Bug 2211526

Summary: srtp_init fails with NSS > 3.5.3
Product: Red Hat Enterprise Linux 9 Reporter: Michael Newton <mnewton>
Component: libsrtpAssignee: Wim Taymans <wtaymans>
Status: POST --- QA Contact: Robin Hack <rhack>
Severity: medium Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, gerd, jwboyer, ndegraef, qe-baseos-daemons, rhack, wtaymans
Target Milestone: rcKeywords: Patch, Triaged
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael Newton 2023-05-31 21:55:36 UTC 
An NSS update has broken some functionality in libsrtp. This has been fixed upstream for version 2.4[1], and was backported into Fedora 34[2], but remains a problem in EL9 and CentOS. See #1948729 for details and a patch that resolves the problem.

The problem manifested itself for us when trying to run Asterisk built on EL9.1 with libsrtp-2.3.0-7.el9 and encountered these error messages:

    WARNING[47044] res_srtp.c: Failed to initialize libsrtp
    ERROR[47044] loader.c: *** Failed to load module res_srtp.so
    ERROR[47044] asterisk.c: Module initialization failed.  ASTERISK EXITING!

Applying the patch and building locally resolved the issue, as did installing the updated Fedora RPM.

[1] https://github.com/cisco/libsrtp/commit/23576ff4c0ed505997eceace69a336f6bf629027
[2] https://bodhi.fedoraproject.org/updates/FEDORA-2021-9ac23c1745
Comment 1 Niels De Graef 2023-07-06 09:13:22 UTC 
Wim, mind taking a look here? Looks like a trivial patch to include
Comment 2 Wim Taymans 2023-07-06 15:35:17 UTC 
I made a merge request: https://gitlab.com/redhat/centos-stream/rpms/libsrtp/-/merge_requests/3 just need QA ack to get it in.
Comment 4 Niels De Graef 2023-07-07 08:31:10 UTC 
*** Bug 2163492 has been marked as a duplicate of this bug. ***
Comment 5 Gerd v. Egidy 2023-07-07 09:20:28 UTC 
Would you consider adding the %check section I suggested in https://bugzilla.redhat.com/show_bug.cgi?id=2211526 ?

Or do you prefer if I propose that to be added to the package in Fedora?
Comment 6 Wim Taymans 2023-07-07 10:31:17 UTC 
What %check option? (your link recursively links to this bug).

Yes, also add this to fedora if it's useful.
Comment 7 Gerd v. Egidy 2023-07-07 12:26:49 UTC 
Oh, sorry, I got the link from the wrong tab.

I meant this one from the bug marked as duplicate:
https://bugzilla.redhat.com/show_bug.cgi?id=2163492#c0