Date: Friday, February 7, 2014 @ 00:19:34 Author: eric Revision: 205552
archrelease: copy trunk to extra-i686, extra-x86_64 Added: libsrtp/repos/extra-i686/7713d5706524f9f1ee94fd6b55125357e63656d5.patch (from rev 205551, libsrtp/trunk/7713d5706524f9f1ee94fd6b55125357e63656d5.patch) libsrtp/repos/extra-i686/PKGBUILD (from rev 205551, libsrtp/trunk/PKGBUILD) libsrtp/repos/extra-x86_64/7713d5706524f9f1ee94fd6b55125357e63656d5.patch (from rev 205551, libsrtp/trunk/7713d5706524f9f1ee94fd6b55125357e63656d5.patch) libsrtp/repos/extra-x86_64/PKGBUILD (from rev 205551, libsrtp/trunk/PKGBUILD) Deleted: libsrtp/repos/extra-i686/PKGBUILD libsrtp/repos/extra-x86_64/PKGBUILD -------------------------------------------------------------+ /PKGBUILD | 84 +++++++ extra-i686/7713d5706524f9f1ee94fd6b55125357e63656d5.patch | 116 ++++++++++ extra-i686/PKGBUILD | 36 --- extra-x86_64/7713d5706524f9f1ee94fd6b55125357e63656d5.patch | 116 ++++++++++ extra-x86_64/PKGBUILD | 36 --- 5 files changed, 316 insertions(+), 72 deletions(-) Copied: libsrtp/repos/extra-i686/7713d5706524f9f1ee94fd6b55125357e63656d5.patch (from rev 205551, libsrtp/trunk/7713d5706524f9f1ee94fd6b55125357e63656d5.patch) =================================================================== --- extra-i686/7713d5706524f9f1ee94fd6b55125357e63656d5.patch (rev 0) +++ extra-i686/7713d5706524f9f1ee94fd6b55125357e63656d5.patch 2014-02-06 23:19:34 UTC (rev 205552) @@ -0,0 +1,116 @@ +From 8884f4d8eb4ca7122dfcbd640b933b98ef4bab80 Mon Sep 17 00:00:00 2001 +From: jfigus <jfig...@yahoo.com> +Date: Thu, 30 May 2013 12:36:07 -0400 +Subject: [PATCH 1/3] Remove double-invocations to prevent buffer-overflow + vulnerability. + +--- + srtp/srtp.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/srtp/srtp.c b/srtp/srtp.c +index 839c1ee..41e263c 100644 +--- a/srtp/srtp.c ++++ b/srtp/srtp.c +@@ -2063,23 +2063,18 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + switch(profile) { + case srtp_profile_aes128_cm_sha1_80: + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: + crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +- crypto_policy_set_null_cipher_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_80: + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: + crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: +-- +1.8.5.1 + + +From 8e47faf0f5b90672c7ebf2f0cf0562ee81a8b621 Mon Sep 17 00:00:00 2001 +From: jfigus <jfig...@yahoo.com> +Date: Thu, 30 May 2013 13:36:33 -0400 +Subject: [PATCH 2/3] Fix 32-bit tag policies to use correct profile. + +--- + srtp/srtp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/srtp/srtp.c b/srtp/srtp.c +index 41e263c..95c1ab4 100644 +--- a/srtp/srtp.c ++++ b/srtp/srtp.c +@@ -2095,7 +2095,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); ++ crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +@@ -2104,7 +2104,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); ++ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: +-- +1.8.5.1 + + +From 0acbb039c12b790621839facf56bfedbd071b74d Mon Sep 17 00:00:00 2001 +From: jfigus <jfig...@yahoo.com> +Date: Thu, 30 May 2013 16:47:02 -0400 +Subject: [PATCH 3/3] Undo the changes to the RTCP profile helper function. + The prior commit was not compliant with RFC 3711. + +--- + srtp/srtp.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/srtp/srtp.c b/srtp/srtp.c +index 95c1ab4..7fd19e6 100644 +--- a/srtp/srtp.c ++++ b/srtp/srtp.c +@@ -2095,7 +2095,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); ++ /* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ ++ crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +@@ -2104,7 +2106,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); ++ /* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ ++ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: +-- +1.8.5.1 + Deleted: extra-i686/PKGBUILD =================================================================== --- extra-i686/PKGBUILD 2014-02-06 23:18:56 UTC (rev 205551) +++ extra-i686/PKGBUILD 2014-02-06 23:19:34 UTC (rev 205552) @@ -1,36 +0,0 @@ -# $Id$ -# Maintainer: -# Contributor: Sergej Pupykin <pupykin.s+a...@gmail.com> -# Contributor: Yejun Yang <yejunx AT gmail DOT com> -# Contributor: Michal Krenek <mi...@sg1.cz> - -pkgname=libsrtp -pkgver=15.1c9bd90 -pkgrel=2 -pkgdesc="Open-source implementation of the Secure Real-time Transport Protocol (SRTP)" -url="http://srtp.sourceforge.net/srtp.html" -arch=('i686' 'x86_64') -license=('BSD') -depends=('glibc') -makedepends=('git') -source=("git://git.linphone.org/srtp.git#commit=1c9bd90") -md5sums=('SKIP') - -pkgver() { - cd srtp - echo $(git rev-list --count HEAD).$(git rev-parse --short HEAD) -} - -build() { - cd srtp - autoconf - ./configure --prefix=/usr - make -} - -package() { - cd srtp - make DESTDIR="${pkgdir}" install - - install -Dm0644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE -} Copied: libsrtp/repos/extra-i686/PKGBUILD (from rev 205551, libsrtp/trunk/PKGBUILD) =================================================================== --- extra-i686/PKGBUILD (rev 0) +++ extra-i686/PKGBUILD 2014-02-06 23:19:34 UTC (rev 205552) @@ -0,0 +1,42 @@ +# $Id$ +# Maintainer: +# Contributor: Sergej Pupykin <pupykin.s+a...@gmail.com> +# Contributor: Yejun Yang <yejunx AT gmail DOT com> +# Contributor: Michal Krenek <mi...@sg1.cz> + +pkgname=libsrtp +pkgver=15.1c9bd90 +pkgrel=3 +pkgdesc="Open-source implementation of the Secure Real-time Transport Protocol (SRTP)" +url="http://srtp.sourceforge.net/srtp.html" +arch=('i686' 'x86_64') +license=('BSD') +depends=('glibc') +makedepends=('git') +source=("git://git.linphone.org/srtp.git#commit=1c9bd90" 7713d5706524f9f1ee94fd6b55125357e63656d5.patch) +md5sums=('SKIP' + '33b3ba860560a4d9dee244caf73eceef') + +pkgver() { + cd srtp + echo $(git rev-list --count HEAD).$(git rev-parse --short HEAD) +} + +prepare() { + cd srtp + patch -p1 -i ../7713d5706524f9f1ee94fd6b55125357e63656d5.patch +} + +build() { + cd srtp + autoconf + ./configure --prefix=/usr + make +} + +package() { + cd srtp + make DESTDIR="${pkgdir}" install + + install -Dm0644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE +} Copied: libsrtp/repos/extra-x86_64/7713d5706524f9f1ee94fd6b55125357e63656d5.patch (from rev 205551, libsrtp/trunk/7713d5706524f9f1ee94fd6b55125357e63656d5.patch) =================================================================== --- extra-x86_64/7713d5706524f9f1ee94fd6b55125357e63656d5.patch (rev 0) +++ extra-x86_64/7713d5706524f9f1ee94fd6b55125357e63656d5.patch 2014-02-06 23:19:34 UTC (rev 205552) @@ -0,0 +1,116 @@ +From 8884f4d8eb4ca7122dfcbd640b933b98ef4bab80 Mon Sep 17 00:00:00 2001 +From: jfigus <jfig...@yahoo.com> +Date: Thu, 30 May 2013 12:36:07 -0400 +Subject: [PATCH 1/3] Remove double-invocations to prevent buffer-overflow + vulnerability. + +--- + srtp/srtp.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/srtp/srtp.c b/srtp/srtp.c +index 839c1ee..41e263c 100644 +--- a/srtp/srtp.c ++++ b/srtp/srtp.c +@@ -2063,23 +2063,18 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + switch(profile) { + case srtp_profile_aes128_cm_sha1_80: + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: + crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +- crypto_policy_set_null_cipher_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_80: + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: + crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: +-- +1.8.5.1 + + +From 8e47faf0f5b90672c7ebf2f0cf0562ee81a8b621 Mon Sep 17 00:00:00 2001 +From: jfigus <jfig...@yahoo.com> +Date: Thu, 30 May 2013 13:36:33 -0400 +Subject: [PATCH 2/3] Fix 32-bit tag policies to use correct profile. + +--- + srtp/srtp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/srtp/srtp.c b/srtp/srtp.c +index 41e263c..95c1ab4 100644 +--- a/srtp/srtp.c ++++ b/srtp/srtp.c +@@ -2095,7 +2095,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); ++ crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +@@ -2104,7 +2104,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); ++ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: +-- +1.8.5.1 + + +From 0acbb039c12b790621839facf56bfedbd071b74d Mon Sep 17 00:00:00 2001 +From: jfigus <jfig...@yahoo.com> +Date: Thu, 30 May 2013 16:47:02 -0400 +Subject: [PATCH 3/3] Undo the changes to the RTCP profile helper function. + The prior commit was not compliant with RFC 3711. + +--- + srtp/srtp.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/srtp/srtp.c b/srtp/srtp.c +index 95c1ab4..7fd19e6 100644 +--- a/srtp/srtp.c ++++ b/srtp/srtp.c +@@ -2095,7 +2095,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +- crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); ++ /* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ ++ crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +@@ -2104,7 +2106,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +- crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); ++ /* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ ++ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: +-- +1.8.5.1 + Deleted: extra-x86_64/PKGBUILD =================================================================== --- extra-x86_64/PKGBUILD 2014-02-06 23:18:56 UTC (rev 205551) +++ extra-x86_64/PKGBUILD 2014-02-06 23:19:34 UTC (rev 205552) @@ -1,36 +0,0 @@ -# $Id$ -# Maintainer: -# Contributor: Sergej Pupykin <pupykin.s+a...@gmail.com> -# Contributor: Yejun Yang <yejunx AT gmail DOT com> -# Contributor: Michal Krenek <mi...@sg1.cz> - -pkgname=libsrtp -pkgver=15.1c9bd90 -pkgrel=2 -pkgdesc="Open-source implementation of the Secure Real-time Transport Protocol (SRTP)" -url="http://srtp.sourceforge.net/srtp.html" -arch=('i686' 'x86_64') -license=('BSD') -depends=('glibc') -makedepends=('git') -source=("git://git.linphone.org/srtp.git#commit=1c9bd90") -md5sums=('SKIP') - -pkgver() { - cd srtp - echo $(git rev-list --count HEAD).$(git rev-parse --short HEAD) -} - -build() { - cd srtp - autoconf - ./configure --prefix=/usr - make -} - -package() { - cd srtp - make DESTDIR="${pkgdir}" install - - install -Dm0644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE -} Copied: libsrtp/repos/extra-x86_64/PKGBUILD (from rev 205551, libsrtp/trunk/PKGBUILD) =================================================================== --- extra-x86_64/PKGBUILD (rev 0) +++ extra-x86_64/PKGBUILD 2014-02-06 23:19:34 UTC (rev 205552) @@ -0,0 +1,42 @@ +# $Id$ +# Maintainer: +# Contributor: Sergej Pupykin <pupykin.s+a...@gmail.com> +# Contributor: Yejun Yang <yejunx AT gmail DOT com> +# Contributor: Michal Krenek <mi...@sg1.cz> + +pkgname=libsrtp +pkgver=15.1c9bd90 +pkgrel=3 +pkgdesc="Open-source implementation of the Secure Real-time Transport Protocol (SRTP)" +url="http://srtp.sourceforge.net/srtp.html" +arch=('i686' 'x86_64') +license=('BSD') +depends=('glibc') +makedepends=('git') +source=("git://git.linphone.org/srtp.git#commit=1c9bd90" 7713d5706524f9f1ee94fd6b55125357e63656d5.patch) +md5sums=('SKIP' + '33b3ba860560a4d9dee244caf73eceef') + +pkgver() { + cd srtp + echo $(git rev-list --count HEAD).$(git rev-parse --short HEAD) +} + +prepare() { + cd srtp + patch -p1 -i ../7713d5706524f9f1ee94fd6b55125357e63656d5.patch +} + +build() { + cd srtp + autoconf + ./configure --prefix=/usr + make +} + +package() { + cd srtp + make DESTDIR="${pkgdir}" install + + install -Dm0644 LICENSE "${pkgdir}"/usr/share/licenses/${pkgname}/LICENSE +}