[pkgsrc/pkgsrc-2015Q1]: pkgsrc/comms/asterisk18 Pullup ticket #4736 - request...

[tron <tron%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/45f881b2c339
branches:  pkgsrc-2015Q1
changeset: 649270:45f881b2c339
user:      tron <tron%pkgsrc.org@localhost>
date:      Wed Jun 10 20:38:42 2015 +0000

description:
Pullup ticket #4736 - requested by manu
comms/asterisk18: security update

Revisions pulled up:
- comms/asterisk18/Makefile                             1.94,1.97 via patch
- comms/asterisk18/distinfo                             1.60-1.61
- comms/asterisk18/patches/patch-main_loader.c          1.1

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Sun Apr 12 03:35:39 UTC 2015

   Modified Files:
           pkgsrc/comms/asterisk18: Makefile distinfo

   Log Message:
   Update to Asterisk 1.8.32.3:  this is a security fix update.

   The Asterisk Development Team has announced security releases for
   Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
   12, and 13. The available security releases are released as versions
   1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
   and 13.3.2.

   The release of these versions resolves the following security vulnerability:

   * AST-2015-003: TLS Certificate Common name NULL byte exploit

     When Asterisk registers to a SIP TLS device and verifies the
     server, Asterisk will accept signed certificates that match a
     common name other than the one Asterisk is expecting if the signed
     certificate has a common name containing a null byte after the
     portion of the common name that Asterisk expected. This potentially
     allows for a man in the middle attack.

   For more information about the details of this vulnerability, please read
   security advisory AST-2015-003, which was released at the same time as this
   announcement.

   For a full list of changes in the current releases, please see the Change Logs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3

   The security advisory is available at:

   * http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

   Thank you for your continued support of Asterisk!

---
   Module Name:    pkgsrc
   Committed By:   manu
   Date:           Tue Apr 28 08:48:11 UTC 2015

   Modified Files:
           pkgsrc/comms/asterisk18: Makefile distinfo
   Added Files:
           pkgsrc/comms/asterisk18/patches: patch-main_loader.c

   Log Message:
   Fix crash in asterisk18 startup

   The added patch fixes startup crash and was submitted upstream.
   While there also remove the ban on i386, as it was tested to run fine.

diffstat:

 comms/asterisk18/Makefile                    |   8 +---
 comms/asterisk18/distinfo                    |  15 ++++----
 comms/asterisk18/patches/patch-main_loader.c |  45 ++++++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 12 deletions(-)

diffs (105 lines):

diff -r 397115b0bc4e -r 45f881b2c339 comms/asterisk18/Makefile
--- a/comms/asterisk18/Makefile Tue Jun 09 02:10:46 2015 +0000
+++ b/comms/asterisk18/Makefile Wed Jun 10 20:38:42 2015 +0000
@@ -1,12 +1,13 @@
-# $NetBSD: Makefile,v 1.92 2015/03/15 22:26:26 jnemeth Exp $
+# $NetBSD: Makefile,v 1.92.2.1 2015/06/10 20:38:42 tron Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked
 
-DISTNAME=      asterisk-1.8.32.2
+DISTNAME=      asterisk-1.8.32.3
 DIST_SUBDIR=   ${PKGNAME_NOREV}
 DISTFILES=     ${DEFAULT_DISTFILES}
 EXTRACT_ONLY=  ${DISTNAME}.tar.gz
+PKGREVISION=   3
 CATEGORIES=    comms net audio
 MASTER_SITES=  http://downloads.asterisk.org/pub/telephony/asterisk/ \
                http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \
@@ -17,9 +18,6 @@
 COMMENT=       The Asterisk Software PBX
 LICENSE=       gnu-gpl-v2
 
-# known to have issues on i386, block the package until the bug is fixed
-BROKEN_ON_PLATFORM=    NetBSD-*-i386
-
 CONFLICTS+=    asterisk-sounds-extra-[0-9]*
 
 .include "../../mk/bsd.prefs.mk"
diff -r 397115b0bc4e -r 45f881b2c339 comms/asterisk18/distinfo
--- a/comms/asterisk18/distinfo Tue Jun 09 02:10:46 2015 +0000
+++ b/comms/asterisk18/distinfo Wed Jun 10 20:38:42 2015 +0000
@@ -1,11 +1,11 @@
-$NetBSD: distinfo,v 1.59 2015/01/29 21:48:07 jnemeth Exp $
+$NetBSD: distinfo,v 1.59.2.1 2015/06/10 20:38:42 tron Exp $
 
-SHA1 (asterisk-1.8.32.2/asterisk-1.8.32.2.tar.gz) = e2a585ff20ab7dc1cb4bad86eda514af7c6a5e45
-RMD160 (asterisk-1.8.32.2/asterisk-1.8.32.2.tar.gz) = 41446c7da1e73ab07455f35b1ed102315eb7ef9c
-Size (asterisk-1.8.32.2/asterisk-1.8.32.2.tar.gz) = 29635914 bytes
-SHA1 (asterisk-1.8.32.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050
-RMD160 (asterisk-1.8.32.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150
-Size (asterisk-1.8.32.2/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes
+SHA1 (asterisk-1.8.32.3/asterisk-1.8.32.3.tar.gz) = ba0fd90fd744e423950d66c5d3e777419050d62e
+RMD160 (asterisk-1.8.32.3/asterisk-1.8.32.3.tar.gz) = 431785ace9f8a516ed6def6cf193fc8cd06b2967
+Size (asterisk-1.8.32.3/asterisk-1.8.32.3.tar.gz) = 29637478 bytes
+SHA1 (asterisk-1.8.32.3/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050
+RMD160 (asterisk-1.8.32.3/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150
+Size (asterisk-1.8.32.3/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes
 SHA1 (patch-aa) = 832f1c043b15198e0a286094dd0cc1a251bcfed0
 SHA1 (patch-af) = 19786616bb606c38f769ec85f2e4d118573659ab
 SHA1 (patch-ai) = e92edab5c1ff323478f41d0b0783102ed527fe39
@@ -39,3 +39,4 @@
 SHA1 (patch-bn) = 51d14bde5591bd4a68c8074838196e05ac86f2f2
 SHA1 (patch-bo) = ff43d14e2608dd08d7d03799dfe9847f9f7f5666
 SHA1 (patch-bp) = 44c903536522e61790588680383b0ab2879edd65
+SHA1 (patch-main_loader.c) = a4cc248a7767eca712618fadf3a1ddc7f4977921
diff -r 397115b0bc4e -r 45f881b2c339 comms/asterisk18/patches/patch-main_loader.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/comms/asterisk18/patches/patch-main_loader.c      Wed Jun 10 20:38:42 2015 +0000
@@ -0,0 +1,45 @@
+$NetBSD: patch-main_loader.c,v 1.1.2.2 2015/06/10 20:38:43 tron Exp $
+
+Fix unloaded module DSO usage
+
+If a module once failed to load with globaly exposed symbols, the DSO
+is unloaded while the struct ast_module remains valid and referenced, 
+with just mod->lib being NULL.
+
+If the module is later attempted to be loaded again, make sure the DSO
+is loaded again to avoid an unpleasant crash.
+
+Also add a test to catch the situation where something went wrong and 
+loading failed again.
+
+Submitted upstream in
+https://issues.asterisk.org/jira/browse/ASTERISK-25021
+
+--- main/loader.c.orig 2015-04-27 17:33:30.000000000 +0200
++++ main/loader.c      2015-04-27 18:01:28.000000000 +0200
+@@ -894,9 +894,9 @@
+ {
+       struct ast_module *mod;
+       enum ast_module_load_result res = AST_MODULE_LOAD_SUCCESS;
+ 
+-      if ((mod = find_resource(resource_name, 0))) {
++      if ((mod = find_resource(resource_name, 0)) && (mod->lib != NULL)) {
+               if (mod->flags.running) {
+                       ast_log(LOG_WARNING, "Module '%s' already exists.\n", resource_name);
+                       return AST_MODULE_LOAD_DECLINE;
+               }
+@@ -918,8 +918,14 @@
+               return required ? AST_MODULE_LOAD_FAILURE : AST_MODULE_LOAD_DECLINE;
+ #endif
+       }
+ 
++      if (mod->lib == NULL) {
++              ast_log(LOG_ERROR, "Module '%s' was unloaded.\n", resource_name);
++              return required ? AST_MODULE_LOAD_FAILURE : AST_MODULE_LOAD_DECLINE;
++      }
++
++
+       if (inspect_module(mod)) {
+               ast_log(LOG_WARNING, "Module '%s' could not be loaded.\n", resource_name);
+ #ifdef LOADABLE_MODULES
+               unload_dynamic_module(mod);