diff options
| author | jnemeth <jnemeth> | 2015-01-29 21:48:07 +0000 |
|---|---|---|
| committer | jnemeth <jnemeth> | 2015-01-29 21:48:07 +0000 |
| commit | 1ce131ebd6197cfede02241e7fb07d95e1fbd5e1 (patch) | |
| tree | 1edbeb5a000a038d6ae87289cd8f7bd6180b24bc /comms | |
| parent | 8cd8209deff61559bee5b880d78cab26d694969c (diff) | |
| download | pkgsrc-1ce131ebd6197cfede02241e7fb07d95e1fbd5e1.tar.gz | |
Update to asterisk 1.8.32.2: this is a security fix.
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
Diffstat (limited to 'comms')
| -rw-r--r-- | comms/asterisk18/Makefile | 4 | ||||
| -rw-r--r-- | comms/asterisk18/distinfo | 14 | ||||
| -rw-r--r-- | comms/asterisk18/options.mk | 3 |
3 files changed, 11 insertions, 10 deletions
diff --git a/comms/asterisk18/Makefile b/comms/asterisk18/Makefile index 2335ee0e4dc..2f50d178754 100644 --- a/comms/asterisk18/Makefile +++ b/comms/asterisk18/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.90 2014/12/03 01:00:23 jnemeth Exp $ +# $NetBSD: Makefile,v 1.91 2015/01/29 21:48:07 jnemeth Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked -DISTNAME= asterisk-1.8.32.1 +DISTNAME= asterisk-1.8.32.2 DIST_SUBDIR= ${PKGNAME_NOREV} DISTFILES= ${DEFAULT_DISTFILES} EXTRACT_ONLY= ${DISTNAME}.tar.gz diff --git a/comms/asterisk18/distinfo b/comms/asterisk18/distinfo index 971e115f2ed..50c105ae3f6 100644 --- a/comms/asterisk18/distinfo +++ b/comms/asterisk18/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.58 2014/12/03 01:00:23 jnemeth Exp $ +$NetBSD: distinfo,v 1.59 2015/01/29 21:48:07 jnemeth Exp $ -SHA1 (asterisk-1.8.32.1/asterisk-1.8.32.1.tar.gz) = 0cdba970a970859a98289d2bad0a585ecc877fa2 -RMD160 (asterisk-1.8.32.1/asterisk-1.8.32.1.tar.gz) = 29401ac57b03a0d1ba4a3e7722d95e710a5033c5 -Size (asterisk-1.8.32.1/asterisk-1.8.32.1.tar.gz) = 29636238 bytes -SHA1 (asterisk-1.8.32.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050 -RMD160 (asterisk-1.8.32.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150 -Size (asterisk-1.8.32.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes +SHA1 (asterisk-1.8.32.2/asterisk-1.8.32.2.tar.gz) = e2a585ff20ab7dc1cb4bad86eda514af7c6a5e45 +RMD160 (asterisk-1.8.32.2/asterisk-1.8.32.2.tar.gz) = 41446c7da1e73ab07455f35b1ed102315eb7ef9c +Size (asterisk-1.8.32.2/asterisk-1.8.32.2.tar.gz) = 29635914 bytes +SHA1 (asterisk-1.8.32.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050 +RMD160 (asterisk-1.8.32.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150 +Size (asterisk-1.8.32.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes SHA1 (patch-aa) = 832f1c043b15198e0a286094dd0cc1a251bcfed0 SHA1 (patch-af) = 19786616bb606c38f769ec85f2e4d118573659ab SHA1 (patch-ai) = e92edab5c1ff323478f41d0b0783102ed527fe39 diff --git a/comms/asterisk18/options.mk b/comms/asterisk18/options.mk index 0836b361232..7e30bf111f7 100644 --- a/comms/asterisk18/options.mk +++ b/comms/asterisk18/options.mk @@ -1,4 +1,4 @@ -# $NetBSD: options.mk,v 1.11 2012/09/30 19:29:05 jnemeth Exp $ +# $NetBSD: options.mk,v 1.12 2015/01/29 21:48:07 jnemeth Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.asterisk PKG_SUPPORTED_OPTIONS= zaptel x11 unixodbc ilbc webvmail ldap spandsp @@ -97,6 +97,7 @@ CONFIGURE_ARGS+= --without-ldap .if !empty(PKG_OPTIONS:Mspeex) .include "../../audio/speex/buildlink3.mk" +.include "../../audio/speexdsp/buildlink3.mk" CONFIGURE_ARGS+= --with-speex CONFIGURE_ARGS+= --with-speexdsp PLIST.speex= yes |