Hello community,
here is the log from the commit of package libzrtpcpp for openSUSE:Factory checked in at 2016-04-01 13:02:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libzrtpcpp (Old)
and /work/SRC/openSUSE:Factory/.libzrtpcpp.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzrtpcpp"
Changes:
--------
--- /work/SRC/openSUSE:Factory/libzrtpcpp/libzrtpcpp.changes 2016-02-26 22:19:57.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.libzrtpcpp.new/libzrtpcpp.changes 2016-04-01 13:02:52.000000000 +0200
@@ -1,0 +2,7 @@
+Wed Mar 23 21:19:19 UTC 2016 - jengelh@inai.de
+
+- Update to new upstream release 4.6.3
+* A small fix inside the ZRTP main module to ignore malformed
+ DH1 packets and avoid an NULL pointer access.
+
+-------------------------------------------------------------------
Old:
----
V4.6.2.tar.gz
New:
----
V4.6.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libzrtpcpp.spec ++++++
--- /var/tmp/diff_new_pack.Q9biSS/_old 2016-04-01 13:02:54.000000000 +0200
+++ /var/tmp/diff_new_pack.Q9biSS/_new 2016-04-01 13:02:54.000000000 +0200
@@ -18,7 +18,7 @@
Name: libzrtpcpp
%define lname libzrtpcpp4
-Version: 4.6.2
+Version: 4.6.3
Release: 0
Summary: A ccrtp extension for ZRTP support
License: GPL-3.0+
++++++ V4.6.2.tar.gz -> V4.6.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.2/.idea/dictionaries/werner.xml new/ZRTPCPP-4.6.3/.idea/dictionaries/werner.xml
--- old/ZRTPCPP-4.6.2/.idea/dictionaries/werner.xml 1970-01-01 01:00:00.000000000 +0100
+++ new/ZRTPCPP-4.6.3/.idea/dictionaries/werner.xml 2016-03-14 18:50:58.000000000 +0100
@@ -0,0 +1,8 @@
+<component name="ProjectDictionaryState">
+ <dictionary name="werner">
+ <words>
+ <w>dittmann</w>
+ <w>hmac</w>
+ </words>
+ </dictionary>
+</component>
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.2/CMakeLists.txt new/ZRTPCPP-4.6.3/CMakeLists.txt
--- old/ZRTPCPP-4.6.2/CMakeLists.txt 2016-02-04 16:32:31.000000000 +0100
+++ new/ZRTPCPP-4.6.3/CMakeLists.txt 2016-03-14 18:50:58.000000000 +0100
@@ -1,4 +1,4 @@
-# Copyright (C) 2009 Werner Dittman
+# Copyright (C) 2009 - 2016 Werner Dittman
#
# This file is free software; as a special exception the author gives
# unlimited permission to copy and/or distribute it, with or without
@@ -14,9 +14,9 @@
SET(CPACK_PACKAGE_VERSION_MAJOR 4)
SET(CPACK_PACKAGE_VERSION_MINOR 6)
-SET(CPACK_PACKAGE_VERSION_PATCH 2)
+SET(CPACK_PACKAGE_VERSION_PATCH 3)
-set (VERSION 4.6.2)
+set (VERSION 4.6.3)
set (SOVERSION 4)
# Define supported command line parameters.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.2/NEWS.md new/ZRTPCPP-4.6.3/NEWS.md
--- old/ZRTPCPP-4.6.2/NEWS.md 2016-02-04 16:32:31.000000000 +0100
+++ new/ZRTPCPP-4.6.3/NEWS.md 2016-03-14 18:50:58.000000000 +0100
@@ -1,3 +1,9 @@
+## GNU ZRTP 4.6.3 ##
+
+A small fix inside the ZRTP main module to ignore malformed
+DH1 packets and avoid an NULL pointer access.
+
+
## GNU ZRTP 4.6.2 ##
A small fix in the ZrtpCWrapper to fix an issue within 4.6.1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.2/zrtp/ZRtp.cpp new/ZRTPCPP-4.6.3/zrtp/ZRtp.cpp
--- old/ZRTPCPP-4.6.2/zrtp/ZRtp.cpp 2016-02-04 16:32:31.000000000 +0100
+++ new/ZRTPCPP-4.6.3/zrtp/ZRtp.cpp 2016-03-14 18:50:58.000000000 +0100
@@ -690,6 +690,10 @@
// get and check Responder's public value, see chap. 5.4.3 in the spec
pvr = dhPart1->getPv();
+ if (pvr == NULL) {
+ *errMsg = IgnorePacket;
+ return NULL;
+ }
if (!dhContext->checkPubKey(pvr)) {
*errMsg = DHErrorWrongPV;
return NULL;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ZRTPCPP-4.6.2/zrtp/ZrtpPacketDHPart.cpp new/ZRTPCPP-4.6.3/zrtp/ZrtpPacketDHPart.cpp
--- old/ZRTPCPP-4.6.2/zrtp/ZrtpPacketDHPart.cpp 2016-02-04 16:32:31.000000000 +0100
+++ new/ZRTPCPP-4.6.3/zrtp/ZrtpPacketDHPart.cpp 2016-03-14 18:50:58.000000000 +0100
@@ -37,8 +37,8 @@
void* allocated = &data;
memset(allocated, 0, sizeof(data));
- zrtpHeader = (zrtpPacketHeader_t *)&((DHPartPacket_t *)allocated)->hdr; // the standard header
- DHPartHeader = (DHPart_t *)&((DHPartPacket_t *)allocated)->dhPart;
+ zrtpHeader = &((DHPartPacket_t *)allocated)->hdr; // the standard header
+ DHPartHeader = &((DHPartPacket_t *)allocated)->dhPart;
pv = ((uint8_t*)allocated) + sizeof(DHPartPacket_t); // point to the public key value
setZrtpId();
@@ -46,7 +46,7 @@
// The fixed numbers below are taken from ZRTP specification, chap 5.1.5
void ZrtpPacketDHPart::setPubKeyType(const char* pkt) {
- // Well - the algo type is only 4 char thus cast to int32 and compare
+ // Well - the algorithm type is only 4 char thus cast to int32 and compare
if (*(int32_t*)pkt == *(int32_t*)dh2k) {
dhLength = 256;
}
@@ -68,15 +68,15 @@
else
return;
- int length = sizeof(DHPartPacket_t) + dhLength + (2 * ZRTP_WORD_SIZE); // HMAC field is 2*ZRTP_WORD_SIZE
- setLength(length / ZRTP_WORD_SIZE);
+ uint16_t length = static_cast