Security fix for AST-2010-002 (dial plan wildcard injection vulnerability) on the 1.6.1 & 1.6.2 branches. Please read up immediately on the use of the Filter command. Deleted vulnerable old ebuilds.

Package-Manager: portage-2.2_rc63/cvs/Linux x86_64
author: Tony Vroon <chainsaw@gentoo.org> 2010-02-21 20:39:54 +0000
committer: Tony Vroon <chainsaw@gentoo.org> 2010-02-21 20:39:54 +0000
commit: 4c79795f77f6488cbdee8be662b60340234c7fe6 (patch)
tree: 6ac8e4531dc8fcbfe3c9dfca011238574c3ccf2b /net-misc/asterisk
parent: Version bump dev-haskell/regex-posix. (diff)
download: historical-4c79795f77f6488cbdee8be662b60340234c7fe6.tar.gz
historical-4c79795f77f6488cbdee8be662b60340234c7fe6.tar.bz2
historical-4c79795f77f6488cbdee8be662b60340234c7fe6.zip
4 files changed, 128 insertions, 30 deletions
diff --git a/net-misc/asterisk/ChangeLog b/net-misc/asterisk/ChangeLog
index 907d0480dd92..0c900f9bdbf8 100644
--- a/net-misc/asterisk/ChangeLog
+++ b/net-misc/asterisk/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-misc/asterisk
 # Copyright 1999-2010 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v 1.248 2010/02/10 22:44:31 chainsaw Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v 1.249 2010/02/21 20:39:54 chainsaw Exp $
+
+*asterisk-1.6.2.4 (21 Feb 2010)
+*asterisk-1.6.1.16 (21 Feb 2010)
+
+  21 Feb 2010; <chainsaw@gentoo.org> +asterisk-1.6.1.16.ebuild,
+  -asterisk-1.6.2.2.ebuild, -asterisk-1.6.2.2-r1.ebuild,
+  +asterisk-1.6.2.4.ebuild:
+  Security fix for AST-2010-002 (dial plan wildcard injection vulnerability)
+  on the 1.6.1 & 1.6.2 branches. Please read up immediately on the use of
+  the Filter command. Deleted vulnerable old ebuilds.
 
 *asterisk-1.6.1.14-r1 (10 Feb 2010)
 
diff --git a/net-misc/asterisk/Manifest b/net-misc/asterisk/Manifest
index 5e48ba0e824e..d8bf03dbd6fd 100644
--- a/net-misc/asterisk/Manifest
+++ b/net-misc/asterisk/Manifest
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
 AUX 1.0.0/asterisk-1.0.5-uclibc-dns.diff 304 RMD160 6d58a0fdad04f5105c1b8f8bb3e2058b4f97f12f SHA1 5f7819a1e5f5b8f035146d5506bab83f4ecb6ae0 SHA256 e4de36e528b7d1a7941689d530d93f1ffd41a2f863a856e612e3637f78ea4890
 AUX 1.2.0/asterisk-1.2.1-uclibc-getloadavg.diff 317 RMD160 f598d94a52cec83fefdafdce0694049c657e09e0 SHA1 fc0f4d990e386d39d43bac073f353421063186c9 SHA256 61daa70727418dbaf232fc5d1eaddd20a8505b943b8fb724a1b63170edfe88cc
 AUX 1.2.0/asterisk-1.2.21.1-h323-dumb-makefile.diff 1098 RMD160 c39cee5a6f420e6e63e30ac5e83aa9b78c1b12c8 SHA1 93087ecdcde11bd983d25acaac3723450abbc111 SHA256 86d0c8cd754754916c45d77d9c745d1688b3b7b54181ecb1d42a1934bdea7deb
@@ -34,12 +37,20 @@ DIST asterisk-1.2.27-patches-1.0.tar.bz2 6653 RMD160 18f1d7fc4497466050ed4f517ff
 DIST asterisk-1.2.36.tar.gz 29897926 RMD160 47b8c0e58c43cac6aa415482182aea15b1489ccc SHA1 b6f60404ba0ca802cfa5cd43685a36b467441c5c SHA256 69f48a0e49f3a37196b65f11e8babf5c28e33700903b9f304e984def6c35dbf0
 DIST asterisk-1.2.37.tar.gz 29899629 RMD160 1de7ff96d3b1fd8d89f3ef7b3bb9e35bedccfb33 SHA1 c9a3c4684e021f62b4d19f6e0c8fc11f64db19d6 SHA256 9f3ec67efe0e4d45434621cd358e8e7d64e1b05df04d66e2390c9420acd2aeaa
 DIST asterisk-1.6.1.14.tar.gz 23511315 RMD160 3bf0290d7e5aec0565043dc216a43df6e4a46d62 SHA1 6359a51ef8916b1ec755ee272e948d757a990312 SHA256 e2d677a8c6d66c71bf667c8cff6b9136f036e4b859914264ffc217c9ab150cb6
-DIST asterisk-1.6.2.2.tar.gz 23177043 RMD160 fdba60d04307a503d9bf06583bf919d9f83b4e53 SHA1 9417194632c4b0fbaedfdb9d833cba7c859c8e44 SHA256 1aa026a99c2f830426489abead8e1fdd83bf2a6a3ec92f2d684344c61dcf7877
+DIST asterisk-1.6.1.16.tar.gz 23517899 RMD160 a03f86ae3eecfe940eb63a40286b9697a3c7e6ac SHA1 df0ad2f94614479c7bff13ae24200b89f9605132 SHA256 997786c51698827d5dc9c17793deb47716c857de9ce884c6ecd9e8447599727c
+DIST asterisk-1.6.2.4.tar.gz 23184195 RMD160 72d42566475376484774e0e198075716a77f6c3c SHA1 bed12cbfb9af09898ec8810b903512f1ad1f4512 SHA256 3b08ce205ced7b5fe96dabb5f65f5d6b094cf1d4c543df3d86c08bbe3a0f2e51
 EBUILD asterisk-1.2.36.ebuild 10640 RMD160 de9118d48d7122200847783aec84e89724f33475 SHA1 8839099437bb0fa20ab7ba4c4aabeef33be353d5 SHA256 73421c18cf2aec1412ef1f86cb6a810765cf7c78fdb056b2e84224430368a1ca
 EBUILD asterisk-1.2.37.ebuild 10640 RMD160 82f1d14082b607402146bd8f7950ea32ee2558f3 SHA1 5718e0411fff8bc14c4c57562a9df281c33abdc5 SHA256 2f2290922b09f9b71b06cb73e99fc7916b4a994960375e0e48b6bb39fd802e0c
 EBUILD asterisk-1.6.1.14-r1.ebuild 11211 RMD160 d39a01bacc80a5e14f02f651762c24ece6dfc401 SHA1 c9891b906db858c401fe5bd08443fae678590ca0 SHA256 4aefa83826cd00d5c15d445d40139f7ef33f29b35ec7e48542c8bff432aa28e0
 EBUILD asterisk-1.6.1.14.ebuild 10778 RMD160 aae51df5ce123858674f587751a70b06d2386954 SHA1 c246fb8e8071f8fb6ed02d21c017c29500b3b890 SHA256 87a01836c6a816c5e62642c8f15ed2e865acae7bfa54a7a3f162677c16bc80ec
-EBUILD asterisk-1.6.2.2-r1.ebuild 9935 RMD160 112bfd39c73cb86747daeb373f5f047925aae86f SHA1 7f00b0f70cef27f2dd2546a18d34b634fba084c2 SHA256 96f6fa5eb1da47082f9b7a7bcb10a047e5f119ca618291175b5bb132533a1aae
-EBUILD asterisk-1.6.2.2.ebuild 9506 RMD160 a098a36262c8a265d74d5caf4af58ac738f616b9 SHA1 992368e60ac361834ac26f1e0ded664e353c1df3 SHA256 4745de18196315062b97b30eaca3845f3890d8c15fc7e6c8dfb4e945f497fd00
-MISC ChangeLog 55208 RMD160 43654c3b9f4dbc9cc6d2f93a376bde246f9fa029 SHA1 a0639eb9242851df304b05d88d6ac74b6d94a004 SHA256 0ed5eee14b3c1c137388a7dc1c9e0384e2e3733d8b4d2787a38a6ca72d4a5db2
+EBUILD asterisk-1.6.1.16.ebuild 11228 RMD160 353dc948d499efafee74c741bd61d310b0c74815 SHA1 d5d3f04469dd8b425ec30d7db9de552263439d46 SHA256 e6db16c5b51048839db684379ec05cc162ed03b7fa03a6a9dd8c7509c661473e
+EBUILD asterisk-1.6.2.4.ebuild 9958 RMD160 446e23144bf699618d57b116b1ff95efa550aff5 SHA1 30b1f6a0267df97a8dd8a5722a75339052a74691 SHA256 5d53e17d965a190b91dcf56fdf32e51dd36409c3408bc991052da20c117a2101
+MISC ChangeLog 55629 RMD160 fe0432eea89757ff6cc615174abd79ebb710153a SHA1 893c1acd4361115124734e6f8800e885e7980449 SHA256 59e60469429cbc0fbff8d663de263661601475ace1de4332ced3cbda1d29f07b
 MISC metadata.xml 1103 RMD160 9be6c713684efa268e58cfc111fae4716e97f9dd SHA1 5af1f100c97f1bca1834867e06c3fb9111ed1fde SHA256 a83ca9d4cfd8da10b8dbb9583e1b6fa5fc0f30968a0681e4bc931673a00e1c99
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.14 (GNU/Linux)
+
+iEYEARECAAYFAkuBmiUACgkQp5vW4rUFj5qMTACdHPmPGaccR0sgaLJD7hZRVhT5
+BkIAnRrxkfUKLea35DhYeKSQJSH5ANd2
+=nXu0
+-----END PGP SIGNATURE-----
diff --git a/net-misc/asterisk/asterisk-1.6.2.2.ebuild b/net-misc/asterisk/asterisk-1.6.1.16.ebuild
index c78a0c1a8c09..b4eb3becfedb 100644
--- a/net-misc/asterisk/asterisk-1.6.2.2.ebuild
+++ b/net-misc/asterisk/asterisk-1.6.1.16.ebuild
@@ -1,9 +1,9 @@
 # Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/asterisk-1.6.2.2.ebuild,v 1.1 2010/02/02 22:48:08 chainsaw Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/asterisk-1.6.1.16.ebuild,v 1.1 2010/02/21 20:39:54 chainsaw Exp $
 
 EAPI=1
-inherit eutils autotools linux-info
+inherit eutils autotools
 
 MY_P="${PN}-${PV/_/-}"
 
@@ -14,7 +14,7 @@ LICENSE="GPL-2"
 SLOT="0"
 KEYWORDS="~amd64 ~x86"
 
-IUSE="alsa +caps curl dahdi debug freetds iconv jabber ldap keepsrc misdn newt nosamples oss postgres radius snmp span speex ssl sqlite static vorbis"
+IUSE="alsa +caps curl dahdi debug freetds iconv jabber ldap keepsrc misdn newt nosamples odbc oss postgres radius snmp span speex ssl sqlite static vorbis"
 
 RDEPEND="sys-libs/ncurses
 	dev-libs/popt
@@ -30,6 +30,7 @@ RDEPEND="sys-libs/ncurses
 	ldap?	( net-nds/openldap )
 	misdn? ( net-dialup/misdnuser )
 	newt? ( dev-libs/newt )
+	odbc? ( dev-db/unixODBC )
 	postgres? ( virtual/postgresql-base )
 	radius? ( net-dialup/radiusclient-ng )
 	snmp? ( net-analyzer/net-snmp )
@@ -46,6 +47,33 @@ DEPEND="${RDEPEND}
 
 S="${WORKDIR}/${MY_P}"
 
+#
+# shortcuts
+#
+
+# update from asterisk-1.0.x
+is_ast10update() {
+	return $(has_version "=net-misc/asterisk-1.0*")
+}
+
+# update from asterisk-1.2.x
+is_ast12update() {
+	return $(has_version "=net-misc/asterisk-1.2*")
+}
+
+# update from asterisk 1.4.x
+is_ast14update() {
+	return $(has_version "=net-misc/asterisk-1.4*")
+}
+
+# update in the asterisk-1.6.x line
+is_astupdate() {
+	if ! is_ast10update && ! is_ast12update && !is_ast14update; then
+		return $(has_version "<net-misc/asterisk-${PV}")
+	fi
+	return 0
+}
+
 get_available_modules() {
 	local modules mod x
 
@@ -62,14 +90,33 @@ get_available_modules() {
 }
 
 pkg_setup() {
+	local checkfailed=0 waitaftermsg=0
+
+	if is_ast12update ; then
+		ewarn "Please note that the configuration style (particularly the dial plan) has changed significantly."
+		ewarn "sip.conf: insecure=very -> insecure=port,invite"
+		ewarn "asterisk.conf: please familiarise yourself with [compat]"
+		ewarn "extensions.conf: use comma instead of pipe as a separator"
+		ewarn "- Please read "${ROOT}"usr/share/doc/${PF}/UPGRADE.txt.bz2 after the installation!"
+		echo
+		waitaftermsg=1
+	fi
+
+	if [[ $waitaftermsg -eq 1 ]]; then
+		einfo "Press Ctrl+C to abort"
+		echo
+		ebeep 10
+	fi
+
+	#
+	# Regular checks
+	#
+	einfo "Running some pre-flight checks..."
+	echo
+
 	if [[ -n "${ASTERISK_MODULES}" ]] ; then
 		ewarn "You are overriding ASTERISK_MODULES. We will assume you know what you are doing. There is no support for this option, try without if you see breakage."
 	fi
-	CONFIG_CHECK="~!NF_CONNTRACK_SIP"
-	local WARNING_NF_CONNTRACK_SIP="SIP (NAT) connection tracking is a module written for a single SIP client talking to a
-	remote server. It is not able to track multiple remote SIP clients registering with
-	a local server. Critical SIP packets may be dropped."
-	check_extra_config
 }
 
 src_unpack() {
@@ -77,6 +124,11 @@ src_unpack() {
 	cd "${S}"
 
 	#
+	# put pid file(s) into /var/run/asterisk
+	#
+	epatch "${FILESDIR}"/1.6.1/${PN}-1.6.1-var_rundir.patch || die "patch failed"
+
+	#
 	# fix gsm codec cflags (e.g. i586 core epias) and disable
 	# assembler optimizations
 	#
@@ -98,13 +150,28 @@ src_unpack() {
 	# otherwise automated British Telecom line test causes permanent red alarm
 	# https://issues.asterisk.org/view.php?id=14163
 	#
-	epatch "${FILESDIR}"/1.6.2/${PN}-1.6.2.0-bt-line-test.patch || die "patch failed"
+	epatch "${FILESDIR}"/1.6.1/${PN}-1.6.1.6-bt-line-test.patch || die "patch failed"
 
 	#
 	# sprinkle some plus signs in strategic locations for maximum parallel make happiness
 	# https://issues.asterisk.org/view.php?id=16489
 	#
-	epatch "${FILESDIR}"/1.6.2/${PN}-1.6.2.1-parallel-make.patch || die "patch failed"
+	epatch "${FILESDIR}"/1.6.1/${PN}-1.6.1.14-parallel-make.patch || die "patch failed"
+
+	#
+	# do not segfault when asked to restart gracefully
+	# https://issues.asterisk.org/view.php?id=16062
+	# https://issues.asterisk.org/view.php?id=16470
+	#
+	epatch "${FILESDIR}"/1.6.1/${PN}-1.6.1.14-graceful-restart-segfault.patch
+
+	#
+	# add special playback with fax detection
+	# Code by NewMan telecom, patch scavenged
+	# by Cory Coager
+	# http://bugs.gentoo.org/show_bug.cgi?id=298328
+	#
+	epatch "${FILESDIR}"/1.6.2/${PN}-1.6.2.2-nv-faxdetect.patch
 
 	AT_M4DIR=autoconf eautoreconf
 
@@ -159,6 +226,7 @@ src_compile() {
 		$(use_with misdn suppserv) \
 		$(use_with misdn) \
 		$(use_with newt) \
+		$(use_with odbc) \
 		$(use_with oss) \
 		$(use_with postgres) \
 		$(use_with radius) \
@@ -246,6 +314,12 @@ src_install() {
 	fi
 	rm -rf "${D}"var/spool/asterisk/voicemail/default
 
+	# move sample configuration files to doc directory
+	if is_ast10update || is_ast12update || is_ast14update; then
+		einfo "Updating from old (pre-1.6) asterisk version, new configuration files have been installed"
+		einfo "into "${ROOT}"etc/asterisk, use etc-update or dispatch-conf to update them"
+	fi
+
 	einfo "Configuration samples have been moved to: "${ROOT}"/usr/share/doc/${PF}/conf"
 	insinto /usr/share/doc/${PF}/conf
 	doins "${D}"etc/asterisk/*.conf*
@@ -275,17 +349,16 @@ src_install() {
 	# copy the whole source tree to /usr/src/asterisk-${PVF} and run make clean there
 	if use keepsrc
 	then
+		einfo "keepsrc useflag enabled, copying source..."
 		dodir /usr/src
 
-		ebegin "Copying sources into /usr/src"
-		cp -dPR "${S}" "${D}"/usr/src/${PF} || die "Unable to copy sources"
-		eend $?
+		cp -dPR "${S}" "${D}"/usr/src/${PF} || die "copying source tree failed"
 
-		ebegin "Cleaning source tree"
-		emake -C "${D}"/usr/src/${PF} clean &>/dev/null || die "Unable to clean sources"
+		ebegin "running make clean..."
+		emake -C "${D}"/usr/src/${PF} clean >/dev/null || die "make clean failed"
 		eend $?
 
-		einfo "Clean sources are available in "${ROOT}"usr/src/${PF}"
+		einfo "Source files have been saved to "${ROOT}"usr/src/${PF}"
 	fi
 
 	# install the upgrade documentation
@@ -322,11 +395,15 @@ pkg_postinst() {
 	elog "#gentoo-voip @ irc.freenode.net"
 	echo
 	echo
-	elog "1.6.1 -> 1.6.2 changes that you may care about:"
-	elog "canreinvite -> directmedia (sip.conf)"
-	elog "extensive T.38 (fax) changes"
-	elog "http://svn.asterisk.org/svn/${PN}/tags/${PV}/UPGRADE.txt"
-	elog "or: bzless ${ROOT}usr/share/doc/${PF}/UPGRADE.txt.bz2"
+
+	#
+	# Warning about 1.x -> 1.6 changes...
+	#
+	if is_ast10update || is_ast12update || is_ast14update; then
+		ewarn ""
+		ewarn "- Please read "${ROOT}"usr/share/doc/${PF}/UPGRADE.txt.bz2 before continuing"
+		ewarn ""
+	fi
 }
 
 pkg_config() {
diff --git a/net-misc/asterisk/asterisk-1.6.2.2-r1.ebuild b/net-misc/asterisk/asterisk-1.6.2.4.ebuild
index ba3fc72f0f1b..03830c1b75b4 100644
--- a/net-misc/asterisk/asterisk-1.6.2.2-r1.ebuild
+++ b/net-misc/asterisk/asterisk-1.6.2.4.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2010 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/asterisk-1.6.2.2-r1.ebuild,v 1.2 2010/02/11 04:50:30 mr_bones_ Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/asterisk-1.6.2.4.ebuild,v 1.1 2010/02/21 20:39:54 chainsaw Exp $
 
 EAPI=1
 inherit eutils autotools linux-info
@@ -104,14 +104,14 @@ src_unpack() {
 	# sprinkle some plus signs in strategic locations for maximum parallel make happiness
 	# https://issues.asterisk.org/view.php?id=16489
 	#
-	epatch "${FILESDIR}"/1.6.2/${P}-parallel-make.patch || die "patch failed"
+	epatch "${FILESDIR}"/1.6.2/${PN}-1.6.2.2-parallel-make.patch || die "patch failed"
 
 	#
 	# do not segfault when asked to restart gracefully
 	# https://issues.asterisk.org/view.php?id=16062
 	# https://issues.asterisk.org/view.php?id=16470
 	#
-	epatch "${FILESDIR}"/1.6.2/${P}-graceful-restart-segfault.patch
+	epatch "${FILESDIR}"/1.6.2/${PN}-1.6.2.2-graceful-restart-segfault.patch
 
 	#
 	# add special playback with fax detection
@@ -119,7 +119,7 @@ src_unpack() {
 	# by Cory Coager
 	# http://bugs.gentoo.org/show_bug.cgi?id=298328
 	#
-	epatch "${FILESDIR}"/1.6.2/${P}-nv-faxdetect.patch
+	epatch "${FILESDIR}"/1.6.2/${PN}-1.6.2.2-nv-faxdetect.patch
 
 	AT_M4DIR=autoconf eautoreconf
author	Tony Vroon <chainsaw@gentoo.org>	2010-02-21 20:39:54 +0000
committer	Tony Vroon <chainsaw@gentoo.org>	2010-02-21 20:39:54 +0000
commit	4c79795f77f6488cbdee8be662b60340234c7fe6 (patch)
tree	6ac8e4531dc8fcbfe3c9dfca011238574c3ccf2b /net-misc/asterisk
parent	Version bump dev-haskell/regex-posix. (diff)
download	historical-4c79795f77f6488cbdee8be662b60340234c7fe6.tar.gz historical-4c79795f77f6488cbdee8be662b60340234c7fe6.tar.bz2 historical-4c79795f77f6488cbdee8be662b60340234c7fe6.zip