summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTony Vroon <chainsaw@gentoo.org>2015-04-13 12:34:35 +0000
committerTony Vroon <chainsaw@gentoo.org>2015-04-13 12:34:35 +0000
commit33e69a8bec553f0928008e430f0570577d3e0651 (patch)
tree5750224ad16ab7593bd035c73cc232ec30190305 /net-misc/asterisk/asterisk-11.17.1.ebuild
parentupdate live-build wrt bug #536064, bug #532328, bug #546400 (diff)
downloadgentoo-2-33e69a8bec553f0928008e430f0570577d3e0651.tar.gz
gentoo-2-33e69a8bec553f0928008e430f0570577d3e0651.tar.bz2
gentoo-2-33e69a8bec553f0928008e430f0570577d3e0651.zip
Upgrades on branches 11, 12 & 13 to address a null-byte exploit in TLS certificate CN field verification (CVE-2015-3008 / AST-2015-003). Removed all vulnerable non-stable ebuilds. For security bug #546040 by Agostino "ago" Sarubbo.
(Portage version: 2.2.18/cvs/Linux x86_64, signed Manifest commit with key 0xB5058F9A)
Diffstat (limited to 'net-misc/asterisk/asterisk-11.17.1.ebuild')
-rw-r--r--net-misc/asterisk/asterisk-11.17.1.ebuild324
1 files changed, 324 insertions, 0 deletions
diff --git a/net-misc/asterisk/asterisk-11.17.1.ebuild b/net-misc/asterisk/asterisk-11.17.1.ebuild
new file mode 100644
index 000000000000..d1f1a5e51d6e
--- /dev/null
+++ b/net-misc/asterisk/asterisk-11.17.1.ebuild
@@ -0,0 +1,324 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/asterisk-11.17.1.ebuild,v 1.1 2015/04/13 12:34:35 chainsaw Exp $
+
+EAPI=5
+inherit autotools base eutils linux-info multilib user systemd
+
+MY_P="${PN}-${PV/_/-}"
+
+DESCRIPTION="Asterisk: A Modular Open Source PBX System"
+HOMEPAGE="http://www.asterisk.org/"
+SRC_URI="http://downloads.asterisk.org/pub/telephony/asterisk/releases/${MY_P}.tar.gz
+ mirror://gentoo/gentoo-asterisk-patchset-3.15.tar.bz2"
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+
+IUSE_VOICEMAIL_STORAGE="
+ +voicemail_storage_file
+ voicemail_storage_odbc
+ voicemail_storage_imap
+"
+IUSE="${IUSE_VOICEMAIL_STORAGE} alsa bluetooth calendar +caps cluster curl dahdi debug doc freetds gtalk http iconv ilbc jabber ldap libedit lua mysql newt +samples odbc osplookup oss portaudio postgres radius selinux snmp span speex srtp static syslog vorbis"
+IUSE_EXPAND="VOICEMAIL_STORAGE"
+REQUIRED_USE="gtalk? ( jabber )
+ ^^ ( ${IUSE_VOICEMAIL_STORAGE/+/} )
+ voicemail_storage_odbc? ( odbc )
+"
+
+EPATCH_SUFFIX="patch"
+PATCHES=( "${WORKDIR}/asterisk-patchset" )
+
+CDEPEND="dev-db/sqlite:3
+ dev-libs/popt
+ dev-libs/libxml2
+ dev-libs/openssl:*
+ sys-libs/ncurses
+ sys-libs/zlib
+ alsa? ( media-libs/alsa-lib )
+ bluetooth? ( net-wireless/bluez )
+ calendar? ( net-libs/neon
+ dev-libs/libical
+ dev-libs/iksemel )
+ caps? ( sys-libs/libcap )
+ cluster? ( sys-cluster/corosync )
+ curl? ( net-misc/curl )
+ dahdi? ( >=net-libs/libpri-1.4.12_beta2
+ net-misc/dahdi-tools )
+ freetds? ( dev-db/freetds )
+ gtalk? ( dev-libs/iksemel )
+ http? ( dev-libs/gmime:2.6 )
+ iconv? ( virtual/libiconv )
+ ilbc? ( dev-libs/ilbc-rfc3951 )
+ jabber? ( dev-libs/iksemel )
+ ldap? ( net-nds/openldap )
+ libedit? ( dev-libs/libedit )
+ lua? ( dev-lang/lua:* )
+ mysql? ( virtual/mysql )
+ newt? ( dev-libs/newt )
+ odbc? ( dev-db/unixODBC )
+ osplookup? ( net-libs/osptoolkit )
+ portaudio? ( media-libs/portaudio )
+ postgres? ( dev-db/postgresql:* )
+ radius? ( net-dialup/radiusclient-ng )
+ snmp? ( net-analyzer/net-snmp )
+ span? ( media-libs/spandsp )
+ speex? ( media-libs/speex )
+ srtp? ( net-libs/libsrtp )
+ vorbis? ( media-libs/libvorbis )"
+
+DEPEND="${CDEPEND}
+ !net-libs/openh323
+ !net-libs/pjsip
+ voicemail_storage_imap? ( virtual/imap-c-client )
+ virtual/pkgconfig
+"
+
+RDEPEND="${CDEPEND}
+ selinux? ( sec-policy/selinux-asterisk )
+ syslog? ( virtual/logger )"
+
+PDEPEND="net-misc/asterisk-core-sounds
+ net-misc/asterisk-extra-sounds
+ net-misc/asterisk-moh-opsound"
+
+S="${WORKDIR}/${MY_P}"
+
+pkg_setup() {
+ CONFIG_CHECK="~!NF_CONNTRACK_SIP"
+ local WARNING_NF_CONNTRACK_SIP="SIP (NAT) connection tracking is enabled. Some users
+ have reported that this module dropped critical SIP packets in their deployments. You
+ may want to disable it if you see such problems."
+ check_extra_config
+
+ enewgroup asterisk
+ enewgroup dialout 20
+ enewuser asterisk -1 -1 /var/lib/asterisk "asterisk,dialout"
+}
+
+src_prepare() {
+ base_src_prepare
+ AT_M4DIR=autoconf eautoreconf
+}
+
+src_configure() {
+ local vmst
+
+ econf \
+ --libdir="/usr/$(get_libdir)" \
+ --localstatedir="/var" \
+ --with-crypto \
+ --with-gsm=internal \
+ --with-popt \
+ --with-ssl \
+ --with-z \
+ --without-pwlib \
+ $(use_with caps cap) \
+ $(use_with http gmime) \
+ $(use_with newt) \
+ $(use_with portaudio)
+
+ # Blank out sounds/sounds.xml file to prevent
+ # asterisk from installing sounds files (we pull them in via
+ # asterisk-{core,extra}-sounds and asterisk-moh-opsound.
+ >"${S}"/sounds/sounds.xml
+
+ # That NATIVE_ARCH chatter really is quite bothersome
+ sed -i 's/NATIVE_ARCH=/NATIVE_ARCH=0/' build_tools/menuselect-deps || die "Unable to squelch noisy build system"
+
+ # Compile menuselect binary for optional components
+ emake menuselect.makeopts
+
+ # Broken functionality is forcibly disabled (bug #360143)
+ menuselect/menuselect --disable chan_misdn menuselect.makeopts
+ menuselect/menuselect --disable chan_ooh323 menuselect.makeopts
+
+ # Utility set is forcibly enabled (bug #358001)
+ menuselect/menuselect --enable smsq menuselect.makeopts
+ menuselect/menuselect --enable streamplayer menuselect.makeopts
+ menuselect/menuselect --enable aelparse menuselect.makeopts
+ menuselect/menuselect --enable astman menuselect.makeopts
+
+ # this is connected, otherwise it would not find
+ # ast_pktccops_gate_alloc symbol
+ menuselect/menuselect --enable chan_mgcp menuselect.makeopts
+ menuselect/menuselect --enable res_pktccops menuselect.makeopts
+
+ # SSL is forcibly enabled, IAX2 & DUNDI are expected to be available
+ menuselect/menuselect --enable pbx_dundi menuselect.makeopts
+ menuselect/menuselect --enable func_aes menuselect.makeopts
+ menuselect/menuselect --enable chan_iax2 menuselect.makeopts
+
+ # SQlite3 is now the main database backend, enable related features
+ menuselect/menuselect --enable cdr_sqlite3_custom menuselect.makeopts
+ menuselect/menuselect --enable cel_sqlite3_custom menuselect.makeopts
+
+ # The others are based on USE-flag settings
+ use_select() {
+ local state=$(use "$1" && echo enable || echo disable)
+ shift # remove use from parameters
+
+ while [[ -n $1 ]]; do
+ menuselect/menuselect --${state} "$1" menuselect.makeopts
+ shift
+ done
+ }
+
+ use_select alsa chan_alsa
+ use_select bluetooth chan_mobile
+ use_select calendar res_calendar res_calendar_{caldav,ews,exchange,icalendar}
+ use_select cluster res_corosync
+ use_select curl func_curl res_config_curl res_curl
+ use_select dahdi app_dahdibarge app_dahdiras app_meetme chan_dahdi codec_dahdi res_timing_dahdi
+ use_select freetds {cdr,cel}_tds
+ use_select gtalk chan_motif
+ use_select http res_http_post
+ use_select iconv func_iconv
+ use_select jabber res_xmpp
+ use_select ilbc codec_ilbc format_ilbc
+ use_select ldap res_config_ldap
+ use_select lua pbx_lua
+ use_select mysql app_mysql cdr_mysql res_config_mysql
+ use_select odbc cdr_adaptive_odbc res_config_odbc {cdr,cel,res,func}_odbc
+ use_select osplookup app_osplookup
+ use_select oss chan_oss
+ use_select postgres {cdr,cel}_pgsql res_config_pgsql
+ use_select radius {cdr,cel}_radius
+ use_select snmp res_snmp
+ use_select span res_fax_spandsp
+ use_select speex {codec,func}_speex
+ use_select srtp res_srtp
+ use_select syslog cdr_syslog
+ use_select vorbis format_ogg_vorbis
+
+ # Voicemail storage ...
+ for vmst in ${IUSE_VOICEMAIL_STORAGE/+/}; do
+ if use ${vmst}; then
+ menuselect/menuselect --enable $(echo ${vmst##*_} | tr '[:lower:]' '[:upper:]')_STORAGE menuselect.makeopts
+ fi
+ done
+
+ if use debug; then
+ for o in DONT_OPTIMIZE DEBUG_THREADS BETTER_BACKTRACES; do
+ menuselect/menuselect --enable $o menuselect.makeopts
+ done
+ fi
+}
+
+src_compile() {
+ ASTLDFLAGS="${LDFLAGS}" emake
+}
+
+src_install() {
+ mkdir -p "${D}"usr/$(get_libdir)/pkgconfig || die
+ emake DESTDIR="${D}" installdirs
+ emake DESTDIR="${D}" install
+
+ if use radius; then
+ insinto /etc/radiusclient-ng/
+ doins contrib/dictionary.digium
+ fi
+ diropts -m 0750 -o root -g asterisk
+ keepdir /etc/asterisk
+ if use samples; then
+ emake DESTDIR="${D}" samples
+ for conffile in "${D}"etc/asterisk/*.*
+ do
+ chown root:root $conffile
+ chmod 0644 $conffile
+ done
+ einfo "Sample files have been installed"
+ else
+ einfo "Skipping installation of sample files..."
+ rm -f "${D}"var/lib/asterisk/mohmp3/* || die
+ rm -f "${D}"var/lib/asterisk/sounds/demo-* || die
+ rm -f "${D}"var/lib/asterisk/agi-bin/* || die
+ rm -f "${D}"etc/asterisk/* || die
+ fi
+ rm -rf "${D}"var/spool/asterisk/voicemail/default || die
+
+ # keep directories
+ diropts -m 0770 -o asterisk asterisk
+ keepdir /var/lib/asterisk
+ keepdir /var/spool/asterisk
+ keepdir /var/spool/asterisk/{system,tmp,meetme,monitor,dictate,voicemail}
+ diropts -m 0750 -o asterisk -g asterisk
+ keepdir /var/log/asterisk/{cdr-csv,cdr-custom}
+
+ newinitd "${FILESDIR}"/1.8.0/asterisk.initd7 asterisk
+ newconfd "${FILESDIR}"/1.8.0/asterisk.confd asterisk
+
+ systemd_dounit "${FILESDIR}"/asterisk.service
+ systemd_newtmpfilesd "${FILESDIR}"/asterisk.tmpfiles.conf asterisk.conf
+ systemd_install_serviced "${FILESDIR}"/asterisk.service.conf
+
+ # install the upgrade documentation
+ #
+ dodoc README UPGRADE* BUGS CREDITS
+
+ # install extra documentation
+ #
+ if use doc
+ then
+ dodoc doc/*.txt
+ dodoc doc/*.pdf
+ fi
+
+ # install SIP scripts; bug #300832
+ #
+ dodoc "${FILESDIR}/1.6.2/sip_calc_auth"
+ dodoc "${FILESDIR}/1.8.0/find_call_sip_trace.sh"
+ dodoc "${FILESDIR}/1.8.0/find_call_ids.sh"
+ dodoc "${FILESDIR}/1.6.2/call_data.txt"
+
+ # install logrotate snippet; bug #329281
+ #
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}/1.6.2/asterisk.logrotate3" asterisk
+}
+
+pkg_postinst() {
+ #
+ # Announcements, warnings, reminders...
+ #
+ einfo "Asterisk has been installed"
+ echo
+ elog "If you want to know more about asterisk, visit these sites:"
+ elog "http://www.asteriskdocs.org/"
+ elog "http://www.voip-info.org/wiki-Asterisk"
+ echo
+ elog "http://www.automated.it/guidetoasterisk.htm"
+ echo
+ elog "Gentoo VoIP IRC Channel:"
+ elog "#gentoo-voip @ irc.freenode.net"
+ echo
+ echo
+ elog "Please read the Asterisk 11 upgrade document:"
+ elog "https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11"
+}
+
+pkg_config() {
+ einfo "Do you want to reset file permissions and ownerships (y/N)?"
+
+ read tmp
+ tmp="$(echo $tmp | tr '[:upper:]' '[:lower:]')"
+
+ if [[ "$tmp" = "y" ]] ||\
+ [[ "$tmp" = "yes" ]]
+ then
+ einfo "Resetting permissions to defaults..."
+
+ for x in spool run lib log; do
+ chown -R asterisk:asterisk "${ROOT}"var/${x}/asterisk
+ chmod -R u=rwX,g=rwX,o= "${ROOT}"var/${x}/asterisk
+ done
+
+ chown -R root:asterisk "${ROOT}"etc/asterisk
+ chmod -R u=rwX,g=rwX,o= "${ROOT}"etc/asterisk
+
+ einfo "done"
+ else
+ einfo "skipping"
+ fi
+}