[arch-commits] Commit in libsrtp/trunk (2 files)
Date: Tuesday, February 23, 2016 @ 13:20:33 Author: heftig Revision: 260182 1.5.4 (2.0.0 is API-incompatible) Modified: libsrtp/trunk/PKGBUILD Deleted: libsrtp/trunk/7713d5706524f9f1ee94fd6b55125357e63656d5.patch + 7713d5706524f9f1ee94fd6b55125357e63656d5.patch | 116 --- PKGBUILD | 43 +++- 2 files changed, 18 insertions(+), 141 deletions(-) Deleted: 7713d5706524f9f1ee94fd6b55125357e63656d5.patch === --- 7713d5706524f9f1ee94fd6b55125357e63656d5.patch 2016-02-23 12:20:02 UTC (rev 260181) +++ 7713d5706524f9f1ee94fd6b55125357e63656d5.patch 2016-02-23 12:20:33 UTC (rev 260182) @@ -1,116 +0,0 @@ -From 8884f4d8eb4ca7122dfcbd640b933b98ef4bab80 Mon Sep 17 00:00:00 2001 -From: jfigus-Date: Thu, 30 May 2013 12:36:07 -0400 -Subject: [PATCH 1/3] Remove double-invocations to prevent buffer-overflow - vulnerability. - - srtp/srtp.c | 5 - - 1 file changed, 5 deletions(-) - -diff --git a/srtp/srtp.c b/srtp/srtp.c -index 839c1ee..41e263c 100644 a/srtp/srtp.c -+++ b/srtp/srtp.c -@@ -2063,23 +2063,18 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) - switch(profile) { - case srtp_profile_aes128_cm_sha1_80: - crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); --crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); - break; - case srtp_profile_aes128_cm_sha1_32: - crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); --crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); - break; - case srtp_profile_null_sha1_80: - crypto_policy_set_null_cipher_hmac_sha1_80(policy); --crypto_policy_set_null_cipher_hmac_sha1_80(policy); - break; - case srtp_profile_aes256_cm_sha1_80: - crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); --crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); - break; - case srtp_profile_aes256_cm_sha1_32: - crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); --crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); - break; - /* the following profiles are not (yet) supported */ - case srtp_profile_null_sha1_32: --- -1.8.5.1 - - -From 8e47faf0f5b90672c7ebf2f0cf0562ee81a8b621 Mon Sep 17 00:00:00 2001 -From: jfigus -Date: Thu, 30 May 2013 13:36:33 -0400 -Subject: [PATCH 2/3] Fix 32-bit tag policies to use correct profile. - - srtp/srtp.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/srtp/srtp.c b/srtp/srtp.c -index 41e263c..95c1ab4 100644 a/srtp/srtp.c -+++ b/srtp/srtp.c -@@ -2095,7 +2095,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) - crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); - break; - case srtp_profile_aes128_cm_sha1_32: --crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); -+crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); - break; - case srtp_profile_null_sha1_80: - crypto_policy_set_null_cipher_hmac_sha1_80(policy); -@@ -2104,7 +2104,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) - crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); - break; - case srtp_profile_aes256_cm_sha1_32: --crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); -+crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); - break; - /* the following profiles are not (yet) supported */ - case srtp_profile_null_sha1_32: --- -1.8.5.1 - - -From 0acbb039c12b790621839facf56bfedbd071b74d Mon Sep 17 00:00:00 2001 -From: jfigus -Date: Thu, 30 May 2013 16:47:02 -0400 -Subject: [PATCH 3/3] Undo the changes to the RTCP profile helper function. - The prior commit was not compliant with RFC 3711. - - srtp/srtp.c | 8 ++-- - 1 file changed, 6 insertions(+), 2 deletions(-) - -diff --git a/srtp/srtp.c b/srtp/srtp.c -index 95c1ab4..7fd19e6 100644 a/srtp/srtp.c -+++ b/srtp/srtp.c -@@ -2095,7 +2095,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) - crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); - break; - case srtp_profile_aes128_cm_sha1_32: --crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); -+/* We do not honor the 32-bit auth tag request since -+ * this is not compliant with RFC 3711 */ -+crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); - break; - case srtp_profile_null_sha1_80: - crypto_policy_set_null_cipher_hmac_sha1_80(policy); -@@ -2104,7 +2106,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) - crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); - break; - case srtp_profile_aes256_cm_sha1_32: --crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); -+/* We do not honor the 32-bit auth tag request since -+ * this is not compliant with RFC 3711 */ -+
[arch-commits] Commit in libsrtp/trunk (2 files)
Date: Friday, February 7, 2014 @ 00:18:56 Author: eric Revision: 205551 upgpkg: libsrtp 15.1c9bd90-3 Add security fix (close FS#38422) Added: libsrtp/trunk/7713d5706524f9f1ee94fd6b55125357e63656d5.patch Modified: libsrtp/trunk/PKGBUILD + 7713d5706524f9f1ee94fd6b55125357e63656d5.patch | 116 +++ PKGBUILD | 12 +- 2 files changed, 125 insertions(+), 3 deletions(-) Added: 7713d5706524f9f1ee94fd6b55125357e63656d5.patch === --- 7713d5706524f9f1ee94fd6b55125357e63656d5.patch (rev 0) +++ 7713d5706524f9f1ee94fd6b55125357e63656d5.patch 2014-02-06 23:18:56 UTC (rev 205551) @@ -0,0 +1,116 @@ +From 8884f4d8eb4ca7122dfcbd640b933b98ef4bab80 Mon Sep 17 00:00:00 2001 +From: jfigus jfig...@yahoo.com +Date: Thu, 30 May 2013 12:36:07 -0400 +Subject: [PATCH 1/3] Remove double-invocations to prevent buffer-overflow + vulnerability. + +--- + srtp/srtp.c | 5 - + 1 file changed, 5 deletions(-) + +diff --git a/srtp/srtp.c b/srtp/srtp.c +index 839c1ee..41e263c 100644 +--- a/srtp/srtp.c b/srtp/srtp.c +@@ -2063,23 +2063,18 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + switch(profile) { + case srtp_profile_aes128_cm_sha1_80: + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); +-crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: + crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); +-crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +-crypto_policy_set_null_cipher_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_80: + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); +-crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: + crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); +-crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: +-- +1.8.5.1 + + +From 8e47faf0f5b90672c7ebf2f0cf0562ee81a8b621 Mon Sep 17 00:00:00 2001 +From: jfigus jfig...@yahoo.com +Date: Thu, 30 May 2013 13:36:33 -0400 +Subject: [PATCH 2/3] Fix 32-bit tag policies to use correct profile. + +--- + srtp/srtp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/srtp/srtp.c b/srtp/srtp.c +index 41e263c..95c1ab4 100644 +--- a/srtp/srtp.c b/srtp/srtp.c +@@ -2095,7 +2095,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +-crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); ++crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +@@ -2104,7 +2104,7 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +-crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); ++crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); + break; + /* the following profiles are not (yet) supported */ + case srtp_profile_null_sha1_32: +-- +1.8.5.1 + + +From 0acbb039c12b790621839facf56bfedbd071b74d Mon Sep 17 00:00:00 2001 +From: jfigus jfig...@yahoo.com +Date: Thu, 30 May 2013 16:47:02 -0400 +Subject: [PATCH 3/3] Undo the changes to the RTCP profile helper function. + The prior commit was not compliant with RFC 3711. + +--- + srtp/srtp.c | 8 ++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/srtp/srtp.c b/srtp/srtp.c +index 95c1ab4..7fd19e6 100644 +--- a/srtp/srtp.c b/srtp/srtp.c +@@ -2095,7 +2095,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_aes128_cm_sha1_32: +-crypto_policy_set_aes_cm_128_hmac_sha1_32(policy); ++/* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ ++crypto_policy_set_aes_cm_128_hmac_sha1_80(policy); + break; + case srtp_profile_null_sha1_80: + crypto_policy_set_null_cipher_hmac_sha1_80(policy); +@@ -2104,7 +2106,9 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length) + crypto_policy_set_aes_cm_256_hmac_sha1_80(policy); + break; + case srtp_profile_aes256_cm_sha1_32: +-crypto_policy_set_aes_cm_256_hmac_sha1_32(policy); ++/* We do not honor the 32-bit auth tag request since ++ * this is not compliant with RFC 3711 */ ++