diff options
| author | tron <tron@pkgsrc.org> | 2015-06-10 20:38:42 +0000 |
|---|---|---|
| committer | tron <tron@pkgsrc.org> | 2015-06-10 20:38:42 +0000 |
| commit | eb99e309737f1312533669395db7c1030285d498 (patch) | |
| tree | b224cc7e317e38ce1c0d9916802812d09609934c | |
| parent | ebf54e7f936cc8b8ec1a779119c6e13fbe0fb383 (diff) | |
| download | pkgsrc-eb99e309737f1312533669395db7c1030285d498.tar.gz | |
Pullup ticket #4736 - requested by manu
comms/asterisk18: security update
Revisions pulled up:
- comms/asterisk18/Makefile 1.94,1.97 via patch
- comms/asterisk18/distinfo 1.60-1.61
- comms/asterisk18/patches/patch-main_loader.c 1.1
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Sun Apr 12 03:35:39 UTC 2015
Modified Files:
pkgsrc/comms/asterisk18: Makefile distinfo
Log Message:
Update to Asterisk 1.8.32.3: this is a security fix update.
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
12, and 13. The available security releases are released as versions
1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and verifies the
server, Asterisk will accept signed certificates that match a
common name other than the one Asterisk is expecting if the signed
certificate has a common name containing a null byte after the
portion of the common name that Asterisk expected. This potentially
allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
---
Module Name: pkgsrc
Committed By: manu
Date: Tue Apr 28 08:48:11 UTC 2015
Modified Files:
pkgsrc/comms/asterisk18: Makefile distinfo
Added Files:
pkgsrc/comms/asterisk18/patches: patch-main_loader.c
Log Message:
Fix crash in asterisk18 startup
The added patch fixes startup crash and was submitted upstream.
While there also remove the ban on i386, as it was tested to run fine.
| -rw-r--r-- | comms/asterisk18/Makefile | 8 | ||||
| -rw-r--r-- | comms/asterisk18/distinfo | 15 | ||||
| -rw-r--r-- | comms/asterisk18/patches/patch-main_loader.c | 45 |
3 files changed, 56 insertions, 12 deletions
diff --git a/comms/asterisk18/Makefile b/comms/asterisk18/Makefile index 54c09a52122..4e8a8523530 100644 --- a/comms/asterisk18/Makefile +++ b/comms/asterisk18/Makefile @@ -1,12 +1,13 @@ -# $NetBSD: Makefile,v 1.92 2015/03/15 22:26:26 jnemeth Exp $ +# $NetBSD: Makefile,v 1.92.2.1 2015/06/10 20:38:42 tron Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked -DISTNAME= asterisk-1.8.32.2 +DISTNAME= asterisk-1.8.32.3 DIST_SUBDIR= ${PKGNAME_NOREV} DISTFILES= ${DEFAULT_DISTFILES} EXTRACT_ONLY= ${DISTNAME}.tar.gz +PKGREVISION= 3 CATEGORIES= comms net audio MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ @@ -17,9 +18,6 @@ HOMEPAGE= http://www.asterisk.org/ COMMENT= The Asterisk Software PBX LICENSE= gnu-gpl-v2 -# known to have issues on i386, block the package until the bug is fixed -BROKEN_ON_PLATFORM= NetBSD-*-i386 - CONFLICTS+= asterisk-sounds-extra-[0-9]* .include "../../mk/bsd.prefs.mk" diff --git a/comms/asterisk18/distinfo b/comms/asterisk18/distinfo index 50c105ae3f6..e8528659247 100644 --- a/comms/asterisk18/distinfo +++ b/comms/asterisk18/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.59 2015/01/29 21:48:07 jnemeth Exp $ +$NetBSD: distinfo,v 1.59.2.1 2015/06/10 20:38:42 tron Exp $ -SHA1 (asterisk-1.8.32.2/asterisk-1.8.32.2.tar.gz) = e2a585ff20ab7dc1cb4bad86eda514af7c6a5e45 -RMD160 (asterisk-1.8.32.2/asterisk-1.8.32.2.tar.gz) = 41446c7da1e73ab07455f35b1ed102315eb7ef9c -Size (asterisk-1.8.32.2/asterisk-1.8.32.2.tar.gz) = 29635914 bytes -SHA1 (asterisk-1.8.32.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050 -RMD160 (asterisk-1.8.32.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150 -Size (asterisk-1.8.32.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes +SHA1 (asterisk-1.8.32.3/asterisk-1.8.32.3.tar.gz) = ba0fd90fd744e423950d66c5d3e777419050d62e +RMD160 (asterisk-1.8.32.3/asterisk-1.8.32.3.tar.gz) = 431785ace9f8a516ed6def6cf193fc8cd06b2967 +Size (asterisk-1.8.32.3/asterisk-1.8.32.3.tar.gz) = 29637478 bytes +SHA1 (asterisk-1.8.32.3/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050 +RMD160 (asterisk-1.8.32.3/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150 +Size (asterisk-1.8.32.3/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes SHA1 (patch-aa) = 832f1c043b15198e0a286094dd0cc1a251bcfed0 SHA1 (patch-af) = 19786616bb606c38f769ec85f2e4d118573659ab SHA1 (patch-ai) = e92edab5c1ff323478f41d0b0783102ed527fe39 @@ -39,3 +39,4 @@ SHA1 (patch-bm) = 284b34e20091b3427cd67b835fc7aa62c9d92a6c SHA1 (patch-bn) = 51d14bde5591bd4a68c8074838196e05ac86f2f2 SHA1 (patch-bo) = ff43d14e2608dd08d7d03799dfe9847f9f7f5666 SHA1 (patch-bp) = 44c903536522e61790588680383b0ab2879edd65 +SHA1 (patch-main_loader.c) = a4cc248a7767eca712618fadf3a1ddc7f4977921 diff --git a/comms/asterisk18/patches/patch-main_loader.c b/comms/asterisk18/patches/patch-main_loader.c new file mode 100644 index 00000000000..9c7fe36db42 --- /dev/null +++ b/comms/asterisk18/patches/patch-main_loader.c @@ -0,0 +1,45 @@ +$NetBSD: patch-main_loader.c,v 1.1.2.2 2015/06/10 20:38:43 tron Exp $ + +Fix unloaded module DSO usage + +If a module once failed to load with globaly exposed symbols, the DSO +is unloaded while the struct ast_module remains valid and referenced, +with just mod->lib being NULL. + +If the module is later attempted to be loaded again, make sure the DSO +is loaded again to avoid an unpleasant crash. + +Also add a test to catch the situation where something went wrong and +loading failed again. + +Submitted upstream in +https://issues.asterisk.org/jira/browse/ASTERISK-25021 + +--- main/loader.c.orig 2015-04-27 17:33:30.000000000 +0200 ++++ main/loader.c 2015-04-27 18:01:28.000000000 +0200 +@@ -894,9 +894,9 @@ + { + struct ast_module *mod; + enum ast_module_load_result res = AST_MODULE_LOAD_SUCCESS; + +- if ((mod = find_resource(resource_name, 0))) { ++ if ((mod = find_resource(resource_name, 0)) && (mod->lib != NULL)) { + if (mod->flags.running) { + ast_log(LOG_WARNING, "Module '%s' already exists.\n", resource_name); + return AST_MODULE_LOAD_DECLINE; + } +@@ -918,8 +918,14 @@ + return required ? AST_MODULE_LOAD_FAILURE : AST_MODULE_LOAD_DECLINE; + #endif + } + ++ if (mod->lib == NULL) { ++ ast_log(LOG_ERROR, "Module '%s' was unloaded.\n", resource_name); ++ return required ? AST_MODULE_LOAD_FAILURE : AST_MODULE_LOAD_DECLINE; ++ } ++ ++ + if (inspect_module(mod)) { + ast_log(LOG_WARNING, "Module '%s' could not be loaded.\n", resource_name); + #ifdef LOADABLE_MODULES + unload_dynamic_module(mod); |