Update to Asterisk 1.8.4.4 (fixes AST-2011-011):

Asterisk Project Security Advisory - AST-2011-011 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Possible enumeration of SIP users due to | | | differing authentication responses | |--------------------+---------------------------------------------------| | Nature of Advisory | Unauthorized data disclosure | |--------------------+---------------------------------------------------| | Susceptibility | Remote unauthenticated sessions | |--------------------+---------------------------------------------------| | Severity | Moderate | |--------------------+---------------------------------------------------| | Exploits Known | No | |--------------------+---------------------------------------------------| | CVE Name | CVE-2011-2536 | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Description | Asterisk may respond differently to SIP requests from an | | | invalid SIP user than it does to a user configured on | | | the system, even when the alwaysauthreject option is set | | | in the configuration. This can leak information about | | | what SIP users are valid on the Asterisk system. | +------------------------------------------------------------------------+ +------------------------------------------------------------------------+ | Resolution | Respond to SIP requests from invalid and valid SIP users | | | in the same way. Asterisk 1.4 and 1.6.2 do not respond | | | identically by default due to backward-compatibility | | | reasons, and must have alwaysauthreject=yes set in | | | sip.conf. Asterisk 1.8 defaults to alwaysauthreject=yes. | | | | | | IT IS ABSOLUTELY IMPERATIVE that users of Asterisk 1.4 | | | and 1.6.2 set alwaysauthreject=yes in the general section | | | of sip.conf. | +------------------------------------------------------------------------+
2011-07-05 08:42:56 +00:00 · 2011-07-05 08:42:56 +00:00 · 33d1422458
commit 33d1422458
parent 5b13bdee1f
3 changed files with 19 additions and 16 deletions
--- a/comms/asterisk18/Makefile
+++ b/comms/asterisk18/Makefile
@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.9 2011/06/09 09:17:27 jnemeth Exp $
+# $NetBSD: Makefile,v 1.10 2011/07/05 08:42:56 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked

-DISTNAME=	asterisk-1.8.4.2
+DISTNAME=	asterisk-1.8.4.4
 DIST_SUBDIR=	${PKGNAME_NOREV}
 DISTFILES=	${DEFAULT_DISTFILES}
 EXTRACT_ONLY=	${DISTNAME}.tar.gz
--- a/comms/asterisk18/PLIST
+++ b/comms/asterisk18/PLIST
@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.4 2011/06/09 09:17:27 jnemeth Exp $
+@comment $NetBSD: PLIST,v 1.5 2011/07/05 08:42:56 jnemeth Exp $
 include/asterisk.h
 include/asterisk/_private.h
 include/asterisk/abstract_jb.h
@ -2237,6 +2237,9 @@ share/examples/asterisk/vpb.conf
 share/examples/rc.d/asterisk
 ${PLIST.webvmail}share/httpd/htdocs/_asterisk/animlogo.gif
 ${PLIST.webvmail}share/httpd/htdocs/_asterisk/play.gif
+@pkgdir libdata/asterisk/sounds/fr
+@pkgdir libdata/asterisk/sounds/es
+@pkgdir libdata/asterisk/sounds/en_AU
@pkgdir libdata/asterisk/keys
@pkgdir libdata/asterisk/firmware/iax
@pkgdir libdata/asterisk/documentation/thirdparty
--- a/comms/asterisk18/distinfo
+++ b/comms/asterisk18/distinfo
@ -1,17 +1,17 @@
-$NetBSD: distinfo,v 1.10 2011/06/09 09:17:27 jnemeth Exp $
+$NetBSD: distinfo,v 1.11 2011/07/05 08:42:56 jnemeth Exp $

-SHA1 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = f5fc8c0c4343ec1d6831b1810602d223af8dc9c9
-RMD160 (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 403829a2fcd5f63c2a99e141442cc98fd69f4deb
-Size (asterisk-1.8.4.2/asterisk-1.8.4.2.tar.gz) = 27012984 bytes
-SHA1 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
-RMD160 (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
-Size (asterisk-1.8.4.2/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
-SHA1 (asterisk-1.8.4.2/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8
-RMD160 (asterisk-1.8.4.2/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4
-Size (asterisk-1.8.4.2/extract-cfile.awk) = 667 bytes
-SHA1 (asterisk-1.8.4.2/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
-RMD160 (asterisk-1.8.4.2/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
-Size (asterisk-1.8.4.2/rfc3951.txt) = 373442 bytes
+SHA1 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 07d3ae5744e2dd10c5d9564b503690f3f0b84d96
+RMD160 (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = c95cab1b24547f1abd229dcf323cc7ed0b0b36a0
+Size (asterisk-1.8.4.4/asterisk-1.8.4.4.tar.gz) = 27326189 bytes
+SHA1 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
+RMD160 (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
+Size (asterisk-1.8.4.4/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
+SHA1 (asterisk-1.8.4.4/extract-cfile.awk) = c4f08eee1ab83c041bde1ab91672a4a3c43c28b8
+RMD160 (asterisk-1.8.4.4/extract-cfile.awk) = cd59f8e5807732023d5aec95187e2d5572f400a4
+Size (asterisk-1.8.4.4/extract-cfile.awk) = 667 bytes
+SHA1 (asterisk-1.8.4.4/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
+RMD160 (asterisk-1.8.4.4/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
+Size (asterisk-1.8.4.4/rfc3951.txt) = 373442 bytes
 SHA1 (patch-aa) = cb3a463c51abff717d960ad70f3c13beefe6d5f4
 SHA1 (patch-af) = ebad62fcb31b600d30235cc5e93284c93b2c8af9
 SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5