diff options
| author | tron <tron> | 2011-01-25 12:43:16 +0000 |
|---|---|---|
| committer | tron <tron> | 2011-01-25 12:43:16 +0000 |
| commit | f877325c8bba56a7a36a56b64cc3c23259114aed (patch) | |
| tree | 01ea51079f250af6c964ce0fad71bf42b245f3ba | |
| parent | 4fff23686850830f5500749952ceff12e67d2b55 (diff) | |
| download | pkgsrc-f877325c8bba56a7a36a56b64cc3c23259114aed.tar.gz | |
Pullup ticket #3335 - requested by gls
comms/asterisk16: security update
Revisions pulled up:
- comms/asterisk16/Makefile 1.28-1.29
- comms/asterisk16/distinfo 1.19-1.20
- comms/asterisk16/patches/patch-aq 1.10
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Sun Jan 16 06:30:57 UTC 2011
Modified Files:
pkgsrc/comms/asterisk16: Makefile distinfo
pkgsrc/comms/asterisk16/patches: patch-aq
Log Message:
Update to 1.6.2.16:
The release of Asterisk 1.6.2.16 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix cache of device state changes for multiple servers.
(Closes issue #18284, #18280. Reported, tested by klaus3000. Patched,
tested
by russellb)
* Resolve issue where channel redirect function (CLI or AMI) hangs up
the call
instead of redirecting the call.
(Closes issue #18171. Reported by: SantaFox)
(Closes issue #18185. Reported by: kwemheuer)
(Closes issue #18211. Reported by: zahir_koradia)
(Closes issue #18230. Reported by: vmarrone)
(Closes issue #18299. Reported by: mbrevda)
(Closes issue #18322. Reported by: nerbos)
* Linux and *BSD disagree on the elements within the ucred structure. Detect
which one is in use on the system.
(Closes issue #18384. Reported, patched, tested by bjm, tilghman)
* app_followme: Don't create a Local channel if the target extension
does not
exist.
(Closes issue #18126. Reported, patched by junky)
* Revert code that changed SSRC for DTMF.
(Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou.
rsw686.
Tested by cmbaker82)
* Resolve issue where REGISTER request with a Call-ID matching an existing
transaction is received it was possible that the REGISTER request would
overwrite the initreq of the private structure.
(Closes issue #18051. Reported by eeman. Patched, tested by twilson)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.16
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Fri Jan 21 05:13:12 UTC 2011
Modified Files:
pkgsrc/comms/asterisk16: Makefile distinfo
Log Message:
Update to 1.6.2.16.1
This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 18, 2011
Advisory Contact Matthew Nicholson <mnicholson at digium.com>
CVE Name
Description When forming an outgoing SIP request while in pedantic
mode, a
stack buffer can be made to overflow if supplied with
carefully crafted caller ID information. This vulnerability
also affects the URIENCODE dialplan function and in some
versions of asterisk, the AGI dialplan application as well..
The ast_uri_encode function does not properly respect the
size
of its output buffer and can write past the end of it when
encoding URIs.
For full details, see:
http://downloads.digium.com/pub/security/AST-2011-001.html
| -rw-r--r-- | comms/asterisk16/Makefile | 4 | ||||
| -rw-r--r-- | comms/asterisk16/distinfo | 28 | ||||
| -rw-r--r-- | comms/asterisk16/patches/patch-aq | 157 |
3 files changed, 159 insertions, 30 deletions
diff --git a/comms/asterisk16/Makefile b/comms/asterisk16/Makefile index cf6c87f77d3..33a75261a25 100644 --- a/comms/asterisk16/Makefile +++ b/comms/asterisk16/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.27 2010/12/12 10:19:44 jnemeth Exp $ +# $NetBSD: Makefile,v 1.27.2.1 2011/01/25 12:43:16 tron Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked -DISTNAME= asterisk-1.6.2.15 +DISTNAME= asterisk-1.6.2.16.1 DIST_SUBDIR= ${PKGNAME_NOREV} DISTFILES= ${DEFAULT_DISTFILES} EXTRACT_ONLY= ${DISTNAME}.tar.gz diff --git a/comms/asterisk16/distinfo b/comms/asterisk16/distinfo index 28eb2ca631a..ad370ed0884 100644 --- a/comms/asterisk16/distinfo +++ b/comms/asterisk16/distinfo @@ -1,17 +1,17 @@ -$NetBSD: distinfo,v 1.18 2010/12/12 10:19:44 jnemeth Exp $ +$NetBSD: distinfo,v 1.18.2.1 2011/01/25 12:43:16 tron Exp $ -SHA1 (asterisk-1.6.2.15/asterisk-1.6.2.15.tar.gz) = ed439320d91c9a21acabb4ea142d3f4d1eb26f55 -RMD160 (asterisk-1.6.2.15/asterisk-1.6.2.15.tar.gz) = 910bd655a42d21969f17e07374ee4159f656e37e -Size (asterisk-1.6.2.15/asterisk-1.6.2.15.tar.gz) = 23717736 bytes -SHA1 (asterisk-1.6.2.15/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 -RMD160 (asterisk-1.6.2.15/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 -Size (asterisk-1.6.2.15/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes -SHA1 (asterisk-1.6.2.15/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 -RMD160 (asterisk-1.6.2.15/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 -Size (asterisk-1.6.2.15/extract-cfile.awk) = 667 bytes -SHA1 (asterisk-1.6.2.15/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 -RMD160 (asterisk-1.6.2.15/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 -Size (asterisk-1.6.2.15/rfc3951.txt) = 373442 bytes +SHA1 (asterisk-1.6.2.16.1/asterisk-1.6.2.16.1.tar.gz) = 43c6ce9c3e1461bd858dd283a5a8b4753323432c +RMD160 (asterisk-1.6.2.16.1/asterisk-1.6.2.16.1.tar.gz) = f34c759d1f47f4f55fc7468581251bc078a8c930 +Size (asterisk-1.6.2.16.1/asterisk-1.6.2.16.1.tar.gz) = 23707383 bytes +SHA1 (asterisk-1.6.2.16.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 +RMD160 (asterisk-1.6.2.16.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 +Size (asterisk-1.6.2.16.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes +SHA1 (asterisk-1.6.2.16.1/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 +RMD160 (asterisk-1.6.2.16.1/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 +Size (asterisk-1.6.2.16.1/extract-cfile.awk) = 667 bytes +SHA1 (asterisk-1.6.2.16.1/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 +RMD160 (asterisk-1.6.2.16.1/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 +Size (asterisk-1.6.2.16.1/rfc3951.txt) = 373442 bytes SHA1 (patch-aa) = 8c2a3c75adff34474c8f416bcea5842e771e4631 SHA1 (patch-af) = 09860d714281cb4c65d1a087cf5b16647a16e2fa SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5 @@ -22,7 +22,7 @@ SHA1 (patch-am) = 98aa4648b867d193ec05d8da14434205f369c17b SHA1 (patch-an) = 93a5df66fd6459fb76e9191dc3bf37b9ee5483b5 SHA1 (patch-ao) = 0663a698469550b22bb97ee1b18980bc2bc67495 SHA1 (patch-ap) = 309d51a35c600f4898d99ad6ab1c492c47c6a55a -SHA1 (patch-aq) = 450fd3c38bd0b7bf0152b7f457e2999f3ab183c6 +SHA1 (patch-aq) = b20c76de4385da836c627f5310c52beafcdf86d0 SHA1 (patch-ar) = 44e46336c0b228ab291e025b8bb5ee505f75345a SHA1 (patch-as) = a887d37f0829c22d115ff08721893da49e4bfda4 SHA1 (patch-at) = 7f366ea0075b16c81bb81ba78becc029b3265151 diff --git a/comms/asterisk16/patches/patch-aq b/comms/asterisk16/patches/patch-aq index e8846fc8f63..5522cb8b42a 100644 --- a/comms/asterisk16/patches/patch-aq +++ b/comms/asterisk16/patches/patch-aq @@ -1,13 +1,142 @@ -$NetBSD: patch-aq,v 1.9 2010/12/12 10:19:44 jnemeth Exp $ +$NetBSD: patch-aq,v 1.9.2.1 2011/01/25 12:43:16 tron Exp $ ---- configure.orig 2010-12-12 06:55:04.000000000 +0000 +--- configure.orig 2011-01-12 16:43:16.000000000 +0000 +++ configure -@@ -15148,6 +15148,17 @@ fi +@@ -21275,6 +21275,146 @@ fi -+ac_fn_c_check_header_mongrel "$LINENO" "sys/atomic.h" "ac_cv_header_sys_atomic_h" "$ac_includes_default" -+if test "x$ac_cv_header_sys_atomic_h" = x""yes; then : ++if test "${ac_cv_header_sys_atomic_h+set}" = set; then ++ { echo "$as_me:$LINENO: checking for sys/atomic.h" >&5 ++echo $ECHO_N "checking for sys/atomic.h... $ECHO_C" >&6; } ++if test "${ac_cv_header_sys_atomic_h+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++fi ++{ echo "$as_me:$LINENO: result: $ac_cv_header_sys_atomic_h" >&5 ++echo "${ECHO_T}$ac_cv_sys_atomic_h" >&6; } ++else ++ # Is the header compilable? ++{ echo "$as_me:$LINENO: checking sys/atomic.h usability" >&5 ++echo $ECHO_N "checking sys/atomic.h usability... $ECHO_C" >&6; } ++cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++$ac_includes_default ++#include <sys/atomic.h> ++_ACEOF ++rm -f conftest.$ac_objext ++if { (ac_try="$ac_compile" ++case "(($ac_try" in ++ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; ++ *) ac_try_echo=$ac_try;; ++esac ++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 ++ (eval "$ac_compile") 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } && { ++ test -z "$ac_c_werror_flag" || ++ test ! -s conftest.err ++ } && test -s conftest.$ac_objext; then ++ ac_header_compiler=yes ++else ++ echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ ac_header_compiler=no ++fi ++ ++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 ++echo "${ECHO_T}$ac_header_compiler" >&6; } ++ ++# Is the header present? ++{ echo "$as_me:$LINENO: checking sys/atomic.h presence" >&5 ++echo $ECHO_N "checking sys/atomic.h presence... $ECHO_C" >&6; } ++cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++#include <sys/atomic.h> ++_ACEOF ++if { (ac_try="$ac_cpp conftest.$ac_ext" ++case "(($ac_try" in ++ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; ++ *) ac_try_echo=$ac_try;; ++esac ++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5 ++ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } >/dev/null && { ++ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || ++ test ! -s conftest.err ++ }; then ++ ac_header_preproc=yes ++else ++ echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ ac_header_preproc=no ++fi ++ ++rm -f conftest.err conftest.$ac_ext ++{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 ++echo "${ECHO_T}$ac_header_preproc" >&6; } ++ ++# So? What about this header? ++case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in ++ yes:no: ) ++ { echo "$as_me:$LINENO: WARNING: sys/atomic.h: accepted by the compiler, rejected by the preprocessor!" >&5 ++echo "$as_me: WARNING: sys/atomic.h: accepted by the compiler, rejected by the preprocessor!" >&2;} ++ { echo "$as_me:$LINENO: WARNING: sys/atomic.h: proceeding with the compiler's result" >&5 ++echo "$as_me: WARNING: sys/atomic.h: proceeding with the compiler's result" >&2;} ++ ac_header_preproc=yes ++ ;; ++ no:yes:* ) ++ { echo "$as_me:$LINENO: WARNING: sys/atomic.h: present but cannot be compiled" >&5 ++echo "$as_me: WARNING: sys/atomic.h: present but cannot be compiled" >&2;} ++ { echo "$as_me:$LINENO: WARNING: libkern/OSAtomic.h: check for missing prerequisite headers?" >&5 ++echo "$as_me: WARNING: sys/atomic.h: check for missing prerequisite headers?" >&2;} ++ { echo "$as_me:$LINENO: WARNING: sys/atomic.h: see the Autoconf documentation" >&5 ++echo "$as_me: WARNING: sys/atomic.h: see the Autoconf documentation" >&2;} ++ { echo "$as_me:$LINENO: WARNING: sys/atomic.h: section \"Present But Cannot Be Compiled\"" >&5 ++echo "$as_me: WARNING: sys/atomic.h: section \"Present But Cannot Be Compiled\"" >&2;} ++ { echo "$as_me:$LINENO: WARNING: sys/atomic.h: proceeding with the preprocessor's result" >&5 ++echo "$as_me: WARNING: sys/atomic.h: proceeding with the preprocessor's result" >&2;} ++ { echo "$as_me:$LINENO: WARNING: sys/atomic.h: in the future, the compiler will take precedence" >&5 ++echo "$as_me: WARNING: sys/atomic.h: in the future, the compiler will take precedence" >&2;} ++ ( cat <<\_ASBOX ++## ------------------------------------------ ## ++## Report this to https://issues.asterisk.org ## ++## ------------------------------------------ ## ++_ASBOX ++ ) | sed "s/^/$as_me: WARNING: /" >&2 ++ ;; ++esac ++{ echo "$as_me:$LINENO: checking for sys/atomic.h" >&5 ++echo $ECHO_N "checking for sys/atomic.h... $ECHO_C" >&6; } ++if test "${ac_cv_header_sys_atomic_h+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ ac_cv_header_sys_atomic_h=$ac_header_preproc ++fi ++{ echo "$as_me:$LINENO: result: $ac_cv_header_sys_atomic_h" >&5 ++echo "${ECHO_T}$ac_cv_header_sys_atomic_h" >&6; } ++ ++fi ++if test $ac_cv_header_sys_atomic_h = yes; then + +cat >>confdefs.h <<_ACEOF +#define HAVE_SYS_ATOMIC_H 1 @@ -17,15 +146,15 @@ $NetBSD: patch-aq,v 1.9 2010/12/12 10:19:44 jnemeth Exp $ + + + - # The cast to long int works around a bug in the HP C Compiler - # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects - # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. -@@ -15981,6 +15992,8 @@ $as_echo_n "checking if \"struct ifaddrs - - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + { echo "$as_me:$LINENO: checking for int" >&5 + echo $ECHO_N "checking for int... $ECHO_C" >&6; } + if test "${ac_cv_type_int+set}" = set; then +@@ -24509,6 +24649,8 @@ _ACEOF + cat confdefs.h >>conftest.$ac_ext + cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ -+ #include <sys/types.h> -+ #include <sys/socket.h> - #include <ifaddrs.h> ++#include <sys/types.h> ++#include <sys/socket.h> + #include <ifaddrs.h> int main () |