summaryrefslogtreecommitdiff
path: root/comms/asterisk
diff options
context:
space:
mode:
authorjnemeth <jnemeth@pkgsrc.org>2015-01-29 21:54:33 +0000
committerjnemeth <jnemeth@pkgsrc.org>2015-01-29 21:54:33 +0000
commitbbe240da5ee299cd562e8f369e2952cebaac99af (patch)
tree7a7d580eef558afd94f820b45b82a44409fd2262 /comms/asterisk
parent2342a359ba4e212d808e28f78948d180f6dfbffa (diff)
downloadpkgsrc-bbe240da5ee299cd562e8f369e2952cebaac99af.tar.gz
Update to Asterisk 11.15.1: this is a security fix.
pkgsrc change: adapt to splitting up of speex The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10, 11.15.1, 12.8.1, and 13.1.1. The release of these versions resolves the following security vulnerabilities: * AST-2015-001: File descriptor leak when incompatible codecs are offered Asterisk may be configured to only allow specific audio or video codecs to be used when communicating with a particular endpoint. When an endpoint sends an SDP offer that only lists codecs not allowed by Asterisk, the offer is rejected. However, in this case, RTP ports that are allocated in the process are not reclaimed. This issue only affects the PJSIP channel driver in Asterisk. Users of the chan_sip channel driver are not affected. * AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability CVE-2014-8150 reported an HTTP request injection vulnerability in libcURL. Asterisk uses libcURL in its func_curl.so module (the CURL() dialplan function), as well as its res_config_curl.so (cURL realtime backend) modules. Since Asterisk may be configured to allow for user-supplied URLs to be passed to libcURL, it is possible that an attacker could use Asterisk as an attack vector to inject unauthorized HTTP requests if the version of libcURL installed on the Asterisk server is affected by CVE-2014-8150. For more information about the details of these vulnerabilities, please read security advisory AST-2015-001 and AST-2015-002, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2015-001.pdf * http://downloads.asterisk.org/pub/security/AST-2015-002.pdf Thank you for your continued support of Asterisk!
Diffstat (limited to 'comms/asterisk')
-rw-r--r--comms/asterisk/Makefile4
-rw-r--r--comms/asterisk/distinfo14
-rw-r--r--comms/asterisk/options.mk3
3 files changed, 11 insertions, 10 deletions
diff --git a/comms/asterisk/Makefile b/comms/asterisk/Makefile
index 0d284710f75..7b43fe1ec0d 100644
--- a/comms/asterisk/Makefile
+++ b/comms/asterisk/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.117 2014/12/16 01:00:22 jnemeth Exp $
+# $NetBSD: Makefile,v 1.118 2015/01/29 21:54:33 jnemeth Exp $
#
# NOTE: when updating this package, there are two places that sound
# tarballs need to be checked
-DISTNAME= asterisk-11.15.0
+DISTNAME= asterisk-11.15.1
DIST_SUBDIR= ${PKGNAME_NOREV}
DISTFILES= ${DEFAULT_DISTFILES}
EXTRACT_ONLY= ${DISTNAME}.tar.gz
diff --git a/comms/asterisk/distinfo b/comms/asterisk/distinfo
index d53e8b09c71..edfae76babd 100644
--- a/comms/asterisk/distinfo
+++ b/comms/asterisk/distinfo
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.71 2014/12/16 01:00:22 jnemeth Exp $
+$NetBSD: distinfo,v 1.72 2015/01/29 21:54:33 jnemeth Exp $
-SHA1 (asterisk-11.15.0/asterisk-11.15.0.tar.gz) = 95d4bf6ceda14dd9a3e9fffe02be866a07ff5a1c
-RMD160 (asterisk-11.15.0/asterisk-11.15.0.tar.gz) = 7f5f9a3dee879bde265f6e4094e53c501fc7b77a
-Size (asterisk-11.15.0/asterisk-11.15.0.tar.gz) = 34981005 bytes
-SHA1 (asterisk-11.15.0/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050
-RMD160 (asterisk-11.15.0/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150
-Size (asterisk-11.15.0/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes
+SHA1 (asterisk-11.15.1/asterisk-11.15.1.tar.gz) = 8353295dfe1007c184d0ae3868c1a3d914a66a8d
+RMD160 (asterisk-11.15.1/asterisk-11.15.1.tar.gz) = 76f5c63baab826a0c2b1bcd72c62c7f053bda930
+Size (asterisk-11.15.1/asterisk-11.15.1.tar.gz) = 34974674 bytes
+SHA1 (asterisk-11.15.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050
+RMD160 (asterisk-11.15.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150
+Size (asterisk-11.15.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes
SHA1 (patch-Makefile) = ed581d46026e8e89ed8be374c7085efca19911d2
SHA1 (patch-apps_app__confbridge.c) = c815905994355a19c32e8e3e2eb5dc9f1679eb29
SHA1 (patch-apps_app__dial.c) = 0f78d2571af88384a2d472ece08bf4b06f9ad211
diff --git a/comms/asterisk/options.mk b/comms/asterisk/options.mk
index 81fed664d1f..81c5e0bf634 100644
--- a/comms/asterisk/options.mk
+++ b/comms/asterisk/options.mk
@@ -1,4 +1,4 @@
-# $NetBSD: options.mk,v 1.5 2012/12/11 08:22:48 jnemeth Exp $
+# $NetBSD: options.mk,v 1.6 2015/01/29 21:54:33 jnemeth Exp $
PKG_OPTIONS_VAR= PKG_OPTIONS.asterisk
PKG_SUPPORTED_OPTIONS= zaptel x11 unixodbc ilbc webvmail ldap spandsp
@@ -97,6 +97,7 @@ CONFIGURE_ARGS+= --without-ldap
.if !empty(PKG_OPTIONS:Mspeex)
.include "../../audio/speex/buildlink3.mk"
+.include "../../audio/speexdsp/buildlink3.mk"
CONFIGURE_ARGS+= --with-speex
CONFIGURE_ARGS+= --with-speexdsp
PLIST.speex= yes