This fixes AST-2007-027, a problem with database-backed (i.e. "realtime") sip/iax peer config: Users with no password aren't subject to IP address restrictions.
If you do not use this feature, or have configured passwords rather than relying on IP address "authentication" on a UDP protocol (hint: don't do that...) then this security problem doesn't affect you, but there are a number of reliability fixes in this update. http://downloads.digium.com/pub/security/AST-2007-027.pdf The problem also exists in 1.2 (as used in earlier OpenBSD versions) but we didn't ship with realtime support then. Only tested on sparc64 so far. Asterisk now generates a warning when loading external modules compiled against older headers; I propose bumping package versions of app_conference and chan_unistim, and making them depend on asterisk >=1.4.16, does that seem reasonable? Index: Makefile =================================================================== RCS file: /cvs/ports/telephony/asterisk/Makefile,v retrieving revision 1.27 diff -u -p -r1.27 Makefile --- Makefile 1 Dec 2007 10:11:53 -0000 1.27 +++ Makefile 19 Dec 2007 12:08:40 -0000 @@ -3,7 +3,7 @@ SHARED_ONLY= Yes COMMENT-main= open source multi-protocol PBX and telephony toolkit -V= 1.4.15 +V= 1.4.16 DISTNAME= asterisk-$V FULLPKGNAME-main= ${DISTNAME} Index: distinfo =================================================================== RCS file: /cvs/ports/telephony/asterisk/distinfo,v retrieving revision 1.21 diff -u -p -r1.21 distinfo --- distinfo 1 Dec 2007 10:11:53 -0000 1.21 +++ distinfo 19 Dec 2007 12:08:40 -0000 @@ -1,5 +1,5 @@ -MD5 (asterisk-1.4.15.tar.gz) = wvh6E0Onv360klwG75Ypdg== -RMD160 (asterisk-1.4.15.tar.gz) = IU4FzyV4KAvTV4MkrsMNA+Lmv74= -SHA1 (asterisk-1.4.15.tar.gz) = ydk0pabtN0rr3JFStlrxt25gPjk= -SHA256 (asterisk-1.4.15.tar.gz) = dVCPyKpZkRYuvDxOJy/5oCZZcvWIC5/lK54dF5tsXcA= -SIZE (asterisk-1.4.15.tar.gz) = 11417006 +MD5 (asterisk-1.4.16.tar.gz) = K8ku13uh3t412nRMygRqwA== +RMD160 (asterisk-1.4.16.tar.gz) = hAa5C3F0qgASe6pgZaD3aj000GQ= +SHA1 (asterisk-1.4.16.tar.gz) = mW7xIuLNEaNIxmeRMwGbZkqFNe4= +SHA256 (asterisk-1.4.16.tar.gz) = AcRCiZwftHD1Msm3vyfhN9igCqyRG3RClswgS2uFO9U= +SIZE (asterisk-1.4.16.tar.gz) = 11457547 Index: patches/patch-Makefile =================================================================== RCS file: /cvs/ports/telephony/asterisk/patches/patch-Makefile,v retrieving revision 1.13 diff -u -p -r1.13 patch-Makefile --- patches/patch-Makefile 27 Nov 2007 10:41:04 -0000 1.13 +++ patches/patch-Makefile 19 Dec 2007 12:08:40 -0000 @@ -1,6 +1,6 @@ $OpenBSD: patch-Makefile,v 1.13 2007/11/27 10:41:04 sthen Exp $ ---- Makefile.orig Thu Nov 15 18:37:38 2007 -+++ Makefile Sat Nov 17 00:58:06 2007 +--- Makefile.orig Mon Dec 17 06:44:51 2007 ++++ Makefile Tue Dec 18 22:20:14 2007 @@ -35,6 +35,7 @@ export ASTVARRUNDIR export MODULES_DIR export ASTSPOOLDIR @@ -9,7 +9,7 @@ $OpenBSD: patch-Makefile,v 1.13 2007/11/ export ASTDATADIR export ASTLOGDIR export ASTLIBDIR -@@ -81,7 +82,7 @@ ASTCFLAGS+=$(COPTS) +@@ -82,7 +83,7 @@ ASTCFLAGS+=$(COPTS) ASTLDFLAGS+=$(LDOPTS) #Uncomment this to see all build commands instead of 'quiet' output @@ -18,7 +18,7 @@ $OpenBSD: patch-Makefile,v 1.13 2007/11/ # Create OPTIONS variable OPTIONS= -@@ -92,7 +93,7 @@ ASTTOPDIR:=$(shell pwd) +@@ -93,7 +94,7 @@ ASTTOPDIR:=$(shell pwd) OVERWRITE=y # Include debug and macro symbols in the executables (-g) and profiling info (-pg) @@ -27,7 +27,7 @@ $OpenBSD: patch-Makefile,v 1.13 2007/11/ # Staging directory # Files are copied here temporarily during the install process -@@ -127,6 +128,7 @@ else +@@ -128,6 +129,7 @@ else ifneq ($(findstring BSD,$(OSARCH)),) ASTVARLIBDIR=$(prefix)/share/asterisk ASTVARRUNDIR=$(localstatedir)/run/asterisk @@ -35,7 +35,7 @@ $OpenBSD: patch-Makefile,v 1.13 2007/11/ else ASTVARLIBDIR=$(localstatedir)/lib/asterisk endif -@@ -155,8 +157,10 @@ HTTP_CGIDIR=/var/www/cgi-bin +@@ -156,8 +158,10 @@ HTTP_CGIDIR=/var/www/cgi-bin # The file /etc/asterisk.makeopts will also be included but can be overridden # by the file in your home directory. @@ -46,7 +46,7 @@ $OpenBSD: patch-Makefile,v 1.13 2007/11/ MOD_SUBDIR_CFLAGS=-I$(ASTTOPDIR)/include OTHER_SUBDIR_CFLAGS=-I$(ASTTOPDIR)/include -@@ -195,8 +199,10 @@ ifeq ($(OSARCH),linux-gnu) +@@ -196,8 +200,10 @@ ifeq ($(OSARCH),linux-gnu) endif ifeq ($(findstring -save-temps,$(ASTCFLAGS)),) @@ -57,7 +57,7 @@ $OpenBSD: patch-Makefile,v 1.13 2007/11/ ASTCFLAGS+=-Wall -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations $(DEBUG) -@@ -211,9 +217,11 @@ ifneq ($(findstring BSD,$(OSARCH)),) +@@ -212,9 +218,11 @@ ifneq ($(findstring BSD,$(OSARCH)),) ASTLDFLAGS+=-L/usr/local/lib endif @@ -69,7 +69,7 @@ $OpenBSD: patch-Makefile,v 1.13 2007/11/ ifeq ($(PROC),ppc) ASTCFLAGS+=-fsigned-char -@@ -556,13 +564,14 @@ samples: adsi +@@ -564,13 +572,14 @@ samples: adsi echo "astetcdir => $(ASTETCDIR)" ; \ echo "astmoddir => $(MODULES_DIR)" ; \ echo "astvarlibdir => $(ASTVARLIBDIR)" ; \ @@ -85,7 +85,7 @@ $OpenBSD: patch-Makefile,v 1.13 2007/11/ echo ";verbose = 3" ; \ echo ";debug = 3" ; \ echo ";alwaysfork = yes ; same as -F at startup" ; \ -@@ -585,15 +594,15 @@ samples: adsi +@@ -593,15 +602,15 @@ samples: adsi echo ";record_cache_dir = /tmp ; Specify cache directory (used in cnjunction with cache_record_files)" ; \ echo ";transmit_silence_during_record = yes ; Transmit SLINEAR silence while a channel is being recorded" ; \ echo ";transcode_via_sln = yes ; Build transcode paths via SLINEAR, instead of directly" ; \ Index: patches/patch-channels_Makefile =================================================================== RCS file: /cvs/ports/telephony/asterisk/patches/patch-channels_Makefile,v retrieving revision 1.6 diff -u -p -r1.6 patch-channels_Makefile --- patches/patch-channels_Makefile 5 Sep 2007 22:42:52 -0000 1.6 +++ patches/patch-channels_Makefile 19 Dec 2007 12:08:40 -0000 @@ -1,8 +1,8 @@ $OpenBSD: patch-channels_Makefile,v 1.6 2007/09/05 22:42:52 sthen Exp $ ---- channels/Makefile.orig Wed Aug 1 18:03:23 2007 -+++ channels/Makefile Wed Aug 1 18:03:42 2007 -@@ -15,8 +15,8 @@ C_MODS:=$(filter-out $(MENUSELECT_CHANNELS),$(patsubst - CC_MODS:=$(filter-out $(MENUSELECT_CHANNELS),$(patsubst %.cc,%,$(wildcard chan_*.cc))) +--- channels/Makefile.orig Mon Dec 17 07:21:08 2007 ++++ channels/Makefile Tue Dec 18 22:20:15 2007 +@@ -21,8 +21,8 @@ C_MODS:=$(filter-out $(MENUSELECT_CHANNELS),$(ALL_C_MO + CC_MODS:=$(filter-out $(MENUSELECT_CHANNELS),$(ALL_CC_MODS)) ifeq ($(OSARCH),OpenBSD) - PTLIB=-lpt_OpenBSD_x86_r Index: patches/patch-configure =================================================================== RCS file: /cvs/ports/telephony/asterisk/patches/patch-configure,v retrieving revision 1.2 diff -u -p -r1.2 patch-configure --- patches/patch-configure 4 Oct 2007 11:25:44 -0000 1.2 +++ patches/patch-configure 19 Dec 2007 12:08:40 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-configure,v 1.2 2007/10/04 11:25:44 sthen Exp $ ---- configure.orig Fri Sep 14 16:50:49 2007 -+++ configure Wed Oct 3 12:50:22 2007 -@@ -18468,7 +18468,11 @@ echo $ECHO_N "checking for UW IMAP Toolkit c-client li +--- configure.orig Mon Dec 17 06:44:51 2007 ++++ configure Tue Dec 18 22:20:15 2007 +@@ -18673,7 +18673,11 @@ echo $ECHO_N "checking for UW IMAP Toolkit c-client li imap_ldflags=`cat ${IMAP_TK_DIR}/c-client/LDFLAGS` fi CPPFLAGS="${CPPFLAGS} -I${IMAP_TK_DIR}/c-client" @@ -14,7 +14,7 @@ $OpenBSD: patch-configure,v 1.2 2007/10/ cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF -@@ -22173,13 +22177,13 @@ if test "${USE_UNIXODBC}" != "no"; then +@@ -22453,13 +22457,13 @@ if test "${USE_UNIXODBC}" != "no"; then pbxlibdir="-L${UNIXODBC_DIR}" fi fi @@ -31,7 +31,7 @@ $OpenBSD: patch-configure,v 1.2 2007/10/ cat >conftest.$ac_ext <<_ACEOF /* confdefs.h. */ _ACEOF -@@ -22242,7 +22246,7 @@ fi +@@ -22522,7 +22526,7 @@ fi if test "${AST_UNIXODBC_FOUND}" = "yes"; then @@ -40,7 +40,7 @@ $OpenBSD: patch-configure,v 1.2 2007/10/ UNIXODBC_HEADER_FOUND="1" if test "x${UNIXODBC_DIR}" != "x"; then UNIXODBC_LIB="${pbxlibdir} ${UNIXODBC_LIB}" -@@ -25673,7 +25677,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu +@@ -26038,7 +26042,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu PWLIB_VERSION=`grep "PWLIB_VERSION" ${PWLIB_INCDIR}/ptbuildopts.h | cut -f2 -d ' ' | sed -e 's/"//g'` PWLIB_MAJOR_VERSION=`echo ${PWLIB_VERSION} | cut -f1 -d.` PWLIB_MINOR_VERSION=`echo ${PWLIB_VERSION} | cut -f2 -d.` @@ -49,7 +49,7 @@ $OpenBSD: patch-configure,v 1.2 2007/10/ let PWLIB_VER=${PWLIB_MAJOR_VERSION}*10000+${PWLIB_MINOR_VERSION}*100+${PWLIB_BUILD_NUMBER} let PWLIB_REQ=1*10000+9*100+2 -@@ -25775,6 +25779,9 @@ esac +@@ -26140,6 +26144,9 @@ esac PWLIB_PLATFORM="${PWLIB_OSTYPE}_${PWLIB_MACHTYPE}" @@ -59,7 +59,7 @@ $OpenBSD: patch-configure,v 1.2 2007/10/ -@@ -26613,7 +26620,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu +@@ -26998,7 +27005,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu OPENH323_VERSION=`grep "OPENH323_VERSION" ${OPENH323_INCDIR}/openh323buildopts.h | cut -f2 -d ' ' | sed -e 's/"//g'` OPENH323_MAJOR_VERSION=`echo ${OPENH323_VERSION} | cut -f1 -d.` OPENH323_MINOR_VERSION=`echo ${OPENH323_VERSION} | cut -f2 -d.` @@ -68,7 +68,7 @@ $OpenBSD: patch-configure,v 1.2 2007/10/ let OPENH323_VER=${OPENH323_MAJOR_VERSION}*10000+${OPENH323_MINOR_VERSION}*100+${OPENH323_BUILD_NUMBER} let OPENH323_REQ=1*10000+17*100+3 -@@ -26634,7 +26641,7 @@ echo "${ECHO_T}yes" >&6; } +@@ -27019,7 +27026,7 @@ echo "${ECHO_T}yes" >&6; } { echo "$as_me:$LINENO: checking OpenH323 build option" >&5 echo $ECHO_N "checking OpenH323 build option... $ECHO_C" >&6; } OPENH323_SUFFIX= @@ -77,7 +77,7 @@ $OpenBSD: patch-configure,v 1.2 2007/10/ for pfx in $prefixes; do files=`ls -l ${OPENH323_LIBDIR}/lib${pfx}*.so* 2>/dev/null` libfile= -@@ -26662,7 +26669,8 @@ echo $ECHO_N "checking OpenH323 build option... $ECHO_ +@@ -27047,7 +27054,8 @@ echo $ECHO_N "checking OpenH323 build option... $ECHO_ d) OPENH323_BUILD="debug";; *) @@ -87,7 +87,7 @@ $OpenBSD: patch-configure,v 1.2 2007/10/ notrace=`eval "grep NOTRACE ${OPENH323DIR}/openh323u.mak | grep = | sed -e 's/[A-Z0-9_]*[ ]*=[ ]*//'"` if test "x$notrace" = "x"; then notrace="0" -@@ -31100,7 +31108,7 @@ if test "${ac_cv_lib_vorbis_vorbis_info_init+set}" = s +@@ -31585,7 +31593,7 @@ if test "${ac_cv_lib_vorbis_vorbis_info_init+set}" = s echo $ECHO_N "(cached) $ECHO_C" >&6 else ac_check_lib_save_LIBS=$LIBS Index: pkg/PLIST-main =================================================================== RCS file: /cvs/ports/telephony/asterisk/pkg/PLIST-main,v retrieving revision 1.4 diff -u -p -r1.4 PLIST-main --- pkg/PLIST-main 1 Dec 2007 10:11:53 -0000 1.4 +++ pkg/PLIST-main 19 Dec 2007 12:08:40 -0000 @@ -48,6 +48,7 @@ include/asterisk/features.h include/asterisk/file.h include/asterisk/frame.h include/asterisk/fskmodem.h +include/asterisk/global_datastores.h include/asterisk/http.h include/asterisk/image.h include/asterisk/indications.h
