Pullup ticket #4572 - requested by jnemeth
comms/asterisk: security update
Revisions pulled up:
- comms/asterisk/Makefile 1.116
- comms/asterisk/distinfo 1.70
---
Module Name: pkgsrc
Committed By: jnemeth
Date: Fri Dec 12 22:12:56 UTC 2014
Modified Files:
pkgsrc/comms/asterisk: Makefile distinfo
Log Message:
Update to Asterisk 11.14.2: this is a security fix release.
The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.
The release of these versions resolves the following security vulnerability:
* AST-2014-019: Remote Crash Vulnerability in WebSocket Server
When handling a WebSocket frame the res_http_websocket module
dynamically changes the size of the memory used to allow the
provided payload to fit. If a payload length of zero was received
the code would incorrectly attempt to resize to zero. This
operation would succeed and end up freeing the memory but be
treated as a failure. When the session was subsequently torn down
this memory would get freed yet again causing a crash.
For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf
Thank you for your continued support of Asterisk!
(tron)
diff -r1.111.2.1 -r1.111.2.2 pkgsrc/comms/asterisk/Makefile| @@ -1,19 +1,19 @@ | @@ -1,19 +1,19 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.111.2.1 2014/12/06 16:57:53 tron Exp $ | 1 | # $NetBSD: Makefile,v 1.111.2.2 2014/12/14 09:52:57 tron Exp $ | |
| 2 | # | 2 | # | |
| 3 | # NOTE: when updating this package, there are two places that sound | 3 | # NOTE: when updating this package, there are two places that sound | |
| 4 | # tarballs need to be checked | 4 | # tarballs need to be checked | |
| 5 | 5 | |||
| 6 | DISTNAME= asterisk-11.14.1 | 6 | DISTNAME= asterisk-11.14.2 | |
| 7 | DIST_SUBDIR= ${PKGNAME_NOREV} | 7 | DIST_SUBDIR= ${PKGNAME_NOREV} | |
| 8 | DISTFILES= ${DEFAULT_DISTFILES} | 8 | DISTFILES= ${DEFAULT_DISTFILES} | |
| 9 | EXTRACT_ONLY= ${DISTNAME}.tar.gz | 9 | EXTRACT_ONLY= ${DISTNAME}.tar.gz | |
| 10 | CATEGORIES= comms net audio | 10 | CATEGORIES= comms net audio | |
| 11 | MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ | 11 | MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/ \ | |
| 12 | http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ | 12 | http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \ | |
| 13 | http://downloads.asterisk.org/pub/telephony/sounds/releases/ | 13 | http://downloads.asterisk.org/pub/telephony/sounds/releases/ | |
| 14 | 14 | |||
| 15 | OWNER= jnemeth@NetBSD.org | 15 | OWNER= jnemeth@NetBSD.org | |
| 16 | HOMEPAGE= http://www.asterisk.org/ | 16 | HOMEPAGE= http://www.asterisk.org/ | |
| 17 | COMMENT= The Asterisk Software PBX | 17 | COMMENT= The Asterisk Software PBX | |
| 18 | LICENSE= gnu-gpl-v2 | 18 | LICENSE= gnu-gpl-v2 | |
| 19 | MAKE_JOBS_SAFE= NO | 19 | MAKE_JOBS_SAFE= NO |
| @@ -1,21 +1,21 @@ | @@ -1,21 +1,21 @@ | |||
| 1 | $NetBSD: distinfo,v 1.66.2.1 2014/12/06 16:57:53 tron Exp $ | 1 | $NetBSD: distinfo,v 1.66.2.2 2014/12/14 09:52:57 tron Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (asterisk-11.14.1/asterisk-11.14.1.tar.gz) = 10f1ac8c282bbb99c07eaa13c93f994294dd552f | 3 | SHA1 (asterisk-11.14.2/asterisk-11.14.2.tar.gz) = 92c1d5e37bc0978351045fcb09075035077ab3da | |
| 4 | RMD160 (asterisk-11.14.1/asterisk-11.14.1.tar.gz) = 6f7bcde4be32a35bfc9b5c23c6f021fcfc52e205 | 4 | RMD160 (asterisk-11.14.2/asterisk-11.14.2.tar.gz) = 63fadeca5f8351e55559e8933077fa1a8655e700 | |
| 5 | Size (asterisk-11.14.1/asterisk-11.14.1.tar.gz) = 34966823 bytes | 5 | Size (asterisk-11.14.2/asterisk-11.14.2.tar.gz) = 34967655 bytes | |
| 6 | SHA1 (asterisk-11.14.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050 | 6 | SHA1 (asterisk-11.14.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050 | |
| 7 | RMD160 (asterisk-11.14.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150 | 7 | RMD160 (asterisk-11.14.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150 | |
| 8 | Size (asterisk-11.14.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes | 8 | Size (asterisk-11.14.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes | |
| 9 | SHA1 (patch-Makefile) = ed581d46026e8e89ed8be374c7085efca19911d2 | 9 | SHA1 (patch-Makefile) = ed581d46026e8e89ed8be374c7085efca19911d2 | |
| 10 | SHA1 (patch-apps_app__confbridge.c) = c815905994355a19c32e8e3e2eb5dc9f1679eb29 | 10 | SHA1 (patch-apps_app__confbridge.c) = c815905994355a19c32e8e3e2eb5dc9f1679eb29 | |
| 11 | SHA1 (patch-apps_app__dial.c) = 0f78d2571af88384a2d472ece08bf4b06f9ad211 | 11 | SHA1 (patch-apps_app__dial.c) = 0f78d2571af88384a2d472ece08bf4b06f9ad211 | |
| 12 | SHA1 (patch-apps_app__followme.c) = a54e08d0dd0b6ff12281d4b7b8447707c1cbe20a | 12 | SHA1 (patch-apps_app__followme.c) = a54e08d0dd0b6ff12281d4b7b8447707c1cbe20a | |
| 13 | SHA1 (patch-apps_app__meetme.c) = 73485931d63b6482aa549ee73ed6a72ec0e5f9a0 | 13 | SHA1 (patch-apps_app__meetme.c) = 73485931d63b6482aa549ee73ed6a72ec0e5f9a0 | |
| 14 | SHA1 (patch-apps_app__queue.c) = d13a54ba203f182b5d61cf0c2a22f00055e1f358 | 14 | SHA1 (patch-apps_app__queue.c) = d13a54ba203f182b5d61cf0c2a22f00055e1f358 | |
| 15 | SHA1 (patch-apps_app__skel.c) = e661a53b61d36343c54be7ad9ea6cde6cb10f180 | 15 | SHA1 (patch-apps_app__skel.c) = e661a53b61d36343c54be7ad9ea6cde6cb10f180 | |
| 16 | SHA1 (patch-apps_app__sms.c) = d89b27a9df04d4da98d562241c07d25d182baefc | 16 | SHA1 (patch-apps_app__sms.c) = d89b27a9df04d4da98d562241c07d25d182baefc | |
| 17 | SHA1 (patch-apps_confbridge_conf__config__parser.c) = 42d5a6e2ce837111d06fa9154c7f66403cb83553 | 17 | SHA1 (patch-apps_confbridge_conf__config__parser.c) = 42d5a6e2ce837111d06fa9154c7f66403cb83553 | |
| 18 | SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4 | 18 | SHA1 (patch-build__tools_mkpkgconfig) = 2bd3c0e24bc6d721cc234feb19b64a57106fcbe4 | |
| 19 | SHA1 (patch-channels_chan__motif.c) = db6c97ba02a441633338d492032d78cd86f094f5 | 19 | SHA1 (patch-channels_chan__motif.c) = db6c97ba02a441633338d492032d78cd86f094f5 | |
| 20 | SHA1 (patch-channels_chan__oss.c) = 0be259a83c4425d08b693a54c43896da039df721 | 20 | SHA1 (patch-channels_chan__oss.c) = 0be259a83c4425d08b693a54c43896da039df721 | |
| 21 | SHA1 (patch-channels_chan__sip.c) = 61c67e6d7e0a6e27e98614f6d4de15b64c73e7e1 | 21 | SHA1 (patch-channels_chan__sip.c) = 61c67e6d7e0a6e27e98614f6d4de15b64c73e7e1 |