[Pkg-voip-commits] [asterisk] 07/13: Don't load dundi, mgcp, skinny and unistim by default

tzafrir at debian.org tzafrir at debian.org
Wed Dec 27 23:16:20 UTC 2017 

This is an automated email from the git hooks/post-receive script.

tzafrir pushed a commit to branch master
in repository asterisk.

commit f46432179fbe9a87240fd79631af2e26bb371b55
Author: Tzafrir Cohen <tzafrir at debian.org>
Date:   Mon Dec 25 17:13:00 2017 +0200

    Don't load dundi, mgcp, skinny and unistim by default
    
    Disable a bunch of protocols that are installed by default, not
    popular, and make Asterisk listen on an extra port.
    
    They are disabled by removing the relevant configuration file. The
    user may still copy it back from the sample set.
---
 debian/README.Debian | 21 +++++++++++++++++++--
 debian/rules         |  3 +++
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/debian/README.Debian b/debian/README.Debian
index 56de656..64e551f 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -244,6 +244,25 @@ system at build time, that is copied to
 /usr/share/doc/asterisk/menuselect.makeopts .
 
 
+Extra Channels
+==============
+This package includes and enables by default a number of rather not so
+popular protocols. Having them enabled by default means that any
+security volnurability in them (such as CVE-2017-17090 / AST-2017-013 in
+chan_skinny) may open your system to attacks for no good reason.
+
+Thus the following configuration files have been removed from the default
+set of configuration files installed to /etc/asterisk:
+* dundi.conf (DUNDi call routing, UDP port 4520)
+* mgcp.conf (chan_mgcp: MGCP voip protocol, UDP port 2727)
+* skinny.conf (chan_skinny: SCCP voip protocol, TCP port 2000)
+* unistim.conf (chan_unistim: UNISTIM voip protocol, UDP port 5000)
+
+If you do need any of those protocols, copy the sample file from
+/usr/share/asterisk/conf/samples/FILE.conf.sample to
+/etc/asterisk/FILE.conf and resart asterisk (or the specific module).
+
+
 Missing Documentation
 =====================
 AST.pdf and AST.txt cannot be included due to incompatible license.
@@ -304,5 +323,3 @@ live/asterisk is a wrapper to that private copy of Asterisk.
 
 
 Enjoy your PBX!
-
- -- Lionel Elie Mamane <lmamane at debian.org>, Fri, 29 Jul 2011 19:21:06 +0200
diff --git a/debian/rules b/debian/rules
index 8a82f57..3cfce35 100755
--- a/debian/rules
+++ b/debian/rules
@@ -123,6 +123,8 @@ override_dh_gencontrol:
 	AST_BUILDOPT_SUM=`grep AST_BUILDOPT_SUM include/asterisk/buildopts.h  | sed -e 's/.\+ "\(.\+\)\"/\1/g'`; \
 		dh_gencontrol -- -Vasterisk:ABI=$$AST_BUILDOPT_SUM
 
+REMOVED_PROTO_CONFS = dundi mgcp skinny unistim
+REMOVED_PROTO_FILES = $(REMOVED_PROTO_CONFS:%=$(CURDIR)/debian/tmp/etc/asterisk/%.conf)
 SUBPACKS_EXTRA = \
 		 voicemail voicemail-odbcstorage voicemail-imapstorage \
 		 ooh323 mysql mp3
@@ -135,6 +137,7 @@ SUBPACKS_EXTRA_DIRS_MOD = $(SUBPACKS_EXTRA_DIRS:%=%/usr/lib/asterisk/modules)
 override_dh_auto_install:
 	$(FETCH_ENV) dh_auto_install -- $(BUILDFLAGS) config samples
 	cp -a configs $(CURDIR)/debian/tmp/usr/share/asterisk/conf
+	$(RM) -f $(REMOVED_PROTO_FILES)
 	mkdir -p $(CURDIR)/debian/tmp/usr/bin/
 	mkdir -p $(CURDIR)/debian/tmp/usr/share/man/man1
 	mkdir -p $(CURDIR)/debian/tmp/usr/share/dahdi/span_config.d

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-voip/asterisk.git

More information about the Pkg-voip-commits mailing list