Date: Wed, 8 Aug 2007 01:34:19 -0400 From: "killfill" <pneumann@gmail.com> To: "FreeBSD gnats submit" <FreeBSD-gnats-submit@FreeBSD.org> Subject: ports/115289: [PATCH] update net/asterisk to 1.4.10 Message-ID: <1186551259.2358@fly.sofsis.cl> Resent-Message-ID: <200708080140.l781e2wD066059@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 115289 >Category: ports >Synopsis: [PATCH] update net/asterisk to 1.4.10 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Wed Aug 08 01:40:02 GMT 2007 >Closed-Date: >Last-Modified: >Originator: killfill >Release: FreeBSD 6.2-PRERELEASE amd64 >Organization: >Environment: System: FreeBSD 6.2-PRERELEASE #0: Sat Dec 30 17:10:04 CLST 2006 root@fly.sofsis.cl:/usr/obj/usr/src/sys/GENERIC >Description: Update Asterisk to 1.4.10. - chan_skinny bug fixed - remove mpg123 (doc/mp3.txt) >How-To-Repeat: >Fix: --- a-1.4.10.patch begins here --- diff -ruN asterisk.orig/Makefile asterisk/Makefile --- asterisk.orig/Makefile Sat Jul 28 08:27:29 2007 +++ asterisk/Makefile Tue Aug 7 20:59:47 2007 @@ -6,8 +6,7 @@ # PORTNAME= asterisk -PORTVERSION= 1.4.9 -PORTREVISION= 1 +PORTVERSION= 1.4.10 CATEGORIES= net MASTER_SITES= http://ftp.digium.com/pub/asterisk/ \ http://ftp.digium.com/pub/asterisk/old-releases/ @@ -15,11 +14,9 @@ MAINTAINER= sobomax@FreeBSD.org COMMENT= An Open Source PBX and telephony toolkit -BUILD_DEPENDS= mpg123:${PORTSDIR}/audio/mpg123 LIB_DEPENDS= speex.1:${PORTSDIR}/audio/speex \ newt.51:${PORTSDIR}/devel/newt \ curl.4:${PORTSDIR}/ftp/curl -RUN_DEPENDS= mpg123:${PORTSDIR}/audio/mpg123 ONLY_FOR_ARCHS= i386 sparc64 amd64 @@ -156,6 +153,6 @@ .endif post-patch: - ${REINPLACE_CMD} -e 's|/var/lib|${PREFIX}/share|g' ${WRKSRC}/configs/musiconhold.conf.sample + @${REINPLACE_CMD} -e 's|/var/lib|${PREFIX}/share|g' ${WRKSRC}/configs/musiconhold.conf.sample .include <bsd.port.post.mk> diff -ruN asterisk.orig/distinfo asterisk/distinfo --- asterisk.orig/distinfo Thu Jul 26 22:41:09 2007 +++ asterisk/distinfo Tue Aug 7 20:47:09 2007 @@ -1,3 +1,3 @@ -MD5 (asterisk-1.4.9.tar.gz) = e47f5b3cb5323318dc8c6fb7311b767e -SHA256 (asterisk-1.4.9.tar.gz) = c1b41503a0c29fd1f5172c834a60a3c5aacf472fd60a1272f743672af36602a6 -SIZE (asterisk-1.4.9.tar.gz) = 11182148 +MD5 (asterisk-1.4.10.tar.gz) = 69057e2916287f6e2a1e36dba6d6800d +SHA256 (asterisk-1.4.10.tar.gz) = 72bbb19e35ec304df06dca717b7ac2cae0d3409fe47c17c2dcf75850f61ddbe1 +SIZE (asterisk-1.4.10.tar.gz) = 11208127 diff -ruN asterisk.orig/files/patch-configure asterisk/files/patch-configure --- asterisk.orig/files/patch-configure Sun Jul 22 06:40:35 2007 +++ asterisk/files/patch-configure Tue Aug 7 20:55:05 2007 @@ -1,8 +1,8 @@ $FreeBSD: ports/net/asterisk/files/patch-configure,v 1.2 2007/07/22 10:40:35 sobomax Exp $ ---- configure.orig -+++ configure +--- configure.orig Tue Aug 7 20:48:58 2007 ++++ configure Tue Aug 7 20:54:30 2007 @@ -3926,8 +3926,6 @@ case "${host_os}" in freebsd*) @@ -12,23 +12,15 @@ ;; *) ac_default_prefix=/usr -@@ -26066,6 +26064,7 @@ +@@ -25189,6 +25187,7 @@ cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default +#include <ptlib.h> - #include <${OPENH323DIR}/include/h323.h> + #include </usr/local/include/ptlib.h> _ACEOF rm -f conftest.$ac_objext -@@ -26106,6 +26105,7 @@ - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ -+#include <ptlib.h> - #include <${OPENH323DIR}/include/h323.h> - _ACEOF - if { (ac_try="$ac_cpp conftest.$ac_ext" -@@ -26202,6 +26202,7 @@ +@@ -26228,6 +26227,7 @@ cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ $ac_includes_default @@ -36,7 +28,7 @@ #include <${HOME}/openh323/include/h323.h> _ACEOF rm -f conftest.$ac_objext -@@ -26242,6 +26243,7 @@ +@@ -26268,6 +26268,7 @@ cat confdefs.h >>conftest.$ac_ext cat >>conftest.$ac_ext <<_ACEOF /* end confdefs.h. */ @@ -44,39 +36,7 @@ #include <${HOME}/openh323/include/h323.h> _ACEOF if { (ac_try="$ac_cpp conftest.$ac_ext" -@@ -26336,6 +26338,7 @@ - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ - $ac_includes_default -+#include <ptlib.h> - #include </usr/local/include/openh323/h323.h> - _ACEOF - rm -f conftest.$ac_objext -@@ -26376,6 +26379,7 @@ - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ -+#include <ptlib.h> - #include </usr/local/include/openh323/h323.h> - _ACEOF - if { (ac_try="$ac_cpp conftest.$ac_ext" -@@ -26475,6 +26479,7 @@ - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ - $ac_includes_default -+#include <ptlib.h> - #include </usr/include/openh323/h323.h> - _ACEOF - rm -f conftest.$ac_objext -@@ -26515,6 +26520,7 @@ - cat confdefs.h >>conftest.$ac_ext - cat >>conftest.$ac_ext <<_ACEOF - /* end confdefs.h. */ -+#include <ptlib.h> - #include </usr/include/openh323/h323.h> - _ACEOF - if { (ac_try="$ac_cpp conftest.$ac_ext" -@@ -26700,7 +26706,7 @@ +@@ -26652,7 +26653,7 @@ fi --- a-1.4.10.patch ends here --- --- vul.diff begins here --- --- vuln.xml.orig Tue Aug 7 21:34:13 2007 +++ vuln.xml Tue Aug 7 21:39:48 2007 @@ -34,6 +34,38 @@ --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + + <vuln vid="1b35d5ce-4570-11dc-a2ea-0015f2171ebb"> + <topic>asterisk -- vulnerability in skinny channel driver</topic> + <affects> + <package> + <name></name> + <range><lt>1.4.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Asterisk Security Advisory reports:</p> + <blockquote cite="http://downloads.digium.com/pub/asa/ASA-2007-019.html"> + <p>The Asterisk Skinny channel driver, chan_skinny, has a + remotely exploitable crash vulnerability. A segfault can + occur when Asterisk receives a "CAPABILITIES_RES_MESSAGE" + packet where the capabilities count is greater than the + total number of items in the capabilities_res_message array. + Note that this requires an authenticated session.</p> + </blockquote> + </body> + </description> + <references> + <cvename>ASA-2007-019</cvename> + <url>http://downloads.digium.com/pub/asa/ASA-2007-019.html</url> + </references> + <dates> + <discovery>2007-08-07</discovery> + <entry>2007-08-07</entry> + </dates> + </vuln> + <vuln vid="4a338d17-412d-11dc-bdb0-0016179b2dd5"> <topic>fsplib -- multiple vulnerabilities</topic> <affects> --- vul.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1186551259.2358>