For the benefit of anyone running Asterisk on OpenBSD (I'll resend after ports unlock if necessary):
Asterisk 1.2.16 has just been released which fixes a security issue, they don't directly say what the security problem is (nothing stands out in the changelog) but the most likely candidate is a remote chan_sip crash apparently fixed by this: http://svn.digium.com/view/asterisk/branches/1.2/channels/chan_sip.c?r1=56230&r2=57475 They've made no new release from the 1.0 branch, I'm not sure if it's affected (there are many changes in chan_sip.c since then; the diff between that file in 1.0 and 1.2 is ~17k lines). Lightly tested (build/run/passed a couple of SIP calls) on i386, sparc64. Index: Makefile =================================================================== RCS file: /cvs/ports/telephony/asterisk/Makefile,v retrieving revision 1.16 diff -u -p -r1.16 Makefile --- Makefile 11 Feb 2007 01:03:28 -0000 1.16 +++ Makefile 3 Mar 2007 08:56:06 -0000 @@ -1,7 +1,7 @@ # $OpenBSD: Makefile,v 1.16 2007/02/11 01:03:28 ian Exp $ COMMENT= "open source multi-protocol PBX and telephony toolkit" -DISTNAME= asterisk-1.2.15 +DISTNAME= asterisk-1.2.16 PKGNAME= ${DISTNAME} CATEGORIES= telephony MASTER_SITES= http://ftp.digium.com/pub/asterisk/releases/ Index: distinfo =================================================================== RCS file: /cvs/ports/telephony/asterisk/distinfo,v retrieving revision 1.10 diff -u -p -r1.10 distinfo --- distinfo 11 Feb 2007 01:03:28 -0000 1.10 +++ distinfo 3 Mar 2007 08:56:13 -0000 @@ -1,4 +1,5 @@ -MD5 (asterisk-1.2.15.tar.gz) = 9fa08e97e1398f82c60009e56d6c97da -RMD160 (asterisk-1.2.15.tar.gz) = d32baba07d8a354362b55f16a9a33b6034a889cf -SHA1 (asterisk-1.2.15.tar.gz) = e903c3cbd95ba88a8d3a5078657f039f9d5fb995 -SIZE (asterisk-1.2.15.tar.gz) = 10613334 +MD5 (asterisk-1.2.16.tar.gz) = 88cfcd5c3b2a8f2504e561cb93546299 +RMD160 (asterisk-1.2.16.tar.gz) = 754803eeef7b050121c3e8482b7b5752c726acb5 +SHA1 (asterisk-1.2.16.tar.gz) = 0cf7adec1d78a7b90a1384f4333c72370885287c +SHA256 (asterisk-1.2.16.tar.gz) = cc70d2ff8a2cafe3c7cce10dc5e90146111bc686ed6e08fc753e950c7050611e +SIZE (asterisk-1.2.16.tar.gz) = 10612921 Index: patches/patch-asterisk_c =================================================================== RCS file: /cvs/ports/telephony/asterisk/patches/patch-asterisk_c,v retrieving revision 1.7 diff -u -p -r1.7 patch-asterisk_c --- patches/patch-asterisk_c 11 Feb 2007 01:03:28 -0000 1.7 +++ patches/patch-asterisk_c 3 Mar 2007 09:12:02 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-asterisk_c,v 1.7 2007/02/11 01:03:28 ian Exp $ ---- asterisk.c.orig Tue Jan 30 17:12:04 2007 -+++ asterisk.c Fri Feb 9 18:49:42 2007 -@@ -450,7 +450,7 @@ int ast_safe_system(const char *s) +--- asterisk.c.orig Fri Feb 23 23:20:55 2007 ++++ asterisk.c Sat Mar 3 09:03:21 2007 +@@ -454,7 +454,7 @@ int ast_safe_system(const char *s) /* Close file descriptors and launch system command */ for (x = STDERR_FILENO + 1; x < 4096; x++) close(x); @@ -10,7 +10,7 @@ $OpenBSD: patch-asterisk_c,v 1.7 2007/02 _exit(1); } else if (pid > 0) { for(;;) { -@@ -2018,7 +2018,7 @@ int main(int argc, char *argv[]) +@@ -2045,7 +2045,7 @@ int main(int argc, char *argv[]) int num; int is_child_of_nonroot=0; char *buf; @@ -19,7 +19,7 @@ $OpenBSD: patch-asterisk_c,v 1.7 2007/02 /* Remember original args for restart */ if (argc > sizeof(_argv) / sizeof(_argv[0]) - 1) { -@@ -2146,6 +2146,8 @@ int main(int argc, char *argv[]) +@@ -2173,6 +2173,8 @@ int main(int argc, char *argv[]) argv[x] = argv[0] + 10; } }
