diff options
author | jnemeth <jnemeth@pkgsrc.org> | 2011-07-05 08:42:56 +0000 |
---|---|---|
committer | jnemeth <jnemeth@pkgsrc.org> | 2011-07-05 08:42:56 +0000 |
commit | 33d1422458cf10841669dc1b710f2c7d05af6ac7 (patch) | |
tree | 49cb27d36ca2b6666f9bafbb7910cd665590f8ff /comms/asterisk18 | |
parent | 5b13bdee1f6cb1f2ba1692a423cfbd73e3128097 (diff) | |
download | pkgsrc-33d1422458cf10841669dc1b710f2c7d05af6ac7.tar.gz |
Update to Asterisk 1.8.4.4 (fixes AST-2011-011):
Asterisk Project Security Advisory - AST-2011-011
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Possible enumeration of SIP users due to |
| | differing authentication responses |
|--------------------+---------------------------------------------------|
| Nature of Advisory | Unauthorized data disclosure |
|--------------------+---------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|--------------------+---------------------------------------------------|
| Severity | Moderate |
|--------------------+---------------------------------------------------|
| Exploits Known | No |
|--------------------+---------------------------------------------------|
| CVE Name | CVE-2011-2536 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | Asterisk may respond differently to SIP requests from an |
| | invalid SIP user than it does to a user configured on |
| | the system, even when the alwaysauthreject option is set |
| | in the configuration. This can leak information about |
| | what SIP users are valid on the Asterisk system. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Respond to SIP requests from invalid and valid SIP users |
| | in the same way. Asterisk 1.4 and 1.6.2 do not respond |
| | identically by default due to backward-compatibility |
| | reasons, and must have alwaysauthreject=yes set in |
| | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes. |
| | |
| | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4 |
| | and 1.6.2 set alwaysauthreject=yes in the general section |
| | of sip.conf. |
+------------------------------------------------------------------------+
Diffstat (limited to 'comms/asterisk18')
-rw-r--r-- | comms/asterisk18/Makefile | 4 | ||||
-rw-r--r-- | comms/asterisk18/PLIST | 5 | ||||
-rw-r--r-- | comms/asterisk18/distinfo | 26 |
3 files changed, 19 insertions, 16 deletions
diff --git a/comms/asterisk18/Makefile b/comms/asterisk18/Makefile index e2f98254704..b3f5035e359 100644 --- a/comms/asterisk18/Makefile +++ b/comms/asterisk18/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.9 2011/06/09 09:17:27 jnemeth Exp $ +# $NetBSD: Makefile,v 1.10 2011/07/05 08:42:56 jnemeth Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked -DISTNAME= asterisk-1.8.4.2 +DISTNAME= asterisk-1.8.4.4 DIST_SUBDIR= ${PKGNAME_NOREV} DISTFILES= ${DEFAULT_DISTFILES} EXTRACT_ONLY= ${DISTNAME}.tar.gz diff --git a/comms/asterisk18/PLIST b/comms/asterisk18/PLIST index fdaa9aa8290..9f330981d2a 100644 --- a/comms/asterisk18/PLIST +++ b/comms/asterisk18/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.4 2011/06/09 09:17:27 jnemeth Exp $ +@comment $NetBSD: PLIST,v 1.5 2011/07/05 08:42:56 jnemeth Exp $ include/asterisk.h include/asterisk/_private.h include/asterisk/abstract_jb.h @@ -2237,6 +2237,9 @@ share/examples/asterisk/vpb.conf share/examples/rc.d/asterisk ${PLIST.webvmail}share/httpd/htdocs/_asterisk/animlogo.gif ${PLIST.webvmail}share/httpd/htdocs/_asterisk/play.gif +@pkgdir libdata/asterisk/sounds/fr +@pkgdir libdata/asterisk/sounds/es +@pkgdir libdata/asterisk/sounds/en_AU @pkgdir libdata/asterisk/keys @pkgdir libdata/asterisk/firmware/iax @pkgdir libdata/asterisk/documentation/thirdparty diff --git a/comms/asterisk18/distinfo b/comms/asterisk18/distinfo index 0266467b411..b5e9191b2ac 100644 --- a/comms/asterisk18/distinfo +++ b/comms/asterisk18/distinfo @@ -1,17 +1,17 @@ -$NetBSD: distinfo,v 1.10 2011/06/09 09:17:27 jnemeth Exp $ +$NetBSD: distinfo,v 1.11 2011/07/05 08:42:56 jnemeth Exp $ -SHA1 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = f5fc8c0c4343ec1d6831b1810602d223af8dc9c9 -RMD160 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 403829a2fcd5f63c2a99e141442cc98fd69f4deb -Size (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 27012984 bytes -SHA1 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 -RMD160 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 -Size (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes -SHA1 (asterisk-1.8.4.2/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 -RMD160 (asterisk-1.8.4.2/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 -Size (asterisk-1.8.4.2/extract-cfile.awk) = 667 bytes -SHA1 (asterisk-1.8.4.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 -RMD160 (asterisk-1.8.4.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 -Size (asterisk-1.8.4.2/rfc3951.txt) = 373442 bytes +SHA1 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 07d3ae5744e2dd10c5d9564b503690f3f0b84d96 +RMD160 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = c95cab1b24547f1abd229dcf323cc7ed0b0b36a0 +Size (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 27326189 bytes +SHA1 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 +RMD160 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 +Size (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes +SHA1 (asterisk-1.8.4.4/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 +RMD160 (asterisk-1.8.4.4/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 +Size (asterisk-1.8.4.4/extract-cfile.awk) = 667 bytes +SHA1 (asterisk-1.8.4.4/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 +RMD160 (asterisk-1.8.4.4/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 +Size (asterisk-1.8.4.4/rfc3951.txt) = 373442 bytes SHA1 (patch-aa) = cb3a463c51abff717d960ad70f3c13beefe6d5f4 SHA1 (patch-af) = ebad62fcb31b600d30235cc5e93284c93b2c8af9 SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5 |