Date: Wed, 18 Jul 2007 16:09:27 +0100 (BST) From: Peter Beckman <beckman@angryox.com> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/114817: [update] asterisk 1.4.8 fixes serious remote buffer overflows Message-ID: <200707181509.l6IF9R1W061574@fbsd.angryox.com> Resent-Message-ID: <200707222120.l6MLK8hc078753@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 114817 >Category: ports >Synopsis: [update] asterisk 1.4.8 fixes serious remote buffer overflows >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sun Jul 22 21:20:08 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Peter Beckman <beckman@angryox.com> >Release: FreeBSD 6.2-RELEASE i386 >Organization: Telusion Inc >Environment: System: FreeBSD fbsd.angryox.com 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 >Description: Digium has released an emergency security release 1.4.8. >How-To-Repeat: >Fix: This is a patch for the patch files. Deleted files/patch-include::asterisk::utils.h Deleted files/patch-main::utils.c Both deleted patches were fixed in 1.4.8. THIS PATCH DOES NOT FIX pkg-plist -- that was beyond my comprehension. It needs to be updated. diff -ruN asterisk/Makefile asterisk-1.4.8_2/Makefile --- asterisk/Makefile Tue May 29 21:52:15 2007 +++ asterisk-1.4.8_2/Makefile Wed Jul 18 13:43:31 2007 @@ -6,8 +6,7 @@ # PORTNAME= asterisk -PORTVERSION= 1.4.4 -PORTREVISION= 2 +PORTVERSION= 1.4.8 CATEGORIES= net MASTER_SITES= http://ftp.digium.com/pub/asterisk/ \ http://ftp.digium.com/pub/asterisk/old-releases/ diff -ruN asterisk/distinfo asterisk-1.4.8_2/distinfo --- asterisk/distinfo Mon May 28 19:16:35 2007 +++ asterisk-1.4.8_2/distinfo Wed Jul 18 13:45:46 2007 @@ -1,3 +1,3 @@ -MD5 (asterisk-1.4.4.tar.gz) = 90f6a2ea5113ad26de393517576a1ede -SHA256 (asterisk-1.4.4.tar.gz) = 82a28d8f511703de5fc6231123f15a7c2fbda54ff9c0a686e405f74d1c03aca7 -SIZE (asterisk-1.4.4.tar.gz) = 17081631 +MD5 (asterisk-1.4.8.tar.gz) = 7263ff56ad93cbb5efb971a536ee6a51 +SHA256 (asterisk-1.4.8.tar.gz) = 3eabdf2c52d366abe7dd1e303b982fa7aad12945b1ac32ee97dc4b652041a43f +SIZE (asterisk-1.4.8.tar.gz) = 11171190 diff -ruN asterisk/files/patch-Makefile asterisk-1.4.8_2/files/patch-Makefile --- asterisk/files/patch-Makefile Mon Apr 16 09:40:15 2007 +++ asterisk-1.4.8_2/files/patch-Makefile Wed Jul 18 16:00:28 2007 @@ -1,9 +1,6 @@ - -$FreeBSD: ports/net/asterisk/files/patch-Makefile,v 1.19 2007/04/16 08:40:15 sobomax Exp $ - ---- Makefile.orig -+++ Makefile -@@ -207,7 +207,7 @@ +--- Makefile.orig Wed Jul 18 16:00:03 2007 ++++ Makefile Wed Jul 18 15:59:42 2007 +@@ -210,7 +210,7 @@ ifeq ($(OSARCH),FreeBSD) # -V is understood by BSD Make, not by GNU make. @@ -12,7 +9,7 @@ ASTCFLAGS+=$(shell if test $(BSDVERSION) -lt 500016 ; then echo "-D_THREAD_SAFE"; fi) AST_LIBS+=$(shell if test $(BSDVERSION) -lt 502102 ; then echo "-lc_r"; else echo "-pthread"; fi) endif -@@ -371,15 +371,15 @@ +@@ -375,15 +375,15 @@ # Should static HTTP be installed during make samples or even with its own target ala # webvoicemail? There are portions here that *could* be customized but might also be # improved a lot. I'll put it here for now. @@ -33,7 +30,7 @@ $(MAKE) -C sounds install update: -@@ -400,45 +400,45 @@ +@@ -404,45 +404,45 @@ OLDHEADERS=$(filter-out $(NEWHEADERS),$(notdir $(wildcard $(DESTDIR)$(ASTHEADERDIR)/*.h))) bininstall: _all @@ -67,7 +64,7 @@ + $(BSD_INSTALL_SCRIPT) contrib/scripts/astgenkey $(DESTDIR)$(ASTSBINDIR)/ + $(BSD_INSTALL_SCRIPT) contrib/scripts/autosupport $(DESTDIR)$(ASTSBINDIR)/ if [ ! -f $(DESTDIR)$(ASTSBINDIR)/safe_asterisk ]; then \ - cat contrib/scripts/safe_asterisk | sed 's|__ASTERISK_SBIN_DIR__|$(ASTSBINDIR)|;' > $(DESTDIR)$(ASTSBINDIR)/safe_asterisk ;\ + cat contrib/scripts/safe_asterisk | sed 's|__ASTERISK_SBIN_DIR__|$(ASTSBINDIR)|;s|__ASTERISK_VARRUN_DIR__|$(ASTVARRUNDIR)|;' > $(DESTDIR)$(ASTSBINDIR)/safe_asterisk ;\ chmod 755 $(DESTDIR)$(ASTSBINDIR)/safe_asterisk;\ fi - $(INSTALL) -d $(DESTDIR)$(ASTHEADERDIR) @@ -109,7 +106,7 @@ fi $(SUBDIRS_INSTALL): -@@ -465,7 +465,7 @@ +@@ -469,7 +469,7 @@ echo " WARNING WARNING WARNING" ;\ fi @@ -118,7 +115,7 @@ @if [ -x /usr/sbin/asterisk-post-install ]; then \ /usr/sbin/asterisk-post-install $(DESTDIR) . ; \ fi -@@ -495,31 +495,23 @@ +@@ -499,31 +499,22 @@ upgrade: bininstall adsi: @@ -129,7 +126,6 @@ - $(INSTALL) -m 644 $$x $(DESTDIR)$(ASTETCDIR)/`$(BASENAME) $$x` ; \ + $(BSD_INSTALL_DATA) $$x $(DESTDIR)$(ASTETCDIR)/`$(BASENAME) $$x` ; \ fi ; \ -+ $(BSD_INSTALL_DATA) $$x $(DESTDIR)$(ASTETCDIR)/`$(BASENAME) $$x`-dist ; \ done samples: adsi @@ -158,11 +154,10 @@ ( \ echo "[directories]" ; \ echo "astetcdir => $(ASTETCDIR)" ; \ -@@ -540,20 +532,23 @@ - echo ";astctlowner = root" ; \ +@@ -545,19 +536,23 @@ echo ";astctlgroup = apache" ; \ echo ";astctl = asterisk.ctl" ; \ -- ) > $(DESTDIR)$(ASTCONFPATH) ; \ + ) > $(DESTDIR)$(ASTCONFPATH) ; \ + ) > $(DESTDIR)$(ASTCONFPATH)-dist ; \ + if [ ! -f $(DESTDIR)$(ASTCONFPATH) ]; then \ + cp $(DESTDIR)$(ASTCONFPATH)-dist $(DESTDIR)$(ASTCONFPATH); \ @@ -186,7 +181,7 @@ done @echo " +--------- Asterisk Web Voicemail ----------+" @echo " + +" -@@ -580,10 +575,10 @@ +@@ -584,10 +579,10 @@ __rpm: include/asterisk/version.h include/asterisk/buildopts.h spec rm -rf /tmp/asterisk ; \ @@ -199,7 +194,7 @@ cp -f contrib/init.d/rc.redhat.asterisk /tmp/asterisk/etc/rc.d/init.d/asterisk ; \ rpmbuild --rcfile /usr/lib/rpm/rpmrc:redhat/rpmrc -bb asterisk.spec -@@ -594,19 +589,19 @@ +@@ -598,19 +593,19 @@ config: @if [ "${OSARCH}" = "linux-gnu" ]; then \ if [ -f /etc/redhat-release -o -f /etc/fedora-release ]; then \ diff -ruN asterisk/files/patch-agi::Makefile asterisk-1.4.8_2/files/patch-agi::Makefile --- asterisk/files/patch-agi::Makefile Fri Apr 13 09:06:05 2007 +++ asterisk-1.4.8_2/files/patch-agi::Makefile Wed Jul 18 15:02:10 2007 @@ -1,5 +1,5 @@ ---- agi/Makefile.orig Sat Dec 16 23:14:34 2006 -+++ agi/Makefile Wed Mar 28 11:13:21 2007 +--- agi/Makefile.orig Wed Jul 18 14:27:12 2007 ++++ agi/Makefile Wed Jul 18 14:28:42 2007 @@ -13,7 +13,9 @@ .PHONY: clean all uninstall @@ -11,13 +11,13 @@ ifeq ($(OSARCH),SunOS) LIBS+=-lsocket -lnsl -@@ -31,8 +33,9 @@ eagi-test: eagi-test.o strcompat.o +@@ -31,8 +33,9 @@ eagi-sphinx-test: eagi-sphinx-test.o install: all - mkdir -p $(DESTDIR)$(AGI_DIR) - for x in $(AGIS); do $(INSTALL) -m 755 $$x $(DESTDIR)$(AGI_DIR) ; done -+ $(MKDIR) -p $(DESTDIR)$(AGI_DIR) ++ $(MKDIR) $(DESTDIR)$(AGI_DIR) + for x in $(AGIS_BIN); do $(BSD_INSTALL_PROGRAM) $$x $(DESTDIR)$(AGI_DIR) ; done + for x in $(AGIS_SCR); do $(BSD_INSTALL_SCRIPT) $$x $(DESTDIR)$(AGI_DIR) ; done diff -ruN asterisk/files/patch-channels::chan_sip.c asterisk-1.4.8_2/files/patch-channels::chan_sip.c --- asterisk/files/patch-channels::chan_sip.c Fri Apr 13 09:06:05 2007 +++ asterisk-1.4.8_2/files/patch-channels::chan_sip.c Wed Jul 18 15:02:30 2007 @@ -1,6 +1,6 @@ ---- channels/chan_sip.c.orig Wed Mar 28 11:23:42 2007 -+++ channels/chan_sip.c Wed Mar 28 11:36:27 2007 -@@ -484,7 +484,7 @@ static const struct cfsip_options { +--- channels/chan_sip.c.orig Wed Jul 18 14:16:19 2007 ++++ channels/chan_sip.c Wed Jul 18 14:19:23 2007 +@@ -488,7 +488,7 @@ #define DEFAULT_MOHINTERPRET "default" #define DEFAULT_MOHSUGGEST "" #define DEFAULT_VMEXTEN "asterisk" @@ -9,16 +9,16 @@ #define DEFAULT_NOTIFYMIME "application/simple-message-summary" #define DEFAULT_MWITIME 10 #define DEFAULT_ALLOWGUEST TRUE -@@ -3822,6 +3823,8 @@ static struct ast_channel *sip_new(struc - ast_codec_pref_remove2(&tmp->nativeformats, ~i->usercapability); - fmt = ast_codec_pref_index_audio(&tmp->nativeformats, 0); +@@ -3874,6 +3874,8 @@ + /* XXX Why are we choosing a codec from the native formats?? */ + fmt = ast_best_codec(tmp->nativeformats); + pbx_builtin_setvar_helper(tmp, "SIP_CODEC_USED", ast_getformatname(fmt)); + /* If we have a prefcodec setting, we have an inbound channel that set a preferred format for this call. Otherwise, we check the jointcapability We also check for vrtp. If it's not there, we are not allowed do any video anyway. -@@ -11203,6 +11215,13 @@ static int build_reply_digest(struct sip +@@ -11270,6 +11272,13 @@ secret = p->peersecret; md5secret = p->peermd5secret; } @@ -32,4 +32,3 @@ if (ast_strlen_zero(username)) /* We have no authentication */ return -1; - diff -ruN asterisk/files/patch-channels::chan_skinny.c asterisk-1.4.8_2/files/patch-channels::chan_skinny.c --- asterisk/files/patch-channels::chan_skinny.c Tue May 23 03:47:04 2006 +++ asterisk-1.4.8_2/files/patch-channels::chan_skinny.c Wed Jul 18 15:02:35 2007 @@ -1,14 +1,11 @@ - -$FreeBSD: ports/net/asterisk/files/patch-channels::chan_skinny.c,v 1.1 2006/05/23 02:47:04 sobomax Exp $ - ---- channels/chan_skinny.c.orig -+++ channels/chan_skinny.c -@@ -99,7 +99,7 @@ +--- channels/chan_skinny.c.orig Wed Jul 18 14:20:47 2007 ++++ channels/chan_skinny.c Wed Jul 18 14:21:33 2007 +@@ -107,7 +107,7 @@ #define htolel(x) (x) #define htoles(x) (x) #else -#if defined(SOLARIS) || defined(__Darwin__) || defined(__NetBSD__) +#if defined(SOLARIS) || defined(__Darwin__) || defined(__NetBSD__) || defined(__FreeBSD__) #define __bswap_16(x) \ - ((((x) & 0xff00) >> 8) | \ - (((x) & 0x00ff) << 8)) + ((((x) & 0xff00) >> 8) | \ + (((x) & 0x00ff) << 8)) diff -ruN asterisk/files/patch-channels::chan_zap.c asterisk-1.4.8_2/files/patch-channels::chan_zap.c --- asterisk/files/patch-channels::chan_zap.c Tue Jan 17 22:27:45 2006 +++ asterisk-1.4.8_2/files/patch-channels::chan_zap.c Wed Jul 18 15:02:41 2007 @@ -1,20 +1,18 @@ - -$FreeBSD: ports/net/asterisk/files/patch-channels::chan_zap.c,v 1.4 2006/01/17 22:27:45 sobomax Exp $ - ---- channels/chan_zap.c.orig Tue Nov 29 20:24:39 2005 -+++ channels/chan_zap.c Fri Jan 13 13:28:33 2006 -@@ -638,6 +638,7 @@ static struct zt_pvt { +--- channels/chan_zap.c.orig Wed Jul 18 14:22:06 2007 ++++ channels/chan_zap.c Wed Jul 18 14:25:51 2007 +@@ -531,6 +531,7 @@ int cidlen; int ringt; int ringt_base; -+ int waitnorings; ++ int waitnorings; int stripmsd; int callwaitcas; int callwaitrings; -@@ -2308,6 +2309,19 @@ static int zt_hangup(struct ast_channel +@@ -2425,7 +2426,19 @@ } ast_mutex_lock(&p->lock); +- + switch (p->sig) { + case SIG_FXSGS: + case SIG_FXSKS: @@ -28,14 +26,14 @@ + break; + }; + - index = zt_get_index(ast, p, 1); -@@ -6129,7 +6143,37 @@ static void *ss_thread(void *data) + if (p->sig == SIG_PRI) { +@@ -6523,7 +6536,37 @@ ast_setstate(chan, AST_STATE_RING); chan->rings = 1; p->ringt = p->ringt_base; -+ p->waitnorings = 0; ++ p->waitnorings = 0; res = ast_pbx_run(chan); + + if(p->waitnorings) @@ -69,9 +67,9 @@ if (res) { ast_hangup(chan); ast_log(LOG_WARNING, "PBX exited non-zero\n"); -@@ -6431,7 +6475,7 @@ static void *do_monitor(void *data) +@@ -6801,7 +6844,7 @@ i = iflist; - while(i) { + while (i) { if ((i->subs[SUB_REAL].zfd > -1) && i->sig && (!i->radio)) { - if (!i->owner && !i->subs[SUB_REAL].owner) { + if (!i->owner && !i->subs[SUB_REAL].owner && !i->waitnorings) { diff -ruN asterisk/files/patch-configure asterisk-1.4.8_2/files/patch-configure --- asterisk/files/patch-configure Fri Apr 13 09:06:05 2007 +++ asterisk-1.4.8_2/files/patch-configure Wed Jul 18 14:36:10 2007 @@ -1,27 +1,6 @@ - -$FreeBSD: ports/net/asterisk/files/patch-configure,v 1.1 2007/04/13 08:06:05 sobomax Exp $ - ---- configure.orig -+++ configure -@@ -23776,7 +23776,7 @@ - echo $ECHO_N "(cached) $ECHO_C" >&6 - else - ac_check_lib_save_LIBS=$LIBS --LIBS="-lodbc ${pbxlibdir} -lltdl $LIBS" -+LIBS="-lodbc ${pbxlibdir} $LIBS" - cat >conftest.$ac_ext <<_ACEOF - /* confdefs.h. */ - _ACEOF -@@ -23855,7 +23855,7 @@ - - - if test "${AST_UNIXODBC_FOUND}" = "yes"; then -- UNIXODBC_LIB="-lodbc -lltdl" -+ UNIXODBC_LIB="-lodbc" - UNIXODBC_HEADER_FOUND="1" - if test "x${UNIXODBC_DIR}" != "x"; then - UNIXODBC_LIB="${pbxlibdir} ${UNIXODBC_LIB}" -@@ -28065,7 +28065,7 @@ +--- configure.orig Wed Jul 18 14:33:44 2007 ++++ configure Wed Jul 18 14:35:42 2007 +@@ -26700,7 +26700,7 @@ fi diff -ruN asterisk/files/patch-include::asterisk::utils.h asterisk-1.4.8_2/files/patch-include::asterisk::utils.h --- asterisk/files/patch-include::asterisk::utils.h Sun Oct 17 19:00:02 2004 +++ asterisk-1.4.8_2/files/patch-include::asterisk::utils.h Thu Jan 1 01:00:00 1970 @@ -1,13 +0,0 @@ - -$FreeBSD: ports/net/asterisk/files/patch-include::asterisk::utils.h,v 1.1 2004/10/17 18:00:02 sobomax Exp $ - ---- include/asterisk/utils.h 2004/10/10 12:55:50 1.1 -+++ include/asterisk/utils.h 2004/10/10 12:56:43 -@@ -37,7 +37,6 @@ - #ifdef inet_ntoa - #undef inet_ntoa - #endif --#define inet_ntoa __dont__use__inet_ntoa__use__ast_inet_ntoa__instead__ - - #ifdef LINUX - #define ast_pthread_create pthread_create diff -ruN asterisk/files/patch-main::db.c asterisk-1.4.8_2/files/patch-main::db.c --- asterisk/files/patch-main::db.c Fri Apr 13 09:06:05 2007 +++ asterisk-1.4.8_2/files/patch-main::db.c Wed Jul 18 15:02:54 2007 @@ -1,17 +1,14 @@ - -$FreeBSD: ports/net/asterisk/files/patch-main::db.c,v 1.1 2007/04/13 08:06:05 sobomax Exp $ - ---- main/db.c.orig Fri Jan 13 11:05:32 2006 -+++ main/db.c Fri Jan 13 11:06:55 2006 -@@ -35,6 +35,7 @@ +--- main/db.c.orig Wed Jul 18 14:41:15 2007 ++++ main/db.c Wed Jul 18 14:41:47 2007 +@@ -39,6 +39,7 @@ #include <errno.h> #include <unistd.h> #include <dirent.h> +#include <db.h> - #include "asterisk.h" - -@@ -51,7 +52,6 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revisi + #include "asterisk/channel.h" + #include "asterisk/file.h" +@@ -51,7 +52,6 @@ #include "asterisk/utils.h" #include "asterisk/lock.h" #include "asterisk/manager.h" diff -ruN asterisk/files/patch-main::utils.c asterisk-1.4.8_2/files/patch-main::utils.c --- asterisk/files/patch-main::utils.c Fri Apr 13 09:06:05 2007 +++ asterisk-1.4.8_2/files/patch-main::utils.c Thu Jan 1 01:00:00 1970 @@ -1,14 +0,0 @@ - -$FreeBSD: ports/net/asterisk/files/patch-main::utils.c,v 1.1 2007/04/13 08:06:05 sobomax Exp $ - ---- main/utils.c -+++ main/utils.c -@@ -58,7 +58,7 @@ - static char base64[64]; - static char b2a[256]; - --#if defined(__FreeBSD__) || defined(__OpenBSD__) || defined( __NetBSD__ ) || defined(__APPLE__) || defined(__CYGWIN__) -+#if (defined(__FreeBSD__) && __FreeBSD_version < 601103) || defined(__OpenBSD__) || defined( __NetBSD__ ) || defined(__APPLE__) || defined(__CYGWIN__) - - /* duh? ERANGE value copied from web... */ - #define ERANGE 34 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200707181509.l6IF9R1W061574>