From 2219c0a40e6c768f627de2cd64ba7cdcb3e968c5 Mon Sep 17 00:00:00 2001 From: sthen Date: Fri, 24 Jun 2011 13:50:09 +0000 Subject: [PATCH] Your regularly scheduled security update to asterisk-1.8.4.3 AST-2011-008: If a remote user sends a SIP packet containing a null, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end of the buffer altering unrelated memory structures. This vulnerability does not affect TCP/TLS connections. -- Resolved in 1.6.2.18.1 and 1.8.4.3 AST-2011-009: A remote user sending a SIP packet containing a Contact header with a missing left angle bracket (<) causes Asterisk to access a null pointer. -- Resolved in 1.8.4.3 AST-2011-010: A memory address was inadvertently transmitted over the network via IAX2 via an option control frame and the remote party would try to access it. -- Resolved in 1.4.41.1, 1.6.2.18.1, and 1.8.4.3 --- telephony/asterisk/Makefile | 4 ++-- telephony/asterisk/distinfo | 10 +++++----- .../asterisk/patches/patch-channels_chan_unistim_c | 14 +++++++------- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/telephony/asterisk/Makefile b/telephony/asterisk/Makefile index 8a4179e0a1b..3f0b07cb8c4 100644 --- a/telephony/asterisk/Makefile +++ b/telephony/asterisk/Makefile @@ -1,9 +1,9 @@ -# $OpenBSD: Makefile,v 1.116 2011/06/03 16:08:01 sthen Exp $ +# $OpenBSD: Makefile,v 1.117 2011/06/24 13:50:09 sthen Exp $ SHARED_ONLY= Yes COMMENT-main= open source multi-protocol PBX and telephony toolkit -VER= 1.8.4.2 +VER= 1.8.4.3 DISTNAME= asterisk-${VER:S/beta/-beta/:S/rc/-rc/} PKGNAME-main= asterisk-${VER} diff --git a/telephony/asterisk/distinfo b/telephony/asterisk/distinfo index e8b042423f6..ae14d5f0aaa 100644 --- a/telephony/asterisk/distinfo +++ b/telephony/asterisk/distinfo @@ -1,32 +1,32 @@ -MD5 (asterisk-1.8.4.2.tar.gz) = kwzilxGen+sgF3nVJGUzcQ== +MD5 (asterisk-1.8.4.3.tar.gz) = uuYkBoJzbrvNNZa8bMGtFA== MD5 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = XyGAxhZleNMCJj628d77lg== MD5 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = 4aZTAcb0h9zeG2sOVvVzDA== MD5 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = VHnLTLgdZ4ME2W815JM6EQ== MD5 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz.sha1) = euKCSaScLc2s72YD1p39Zg== MD5 (asterisk-moh-opsound-wav-2.03.tar.gz) = gnfixpP9BWdzscFeTVIHfQ== MD5 (asterisk-moh-opsound-wav-2.03.tar.gz.sha1) = AR+k3J/jXcPTTtVXuwQmPw== -RMD160 (asterisk-1.8.4.2.tar.gz) = QDgpovzV9jwqmeFBRCzJj9afTes= +RMD160 (asterisk-1.8.4.3.tar.gz) = zAezB1Tq0PHG/xOdO5+UZC04Dds= RMD160 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = QrmFXULU6TKurS7Ori+xyp/tsIs= RMD160 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = 9jjgmgvJGKJh4cM4vEIVdnKlNAQ= RMD160 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = aBcMdp1znWtbNbAPmZrWu/h2+fY= RMD160 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz.sha1) = r2FBQo0Mel1qCQPV61rbSFUnkNY= RMD160 (asterisk-moh-opsound-wav-2.03.tar.gz) = lWaXSoNgUeCPUUEt5QjZK/O+fgI= RMD160 (asterisk-moh-opsound-wav-2.03.tar.gz.sha1) = D+hFjrIugSleLHkzLWEgvA7kjfM= -SHA1 (asterisk-1.8.4.2.tar.gz) = 9fyMDEND7B1oMbGBBgLSI6+Nyck= +SHA1 (asterisk-1.8.4.3.tar.gz) = vruCoZuGgXo65it0lZka9IDNqtg= SHA1 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = /1nj3UcJr0j69nws7CiWi9zWLk0= SHA1 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = 1DqTOIM1s1tS30CW8clyDq+R9Os= SHA1 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = hpL6YUI7R2nci/p4+vntXveiWbk= SHA1 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz.sha1) = 7mrmsEnCtwUNV0J+RJd/3sI3wYE= SHA1 (asterisk-moh-opsound-wav-2.03.tar.gz) = 9A/W6gPf6Ncq2iVAsiiL/cAGOB0= SHA1 (asterisk-moh-opsound-wav-2.03.tar.gz.sha1) = y7b1cl1V/jLKmqKzM+N9YSXQ9Ec= -SHA256 (asterisk-1.8.4.2.tar.gz) = xhCGqqSaZ1qjMlybz8LC43hoj+52kgdEhSfeVqY5PQs= +SHA256 (asterisk-1.8.4.3.tar.gz) = OqhXmPLsEl8DqZfmNZJF68awbGrloqgJRXB6eSFqPB8= SHA256 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = 6HhpuMXN1zILHPTeUgh58lz4tcLaNwen7v4z4IlbsBc= SHA256 (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = CkpTcoPBJgMHmqgMDqUPfnmfDMz7fQGGuA/DwV+BR3c= SHA256 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 1fAxzDHr6+yZzj/PRP+Ue9eye16VZaezphhcLRvaCUw= SHA256 (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz.sha1) = a0BErk9wQ3/hT5gPUVL6uk6iqitdhAKMAhOrL2XHSR8= SHA256 (asterisk-moh-opsound-wav-2.03.tar.gz) = RJ+4ENFlAsMFL+3wL353s2IGrFoUXz2s9Bd4Q6L8tTg= SHA256 (asterisk-moh-opsound-wav-2.03.tar.gz.sha1) = Y8VUFsoRQmGrGvT9EVIyLy7GnZGrw0vEzufTKByuDZc= -SIZE (asterisk-1.8.4.2.tar.gz) = 27012984 +SIZE (asterisk-1.8.4.3.tar.gz) = 27327187 SIZE (asterisk-core-sounds-en-gsm-1.4.20.tar.gz) = 1784804 SIZE (asterisk-core-sounds-en-gsm-1.4.20.tar.gz.sha1) = 84 SIZE (asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 diff --git a/telephony/asterisk/patches/patch-channels_chan_unistim_c b/telephony/asterisk/patches/patch-channels_chan_unistim_c index dddb845e769..a02642e1a7e 100644 --- a/telephony/asterisk/patches/patch-channels_chan_unistim_c +++ b/telephony/asterisk/patches/patch-channels_chan_unistim_c @@ -1,7 +1,7 @@ -$OpenBSD: patch-channels_chan_unistim_c,v 1.1 2011/04/09 19:16:51 ian Exp $ +$OpenBSD: patch-channels_chan_unistim_c,v 1.2 2011/06/24 13:50:09 sthen Exp $ # Patch is from https://bugs.digium.com/view.php?id=18229, in particular, chan_unistim.c.r299906-6.diff ---- channels/chan_unistim.c.orig Wed Jul 14 11:48:36 2010 -+++ channels/chan_unistim.c Fri Apr 8 20:50:05 2011 +--- channels/chan_unistim.c.orig Wed Jul 14 16:48:36 2010 ++++ channels/chan_unistim.c Fri Jun 24 14:21:26 2011 @@ -32,6 +32,15 @@ * \ingroup channel_drivers */ @@ -17,8 +17,8 @@ $OpenBSD: patch-channels_chan_unistim_c,v 1.1 2011/04/09 19:16:51 ian Exp $ + #include "asterisk.h" - ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.1 $") -@@ -69,6 +78,8 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.1 $") + ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.2 $") +@@ -69,6 +78,8 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.2 $") #include "asterisk/musiconhold.h" #include "asterisk/causes.h" #include "asterisk/indications.h" @@ -27,7 +27,7 @@ $OpenBSD: patch-channels_chan_unistim_c,v 1.1 2011/04/09 19:16:51 ian Exp $ /*! Beware, G729 and G723 are not supported by asterisk, except with the proper licence */ #define CAPABILITY AST_FORMAT_ALAW | AST_FORMAT_ULAW /* | AST_FORMAT_G729A | AST_FORMAT_G723_1 */ -@@ -78,11 +89,14 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.1 $") +@@ -78,11 +89,14 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.2 $") #define DEFAULTCALLERNAME " " #define DEFAULTHEIGHT 3 #define USTM_LOG_DIR "unistimHistory" @@ -42,7 +42,7 @@ $OpenBSD: patch-channels_chan_unistim_c,v 1.1 2011/04/09 19:16:51 ian Exp $ /*! Try x times before removing the phone */ #define NB_MAX_RETRANSMIT 8 /*! Nb of milliseconds waited when no events are scheduled */ -@@ -99,8 +113,9 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.1 $") +@@ -99,8 +113,9 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revision: 1.2 $") #define MAX_ENTRY_LOG 30 #define SUB_REAL 0