Fri Jan 20 07:29:09 2012 UTC ()
Update to Asterisk 10.0.1.  This fixes AST-2012-001:

               Asterisk Project Security Advisory - AST-2012-001

   +------------------------------------------------------------------------+
   |       Product        | Asterisk                                        |
   |----------------------+-------------------------------------------------|
   |       Summary        | SRTP Video Remote Crash Vulnerability           |
   |----------------------+-------------------------------------------------|
   |  Nature of Advisory  | Denial of Service                               |
   |----------------------+-------------------------------------------------|
   |    Susceptibility    | Remote unauthenticated sessions                 |
   |----------------------+-------------------------------------------------|
   |       Severity       | Moderate                                        |
   |----------------------+-------------------------------------------------|
   |    Exploits Known    | No                                              |
   |----------------------+-------------------------------------------------|
   |     Reported On      | 2012-01-15                                      |
   |----------------------+-------------------------------------------------|
   |     Reported By      | Catalin Sanda                                   |
   |----------------------+-------------------------------------------------|
   |      Posted On       | 2012-01-19                                      |
   |----------------------+-------------------------------------------------|
   |   Last Updated On    | January 19, 2012                                |
   |----------------------+-------------------------------------------------|
   |   Advisory Contact   | Joshua Colp < jcolp AT digium DOT com >         |
   |----------------------+-------------------------------------------------|
   |       CVE Name       |                                                 |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Description | An attacker attempting to negotiate a secure video       |
   |             | stream can crash Asterisk if video support has not been  |
   |             | enabled and the res_srtp Asterisk module is loaded.      |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Resolution | Upgrade to one of the versions of Asterisk listed in the  |
   |            | "Corrected In" section, or apply a patch specified in the |
   |            | "Patches" section.                                        |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                           Affected Versions                            |
   |------------------------------------------------------------------------|
   |            Product            | Release Series |                       |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |     1.8.x      | All versions          |
   |-------------------------------+----------------+-----------------------|
   |     Asterisk Open Source      |      10.x      | All versions          |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                              Corrected In                              |
   |------------------------------------------------------------------------|
   |                 Product                  |           Release           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           1.8.8.2           |
   |------------------------------------------+-----------------------------|
   |           Asterisk Open Source           |           10.0.1            |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                                Patches                                 |
   |------------------------------------------------------------------------|
   |                             SVN URL                             |Branch|
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8  |
   |-----------------------------------------------------------------+------|
   |http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff  |v10   |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |   Links   | https://issues.asterisk.org/jira/browse/ASTERISK-19202     |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   | Asterisk Project Security Advisories are posted at                     |
   | http://www.asterisk.org/security                                       |
   |                                                                        |
   | This document may be superseded by later versions; if so, the latest   |
   | version will be posted at                                              |
   | http://downloads.digium.com/pub/security/AST-2012-001.pdf and          |
   | http://downloads.digium.com/pub/security/AST-2012-001.html             |
   +------------------------------------------------------------------------+

   +------------------------------------------------------------------------+
   |                            Revision History                            |
   |------------------------------------------------------------------------|
   |      Date       |       Editor       |         Revisions Made          |
   |-----------------+--------------------+---------------------------------|
   | 12-01-19        | Joshua Colp        | Initial release                 |
   +------------------------------------------------------------------------+

               Asterisk Project Security Advisory - AST-2012-001
              Copyright (c) 2012 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.


(jnemeth)
diff -r1.2 -r1.3 pkgsrc/comms/asterisk10/Makefile
diff -r1.1.1.1 -r1.2 pkgsrc/comms/asterisk10/distinfo
cvs diff -r1.2 -r1.3 pkgsrc/comms/asterisk10/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/comms/asterisk10/Attic/Makefile 2012/01/17 07:07:33 1.2
+++ pkgsrc/comms/asterisk10/Attic/Makefile 2012/01/20 07:29:08 1.3
@@ -1,20 +1,19 @@ @@ -1,20 +1,19 @@
1# $NetBSD: Makefile,v 1.2 2012/01/17 07:07:33 jnemeth Exp $ 1# $NetBSD: Makefile,v 1.3 2012/01/20 07:29:08 jnemeth Exp $
2# 2#
3# NOTE: when updating this package, there are two places that sound 3# NOTE: when updating this package, there are two places that sound
4# tarballs need to be checked 4# tarballs need to be checked
5 5
6DISTNAME= asterisk-10.0.0 6DISTNAME= asterisk-10.0.1
7PKGREVISION= 1 
8DIST_SUBDIR= ${PKGNAME_NOREV} 7DIST_SUBDIR= ${PKGNAME_NOREV}
9DISTFILES= ${DEFAULT_DISTFILES} 8DISTFILES= ${DEFAULT_DISTFILES}
10EXTRACT_ONLY= ${DISTNAME}.tar.gz 9EXTRACT_ONLY= ${DISTNAME}.tar.gz
11CATEGORIES= comms net audio 10CATEGORIES= comms net audio
12MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ 11MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \
13 http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ 12 http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \
14 http://downloads.asterisk.org/pub/telephony/sounds/releases/ 13 http://downloads.asterisk.org/pub/telephony/sounds/releases/
15 14
16OWNER= jnemeth@NetBSD.org 15OWNER= jnemeth@NetBSD.org
17HOMEPAGE= http://www.asterisk.org/ 16HOMEPAGE= http://www.asterisk.org/
18COMMENT= The Asterisk Software PBX 17COMMENT= The Asterisk Software PBX
19LICENSE= gnu-gpl-v2 18LICENSE= gnu-gpl-v2
20 19
cvs diff -r1.1.1.1 -r1.2 pkgsrc/comms/asterisk10/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/comms/asterisk10/Attic/distinfo 2012/01/15 18:36:20 1.1.1.1
+++ pkgsrc/comms/asterisk10/Attic/distinfo 2012/01/20 07:29:09 1.2
@@ -1,27 +1,27 @@ @@ -1,27 +1,27 @@
1$NetBSD: distinfo,v 1.1.1.1 2012/01/15 18:36:20 jnemeth Exp $ 1$NetBSD: distinfo,v 1.2 2012/01/20 07:29:09 jnemeth Exp $
2 2
3SHA1 (asterisk-10.0.0/asterisk-10.0.0.tar.gz) = ffe8c67ce7b34ea5ad098bb06ed8e55e08a291ab 3SHA1 (asterisk-10.0.1/asterisk-10.0.1.tar.gz) = 7a700c3c5b9af28f433f20d4267d5fc71ca32341
4RMD160 (asterisk-10.0.0/asterisk-10.0.0.tar.gz) = 9f9e4a9a9e5785ffd846f26c331b62dcceafd5bb 4RMD160 (asterisk-10.0.1/asterisk-10.0.1.tar.gz) = 289731127e45351047f565acd0f6372cb48cb7d1
5Size (asterisk-10.0.0/asterisk-10.0.0.tar.gz) = 24873318 bytes 5Size (asterisk-10.0.1/asterisk-10.0.1.tar.gz) = 24866828 bytes
6SHA1 (asterisk-10.0.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 6SHA1 (asterisk-10.0.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
7RMD160 (asterisk-10.0.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 7RMD160 (asterisk-10.0.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
8Size (asterisk-10.0.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes 8Size (asterisk-10.0.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
9SHA1 (asterisk-10.0.0/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e 9SHA1 (asterisk-10.0.1/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
10RMD160 (asterisk-10.0.0/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0 10RMD160 (asterisk-10.0.1/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
11Size (asterisk-10.0.0/extract-cfile.txt) = 643 bytes 11Size (asterisk-10.0.1/extract-cfile.txt) = 643 bytes
12SHA1 (asterisk-10.0.0/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017 12SHA1 (asterisk-10.0.1/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
13RMD160 (asterisk-10.0.0/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926 13RMD160 (asterisk-10.0.1/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
14Size (asterisk-10.0.0/rfc3951.txt) = 373442 bytes 14Size (asterisk-10.0.1/rfc3951.txt) = 373442 bytes
15SHA1 (patch-Makefile) = 900252eff84bda22d2cbe09e0f22505531284cbb 15SHA1 (patch-Makefile) = 900252eff84bda22d2cbe09e0f22505531284cbb
16SHA1 (patch-apps_app__dial.c) = 2109ed50406dedc90a300981a3a7500b1397ff3a 16SHA1 (patch-apps_app__dial.c) = 2109ed50406dedc90a300981a3a7500b1397ff3a
17SHA1 (patch-apps_app__followme.c) = a0a507986ec9722337d46fdaaac0a79d23a634e4 17SHA1 (patch-apps_app__followme.c) = a0a507986ec9722337d46fdaaac0a79d23a634e4
18SHA1 (patch-apps_app__queue.c) = e035995563eb5533d5261568fdb43e8adcf2fe35 18SHA1 (patch-apps_app__queue.c) = e035995563eb5533d5261568fdb43e8adcf2fe35
19SHA1 (patch-apps_app__sms.c) = 8013727b495dc0ac038eb28b84e9d3839d0bc23d 19SHA1 (patch-apps_app__sms.c) = 8013727b495dc0ac038eb28b84e9d3839d0bc23d
20SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4 20SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4
21SHA1 (patch-channels_chan__oss.c) = 78095d744a44b2e173de036f45a3b3d652cba311 21SHA1 (patch-channels_chan__oss.c) = 78095d744a44b2e173de036f45a3b3d652cba311
22SHA1 (patch-codecs_lpc10_Makefile) = 0c9955e87eb453d70517951114d335d91b3ee73a 22SHA1 (patch-codecs_lpc10_Makefile) = 0c9955e87eb453d70517951114d335d91b3ee73a
23SHA1 (patch-configure) = e1c6507a9ba2758c565043596d0314eabce2ef7d 23SHA1 (patch-configure) = e1c6507a9ba2758c565043596d0314eabce2ef7d
24SHA1 (patch-configure.ac) = 27ac6fd657c490689ec06cddf7cd10e9cc8a7927 24SHA1 (patch-configure.ac) = 27ac6fd657c490689ec06cddf7cd10e9cc8a7927
25SHA1 (patch-contrib_scripts_autosupport) = 3426d7c2c8fc6342ffecde57ce9530c233a51409 25SHA1 (patch-contrib_scripts_autosupport) = 3426d7c2c8fc6342ffecde57ce9530c233a51409
26SHA1 (patch-contrib_scripts_vmail.cgi) = 650b9bbf3e322d1ad351932cfe6f747baa8f35e4 26SHA1 (patch-contrib_scripts_vmail.cgi) = 650b9bbf3e322d1ad351932cfe6f747baa8f35e4
27SHA1 (patch-include_asterisk_autoconfig.h.in) = 7d6e3443ce3f0741c72a5f2178895598e79e83c9 27SHA1 (patch-include_asterisk_autoconfig.h.in) = 7d6e3443ce3f0741c72a5f2178895598e79e83c9