Git-Url:
http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-0.7.git;a=commitdiff;h=f4299c4e3103e5b66f7343186656ea00d2a12758
commit f4299c4e3103e5b66f7343186656ea00d2a12758
Author: voroskoi <[EMAIL PROTECTED]>
Date: Tue Jan 22 18:11:33 2008 +0100
asterisk-1.4.13-1sayshell2-i686
fixes for AST-2007-025, AST-2007-026
AST-2007-027 and AST-2008-001
closes #2652
diff --git a/source/apps-extra/asterisk/AST-2007-025.diff
b/source/apps-extra/asterisk/AST-2007-025.diff
new file mode 100644
index 0000000..b65a16c
--- /dev/null
+++ b/source/apps-extra/asterisk/AST-2007-025.diff
@@ -0,0 +1,145 @@
+--- res/res_config_pgsql.c 2007/11/29 18:50:22 90159
++++ res/res_config_pgsql.c 2007/11/29 19:24:11 90160
+@@ -79,8 +79,8 @@
+ static struct ast_variable *realtime_pgsql(const char *database, const char
*table, va_list ap)
+ {
+ PGresult *result = NULL;
+- int num_rows = 0;
+- char sql[256];
++ int num_rows = 0, pgerror;
++ char sql[256], escapebuf[513];
+ char *stringp;
+ char *chunk;
+ char *op;
+@@ -109,16 +109,31 @@
+ If there is only 1 set, then we have our query. Otherwise, loop thru
the list and concat */
+ op = strchr(newparam, ' ') ? "" : " =";
+
++ PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) -
1) / 2, &pgerror);
++ if (pgerror) {
++ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n",
newval);
++ va_end(ap);
++ return NULL;
++ }
++
+ snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table,
newparam, op,
+- newval);
++ escapebuf);
+ while ((newparam = va_arg(ap, const char *))) {
+ newval = va_arg(ap, const char *);
+ if (!strchr(newparam, ' '))
+ op = " =";
+ else
+ op = "";
++
++ PQescapeStringConn(pgsqlConn, escapebuf, newval,
(sizeof(escapebuf) - 1) / 2, &pgerror);
++ if (pgerror) {
++ ast_log(LOG_ERROR, "Postgres detected invalid input:
'%s'\n", newval);
++ va_end(ap);
++ return NULL;
++ }
++
+ snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND
%s%s '%s'", newparam,
+- op, newval);
++ op, escapebuf);
+ }
+ va_end(ap);
+
+@@ -202,8 +217,8 @@
+ static struct ast_config *realtime_multi_pgsql(const char *database, const
char *table, va_list ap)
+ {
+ PGresult *result = NULL;
+- int num_rows = 0;
+- char sql[256];
++ int num_rows = 0, pgerror;
++ char sql[256], escapebuf[513];
+ const char *initfield = NULL;
+ char *stringp;
+ char *chunk;
+@@ -250,16 +265,31 @@
+ else
+ op = "";
+
++ PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) -
1) / 2, &pgerror);
++ if (pgerror) {
++ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n",
newval);
++ va_end(ap);
++ return NULL;
++ }
++
+ snprintf(sql, sizeof(sql), "SELECT * FROM %s WHERE %s%s '%s'", table,
newparam, op,
+- newval);
++ escapebuf);
+ while ((newparam = va_arg(ap, const char *))) {
+ newval = va_arg(ap, const char *);
+ if (!strchr(newparam, ' '))
+ op = " =";
+ else
+ op = "";
++
++ PQescapeStringConn(pgsqlConn, escapebuf, newval,
(sizeof(escapebuf) - 1) / 2, &pgerror);
++ if (pgerror) {
++ ast_log(LOG_ERROR, "Postgres detected invalid input:
'%s'\n", newval);
++ va_end(ap);
++ return NULL;
++ }
++
+ snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " AND
%s%s '%s'", newparam,
+- op, newval);
++ op, escapebuf);
+ }
+
+ if (initfield) {
+@@ -351,8 +381,8 @@
+ const char *lookup, va_list ap)
+ {
+ PGresult *result = NULL;
+- int numrows = 0;
+- char sql[256];
++ int numrows = 0, pgerror;
++ char sql[256], escapebuf[513];
+ const char *newparam, *newval;
+
+ if (!table) {
+@@ -376,15 +406,38 @@
+ /* Create the first part of the query using the first parameter/value
pairs we just extracted
+ If there is only 1 set, then we have our query. Otherwise, loop thru
the list and concat */
+
+- snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam,
newval);
++ PQescapeStringConn(pgsqlConn, escapebuf, newval, (sizeof(escapebuf) -
1) / 2, &pgerror);
++ if (pgerror) {
++ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n",
newval);
++ va_end(ap);
++ return -1;
++ }
++ snprintf(sql, sizeof(sql), "UPDATE %s SET %s = '%s'", table, newparam,
escapebuf);
++
+ while ((newparam = va_arg(ap, const char *))) {
+ newval = va_arg(ap, const char *);
++
++ PQescapeStringConn(pgsqlConn, escapebuf, newval,
(sizeof(escapebuf) - 1) / 2, &pgerror);
++ if (pgerror) {
++ ast_log(LOG_ERROR, "Postgres detected invalid input:
'%s'\n", newval);
++ va_end(ap);
++ return -1;
++ }
++
+ snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), ", %s =
'%s'", newparam,
+- newval);
++ escapebuf);
+ }
+ va_end(ap);
++
++ PQescapeStringConn(pgsqlConn, escapebuf, lookup, (sizeof(escapebuf) -
1) / 2, &pgerror);
++ if (pgerror) {
++ ast_log(LOG_ERROR, "Postgres detected invalid input: '%s'\n",
lookup);
++ va_end(ap);
++ return -1;
++ }
++
+ snprintf(sql + strlen(sql), sizeof(sql) - strlen(sql), " WHERE %s =
'%s'", keyfield,
+- lookup);
++ escapebuf);
+
+ ast_log(LOG_DEBUG, "Postgresql RealTime: Update SQL: %s\n", sql);
+
diff --git a/source/apps-extra/asterisk/AST-2007-026.diff
b/source/apps-extra/asterisk/AST-2007-026.diff
new file mode 100644
index 0000000..77fab83
--- /dev/null
+++ b/source/apps-extra/asterisk/AST-2007-026.diff
@@ -0,0 +1,55 @@
+--- cdr/cdr_pgsql.c 2007/11/29 19:43:33 90165
++++ cdr/cdr_pgsql.c 2007/11/29 19:48:10 90166
+@@ -96,28 +96,33 @@
+
+ if (connected) {
+ char *clid=NULL, *dcontext=NULL, *channel=NULL,
*dstchannel=NULL, *lastapp=NULL, *lastdata=NULL;
+- char *uniqueid=NULL, *userfield=NULL;
++ char *src=NULL, *dst=NULL, *uniqueid=NULL, *userfield=NULL;
++ int pgerr;
+
+ /* Maximum space needed would be if all characters needed to be
escaped, plus a trailing NULL */
+ if ((clid = alloca(strlen(cdr->clid) * 2 + 1)) != NULL)
+- PQescapeString(clid, cdr->clid, strlen(cdr->clid));
++ PQescapeStringConn(conn, clid, cdr->clid,
strlen(cdr->clid), &pgerr);
+ if ((dcontext = alloca(strlen(cdr->dcontext) * 2 + 1)) != NULL)
+- PQescapeString(dcontext, cdr->dcontext,
strlen(cdr->dcontext));
++ PQescapeStringConn(conn, dcontext, cdr->dcontext,
strlen(cdr->dcontext), &pgerr);
+ if ((channel = alloca(strlen(cdr->channel) * 2 + 1)) != NULL)
+- PQescapeString(channel, cdr->channel,
strlen(cdr->channel));
++ PQescapeStringConn(conn, channel, cdr->channel,
strlen(cdr->channel), &pgerr);
+ if ((dstchannel = alloca(strlen(cdr->dstchannel) * 2 + 1)) !=
NULL)
+- PQescapeString(dstchannel, cdr->dstchannel,
strlen(cdr->dstchannel));
++ PQescapeStringConn(conn, dstchannel, cdr->dstchannel,
strlen(cdr->dstchannel), &pgerr);
+ if ((lastapp = alloca(strlen(cdr->lastapp) * 2 + 1)) != NULL)
+- PQescapeString(lastapp, cdr->lastapp,
strlen(cdr->lastapp));
++ PQescapeStringConn(conn, lastapp, cdr->lastapp,
strlen(cdr->lastapp), &pgerr);
+ if ((lastdata = alloca(strlen(cdr->lastdata) * 2 + 1)) != NULL)
+- PQescapeString(lastdata, cdr->lastdata,
strlen(cdr->lastdata));
++ PQescapeStringConn(conn, lastdata, cdr->lastdata,
strlen(cdr->lastdata), &pgerr);
+ if ((uniqueid = alloca(strlen(cdr->uniqueid) * 2 + 1)) != NULL)
+- PQescapeString(uniqueid, cdr->uniqueid,
strlen(cdr->uniqueid));
++ PQescapeStringConn(conn, uniqueid, cdr->uniqueid,
strlen(cdr->uniqueid), &pgerr);
+ if ((userfield = alloca(strlen(cdr->userfield) * 2 + 1)) !=
NULL)
+- PQescapeString(userfield, cdr->userfield,
strlen(cdr->userfield));
++ PQescapeStringConn(conn, userfield, cdr->userfield,
strlen(cdr->userfield), &pgerr);
++ if ((src = alloca(strlen(cdr->src) * 2 + 1)) != NULL)
++ PQescapeStringConn(conn, src, cdr->src,
strlen(cdr->src), &pgerr);
++ if ((dst = alloca(strlen(cdr->dst) * 2 + 1)) != NULL)
++ PQescapeStringConn(conn, dst, cdr->dst,
strlen(cdr->dst), &pgerr);
+
+ /* Check for all alloca failures above at once */
+- if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) ||
(!lastapp) || (!lastdata) || (!uniqueid) || (!userfield)) {
++ if ((!clid) || (!dcontext) || (!channel) || (!dstchannel) ||
(!lastapp) || (!lastdata) || (!uniqueid) || (!userfield) || (!src) || (!dst)) {
+ ast_log(LOG_ERROR, "cdr_pgsql: Out of memory error
(insert fails)\n");
+ ast_mutex_unlock(&pgsql_lock);
+ return -1;
+@@ -129,7 +134,7 @@
+ snprintf(sqlcmd,sizeof(sqlcmd),"INSERT INTO %s
(calldate,clid,src,dst,dcontext,channel,dstchannel,"
+
"lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield)
VALUES"
+ " ('%s','%s','%s','%s','%s',
'%s','%s','%s','%s',%ld,%ld,'%s',%ld,'%s','%s','%s')",
+- table,timestr,clid,cdr->src, cdr->dst,
dcontext,channel, dstchannel, lastapp, lastdata,
++ table, timestr, clid, src, dst, dcontext,
channel, dstchannel, lastapp, lastdata,
+
cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags,
cdr->accountcode, uniqueid, userfield);
+
+ if (option_debug > 2)
diff --git a/source/apps-extra/asterisk/AST-2007-027-2.diff
b/source/apps-extra/asterisk/AST-2007-027-2.diff
new file mode 100644
index 0000000..bf05c65
--- /dev/null
+++ b/source/apps-extra/asterisk/AST-2007-027-2.diff
@@ -0,0 +1,11 @@
+--- channels/chan_iax2.c 2007/12/19 16:39:49 93948
++++ channels/chan_iax2.c 2007/12/19 17:04:13 93949
+@@ -2696,7 +2696,7 @@
+ }
+ }
+ }
+- if (!var) { /* Last ditch effort */
++ if (!var && peername) { /* Last ditch effort */
+ var = ast_load_realtime("iaxpeers", "name", peername, NULL);
+ /*!\note
+ * If this one loaded something, then we need to ensure that
the host
diff --git a/source/apps-extra/asterisk/AST-2007-027-3.diff
b/source/apps-extra/asterisk/AST-2007-027-3.diff
new file mode 100644
index 0000000..7ecb36c
--- /dev/null
+++ b/source/apps-extra/asterisk/AST-2007-027-3.diff
@@ -0,0 +1,11 @@
+--- channels/chan_iax2.c 2007/12/20 20:21:41 94255
++++ channels/chan_iax2.c 2007/12/20 20:22:22 94256
+@@ -2704,7 +2704,7 @@
+ * is because we only have the IP address and the host field
might be
+ * set as a name (and the reverse PTR might not match).
+ */
+- if (var) {
++ if (var && sin) {
+ for (tmp = var; tmp; tmp = tmp->next) {
+ if (!strcasecmp(tmp->name, "host")) {
+ struct in_addr sin2 = { 0, };
diff --git a/source/apps-extra/asterisk/AST-2007-027.diff
b/source/apps-extra/asterisk/AST-2007-027.diff
new file mode 100644
index 0000000..63f3472
--- /dev/null
+++ b/source/apps-extra/asterisk/AST-2007-027.diff
@@ -0,0 +1,153 @@
+--- channels/chan_sip.c 2007/12/18 18:23:06 93667
++++ channels/chan_sip.c 2007/12/18 18:29:39 93668
+@@ -149,6 +149,7 @@
+ #include "asterisk/compiler.h"
+ #include "asterisk/threadstorage.h"
+ #include "asterisk/translate.h"
++#include "asterisk/dnsmgr.h"
+
+ #ifndef FALSE
+ #define FALSE 0
+@@ -2497,9 +2498,35 @@
+ unsigned short portnum;
+
+ /* First check on peer name */
+- if (newpeername)
+- var = ast_load_realtime("sippeers", "name", newpeername, NULL);
+- else if (sin) { /* Then check on IP address */
++ if (newpeername) {
++ var = ast_load_realtime("sippeers", "name", newpeername,
"host", "dynamic", NULL);
++ if (!var && sin) {
++ var = ast_load_realtime("sippeers", "name",
newpeername, "host", ast_inet_ntoa(sin->sin_addr), NULL);
++ if (!var) {
++ var = ast_load_realtime("sippeers", "name",
newpeername, NULL);
++ /*!\note
++ * If this one loaded something, then we need
to ensure that the host
++ * field matched. The only reason why we can't
have this as a criteria
++ * is because we only have the IP address and
the host field might be
++ * set as a name (and the reverse PTR might not
match).
++ */
++ if (var) {
++ for (tmp = var; tmp; tmp = tmp->next) {
++ if (!strcasecmp(var->name,
"host")) {
++ struct in_addr sin2 = {
0, };
++ struct ast_dnsmgr_entry
*dnsmgr = NULL;
++ if
((ast_dnsmgr_lookup(tmp->value, &sin2, &dnsmgr) < 0) || (memcmp(&sin2,
&sin->sin_addr, sizeof(sin2)) != 0)) {
++ /* No match */
++
ast_variables_destroy(var);
++ var = NULL;
++ }
++ break;
++ }
++ }
++ }
++ }
++ }
++ } else if (sin) { /* Then check on IP address */
+ iabuf = ast_inet_ntoa(sin->sin_addr);
+ portnum = ntohs(sin->sin_port);
+ sprintf(portstring, "%d", portnum);
+--- channels/chan_iax2.c 2007/12/18 18:23:06 93667
++++ channels/chan_iax2.c 2007/12/18 18:29:39 93668
+@@ -2680,9 +2680,11 @@
+ time_t regseconds = 0, nowtime;
+ int dynamic=0;
+
+- if (peername)
+- var = ast_load_realtime("iaxpeers", "name", peername, NULL);
+- else {
++ if (peername) {
++ var = ast_load_realtime("iaxpeers", "name", peername, "host",
"dynamic", NULL);
++ if (!var && sin)
++ var = ast_load_realtime("iaxpeers", "name", peername,
"host", ast_inet_ntoa(sin->sin_addr));
++ } else if (sin) {
+ char porta[25];
+ sprintf(porta, "%d", ntohs(sin->sin_port));
+ var = ast_load_realtime("iaxpeers", "ipaddr",
ast_inet_ntoa(sin->sin_addr), "port", porta, NULL);
+@@ -2694,6 +2696,29 @@
+ }
+ }
+ }
++ if (!var) { /* Last ditch effort */
++ var = ast_load_realtime("iaxpeers", "name", peername, NULL);
++ /*!\note
++ * If this one loaded something, then we need to ensure that
the host
++ * field matched. The only reason why we can't have this as a
criteria
++ * is because we only have the IP address and the host field
might be
++ * set as a name (and the reverse PTR might not match).
++ */
++ if (var) {
++ for (tmp = var; tmp; tmp = tmp->next) {
++ if (!strcasecmp(tmp->name, "host")) {
++ struct in_addr sin2 = { 0, };
++ struct ast_dnsmgr_entry *dnsmgr = NULL;
++ if ((ast_dnsmgr_lookup(tmp->value,
&sin2, &dnsmgr) < 0) || (memcmp(&sin2, &sin->sin_addr, sizeof(sin2)) != 0)) {
++ /* No match */
++ ast_variables_destroy(var);
++ var = NULL;
++ }
++ break;
++ }
++ }
++ }
++ }
+ if (!var)
+ return NULL;
+
+@@ -2769,13 +2794,45 @@
+ return peer;
+ }
+
+-static struct iax2_user *realtime_user(const char *username)
++static struct iax2_user *realtime_user(const char *username, struct
sockaddr_in *sin)
+ {
+ struct ast_variable *var;
+ struct ast_variable *tmp;
+ struct iax2_user *user=NULL;
+
+- var = ast_load_realtime("iaxusers", "name", username, NULL);
++ var = ast_load_realtime("iaxusers", "name", username, "host",
"dynamic", NULL);
++ if (!var)
++ var = ast_load_realtime("iaxusers", "name", username, "host",
ast_inet_ntoa(sin->sin_addr));
++ if (!var && sin) {
++ char porta[6];
++ snprintf(porta, sizeof(porta), "%d", ntohs(sin->sin_port));
++ var = ast_load_realtime("iaxusers", "name", username, "ipaddr",
ast_inet_ntoa(sin->sin_addr), "port", porta, NULL);
++ if (!var)
++ var = ast_load_realtime("iaxusers", "ipaddr",
ast_inet_ntoa(sin->sin_addr), "port", porta, NULL);
++ }
++ if (!var) { /* Last ditch effort */
++ var = ast_load_realtime("iaxusers", "name", username, NULL);
++ /*!\note
++ * If this one loaded something, then we need to ensure that
the host
++ * field matched. The only reason why we can't have this as a
criteria
++ * is because we only have the IP address and the host field
might be
++ * set as a name (and the reverse PTR might not match).
++ */
++ if (var) {
++ for (tmp = var; tmp; tmp = tmp->next) {
++ if (!strcasecmp(tmp->name, "host")) {
++ struct in_addr sin2 = { 0, };
++ struct ast_dnsmgr_entry *dnsmgr = NULL;
++ if ((ast_dnsmgr_lookup(tmp->value,
&sin2, &dnsmgr) < 0) || (memcmp(&sin2, &sin->sin_addr, sizeof(sin2)) != 0)) {
++ /* No match */
++ ast_variables_destroy(var);
++ var = NULL;
++ }
++ break;
++ }
++ }
++ }
++ }
+ if (!var)
+ return NULL;
+
+@@ -4970,7 +5027,7 @@
+ }
+ user = best;
+ if (!user && !ast_strlen_zero(iaxs[callno]->username)) {
+- user = realtime_user(iaxs[callno]->username);
++ user = realtime_user(iaxs[callno]->username, sin);
+ if (user && !ast_strlen_zero(iaxs[callno]->context) &&
/* No context specified */
+ !apply_context(user->contexts, iaxs[callno]->context)) {
/* Context is permitted */
+ user = user_unref(user);
diff --git a/source/apps-extra/asterisk/AST-2008-001.diff
b/source/apps-extra/asterisk/AST-2008-001.diff
new file mode 100644
index 0000000..40f144d
--- /dev/null
+++ b/source/apps-extra/asterisk/AST-2008-001.diff
@@ -0,0 +1,18 @@
+--- channels/chan_sip.c 2008/01/02 20:23:23 95945
++++ channels/chan_sip.c 2008/01/02 20:24:09 95946
+@@ -9048,9 +9048,14 @@
+ {
+ char tmp[256] = "", *c, *a;
+ struct sip_request *req = oreq ? oreq : &p->initreq;
+- struct sip_refer *referdata = p->refer;
++ struct sip_refer *referdata = NULL;
+ const char *transfer_context = NULL;
+
++ if (!p->refer && !sip_refer_allocate(p))
++ return -1;
++
++ referdata = p->refer;
++
+ ast_copy_string(tmp, get_header(req, "Also"), sizeof(tmp));
+ c = get_in_brackets(tmp);
+
diff --git a/source/apps-extra/asterisk/FrugalBuild
b/source/apps-extra/asterisk/FrugalBuild
index 3248aac..6887139 100644
--- a/source/apps-extra/asterisk/FrugalBuild
+++ b/source/apps-extra/asterisk/FrugalBuild
@@ -4,7 +4,7 @@
pkgname=asterisk
pkgver=1.4.13
-pkgrel=1sayshell1
+pkgrel=1sayshell2
pkgdesc="Open Source Private Branch Exchange (PBX)."
url="http://asterisk.org/";
backup=(etc/asterisk/*)
@@ -15,9 +15,9 @@ depends=('asterisk-sounds' 'curl>=7.16.0' 'glibc' 'libidn'
'ncurses' 'newt' 'pop
groups=('apps-extra')
archs=('i686' 'x86_64')
up2date="lynx -dump http://ftp.digium.com/pub/asterisk/|grep
asterisk-[0-9\.]*tar.gz$|Flasttar"
-source=(http://ftp.digium.com/pub/$pkgname/$pkgname-$pkgver.tar.gz rc.asterisk)
-sha1sums=('76c07dcbc39bf77ef3de6eba5d345a1f22d1dc16' \
- '1c18155cdece83d556e2295b54508636ff74f307')
+source=(http://downloads.digium.com/pub/asterisk/releases/$pkgname-$pkgver.tar.gz
rc.asterisk \
+ AST-2007-025.diff AST-2007-026.diff AST-2007-027.diff
AST-2007-027-2.diff AST-2007-027-3.diff AST-2008-001.diff)
+signatures=($source.asc '' '' '' '' '' '' '')
build()
{
_______________________________________________
Frugalware-git mailing list
[email protected]
http://frugalware.org/mailman/listinfo/frugalware-git
