Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/comms/asterisk14 asterisk14: updated to 14.7.8
details: https://anonhg.NetBSD.org/pkgsrc/rev/201592de4a60
branches: trunk
changeset: 430883:201592de4a60
user: adam <adam%pkgsrc.org@localhost>
date: Tue May 05 17:59:09 2020 +0000
description:
asterisk14: updated to 14.7.8
asterisk 14.7.8:
* AST-2018-009: Fix crash processing websocket HTTP Upgrade requests
The HTTP request processing in res_http_websocket allocates additional
space on the stack for various headers received during an Upgrade request.
An attacker could send a specially crafted request that causes this code
to overflow the stack, resulting in a crash.
* No longer allocate memory from the stack in a loop to parse the header
values. NOTE: There is a slight API change when using the passed in
strings as is. We now require the passed in strings to no longer have
leading or trailing whitespace. This isn't a problem as the only callers
have already done this before passing the strings to the affected
function.
asterisk 14.7.7:
* AST-2018-008: Fix enumeration of endpoints from ACL rejected addresses.
When endpoint specific ACL rules block a SIP request they respond with a
403 forbidden. However, if an endpoint is not identified then a 401
unauthorized response is sent. This vulnerability just discloses which
requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
access to the disclosed endpoints.
* Made endpoint specific ACL rules now respond with a 401 unauthorized
which is the same as if an endpoint were not identified. The fix is
accomplished by replacing the found endpoint with the artificial endpoint
which always fails authentication.
asterisk 14.7.6:
* AST-2018-003: Crash with an invalid SDP fmtp attribute
pjproject's fmtp retrieval function failed to catch invalid fmtp attributes.
Because of this Asterisk would crash if given an SDP with an invalid fmtp
attribute.
When retrieving the format this patch now makes sure the fmtp attribute is
available. If not available it now returns an error status.
* AST-2018-002: Crash with an invalid SDP media format description
pjproject's media format parsing algorithm failed to catch invalid values.
Because of this Asterisk would crash if given an SDP with a invalid media
format description.
When parsing the media format description this patch now properly parses the
value and returns an error status if it can't successfully parse/convert the
value.
* AST-2018-005: res_pjsip_transport_management: Move to core
Since res_pjsip_transport_management provides several attack
mitigation features, its functionality moved to res_pjsip and
this module has been removed. This way the features will always
be available if res_pjsip is loaded.
* AST-2018-005: Fix tdata leaks when calling pjsip_endpt_send_response(2)
pjsip_distributor:
authenticate() creates a tdata and uses it to send a challenge or
failure response. When pjsip_endpt_send_response2() succeeds, it
automatically decrements the tdata ref count but when it fails, it
doesn't. Since we weren't checking for a return status, we weren't
decrementing the count ourselves on error and were therefore leaking
tdatas.
res_pjsip_session:
session_reinvite_on_rx_request wasn't decrementing the ref count
if an error happened while sending a 491 response.
pre_session_setup wasn't decrementing the ref count if
while sending an error after a pjsip_inv_verify_request failure.
res_pjsip:
ast_sip_send_response wasn't decrementing the ref count on error.
* AST-2018-005: Add a check for NULL tdata in ast_sip_failover_request
It was discovered that there are some corner cases where a pjsip tsx
might have no last_tx so calling ast_sip_failover_request with
a NULL last_tx as its tdata would cause a crash.
* AST-2018-004: Restrict the number of Accept headers in a SUBSCRIBE.
When receiving a SUBSCRIBE request the Accept headers from it are
stored locally. This operation has a fixed limit of 32 Accept headers
but this limit was not enforced. As a result it was possible for
memory outside of the allocated space to get written to resulting
in a crash.
This change enforces the limit so only 32 Accept headers are
processed.
diffstat:
comms/asterisk14/Makefile | 9 ++---
comms/asterisk14/distinfo | 19 +++++++------
comms/asterisk14/patches/patch-res_srtp_srtp__compat.h | 25 ++++++++++++++++++
3 files changed, 39 insertions(+), 14 deletions(-)
diffs (98 lines):
diff -r 4f5630f2e6f7 -r 201592de4a60 comms/asterisk14/Makefile
--- a/comms/asterisk14/Makefile Tue May 05 17:54:39 2020 +0000
+++ b/comms/asterisk14/Makefile Tue May 05 17:59:09 2020 +0000
@@ -1,11 +1,10 @@
-# $NetBSD: Makefile,v 1.43 2020/04/12 08:28:22 adam Exp $
+# $NetBSD: Makefile,v 1.44 2020/05/05 17:59:09 adam Exp $
#
# NOTE: when updating this package, there are two places that sound
# tarballs need to be checked; look in ${WRKSRC}/sounds/Makefile
# to find out the current sound file versions
-DISTNAME= asterisk-14.7.5
-PKGREVISION= 22
+DISTNAME= asterisk-14.7.8
CATEGORIES= comms net audio
MASTER_SITES= http://downloads.asterisk.org/pub/telephony/asterisk/
MASTER_SITES+= http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/
@@ -20,7 +19,7 @@
OWNER= jnemeth%NetBSD.org@localhost
HOMEPAGE= https://www.asterisk.org/
-MAKE_JOBS_SAFE= NO
+MAKE_JOBS_SAFE= no
# known to have issues on i386, block the package until the bug is fixed
BROKEN_ON_PLATFORM= NetBSD-*-i386
@@ -283,7 +282,7 @@
${INSTALL_DATA} ${WRKSRC}/doc/api-1.6.2-changes.txt ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
cp -r ${WRKSRC}/doc/Asterisk-Admin-Guide ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}/Asterisk-Admin-Guide
-.if ${OPSYS} != "Darwin" && ${PKGSRC_COMPILER} == "clang"
+.if ${OPSYS} != "Darwin" && ${PKGSRC_COMPILER:Mclang}
.include "../../lang/libBlocksRuntime/buildlink3.mk"
LDFLAGS+= -L${PREFIX}/lib
.endif
diff -r 4f5630f2e6f7 -r 201592de4a60 comms/asterisk14/distinfo
--- a/comms/asterisk14/distinfo Tue May 05 17:54:39 2020 +0000
+++ b/comms/asterisk14/distinfo Tue May 05 17:59:09 2020 +0000
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.8 2019/12/21 23:29:04 joerg Exp $
+$NetBSD: distinfo,v 1.9 2020/05/05 17:59:09 adam Exp $
-SHA1 (asterisk-14.7.5/asterisk-14.7.5.tar.gz) = b378be5598e76f2385298bab346bf489796cefa7
-RMD160 (asterisk-14.7.5/asterisk-14.7.5.tar.gz) = 1cd1ac72c758bebe54d7fdefe2a7fd59640d7863
-SHA512 (asterisk-14.7.5/asterisk-14.7.5.tar.gz) = e6ac50d116528aeb2d2f0ac05ce2d3f5c037b87926fffa0d958d34f02957f13c8a01894c40d7a20ad52d3f3b929f3521a7969e19f485f19bef1d53e8d5390c81
-Size (asterisk-14.7.5/asterisk-14.7.5.tar.gz) = 40819648 bytes
-SHA1 (asterisk-14.7.5/asterisk-extra-sounds-en-gsm-1.5.1.tar.gz) = 8bd05d42d45454b642f1d2e598e00e2189747846
-RMD160 (asterisk-14.7.5/asterisk-extra-sounds-en-gsm-1.5.1.tar.gz) = 2320f0c9b884c1d7e80003668fbae03cf4495842
-SHA512 (asterisk-14.7.5/asterisk-extra-sounds-en-gsm-1.5.1.tar.gz) = 6da96ecf9fb2051fd7efc1c5f9b346f6ec7b31d06b7008e0612c869984a3212141ec981132ddd55215339e04c6c27b48d8b3737bd1fa974bffd628a0505212b4
-Size (asterisk-14.7.5/asterisk-extra-sounds-en-gsm-1.5.1.tar.gz) = 4254022 bytes
+SHA1 (asterisk-14.7.8/asterisk-14.7.8.tar.gz) = 7a6cf40a52b6a895bcb9f97c1308fb074dc4020a
+RMD160 (asterisk-14.7.8/asterisk-14.7.8.tar.gz) = c9bd6eba681cbcf058fd38a31d360d7114bde0a1
+SHA512 (asterisk-14.7.8/asterisk-14.7.8.tar.gz) = 4c140abd1bf17456e13d81c8343f3d1635603cf8de0ad9dd687d3dc714644a4d49bbc98a650df5b1a2b70596050b328de54edf3482f716f90a703642a1d82d2e
+Size (asterisk-14.7.8/asterisk-14.7.8.tar.gz) = 40819741 bytes
+SHA1 (asterisk-14.7.8/asterisk-extra-sounds-en-gsm-1.5.1.tar.gz) = 8bd05d42d45454b642f1d2e598e00e2189747846
+RMD160 (asterisk-14.7.8/asterisk-extra-sounds-en-gsm-1.5.1.tar.gz) = 2320f0c9b884c1d7e80003668fbae03cf4495842
+SHA512 (asterisk-14.7.8/asterisk-extra-sounds-en-gsm-1.5.1.tar.gz) = 6da96ecf9fb2051fd7efc1c5f9b346f6ec7b31d06b7008e0612c869984a3212141ec981132ddd55215339e04c6c27b48d8b3737bd1fa974bffd628a0505212b4
+Size (asterisk-14.7.8/asterisk-extra-sounds-en-gsm-1.5.1.tar.gz) = 4254022 bytes
SHA1 (patch-Makefile) = 8e6c47cabfc2dffcfd8c5a5d2eb0c76e864a5519
SHA1 (patch-addons_chan__ooh323.c) = 9cba619ced6a4449604faebeac33d91a23519c48
SHA1 (patch-apps_app__dumpchan.c) = 127ac02bdc180ad2334cd095aa6e646feb6fba10
@@ -49,6 +49,7 @@
SHA1 (patch-res_res__calendar.c) = 45211a3baf8fbd8b201ba0167f8c56fb35728c4a
SHA1 (patch-res_res__calendar__caldav.c) = afe2f4806dd57148dde11baeefaa7897fce4d485
SHA1 (patch-res_res__calendar__icalendar.c) = ed34b7147d8834ebadac9b1b8488a4c645f90a5b
+SHA1 (patch-res_srtp_srtp__compat.h) = f80f2043d3ad15d0a490392cd77cf9a00bf4905f
SHA1 (patch-sounds_Makefile) = 57cff080350c828526a276f44665ce11e2b93865
SHA1 (patch-tests_test__locale.c) = f3f1edc86356f2a7b4d3493433c772e164c77f66
SHA1 (patch-tests_test__voicemail__api.c) = c600f726136581e47cf34da2c0bb485b8a5912eb
diff -r 4f5630f2e6f7 -r 201592de4a60 comms/asterisk14/patches/patch-res_srtp_srtp__compat.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/comms/asterisk14/patches/patch-res_srtp_srtp__compat.h Tue May 05 17:59:09 2020 +0000
@@ -0,0 +1,25 @@
+$NetBSD: patch-res_srtp_srtp__compat.h,v 1.1 2020/05/05 17:59:10 adam Exp $
+
+Fix for newer comms/srtp (from asterisk15).
+
+--- res/srtp/srtp_compat.h.orig 2018-09-20 18:48:30.000000000 +0000
++++ res/srtp/srtp_compat.h
+@@ -16,6 +16,18 @@
+ #define crypto_policy_set_aes_gcm_128_8_auth srtp_crypto_policy_set_aes_gcm_128_8_auth
+ #define crypto_policy_set_aes_gcm_256_8_auth srtp_crypto_policy_set_aes_gcm_256_8_auth
+
++#if defined(SRTP_AES_GCM_128_KEY_LEN_WSALT)
++#define AES_128_GCM_KEYSIZE_WSALT SRTP_AES_GCM_128_KEY_LEN_WSALT
++#else
++#define AES_128_GCM_KEYSIZE_WSALT SRTP_AES_128_GCM_KEYSIZE_WSALT
++#endif
++
++#if defined(SRTP_AES_GCM_256_KEY_LEN_WSALT)
++#define AES_256_GCM_KEYSIZE_WSALT SRTP_AES_GCM_256_KEY_LEN_WSALT
++#else
++#define AES_256_GCM_KEYSIZE_WSALT SRTP_AES_256_GCM_KEYSIZE_WSALT
++#endif
++
+ #define err_status_t srtp_err_status_t
+ #define err_status_ok srtp_err_status_ok
+ #define err_status_fail srtp_err_status_fail
Home |
Main Index |
Thread Index |
Old Index