Commit d99d0e71 authored by Timo Teräs's avatar Timo Teräs
Browse files

main/asterisk: security upgrade to 14.7.8

AST-2018-002: Crash when given an invalid SDP media format description
AST-2018-003: Crash with an invalid SDP fmtp attribute
AST-2018-004 (CVE-2018-7284): Crash when receiving SUBSCRIBE request
AST-2018-005 (CVE-2018-7286): Crash when large numbers of TCP connections are closed suddenly
AST-2018-007: Infinite loop when reading iostreams
AST-2018-008: PJSIP endpoint presence disclosure when using ACL
AST-2018-009 (CVE-2018-17281): Remote crash in HTTP websocket upgrade

(cherry picked from commit d82e7ed8)
parent b921d5dd
......@@ -2,7 +2,7 @@
# Contributor: Timo Teras <timo.teras@iki.fi>
# Maintainer: Timo Teras <timo.teras@iki.fi>
pkgname=asterisk
pkgver=14.7.5
pkgver=14.7.8
pkgrel=0
pkgdesc="Asterisk: A Module Open Source PBX System"
pkgusers="asterisk"
......@@ -29,6 +29,7 @@ _download="http://downloads.asterisk.org/pub/telephony/asterisk/releases"
source="$_download/asterisk-$pkgver.tar.gz
http://dev.alpinelinux.org/~tteras/asterisk-addon-mp3-r201.patch.gz
ASTERISK-24517.patch
AST-2018-007.patch
musl-mutex-init.patch
asterisk.initd
......@@ -225,9 +226,10 @@ sound_en() {
chown -R asterisk:asterisk "$subpkgdir"/var/*/asterisk
}
sha512sums="e6ac50d116528aeb2d2f0ac05ce2d3f5c037b87926fffa0d958d34f02957f13c8a01894c40d7a20ad52d3f3b929f3521a7969e19f485f19bef1d53e8d5390c81 asterisk-14.7.5.tar.gz
sha512sums="4c140abd1bf17456e13d81c8343f3d1635603cf8de0ad9dd687d3dc714644a4d49bbc98a650df5b1a2b70596050b328de54edf3482f716f90a703642a1d82d2e asterisk-14.7.8.tar.gz
aacef3f4796fb1abd33266998b53909cb4b36e7cc5ad2f7bac68bdc43e9a9072d9a4e2e7e681bddfa31f3d04575eb248afe6ea95da780c67e4829c1e22adfe1b asterisk-addon-mp3-r201.patch.gz
2742773614454bdd656c038b2d19ab7f01050c0631eb02e09d922bd8eebfcb4fe4a2a9e9c100ce854dad156194d738434a85524ae125d446ca599dcd1a884450 ASTERISK-24517.patch
472de23761c795db9277c0c93b9019053126d31e4947a7fc4abeb89d836e2d6b524d4fb07cb18dc1c2851013a53525be92405981451a192676d32589f1781fff AST-2018-007.patch
f72c2e04de80d3ed9ce841308101383a1655e6da7a3c888ad31fffe63d1280993e08aefcf8e638316d439c68b38ee05362c87503fca1f36343976a01af9d6eb1 musl-mutex-init.patch
0044c5db468ec8f2385d18d476f89976f6d036448583a4ef8017ce7a6f8f72105337e6b20037ffe47f561d2877fc9c86720aef23ab037df89b36dc140a5924c4 asterisk.initd
ab6b6f08ff43268cbb1abb7ed7d678949991ba495682a644bbaeb017d6adbff0a43297905fd73ae8db1786a28d5b5904f1bc253209a0e388c8a27f26c6ce14ed asterisk.confd
......
From 380b5ae0a1e4a68bfb098319a7ab86d3d34c2fcb Mon Sep 17 00:00:00 2001
From: Sean Bright <sean.bright@gmail.com>
Date: Mon, 16 Apr 2018 15:13:58 -0400
Subject: [PATCH 1/1] AST-2018-007: iostreams potential DoS when client
connection closed prematurely
Before Asterisk sends an HTTP response (at least in the case of errors),
it attempts to read & discard the content of the request. If the client
lies about the Content-Length, or the connection is closed from the
client side before "Content-Length" bytes are sent, the request handling
thread will busy loop.
ASTERISK-27807
Change-Id: I945c5fc888ed92be625b8c35039fc6d2aa89c762
---
main/iostream.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/main/iostream.c b/main/iostream.c
index 4cddd43b6b..20188cb7a0 100644
--- a/main/iostream.c
+++ b/main/iostream.c
@@ -197,11 +197,18 @@ static ssize_t iostream_read(struct ast_iostream *stream, void *buf, size_t size
}
}
break;
+ case SSL_ERROR_SYSCALL:
+ /* Some non-recoverable I/O error occurred. The OpenSSL error queue may
+ * contain more information on the error. For socket I/O on Unix systems,
+ * consult errno for details. */
+ ast_debug(1, "TLS non-recoverable I/O error occurred: %s, %s\n", ERR_error_string(sslerr, err),
+ ssl_error_to_string(sslerr, res));
+ return -1;
default:
/* Report EOF for an undecoded SSL or transport error. */
ast_debug(1, "TLS transport or SSL error reading data: %s, %s\n", ERR_error_string(sslerr, err),
ssl_error_to_string(sslerr, res));
- return 0;
+ return -1;
}
if (!ms) {
/* Report EOF for a timeout */
@@ -317,7 +324,7 @@ ssize_t ast_iostream_discard(struct ast_iostream *stream, size_t size)
while (remaining) {
ret = ast_iostream_read(stream, buf, remaining > sizeof(buf) ? sizeof(buf) : remaining);
- if (ret < 0) {
+ if (ret <= 0) {
return ret;
}
remaining -= ret;
--
2.19.0
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment