aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
Diffstat (limited to 'main')
-rw-r--r--main/asterisk/APKBUILD6
-rw-r--r--main/asterisk/AST-2018-007.patch55
2 files changed, 59 insertions, 2 deletions
diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD
index fa43577910..c3343bb43b 100644
--- a/main/asterisk/APKBUILD
+++ b/main/asterisk/APKBUILD
@@ -2,7 +2,7 @@
# Contributor: Timo Teras <timo.teras@iki.fi>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=asterisk
-pkgver=14.7.5
+pkgver=14.7.8
pkgrel=0
pkgdesc="Asterisk: A Module Open Source PBX System"
pkgusers="asterisk"
@@ -29,6 +29,7 @@ _download="http://downloads.asterisk.org/pub/telephony/asterisk/releases"
source="$_download/asterisk-$pkgver.tar.gz
http://dev.alpinelinux.org/~tteras/asterisk-addon-mp3-r201.patch.gz
ASTERISK-24517.patch
+ AST-2018-007.patch
musl-mutex-init.patch
asterisk.initd
@@ -226,9 +227,10 @@ sound_en() {
chown -R asterisk:asterisk "$subpkgdir"/var/*/asterisk
}
-sha512sums="e6ac50d116528aeb2d2f0ac05ce2d3f5c037b87926fffa0d958d34f02957f13c8a01894c40d7a20ad52d3f3b929f3521a7969e19f485f19bef1d53e8d5390c81 asterisk-14.7.5.tar.gz
+sha512sums="4c140abd1bf17456e13d81c8343f3d1635603cf8de0ad9dd687d3dc714644a4d49bbc98a650df5b1a2b70596050b328de54edf3482f716f90a703642a1d82d2e asterisk-14.7.8.tar.gz
aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz
2742773614454bdd656c038b2d19ab7f01050c0631eb02e09d922bd8eebfcb4fe4a2a9e9c100ce854dad156194d738434a85524ae125d446ca599dcd1a884450 ASTERISK-24517.patch
+472de23761c795db9277c0c93b9019053126d31e4947a7fc4abeb89d836e2d6b524d4fb07cb18dc1c2851013a53525be92405981451a192676d32589f1781fff AST-2018-007.patch
f72c2e04de80d3ed9ce841308101383a1655e6da7a3c888ad31fffe63d1280993e08aefcf8e638316d439c68b38ee05362c87503fca1f36343976a01af9d6eb1 musl-mutex-init.patch
0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4 asterisk.initd
ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed asterisk.confd
diff --git a/main/asterisk/AST-2018-007.patch b/main/asterisk/AST-2018-007.patch
new file mode 100644
index 0000000000..1b641af134
--- /dev/null
+++ b/main/asterisk/AST-2018-007.patch
@@ -0,0 +1,55 @@
+From 380b5ae0a1e4a68bfb098319a7ab86d3d34c2fcb Mon Sep 17 00:00:00 2001
+From: Sean Bright <sean.bright@gmail.com>
+Date: Mon, 16 Apr 2018 15:13:58 -0400
+Subject: [PATCH 1/1] AST-2018-007: iostreams potential DoS when client
+ connection closed prematurely
+
+Before Asterisk sends an HTTP response (at least in the case of errors),
+it attempts to read & discard the content of the request. If the client
+lies about the Content-Length, or the connection is closed from the
+client side before "Content-Length" bytes are sent, the request handling
+thread will busy loop.
+
+ASTERISK-27807
+
+Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762
+---
+ main/iostream.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/main/iostream.c b/main/iostream.c
+index 4cddd43b6b..20188cb7a0 100644
+--- a/main/iostream.c
++++ b/main/iostream.c
+@@ -197,11 +197,18 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size
+ }
+ }
+ break;
++ case SSL_ERROR_SYSCALL:
++ /* Some non-recoverable I/O error occurred. The OpenSSL error queue may
++ * contain more information on the error. For socket I/O on Unix systems,
++ * consult errno for details. */
++ ast_debug(1, "TLS non-recoverable I/O error occurred: %s, %s\n", ERR_error_string(sslerr, err),
++ ssl_error_to_string(sslerr, res));
++ return -1;
+ default:
+ /* Report EOF for an undecoded SSL or transport error. */
+ ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err),
+ ssl_error_to_string(sslerr, res));
+- return 0;
++ return -1;
+ }
+ if (!ms) {
+ /* Report EOF for a timeout */
+@@ -317,7 +324,7 @@ ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t size)
+
+ while (remaining) {
+ ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining);
+- if (ret < 0) {
++ if (ret <= 0) {
+ return ret;
+ }
+ remaining -= ret;
+--
+2.19.0
+