Update to Asterisk 1.8.4.4 (fixes AST-2011-011):

               Asterisk Project Security Advisory - AST-2011-011

   +------------------------------------------------------------------------+
   |      Product       | Asterisk                                          |
   |--------------------+---------------------------------------------------|
   |      Summary       | Possible enumeration of SIP users due to          |
   |                    | differing authentication responses                |
   |--------------------+---------------------------------------------------|
   | Nature of Advisory | Unauthorized data disclosure                      |
   |--------------------+---------------------------------------------------|
   |   Susceptibility   | Remote unauthenticated sessions                   |
   |--------------------+---------------------------------------------------|
   |      Severity      | Moderate                                          |
   |--------------------+---------------------------------------------------|
   |   Exploits Known   | No                                                |
   |--------------------+---------------------------------------------------|
   |      CVE Name      | CVE-2011-2536                                     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | Asterisk may respond differently to SIP requests from an |
   |             | invalid SIP user than it does to a user configured on    |
   |             | the system, even when the alwaysauthreject option is set |
   |             | in the configuration. This can leak information about    |
   |             | what SIP users are valid on the Asterisk system.         |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Respond to SIP requests from invalid and valid SIP users  |
   |            | in the same way. Asterisk 1.4 and 1.6.2 do not respond    |
   |            | identically by default due to backward-compatibility      |
   |            | reasons, and must have alwaysauthreject=yes set in        |
   |            | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes.  |
   |            |                                                           |
   |            | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4    |
   |            | and 1.6.2 set alwaysauthreject=yes in the general section |
   |            | of sip.conf.                                              |
   +------------------------------------------------------------------------+

3 files changed, 19 insertions, 16 deletions

diff --git a/comms/asterisk18/Makefile b/comms/asterisk18/Makefile
index e2f98254704..b3f5035e359 100644
--- a/comms/asterisk18/Makefile
+++ b/comms/asterisk18/Makefile
@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.9 2011/06/09 09:17:27 jnemeth Exp $
+# $NetBSD: Makefile,v 1.10 2011/07/05 08:42:56 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked
 
-DISTNAME=	asterisk-1.8.4.2
+DISTNAME=	asterisk-1.8.4.4
 DIST_SUBDIR=	${PKGNAME_NOREV}
 DISTFILES=	${DEFAULT_DISTFILES}
 EXTRACT_ONLY=	${DISTNAME}.tar.gz
diff --git a/comms/asterisk18/PLIST b/comms/asterisk18/PLIST
index fdaa9aa8290..9f330981d2a 100644
--- a/comms/asterisk18/PLIST
+++ b/comms/asterisk18/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2011/06/09 09:17:27 jnemeth Exp $
+@comment $NetBSD: PLIST,v 1.5 2011/07/05 08:42:56 jnemeth Exp $
 include/asterisk.h
 include/asterisk/_private.h
 include/asterisk/abstract_jb.h
@@ -2237,6 +2237,9 @@ share/examples/asterisk/vpb.conf
 share/examples/rc.d/asterisk
 ${PLIST.webvmail}share/httpd/htdocs/_asterisk/animlogo.gif
 ${PLIST.webvmail}share/httpd/htdocs/_asterisk/play.gif
+@pkgdir libdata/asterisk/sounds/fr
+@pkgdir libdata/asterisk/sounds/es
+@pkgdir libdata/asterisk/sounds/en_AU
 @pkgdir libdata/asterisk/keys
 @pkgdir libdata/asterisk/firmware/iax
 @pkgdir libdata/asterisk/documentation/thirdparty
diff --git a/comms/asterisk18/distinfo b/comms/asterisk18/distinfo
index 0266467b411..b5e9191b2ac 100644
--- a/comms/asterisk18/distinfo
+++ b/comms/asterisk18/distinfo
@@ -1,17 +1,17 @@
-$NetBSD: distinfo,v 1.10 2011/06/09 09:17:27 jnemeth Exp $
+$NetBSD: distinfo,v 1.11 2011/07/05 08:42:56 jnemeth Exp $
 
-SHA1 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = f5fc8c0c4343ec1d6831b1810602d223af8dc9c9
-RMD160 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 403829a2fcd5f63c2a99e141442cc98fd69f4deb
-Size (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 27012984 bytes
-SHA1 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
-RMD160 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
-Size (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
-SHA1 (asterisk-1.8.4.2/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8
-RMD160 (asterisk-1.8.4.2/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4
-Size (asterisk-1.8.4.2/extract-cfile.awk) = 667 bytes
-SHA1 (asterisk-1.8.4.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
-RMD160 (asterisk-1.8.4.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
-Size (asterisk-1.8.4.2/rfc3951.txt) = 373442 bytes
+SHA1 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 07d3ae5744e2dd10c5d9564b503690f3f0b84d96
+RMD160 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = c95cab1b24547f1abd229dcf323cc7ed0b0b36a0
+Size (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 27326189 bytes
+SHA1 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
+RMD160 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
+Size (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
+SHA1 (asterisk-1.8.4.4/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8
+RMD160 (asterisk-1.8.4.4/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4
+Size (asterisk-1.8.4.4/extract-cfile.awk) = 667 bytes
+SHA1 (asterisk-1.8.4.4/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
+RMD160 (asterisk-1.8.4.4/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
+Size (asterisk-1.8.4.4/rfc3951.txt) = 373442 bytes
 SHA1 (patch-aa) = cb3a463c51abff717d960ad70f3c13beefe6d5f4
 SHA1 (patch-af) = ebad62fcb31b600d30235cc5e93284c93b2c8af9
 SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5