summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'net-libs')
-rw-r--r--net-libs/libsrtp/ChangeLog8
-rw-r--r--net-libs/libsrtp/files/libsrtp-CVE-2013-2139.diff46
-rw-r--r--net-libs/libsrtp/libsrtp-1.4.4_p20121108-r1.ebuild77
3 files changed, 130 insertions, 1 deletions
diff --git a/net-libs/libsrtp/ChangeLog b/net-libs/libsrtp/ChangeLog
index 63605afd3c7c..fea51ab75dc9 100644
--- a/net-libs/libsrtp/ChangeLog
+++ b/net-libs/libsrtp/ChangeLog
@@ -1,6 +1,12 @@
# ChangeLog for net-libs/libsrtp
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-libs/libsrtp/ChangeLog,v 1.29 2013/10/01 15:30:04 chithanh Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-libs/libsrtp/ChangeLog,v 1.30 2013/10/13 19:58:24 phajdan.jr Exp $
+
+*libsrtp-1.4.4_p20121108-r1 (13 Oct 2013)
+
+ 13 Oct 2013; Pawel Hajdan jr <phajdan.jr@gentoo.org>
+ +libsrtp-1.4.4_p20121108-r1.ebuild, +files/libsrtp-CVE-2013-2139.diff:
+ Version bump for security bug #472302 .
01 Oct 2013; Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> metadata.xml:
Add chainsaw to maintainers.
diff --git a/net-libs/libsrtp/files/libsrtp-CVE-2013-2139.diff b/net-libs/libsrtp/files/libsrtp-CVE-2013-2139.diff
new file mode 100644
index 000000000000..dcafe177638b
--- /dev/null
+++ b/net-libs/libsrtp/files/libsrtp-CVE-2013-2139.diff
@@ -0,0 +1,46 @@
+diff --git a/srtp/srtp.c b/srtp/srtp.c
+index 839c1ee..7fd19e6 100644
+--- a/srtp/srtp.c
++++ b/srtp/srtp.c
+@@ -2063,23 +2063,18 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
+ switch(profile) {
+ case srtp_profile_aes128_cm_sha1_80:
+ crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ break;
+ case srtp_profile_aes128_cm_sha1_32:
+ crypto_policy_set_aes_cm_128_hmac_sha1_32(policy);
+- crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ break;
+ case srtp_profile_null_sha1_80:
+ crypto_policy_set_null_cipher_hmac_sha1_80(policy);
+- crypto_policy_set_null_cipher_hmac_sha1_80(policy);
+ break;
+ case srtp_profile_aes256_cm_sha1_80:
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ break;
+ case srtp_profile_aes256_cm_sha1_32:
+ crypto_policy_set_aes_cm_256_hmac_sha1_32(policy);
+- crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ break;
+ /* the following profiles are not (yet) supported */
+ case srtp_profile_null_sha1_32:
+@@ -2100,6 +2095,8 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
+ crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ break;
+ case srtp_profile_aes128_cm_sha1_32:
++ /* We do not honor the 32-bit auth tag request since
++ * this is not compliant with RFC 3711 */
+ crypto_policy_set_aes_cm_128_hmac_sha1_80(policy);
+ break;
+ case srtp_profile_null_sha1_80:
+@@ -2109,6 +2106,8 @@ static inline int base_key_length(const cipher_type_t *cipher, int key_length)
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ break;
+ case srtp_profile_aes256_cm_sha1_32:
++ /* We do not honor the 32-bit auth tag request since
++ * this is not compliant with RFC 3711 */
+ crypto_policy_set_aes_cm_256_hmac_sha1_80(policy);
+ break;
+ /* the following profiles are not (yet) supported */
diff --git a/net-libs/libsrtp/libsrtp-1.4.4_p20121108-r1.ebuild b/net-libs/libsrtp/libsrtp-1.4.4_p20121108-r1.ebuild
new file mode 100644
index 000000000000..e1555c957555
--- /dev/null
+++ b/net-libs/libsrtp/libsrtp-1.4.4_p20121108-r1.ebuild
@@ -0,0 +1,77 @@
+# Copyright 1999-2013 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-libs/libsrtp/libsrtp-1.4.4_p20121108-r1.ebuild,v 1.1 2013/10/13 19:58:24 phajdan.jr Exp $
+
+EAPI="4"
+
+inherit base multilib
+
+MY_PN="srtp"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="Open-source implementation of the Secure Real-time Transport Protocol (SRTP)"
+HOMEPAGE="http://srtp.sourceforge.net/srtp.html"
+SRC_URI="http://dev.gentoo.org/~phajdan.jr/${MY_P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~ppc ~ppc64 -sparc ~x86 ~x86-fbsd ~ppc-macos ~x64-macos ~x86-macos"
+IUSE="aesicm console debug doc static-libs syslog"
+PATCHES=(
+ "${FILESDIR}/${P}-shared.patch"
+ "${FILESDIR}/${PN}-CVE-2013-2139.diff"
+ )
+
+S=${WORKDIR}/${MY_PN}
+
+src_configure() {
+ # stdout: default error output for messages in debug
+ # kernel-linux: breaks the build
+ # gdoi: disabled by upstream and breaks the build
+ econf \
+ --enable-stdout \
+ --disable-kernel-linux \
+ --disable-gdoi \
+ $(use_enable aesicm generic-aesicm) \
+ $(use_enable console) \
+ $(use_enable debug) \
+ $(use_enable syslog)
+}
+
+src_compile() {
+ if use static-libs; then
+ emake ${PN}.a || die "Failed to build static library"
+ fi
+ emake ${PN}$(get_libname) || die "Failed to build dynamic library"
+}
+
+src_test() {
+ # getopt returns an int, not a char
+ sed -i -e "s/char q/int q/" \
+ test/rdbx_driver.c test/srtp_driver.c test/dtls_srtp_driver.c \
+ || die "fixing getopt errors failed"
+
+ # test/rtpw_test.sh is assuming . is in $PATH
+ sed -i -e "s:\$RTPW :./\$RTPW :" test/rtpw_test.sh \
+ || die "patching test/rtpw_test.sh failed"
+
+ # test/rtpw.c is using /usr/share/dict/words assuming it exists
+ # using test/rtpw.c guaratees the file exists in any case
+ sed -i -e "s:/usr/share/dict/words:rtpw.c:" test/rtpw.c \
+ || die "patching test/rtpw.c failed"
+
+ emake test || die "building test failed"
+ emake -j1 runtest || die "tests failed"
+}
+
+src_install() {
+ emake DESTDIR="${D}" install || die "emake install failed"
+
+ dodoc CHANGES README TODO || die "dodoc failed"
+
+ if use doc; then
+ # libsrtp.pdf can also be generated with doxygen
+ # but it would be a waste of time as an up-to-date version is built
+ dodoc doc/*.txt doc/${PN}.pdf || die "dodoc failed"
+ fi
+}