- Package:
- libsrtp2-dev
- Source:
- libsrtp2
- Description:
- Secure RTP (SRTP) and UST Reference Implementations - development files
- Submitter:
- Sandro KnauÃ
- Date:
- 2024-07-31 05:39:05 UTC
- Severity:
- normal
- Tags:
Package: libsrtp2-dev Version: 2.1.0-1 Severity: normal Control: affects -1 qtwebengine-opensource-src Hey, I tried to get rid of the internal copy of libsrtp2 in qtwebengine. Unfortunably there is no srtp_priv.h,rtp.h and rtp_priv.h in /usr/include/srtp2 and I can't replace the copy, cause other parts depending on parts in the private header. Best Regrads, sandro
Hi Sandro, Quoting Sandro Knauß (2017-07-01 19:33:47) I am quite in favor of getting rid of code copies, but using on a private library sounds like abuse which should be solved by either rewriting/patching the project to only use public headers, or convince the libsrtp project to make those private headers public. I can forward this issue to the upstream developers of libsrtp, but will then need some more substantial arguments why headers deliberately made private should be made public. Even better if you get in touch with upstream directly, as you can no doubt explain your needs better than me acting as proxy. - Jonas
Hey Jonas, Well qtwebengine is a embeded browser (chromium) and needs the private headers to build webrtc. Keep in mind also chromium is normally affected by issues, that are stopping qtwebengine to use system packages (see as example #812091). We had no issue to use system libsrtp-dev, because this had shipped the private header. I know shipping private header stuff is not ideal. But I prefer no copies and one more transition if private stuff changes. Sorry but I have nor real indeep knowlege, why webrtc needs the private stuff. I hope the surroundings are enough to start the discussion with upstream. Btw. upstream(qt) tells actually that qtwebengine using an non released version of libsrtp (https://bugreports.qt.io/browse/QTBUG-60970) As I don't know libsrtp it may be better if you start the discussion. I can join afterwards. Otherwise you should discribe me, how to reach them properly. Best Regards, sandro
Quoting Sandro Knauß (2017-07-01 21:34:47) Sorry, but with that (lack of) reasoning for needing headers which upstream has chosen to treat as private, I will not act as proxy. Upstream preferred form of contact can be found in the Debian copyright file: https://github.com/cisco/libsrtp/issues - Jonas
Excerpts from Jonas Smedegaard's message of juli 1, 2017 10:46 pm: You might also want to read bug#804545, which I suspect is either directly related to this issue or if not then reasoning for being cautious similar. - Jonas
Hi all, I opened the bug for this upstream, we have the same problem in reSIProcate https://github.com/cisco/libsrtp/issues/532 Regards, Daniel
I would like to try to work to get this bug fixed. I understand that it a fairly heavy mountain to move and will involve coordination with various upstreams (libsrtp, chromium, qtwebengine) as well as the packagers of those programs, but I have a strong desire to get the Qt WebEngine packages in Debian into good shape and am willing to invest time into this bug to see if an acceptable solution can be found. For those who have more experience with the history of this problem, do you have any suggestions as to where I should start?
Quoting Soren Stoutner via Pkg-voip-maintainers (2023-06-14 02:20:52) Thanks for your interest in this issue! I suggest - as also described in my previous emails here, to try patch the Qt WebEngine code to get randomness elsewhere, because libsrtp was not intented to provide that functionality and therefore the removal of that private interface was deliberate. Kind regards, - Jonas
Thanks for the pointer. I will start there and report back to this bug report any progress I make.
I decided to start by filing a bug report with Google and politely ask if they would do the heavy lifting. https://bugs.chromium.org/p/chromium/issues/detail?id=1455478[1] It is a long shot, but sometimes you never know what you will get until you ask.-------- [1] https://bugs.chromium.org/p/chromium/issues/detail?id=1455478
Google is making some progress on this issue. https://webrtc-review.googlesource.com/c/src/+/357543[1] They still need to sort out the usage in: third_party/webrtc/pc/srtp_session.cc-------- [1] https://webrtc-review.googlesource.com/c/src/+/357543
There is an upstream discussion about this with the libsrtp developers. https://github.com/cisco/libsrtp/issues/721
Quoting Soren Stoutner (2024-07-31 05:01:23) Thanks for working on this, Søren. - Jonas