Pullup ticket #4572 - requested by jnemeth

comms/asterisk: security update

Revisions pulled up:
- comms/asterisk/Makefile                                       1.116
- comms/asterisk/distinfo                                       1.70

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Fri Dec 12 22:12:56 UTC 2014

   Modified Files:
           pkgsrc/comms/asterisk: Makefile distinfo

   Log Message:
   Update to Asterisk 11.14.2: this is a security fix release.

   The Asterisk Development Team has announced security releases for
   Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
   security releases are released as versions 11.6-cert9, 11.14.2,
   12.7.2, and 13.0.2.

   The release of these versions resolves the following security vulnerability:

   * AST-2014-019: Remote Crash Vulnerability in WebSocket Server

     When handling a WebSocket frame the res_http_websocket module
     dynamically changes the size of the memory used to allow the
     provided payload to fit. If a payload length of zero was received
     the code would incorrectly attempt to resize to zero. This
     operation would succeed and end up freeing the memory but be
     treated as a failure. When the session was subsequently torn down
     this memory would get freed yet again causing a crash.

   For more information about the details of this vulnerability, please read
   security advisory AST-2014-019, which was released at the same time as this
   announcement.

   For a full list of changes in the current releases, please see the Change Logs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2

   The security advisory is available at:

   * http://downloads.asterisk.org/pub/security/AST-2014-019.pdf

   Thank you for your continued support of Asterisk!

2 files changed, 9 insertions, 9 deletions

diff --git a/comms/asterisk/Makefile b/comms/asterisk/Makefile
index 75a83c26a93..b4b9d16f99d 100644
--- a/comms/asterisk/Makefile
+++ b/comms/asterisk/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.111.2.1 2014/12/06 16:57:53 tron Exp $
+# $NetBSD: Makefile,v 1.111.2.2 2014/12/14 09:52:57 tron Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked
 
-DISTNAME=	asterisk-11.14.1
+DISTNAME=	asterisk-11.14.2
 DIST_SUBDIR=	${PKGNAME_NOREV}
 DISTFILES=	${DEFAULT_DISTFILES}
 EXTRACT_ONLY=	${DISTNAME}.tar.gz
diff --git a/comms/asterisk/distinfo b/comms/asterisk/distinfo
index 5b2f5f8043e..e9cefc9ab05 100644
--- a/comms/asterisk/distinfo
+++ b/comms/asterisk/distinfo
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.66.2.1 2014/12/06 16:57:53 tron Exp $
+$NetBSD: distinfo,v 1.66.2.2 2014/12/14 09:52:57 tron Exp $
 
-SHA1 (asterisk-11.14.1/asterisk-11.14.1.tar.gz) = 10f1ac8c282bbb99c07eaa13c93f994294dd552f
-RMD160 (asterisk-11.14.1/asterisk-11.14.1.tar.gz) = 6f7bcde4be32a35bfc9b5c23c6f021fcfc52e205
-Size (asterisk-11.14.1/asterisk-11.14.1.tar.gz) = 34966823 bytes
-SHA1 (asterisk-11.14.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050
-RMD160 (asterisk-11.14.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150
-Size (asterisk-11.14.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes
+SHA1 (asterisk-11.14.2/asterisk-11.14.2.tar.gz) = 92c1d5e37bc0978351045fcb09075035077ab3da
+RMD160 (asterisk-11.14.2/asterisk-11.14.2.tar.gz) = 63fadeca5f8351e55559e8933077fa1a8655e700
+Size (asterisk-11.14.2/asterisk-11.14.2.tar.gz) = 34967655 bytes
+SHA1 (asterisk-11.14.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050
+RMD160 (asterisk-11.14.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150
+Size (asterisk-11.14.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes
 SHA1 (patch-Makefile) = ed581d46026e8e89ed8be374c7085efca19911d2
 SHA1 (patch-apps_app__confbridge.c) = c815905994355a19c32e8e3e2eb5dc9f1679eb29
 SHA1 (patch-apps_app__dial.c) = 0f78d2571af88384a2d472ece08bf4b06f9ad211