pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: [pkgsrc-2015Q1] pkgsrc/comms/asterisk18



Module Name:    pkgsrc
Committed By:   tron
Date:           Wed Jun 10 20:38:43 UTC 2015

Modified Files:
        pkgsrc/comms/asterisk18 [pkgsrc-2015Q1]: Makefile distinfo
Added Files:
        pkgsrc/comms/asterisk18/patches [pkgsrc-2015Q1]: patch-main_loader.c

Log Message:
Pullup ticket #4736 - requested by manu
comms/asterisk18: security update

Revisions pulled up:
- comms/asterisk18/Makefile                             1.94,1.97 via patch
- comms/asterisk18/distinfo                             1.60-1.61
- comms/asterisk18/patches/patch-main_loader.c          1.1

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Sun Apr 12 03:35:39 UTC 2015

   Modified Files:
           pkgsrc/comms/asterisk18: Makefile distinfo

   Log Message:
   Update to Asterisk 1.8.32.3:  this is a security fix update.

   The Asterisk Development Team has announced security releases for
   Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
   12, and 13. The available security releases are released as versions
   1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
   and 13.3.2.

   The release of these versions resolves the following security vulnerability:

   * AST-2015-003: TLS Certificate Common name NULL byte exploit

     When Asterisk registers to a SIP TLS device and verifies the
     server, Asterisk will accept signed certificates that match a
     common name other than the one Asterisk is expecting if the signed
     certificate has a common name containing a null byte after the
     portion of the common name that Asterisk expected. This potentially
     allows for a man in the middle attack.

   For more information about the details of this vulnerability, please read
   security advisory AST-2015-003, which was released at the same time as this
   announcement.

   For a full list of changes in the current releases, please see the Change Logs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3

   The security advisory is available at:

   * http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

   Thank you for your continued support of Asterisk!

---
   Module Name:    pkgsrc
   Committed By:   manu
   Date:           Tue Apr 28 08:48:11 UTC 2015

   Modified Files:
           pkgsrc/comms/asterisk18: Makefile distinfo
   Added Files:
           pkgsrc/comms/asterisk18/patches: patch-main_loader.c

   Log Message:
   Fix crash in asterisk18 startup

   The added patch fixes startup crash and was submitted upstream.
   While there also remove the ban on i386, as it was tested to run fine.


To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.92.2.1 pkgsrc/comms/asterisk18/Makefile
cvs rdiff -u -r1.59 -r1.59.2.1 pkgsrc/comms/asterisk18/distinfo
cvs rdiff -u -r0 -r1.1.2.2 \
    pkgsrc/comms/asterisk18/patches/patch-main_loader.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.




Home | Main Index | Thread Index | Old Index