pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/comms/asterisk21
Module Name: pkgsrc
Committed By: jnemeth
Date: Mon Aug 4 20:43:25 UTC 2025
Modified Files:
pkgsrc/comms/asterisk21: Makefile PLIST distinfo
Log Message:
Update to Asterisk 21.10.1. This is a security update.
## Change Log for Release asterisk-21.10.1
### Links:
- [Full ChangeLog](https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-21.10.1.html)
- [GitHub Diff](https://github.com/asterisk/asterisk/compare/21.10.0...21.10.1)
### Summary:
- Commits: 2
- Commit Authors: 2
- Issues Resolved: 0
- Security Advisories Resolved: 2
- [GHSA-mrq5-74j5-f5cr](https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr): Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
- [GHSA-v9q8-9j8m-5xwp](https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp): Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.
### User Notes:
### Upgrade Notes:
- #### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
The safe_asterisk script now checks that, if it was run by the
root user, the /etc/asterisk/startup.d directory and all the files it contains
are owned by root. If the checks fail, safe_asterisk will exit with an error
and Asterisk will not be started. Additionally, the default logging
destination is now stderr instead of tty "9" which probably won't exist
in modern systems.
### Developer Notes:
### Commit Authors:
- George Joseph: (1)
- ThatTotallyRealMyth: (1)
## Issue and Commit Detail:
### Closed Issues:
- !GHSA-mrq5-74j5-f5cr: Remote DoS and possible RCE in asterisk/res/res_stir_shaken/verification.c
- !GHSA-v9q8-9j8m-5xwp: Uncontrolled Search-Path Element in safe_asterisk script may allow local privilege escalation.
### Commits By Author:
- #### George Joseph (1):
- res_stir_shaken: Test for missing semicolon in Identity header.
- #### ThatTotallyRealMyth (1):
- safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
### Commit List:
- safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
- res_stir_shaken: Test for missing semicolon in Identity header.
### Commit Details:
#### safe_asterisk: Add ownership checks for /etc/asterisk/startup.d and its files.
Author: ThatTotallyRealMyth
Date: 2025-06-10
UpgradeNote: The safe_asterisk script now checks that, if it was run by the
root user, the /etc/asterisk/startup.d directory and all the files it contains
are owned by root. If the checks fail, safe_asterisk will exit with an error
and Asterisk will not be started. Additionally, the default logging
destination is now stderr instead of tty "9" which probably won't exist
in modern systems.
Resolves: #GHSA-v9q8-9j8m-5xwp
#### res_stir_shaken: Test for missing semicolon in Identity header.
Author: George Joseph
Date: 2025-07-31
ast_stir_shaken_vs_verify() now makes sure there's a semicolon in
the Identity header to prevent a possible segfault.
Resolves: #GHSA-mrq5-74j5-f5cr
To generate a diff of this commit:
cvs rdiff -u -r1.16 -r1.17 pkgsrc/comms/asterisk21/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/comms/asterisk21/PLIST
cvs rdiff -u -r1.7 -r1.8 pkgsrc/comms/asterisk21/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/comms/asterisk21/Makefile
diff -u pkgsrc/comms/asterisk21/Makefile:1.16 pkgsrc/comms/asterisk21/Makefile:1.17
--- pkgsrc/comms/asterisk21/Makefile:1.16 Mon Jul 21 06:30:02 2025
+++ pkgsrc/comms/asterisk21/Makefile Mon Aug 4 20:43:24 2025
@@ -1,11 +1,11 @@
-# $NetBSD: Makefile,v 1.16 2025/07/21 06:30:02 jnemeth Exp $
+# $NetBSD: Makefile,v 1.17 2025/08/04 20:43:24 jnemeth Exp $
#
# NOTE: when updating this package, there are two places that sound
# tarballs need to be checked; look in ${WRKSRC}/sounds/Makefile
# to find out the current sound file versions
# Also look in ${WRKSRC}/third-party/versions.mak for pjproject
-DISTNAME= asterisk-21.10.0
+DISTNAME= asterisk-21.10.1
CATEGORIES= comms net audio
MASTER_SITES= https://downloads.asterisk.org/pub/telephony/asterisk/
MASTER_SITES+= https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/
@@ -271,10 +271,12 @@ post-install:
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.9.0.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.9.1.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.10.0.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
+ ${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.10.1.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.8.0.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.9.0.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.9.1.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.10.0.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
+ ${INSTALL_DATA} ${WRKSRC}/ChangeLogs/ChangeLog-21.10.1.html ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/ChangeLogs/historical/CHANGES ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/LICENSE ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
${INSTALL_DATA} ${WRKSRC}/README-SERIOUSLY.bestpractices.md ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
Index: pkgsrc/comms/asterisk21/PLIST
diff -u pkgsrc/comms/asterisk21/PLIST:1.6 pkgsrc/comms/asterisk21/PLIST:1.7
--- pkgsrc/comms/asterisk21/PLIST:1.6 Mon Jul 21 06:30:02 2025
+++ pkgsrc/comms/asterisk21/PLIST Mon Aug 4 20:43:24 2025
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.6 2025/07/21 06:30:02 jnemeth Exp $
+@comment $NetBSD: PLIST,v 1.7 2025/08/04 20:43:24 jnemeth Exp $
lib/asterisk/libasteriskpj.so
lib/asterisk/libasteriskpj.so.2
lib/asterisk/modules/app_adsiprog.so
@@ -2322,6 +2322,8 @@ share/doc/asterisk/ChangeLog-21.0.2.md
share/doc/asterisk/ChangeLog-21.1.0.md
share/doc/asterisk/ChangeLog-21.10.0.html
share/doc/asterisk/ChangeLog-21.10.0.md
+share/doc/asterisk/ChangeLog-21.10.1.html
+share/doc/asterisk/ChangeLog-21.10.1.md
share/doc/asterisk/ChangeLog-21.2.0.md
share/doc/asterisk/ChangeLog-21.3.0.md
share/doc/asterisk/ChangeLog-21.3.1.md
Index: pkgsrc/comms/asterisk21/distinfo
diff -u pkgsrc/comms/asterisk21/distinfo:1.7 pkgsrc/comms/asterisk21/distinfo:1.8
--- pkgsrc/comms/asterisk21/distinfo:1.7 Mon Jul 21 06:30:02 2025
+++ pkgsrc/comms/asterisk21/distinfo Mon Aug 4 20:43:24 2025
@@ -1,17 +1,17 @@
-$NetBSD: distinfo,v 1.7 2025/07/21 06:30:02 jnemeth Exp $
+$NetBSD: distinfo,v 1.8 2025/08/04 20:43:24 jnemeth Exp $
-BLAKE2s (asterisk-21.10.0/asterisk-21.10.0.tar.gz) = 06e21c3a0e2188008f99ec5f6636a850a00502235162bc1b78f8ce395ceba004
-SHA512 (asterisk-21.10.0/asterisk-21.10.0.tar.gz) = 99829addcd2f09d9a7135a325252b67c64e4aefb5bfb6d24478e3c06ac5b0ada962aedbc482bde4bc790ae8eb98a4ce58fc7a8e25c5b4269dd0d76f22de5da7f
-Size (asterisk-21.10.0/asterisk-21.10.0.tar.gz) = 26538178 bytes
-BLAKE2s (asterisk-21.10.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde
-SHA512 (asterisk-21.10.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d
-Size (asterisk-21.10.0/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes
-BLAKE2s (asterisk-21.10.0/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48
-SHA512 (asterisk-21.10.0/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744
-Size (asterisk-21.10.0/pjproject-2.15.1.md5) = 172 bytes
-BLAKE2s (asterisk-21.10.0/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd
-SHA512 (asterisk-21.10.0/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd
-Size (asterisk-21.10.0/pjproject-2.15.1.tar.bz2) = 8492214 bytes
+BLAKE2s (asterisk-21.10.1/asterisk-21.10.1.tar.gz) = 122e9bed801eee42b25c5df2b714c4d093187962df2620eb7d1ae11ebeb0fa1c
+SHA512 (asterisk-21.10.1/asterisk-21.10.1.tar.gz) = 0b972be132f8a3ed67cb880a3255db1bfb7f9c2fc2cf51fcc1a348ff3481588a1896f4041a032dccad10bebeaebdf786ab94ee69389acbf2e7676c2224063601
+Size (asterisk-21.10.1/asterisk-21.10.1.tar.gz) = 26541550 bytes
+BLAKE2s (asterisk-21.10.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f7e5fe212d7e7cdca14c52527a2552311ab7762c3f1464b09ddedc7c66aebde
+SHA512 (asterisk-21.10.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 3f2f7bf3d5bce3544bc013f913c352f0204a3ce96239987403eb9dce8bc87e64a61d437762323a422a87b2fad1f3bf3e7a5f3d0d340f912a1b1dbfea9479d41d
+Size (asterisk-21.10.1/asterisk-extra-sounds-en-gsm-1.5.2.tar.gz) = 4253587 bytes
+BLAKE2s (asterisk-21.10.1/pjproject-2.15.1.md5) = 1bdb00828816aff69f43eaacd084bd7d0a48670af33110bd0cd6325ead45aa48
+SHA512 (asterisk-21.10.1/pjproject-2.15.1.md5) = 75963b64e702a5810fd5b8b574a07396cab1a87543d806135e7a9b9762d35129354f99283252f40ad75a6a94cd1921f164ed8e63174de0c5430e5c6913d21744
+Size (asterisk-21.10.1/pjproject-2.15.1.md5) = 172 bytes
+BLAKE2s (asterisk-21.10.1/pjproject-2.15.1.tar.bz2) = 2bcb38884531f0be966c78b6bac45ac63d8c612c060da91c584d192fe0fdf9cd
+SHA512 (asterisk-21.10.1/pjproject-2.15.1.tar.bz2) = c080eb44b49fccadb1c76ff2b3221935b0d531a1e2087b47c21b4ec2cdd8ee0e62b13c334495c9c759b348a0792204611987089a6aa6264999f0116aec8dbdfd
+Size (asterisk-21.10.1/pjproject-2.15.1.tar.bz2) = 8492214 bytes
SHA1 (patch-Makefile) = 5cf3b6937ec23a82e4d056b91e493a36bc1089b9
SHA1 (patch-addons_chan__ooh323.c) = 1775da7ca2129a962ed460bd1e78ba3ce6afa62c
SHA1 (patch-apps_app__adsiprog.c) = 031139e5cd1ef6bb2afb0a74fee3d752eded0a2c
Home |
Main Index |
Thread Index |
Old Index