[Pkg-voip-commits] r6582 - in /asterisk/branches/etch/debian: changelog patches/00list patches/AST-2008-010.dpatch patches/fix_iax_r159245.dpatch

Wed Dec 24 19:28:05 UTC 2008

Author: tzafrir-guest
Date: Wed Dec 24 19:28:05 2008
New Revision: 6582

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=6582
Log:
Merge patch fix_iax_r159245 into patch AST-2008-010 .

Removed:
    asterisk/branches/etch/debian/patches/fix_iax_r159245.dpatch
Modified:
    asterisk/branches/etch/debian/changelog
    asterisk/branches/etch/debian/patches/00list
    asterisk/branches/etch/debian/patches/AST-2008-010.dpatch

Modified: asterisk/branches/etch/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/changelog?rev=6582&op=diff
==============================================================================

--- asterisk/branches/etch/debian/changelog (original)
+++ asterisk/branches/etch/debian/changelog Wed Dec 24 19:28:05 2008
@@ -1,14 +1,14 @@
 asterisk (1:1.2.13~dfsg-2etch6) UNRELEASED; urgency=high
 
   * Fix for AST-2008-010 (CVE-2008-3263) IAX potential DoS attack,
+    (Minor fix to it from later r159245).
   * Fix for AST-2008-011 (CVE-2008-3264) - IAX provisioning firmware 
     downloading protocol is a traffic amplifier. It has been disabled by 
     default. 
   * Fix for AST-2008-012 (CVE-2008-5558) - Some more IAX crashes.
-  * Patch fix_iax_r159245: another small upstream regression fix.
   * To re-enable it set "allowfwdownload = yes" in iaxprov.conf
 
- -- Tzafrir Cohen <tzafrir.cohen at xorcom.com>  Wed, 23 Jul 2008 21:33:41 +0300
+ -- Tzafrir Cohen <tzafrir.cohen at xorcom.com>  Wed, 24 Dec 2008 21:26:56 +0200
 
 asterisk (1:1.2.13~dfsg-2etch5) stable-security; urgency=high
 

Modified: asterisk/branches/etch/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/00list?rev=6582&op=diff
==============================================================================
--- asterisk/branches/etch/debian/patches/00list (original)
+++ asterisk/branches/etch/debian/patches/00list Wed Dec 24 19:28:05 2008
@@ -16,7 +16,6 @@
 AST-2008-008.dpatch
 AST-2008-010.dpatch
 AST-2008-011.dpatch
-fix_iax_r159245.dpatch
 AST-2008-012.dpatch
 # ukcid probably conflicts with bristuff
 ukcid

Modified: asterisk/branches/etch/debian/patches/AST-2008-010.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/AST-2008-010.dpatch?rev=6582&op=diff
==============================================================================
--- asterisk/branches/etch/debian/patches/AST-2008-010.dpatch (original)
+++ asterisk/branches/etch/debian/patches/AST-2008-010.dpatch Wed Dec 24 19:28:05 2008
@@ -5,6 +5,7 @@
 ## DP: Fix IAX 'POKE' resource exhaustion
 ## DP: AST-2008-010/CVE-2008-3263
 ## DP: upstream r132711, r133360
+## DP: Included minor fix from: r159245
 
 @DPATCH@
 Index: channels/chan_iax2.c
@@ -40,7 +41,7 @@
 +static int send_apathetic_reply(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int command, int ts, unsigned char seqno)
 +{
 +	struct ast_iax2_full_hdr f = { .scallno = htons(0x8000 | callno), .dcallno = htons(dcallno),
-+		.ts = htonl(ts), .iseqno = seqno, .oseqno = seqno, .type = AST_FRAME_IAX,
++		.ts = htonl(ts), .iseqno = seqno, .oseqno = 0, .type = AST_FRAME_IAX,
 +		.csub = compress_subclass(command) };
 +
 +	return sendto(defaultsockfd, &f, sizeof(f), 0, (struct sockaddr *)sin, sizeof(*sin));
@@ -57,7 +58,7 @@
 +		/* Deal with POKE/PONG without allocating a callno */
 +		if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_POKE) {
 +			/* Reply back with a PONG, but don't care about the result. */
-+			send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->oseqno);
++			send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->iseqno + 1);
 +			return 1;
 +		} else if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_ACK && dcallno == 1) {
 +			/* Ignore */


