From 33d1422458cf10841669dc1b710f2c7d05af6ac7 Mon Sep 17 00:00:00 2001 From: jnemeth Date: Tue, 5 Jul 2011 08:42:56 +0000 Subject: Update to Asterisk 1.8.4.4 (fixes AST-2011-011): Asterisk Project Security Advisory - AST-2011-011 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Possible enumeration of SIP users due to | | | differing authentication responses | |--------------------+---------------------------------------------------| | Nature of Advisory | Unauthorized data disclosure | |--------------------+---------------------------------------------------| | Susceptibility | Remote unauthenticated sessions | |--------------------+---------------------------------------------------| | Severity | Moderate | |--------------------+---------------------------------------------------| | Exploits Known | No | |--------------------+---------------------------------------------------| | CVE Name | CVE-2011-2536 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | Asterisk may respond differently to SIP requests from an | | | invalid SIP user than it does to a user configured on | | | the system, even when the alwaysauthreject option is set | | | in the configuration. This can leak information about | | | what SIP users are valid on the Asterisk system. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | Respond to SIP requests from invalid and valid SIP users | | | in the same way. Asterisk 1.4 and 1.6.2 do not respond | | | identically by default due to backward-compatibility | | | reasons, and must have alwaysauthreject=yes set in | | | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes. | | | | | | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4 | | | and 1.6.2 set alwaysauthreject=yes in the general section | | | of sip.conf. | +------------------------------------------------------------------------+ --- comms/asterisk18/Makefile | 4 ++-- comms/asterisk18/PLIST | 5 ++++- comms/asterisk18/distinfo | 26 +++++++++++++------------- 3 files changed, 19 insertions(+), 16 deletions(-) (limited to 'comms') diff --git a/comms/asterisk18/Makefile b/comms/asterisk18/Makefile index e2f98254704..b3f5035e359 100644 --- a/comms/asterisk18/Makefile +++ b/comms/asterisk18/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.9 2011/06/09 09:17:27 jnemeth Exp $ +# $NetBSD: Makefile,v 1.10 2011/07/05 08:42:56 jnemeth Exp $ # # NOTE: when updating this package, there are two places that sound # tarballs need to be checked -DISTNAME= asterisk-1.8.4.2 +DISTNAME= asterisk-1.8.4.4 DIST_SUBDIR= ${PKGNAME_NOREV} DISTFILES= ${DEFAULT_DISTFILES} EXTRACT_ONLY= ${DISTNAME}.tar.gz diff --git a/comms/asterisk18/PLIST b/comms/asterisk18/PLIST index fdaa9aa8290..9f330981d2a 100644 --- a/comms/asterisk18/PLIST +++ b/comms/asterisk18/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.4 2011/06/09 09:17:27 jnemeth Exp $ +@comment $NetBSD: PLIST,v 1.5 2011/07/05 08:42:56 jnemeth Exp $ include/asterisk.h include/asterisk/_private.h include/asterisk/abstract_jb.h @@ -2237,6 +2237,9 @@ share/examples/asterisk/vpb.conf share/examples/rc.d/asterisk ${PLIST.webvmail}share/httpd/htdocs/_asterisk/animlogo.gif ${PLIST.webvmail}share/httpd/htdocs/_asterisk/play.gif +@pkgdir libdata/asterisk/sounds/fr +@pkgdir libdata/asterisk/sounds/es +@pkgdir libdata/asterisk/sounds/en_AU @pkgdir libdata/asterisk/keys @pkgdir libdata/asterisk/firmware/iax @pkgdir libdata/asterisk/documentation/thirdparty diff --git a/comms/asterisk18/distinfo b/comms/asterisk18/distinfo index 0266467b411..b5e9191b2ac 100644 --- a/comms/asterisk18/distinfo +++ b/comms/asterisk18/distinfo @@ -1,17 +1,17 @@ -$NetBSD: distinfo,v 1.10 2011/06/09 09:17:27 jnemeth Exp $ +$NetBSD: distinfo,v 1.11 2011/07/05 08:42:56 jnemeth Exp $ -SHA1 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = f5fc8c0c4343ec1d6831b1810602d223af8dc9c9 -RMD160 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 403829a2fcd5f63c2a99e141442cc98fd69f4deb -Size (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 27012984 bytes -SHA1 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 -RMD160 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 -Size (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes -SHA1 (asterisk-1.8.4.2/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 -RMD160 (asterisk-1.8.4.2/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 -Size (asterisk-1.8.4.2/extract-cfile.awk) = 667 bytes -SHA1 (asterisk-1.8.4.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 -RMD160 (asterisk-1.8.4.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 -Size (asterisk-1.8.4.2/rfc3951.txt) = 373442 bytes +SHA1 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 07d3ae5744e2dd10c5d9564b503690f3f0b84d96 +RMD160 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = c95cab1b24547f1abd229dcf323cc7ed0b0b36a0 +Size (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 27326189 bytes +SHA1 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 +RMD160 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 +Size (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes +SHA1 (asterisk-1.8.4.4/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8 +RMD160 (asterisk-1.8.4.4/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4 +Size (asterisk-1.8.4.4/extract-cfile.awk) = 667 bytes +SHA1 (asterisk-1.8.4.4/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 +RMD160 (asterisk-1.8.4.4/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 +Size (asterisk-1.8.4.4/rfc3951.txt) = 373442 bytes SHA1 (patch-aa) = cb3a463c51abff717d960ad70f3c13beefe6d5f4 SHA1 (patch-af) = ebad62fcb31b600d30235cc5e93284c93b2c8af9 SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5 -- cgit v1.2.3