commit 3cdbd92fb7cc3ac47cfcc4f8ffe5faefdb8325026c59b8de0fb2066a53816ac4 Author: Adrian Schröter Date: Fri May 3 15:55:16 2024 +0200 Sync from SUSE:SLFO:Main libsrtp2 revision 57eeb360a2ad78f0c0ca783aefcdbc0e diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..bf31741 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1 @@ +libsrtp2-1 diff --git a/libsrtp2-test-verbose.patch b/libsrtp2-test-verbose.patch new file mode 100644 index 0000000..32b9054 --- /dev/null +++ b/libsrtp2-test-verbose.patch @@ -0,0 +1,63 @@ +Description: Avoid runtest silencing its output +Author: Victor Seva +Origin: vendor, http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;bug=460534 +Bug-Debian: http://bugs.debian.org/460534 +Last-Update: 2016-03-15 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/Makefile.in ++++ b/Makefile.in +@@ -44,24 +44,24 @@ + + runtest: test + @echo "running libsrtp2 test applications..." +- $(FIND_LIBRARIES) crypto/test/cipher_driver$(EXE) -v >/dev/null +- $(FIND_LIBRARIES) crypto/test/kernel_driver$(EXE) -v >/dev/null +- $(FIND_LIBRARIES) test/test_srtp$(EXE) >/dev/null +- $(FIND_LIBRARIES) test/rdbx_driver$(EXE) -v >/dev/null +- $(FIND_LIBRARIES) test/srtp_driver$(EXE) -v >/dev/null +- $(FIND_LIBRARIES) test/roc_driver$(EXE) -v >/dev/null +- $(FIND_LIBRARIES) test/replay_driver$(EXE) -v >/dev/null +- cd test; $(CRYPTO_LIBDIR_FORWARD) $(abspath $(srcdir))/test/rtpw_test.sh -w $(abspath $(srcdir))/test/words.txt >/dev/null ++ $(FIND_LIBRARIES) crypto/test/cipher_driver$(EXE) -v ++ $(FIND_LIBRARIES) crypto/test/kernel_driver$(EXE) -v ++ $(FIND_LIBRARIES) test/test_srtp$(EXE) ++ $(FIND_LIBRARIES) test/rdbx_driver$(EXE) -v ++ $(FIND_LIBRARIES) test/srtp_driver$(EXE) -v ++ $(FIND_LIBRARIES) test/roc_driver$(EXE) -v ++ $(FIND_LIBRARIES) test/replay_driver$(EXE) -v ++ cd test; $(CRYPTO_LIBDIR_FORWARD) $(abspath $(srcdir))/test/rtpw_test.sh -w $(abspath $(srcdir))/test/words.txt + ifeq (1, $(USE_EXTERNAL_CRYPTO)) +- cd test; $(CRYPTO_LIBDIR_FORWARD) $(abspath $(srcdir))/test/rtpw_test_gcm.sh -w $(abspath $(srcdir))/test/words.txt >/dev/null ++ cd test; $(CRYPTO_LIBDIR_FORWARD) $(abspath $(srcdir))/test/rtpw_test_gcm.sh -w $(abspath $(srcdir))/test/words.txt + endif + @echo "libsrtp2 test applications passed." + $(MAKE) -C crypto runtest + + runtest-valgrind: test + @echo "running libsrtp2 test applications... (valgrind)" +- valgrind --error-exitcode=1 --leak-check=full test/test_srtp$(EXE) -v >/dev/null +- valgrind --error-exitcode=1 --leak-check=full test/srtp_driver$(EXE) -v >/dev/null ++ valgrind --error-exitcode=1 --leak-check=full test/test_srtp$(EXE) -v ++ valgrind --error-exitcode=1 --leak-check=full test/srtp_driver$(EXE) -v + @echo "libsrtp2 test applications passed. (valgrind)" + + # makefile variables +--- a/crypto/Makefile.in ++++ b/crypto/Makefile.in +@@ -86,11 +86,11 @@ + ifneq (1, $(USE_EXTERNAL_CRYPTO)) + $(FIND_LIBRARIES) test `test/aes_calc $(k128) $(p128)` = $(c128) + $(FIND_LIBRARIES) test `test/aes_calc $(k256) $(p256)` = $(c256) +- $(FIND_LIBRARIES) test/sha1_driver$(EXE) -v >/dev/null ++ $(FIND_LIBRARIES) test/sha1_driver$(EXE) -v + endif +- $(FIND_LIBRARIES) test/cipher_driver$(EXE) -v >/dev/null +- $(FIND_LIBRARIES) test/datatypes_driver$(EXE) -v >/dev/null +- $(FIND_LIBRARIES) test/kernel_driver$(EXE) -v >/dev/null ++ $(FIND_LIBRARIES) test/cipher_driver$(EXE) -v ++ $(FIND_LIBRARIES) test/datatypes_driver$(EXE) -v ++ $(FIND_LIBRARIES) test/kernel_driver$(EXE) -v + @echo "crypto test applications passed." + + diff --git a/libsrtp2.changes b/libsrtp2.changes new file mode 100644 index 0000000..f39e7bd --- /dev/null +++ b/libsrtp2.changes @@ -0,0 +1,205 @@ +------------------------------------------------------------------- +Tue Apr 25 12:33:30 UTC 2023 - Pedro Monreal + +- Enable running the regression tests: + * Add libsrtp2-test-verbose.patch from the debian folks: + https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=460534 + +------------------------------------------------------------------- +Wed Feb 1 11:25:03 UTC 2023 - Jan Engelhardt + +- Update to release 2.5.0 + * No changelog provided; some unspecified crypto updates occurred. + +------------------------------------------------------------------- +Wed May 4 12:39:03 UTC 2022 - Jan Engelhardt + +- Remove include header editing; the issue once present in + libsrtp 2.0.0 seems reasonably resolved in current 2.4.2 + [boo#1198887] + +------------------------------------------------------------------- +Tue Sep 21 19:13:21 UTC 2021 - Jan Engelhardt + +- Update to release 2.4.2 + * Fixes an unspecified regression introduced in 2.4.1 + +------------------------------------------------------------------- +Thu Sep 9 21:37:57 UTC 2021 - Jan Engelhardt + +- Update to release 2.4.1 + * Use a full-length key even with null ciphers + +------------------------------------------------------------------- +Sat Aug 14 15:34:08 UTC 2021 - Jan Engelhardt + +- Update to release 2.4.0 + * Remove EKT files, this was never completed and the draft has + since changed. +- Remove 0001-Adjust-.pc-file-not-to-expose-used-crypto-library.patch + (merged) + +------------------------------------------------------------------- +Sat May 15 00:27:16 UTC 2021 - Jan Engelhardt + +- Add 0001-Adjust-.pc-file-not-to-expose-used-crypto-library.patch + [boo#1185931] + +------------------------------------------------------------------- +Sun Sep 6 13:11:40 UTC 2020 - Jan Engelhardt + +- Update to release 2.3.0 + * Changes to build system: fuzzer for libsrtp, NSS + as optional crypto back end and cmake build support. + +------------------------------------------------------------------- +Thu Aug 15 05:06:14 UTC 2019 - Jan Engelhardt + +- Update to new upstream release 2.2.0 + * Stylistic code changes only. + +------------------------------------------------------------------- +Tue Aug 1 12:31:16 UTC 2017 - jengelh@inai.de + +- Update to new upstream release 2.1.0 + * Cipher type cleanup for AES. When libSRTP is compiled with + OpenSSL and the AES 256 ICM cipher is used with RTCP, an + incorrect initialization vector is formed. This change will + break backwards compatibility with older versions (1.5, 2.0) + of libSRTP when using the AES 256 ICM cipher with OpenSSL for + RTCP. + * Sequence number incorrectly masked for AES GCM IV. The + initialization vector for AES GCM encryption was incorrectly + formed on little endian machines. This change will break + backwards compatibility with older versions (1.5, 2.0) of + libSRTP when using the AES GCM cipher for RTCP. + * Fix OOB read in key generation for encrypted headers with GCM + ciphers. Adds padding of GCM salt to the corresponding ICM + length used for header encryption. This change will break + backwards compatibility with version 2.0 of libSRTP when + using the header encryption extension with the AES GCM + cipher. + * Master Key Identifiers (MKI) Support - for 4 keys. + * Report SSRC instead of srtp_stream_t in srtp_event_data_t. + * Fix incorrect structure declarations for (S)RTP and (S)RTCP + for big endian machines + +------------------------------------------------------------------- +Mon Nov 21 23:03:24 UTC 2016 - jengelh@inai.de + +- Update to new 2.x generation, initial release 2.0.0 + * Massively smaller SDK, function names and types were cleaned + and prefixed. + +------------------------------------------------------------------- +Fri Mar 4 07:46:25 UTC 2016 - sor.alexei@meowr.ru + +- Update to 1.5.4: + * Use BE byte ordering of RTCP trailer. + * Allow zero length payload on unprotect. + +------------------------------------------------------------------- +Fri Jan 22 18:36:01 UTC 2016 - jengelh@inai.de + +- Update to new upstream release 1.5.3 +* Maintenance release, including fix for CVE-2015-6360. + +------------------------------------------------------------------- +Wed Jul 29 09:49:32 UTC 2015 - dimstar@opensuse.org + +- Add baselibs.conf: build libsrtp1-32bit, as needed by + libmediastreamer_voip4-32bit. + +------------------------------------------------------------------- +Sun Mar 15 16:35:32 UTC 2015 - sor.alexei@meowr.ru + +- Update to 1.5.2. +- Remove srtp-soname.diff as upstream now defines ABI in filenames + correctly. +- Spec cleanup. + +------------------------------------------------------------------- +Sat Jan 3 18:49:15 UTC 2015 - jengelh@inai.de + +- Update to new upstream release 1.5.0 +* Add support for OpenSSL crypto +* Add support for AES-GCM crypto suites. +* Add user data API to allow user to associate additional data + with a SRTP context. +- Replace libsrtp-automake.patch by simpler srtp-soname.diff + +------------------------------------------------------------------- +Thu Aug 28 06:03:05 UTC 2014 - jengelh@inai.de + +- Relax build restrictions for SLE11 (needs BuildRequires xz to + even start, and we can drop dist-xz from the suggestive patch + so that automake ~1.10) + +------------------------------------------------------------------- +Tue Aug 26 21:16:21 UTC 2014 - jengelh@inai.de + +- Update project metadata, and patch description + +------------------------------------------------------------------- +Wed Sep 18 18:46:49 CEST 2013 - sbrabec@suse.cz + +- Upgrade to the latest git snapshot of the version 1.4.5 from the + new Cisco GIT repository: + * support for Encrypted Key Transport (EKT) + * AES-256 support + * support for packet retransmission + * API and ABI changes to support new features + * many bug, crash and memory corruption fixes + * several security fixes (CVE-2013-2139, bnc#828009) +- Increment shared library version, there are incompatible API and + ABI changes. +- Rename the package to libsrtp, as did the upstream +- Port and rename srtp-automake.diff to libsrtp-automake.patch. +- Fix headers to not point to private not installed files + (bnc#839475). + +------------------------------------------------------------------- +Wed Oct 31 20:11:34 UTC 2012 - jengelh@inai.de + +- Fold the pkgconfig file into srtp-automake.diff +- Have libsrtp-devel depend on library package + +------------------------------------------------------------------- +Thu Oct 31 13:18:09 UTC 2012 - mailaender@opensuse.org + +- Have the package provide a pkg-config file, and run ldconfig + for the library package + +------------------------------------------------------------------- +Tue Oct 25 15:45:56 UTC 2011 - jengelh@medozas.de + +- Remove redundant %clean section +- Add automake patch so as to properly create shared libraries + +------------------------------------------------------------------- +Tue Mar 8 16:01:11 UTC 2011 - chris@computersalat.de + +- spec-cleaner +- remove author from description +- rpmlint: wrong-file-end-of-line-encoding + +------------------------------------------------------------------- +Sat Aug 8 12:45:35 UTC 2009 - alexandre@exatati.com.br + +- Version update to 1.4.4 and bzipped source. + o sorry but CHANGES file is outdated + +------------------------------------------------------------------- +Mon Jan 28 16:05:24 CET 2008 - sbrabec@suse.cz + +- Generate package named srtp-devel. + +------------------------------------------------------------------- +Wed Jun 6 01:27:06 CEST 2007 - ro@suse.de + +- suppress devel file warnings, we only have a static lib here + +------------------------------------------------------------------- +Wed Jun 28 17:30:46 CEST 2006 - sbrabec@suse.cz + +- New SuSE package, version 1.4.2. diff --git a/libsrtp2.spec b/libsrtp2.spec new file mode 100644 index 0000000..aacc67c --- /dev/null +++ b/libsrtp2.spec @@ -0,0 +1,93 @@ +# +# spec file for package libsrtp2 +# +# Copyright (c) 2023 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: libsrtp2 +%define lname libsrtp2-1 +Version: 2.5.0 +Release: 0 +Summary: Secure Real-Time Transport Protocol (SRTP) library v2 +License: BSD-3-Clause +Group: Development/Libraries/C and C++ +URL: https://github.com/cisco/libsrtp + +Source: https://github.com/cisco/libsrtp/archive/v%version.tar.gz +Source99: baselibs.conf +Patch1: libsrtp2-test-verbose.patch +BuildRequires: libpcap-devel +BuildRequires: pkg-config +BuildRequires: procps +BuildRequires: pkgconfig(openssl) >= 1.1.0 + +%description +libsrtp is Cisco's implementation of the Secure Real-time Transport +Protocol (SRTP), the Universal Security Transform (UST), and a +supporting cryptographic kernel. + +%package -n %lname +Summary: Secure Real-Time Transport Protocol (SRTP) library v2 +Group: System/Libraries + +%description -n %lname +libsrtp is Cisco's implementation of the Secure Real-time Transport +Protocol (SRTP), the Universal Security Transform (UST), and a +supporting cryptographic kernel. + +SRTP is a security profile for RTP that adds confidentiality, message +authentication, and replay protection to that protocol. It is +specified in RFC 3711. More information about the SRTP protocol +itself can be found on the Secure RTP page. + +%package devel +Summary: Development files for the Secure Real-Time Transport Protocol (SRTP) library v2 +Group: Development/Libraries/C and C++ +Requires: %lname = %version + +%description devel +libsrtp is Cisco's implementation of the Secure Real-time Transport +Protocol (SRTP), the Universal Security Transform (UST), and a +supporting cryptographic kernel. + +This subpackage contains the development headers. + +%prep +%autosetup -p1 -n libsrtp-%version + +%build +%configure --enable-openssl +%make_build shared_library + +%install +%make_install + +%check +%make_build runtest + +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig + +%files -n %lname +%_libdir/libsrtp2.so.1 + +%files devel +%doc CHANGES README.md doc/*.txt +%license LICENSE +%_includedir/srtp2/ +%_libdir/libsrtp2.so +%_libdir/pkgconfig/libsrtp2.pc + +%changelog diff --git a/v2.5.0.tar.gz b/v2.5.0.tar.gz new file mode 100644 index 0000000..56addb3 --- /dev/null +++ b/v2.5.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:8a43ef8e9ae2b665292591af62aa1a4ae41e468b6d98d8258f91478735da4e09 +size 638704