Thu Aug 29 23:14:38 2013 UTC ()
Update to Asterisk 10.12.3: this is a security fix release to fix
AST-2013-004 and AST-2013-005.

pkgsrc change:  disable detection of broken IP_PKTINFO on NetBSD

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.

The release of these versions resolve the following issues:

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an ACK with SDP is received after the channel
  has been terminated.  The handling code incorrectly assumes that
  the channel will always be present.

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an invalid SDP is sent in a SIP request that
  defines media descriptions before connection information. The
  handling code incorrectly attempts to reference the socket address
  information even though that information has not yet been set.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.3

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-005.pdf

Thank you for your continued support of Asterisk!


(jnemeth)
diff -r1.51 -r1.52 pkgsrc/comms/asterisk10/Makefile
diff -r1.27 -r1.28 pkgsrc/comms/asterisk10/distinfo
cvs diff -r1.51 -r1.52 pkgsrc/comms/asterisk10/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/comms/asterisk10/Attic/Makefile 2013/07/12 10:44:53 1.51
+++ pkgsrc/comms/asterisk10/Attic/Makefile 2013/08/29 23:14:38 1.52
@@ -1,23 +1,22 @@ @@ -1,23 +1,22 @@
1# $NetBSD: Makefile,v 1.51 2013/07/12 10:44:53 jperkin Exp $ 1# $NetBSD: Makefile,v 1.52 2013/08/29 23:14:38 jnemeth Exp $
2# 2#
3# NOTE: when updating this package, there are two places that sound 3# NOTE: when updating this package, there are two places that sound
4# tarballs need to be checked 4# tarballs need to be checked
5 5
6DISTNAME= asterisk-10.12.2 6DISTNAME= asterisk-10.12.3
7DIST_SUBDIR= ${PKGNAME_NOREV} 7DIST_SUBDIR= ${PKGNAME_NOREV}
8DISTFILES= ${DEFAULT_DISTFILES} 8DISTFILES= ${DEFAULT_DISTFILES}
9EXTRACT_ONLY= ${DISTNAME}.tar.gz 9EXTRACT_ONLY= ${DISTNAME}.tar.gz
10PKGREVISION= 7 
11CATEGORIES= comms net audio 10CATEGORIES= comms net audio
12MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ 11MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \
13 http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ 12 http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \
14 http://downloads.asterisk.org/pub/telephony/sounds/releases/ 13 http://downloads.asterisk.org/pub/telephony/sounds/releases/
15 14
16OWNER= jnemeth@NetBSD.org 15OWNER= jnemeth@NetBSD.org
17HOMEPAGE= http://www.asterisk.org/ 16HOMEPAGE= http://www.asterisk.org/
18COMMENT= The Asterisk Software PBX 17COMMENT= The Asterisk Software PBX
19LICENSE= gnu-gpl-v2 18LICENSE= gnu-gpl-v2
20 19
21# known to have issues on i386, block the package until the bug is fixed 20# known to have issues on i386, block the package until the bug is fixed
22NOT_FOR_PLATFORM= NetBSD-*-i386 21NOT_FOR_PLATFORM= NetBSD-*-i386
23 22
@@ -124,32 +123,38 @@ SUBST_FILES.configs+= configs/http.conf. @@ -124,32 +123,38 @@ SUBST_FILES.configs+= configs/http.conf.
124SUBST_FILES.configs+= configs/iax.conf.sample 123SUBST_FILES.configs+= configs/iax.conf.sample
125SUBST_FILES.configs+= configs/musiconhold.conf.sample 124SUBST_FILES.configs+= configs/musiconhold.conf.sample
126SUBST_FILES.configs+= configs/osp.conf.sample 125SUBST_FILES.configs+= configs/osp.conf.sample
127SUBST_FILES.configs+= configs/phoneprov.conf.sample 126SUBST_FILES.configs+= configs/phoneprov.conf.sample
128SUBST_FILES.configs+= configs/res_config_sqlite.conf.sample 127SUBST_FILES.configs+= configs/res_config_sqlite.conf.sample
129SUBST_FILES.configs+= configs/sla.conf.sample 128SUBST_FILES.configs+= configs/sla.conf.sample
130SUBST_SED.configs+= -e 's|doc/|${PREFIX}/share/doc/${PKGBASE}/|' 129SUBST_SED.configs+= -e 's|doc/|${PREFIX}/share/doc/${PKGBASE}/|'
131SUBST_SED.configs+= -e 's|/etc/asterisk|${ASTETCDIR}|' 130SUBST_SED.configs+= -e 's|/etc/asterisk|${ASTETCDIR}|'
132SUBST_SED.configs+= -e 's|/var/lib/asterisk|${ASTVARLIBDIR}|' 131SUBST_SED.configs+= -e 's|/var/lib/asterisk|${ASTVARLIBDIR}|'
133SUBST_SED.configs+= -e "s|/usr/local/man|${ASTMANDIR}|" 132SUBST_SED.configs+= -e "s|/usr/local/man|${ASTMANDIR}|"
134SUBST_SED.configs+= -e "s|/usr/local|${PREFIX}|" 133SUBST_SED.configs+= -e "s|/usr/local|${PREFIX}|"
135SUBST_SED.configs+= -e "s|/var|${VARBASE}|" 134SUBST_SED.configs+= -e "s|/var|${VARBASE}|"
136 135
137# XXX gross hack, remove when atomics properly implemented 
138.if (${OPSYS} == "NetBSD") 136.if (${OPSYS} == "NetBSD")
 137# XXX gross hack, remove when atomics properly implemented
139SUBST_CLASSES+= atomics 138SUBST_CLASSES+= atomics
140SUBST_STAGE.atomics= post-configure 139SUBST_STAGE.atomics= post-configure
141SUBST_FILES.atomics= include/asterisk/autoconfig.h 140SUBST_FILES.atomics= include/asterisk/autoconfig.h
142SUBST_SED.atomics= -e "s|^\#define HAVE_GCC_ATOMICS 1|\#undef HAVE_GCC_ATOMICS|" 141SUBST_SED.atomics= -e "s|^\#define HAVE_GCC_ATOMICS 1|\#undef HAVE_GCC_ATOMICS|"
 142
 143# XXX gross hack, IP_PKTINFO in NetBSD isn't compatible with anything else
 144SUBST_CLASSES+= pktinfo
 145SUBST_STAGE.pktinfo= post-configure
 146SUBST_FILES.pktinfo= include/asterisk/autoconfig.h
 147SUBST_SED.pktinfo= -e "s|^\#define HAVE_PKTINFO 1|\#undef HAVE_PKTINFO|"
143.endif 148.endif
144 149
145RCD_SCRIPTS= asterisk 150RCD_SCRIPTS= asterisk
146OWN_DIRS_PERMS+= ${ASTDBDIR} ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 151OWN_DIRS_PERMS+= ${ASTDBDIR} ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
147OWN_DIRS_PERMS+= ${ASTSPOOLDIR} ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 152OWN_DIRS_PERMS+= ${ASTSPOOLDIR} ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
148OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/dictate ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 153OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/dictate ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
149OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/meetme ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 154OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/meetme ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
150OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/monitor ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 155OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/monitor ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
151OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/outgoing ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 156OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/outgoing ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
152OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/system ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 157OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/system ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
153OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/tmp ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 158OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/tmp ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
154OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/voicemail ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 159OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/voicemail ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
155OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/voicemail/default ${ASTERISK_USER} ${ASTERISK_GROUP} 0755 160OWN_DIRS_PERMS+= ${ASTSPOOLDIR}/voicemail/default ${ASTERISK_USER} ${ASTERISK_GROUP} 0755
cvs diff -r1.27 -r1.28 pkgsrc/comms/asterisk10/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/comms/asterisk10/Attic/distinfo 2013/06/14 23:53:03 1.27
+++ pkgsrc/comms/asterisk10/Attic/distinfo 2013/08/29 23:14:38 1.28
@@ -1,21 +1,21 @@ @@ -1,21 +1,21 @@
1$NetBSD: distinfo,v 1.27 2013/06/14 23:53:03 jnemeth Exp $ 1$NetBSD: distinfo,v 1.28 2013/08/29 23:14:38 jnemeth Exp $
2 2
3SHA1 (asterisk-10.12.2/asterisk-10.12.2.tar.gz) = 4c1e681223b9e86a74d5c8a57dc4da87045a1656 3SHA1 (asterisk-10.12.3/asterisk-10.12.3.tar.gz) = b337a668ca9a99cfe2e8d5e32394fb8f5e80e663
4RMD160 (asterisk-10.12.2/asterisk-10.12.2.tar.gz) = ec365462b3f9668906b3d1bf5b7342fb39cc7e2c 4RMD160 (asterisk-10.12.3/asterisk-10.12.3.tar.gz) = 92deb44a2ed1a94479eebc409cbada2f3b19c052
5Size (asterisk-10.12.2/asterisk-10.12.2.tar.gz) = 25117561 bytes 5Size (asterisk-10.12.3/asterisk-10.12.3.tar.gz) = 25119235 bytes
6SHA1 (asterisk-10.12.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9 6SHA1 (asterisk-10.12.3/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
7RMD160 (asterisk-10.12.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6 7RMD160 (asterisk-10.12.3/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
8Size (asterisk-10.12.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes 8Size (asterisk-10.12.3/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
9SHA1 (patch-Makefile) = ab740f84f9883980cb5d8e8d5ca301f172c76231 9SHA1 (patch-Makefile) = ab740f84f9883980cb5d8e8d5ca301f172c76231
10SHA1 (patch-apps_app__dial.c) = e6c9f559310acdb6574d0e034dcb55df7c2ba31f 10SHA1 (patch-apps_app__dial.c) = e6c9f559310acdb6574d0e034dcb55df7c2ba31f
11SHA1 (patch-apps_app__followme.c) = cd34774a11b96269003d9f1b6fbdfddf5d9b9d4b 11SHA1 (patch-apps_app__followme.c) = cd34774a11b96269003d9f1b6fbdfddf5d9b9d4b
12SHA1 (patch-apps_app__queue.c) = 6fc4edbf9386e2ff39a63a1c3a3d9fe2ea27d187 12SHA1 (patch-apps_app__queue.c) = 6fc4edbf9386e2ff39a63a1c3a3d9fe2ea27d187
13SHA1 (patch-apps_app__sms.c) = d89b27a9df04d4da98d562241c07d25d182baefc 13SHA1 (patch-apps_app__sms.c) = d89b27a9df04d4da98d562241c07d25d182baefc
14SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4 14SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4
15SHA1 (patch-channels_chan__oss.c) = fccfa6fca010294ed2d3ab87fc31f436d67f49fa 15SHA1 (patch-channels_chan__oss.c) = fccfa6fca010294ed2d3ab87fc31f436d67f49fa
16SHA1 (patch-configure) = 49b17e4661cf1ef98342774ad4f2bb377326dee5 16SHA1 (patch-configure) = 49b17e4661cf1ef98342774ad4f2bb377326dee5
17SHA1 (patch-configure.ac) = a68fce7769679a8f40fc266711b80dcccdc15cad 17SHA1 (patch-configure.ac) = a68fce7769679a8f40fc266711b80dcccdc15cad
18SHA1 (patch-contrib_scripts_vmail.cgi) = 650b9bbf3e322d1ad351932cfe6f747baa8f35e4 18SHA1 (patch-contrib_scripts_vmail.cgi) = 650b9bbf3e322d1ad351932cfe6f747baa8f35e4
19SHA1 (patch-include_asterisk_autoconfig.h.in) = 90f8688b17f181775319e0c92e353a969b09c93f 19SHA1 (patch-include_asterisk_autoconfig.h.in) = 90f8688b17f181775319e0c92e353a969b09c93f
20SHA1 (patch-include_asterisk_endian.h) = 41c1a9a9e02fe394bc9261f5559e931b1378ea28 20SHA1 (patch-include_asterisk_endian.h) = 41c1a9a9e02fe394bc9261f5559e931b1378ea28
21SHA1 (patch-include_asterisk_inline__api.h) = ff43d14e2608dd08d7d03799dfe9847f9f7f5666 21SHA1 (patch-include_asterisk_inline__api.h) = ff43d14e2608dd08d7d03799dfe9847f9f7f5666