Am 29.11.2010 08:20, schrieb Tilghman Lesher: > On Saturday 27 November 2010 04:52:31 Klaus Schwarzkopf wrote: > > Hi, > > > > why have many files on > > http://downloads.asterisk.org/pub/telephony/asterisk/releases/ the > > change date 18 aug 2009? See: > > > > asterisk-1.2.24-patch.gz 07-Aug-2007 17:10 3.2K > > asterisk-1.2.24-patch.gz.asc 07-Aug-2007 17:10 1.1K > > asterisk-1.2.24-patch.gz.sha1 07-Aug-2007 17:10 67 > > asterisk-1.2.24.tar.gz 18-Aug-2009 16:33 28M > > asterisk-1.2.24.tar.gz.asc 18-Aug-2009 16:33 1.0K > > asterisk-1.2.24.tar.gz.sha1 18-Aug-2009 16:33 65 > > asterisk-1.2.25-patch.gz 29-Nov-2007 15:59 1.5K > > asterisk-1.2.25-patch.gz.asc 29-Nov-2007 15:59 567 > > > > > > I try to repair the openembedded recipes an the recipe have also an > > different checksum. > > > > NOTE: fetch > > http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-1 > > .2.24.tar.gz NOTE: The checksums for > > '/home/klaus/development/oe/downloads/asterisk-1.2.24.tar.gz' did not > > match. Expected MD5: '63dc8b7be4cd10375c5fbda893c780bc' and Got: > > 'db7bcaaa494804af361157a37c224dfa' > > Expected SHA256: > > '9debaf410636fa477e1e1f09fe0b16a1c2814afaf7195f34f29e4ce5b8debbbd' and > > Got: 'eed3493b1409d7100e0f983af0486bd7f8965e9e47b7a6d5ab8539b2dd3609aa' > > NOTE: Your checksums: > > SRC_URI[md5sum] = "db7bcaaa494804af361157a37c224dfa" > > SRC_URI[sha256sum] = > > "eed3493b1409d7100e0f983af0486bd7f8965e9e47b7a6d5ab8539b2dd3609aa" > > Due to a licensing issue with some of the files we distributed with > previous > tarballs, we removed those files from archived tarballs in order to avoid > continuing to distribute those files in any form. So yes, the checksums > will have changed, although the checksums we distribute with the tarballs > were also updated at the same time. > > Given that most of the changes since 1.2.24 have been security fixes, I > would strongly encourage you to update your packages. There is no excuse > for distributing vulnerable packages beyond the date that the > vulnerability > is disclosed, plus a brief period necessary for releasing updated > packages. > > Additionally, the 1.2 branch has been EOLed, which means if any additional > security issues are found, we will not be releasing updated packages to > deal with those issues. For this reason, you would be better off putting > forth the work to release packages based upon 1.4 or 1.8. >
Thanks for the detailed information. There are recipes with the new version. I recommend to delete the old one. Greetings, Klaus -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users