diff options
author | jnemeth <jnemeth@pkgsrc.org> | 2016-09-23 19:16:29 +0000 |
---|---|---|
committer | jnemeth <jnemeth@pkgsrc.org> | 2016-09-23 19:16:29 +0000 |
commit | 1d0ef9ac9905a2e7d2d6372a11bb3697654d32cf (patch) | |
tree | 2e731be27bae153dd6ab48fc62535ee291fb35e8 /comms/asterisk | |
parent | 8f0d4bfde3237338209978cec65c391a993ee9e9 (diff) | |
download | pkgsrc-1d0ef9ac9905a2e7d2d6372a11bb3697654d32cf.tar.gz |
Update to Asterisk 11.23.1: this is a security fix release to fix
AST-2016-007. Note that on Oct. 25th, this branch of Asterisk will
switch to security fixes, and one year later it will read end-of-life.
pkgsrc changes:
- don't use gethostbyname_r on NetBSD
- eliminate conflict with new hmac(1) function on NetBSd
----- AST-2016-007
The overlap dialing feature in chan_sip allows chan_sip to report
to a device that the number that has been dialed is incomplete and
more digits are required. If this functionality is used with a
device that has performed username/password authentication RTP
resources are leaked. This occurs because the code fails to release
the old RTP resources before allocating new ones in this scenario.
If all resources are used then RTP port exhaustion will occur and
no RTP sessions are able to be set up.
Diffstat (limited to 'comms/asterisk')
-rw-r--r-- | comms/asterisk/Makefile | 12 | ||||
-rw-r--r-- | comms/asterisk/distinfo | 23 | ||||
-rw-r--r-- | comms/asterisk/patches/patch-configure | 31 | ||||
-rw-r--r-- | comms/asterisk/patches/patch-configure.ac | 11 | ||||
-rw-r--r-- | comms/asterisk/patches/patch-include_asterisk_sha1.h | 131 |
5 files changed, 154 insertions, 54 deletions
diff --git a/comms/asterisk/Makefile b/comms/asterisk/Makefile index ce9312124c5..2ad2849fe48 100644 --- a/comms/asterisk/Makefile +++ b/comms/asterisk/Makefile @@ -1,11 +1,10 @@ -# $NetBSD: Makefile,v 1.140 2016/08/03 10:22:34 adam Exp $ +# $NetBSD: Makefile,v 1.141 2016/09/23 19:16:29 jnemeth Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked; look win ${WRKSRC}/sounds/Makefile # to find out the current sound file versions -DISTNAME= asterisk-11.23.0 -PKGREVISION= 1 +DISTNAME= asterisk-11.23.1 CATEGORIES= comms net audio MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ @@ -165,6 +164,13 @@ SUBST_STAGE.pktinfo= post-configure SUBST_FILES.pktinfo= include/asterisk/autoconfig.h SUBST_SED.pktinfo= -e "s|^\#define HAVE_PKTINFO 1|\#undef HAVE_PKTINFO|" +# XXX gross hack, gethostbyname_r on NETBSD is for internal use only +SUBST_CLASSES.NetBSD+= gethostbyname_r +SUBST_STAGE.gethostbyname_r= post-configure +SUBST_FILES.gethostbyname_r= include/asterisk/autoconfig.h +SUBST_SED.gethostbyname_r= -e "s|^\#define HAVE_GETHOSTBYNAME_R_5 1|\#undef HAVE_GETHOSTBYNAME_R_5|" +SUBST_SED.gethostbyname_r+= -e "s|^\#define HAVE_GETHOSTBYNAME_R_6 1|\#undef HAVE_GETHOSTBYNAME_R_6|" + RCD_SCRIPTS= asterisk OWN_DIRS_PERMS+= ${ASTDBDIR} ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 OWN_DIRS_PERMS+= ${ASTSPOOLDIR} ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 diff --git a/comms/asterisk/distinfo b/comms/asterisk/distinfo index 66b16964399..f09da264123 100644 --- a/comms/asterisk/distinfo +++ b/comms/asterisk/distinfo @@ -1,13 +1,13 @@ -$NetBSD: distinfo,v 1.79 2016/07/23 08:27:44 jnemeth Exp $ +$NetBSD: distinfo,v 1.80 2016/09/23 19:16:29 jnemeth Exp $ -SHA1 (asterisk-11.23.0/asterisk-11.23.0.tar.gz) = 2bdcf8fd08a94c03372eb165ba0e64717657d01e -RMD160 (asterisk-11.23.0/asterisk-11.23.0.tar.gz) = d416b0d14f339d032e504e4b490351ad8a0df228 -SHA512 (asterisk-11.23.0/asterisk-11.23.0.tar.gz) = 1510eadf67531408df9b25e0fe546a78dcb6cbfecda37390037598bba2627de4810b5288314d425518e23b2007ff785c5e4c952f784a6cd6ba2ff04389894112 -Size (asterisk-11.23.0/asterisk-11.23.0.tar.gz) = 35110947 bytes -SHA1 (asterisk-11.23.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 831ae6442e23cbef1e7d1c84798778ad0b0524d1 -RMD160 (asterisk-11.23.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = d52df795201c53fc4cd7d99ed41516e312f6f0f3 -SHA512 (asterisk-11.23.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = c7d3c3fd2c854e6776801312d34bf69bbed78a443c16121637f508c5275f18b1d415cbb6e4f6f8c5aa3769cbbfa1a11485b9972053777f3ac39256c2c81729f1 -Size (asterisk-11.23.0/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 4256538 bytes +SHA1 (asterisk-11.23.1/asterisk-11.23.1.tar.gz) = cae7aa5a7e1515928a255f5bd3715f67c13285d3 +RMD160 (asterisk-11.23.1/asterisk-11.23.1.tar.gz) = e789fc326db6771e3a865516241dbc47ecb73fd7 +SHA512 (asterisk-11.23.1/asterisk-11.23.1.tar.gz) = 6d067ea86a7c050b19e29d6ea25aefd23c3f32bb7d334f4e3c74bcaedaf21e4faeeab71b4fd260fc39f3e12f645c3bf89737f4c2d16f988cc66f93d4e47f80a7 +Size (asterisk-11.23.1/asterisk-11.23.1.tar.gz) = 35098451 bytes +SHA1 (asterisk-11.23.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 831ae6442e23cbef1e7d1c84798778ad0b0524d1 +RMD160 (asterisk-11.23.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = d52df795201c53fc4cd7d99ed41516e312f6f0f3 +SHA512 (asterisk-11.23.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = c7d3c3fd2c854e6776801312d34bf69bbed78a443c16121637f508c5275f18b1d415cbb6e4f6f8c5aa3769cbbfa1a11485b9972053777f3ac39256c2c81729f1 +Size (asterisk-11.23.1/asterisk-extra-sounds-en-gsm-1.5.tar.gz) = 4256538 bytes SHA1 (patch-Makefile) = 5fd774779d3c8d85936beca8a3407dd3011af2dc SHA1 (patch-addons_chan__ooh323.c) = 57f61a2edf0f9f022e03837230ee572ec9cf47b4 SHA1 (patch-apps_app__confbridge.c) = c815905994355a19c32e8e3e2eb5dc9f1679eb29 @@ -29,14 +29,15 @@ SHA1 (patch-channels_chan__oss.c) = 0be259a83c4425d08b693a54c43896da039df721 SHA1 (patch-channels_chan__sip.c) = abde08da0038ae87401f682df9140ba0fb6e4557 SHA1 (patch-channels_sip_sdp__crypto.c) = decb6cfe0d6893db912a9087b2155c225db5e1e8 SHA1 (patch-codecs_codec__dahdi.c) = f412e1f60cb49076b8cabcd747c0f0168f1fa9e7 -SHA1 (patch-configure) = 21958865e2edac21723472fcd74c9fffc338c938 -SHA1 (patch-configure.ac) = 0d74aeb75f6ef59256e6228cd20b231039e98afc +SHA1 (patch-configure) = 7138e0c99c17f01298787e504fa1594b5bdb8572 +SHA1 (patch-configure.ac) = 4acdf055e402c810a7e40af9ab8d6afafee60764 SHA1 (patch-contrib_scripts_vmail.cgi) = 650b9bbf3e322d1ad351932cfe6f747baa8f35e4 SHA1 (patch-funcs_func__env.c) = 30ec2c804ea69c4825fe0a888f9e982c7418c528 SHA1 (patch-funcs_func__strings.c) = 4c1db693d845691492b77bbf489764d362de2087 SHA1 (patch-include_asterisk_autoconfig.h.in) = 09a8f8d5398612fdadba25f221b16c19429f81e2 SHA1 (patch-include_asterisk_endian.h) = 41c1a9a9e02fe394bc9261f5559e931b1378ea28 SHA1 (patch-include_asterisk_lock.h) = cb1404e56de4708836091c224df439158119764c +SHA1 (patch-include_asterisk_sha1.h) = ff5a0cdf3423cfa1b95e0215924a88db0d95331f SHA1 (patch-include_asterisk_strings.h) = fc5987a98429ca470f7e9bdcf170d49b0c1f3407 SHA1 (patch-include_asterisk_utils.h) = 07e70fe0adf39cd9a7f94c735b9a3fa72ae3df89 SHA1 (patch-main_Makefile) = 5f9238a528d2b96777e17a4ac6d3e7876dfffb98 diff --git a/comms/asterisk/patches/patch-configure b/comms/asterisk/patches/patch-configure index 1d794a364a0..9f42da3f28d 100644 --- a/comms/asterisk/patches/patch-configure +++ b/comms/asterisk/patches/patch-configure @@ -1,4 +1,4 @@ -$NetBSD: patch-configure,v 1.5 2015/10/27 08:49:01 jnemeth Exp $ +$NetBSD: patch-configure,v 1.6 2016/09/23 19:16:29 jnemeth Exp $ --- configure.orig 2015-10-09 22:23:39.000000000 +0000 +++ configure @@ -20,35 +20,6 @@ $NetBSD: patch-configure,v 1.5 2015/10/27 08:49:01 jnemeth Exp $ do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" -@@ -14645,7 +14645,7 @@ rm -f core conftest.err conftest.$ac_obj - LDFLAGS=${old_LDFLAGS} - rm -f conftest.dynamics - --ac_fn_c_check_header_mongrel "$LINENO" "sys/poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default" -+ac_fn_c_check_header_mongrel "$LINENO" "poll.h" "ac_cv_header_sys_poll_h" "$ac_includes_default" - if test "x$ac_cv_header_sys_poll_h" = xyes; then : - HAS_POLL=1 - -@@ -16459,16 +16459,16 @@ if $(${CC} -march=native -S -o /dev/null - if test "${CONFIG_CFLAGS}" = ""; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 - $as_echo "yes" >&6; } -- AST_NATIVE_ARCH=1 -+ AST_NATIVE_ARCH=0 - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: user CFLAGS present" >&5 - $as_echo "user CFLAGS present" >&6; } -- AST_NATIVE_ARCH= -+ AST_NATIVE_ARCH=0 - fi - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 - $as_echo "no" >&6; } -- AST_NATIVE_ARCH= -+ AST_NATIVE_ARCH=0 - fi - - @@ -16968,6 +16968,148 @@ fi diff --git a/comms/asterisk/patches/patch-configure.ac b/comms/asterisk/patches/patch-configure.ac index de95ab0947e..5c19a6a1af2 100644 --- a/comms/asterisk/patches/patch-configure.ac +++ b/comms/asterisk/patches/patch-configure.ac @@ -1,4 +1,4 @@ -$NetBSD: patch-configure.ac,v 1.3 2015/10/27 08:49:01 jnemeth Exp $ +$NetBSD: patch-configure.ac,v 1.4 2016/09/23 19:16:29 jnemeth Exp $ --- configure.ac.orig 2015-10-09 22:23:39.000000000 +0000 +++ configure.ac @@ -32,15 +32,6 @@ $NetBSD: patch-configure.ac,v 1.3 2015/10/27 08:49:01 jnemeth Exp $ ) AC_ARG_ENABLE([internal-poll], -@@ -1049,7 +1049,7 @@ if $(${CC} -march=native -S -o /dev/null - fi - else - AC_MSG_RESULT(no) -- AST_NATIVE_ARCH= -+ AST_NATIVE_ARCH=0 - fi - AC_SUBST(AST_NATIVE_ARCH) - @@ -1162,6 +1162,9 @@ AST_C_DEFINE_CHECK([IP_MTU_DISCOVER], [I AC_CHECK_HEADER([libkern/OSAtomic.h], [AC_DEFINE_UNQUOTED([HAVE_OSX_ATOMICS], 1, [Define to 1 if OSX atomic operations are supported.])]) diff --git a/comms/asterisk/patches/patch-include_asterisk_sha1.h b/comms/asterisk/patches/patch-include_asterisk_sha1.h new file mode 100644 index 00000000000..585b5d159cb --- /dev/null +++ b/comms/asterisk/patches/patch-include_asterisk_sha1.h @@ -0,0 +1,131 @@ +$NetBSD: patch-include_asterisk_sha1.h,v 1.1 2016/09/23 19:16:29 jnemeth Exp $ + +--- include/asterisk/sha1.h.orig 2016-09-08 16:28:35.000000000 +0000 ++++ include/asterisk/sha1.h +@@ -191,49 +191,6 @@ typedef struct SHA256Context SHA224Conte + typedef struct SHA512Context SHA384Context; + + /* +- * This structure holds context information for all SHA +- * hashing operations. +- */ +-typedef struct USHAContext { +- int whichSha; /* which SHA is being used */ +- union { +- SHA1Context sha1Context; +- SHA224Context sha224Context; SHA256Context sha256Context; +- SHA384Context sha384Context; SHA512Context sha512Context; +- } ctx; +-} USHAContext; +- +-/* +- * This structure will hold context information for the HMAC +- * keyed-hashing operation. +- */ +-typedef struct HMACContext { +- int whichSha; /* which SHA is being used */ +- int hashSize; /* hash size of SHA being used */ +- int blockSize; /* block size of SHA being used */ +- USHAContext shaContext; /* SHA context */ +- unsigned char k_opad[USHA_Max_Message_Block_Size]; +- /* outer padding - key XORd with opad */ +- int Computed; /* Is the MAC computed? */ +- int Corrupted; /* Cumulative corruption code */ +- +-} HMACContext; +- +-/* +- * This structure will hold context information for the HKDF +- * extract-and-expand Key Derivation Functions. +- */ +-typedef struct HKDFContext { +- int whichSha; /* which SHA is being used */ +- HMACContext hmacContext; +- int hashSize; /* hash size of SHA being used */ +- unsigned char prk[USHAMaxHashSize]; +- /* pseudo-random key - output of hkdfInput */ +- int Computed; /* Is the key material computed? */ +- int Corrupted; /* Cumulative corruption code */ +-} HKDFContext; +- +-/* + * Function Prototypes + */ + +@@ -281,76 +238,6 @@ extern int SHA512FinalBits(SHA512Context + extern int SHA512Result(SHA512Context *, + uint8_t Message_Digest[SHA512HashSize]); + +-/* Unified SHA functions, chosen by whichSha */ +-extern int USHAReset(USHAContext *context, SHAversion whichSha); +-extern int USHAInput(USHAContext *context, +- const uint8_t *bytes, unsigned int bytecount); +-extern int USHAFinalBits(USHAContext *context, +- uint8_t bits, unsigned int bit_count); +-extern int USHAResult(USHAContext *context, +- uint8_t Message_Digest[USHAMaxHashSize]); +-extern int USHABlockSize(enum SHAversion whichSha); +-extern int USHAHashSize(enum SHAversion whichSha); +-extern int USHAHashSizeBits(enum SHAversion whichSha); +-extern const char *USHAHashName(enum SHAversion whichSha); +- +-/* +- * HMAC Keyed-Hashing for Message Authentication, RFC 2104, +- * for all SHAs. +- * This interface allows a fixed-length text input to be used. +- */ +-extern int hmac(SHAversion whichSha, /* which SHA algorithm to use */ +- const unsigned char *text, /* pointer to data stream */ +- int text_len, /* length of data stream */ +- const unsigned char *key, /* pointer to authentication key */ +- int key_len, /* length of authentication key */ +- uint8_t digest[USHAMaxHashSize]); /* caller digest to fill in */ +- +-/* +- * HMAC Keyed-Hashing for Message Authentication, RFC 2104, +- * for all SHAs. +- * This interface allows any length of text input to be used. +- */ +-extern int hmacReset(HMACContext *context, enum SHAversion whichSha, +- const unsigned char *key, int key_len); +-extern int hmacInput(HMACContext *context, const unsigned char *text, +- int text_len); +-extern int hmacFinalBits(HMACContext *context, uint8_t bits, +- unsigned int bit_count); +-extern int hmacResult(HMACContext *context, +- uint8_t digest[USHAMaxHashSize]); +- +-/* +- * HKDF HMAC-based Extract-and-Expand Key Derivation Function, +- * RFC 5869, for all SHAs. +- */ +-extern int hkdf(SHAversion whichSha, const unsigned char *salt, +- int salt_len, const unsigned char *ikm, int ikm_len, +- const unsigned char *info, int info_len, +- uint8_t okm[ ], int okm_len); +-extern int hkdfExtract(SHAversion whichSha, const unsigned char *salt, +- int salt_len, const unsigned char *ikm, +- int ikm_len, uint8_t prk[USHAMaxHashSize]); +-extern int hkdfExpand(SHAversion whichSha, const uint8_t prk[ ], +- int prk_len, const unsigned char *info, +- int info_len, uint8_t okm[ ], int okm_len); +- +-/* +- * HKDF HMAC-based Extract-and-Expand Key Derivation Function, +- * RFC 5869, for all SHAs. +- * This interface allows any length of text input to be used. +- */ +-extern int hkdfReset(HKDFContext *context, enum SHAversion whichSha, +- const unsigned char *salt, int salt_len); +-extern int hkdfInput(HKDFContext *context, const unsigned char *ikm, +- int ikm_len); +-extern int hkdfFinalBits(HKDFContext *context, uint8_t ikm_bits, +- unsigned int ikm_bit_count); +-extern int hkdfResult(HKDFContext *context, +- uint8_t prk[USHAMaxHashSize], +- const unsigned char *info, int info_len, +- uint8_t okm[USHAMaxHashSize], int okm_len); +- + /************************ sha-private.h ************************/ + /***************** See RFC 6234 for details. *******************/ + /* |