maintainer update - asterisk 1.2.13 - security fix

Thu, 19 Oct 2006 03:17:31 -0700 

security fix and update license comment re iaxy.bin (digium confirmed
it to me and for this release they have updated the license file)

tested on i386, sparc64
please comment/ok/commit

This release contains a fix for a security vulnerability recently found
in the chan_skinny channel driver (for Cisco SCCP phones). This
vulnerability would enable an attacker to remotely execute code as the 
system user running Asterisk (frequently 'root'). The exploit does not
require that the skinny.conf contain any valid phone entries, only that
chan_skinny is loaded and operational.

This release also contains a number of bug fixes, and some improvements 
to the chan_sip channel driver (for SIP devices) to mitigate the impacts
of a certain class of denial-of-service attacks that have recently been
published.

All Asterisk 1.2 users are urged to update to this release if they use
the chan_skinny channel driver, or to stop loading it if it is not
needed ('noload=>chan_skinny.so' in modules.conf will cause this
behavior).

Index: Makefile
===================================================================
RCS file: /data/cvsroot/OpenBSD/ports/telephony/asterisk/Makefile,v
retrieving revision 1.12
diff -u -r1.12 Makefile
--- Makefile    18 Oct 2006 00:18:36 -0000      1.12
+++ Makefile    19 Oct 2006 09:29:56 -0000
@@ -1,8 +1,7 @@
 # $OpenBSD: Makefile,v 1.12 2006/10/18 00:18:36 jolan Exp $
 
 COMMENT=       "open source PBX"
-DISTNAME=      asterisk-1.2.12.1
-PKGNAME=       ${DISTNAME}p0
+DISTNAME=      asterisk-1.2.13
 CATEGORIES=    telephony
 MASTER_SITES=  http://ftp.digium.com/pub/asterisk/releases/
 
@@ -10,7 +9,7 @@
 
 MAINTAINER=    Stuart Henderson <[EMAIL PROTECTED]>
 
-# GPL
+# GPL except iaxy.bin (freely redistributable, see LICENSE)
 PERMIT_DISTFILES_CDROM=        Yes
 PERMIT_DISTFILES_FTP=  Yes
 PERMIT_PACKAGE_CDROM=  Yes
Index: distinfo
===================================================================
RCS file: /data/cvsroot/OpenBSD/ports/telephony/asterisk/distinfo,v
retrieving revision 1.7
diff -u -r1.7 distinfo
--- distinfo    24 Sep 2006 21:09:25 -0000      1.7
+++ distinfo    19 Oct 2006 09:21:27 -0000
@@ -1,4 +1,4 @@
-MD5 (asterisk-1.2.12.1.tar.gz) = 9c0d427f96c740163a22f5e0dbcb101d
-RMD160 (asterisk-1.2.12.1.tar.gz) = 9950eea63e03ffd5845f6a34f46680eec5a0a53b
-SHA1 (asterisk-1.2.12.1.tar.gz) = 6352ca330b8fa0ae9eb0816272070a1bce58c93b
-SIZE (asterisk-1.2.12.1.tar.gz) = 10576676
+MD5 (asterisk-1.2.13.tar.gz) = ad8fbe2198568f55c254045ecb3b7926
+RMD160 (asterisk-1.2.13.tar.gz) = 7cf9e00a0697b16891b463345c64a615c30015a3
+SHA1 (asterisk-1.2.13.tar.gz) = d2ec77e08f512a3fa11fd8639a7fe629a46ed242
+SIZE (asterisk-1.2.13.tar.gz) = 10584113

Reply via email to