Update to Asterisk 1.8.24.1: this is a security update that fixes

AST-2013-006 and AST-2013-007.

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.

The release of these versions resolve the following issues:

* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
  infinite loop could occur which would overwrite memory when a message is
  received into the unpacksms16() function and the length of the message is an
  odd number of bytes.

* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
  now marks certain individual dialplan functions as 'dangerous', which will
  inhibit their execution from external sources.

  A 'dangerous' function is one which results in a privilege escalation. For
  example, if one were to read the channel variable SHELL(rm -rf /) Bad
  Things(TM) could happen; even if the external source has only read
  permissions.

  Execution from external sources may be enabled by setting 'live_dangerously'
  to 'yes' in the [options] section of asterisk.conf. Although doing so is not
  recommended.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-007.pdf

Thank you for your continued support of Asterisk!

comms/asterisk18/Makefile

@@ -1,9 +1,9 @@
-# $NetBSD: Makefile,v 1.77 2013/10/26 22:29:22 jnemeth Exp $
+# $NetBSD: Makefile,v 1.78 2013/12/17 02:29:11 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked
 
-DISTNAME=	asterisk-1.8.24.0
+DISTNAME=	asterisk-1.8.24.1
 DIST_SUBDIR=	${PKGNAME_NOREV}
 DISTFILES=	${DEFAULT_DISTFILES}
 EXTRACT_ONLY=	${DISTNAME}.tar.gz

comms/asterisk18/distinfo

@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.50 2013/10/26 22:29:22 jnemeth Exp $
+$NetBSD: distinfo,v 1.51 2013/12/17 02:29:11 jnemeth Exp $
 
-SHA1 (asterisk-1.8.24.0/asterisk-1.8.24.0.tar.gz) = 75e6dd7299c0acb48ed376dc5af33ddddc3af021
-RMD160 (asterisk-1.8.24.0/asterisk-1.8.24.0.tar.gz) = 7822a5ba88d1c9f8e5ee77c792940839bb2d6a86
-Size (asterisk-1.8.24.0/asterisk-1.8.24.0.tar.gz) = 29464997 bytes
-SHA1 (asterisk-1.8.24.0/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 3aac6cf4a07cb2644b7b5369c618b07561619f9f
-RMD160 (asterisk-1.8.24.0/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 5dc9696c54d2233cf74835fe7ccd2c1791f20041
-Size (asterisk-1.8.24.0/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 4407925 bytes
+SHA1 (asterisk-1.8.24.1/asterisk-1.8.24.1.tar.gz) = 0d9972cf28bcd4535babb6ba7694a80c1eb4444a
+RMD160 (asterisk-1.8.24.1/asterisk-1.8.24.1.tar.gz) = 1971765ffe2d613e2ebd5ee328ed1a0f8c7c203d
+Size (asterisk-1.8.24.1/asterisk-1.8.24.1.tar.gz) = 29459040 bytes
+SHA1 (asterisk-1.8.24.1/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 3aac6cf4a07cb2644b7b5369c618b07561619f9f
+RMD160 (asterisk-1.8.24.1/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 5dc9696c54d2233cf74835fe7ccd2c1791f20041
+Size (asterisk-1.8.24.1/asterisk-extra-sounds-en-gsm-1.4.13.tar.gz) = 4407925 bytes
 SHA1 (patch-aa) = 832f1c043b15198e0a286094dd0cc1a251bcfed0
 SHA1 (patch-af) = 19786616bb606c38f769ec85f2e4d118573659ab
 SHA1 (patch-ai) = e92edab5c1ff323478f41d0b0783102ed527fe39