diff options
author | jnemeth <jnemeth@pkgsrc.org> | 2010-03-01 07:06:48 +0000 |
---|---|---|
committer | jnemeth <jnemeth@pkgsrc.org> | 2010-03-01 07:06:48 +0000 |
commit | 23291e71e3ffc8cf6597d46f69e65eeaf6ae0b88 (patch) | |
tree | 8359a67f036e2b7f8b18b57e46ff65bc271d8c99 /comms | |
parent | 7f2baf18e32e0194c68a6865539c438655a59605 (diff) | |
download | pkgsrc-23291e71e3ffc8cf6597d46f69e65eeaf6ae0b88.tar.gz |
Update to Asterisk 1.6.1.17. This fixes AST-2010-001 and
AST-2010-003. AST-2010-002 was just a warning about dialplan
scripting errors that could lead to security issues.
Asterisk 1.6.1.13: general bug fixes
Asterisk 1.6.1.14: fix AST-2010-001
Asterisk 1.6.1.15: not released, skipped for security releases
Asterisk 1.6.1.16: fix AST-2010-002
Asterisk 1.6.1.17: fix AST-2010-003
Note that the only change in Asterisk 1.6.1.16 was the addtion of
a README file. However, the package doesn't install random docs.
That is planned for a future update seperate from the upstream
updates.
-----
Asterisk 1.6.1.13:
The release of Asterisk 1.6.1.13 resolved several issues reported
by the community, and would have not been possible without your
participation. Thank you!
* Restarts busydetector (if enabled) when DTMF is received after
call is bridged
(Closes issue #16389. Reported, Tested, Patched by alecdavis.)
* Send parking lot announcement to the channel which parked the
call, not the park-ee.
(Closes issue #16234. Reported, Tested by yeshuawatso. Patched
by tilghman.)
* When the field is blank, don't warn about the field being unable
to be coerced just skip the column.
(Closes
http://lists.digium.com/pipermail/asterisk-dev/2009-December/041362.html)
Reported by Nic Colledge on the -dev list.)
* Don't queue frames to channels that have no means to process
them.
(Closes issue #15609. Reported, Tested by aragon. Patched by
tilghman.)
* Fixes holdtime playback issue in app_queue.
(Closes issue #16168. Reported, Patched by nickilo. Tested by
wonderg, nickilo.)
A summary of changes in this release can be found in the release
summary:
http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.1.13-summary.t
xt
For a full list of changes in this releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.13
-----
Asterisk 1.6.1.14:
The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include
the fix described in security advisory AST-2010-001.
The issue is that an attacker attempting to negotiate T.38 over
SIP can remotely crash Asterisk by modifying the FaxMaxDatagram
field of the SDP to contain either a negative or exceptionally
large value. The same crash will occur when the FaxMaxDatagram
field is omitted from the SDP, as well.
For more information about the details of this vulnerability, please
read the security advisory AST-2009-009, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.14
Security advisory AST-2010-001 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-001.pdf
-----
Asterisk 1.6.1.16:
The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and
1.6.2.4 include documention describing a possible dialplan string
injection with common usage of the ${EXTEN} (and other expansion
variables). The issue and resolution are described in the AST-2010-002
security advisory.
If you have a channel technology which can accept characters other
than numbers and letters (such as SIP) it may be possible to craft
an INVITE which sends data such as 300&Zap/g1/4165551212 which
would create an additional outgoing channel leg that was not
originally intended by the dialplan programmer.
Please note that this is not limited to an specific protocol or
the Dial() application.
The expansion of variables into programmatically-interpreted strings
is a common behavior in many script or script-like languages,
Asterisk included. The ability for a variable to directly replace
components of a command is a feature, not a bug - that is the entire
point of string expansion.
However, it is often the case due to expediency or design
misunderstanding that a developer will not examine and filter string
data from external sources before passing it into potentially
harmful areas of their dialplan.
With the flexibility of the design of Asterisk come these risks if
the dialplan designer is not suitably cautious as to how foreign
data is allowed to enter the system unchecked.
This security release is intended to raise awareness of how it is
possible to insert malicious strings into dialplans, and to advise
developers to read the best practices documents so that they may
easily avoid these dangers.
For more information about the details of this vulnerability, please
read the security advisory AST-2010-002, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.16
Security advisory AST-2010-002 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-002.pdf
The README-SERIOUSLY.bestpractices.txt document is available in
the top-level directory of your Asterisk sources, or available in
all Asterisk branches from 1.2 and up.
http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt
-----
Asterisk 1.6.1.17:
The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve
an issue with invalid parsing of ACL (Access Control List) rules
leading to a possible compromise in security. The issue and resolution
are described in the AST-2010-003 security advisory.
For more information about the details of this vulnerability, please
read the security advisory AST-2010-003, which was released at the
same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.17
Security advisory AST-2010-003 is available at:
http://downloads.asterisk.org/pub/security/AST-2010-003.pdf
-----
Diffstat (limited to 'comms')
-rw-r--r-- | comms/asterisk16/Makefile | 5 | ||||
-rw-r--r-- | comms/asterisk16/PLIST | 10 | ||||
-rw-r--r-- | comms/asterisk16/distinfo | 22 | ||||
-rw-r--r-- | comms/asterisk16/files/asterisk.sh | 6 | ||||
-rw-r--r-- | comms/asterisk16/options.mk | 6 | ||||
-rw-r--r-- | comms/asterisk16/patches/patch-aq | 26 |
6 files changed, 37 insertions, 38 deletions
diff --git a/comms/asterisk16/Makefile b/comms/asterisk16/Makefile index 859256be3a1..65bb8205026 100644 --- a/comms/asterisk16/Makefile +++ b/comms/asterisk16/Makefile @@ -1,10 +1,9 @@ -# $NetBSD: Makefile,v 1.12 2010/01/17 12:02:08 wiz Exp $ +# $NetBSD: Makefile,v 1.13 2010/03/01 07:06:48 jnemeth Exp $ # -DISTNAME= asterisk-1.6.1.12 +DISTNAME= asterisk-1.6.1.17 DIST_SUBDIR= ${PKGNAME_NOREV} EXTRACT_ONLY= ${DISTNAME}.tar.gz -PKGREVISION= 1 CATEGORIES= comms net audio MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ diff --git a/comms/asterisk16/PLIST b/comms/asterisk16/PLIST index 56eae81c537..fa1740c62c5 100644 --- a/comms/asterisk16/PLIST +++ b/comms/asterisk16/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.8 2009/12/30 04:11:02 jnemeth Exp $ +@comment $NetBSD: PLIST,v 1.9 2010/03/01 07:06:48 jnemeth Exp $ include/asterisk.h include/asterisk/_private.h include/asterisk/abstract_jb.h @@ -284,10 +284,10 @@ libdata/asterisk/phoneprov/000000000000-phone.cfg libdata/asterisk/phoneprov/000000000000.cfg libdata/asterisk/phoneprov/polycom.xml libdata/asterisk/phoneprov/polycom_line.xml -libdata/asterisk/sounds/.asterisk-core-sounds-en-gsm-1.4.16 -libdata/asterisk/sounds/en/CHANGES-asterisk-core-en-1.4.16 -libdata/asterisk/sounds/en/CREDITS-asterisk-core-en-1.4.16 -libdata/asterisk/sounds/en/LICENSE-asterisk-core-en-1.4.16 +libdata/asterisk/sounds/.asterisk-core-sounds-en-gsm-1.4.17 +libdata/asterisk/sounds/en/CHANGES-asterisk-core-en-1.4.17 +libdata/asterisk/sounds/en/CREDITS-asterisk-core-en-1.4.17 +libdata/asterisk/sounds/en/LICENSE-asterisk-core-en-1.4.17 libdata/asterisk/sounds/en/agent-alreadyon.gsm libdata/asterisk/sounds/en/agent-incorrect.gsm libdata/asterisk/sounds/en/agent-loggedoff.gsm diff --git a/comms/asterisk16/distinfo b/comms/asterisk16/distinfo index 0349ed4869b..ab1a5f1af6a 100644 --- a/comms/asterisk16/distinfo +++ b/comms/asterisk16/distinfo @@ -1,14 +1,14 @@ -$NetBSD: distinfo,v 1.9 2009/12/30 04:11:02 jnemeth Exp $ +$NetBSD: distinfo,v 1.10 2010/03/01 07:06:48 jnemeth Exp $ -SHA1 (asterisk-1.6.1.12/asterisk-1.6.1.12.tar.gz) = b7c9cdfd6b7401be2eabac537f6f6cebee10b48c -RMD160 (asterisk-1.6.1.12/asterisk-1.6.1.12.tar.gz) = fa2440974605ea3098cd99d697bab2bea534b827 -Size (asterisk-1.6.1.12/asterisk-1.6.1.12.tar.gz) = 23438391 bytes -SHA1 (asterisk-1.6.1.12/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 -RMD160 (asterisk-1.6.1.12/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 -Size (asterisk-1.6.1.12/extract-cfile.awk) = 667 bytes -SHA1 (asterisk-1.6.1.12/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 -RMD160 (asterisk-1.6.1.12/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 -Size (asterisk-1.6.1.12/rfc3951.txt) = 373442 bytes +SHA1 (asterisk-1.6.1.17/asterisk-1.6.1.17.tar.gz) = 7af18a384f7832d8818e0548263681b3e839447f +RMD160 (asterisk-1.6.1.17/asterisk-1.6.1.17.tar.gz) = 86c54a56b9d5c7565c9d3d54c0d6cd043e9decd3 +Size (asterisk-1.6.1.17/asterisk-1.6.1.17.tar.gz) = 23519546 bytes +SHA1 (asterisk-1.6.1.17/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 +RMD160 (asterisk-1.6.1.17/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 +Size (asterisk-1.6.1.17/extract-cfile.awk) = 667 bytes +SHA1 (asterisk-1.6.1.17/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 +RMD160 (asterisk-1.6.1.17/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 +Size (asterisk-1.6.1.17/rfc3951.txt) = 373442 bytes SHA1 (patch-aa) = 71e819ec12324c6f4bb7de7142bdaac33958ab84 SHA1 (patch-af) = 09860d714281cb4c65d1a087cf5b16647a16e2fa SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5 @@ -19,7 +19,7 @@ SHA1 (patch-am) = 98aa4648b867d193ec05d8da14434205f369c17b SHA1 (patch-an) = 93a5df66fd6459fb76e9191dc3bf37b9ee5483b5 SHA1 (patch-ao) = 0663a698469550b22bb97ee1b18980bc2bc67495 SHA1 (patch-ap) = d60274a44e10dc4e70235ac97b7ae21f37ce713e -SHA1 (patch-aq) = 53937dc2033dc8c50c623e06efa7fa974a61ff8e +SHA1 (patch-aq) = fae6f9af6fa9f6daf68e8df5cf2d56afca624bc3 SHA1 (patch-ar) = 44e46336c0b228ab291e025b8bb5ee505f75345a SHA1 (patch-as) = a887d37f0829c22d115ff08721893da49e4bfda4 SHA1 (patch-at) = 7f366ea0075b16c81bb81ba78becc029b3265151 diff --git a/comms/asterisk16/files/asterisk.sh b/comms/asterisk16/files/asterisk.sh index 38e3a47f8c8..9327bd340e4 100644 --- a/comms/asterisk16/files/asterisk.sh +++ b/comms/asterisk16/files/asterisk.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: asterisk.sh,v 1.1.1.1 2009/06/12 09:04:56 jnemeth Exp $ +# $NetBSD: asterisk.sh,v 1.2 2010/03/01 07:06:48 jnemeth Exp $ # # PROVIDE: asterisk # REQUIRE: DAEMON @@ -30,9 +30,9 @@ command_args="-U $auser -G $agroup" asterisk_prestart() { if test ! -d @ASTVARRUNDIR@; then mkdir @ASTVARRUNDIR@ - chown $auser:$agroup @ASTVARRUNDIR@ - chmod 0755 @ASTVARRUNDIR@ fi + chown $auser:$agroup @ASTVARRUNDIR@ + chmod 0755 @ASTVARRUNDIR@ } stop_cmd="$command -r -x 'stop gracefully' >/dev/null" diff --git a/comms/asterisk16/options.mk b/comms/asterisk16/options.mk index a501770601c..b0abafd5d4e 100644 --- a/comms/asterisk16/options.mk +++ b/comms/asterisk16/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.3 2010/01/13 20:10:09 jnemeth Exp $ +# $NetBSD: options.mk,v 1.4 2010/03/01 07:06:48 jnemeth Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.asterisk PKG_SUPPORTED_OPTIONS= zaptel x11 unixodbc ilbc @@ -51,7 +51,7 @@ PLIST.ilbc= yes .endif .if !empty(PKG_OPTIONS:Mx11) || !empty(PKG_OPTIONS:Munixodbc) || !empty(PKG_OPTIONS:Milbc) -RUN_MENUSELECT= # defined +RUN_MENUSELECT= # empty MAKE_FLAGS+= GLOBAL_MAKEOPTS=${WRKSRC}/pkgsrc.makeopts .endif post-configure: @@ -64,7 +64,7 @@ post-configure: .if !empty(PKG_OPTIONS:Milbc) ${ECHO} "MENUSELECT_CODECS=-codec_ilbc" >> ${WRKSRC}/pkgsrc.makeopts .endif -.ifdef RUN_MENUSELECT +.if defined(RUN_MENUSELECT) # this is a hack to work around a bug in menuselect cd ${WRKSRC} && make menuselect.makeopts .endif diff --git a/comms/asterisk16/patches/patch-aq b/comms/asterisk16/patches/patch-aq index c58baf454be..1eb2ed9bcaa 100644 --- a/comms/asterisk16/patches/patch-aq +++ b/comms/asterisk16/patches/patch-aq @@ -1,8 +1,8 @@ -$NetBSD: patch-aq,v 1.4 2009/12/30 04:11:02 jnemeth Exp $ +$NetBSD: patch-aq,v 1.5 2010/03/01 07:06:48 jnemeth Exp $ ---- configure.orig 2009-10-26 23:48:25.000000000 +0000 +--- configure.orig 2009-12-28 15:31:22.000000000 +0000 +++ configure -@@ -19294,6 +19294,146 @@ fi +@@ -13761,6 +13761,146 @@ fi @@ -144,17 +144,17 @@ $NetBSD: patch-aq,v 1.4 2009/12/30 04:11:02 jnemeth Exp $ + +fi + -+ + - { echo "$as_me:$LINENO: checking for int" >&5 - echo $ECHO_N "checking for int... $ECHO_C" >&6; } - if test "${ac_cv_type_int+set}" = set; then -@@ -20567,6 +20707,8 @@ _ACEOF - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF ++ + # The cast to long int works around a bug in the HP C Compiler + # version HP92453-01 B.11.11.23709.GP, which incorrectly rejects + # declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +@@ -14172,6 +14312,8 @@ $as_echo_n "checking if \"struct ifaddrs + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -+#include <sys/types.h> -+#include <sys/socket.h> - #include <ifaddrs.h> ++ #include <sys/types.h> ++ #include <sys/socket.h> + #include <ifaddrs.h> int main () |