Update to 1.8.7.1 -- this update fixes AST-2011-012

pkgsrc change: now what sqlite3 has been imported into NetBSD, enable it Asterisk Project Security Advisory - AST-2011-012 Product Asterisk Summary Remote crash vulnerability in SIP channel driver Nature of Advisory Remote crash Susceptibility Remote authenticated sessions Severity Critical Exploits Known No Reported On October 4, 2011 Reported By Ehsan Foroughi Posted On October 17, 2011 Last Updated On October 17, 2011 Advisory Contact Terry Wilson <twilson@digium.com> CVE Name CVE-2011-4063 Description A remote authenticated user can cause a crash with a malformed request due to an unitialized variable. Resolution Ensure variables are initialized in all cases when parsing the request. Affected Versions Product Release Series Asterisk Open Source 1.8.x All versions Asterisk Open Source 10.x All versions (currently in beta) Corrected In Product Release Asterisk Open Source 1.8.7.1, 10.0.0-rc1 Patches Download URL Revision http://downloads.asterisk.org/pub/security/AST-2011-012-1.8.diff 1.8 http://downloads.asterisk.org/pub/security/AST-2011-012-10.diff 10 Links Asterisk Project Security Advisories are posted at http://www.asterisk.org/security This document may be superseded by later versions; if so, the latest version will be posted at http://downloads.digium.com/pub/security/AST-2011-012.pdf and http://downloads.digium.com/pub/security/AST-2011-012.html Revision History Date Editor Revisions Made Asterisk Project Security Advisory - AST-2011-012 Copyright (c) 2011 Digium, Inc. All Rights Reserved. Permission is hereby granted to distribute and publish this advisory in its original, unaltered form.
2011-10-17 23:40:50 +00:00 · 2011-10-17 23:40:50 +00:00 · 636c6f0efe
commit 636c6f0efe
parent 6e50f8ab35
3 changed files with 19 additions and 17 deletions
--- a/comms/asterisk18/Makefile
+++ b/comms/asterisk18/Makefile
@ -1,10 +1,9 @@
-# $NetBSD: Makefile,v 1.14 2011/10/12 03:21:07 jnemeth Exp $
+# $NetBSD: Makefile,v 1.15 2011/10/17 23:40:50 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked

-DISTNAME=	asterisk-1.8.7.0
-PKGREVISION=	1
+DISTNAME=	asterisk-1.8.7.1
 DIST_SUBDIR=	${PKGNAME_NOREV}
 DISTFILES=	${DEFAULT_DISTFILES}
 EXTRACT_ONLY=	${DISTNAME}.tar.gz
@ -204,6 +203,7 @@ post-install:
 	${INSTALL_DATA} ${WRKSRC}/doc/README.txt ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}
 	${INSTALL_DATA} ${WRKSRC}/doc/api-1.6.2-changes.txt ${DESTDIR}${PREFIX}/share/doc/${PKGBASE}

+.include "../../databases/sqlite3/buildlink3.mk"
 .include "../../devel/zlib/buildlink3.mk"
 .include "../../security/openssl/buildlink3.mk"
 .include "../../textproc/libxml2/buildlink3.mk"
--- a/comms/asterisk18/PLIST
+++ b/comms/asterisk18/PLIST
@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.8 2011/10/12 03:21:07 jnemeth Exp $
+@comment $NetBSD: PLIST,v 1.9 2011/10/17 23:40:50 jnemeth Exp $
 include/asterisk.h
 include/asterisk/_private.h
 include/asterisk/abstract_jb.h
@ -211,10 +211,12 @@ lib/asterisk/modules/cdr_csv.so
 lib/asterisk/modules/cdr_custom.so
 lib/asterisk/modules/cdr_manager.so
 ${PLIST.unixodbc}lib/asterisk/modules/cdr_odbc.so
+lib/asterisk/modules/cdr_sqlite3_custom.so
 lib/asterisk/modules/cdr_syslog.so
 lib/asterisk/modules/cel_custom.so
 lib/asterisk/modules/cel_manager.so
 ${PLIST.unixodbc}lib/asterisk/modules/cel_odbc.so
+lib/asterisk/modules/cel_sqlite3_custom.so
 lib/asterisk/modules/chan_agent.so
 lib/asterisk/modules/chan_bridge.so
 ${PLIST.jabber}lib/asterisk/modules/chan_gtalk.so
--- a/comms/asterisk18/distinfo
+++ b/comms/asterisk18/distinfo
@ -1,17 +1,17 @@
-$NetBSD: distinfo,v 1.13 2011/10/11 03:12:55 jnemeth Exp $
+$NetBSD: distinfo,v 1.14 2011/10/17 23:40:50 jnemeth Exp $

-SHA1 (asterisk-1.8.7.0/asterisk-1.8.7.0.tar.gz) = e28ad2f52a227acc7ec6d6952f3fd41baecd6292
-RMD160 (asterisk-1.8.7.0/asterisk-1.8.7.0.tar.gz) = 84b7e2f49e1dc78c32649cc0786e6fea1bd2c9b5
-Size (asterisk-1.8.7.0/asterisk-1.8.7.0.tar.gz) = 27828568 bytes
-SHA1 (asterisk-1.8.7.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
-RMD160 (asterisk-1.8.7.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
-Size (asterisk-1.8.7.0/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
-SHA1 (asterisk-1.8.7.0/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
-RMD160 (asterisk-1.8.7.0/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
-Size (asterisk-1.8.7.0/extract-cfile.txt) = 643 bytes
-SHA1 (asterisk-1.8.7.0/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
-RMD160 (asterisk-1.8.7.0/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
-Size (asterisk-1.8.7.0/rfc3951.txt) = 373442 bytes
+SHA1 (asterisk-1.8.7.1/asterisk-1.8.7.1.tar.gz) = c29671daaca5725b4f4257a972c2fe88effbc16e
+RMD160 (asterisk-1.8.7.1/asterisk-1.8.7.1.tar.gz) = e69d6f6c555f52b8c6bd16428c9e64a22988e736
+Size (asterisk-1.8.7.1/asterisk-1.8.7.1.tar.gz) = 28557326 bytes
+SHA1 (asterisk-1.8.7.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 8692fa61423b4769dc8bfa78faf9ed5ef7a259b9
+RMD160 (asterisk-1.8.7.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 68170c769d739d6b5b35b00f999ad6bbf876f9f6
+Size (asterisk-1.8.7.1/asterisk-extra-sounds-en-gsm-1.4.11.tar.gz) = 3349898 bytes
+SHA1 (asterisk-1.8.7.1/extract-cfile.txt) = b22874814c83a53bcd1a8d96b5911304f304971e
+RMD160 (asterisk-1.8.7.1/extract-cfile.txt) = e7205fe7e95793f3ca6e384edeef1ad5713485e0
+Size (asterisk-1.8.7.1/extract-cfile.txt) = 643 bytes
+SHA1 (asterisk-1.8.7.1/rfc3951.txt) = 1a6c769be750fb02456d60db2470909254496017
+RMD160 (asterisk-1.8.7.1/rfc3951.txt) = 15f7ec61653ec9953172f8f2150e7d8f6f620926
+Size (asterisk-1.8.7.1/rfc3951.txt) = 373442 bytes
 SHA1 (patch-aa) = 496565e1e567c42ab6ba8f996c506f52cb9c8cfe
 SHA1 (patch-af) = 19786616bb606c38f769ec85f2e4d118573659ab
 SHA1 (patch-ag) = c71c61350cefbbe53eefa99245ca7712753f22d5