update to Asterisk 13.18.5

AST-2017-012: Remote Crash Vulnerability in RTCP Stack If a compound RTCP packet is received containing more than one report (for example a Receiver Report and a Sender Report) the RTCP stack will incorrectly store report information outside of allocated memory potentially causing a crash. AST-2017-014: Crash in PJSIP resource when missing a contact header A select set of SIP messages create a dialog in Asterisk. Those SIP messages must contain a contact header. For those messages, if the header was not present and using the PJSIP channel driver, it would cause Asterisk to crash. The severity of this vulnerability is somewhat mitigated if authentication is enabled. If authentication is enabled a user would have to first be authorized before reaching the crash point.
2017-12-24 19:37:16 +00:00 · 2017-12-24 19:37:16 +00:00 · 5b1f08dc4c
commit 5b1f08dc4c
parent d8cfd61286
2 changed files with 4 additions and 4 deletions
--- a/telephony/asterisk/Makefile
+++ b/telephony/asterisk/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.267 2017/12/06 14:22:39 sthen Exp $
+# $OpenBSD: Makefile,v 1.268 2017/12/24 19:37:16 sthen Exp $

 BROKEN-aarch64=	linker problems with BlocksRuntime that only show up at runtime

 COMMENT-main=	open source multi-protocol PBX and telephony toolkit

-VER=		13.18.3
+VER=		13.18.5
 PJ_V=		2.6
 PORTROACH=	limitw:0,odd
 DISTNAME=	asterisk-${VER:S/beta/-beta/:S/rc/-rc/}
--- a/telephony/asterisk/distinfo
+++ b/telephony/asterisk/distinfo
@ -1,4 +1,4 @@
-SHA256 (asterisk-13.18.3.tar.gz) = co255O804/A4LHfl6qh4C1JlU3eg2zlSdGZ7c886ah0=
+SHA256 (asterisk-13.18.5.tar.gz) = I3BlYK4tg69EtSEECy2xFVs+hzsOH7y+J65LeJXzt08=
 SHA256 (pjproject-2.6.tar.bz2) = L1odocF02EWHHHWL2A+7WA/Kd5nTz6oNPE4IK1Fhx7Q=
-SIZE (asterisk-13.18.3.tar.gz) = 32972056
+SIZE (asterisk-13.18.5.tar.gz) = 32973835
 SIZE (pjproject-2.6.tar.bz2) = 4933273