diff options
| author | jnemeth <jnemeth> | 2009-11-20 04:30:08 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth> | 2009-11-20 04:30:08 +0000 |
| commit | 46f674488233d6849caec2b7e51e1383bce96371 (patch) | |
| tree | 46150bec3ef2d015aa40d7b511e66bbbe77dc4c3 /comms/asterisk16 | |
| parent | 728621ed9baf827b18d8d2b7c19d3572aba68eb5 (diff) | |
| download | pkgsrc-46f674488233d6849caec2b7e51e1383bce96371.tar.gz | |
Fix three security advisories by updating to Asterisk 1.6.1.9
and update PLIST for new Music On Hold files.
1.6.1.8 fixes AST-2009-007.
-----
A missing ACL check for handling SIP INVITEs allows a device to
make calls on networks intended to be prohibited as defined by the
"deny" and "permit" lines in sip.conf. The ACL check for handling
SIP registrations was not affected.
-----
1.6.1.9 fixes AST-2009-008 and AST-2009-009.
-----
It is possible to determine if a peer with a specific name is
configured in Asterisk by sending a specially crafted REGISTER
message twice. The username that is to be checked is put in the
user portion of the URI in the To header. A bogus non-matching
value is put into the username portion of the Digest in the
Authorization header. If the peer does exist the second REGISTER
will receive a response of 403 Authentication user name does not
match account name. If the peer does not exist the response will
be 404 Not Found if alwaysauthreject is disabled and 401 Unauthorized
if alwaysauthreject is enabled.
-----
Asterisk includes a demonstration AJAX based manager interface,
ajamdemo.html which uses the prototype.js framework. An issue was
uncovered in this framework which could allow someone to execute
a cross-site AJAX request exploit.
Diffstat (limited to 'comms/asterisk16')
| -rw-r--r-- | comms/asterisk16/Makefile | 4 | ||||
| -rw-r--r-- | comms/asterisk16/PLIST | 8 | ||||
| -rw-r--r-- | comms/asterisk16/distinfo | 20 |
3 files changed, 16 insertions, 16 deletions
diff --git a/comms/asterisk16/Makefile b/comms/asterisk16/Makefile index 53b3fe1b70a..0812ac80ba0 100644 --- a/comms/asterisk16/Makefile +++ b/comms/asterisk16/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.7 2009/09/14 08:44:51 jnemeth Exp $ +# $NetBSD: Makefile,v 1.8 2009/11/20 04:30:08 jnemeth Exp $ # -DISTNAME= asterisk-1.6.1.6 +DISTNAME= asterisk-1.6.1.9 DIST_SUBDIR= ${PKGNAME_NOREV} EXTRACT_ONLY= ${DISTNAME}.tar.gz CATEGORIES= comms net audio diff --git a/comms/asterisk16/PLIST b/comms/asterisk16/PLIST index 6a92b894fc6..09672bdfd14 100644 --- a/comms/asterisk16/PLIST +++ b/comms/asterisk16/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.6 2009/09/14 08:44:51 jnemeth Exp $ +@comment $NetBSD: PLIST,v 1.7 2009/11/20 04:30:08 jnemeth Exp $ include/asterisk.h include/asterisk/_private.h include/asterisk/abstract_jb.h @@ -272,9 +272,9 @@ libdata/asterisk/images/kpad2.jpg libdata/asterisk/keys/freeworlddialup.pub libdata/asterisk/keys/iaxtel.pub libdata/asterisk/moh/.asterisk-moh-opsound-wav -libdata/asterisk/moh/CHANGES-asterisk-moh-opsound-2.01 -libdata/asterisk/moh/CREDITS-asterisk-moh-opsound-2.01 -libdata/asterisk/moh/LICENSE-asterisk-moh-opsound-2.01 +libdata/asterisk/moh/CHANGES-asterisk-moh-opsound-wav +libdata/asterisk/moh/CREDITS-asterisk-moh-opsound-wav +libdata/asterisk/moh/LICENSE-asterisk-moh-opsound-wav libdata/asterisk/moh/macroform-cold_day.wav libdata/asterisk/moh/macroform-robot_dity.wav libdata/asterisk/moh/macroform-the_simplicity.wav diff --git a/comms/asterisk16/distinfo b/comms/asterisk16/distinfo index 9bf5d2df29a..b11503c9545 100644 --- a/comms/asterisk16/distinfo +++ b/comms/asterisk16/distinfo @@ -1,14 +1,14 @@ -$NetBSD: distinfo,v 1.7 2009/09/14 08:44:51 jnemeth Exp $ +$NetBSD: distinfo,v 1.8 2009/11/20 04:30:08 jnemeth Exp $ -SHA1 (asterisk-1.6.1.6/asterisk-1.6.1.6.tar.gz) = 79a9a3635fdf2e8422dadabd9f05da3329e60dc1 -RMD160 (asterisk-1.6.1.6/asterisk-1.6.1.6.tar.gz) = adbf359540099930c9694c5c6003c1ffbe424847 -Size (asterisk-1.6.1.6/asterisk-1.6.1.6.tar.gz) = 23420613 bytes -SHA1 (asterisk-1.6.1.6/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 -RMD160 (asterisk-1.6.1.6/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 -Size (asterisk-1.6.1.6/extract-cfile.awk) = 667 bytes -SHA1 (asterisk-1.6.1.6/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 -RMD160 (asterisk-1.6.1.6/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 -Size (asterisk-1.6.1.6/rfc3951.txt) = 373442 bytes +SHA1 (asterisk-1.6.1.9/asterisk-1.6.1.9.tar.gz) = 411da99cac652f5fedae0780a4bfc1aed51bdb29 +RMD160 (asterisk-1.6.1.9/asterisk-1.6.1.9.tar.gz) = f7c0b4e50fa76a9ee8a954be7cafa234279532c4 +Size (asterisk-1.6.1.9/asterisk-1.6.1.9.tar.gz) = 23427875 bytes +SHA1 (asterisk-1.6.1.9/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 +RMD160 (asterisk-1.6.1.9/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 +Size (asterisk-1.6.1.9/extract-cfile.awk) = 667 bytes +SHA1 (asterisk-1.6.1.9/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 +RMD160 (asterisk-1.6.1.9/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 +Size (asterisk-1.6.1.9/rfc3951.txt) = 373442 bytes SHA1 (patch-aa) = 43843bb97a88a648040fc6288a74d79561e5edf5 SHA1 (patch-af) = 09860d714281cb4c65d1a087cf5b16647a16e2fa SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5 |