[Pkg-voip-commits] r6582 - in /asterisk/branches/etch/debian: changelog patches/00list patches/AST-2008-010.dpatch patches/fix_iax_r159245.dpatch
tzafrir-guest at alioth.debian.org
tzafrir-guest at alioth.debian.org
Wed Dec 24 19:28:05 UTC 2008
Author: tzafrir-guest
Date: Wed Dec 24 19:28:05 2008
New Revision: 6582
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=6582
Log:
Merge patch fix_iax_r159245 into patch AST-2008-010 .
Removed:
asterisk/branches/etch/debian/patches/fix_iax_r159245.dpatch
Modified:
asterisk/branches/etch/debian/changelog
asterisk/branches/etch/debian/patches/00list
asterisk/branches/etch/debian/patches/AST-2008-010.dpatch
Modified: asterisk/branches/etch/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/changelog?rev=6582&op=diff
==============================================================================
--- asterisk/branches/etch/debian/changelog (original)
+++ asterisk/branches/etch/debian/changelog Wed Dec 24 19:28:05 2008
@@ -1,14 +1,14 @@
asterisk (1:1.2.13~dfsg-2etch6) UNRELEASED; urgency=high
* Fix for AST-2008-010 (CVE-2008-3263) IAX potential DoS attack,
+ (Minor fix to it from later r159245).
* Fix for AST-2008-011 (CVE-2008-3264) - IAX provisioning firmware
downloading protocol is a traffic amplifier. It has been disabled by
default.
* Fix for AST-2008-012 (CVE-2008-5558) - Some more IAX crashes.
- * Patch fix_iax_r159245: another small upstream regression fix.
* To re-enable it set "allowfwdownload = yes" in iaxprov.conf
- -- Tzafrir Cohen <tzafrir.cohen at xorcom.com> Wed, 23 Jul 2008 21:33:41 +0300
+ -- Tzafrir Cohen <tzafrir.cohen at xorcom.com> Wed, 24 Dec 2008 21:26:56 +0200
asterisk (1:1.2.13~dfsg-2etch5) stable-security; urgency=high
Modified: asterisk/branches/etch/debian/patches/00list
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/00list?rev=6582&op=diff
==============================================================================
--- asterisk/branches/etch/debian/patches/00list (original)
+++ asterisk/branches/etch/debian/patches/00list Wed Dec 24 19:28:05 2008
@@ -16,7 +16,6 @@
AST-2008-008.dpatch
AST-2008-010.dpatch
AST-2008-011.dpatch
-fix_iax_r159245.dpatch
AST-2008-012.dpatch
# ukcid probably conflicts with bristuff
ukcid
Modified: asterisk/branches/etch/debian/patches/AST-2008-010.dpatch
URL: http://svn.debian.org/wsvn/pkg-voip/asterisk/branches/etch/debian/patches/AST-2008-010.dpatch?rev=6582&op=diff
==============================================================================
--- asterisk/branches/etch/debian/patches/AST-2008-010.dpatch (original)
+++ asterisk/branches/etch/debian/patches/AST-2008-010.dpatch Wed Dec 24 19:28:05 2008
@@ -5,6 +5,7 @@
## DP: Fix IAX 'POKE' resource exhaustion
## DP: AST-2008-010/CVE-2008-3263
## DP: upstream r132711, r133360
+## DP: Included minor fix from: r159245
@DPATCH@
Index: channels/chan_iax2.c
@@ -40,7 +41,7 @@
+static int send_apathetic_reply(unsigned short callno, unsigned short dcallno, struct sockaddr_in *sin, int command, int ts, unsigned char seqno)
+{
+ struct ast_iax2_full_hdr f = { .scallno = htons(0x8000 | callno), .dcallno = htons(dcallno),
-+ .ts = htonl(ts), .iseqno = seqno, .oseqno = seqno, .type = AST_FRAME_IAX,
++ .ts = htonl(ts), .iseqno = seqno, .oseqno = 0, .type = AST_FRAME_IAX,
+ .csub = compress_subclass(command) };
+
+ return sendto(defaultsockfd, &f, sizeof(f), 0, (struct sockaddr *)sin, sizeof(*sin));
@@ -57,7 +58,7 @@
+ /* Deal with POKE/PONG without allocating a callno */
+ if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_POKE) {
+ /* Reply back with a PONG, but don't care about the result. */
-+ send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->oseqno);
++ send_apathetic_reply(1, ntohs(fh->scallno), &sin, IAX_COMMAND_PONG, ntohs(fh->ts), fh->iseqno + 1);
+ return 1;
+ } else if (f.frametype == AST_FRAME_IAX && f.subclass == IAX_COMMAND_ACK && dcallno == 1) {
+ /* Ignore */
More information about the Pkg-voip-commits
mailing list