diff options
| author | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-08-01 07:09:37 +0000 |
|---|---|---|
| committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2018-08-01 07:09:54 +0000 |
| commit | 037091eff06197efa0973c32d6e660687cfdb851 (patch) | |
| tree | 0029addb72c179f0afb32bf6323f726ed4b0335d | |
| parent | 151242511b921c6df21daa682b017612ba12a016 (diff) | |
| download | aports-037091eff06197efa0973c32d6e660687cfdb851.tar.bz2 aports-037091eff06197efa0973c32d6e660687cfdb851.tar.xz | |
main/kamailio: upgrade to 4.4.7, security fix
https://skalatan.de/blog/advisory-hw-2018-05
5 files changed, 53 insertions, 83 deletions
diff --git a/main/kamailio/0003-kamdbctl-backslash.patch b/main/kamailio/0003-kamdbctl-backslash.patch index e87b6206cf..6ecea56440 100644 --- a/main/kamailio/0003-kamdbctl-backslash.patch +++ b/main/kamailio/0003-kamdbctl-backslash.patch @@ -1,8 +1,6 @@ -diff --git a/utils/kamctl/kamdbctl.base b/utils/kamctl/kamdbctl.base -index 3daf457..b60413c 100644 --- a/utils/kamctl/kamdbctl.base +++ b/utils/kamctl/kamdbctl.base -@@ -33,18 +33,18 @@ INSTALL_DBUID_TABLES=${INSTALL_DBUID_TABLES:-ask} +@@ -33,19 +33,19 @@ # Used by dbtext and db_berkeley to define tables to be created, used by # postgres to do the grants @@ -18,19 +16,21 @@ index 3daf457..b60413c 100644 -EXTRA_TABLES=${EXTRA_TABLES:-imc_members imc_rooms cpl sip_trace domainpolicy - carrierroute carrier_name domain_name carrierfailureroute userblacklist - globalblacklist htable purplemap uacreg pl_pipes mtree mtrees +- sca_subscriptions mohqcalls mohqueues rtpproxy dr_gateways dr_rules +EXTRA_TABLES=${EXTRA_TABLES:-imc_members imc_rooms cpl sip_trace domainpolicy \ + carrierroute carrier_name domain_name carrierfailureroute userblacklist \ + globalblacklist htable purplemap uacreg pl_pipes mtree mtrees \ - sca_subscriptions mohqcalls mohqueues rtpproxy} --PRESENCE_TABLES=${PRESENCE_TABLES:-presentity active_watchers watchers xcap -+PRESENCE_TABLES=${PRESENCE_TABLES:-presentity active_watchers watchers xcap \ ++ sca_subscriptions mohqcalls mohqueues rtpproxy dr_gateways dr_rules \ + dr_gw_lists} +-PRESENCE_TABLES=${PRESENCE_TABLES:-presentity active_watchers watchers xcap ++PRESENCE_TABLES=${PRESENCE_TABLES:-presentity active_watchers watchers xcap \ pua rls_presentity rls_watchers} -DBUID_TABLES=${UID_TABLES:-uid_credentials uid_domain uid_domain_attrs +DBUID_TABLES=${UID_TABLES:-uid_credentials uid_domain uid_domain_attrs \ uid_global_attrs uid_uri uid_uri_attrs uid_user_attrs} # SQL definitions -@@ -68,17 +68,17 @@ GREP=${GREP:-grep} +@@ -69,17 +69,17 @@ SED=${SED:-sed} # define what modules should be installed @@ -43,9 +43,9 @@ index 3daf457..b60413c 100644 PRESENCE_MODULES=${PRESENCE_MODULES:-presence rls} -EXTRA_MODULES=${EXTRA_MODULES:-imc cpl siptrace domainpolicy carrierroute -- userblacklist htable purple uac pipelimit mtree sca mohqueue +- drouting userblacklist htable purple uac pipelimit mtree sca mohqueue +EXTRA_MODULES=${EXTRA_MODULES:-imc cpl siptrace domainpolicy carrierroute \ -+ userblacklist htable purple uac pipelimit mtree sca mohqueue \ ++ drouting userblacklist htable purple uac pipelimit mtree sca mohqueue \ rtpproxy} -DBUID_MODULES=${UID_MODULES:-uid_auth_db uid_avp_db uid_domain uid_gflags diff --git a/main/kamailio/APKBUILD b/main/kamailio/APKBUILD index eb5339bc1e..4332130b81 100644 --- a/main/kamailio/APKBUILD +++ b/main/kamailio/APKBUILD @@ -12,8 +12,8 @@ _giturl="git://github.com/$pkgname/$pkgname.git" _gittag=HEAD -pkgver=4.4.0 -pkgrel=2 +pkgver=4.4.7 +pkgrel=0 [ -z "${_gitcommit}" ] && _suffix="_src" || _suffix="-${_gitcommit}" pkgdesc="Open Source SIP Server" @@ -233,11 +233,9 @@ for _i in db postgres sqlite dbtext mysql \ done source="http://www.kamailio.org/pub/kamailio/$pkgver/src/${pkgname}-${pkgver}${_suffix}.tar.gz - 0001-musl-fixes.patch 0003-kamdbctl-backslash.patch 0004-remove-spurious-execinfo.patch - tmx-allocate-space-to-store-ending-0-for-branch-value.patch - lcr-fixed-checking-if-there-is-more-uris-available-for-next_gw.patch + core-improve-to-header-check-guards.patch kamailio.cfg kamailio.initd " @@ -512,27 +510,21 @@ http_async_client() { } -md5sums="e9fa206f67346a6b01c015d76ec2db9d kamailio-4.4.0_src.tar.gz -18863791d386659eae6ef0c82a2517ae 0001-musl-fixes.patch -8c83bc9102a77711e30dcac6e9bba534 0003-kamdbctl-backslash.patch +md5sums="76d5ce257da9ee89fd66b697cb674260 kamailio-4.4.7_src.tar.gz +3946e11e4cfd50e3ce37e23a886d9d32 0003-kamdbctl-backslash.patch e613ef3611f9a5091ce05084daf9c9a5 0004-remove-spurious-execinfo.patch -c683bee8ee68c250e57862165dc51455 tmx-allocate-space-to-store-ending-0-for-branch-value.patch -9d2c4c39143a90aa52000b3472ba9328 lcr-fixed-checking-if-there-is-more-uris-available-for-next_gw.patch +7e4ec3df07c11701dee9277a5598ed8c core-improve-to-header-check-guards.patch 299706d97e30a4f0d9b4c873df422866 kamailio.cfg 39dc9355fa7d8fec425d3b17c2fb26e0 kamailio.initd" -sha256sums="96b5aaac7980f21b022609846e85b2e4244f39b053d22a5e5f7efe5120cdf2b4 kamailio-4.4.0_src.tar.gz -254ea5d4699417aec49e1aae45398a802067a8967060f2a469e278779d876d22 0001-musl-fixes.patch -9aa3b9afea6f0d2d8d306c2f7d093cb846189285e560ce3c62fa2ec2f3d461fe 0003-kamdbctl-backslash.patch +sha256sums="3b88f460675414dafae97cacbad4b593d2cf81c3a0b302e1e4bcff98b4984571 kamailio-4.4.7_src.tar.gz +ed3b09f75c74f70853ecae01a9592bbd54dd7c106e577d2ca7a042eda100e85a 0003-kamdbctl-backslash.patch fb9c13dd3cd5cd07cf7599cf6688c46739334a18ade64f8bf44f84fb179e8409 0004-remove-spurious-execinfo.patch -693c95fb67facca3c05a4c91e29e8abc70b18d758898b12526433b5be24abcb7 tmx-allocate-space-to-store-ending-0-for-branch-value.patch -ab8382789134d27179b60def4d0f2ec2a06e1b07ec5de8ab75fd4a7b5b761bba lcr-fixed-checking-if-there-is-more-uris-available-for-next_gw.patch +35777009ffeaffcec73beb25ffb28f1dcb2b192a16d0283e75671146e991accc core-improve-to-header-check-guards.patch 8b742ff710ef67ff59ec07a260690ebcdda24fb6f0b7b64dc50433a1bacf99f2 kamailio.cfg ba928fa914feea2b95b8c659832e3fbea25eb6ac1ce56e4c23ff58c09f1ec3b8 kamailio.initd" -sha512sums="3a0df08c705df822f41e96a88cfdaba33db9c8cb3d38c12d858e2f99d5ead1c94a967033cce7e5119f2df64e2d34c383cdb7bf43f4ac52c61cf0323d9b70bf3b kamailio-4.4.0_src.tar.gz -32c8e723ee858b24a3bd1313537e9348bdd895e709041d52199b7d2c4054565f3f8d203458b5a7bd5f4b09a782a972cf87f931de5bb8199e6f9786a3c9bfb3ba 0001-musl-fixes.patch -b71457ee4badf2c1848f4ea86afddfd2be2383791e559f5758fd8502d87e434f0149485eb1c33722d111999508b81b0acb56c9dcb462b6522a5f4cbfae05dfde 0003-kamdbctl-backslash.patch +sha512sums="008a6cbb4d013bb9274ec0cfd84efed553fc1f21331c55e6893298e2bad41162e76d810a5c2a6f8c94c46ec22802a15d43f8ac678b218fd036b17b18eb15eba2 kamailio-4.4.7_src.tar.gz +e5eb45d2698c17b6267f23b248ef041b9fa70098fbf9e995b49e7a6a084df6da5d9e5fef190a982c2df81d26fc04d880e73b40059bf0e267910433b0b9beee30 0003-kamdbctl-backslash.patch d962f7bb7fe5c0747dff050d4c2d74f16eedba903a3347b3f86b42e5d7778f5f8b973a6134fd6714c0a62189bc475396e8225db3468390f6e1a84fc1d44f0d87 0004-remove-spurious-execinfo.patch -ad4dc74c2f800e46a58b1572cab2fd6467cc541b6290d5b7a8723af2e56e94801670da9e0060acf5774378484e4afecd13e89ef98c3c40f1fc952f63bcde35fb tmx-allocate-space-to-store-ending-0-for-branch-value.patch -429e86e6598a522eb74d29731d697d0174f1045ad03ad1d99e738106d5b3c5f0b8a1b101d43c1bfd4f6e7c3728277e6e54289d3db55a1cb129a0396cf4ce90c9 lcr-fixed-checking-if-there-is-more-uris-available-for-next_gw.patch +4c199996bf848b2efdc6552bc48d576dd8c0f3cd0b8499f4f2e8a8695a1e7348c58828651ee971751876e97b06b358147ad0a807158d1c6af7e42770e2360a65 core-improve-to-header-check-guards.patch c1abf69b48847dc8c7ab0d11ef9adb531aa4635f9d44db6933981edc5a47df374664fb24867b19aa64abbcc9777bf1cd0360d9aea54e27b081065928c61e0f0b kamailio.cfg cd6e3b677d803cd78561ad14d9b2589fd35ad0096f48047fdcb4ddc7d9103871357efba3b350946844cb53dbb081210746421fc420c22ac845b90251168a628e kamailio.initd" diff --git a/main/kamailio/core-improve-to-header-check-guards.patch b/main/kamailio/core-improve-to-header-check-guards.patch new file mode 100644 index 0000000000..543ed12222 --- /dev/null +++ b/main/kamailio/core-improve-to-header-check-guards.patch @@ -0,0 +1,32 @@ +From 281a6c6b6eaaf30058b603325e8ded20b99e1456 Mon Sep 17 00:00:00 2001 +From: Henning Westerholt <hw@kamailio.org> +Date: Mon, 7 May 2018 09:36:53 +0200 +Subject: [PATCH] core: improve to header check guards, str consists of length + and pointer + +--- + msg_translator.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/core/msg_translator.c b/src/core/msg_translator.c +index 22122768a1..4dd648e874 100644 +--- a/msg_translator.c ++++ b/msg_translator.c +@@ -2369,7 +2369,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag, + case HDR_TO_T: + if (new_tag && new_tag->len) { + to_tag=get_to(msg)->tag_value; +- if ( to_tag.len || to_tag.s ) ++ if ( to_tag.len && to_tag.s ) + len+=new_tag->len-to_tag.len; + else + len+=new_tag->len+TOTAG_TOKEN_LEN/*";tag="*/; +@@ -2497,7 +2497,7 @@ char * build_res_buf_from_sip_req( unsigned int code, str *text ,str *new_tag, + break; + case HDR_TO_T: + if (new_tag && new_tag->len){ +- if (to_tag.s ) { /* replacement */ ++ if (to_tag.len && to_tag.s) { /* replacement */ + /* before to-tag */ + append_str( p, hdr->name.s, to_tag.s-hdr->name.s); + /* to tag replacement */ diff --git a/main/kamailio/lcr-fixed-checking-if-there-is-more-uris-available-for-next_gw.patch b/main/kamailio/lcr-fixed-checking-if-there-is-more-uris-available-for-next_gw.patch deleted file mode 100644 index 18e349ebb8..0000000000 --- a/main/kamailio/lcr-fixed-checking-if-there-is-more-uris-available-for-next_gw.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 1b3e22dcb12d650e08316c28382dc224e9b75148 Mon Sep 17 00:00:00 2001 -From: Daniel-Constantin Mierla <miconda@gmail.com> -Date: Mon, 12 Feb 2018 08:50:54 +0100 -Subject: [PATCH] lcr: fixed checking if there is more uris available for - next_gw - -- manual backport for 732a3153a0a41d5f951fff85de607f0b46ae73da - -(cherry picked from commit 43c9ad6f4dc2e20dd40a2d3dfa6b03f3dd79e3d4) ---- - modules/lcr/lcr_mod.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/modules/lcr/lcr_mod.c b/modules/lcr/lcr_mod.c -index a90fb89d7c..91a3f40c58 100644 ---- a/modules/lcr/lcr_mod.c -+++ b/modules/lcr/lcr_mod.c -@@ -2460,8 +2460,8 @@ static int next_gw(struct sip_msg* _m, char* _s1, char* _s2) - * Take Request-URI user from ruri_user_avp and generate Request - * and Destination URIs. */ - -- if (!generate_uris(_m, r_uri, &(ruri_user_val.s), &r_uri_len, dst_uri, -- &dst_uri_len, &addr, &gw_index, &flags, &tag_str)) { -+ if (generate_uris(_m, r_uri, &(ruri_user_val.s), &r_uri_len, dst_uri, -+ &dst_uri_len, &addr, &gw_index, &flags, &tag_str) <= 0) { - return -1; - } - } diff --git a/main/kamailio/tmx-allocate-space-to-store-ending-0-for-branch-value.patch b/main/kamailio/tmx-allocate-space-to-store-ending-0-for-branch-value.patch deleted file mode 100644 index 02e3e0c70c..0000000000 --- a/main/kamailio/tmx-allocate-space-to-store-ending-0-for-branch-value.patch +++ /dev/null @@ -1,26 +0,0 @@ -From be85408733333f20792de7f1144f987cf9f5b666 Mon Sep 17 00:00:00 2001 -From: Daniel-Constantin Mierla <miconda@gmail.com> -Date: Sat, 10 Feb 2018 22:05:42 +0100 -Subject: [PATCH] tmx: allocate space to store ending 0 for branch value - -- reported by Alfred Farrugia and Sandro Gauci - -(cherry picked from commit e1d8008a09d9390ebaf698abe8909e10dfec4097) -(cherry picked from commit 7d783adc7de603972966f50106471c06a6be2fac) ---- - modules/tmx/tmx_pretran.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/tmx/tmx_pretran.c b/modules/tmx/tmx_pretran.c -index 00f571bb4a..b92f28befb 100644 ---- a/modules/tmx/tmx_pretran.c -+++ b/modules/tmx/tmx_pretran.c -@@ -260,7 +260,7 @@ int tmx_check_pretran(sip_msg_t *msg) - if(likely(vbr!=NULL)) { - svbranch = vbr->value; - trim(&svbranch); -- dsize += svbranch.len; -+ dsize += svbranch.len + 1; - } - if(dsize<256) dsize = 256; - |