Received: by mail.netbsd.org (Postfix, from userid 605)
	id 6D1AE84D5E; Sun, 28 Feb 2021 22:48:09 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id A766084D53
	for <pkgsrc-changes@NetBSD.org>; Sun, 28 Feb 2021 22:48:08 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id 4jjTkJr1WZaU for <pkgsrc-changes@netbsd.org>;
	Sun, 28 Feb 2021 22:48:08 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id EAF5084CE0
	for <pkgsrc-changes@NetBSD.org>; Sun, 28 Feb 2021 22:48:07 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id E3918FA95; Sun, 28 Feb 2021 22:48:07 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_161455248713530"
MIME-Version: 1.0
Date: Sun, 28 Feb 2021 22:48:07 +0000
From: "John Nemeth" <jnemeth@netbsd.org>
Subject: CVS commit: pkgsrc/comms/asterisk13
To: pkgsrc-changes@NetBSD.org
Reply-To: jnemeth@netbsd.org
X-Mailer: log_accum
Message-Id: <20210228224807.E3918FA95@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_161455248713530
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	jnemeth
Date:		Sun Feb 28 22:48:07 UTC 2021

Modified Files:
	pkgsrc/comms/asterisk13: Makefile distinfo

Log Message:
asterisk13:  Update to Asterisk 13.38.2:

The Asterisk Development Team would like to announce security releases for
Asterisk 13, 16, 17 and 18, and Certified Asterisk 16.8. The available releases
are released as versions 13.38.2, 16.16.1, 17.9.2, 18.2.1 and 16.8-cert6.

These releases are available for immediate download at

https://downloads.asterisk.org/pub/telephony/asterisk/releases
https://downloads.asterisk.org/pub/telephony/certified-asterisk/releases

The following security vulnerabilities were resolved in these versions:

* AST-2021-001: Remote crash in res_pjsip_diversion
  If a registered user is tricked into dialing a

* AST-2021-002: Remote crash possible when negotiating T.38
  When

* AST-2021-003: Remote attacker could prematurely tear down SRTP calls
  An unauthenticated remote attacker could replay SRTP packets which could cause
  an Asterisk instance configured without strict RTP validation to tear down
  calls prematurely.

* AST-2021-004: An unsuspecting user could crash Asterisk with multiple
                hold/unhold requests
  Due to a signedness comparison mismatch, an authenticated WebRTC client could
  cause a stack overflow and Asterisk crash by sending multiple hold/unhold
  requests in quick succession.

* AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
  Given a scenario where an outgoing call is placed from Asterisk to a remote
  SIP server it is possible for a crash to occur.

For a full list of changes in the current releases, please see the ChangeLogs:

https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.38.2

The security advisories are available at:

https://downloads.asterisk.org/pub/security/AST-2021-001.pdf
https://downloads.asterisk.org/pub/security/AST-2021-002.pdf
https://downloads.asterisk.org/pub/security/AST-2021-003.pdf
https://downloads.asterisk.org/pub/security/AST-2021-004.pdf
https://downloads.asterisk.org/pub/security/AST-2021-005.pdf

Thank you for your continued support of Asterisk!


To generate a diff of this commit:
cvs rdiff -u -r1.67 -r1.68 pkgsrc/comms/asterisk13/Makefile
cvs rdiff -u -r1.17 -r1.18 pkgsrc/comms/asterisk13/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_161455248713530
Content-Disposition: inline
Content-Length: 3376
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/comms/asterisk13/Makefile
diff -u pkgsrc/comms/asterisk13/Makefile:1.67 pkgsrc/comms/asterisk13/Makefile:1.68
--- pkgsrc/comms/asterisk13/Makefile:1.67	Sun Jan  3 09:04:06 2021
+++ pkgsrc/comms/asterisk13/Makefile	Sun Feb 28 22:48:07 2021
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.67 2021/01/03 09:04:06 jnemeth Exp $
+# $NetBSD: Makefile,v 1.68 2021/02/28 22:48:07 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked; look in ${WRKSRC}/sounds/Makefile
 #       to find out the current sound file versions
 
-DISTNAME=	asterisk-13.38.1
-PKGREVISION=	1
+DISTNAME=	asterisk-13.38.2
+#PKGREVISION=	1
 CATEGORIES=	comms net audio
 MASTER_SITES=	http://downloads.asterisk.org/pub/telephony/asterisk/
 MASTER_SITES+=	http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/

Index: pkgsrc/comms/asterisk13/distinfo
diff -u pkgsrc/comms/asterisk13/distinfo:1.17 pkgsrc/comms/asterisk13/distinfo:1.18
--- pkgsrc/comms/asterisk13/distinfo:1.17	Sat Jan  2 22:45:43 2021
+++ pkgsrc/comms/asterisk13/distinfo	Sun Feb 28 22:48:07 2021
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.17 2021/01/02 22:45:43 jnemeth Exp $
+$NetBSD: distinfo,v 1.18 2021/02/28 22:48:07 jnemeth Exp $
 
-SHA1 (asterisk-13.38.1/asterisk-13.38.1.tar.gz) = 6a26385f1522db2b8ab927c76367ea717ff75117
-RMD160 (asterisk-13.38.1/asterisk-13.38.1.tar.gz) = 5771cbdfd3ceca754f9c8df28ed29d52b35b143e
-SHA512 (asterisk-13.38.1/asterisk-13.38.1.tar.gz) = 270b7c8374104b3c2e9999503fa5cab5b465e37ddfa6759c1019fb99b6bb5877fe4505501ac3306a708ce911aeda36d04796f51156312c04fec013dbaa56a57f
-Size (asterisk-13.38.1/asterisk-13.38.1.tar.gz) = 33705256 bytes
-SHA1 (asterisk-13.38.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 0207e289404704c42941759db9660269599044f9
-RMD160 (asterisk-13.38.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 5d660e7664a56086bd60ad49196e1b622a60f106
-SHA512 (asterisk-13.38.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d
-Size (asterisk-13.38.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes
+SHA1 (asterisk-13.38.2/asterisk-13.38.2.tar.gz) = 1e86b5b11c1053b0f6a7ec72a7e385aa356694f3
+RMD160 (asterisk-13.38.2/asterisk-13.38.2.tar.gz) = ad4ff2ef7f9c298f1bfcc8d28fc4600970d955a0
+SHA512 (asterisk-13.38.2/asterisk-13.38.2.tar.gz) = bd9755503048cd8dcf8e39947dd5cfb617c20c4b1ad5033ae297499a4967c06ba11b6e43233c1ae0d33f8f11a81dbb9b4487f16a1f4786007172028caf1ee051
+Size (asterisk-13.38.2/asterisk-13.38.2.tar.gz) = 33708267 bytes
+SHA1 (asterisk-13.38.2/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 0207e289404704c42941759db9660269599044f9
+RMD160 (asterisk-13.38.2/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 5d660e7664a56086bd60ad49196e1b622a60f106
+SHA512 (asterisk-13.38.2/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d
+Size (asterisk-13.38.2/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes
 SHA1 (patch-Makefile) = 7fb5c784cb5246d7b1ec9c586db8af1a9b9c5577
 SHA1 (patch-apps_app__dumpchan.c) = 127ac02bdc180ad2334cd095aa6e646feb6fba10
 SHA1 (patch-apps_app__followme.c) = c6a5790b5e9b34d07dbfdd66a58e2854c8c72695


--_----------=_161455248713530--