[Pkg-voip-commits] r6581 - in /asterisk/branches/etch/debian: changelog patches/00list patches/AST-2008-012.dpatch patches/fix_iax_r159245.dpatch
tzafrir-guest at alioth.debian.org
tzafrir-guest at alioth.debian.org
Wed Dec 24 17:06:11 UTC 2008
Author: tzafrir-guest
Date: Wed Dec 24 17:06:11 2008
New Revision: 6581
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=6581
Log:
* Fix for AST-2008-012 (CVE-2008-5558) - Some more IAX crashes.
* Patch fix_iax_r159245: another small upstream regression fix.
Added:
asterisk/branches/etch/debian/patches/AST-2008-012.dpatch (with props)
asterisk/branches/etch/debian/patches/fix_iax_r159245.dpatch (with props)
Modified:
asterisk/branches/etch/debian/changelog
asterisk/branches/etch/debian/patches/00list
Modified: asterisk/branches/etch/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/changelog?rev=6581&op=diff
==============================================================================
--- asterisk/branches/etch/debian/changelog (original)
+++ asterisk/branches/etch/debian/changelog Wed Dec 24 17:06:11 2008
@@ -4,6 +4,8 @@
* Fix for AST-2008-011 (CVE-2008-3264) - IAX provisioning firmware
downloading protocol is a traffic amplifier. It has been disabled by
default.
+ * Fix for AST-2008-012 (CVE-2008-5558) - Some more IAX crashes.
+ * Patch fix_iax_r159245: another small upstream regression fix.
* To re-enable it set "allowfwdownload = yes" in iaxprov.conf
-- Tzafrir Cohen <tzafrir.cohen at xorcom.com> Wed, 23 Jul 2008 21:33:41 +0300
Modified: asterisk/branches/etch/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/00list?rev=6581&op=diff
==============================================================================
--- asterisk/branches/etch/debian/patches/00list (original)
+++ asterisk/branches/etch/debian/patches/00list Wed Dec 24 17:06:11 2008
@@ -16,6 +16,8 @@
AST-2008-008.dpatch
AST-2008-010.dpatch
AST-2008-011.dpatch
+fix_iax_r159245.dpatch
+AST-2008-012.dpatch
# ukcid probably conflicts with bristuff
ukcid
option_detach
Added: asterisk/branches/etch/debian/patches/AST-2008-012.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/AST-2008-012.dpatch?rev=6581&op=file
==============================================================================
--- asterisk/branches/etch/debian/patches/AST-2008-012.dpatch (added)
+++ asterisk/branches/etch/debian/patches/AST-2008-012.dpatch Wed Dec 24 17:06:11 2008
@@ -1,0 +1,29 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## AST-2008-012.dpatch by Tzafrir Cohen <tzafrir.cohen at xorcom.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Remote Unauthenticated Sessions (regressions from previous fixes)
+## DP: AST-2008-012/CVE-2008-5558
+## DP: upstream r162868
+
+ at DPATCH@
+--- a/channels/chan_iax2.c 2008/12/10 20:17:52 162867
++++ b/channels/chan_iax2.c 2008/12/10 21:06:44 162868
+@@ -2750,7 +2750,7 @@
+ if (peername) {
+ var = ast_load_realtime("iaxpeers", "name", peername, "host", "dynamic", NULL);
+ if (!var && sin)
+- var = ast_load_realtime("iaxpeers", "name", peername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
++ var = ast_load_realtime("iaxpeers", "name", peername, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), (char *) NULL);
+ } else if (sin) {
+ char porta[25];
+ ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr);
+@@ -2874,7 +2874,7 @@
+
+ var = ast_load_realtime("iaxusers", "name", username, "host", "dynamic", NULL);
+ if (!var && sin)
+- var = ast_load_realtime("iaxusers", "name", username, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr));
++ var = ast_load_realtime("iaxusers", "name", username, "host", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), (char *) NULL);
+ if (!var && sin) {
+ char porta[6];
+ snprintf(porta, sizeof(porta), "%d", ntohs(sin->sin_port));
Propchange: asterisk/branches/etch/debian/patches/AST-2008-012.dpatch
------------------------------------------------------------------------------
svn:executable = *
Added: asterisk/branches/etch/debian/patches/fix_iax_r159245.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/fix_iax_r159245.dpatch?rev=6581&op=file
==============================================================================
--- asterisk/branches/etch/debian/patches/fix_iax_r159245.dpatch (added)
+++ asterisk/branches/etch/debian/patches/fix_iax_r159245.dpatch Wed Dec 24 17:06:11 2008
@@ -1,0 +1,28 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## fix_iaxs_r159245.dpatch by Tzafrir Cohen <tzafrir.cohen at xorcom.com>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Minor upstream regression fix in chan_iax2.
+## DP: upstream r159245
+
+ at DPATCH@
+--- a/channels/chan_iax2.c None 159244
++++ b/channels/chan_iax2.c 2008/11/25 21:37:06 159245
+@@ -3102,7 +3102,7 @@
+ static int send_apathetic_reply(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int command, int ts, unsigned char seqno)
+ {
+ struct ast_iax2_full_hdr f = { .scallno = htons(0x8000 | callno), .dcallno = htons(dcallno),
+- .ts = htonl(ts), .iseqno = seqno, .oseqno = seqno, .type = AST_FRAME_IAX,
++ .ts = htonl(ts), .iseqno = seqno, .oseqno = 0, .type = AST_FRAME_IAX,
+ .csub = compress_subclass(command) };
+
+ return sendto(defaultsockfd, &f, sizeof(f), 0, (struct sockaddr *)sin, sizeof(*sin));
+@@ -6842,7 +6842,7 @@
+ /* Deal with POKE/PONG without allocating a callno */
+ if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_POKE) {
+ /* Reply back with a PONG, but don't care about the result. */
+- send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->oseqno);
++ send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->iseqno + 1);
+ return 1;
+ } else if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_ACK && dcallno == 1) {
+ /* Ignore */
Propchange: asterisk/branches/etch/debian/patches/fix_iax_r159245.dpatch
------------------------------------------------------------------------------
svn:executable = *
More information about the Pkg-voip-commits
mailing list