Fri Aug 30 05:49:51 2013 UTC ()
Update to Asterisk 11.5.1: this is a security fix release to fix
AST-2013-004 and AST-2013-005.

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.

The release of these versions resolve the following issues:

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an ACK with SDP is received after the channel
  has been terminated.  The handling code incorrectly assumes that
  the channel will always be present.

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an invalid SDP is sent in a SIP request that
  defines media descriptions before connection information. The
  handling code incorrectly attempts to reference the socket address
  information even though that information has not yet been set.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.5.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-005.pdf

Thank you for your continued support of Asterisk!


(jnemeth)
diff -r1.97 -r1.98 pkgsrc/comms/asterisk/Makefile
diff -r1.59 -r1.60 pkgsrc/comms/asterisk/distinfo
cvs diff -r1.97 -r1.98 pkgsrc/comms/asterisk/Attic/Makefile (expand / switch to unified diff)

--- pkgsrc/comms/asterisk/Attic/Makefile 2013/08/08 00:45:10 1.97
+++ pkgsrc/comms/asterisk/Attic/Makefile 2013/08/30 05:49:51 1.98
@@ -1,23 +1,22 @@ @@ -1,23 +1,22 @@
1# $NetBSD: Makefile,v 1.97 2013/08/08 00:45:10 jnemeth Exp $ 1# $NetBSD: Makefile,v 1.98 2013/08/30 05:49:51 jnemeth Exp $
2# 2#
3# NOTE: when updating this package, there are two places that sound 3# NOTE: when updating this package, there are two places that sound
4# tarballs need to be checked 4# tarballs need to be checked
5 5
6DISTNAME= asterisk-11.5.0 6DISTNAME= asterisk-11.5.1
7DIST_SUBDIR= ${PKGNAME_NOREV} 7DIST_SUBDIR= ${PKGNAME_NOREV}
8DISTFILES= ${DEFAULT_DISTFILES} 8DISTFILES= ${DEFAULT_DISTFILES}
9EXTRACT_ONLY= ${DISTNAME}.tar.gz 9EXTRACT_ONLY= ${DISTNAME}.tar.gz
10PKGREVISION= 1 
11CATEGORIES= comms net audio 10CATEGORIES= comms net audio
12MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ 11MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \
13 http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ 12 http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \
14 http://downloads.asterisk.org/pub/telephony/sounds/releases/ 13 http://downloads.asterisk.org/pub/telephony/sounds/releases/
15 14
16OWNER= jnemeth@NetBSD.org 15OWNER= jnemeth@NetBSD.org
17HOMEPAGE= http://www.asterisk.org/ 16HOMEPAGE= http://www.asterisk.org/
18COMMENT= The Asterisk Software PBX 17COMMENT= The Asterisk Software PBX
19LICENSE= gnu-gpl-v2 18LICENSE= gnu-gpl-v2
20 19
21# known to have issues on i386, block the package until the bug is fixed 20# known to have issues on i386, block the package until the bug is fixed
22NOT_FOR_PLATFORM= NetBSD-*-i386 21NOT_FOR_PLATFORM= NetBSD-*-i386
23 22
cvs diff -r1.59 -r1.60 pkgsrc/comms/asterisk/Attic/distinfo (expand / switch to unified diff)

--- pkgsrc/comms/asterisk/Attic/distinfo 2013/08/08 00:45:10 1.59
+++ pkgsrc/comms/asterisk/Attic/distinfo 2013/08/30 05:49:51 1.60
@@ -1,21 +1,21 @@ @@ -1,21 +1,21 @@
1$NetBSD: distinfo,v 1.59 2013/08/08 00:45:10 jnemeth Exp $ 1$NetBSD: distinfo,v 1.60 2013/08/30 05:49:51 jnemeth Exp $
2 2
3SHA1 (asterisk-11.5.0/asterisk-11.5.0.tar.gz) = def6629cb8716bf6fa2d1f267f7c2a44882fca46 3SHA1 (asterisk-11.5.1/asterisk-11.5.1.tar.gz) = fd2d568dbb6d75be17b141466ee3e276d4910e23
4RMD160 (asterisk-11.5.0/asterisk-11.5.0.tar.gz) = a450f82bb66469222275b16143b2c45f6097d759 4RMD160 (asterisk-11.5.1/asterisk-11.5.1.tar.gz) = b48db50357cb04d5f32f98ef958c9c2603de5ada
5Size (asterisk-11.5.0/asterisk-11.5.0.tar.gz) = 30590657 bytes 5Size (asterisk-11.5.1/asterisk-11.5.1.tar.gz) = 30580447 bytes
6SHA1 (asterisk-11.5.0/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 3aac6cf4a07cb2644b7b5369c618b07561619f9f 6SHA1 (asterisk-11.5.1/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 3aac6cf4a07cb2644b7b5369c618b07561619f9f
7RMD160 (asterisk-11.5.0/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 5dc9696c54d2233cf74835fe7ccd2c1791f20041 7RMD160 (asterisk-11.5.1/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 5dc9696c54d2233cf74835fe7ccd2c1791f20041
8Size (asterisk-11.5.0/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 4407925 bytes 8Size (asterisk-11.5.1/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 4407925 bytes
9SHA1 (patch-Makefile) = ed581d46026e8e89ed8be374c7085efca19911d2 9SHA1 (patch-Makefile) = ed581d46026e8e89ed8be374c7085efca19911d2
10SHA1 (patch-apps_app__confbridge.c) = c815905994355a19c32e8e3e2eb5dc9f1679eb29 10SHA1 (patch-apps_app__confbridge.c) = c815905994355a19c32e8e3e2eb5dc9f1679eb29
11SHA1 (patch-apps_app__dial.c) = 0f78d2571af88384a2d472ece08bf4b06f9ad211 11SHA1 (patch-apps_app__dial.c) = 0f78d2571af88384a2d472ece08bf4b06f9ad211
12SHA1 (patch-apps_app__followme.c) = a54e08d0dd0b6ff12281d4b7b8447707c1cbe20a 12SHA1 (patch-apps_app__followme.c) = a54e08d0dd0b6ff12281d4b7b8447707c1cbe20a
13SHA1 (patch-apps_app__queue.c) = 5bdb602a709060a1ffca688830930f1ca6bc5841 13SHA1 (patch-apps_app__queue.c) = 5bdb602a709060a1ffca688830930f1ca6bc5841
14SHA1 (patch-apps_app__skel.c) = e661a53b61d36343c54be7ad9ea6cde6cb10f180 14SHA1 (patch-apps_app__skel.c) = e661a53b61d36343c54be7ad9ea6cde6cb10f180
15SHA1 (patch-apps_app__sms.c) = d89b27a9df04d4da98d562241c07d25d182baefc 15SHA1 (patch-apps_app__sms.c) = d89b27a9df04d4da98d562241c07d25d182baefc
16SHA1 (patch-apps_confbridge_conf__config__parser.c) = 42d5a6e2ce837111d06fa9154c7f66403cb83553 16SHA1 (patch-apps_confbridge_conf__config__parser.c) = 42d5a6e2ce837111d06fa9154c7f66403cb83553
17SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4 17SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4
18SHA1 (patch-channels_chan__motif.c) = db6c97ba02a441633338d492032d78cd86f094f5 18SHA1 (patch-channels_chan__motif.c) = db6c97ba02a441633338d492032d78cd86f094f5
19SHA1 (patch-channels_chan__oss.c) = fccfa6fca010294ed2d3ab87fc31f436d67f49fa 19SHA1 (patch-channels_chan__oss.c) = fccfa6fca010294ed2d3ab87fc31f436d67f49fa
20SHA1 (patch-configure) = 88619fe9072ff69ed8da0a1917ac3852d10998a4 20SHA1 (patch-configure) = 88619fe9072ff69ed8da0a1917ac3852d10998a4
21SHA1 (patch-configure.ac) = 2fdae524cfc95f152b86a32405b80f6edae6fa20 21SHA1 (patch-configure.ac) = 2fdae524cfc95f152b86a32405b80f6edae6fa20