From f75b1832ba6f8ec5cc060df219d8441fdc4625be8ffdb7177829f8cb982e8a6e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Fri, 11 Oct 2013 07:53:28 +0000 Subject: [PATCH] Accepting request 202067 from home:sbrabec:branches:network:telephony This is also a package rename. Please send to openSUSE Factory with a delete request to srtp. - Upgrade to the latest git snapshot of the version 1.4.5 from the new Cisco GIT repository: * support for Encrypted Key Transport (EKT) * AES-256 support * support for packet retransmission * API and ABI changes to support new features * many bug, crash and memory corruption fixes * several security fixes (CVE-2013-2139, bnc#828009) - Increment shared library version, there are incompatible API and ABI changes. - Rename the package to libsrtp, as did the upstream - Port and rename srtp-automake.diff to libsrtp-automake.patch. - Fix headers to not point to private not installed files (bnc#839475). OBS-URL: https://build.opensuse.org/request/show/202067 OBS-URL: https://build.opensuse.org/package/show/network:telephony/libsrtp?expand=0&rev=1 --- .gitattributes | 23 +++++ .gitignore | 1 + libsrtp-automake.patch | 207 ++++++++++++++++++++++++++++++++++++++ libsrtp-git7db9eb2.tar.xz | 3 + libsrtp.changes | 64 ++++++++++++ libsrtp.spec | 143 ++++++++++++++++++++++++++ 6 files changed, 441 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 libsrtp-automake.patch create mode 100644 libsrtp-git7db9eb2.tar.xz create mode 100644 libsrtp.changes create mode 100644 libsrtp.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/libsrtp-automake.patch b/libsrtp-automake.patch new file mode 100644 index 0000000..52c750d --- /dev/null +++ b/libsrtp-automake.patch @@ -0,0 +1,207 @@ +From: Jan Engelhardt +Date: 2011-10-25 17:51:31.000000000 +0200 + +Switch to stress-free automake with libtool library generation. +Also add a pkgconfig file for easy detection of presence and paths +by secondary projects. + +--- + Makefile.am | 99 +++++++++++++++++++++++++++++++++++++++++++++ + configure.in | 13 ++++- + crypto/include/Makefile.am | 7 +++ + include/Makefile.am | 4 + + libsrtp.pc.in | 11 +++++ + 5 files changed, 131 insertions(+), 3 deletions(-) + +Index: libsrtp/Makefile.am +=================================================================== +--- /dev/null ++++ libsrtp/Makefile.am +@@ -0,0 +1,102 @@ ++# -*- Makefile -*- ++ ++SUBDIRS = crypto/include include ++ ++AM_CPPFLAGS = -I${top_srcdir}/crypto/include -I${top_srcdir}/include ++ ++pkgconfdir = ${libdir}/pkgconfig ++pkgconf_DATA = libsrtp.pc ++ ++lib_LTLIBRARIES = libsrtp.la ++ ++noinst_LTLIBRARIES = libcryptomath.la ++ ++ciphers = crypto/cipher/cipher.c crypto/cipher/null_cipher.c \ ++ crypto/cipher/aes.c crypto/cipher/aes_icm.c \ ++ crypto/cipher/aes_cbc.c ++ ++hashes = crypto/hash/null_auth.c crypto/hash/sha1.c \ ++ crypto/hash/hmac.c crypto/hash/auth.c # crypto/hash/tmmhv2.c ++ ++replay = crypto/replay/rdb.c crypto/replay/rdbx.c \ ++ crypto/replay/ut_sim.c ++ ++math = crypto/math/datatypes.c crypto/math/stat.c ++ ++ust = crypto/ust/ust.c ++ ++rng = crypto/rng/prng.c crypto/rng/ctr_prng.c ++if RAND_LINUX_KERNEL ++rng += crypto/rng/rand_linux_kernel.c ++else ++rng += crypto/rng/rand_source.c ++endif ++ ++err = crypto/kernel/err.c ++ ++kernel = crypto/kernel/crypto_kernel.c crypto/kernel/alloc.c \ ++ crypto/kernel/key.c $(rng) $(err) # $(ust) ++ ++cryptsrc = ${ciphers} ${hashes} ${math} ${stat} ${kernel} ${replay} ++ ++# libsrtp.a (implements srtp processing) ++ ++srtpsrc = srtp/srtp.c srtp/ekt.c ++ ++# gdoi is the group domain of interpretation for isakmp, a group key ++# management system which can provide keys for srtp ++if GDOI ++gdoi = gdoi/srtp+gdoi.c ++endif ++ ++# so.1 was used in srtp-sharedlib.diff.. ++libsrtp_la_SOURCES = ${srtpsrc} ${cryptsrc} ${gdoi} ++libsrtp_la_LDFLAGS = -version-info 2:0:0 ++ ++libcryptomath_la_SOURCES = crypto/math/math.c crypto/math/gf2_8.c ++ ++# test applications ++ ++check_PROGRAMS = crypto/test/aes_calc crypto/test/cipher_driver \ ++ crypto/test/datatypes_driver crypto/test/kernel_driver \ ++ crypto/test/rand_gen crypto/test/sha1_driver \ ++ crypto/test/stat_driver \ ++ test/srtp_driver test/replay_driver test/roc_driver test/rdbx_driver \ ++ test/rtpw test/dtls_srtp_driver ++ ++test_rtpw_SOURCES = test/rtpw.c test/rtp.c test/getopt_s.c ++test_rtpw_LDADD = libsrtp.la ++ ++test_srtp_driver_SOURCES = test/srtp_driver.c test/getopt_s.c ++test_srtp_driver_LDADD = libsrtp.la ++ ++test_rdbx_driver_SOURCES = test/rdbx_driver.c test/getopt_s.c ++test_rdbx_driver_LDADD = libsrtp.la ++ ++test_dtls_srtp_driver_SOURCES = test/dtls_srtp_driver.c test/getopt_s.c ++test_dtls_srtp_driver_LDADD = libsrtp.la ++ ++memtest: test/srtp_driver ++ @test/srtp_driver -v -d "alloc" > tmp ++ @grep freed tmp | wc -l > freed ++ @grep allocated tmp | wc -l > allocated ++ @echo "checking for memory leaks (only works with --enable-stdout)" ++ cmp -s allocated freed ++ @echo "passed (same number of alloc() and dealloc() calls found)" ++ @rm freed allocated tmp ++ ++# tables_apps are used to generate the tables used in the crypto ++# implementations; these need only be generated during porting, not ++# for building libsrtp or the test applications ++ ++check_PROGRAMS += tables/aes_tables ++ ++tables_aes_tables_SOURCES = tables/aes_tables.c ++tables_aes_tables_LDADD = libcryptomath.la ++ ++# the target 'plot' runs the timing test (test/srtp_driver -t) then ++# uses gnuplot to produce plots of the results - see the script file ++# 'timing' ++ ++plot: test/srtp_driver ++ test/srtp_driver -t > timing.dat +Index: libsrtp/configure.in +=================================================================== +--- libsrtp.orig/configure.in ++++ libsrtp/configure.in +@@ -1,5 +1,5 @@ + dnl Process this file with autoconf to produce a configure script. +-AC_INIT(srtp) ++AC_INIT([srtp], [1.4.5]) + + dnl Must come before AC_PROG_CC + if test -z "$CFLAGS"; then +@@ -8,9 +8,13 @@ if test -z "$CFLAGS"; then + fi + + dnl Checks for programs. +-AC_PROG_RANLIB ++AM_INIT_AUTOMAKE([-Wall foreign subdir-objects no-dist-gzip dist-xz tar-pax]) + AC_PROG_CC ++AM_PROG_CC_C_O + AC_PROG_INSTALL ++m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) ++AC_DISABLE_STATIC ++AC_PROG_LIBTOOL + + dnl Check the byte order + AC_C_BIGENDIAN +@@ -81,6 +85,7 @@ else + fi + fi + AC_SUBST(RNG_OBJS) ++AM_CONDITIONAL([RAND_LINUX_KERNEL], [test "$enable_linux_kernel" = yes]) + + + dnl Checks for header files. +@@ -189,10 +194,12 @@ if test "$enable_gdoi" = "yes"; then + AC_SUBST(GDOI_OBJS) + fi + AC_MSG_RESULT($enable_gdoi) ++AM_CONDITIONAL([GDOI], [test "$enable_gdoi" = "yes"]) + + AC_CONFIG_HEADER(crypto/include/config.h:config_in.h) + +-AC_OUTPUT(Makefile crypto/Makefile doc/Makefile) ++AC_CONFIG_FILES([Makefile crypto/Makefile crypto/include/Makefile doc/Makefile include/Makefile libsrtp.pc]) ++AC_OUTPUT + + # This is needed when building outside the source dir. + AS_MKDIR_P(crypto/ae_xfm) +Index: libsrtp/crypto/include/Makefile.am +=================================================================== +--- /dev/null ++++ libsrtp/crypto/include/Makefile.am +@@ -0,0 +1,7 @@ ++# -*- Makefile -*- ++ ++pkginclude_HEADERS = \ ++ aes.h aes_cbc.h aes_icm.h alloc.h auth.h cipher.h crypto.h \ ++ crypto_kernel.h crypto_math.h crypto_types.h cryptoalg.h datatypes.h \ ++ err.h gf2_8.h hmac.h integers.h kernel_compat.h key.h null_auth.h \ ++ null_cipher.h prng.h rand_source.h rdb.h rdbx.h sha1.h stat.h xfm.h +Index: libsrtp/include/Makefile.am +=================================================================== +--- /dev/null ++++ libsrtp/include/Makefile.am +@@ -0,0 +1,4 @@ ++# -*- Makefile -*- ++ ++pkginclude_HEADERS = \ ++ getopt_s.h rtp.h rtp_priv.h srtp.h srtp_priv.h ut_sim.h +Index: libsrtp/libsrtp.pc.in +=================================================================== +--- /dev/null ++++ libsrtp/libsrtp.pc.in +@@ -0,0 +1,11 @@ ++prefix=@prefix@ ++exec_prefix=@exec_prefix@ ++libdir=@libdir@ ++includedir=@includedir@ ++ ++Name: libsrtp ++Description: Secure Real-time Transport Protocol library ++Version: 1.4.5 ++URL: http://srtp.sf.net/ ++Libs: -L${libdir} -lsrtp ++Cflags: -I${includedir}/srtp diff --git a/libsrtp-git7db9eb2.tar.xz b/libsrtp-git7db9eb2.tar.xz new file mode 100644 index 0000000..906aef8 --- /dev/null +++ b/libsrtp-git7db9eb2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:875193a517e24a166ff5d87be7679080f153ad111c2d034ffed080d9ee96679b +size 4090572 diff --git a/libsrtp.changes b/libsrtp.changes new file mode 100644 index 0000000..bff196d --- /dev/null +++ b/libsrtp.changes @@ -0,0 +1,64 @@ +------------------------------------------------------------------- +Wed Sep 18 18:46:49 CEST 2013 - sbrabec@suse.cz + +- Upgrade to the latest git snapshot of the version 1.4.5 from the + new Cisco GIT repository: + * support for Encrypted Key Transport (EKT) + * AES-256 support + * support for packet retransmission + * API and ABI changes to support new features + * many bug, crash and memory corruption fixes + * several security fixes (CVE-2013-2139, bnc#828009) +- Increment shared library version, there are incompatible API and + ABI changes. +- Rename the package to libsrtp, as did the upstream +- Port and rename srtp-automake.diff to libsrtp-automake.patch. +- Fix headers to not point to private not installed files + (bnc#839475). + +------------------------------------------------------------------- +Wed Oct 31 20:11:34 UTC 2012 - jengelh@inai.de + +- Fold the pkgconfig file into srtp-automake.diff +- Have libsrtp-devel depend on library package + +------------------------------------------------------------------- +Thu Oct 31 13:18:09 UTC 2012 - mailaender@opensuse.org + +- Have the package provide a pkg-config file, and run ldconfig + for the library package + +------------------------------------------------------------------- +Tue Oct 25 15:45:56 UTC 2011 - jengelh@medozas.de + +- Remove redundant %clean section +- Add automake patch so as to properly create shared libraries + +------------------------------------------------------------------- +Tue Mar 8 16:01:11 UTC 2011 - chris@computersalat.de + +- spec-cleaner +- remove author from description +- rpmlint: wrong-file-end-of-line-encoding + +------------------------------------------------------------------- +Sat Aug 8 12:45:35 UTC 2009 - alexandre@exatati.com.br + +- Version update to 1.4.4 and bzipped source. + o sorry but CHANGES file is outdated + +------------------------------------------------------------------- +Mon Jan 28 16:05:24 CET 2008 - sbrabec@suse.cz + +- Generate package named srtp-devel. + +------------------------------------------------------------------- +Wed Jun 6 01:27:06 CEST 2007 - ro@suse.de + +- suppress devel file warnings, we only have a static lib here + +------------------------------------------------------------------- +Wed Jun 28 17:30:46 CEST 2006 - sbrabec@suse.cz + +- New SuSE package, version 1.4.2. + diff --git a/libsrtp.spec b/libsrtp.spec new file mode 100644 index 0000000..62b2c8b --- /dev/null +++ b/libsrtp.spec @@ -0,0 +1,143 @@ +# +# spec file for package libsrtp +# +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# + + +Name: libsrtp +%define library_name libsrtp2 +%define git_snapshot 7db9eb2 +Version: 1.4.5.0.20130918.%{git_snapshot} +Release: 0 +Summary: Secure Real-Time Transport Protocol (SRTP) library +License: BSD-3-Clause +Group: Development/Libraries/C and C++ +Url: http://srtp.sourceforge.net/srtp.html +Source: %{name}-git%{git_snapshot}.tar.xz +# PATCH-FEATURE-OPENSUSE libsrtp-automake.patch jengelh@medozas.de -- Support for automake to easily build shared library. +Patch: %{name}-automake.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: autoconf +BuildRequires: automake >= 1.11 +BuildRequires: dos2unix +BuildRequires: libtool +BuildRequires: pkg-config +Provides: srtp = %{version}-%{release} +Obsoletes: srtp < %{version} + +%description +The libSRTP library is an open source implementation of the Secure +Real-time Transport Protocol (SRTP) originally authored by Cisco +Systems, Inc. + +%package -n %{library_name} +Summary: Secure Real-Time Transport Protocol (SRTP) library +Group: System/Libraries + +%description -n %{library_name} +The libSRTP library is an open source implementation of the Secure +Real-time Transport Protocol (SRTP) originally authored by Cisco +Systems, Inc. + +SRTP is a security profile for RTP that adds confidentiality, message +authentication, and replay protection to that protocol. It is specified +in RFC 3711. More information about the SRTP protocol itself can be +found on the Secure RTP page. + +%package devel +Summary: Secure Real-Time Transport Protocol (SRTP) library +Group: Development/Libraries/C and C++ +Requires: %{library_name} = %{version} +Provides: srtp-devel = %{version}-%{release} +Obsoletes: srtp-devel < %{version} + +%description devel +The libSRTP library is an open source implementation of the Secure +Real-time Transport Protocol (SRTP) originally authored by Cisco +Systems, Inc. + +SRTP is a security profile for RTP that adds confidentiality, message +authentication, and replay protection to that protocol. It is specified +in RFC 3711. More information about the SRTP protocol itself can be +found on the Secure RTP page. + +%prep +%setup -q -n %{name} +%patch -p1 +tr '\r' '\n' doc/draft-irtf-cfrg-icm-00.txt.unix +touch -r doc/draft-irtf-cfrg-icm-00.txt doc/draft-irtf-cfrg-icm-00.txt.unix +mv doc/draft-irtf-cfrg-icm-00.txt.unix doc/draft-irtf-cfrg-icm-00.txt + +%build +autoreconf -fi +%configure \ + --enable-generic-aesicm \ + --enable-syslog +# --enable-gdoi +# FIXME: Does not work: +# --enable-kernel-linux +make %{?_smp_mflags} + +%install +%makeinstall +rm %{buildroot}%{_libdir}/*.la + +# This file is required by some headers, but missing in the installed files. (bnc#839475) +install -m0644 crypto/include/config.h %{buildroot}%{_includedir}/srtp/ + +# We provide verbose messages here. +set +x +# Including of files with generic names and quotes is unsafe and can cause include clashes. +# Do it in install phase, because rewriting of the source code before building would require deeper changes. +# /usr/include is included automatically, so we don't modify .pc file. (bnc#839475#c2) +echo "Rewriting #include \"{foo}.h\" to #include ..." +sed -i 's:\( *# *include *\)"\([^"]*\.h\)":\1 :' %{buildroot}%{_includedir}/srtp/*.h +# Rewrite FOO_H just to make things consistent and prevent name clashes. +echo "Rewriting header include check tags from {FOO_H} to SRTP_{FOO_H}..." +sed -i 's:\(# *\(ifdef\|ifndef\|define\|endif */\*\) *\)\([A-Z0-9_]*_H\)\($\| *\*/\):\1SRTP_\3\4:' %{buildroot}%{_includedir}/srtp/*.h +sed -i 's:\(# *\(ifdef\|ifndef\|define\|endif */\*\) *\)\(CRYPTO_KERNEL\|RAND_SOURCE\)\($\| *\*/\):\1SRTP_\3_H\4:' %{buildroot}%{_includedir}/srtp/*.h +sed -i 's:__DATATYPES_H:_DATATYPES_H:' %{buildroot}%{_includedir}/srtp/*.h +# And finally, prevent all potential clashes in autoconf based variables in config.h. +for SYMBOL in\ + $( + sed -n ' + # Everything below const is a definition of the compiler and hopefully undefined. + /const/,$d + # Search and print autoconf generated defines. + s:\(^# *define\|/\* # *undef\) \([A-Z0-9_]*\).*$:\2:p + ' <%{buildroot}%{_includedir}/srtp/config.h + ) + do + echo "Rewriting symbol $SYMBOL to SRTP_$SYMBOL..." + sed -i 's:\([^A-Z0-9_]\)\('$SYMBOL'\)\([^A-Z0-9_]\|$\):\1SRTP_\2\3:g' %{buildroot}%{_includedir}/srtp/*.h +done +set -x + +%post -n %{library_name} -p /sbin/ldconfig + +%postun -n %{library_name} -p /sbin/ldconfig + +%files -n %{library_name} +%defattr(-,root,root,-) +%{_libdir}/libsrtp.so.2* + +%files devel +%defattr(-,root,root,-) +%doc CHANGES LICENSE README TODO VERSION doc/*.pdf doc/*.txt +%{_includedir}/srtp +%{_libdir}/libsrtp.so +%{_libdir}/pkgconfig/libsrtp.pc + +%changelog