diff options
| author | Timo Teräs <timo.teras@iki.fi> | 2018-09-24 13:24:28 +0000 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2018-09-24 13:35:58 +0000 |
| commit | d99d0e71e897d7b56d074c0e0ae084b663edee49 (patch) | |
| tree | f631cbb26ab2a7aaff14e577a690d292dd7be494 | |
| parent | b921d5dd4d8e686dc40080e409e11c6a74dbf337 (diff) | |
| download | aports-d99d0e71e897d7b56d074c0e0ae084b663edee49.tar.bz2 aports-d99d0e71e897d7b56d074c0e0ae084b663edee49.tar.xz | |
main/asterisk: security upgrade to 14.7.8
AST-2018-002: Crash when given an invalid SDP media format description
AST-2018-003: Crash with an invalid SDP fmtp attribute
AST-2018-004 (CVE-2018-7284): Crash when receiving SUBSCRIBE request
AST-2018-005 (CVE-2018-7286): Crash when large numbers of TCP connections are closed suddenly
AST-2018-007: Infinite loop when reading iostreams
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
AST-2018-009 (CVE-2018-17281): Remote crash in HTTP websocket upgrade
(cherry picked from commit d82e7ed819cfce6cd12f368281037cd6dd29bbe5)
| -rw-r--r-- | main/asterisk/APKBUILD | 6 | ||||
| -rw-r--r-- | main/asterisk/AST-2018-007.patch | 55 |
2 files changed, 59 insertions, 2 deletions
diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD index 89619994a0..a1bfc90eb4 100644 --- a/main/asterisk/APKBUILD +++ b/main/asterisk/APKBUILD @@ -2,7 +2,7 @@ # Contributor: Timo Teras <timo.teras@iki.fi> # Maintainer: Timo Teras <timo.teras@iki.fi> pkgname=asterisk -pkgver=14.7.5 +pkgver=14.7.8 pkgrel=0 pkgdesc="Asterisk: A Module Open Source PBX System" pkgusers="asterisk" @@ -29,6 +29,7 @@ _download="http://downloads.asterisk.org/pub/telephony/asterisk/releases" source="$_download/asterisk-$pkgver.tar.gz http://dev.alpinelinux.org/~tteras/asterisk-addon-mp3-r201.patch.gz ASTERISK-24517.patch + AST-2018-007.patch musl-mutex-init.patch asterisk.initd @@ -225,9 +226,10 @@ sound_en() { chown -R asterisk:asterisk "$subpkgdir"/var/*/asterisk } -sha512sums="e6ac50d116528aeb2d2f0ac05ce2d3f5c037b87926fffa0d958d34f02957f13c8a01894c40d7a20ad52d3f3b929f3521a7969e19f485f19bef1d53e8d5390c81 asterisk-14.7.5.tar.gz +sha512sums="4c140abd1bf17456e13d81c8343f3d1635603cf8de0ad9dd687d3dc714644a4d49bbc98a650df5b1a2b70596050b328de54edf3482f716f90a703642a1d82d2e asterisk-14.7.8.tar.gz aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz 2742773614454bdd656c038b2d19ab7f01050c0631eb02e09d922bd8eebfcb4fe4a2a9e9c100ce854dad156194d738434a85524ae125d446ca599dcd1a884450 ASTERISK-24517.patch +472de23761c795db9277c0c93b9019053126d31e4947a7fc4abeb89d836e2d6b524d4fb07cb18dc1c2851013a53525be92405981451a192676d32589f1781fff AST-2018-007.patch f72c2e04de80d3ed9ce841308101383a1655e6da7a3c888ad31fffe63d1280993e08aefcf8e638316d439c68b38ee05362c87503fca1f36343976a01af9d6eb1 musl-mutex-init.patch 0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4 asterisk.initd ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed asterisk.confd diff --git a/main/asterisk/AST-2018-007.patch b/main/asterisk/AST-2018-007.patch new file mode 100644 index 0000000000..1b641af134 --- /dev/null +++ b/main/asterisk/AST-2018-007.patch @@ -0,0 +1,55 @@ +From 380b5ae0a1e4a68bfb098319a7ab86d3d34c2fcb Mon Sep 17 00:00:00 2001 +From: Sean Bright <sean.bright@gmail.com> +Date: Mon, 16 Apr 2018 15:13:58 -0400 +Subject: [PATCH 1/1] AST-2018-007: iostreams potential DoS when client + connection closed prematurely + +Before Asterisk sends an HTTP response (at least in the case of errors), +it attempts to read & discard the content of the request. If the client +lies about the Content-Length, or the connection is closed from the +client side before "Content-Length" bytes are sent, the request handling +thread will busy loop. + +ASTERISK-27807 + +Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762 +--- + main/iostream.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/main/iostream.c b/main/iostream.c +index 4cddd43b6b..20188cb7a0 100644 +--- a/main/iostream.c ++++ b/main/iostream.c +@@ -197,11 +197,18 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size + } + } + break; ++ case SSL_ERROR_SYSCALL: ++ /* Some non-recoverable I/O error occurred. The OpenSSL error queue may ++ * contain more information on the error. For socket I/O on Unix systems, ++ * consult errno for details. */ ++ ast_debug(1, "TLS non-recoverable I/O error occurred: %s, %s\n", ERR_error_string(sslerr, err), ++ ssl_error_to_string(sslerr, res)); ++ return -1; + default: + /* Report EOF for an undecoded SSL or transport error. */ + ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err), + ssl_error_to_string(sslerr, res)); +- return 0; ++ return -1; + } + if (!ms) { + /* Report EOF for a timeout */ +@@ -317,7 +324,7 @@ ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t size) + + while (remaining) { + ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining); +- if (ret < 0) { ++ if (ret <= 0) { + return ret; + } + remaining -= ret; +-- +2.19.0 + |