pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/comms/asterisk21
Module Name: pkgsrc
Committed By: jnemeth
Date: Mon Feb 16 02:49:34 UTC 2026
Modified Files:
pkgsrc/comms/asterisk21: Makefile PLIST distinfo
Log Message:
update to Asterisk 21.12.1: this is a security fix
## Change Log for Release asterisk-21.12.1
### Links:
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.12.1.html)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.12.0...21.12.1)
### Summary:
- Commits: 4
- Commit Authors: 2
- Issues Resolved: 0
- Security Advisories Resolved: 4
- [GHSA-85x7-54wr-vh42](https://github.com/asterisk/asterisk/security/advisories/GHSA-85x7-54wr-vh42): Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
- [GHSA-rvch-3jmx-3jf3](https://github.com/asterisk/asterisk/security/advisories/GHSA-rvch-3jmx-3jf3): ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially
leading to privilege escalation
- [GHSA-v6hp-wh3r-cwxh](https://github.com/asterisk/asterisk/security/advisories/GHSA-v6hp-wh3r-cwxh): The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and
query string) without sanitization
- [GHSA-xpc6-x892-v83c](https://github.com/asterisk/asterisk/security/advisories/GHSA-xpc6-x892-v83c): ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to
potential privilege escalation
### User Notes:
- #### ast_coredumper: check ast_debug_tools.conf permissions
ast_debug_tools.conf must be owned by root and not be
writable by other users or groups to be used by ast_coredumper or
by ast_logescalator or ast_loggrabber when run as root.
### Upgrade Notes:
- #### http.c: Change httpstatus to default disabled and sanitize output.
To prevent possible security issues, the `/httpstatus` page
served by the internal web server is now disabled by default. To explicitly
enable it, set `enable_status=yes` in http.conf.
## Issue and Commit Detail:
### Closed Issues:
- !GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection
- !GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation
- !GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization
- !GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation
### Commits By Author:
- #### George Joseph (2):
- #### Mike Bradeen (2):
### Commit List:
- xml.c: Replace XML_PARSE_NOENT with XML_PARSE_NONET for xmlReadFile.
- ast_coredumper: check ast_debug_tools.conf permissions
- http.c: Change httpstatus to default disabled and sanitize output.
- ast_coredumper: create gdbinit file with restrictive permissions
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 pkgsrc/comms/asterisk21/Makefile
cvs rdiff -u -r1.9 -r1.10 pkgsrc/comms/asterisk21/PLIST
cvs rdiff -u -r1.10 -r1.11 pkgsrc/comms/asterisk21/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/comms/asterisk21/Makefile
diff -u pkgsrc/comms/asterisk21/Makefile:1.23 pkgsrc/comms/asterisk21/Makefile:1.24
--- pkgsrc/comms/asterisk21/Makefile:1.23 Fri Feb 6 10:04:21 2026
+++ pkgsrc/comms/asterisk21/Makefile Mon Feb 16 02:49:34 2026
@@ -1,12 +1,11 @@
-# $NetBSD: Makefile,v 1.23 2026/02/06 10:04:21 wiz Exp $
+# $NetBSD: Makefile,v 1.24 2026/02/16 02:49:34 jnemeth Exp $
#
# NOTE: when updating this package, there are two places that sound
# tarballs need to be checked; look in ${WRKSRC}/sounds/Makefile
# to find out the current sound file versions
# Also look in ${WRKSRC}/third-party/versions.mak for pjproject
-DISTNAME= asterisk-21.12.0
-PKGREVISION= 2
+DISTNAME= asterisk-21.12.1
CATEGORIES= comms net audio
MASTER_SITES= https://downloads.asterisk.org/pub/telephony/asterisk/
MASTER_SITES+= https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/
@@ -276,6 +275,7 @@ post-install:
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.10.2.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.11.0.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.12.0.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
+ ${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.12.1.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.8.0.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.9.0.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.10.0.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
@@ -283,6 +283,7 @@ post-install:
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.10.2.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.11.0.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.12.0.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
+ ${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.12.1.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/historical/CHANGES ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/LICENSE ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/README-SERIOUSLY.bestpractices.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
Index: pkgsrc/comms/asterisk21/PLIST
diff -u pkgsrc/comms/asterisk21/PLIST:1.9 pkgsrc/comms/asterisk21/PLIST:1.10
--- pkgsrc/comms/asterisk21/PLIST:1.9 Mon Dec 1 03:42:23 2025
+++ pkgsrc/comms/asterisk21/PLIST Mon Feb 16 02:49:34 2026
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.9 2025/12/01 03:42:23 jnemeth Exp $
+@comment $NetBSD: PLIST,v 1.10 2026/02/16 02:49:34 jnemeth Exp $
lib/asterisk/libasteriskpj.so
lib/asterisk/libasteriskpj.so.2
lib/asterisk/modules/app_adsiprog.so
@@ -2331,6 +2331,8 @@ share/doc/asterisk/ChangeLog-21.11.0.htm
share/doc/asterisk/ChangeLog-21.11.0.md
share/doc/asterisk/ChangeLog-21.12.0.html
share/doc/asterisk/ChangeLog-21.12.0.md
+share/doc/asterisk/ChangeLog-21.12.1.html
+share/doc/asterisk/ChangeLog-21.12.1.md
share/doc/asterisk/ChangeLog-21.2.0.md
share/doc/asterisk/ChangeLog-21.3.0.md
share/doc/asterisk/ChangeLog-21.3.1.md
Index: pkgsrc/comms/asterisk21/distinfo
diff -u pkgsrc/comms/asterisk21/distinfo:1.10 pkgsrc/comms/asterisk21/distinfo:1.11
--- pkgsrc/comms/asterisk21/distinfo:1.10 Mon Dec 1 03:42:23 2025
+++ pkgsrc/comms/asterisk21/distinfo Mon Feb 16 02:49:34 2026
@@ -1,17 +1,17 @@
-$NetBSD: distinfo,v 1.10 2025/12/01 03:42:23 jnemeth Exp $
+$NetBSD: distinfo,v 1.11 2026/02/16 02:49:34 jnemeth Exp $
-BLAKE2s (asterisk-21.12.0/asterisk-21.12.0.tar.gz) = be63cc0ea7b06430c84ddacab68a9e9feae2d976ca898b6e8074385e1a73de14
-SHA512 (asterisk-21.12.0/asterisk-21.12.0.tar.gz) = 0d8addd4b16de1b0644b89105c33807127c87e50217403bd26701ff021f47cf2b746cdb047cbb8f0ec961fb5641e9fd93340cb1422a314d0a1215f5e4c169be4
-Size (asterisk-21.12.0/asterisk-21.12.0.tar.gz) = 26600343 bytes
-BLAKE2s (asterisk-21.12.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde
-SHA512 (asterisk-21.12.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d
-Size (asterisk-21.12.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes
-BLAKE2s (asterisk-21.12.0/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48
-SHA512 (asterisk-21.12.0/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744
-Size (asterisk-21.12.0/pjproject-2.15.1.md5) = 172 bytes
-BLAKE2s (asterisk-21.12.0/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd
-SHA512 (asterisk-21.12.0/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd
-Size (asterisk-21.12.0/pjproject-2.15.1.tar.bz2) = 8492214 bytes
+BLAKE2s (asterisk-21.12.1/asterisk-21.12.1.tar.gz) = 9dfc85c6f103e8dc7ce4ab535d35cc1bb1707f922393fadec110fd8d3c86285e
+SHA512 (asterisk-21.12.1/asterisk-21.12.1.tar.gz) = aad2072aa3ea0a1cc31f74204bf2f9a907c2c103b328cba5fb69311f213ca3ddb0862398c8a970a8702a0075b3be38c587e4f944c56aa385eb38397d57b991af
+Size (asterisk-21.12.1/asterisk-21.12.1.tar.gz) = 26606158 bytes
+BLAKE2s (asterisk-21.12.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde
+SHA512 (asterisk-21.12.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d
+Size (asterisk-21.12.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes
+BLAKE2s (asterisk-21.12.1/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48
+SHA512 (asterisk-21.12.1/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744
+Size (asterisk-21.12.1/pjproject-2.15.1.md5) = 172 bytes
+BLAKE2s (asterisk-21.12.1/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd
+SHA512 (asterisk-21.12.1/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd
+Size (asterisk-21.12.1/pjproject-2.15.1.tar.bz2) = 8492214 bytes
SHA1 (patch-Makefile) = 5cf3b6937ec23a82e4d056b91e493a36bc1089b9
SHA1 (patch-addons_chan__ooh323.c) = 1775da7ca2129a962ed460bd1e78ba3ce6afa62c
SHA1 (patch-apps_app__adsiprog.c) = 031139e5cd1ef6bb2afb0a74fee3d752eded0a2c
Home |
Main Index |
Thread Index |
Old Index