(EC_KEY_get0_group(static_cast<EC_KEY*>(ctx)), EC_KEY_get0_public_key(static_cast<EC_KEY*>(ctx)), - POINT_CONVERSION_UNCOMPRESSED, buffer, 100, NULL); + POINT_CONVERSION_UNCOMPRESSED, buffer, 200, NULL); memcpy(buf, buffer+1, len-1); return len-1; } @@ -355,10 +358,13 @@ int32_t ZrtpDH::checkPubKey(uint8_t *pubKeyBytes) const { if (pkType == EC25 || pkType == EC38) { - uint8_t buffer[100]; + uint8_t buffer[200]; int32_t ret; int32_t len = getPubKeySize(); + if (len+1 > sizeof(buffer)) { + return 0; + } buffer[0] = POINT_CONVERSION_UNCOMPRESSED; memcpy(buffer+1, pubKeyBytes, len); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.4/zrtp/crypto/zrtpDH.cpp new/ZRTPCPP-4.6.6/zrtp/crypto/zrtpDH.cpp --- old/ZRTPCPP-4.6.4/zrtp/crypto/zrtpDH.cpp 2016-11-10 19:28:11.000000000 +0100 +++ new/ZRTPCPP-4.6.6/zrtp/crypto/zrtpDH.cpp 2017-06-02 09:05:34.000000000 +0200 @@ -186,8 +186,8 @@ uint8_t random[64]; - ctx = static_cast<void*>(new dhCtx); - dhCtx* tmpCtx = static_cast<dhCtx*>(ctx); + dhCtx* tmpCtx = new dhCtx; + ctx = static_cast<void*>(tmpCtx); // Well - the algo type is only 4 char thus cast to int32 and compare if (*(int32_t*)type == *(int32_t*)dh2k) { @@ -289,6 +289,8 @@ ecFreeCurvesCurve(&tmpCtx->curve); break; } + delete tmpCtx; + ctx = nullptr; } int32_t ZrtpDH::computeSecretKey(uint8_t *pubKeyBytes, uint8_t *secret) {
