From d99d0e71e897d7b56d074c0e0ae084b663edee49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
Date: Mon, 24 Sep 2018 13:24:28 +0000
Subject: main/asterisk: security upgrade to 14.7.8

AST-2018-002: Crash when given an invalid SDP media format description
AST-2018-003: Crash with an invalid SDP fmtp attribute
AST-2018-004 (CVE-2018-7284): Crash when receiving SUBSCRIBE request
AST-2018-005 (CVE-2018-7286): Crash when large numbers of TCP connections are closed suddenly
AST-2018-007: Infinite loop when reading iostreams
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
AST-2018-009 (CVE-2018-17281): Remote crash in HTTP websocket upgrade

(cherry picked from commit d82e7ed819cfce6cd12f368281037cd6dd29bbe5)
---
 main/asterisk/APKBUILD           |  6 +++--
 main/asterisk/AST-2018-007.patch | 55 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 2 deletions(-)
 create mode 100644 main/asterisk/AST-2018-007.patch

diff --git a/main/asterisk/APKBUILD b/main/asterisk/APKBUILD
index 89619994a0..a1bfc90eb4 100644
--- a/main/asterisk/APKBUILD
+++ b/main/asterisk/APKBUILD
@@ -2,7 +2,7 @@
 # Contributor: Timo Teras <timo.teras@iki.fi>
 # Maintainer: Timo Teras <timo.teras@iki.fi>
 pkgname=asterisk
-pkgver=14.7.5
+pkgver=14.7.8
 pkgrel=0
 pkgdesc="Asterisk: A Module Open Source PBX System"
 pkgusers="asterisk"
@@ -29,6 +29,7 @@ _download="http://downloads.asterisk.org/pub/telephony/asterisk/releases"
 source="$_download/asterisk-$pkgver.tar.gz
 	http://dev.alpinelinux.org/~tteras/asterisk-addon-mp3-r201.patch.gz
 	ASTERISK-24517.patch
+	AST-2018-007.patch
 	musl-mutex-init.patch
 
 	asterisk.initd
@@ -225,9 +226,10 @@ sound_en() {
 	chown -R asterisk:asterisk "$subpkgdir"/var/*/asterisk
 }
 
-sha512sums="e6ac50d116528aeb2d2f0ac05ce2d3f5c037b87926fffa0d958d34f02957f13c8a01894c40d7a20ad52d3f3b929f3521a7969e19f485f19bef1d53e8d5390c81  asterisk-14.7.5.tar.gz
+sha512sums="4c140abd1bf17456e13d81c8343f3d1635603cf8de0ad9dd687d3dc714644a4d49bbc98a650df5b1a2b70596050b328de54edf3482f716f90a703642a1d82d2e  asterisk-14.7.8.tar.gz
 aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b  asterisk-addon-mp3-r201.patch.gz
 2742773614454bdd656c038b2d19ab7f01050c0631eb02e09d922bd8eebfcb4fe4a2a9e9c100ce854dad156194d738434a85524ae125d446ca599dcd1a884450  ASTERISK-24517.patch
+472de23761c795db9277c0c93b9019053126d31e4947a7fc4abeb89d836e2d6b524d4fb07cb18dc1c2851013a53525be92405981451a192676d32589f1781fff  AST-2018-007.patch
 f72c2e04de80d3ed9ce841308101383a1655e6da7a3c888ad31fffe63d1280993e08aefcf8e638316d439c68b38ee05362c87503fca1f36343976a01af9d6eb1  musl-mutex-init.patch
 0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4  asterisk.initd
 ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed  asterisk.confd
diff --git a/main/asterisk/AST-2018-007.patch b/main/asterisk/AST-2018-007.patch
new file mode 100644
index 0000000000..1b641af134
--- /dev/null
+++ b/main/asterisk/AST-2018-007.patch
@@ -0,0 +1,55 @@
+From 380b5ae0a1e4a68bfb098319a7ab86d3d34c2fcb Mon Sep 17 00:00:00 2001
+From: Sean Bright <sean.bright@gmail.com>
+Date: Mon, 16 Apr 2018 15:13:58 -0400
+Subject: [PATCH 1/1] AST-2018-007: iostreams potential DoS when client
+ connection closed prematurely
+
+Before Asterisk sends an HTTP response (at least in the case of errors),
+it attempts to read & discard the content of the request. If the client
+lies about the Content-Length, or the connection is closed from the
+client side before "Content-Length" bytes are sent, the request handling
+thread will busy loop.
+
+ASTERISK-27807
+
+Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762
+---
+ main/iostream.c | 11 +++++++++--
+ 1 file changed, 9 insertions(+), 2 deletions(-)
+
+diff --git a/main/iostream.c b/main/iostream.c
+index 4cddd43b6b..20188cb7a0 100644
+--- a/main/iostream.c
++++ b/main/iostream.c
+@@ -197,11 +197,18 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size
+ 					}
+ 				}
+ 				break;
++			case SSL_ERROR_SYSCALL:
++				/* Some non-recoverable I/O error occurred. The OpenSSL error queue may
++				 * contain more information on the error. For socket I/O on Unix systems,
++				 * consult errno for details. */
++				ast_debug(1, "TLS non-recoverable I/O error occurred: %s, %s\n", ERR_error_string(sslerr, err),
++					ssl_error_to_string(sslerr, res));
++				return -1;
+ 			default:
+ 				/* Report EOF for an undecoded SSL or transport error. */
+ 				ast_debug(1, "TLS transport or SSL error reading data:  %s, %s\n", ERR_error_string(sslerr, err),
+ 					ssl_error_to_string(sslerr, res));
+-				return 0;
++				return -1;
+ 			}
+ 			if (!ms) {
+ 				/* Report EOF for a timeout */
+@@ -317,7 +324,7 @@ ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t size)
+ 
+ 	while (remaining) {
+ 		ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining);
+-		if (ret < 0) {
++		if (ret <= 0) {
+ 			return ret;
+ 		}
+ 		remaining -= ret;
+-- 
+2.19.0
+
-- 
cgit v1.2.3