chainsaw    14/06/16 10:57:09

  Modified:             ChangeLog
  Added:                asterisk-12.3.2.ebuild
  Removed:              asterisk-12.3.0.ebuild
  Log:
  Upstream distributed a broken release that did not carry traffic for SIP over 
TCP or SIP over TLS. This remains masked and is not recommended for production 
deployments.
  
  (Portage version: 2.2.7/cvs/Linux x86_64, signed Manifest commit with key 
0xB5058F9A)

Revision  Changes    Path
1.486                net-misc/asterisk/ChangeLog

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/asterisk/ChangeLog?rev=1.486&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/asterisk/ChangeLog?rev=1.486&content-type=text/plain
diff : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/asterisk/ChangeLog?r1=1.485&r2=1.486

Index: ChangeLog
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v
retrieving revision 1.485
retrieving revision 1.486
diff -u -r1.485 -r1.486
--- ChangeLog   16 Jun 2014 10:46:13 -0000      1.485
+++ ChangeLog   16 Jun 2014 10:57:09 -0000      1.486
@@ -1,6 +1,14 @@
 # ChangeLog for net-misc/asterisk
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v 1.485 
2014/06/16 10:46:13 chainsaw Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v 1.486 
2014/06/16 10:57:09 chainsaw Exp $
+
+*asterisk-12.3.2 (16 Jun 2014)
+
+  16 Jun 2014; Tony Vroon <chain...@gentoo.org> -asterisk-12.3.1.ebuild,
+  +asterisk-12.3.2.ebuild:
+  Upstream distributed a broken release that did not carry traffic for SIP over
+  TCP or SIP over TLS. This remains masked and is not recommended for
+  production deployments.
 
 *asterisk-11.10.2 (16 Jun 2014)
 *asterisk-1.8.28.2 (16 Jun 2014)
@@ -11,6 +19,19 @@
   Upstream distributed a broken release that did not carry traffic for SIP over
   TCP or SIP over TLS.
 
+*asterisk-12.3.1 (14 Jun 2014)
+
+  14 Jun 2014; Tony Vroon <chain...@gentoo.org> -asterisk-12.1.1.ebuild,
+  -asterisk-12.2.0.ebuild, -asterisk-12.3.0.ebuild, +asterisk-12.3.1.ebuild:
+  And now for the 12 branch, which has additional vulnerabilities in the PJSIP
+  channel driver. MixMonitor AMI command allowed arbitrary shell commands to be
+  executed (AST-2014-006). Upstream replacement of plain broken SSL read
+  implementation as part of an HTTPS denial of service (AST-2014-007) finally
+  fixes ASTERISK-18345 after almost three years. Relevant downstream patch
+  removed, this means we were very likely not vulnerable. Resolves a remote
+  crash in publish/subscribe framework (AST-2014-005) due to deadlock on a
+  synchronously dispatched task.
+
 *asterisk-11.10.1 (14 Jun 2014)
 *asterisk-1.8.28.1 (14 Jun 2014)
 



1.1                  net-misc/asterisk/asterisk-12.3.2.ebuild

file : 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/asterisk/asterisk-12.3.2.ebuild?rev=1.1&view=markup
plain: 
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/asterisk/asterisk-12.3.2.ebuild?rev=1.1&content-type=text/plain

Index: asterisk-12.3.2.ebuild
===================================================================
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/asterisk-12.3.2.ebuild,v 
1.1 2014/06/16 10:57:09 chainsaw Exp $

EAPI=5
inherit autotools base eutils linux-info multilib user

MY_P="${PN}-${PV/_/-}"

DESCRIPTION="Asterisk: A Modular Open Source PBX System"
HOMEPAGE="http://www.asterisk.org/";
SRC_URI="http://downloads.asterisk.org/pub/telephony/asterisk/releases/${MY_P}.tar.gz
         mirror://gentoo/gentoo-asterisk-patchset-3.11.tar.bz2"
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="~amd64 ~x86"

IUSE_VOICEMAIL_STORAGE="
        +voicemail_storage_file
        voicemail_storage_odbc
        voicemail_storage_imap
"
IUSE="${IUSE_VOICEMAIL_STORAGE} alsa bluetooth calendar +caps cluster curl 
dahdi debug doc freetds gtalk http iconv ilbc jabber ldap libedit lua mysql 
newt +samples odbc osplookup oss portaudio postgres radius selinux snmp span 
speex srtp static syslog vorbis"
IUSE_EXPAND="VOICEMAIL_STORAGE"
REQUIRED_USE="gtalk? ( jabber )
        ^^ ( ${IUSE_VOICEMAIL_STORAGE/+/} )
        voicemail_storage_odbc? ( odbc )
"

EPATCH_SUFFIX="patch"
EPATCH_EXCLUDE="08-tls-certificate-chaining-support.patch"
PATCHES=( "${WORKDIR}/asterisk-patchset" )

RDEPEND="dev-db/sqlite:3
        dev-libs/popt
        dev-libs/jansson
        dev-libs/libxml2
        dev-libs/openssl
        sys-libs/ncurses
        sys-libs/zlib
        alsa? ( media-libs/alsa-lib )
        bluetooth? ( net-wireless/bluez )
        calendar? ( net-libs/neon
                 dev-libs/libical
                 dev-libs/iksemel )
        caps? ( sys-libs/libcap )
        cluster? ( sys-cluster/corosync )
        curl? ( net-misc/curl )
        dahdi? ( >=net-libs/libpri-1.4.12_beta2
                net-misc/dahdi-tools )
        freetds? ( dev-db/freetds )
        gtalk? ( dev-libs/iksemel )
        http? ( dev-libs/gmime:2.6 )
        iconv? ( virtual/libiconv )
        ilbc? ( dev-libs/ilbc-rfc3951 )
        jabber? ( dev-libs/iksemel )
        ldap? ( net-nds/openldap )
        libedit? ( dev-libs/libedit )
        lua? ( dev-lang/lua )
        mysql? ( virtual/mysql )
        newt? ( dev-libs/newt )
        odbc? ( dev-db/unixODBC )
        osplookup? ( net-libs/osptoolkit )
        portaudio? ( media-libs/portaudio )
        postgres? ( dev-db/postgresql-base )
        radius? ( net-dialup/radiusclient-ng )
        selinux? ( sec-policy/selinux-asterisk )
        snmp? ( net-analyzer/net-snmp )
        span? ( media-libs/spandsp )
        speex? ( media-libs/speex )
        srtp? ( net-libs/libsrtp )
        vorbis? ( media-libs/libvorbis )"

DEPEND="${RDEPEND}
        !net-libs/openh323
        !net-libs/pjsip
        voicemail_storage_imap? ( virtual/imap-c-client )
"

RDEPEND="${RDEPEND}
        syslog? ( virtual/logger )"

PDEPEND="net-misc/asterisk-core-sounds
        net-misc/asterisk-extra-sounds
        net-misc/asterisk-moh-opsound"

S="${WORKDIR}/${MY_P}"

pkg_setup() {
        CONFIG_CHECK="~!NF_CONNTRACK_SIP"
        local WARNING_NF_CONNTRACK_SIP="SIP (NAT) connection tracking is 
enabled. Some users
        have reported that this module dropped critical SIP packets in their 
deployments. You
        may want to disable it if you see such problems."
        check_extra_config

        enewgroup asterisk
        enewgroup dialout 20
        enewuser asterisk -1 -1 /var/lib/asterisk "asterisk,dialout"
}

src_prepare() {
        base_src_prepare
        AT_M4DIR=autoconf eautoreconf
}

src_configure() {
        local vmst

        econf \
                --libdir="/usr/$(get_libdir)" \
                --localstatedir="/var" \
                --with-crypto \
                --with-gsm=internal \
                --with-popt \
                --with-ssl \
                --with-z \
                --without-pwlib \
                $(use_with caps cap) \
                $(use_with http gmime) \
                $(use_with newt) \
                $(use_with portaudio)

        # Blank out sounds/sounds.xml file to prevent
        # asterisk from installing sounds files (we pull them in via
        # asterisk-{core,extra}-sounds and asterisk-moh-opsound.
        >"${S}"/sounds/sounds.xml

        # That NATIVE_ARCH chatter really is quite bothersome
        sed -i 's/NATIVE_ARCH=/NATIVE_ARCH=0/' build_tools/menuselect-deps || 
die "Unable to squelch noisy build system"

        # Compile menuselect binary for optional components
        emake menuselect.makeopts

        # Broken functionality is forcibly disabled (bug #360143)
        menuselect/menuselect --disable chan_misdn menuselect.makeopts
        menuselect/menuselect --disable chan_ooh323 menuselect.makeopts

        # Utility set is forcibly enabled (bug #358001)
        menuselect/menuselect --enable smsq menuselect.makeopts
        menuselect/menuselect --enable streamplayer menuselect.makeopts
        menuselect/menuselect --enable aelparse menuselect.makeopts
        menuselect/menuselect --enable astman menuselect.makeopts

        # this is connected, otherwise it would not find
        # ast_pktccops_gate_alloc symbol
        menuselect/menuselect --enable chan_mgcp menuselect.makeopts
        menuselect/menuselect --enable res_pktccops menuselect.makeopts

        # SSL is forcibly enabled, IAX2 & DUNDI are expected to be available
        menuselect/menuselect --enable pbx_dundi menuselect.makeopts
        menuselect/menuselect --enable func_aes menuselect.makeopts
        menuselect/menuselect --enable chan_iax2 menuselect.makeopts

        # SQlite3 is now the main database backend, enable related features
        menuselect/menuselect --enable cdr_sqlite3_custom menuselect.makeopts
        menuselect/menuselect --enable cel_sqlite3_custom menuselect.makeopts

        # The others are based on USE-flag settings
        use_select() {
                local state=$(use "$1" && echo enable || echo disable)
                shift # remove use from parameters

                while [[ -n $1 ]]; do
                        menuselect/menuselect --${state} "$1" 
menuselect.makeopts
                        shift
                done
        }

        use_select alsa                 chan_alsa
        use_select bluetooth            chan_mobile
        use_select calendar             res_calendar 
res_calendar_{caldav,ews,exchange,icalendar}
        use_select cluster              res_corosync
        use_select curl                 func_curl res_config_curl res_curl
        use_select dahdi                app_dahdibarge app_dahdiras chan_dahdi 
codec_dahdi res_timing_dahdi
        use_select freetds              {cdr,cel}_tds
        use_select gtalk                chan_motif
        use_select http                 res_http_post
        use_select iconv                func_iconv
        use_select jabber               res_xmpp
        use_select ilbc                 codec_ilbc format_ilbc
        use_select ldap                 res_config_ldap
        use_select lua                  pbx_lua
        use_select mysql                app_mysql cdr_mysql res_config_mysql
        use_select odbc                 cdr_adaptive_odbc res_config_odbc 
{cdr,cel,res,func}_odbc
        use_select osplookup            app_osplookup
        use_select oss                  chan_oss
        use_select postgres             {cdr,cel}_pgsql res_config_pgsql
        use_select radius               {cdr,cel}_radius
        use_select snmp                 res_snmp
        use_select span                 res_fax_spandsp
        use_select speex                {codec,func}_speex
        use_select srtp                 res_srtp
        use_select syslog               cdr_syslog
        use_select vorbis               format_ogg_vorbis

        # Voicemail storage ...
        for vmst in ${IUSE_VOICEMAIL_STORAGE/+/}; do
                if use ${vmst}; then
                        menuselect/menuselect --enable $(echo ${vmst##*_} | tr 
'[:lower:]' '[:upper:]')_STORAGE menuselect.makeopts
                fi
        done

        if use debug; then
                for o in DONT_OPTIMIZE DEBUG_THREADS BETTER_BACKTRACES; do
                        menuselect/menuselect --enable $o menuselect.makeopts
                done
        fi
}

src_compile() {
        ASTLDFLAGS="${LDFLAGS}" emake
}

src_install() {
        mkdir -p "${D}"usr/$(get_libdir)/pkgconfig || die
        emake DESTDIR="${D}" installdirs
        emake DESTDIR="${D}" install

        if use radius; then
                insinto /etc/radiusclient-ng/
                doins contrib/dictionary.digium
        fi
        if use samples; then
                emake DESTDIR="${D}" samples
                for conffile in "${D}"etc/asterisk/*.*
                do
                        chown asterisk:asterisk $conffile
                        chmod 0660 $conffile
                done
                einfo "Sample files have been installed"
        else
                einfo "Skipping installation of sample files..."
                rm -f  "${D}"var/lib/asterisk/mohmp3/* || die
                rm -f  "${D}"var/lib/asterisk/sounds/demo-* || die
                rm -f  "${D}"var/lib/asterisk/agi-bin/* || die
                rm -f  "${D}"etc/asterisk/* || die
        fi
        rm -rf "${D}"var/spool/asterisk/voicemail/default || die

        # keep directories
        diropts -m 0770 -o asterisk -g asterisk
        keepdir /etc/asterisk
        keepdir /var/lib/asterisk
        keepdir /var/spool/asterisk
        keepdir 
/var/spool/asterisk/{system,tmp,meetme,monitor,dictate,voicemail}
        diropts -m 0750 -o asterisk -g asterisk
        keepdir /var/log/asterisk/{cdr-csv,cdr-custom}

        newinitd "${FILESDIR}"/1.8.0/asterisk.initd7 asterisk
        newconfd "${FILESDIR}"/1.8.0/asterisk.confd asterisk

        # install the upgrade documentation
        #
        dodoc README UPGRADE* BUGS CREDITS

        # install extra documentation
        #
        if use doc
        then
                dodoc doc/*.txt
                dodoc doc/*.pdf
        fi

        # install SIP scripts; bug #300832
        #
        dodoc "${FILESDIR}/1.6.2/sip_calc_auth"
        dodoc "${FILESDIR}/1.8.0/find_call_sip_trace.sh"
        dodoc "${FILESDIR}/1.8.0/find_call_ids.sh"
        dodoc "${FILESDIR}/1.6.2/call_data.txt"

        # install logrotate snippet; bug #329281
        #
        insinto /etc/logrotate.d
        newins "${FILESDIR}/1.6.2/asterisk.logrotate3" asterisk
}

pkg_postinst() {
        #
        # Announcements, warnings, reminders...
        #
        einfo "Asterisk has been installed"
        echo
        elog "If you want to know more about asterisk, visit these sites:"
        elog "http://www.asteriskdocs.org/";
        elog "http://www.voip-info.org/wiki-Asterisk";
        echo
        elog "http://www.automated.it/guidetoasterisk.htm";
        echo
        elog "Gentoo VoIP IRC Channel:"
        elog "#gentoo-voip @ irc.freenode.net"
        echo
        echo
        elog "Please read the Asterisk 12 upgrade document:"
        elog 
"https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+12";
}

pkg_config() {
        einfo "Do you want to reset file permissions and ownerships (y/N)?"

        read tmp
        tmp="$(echo $tmp | tr '[:upper:]' '[:lower:]')"

        if [[ "$tmp" = "y" ]] ||\
                [[ "$tmp" = "yes" ]]
        then
                einfo "Resetting permissions to defaults..."

                for x in spool run lib log; do
                        chown -R asterisk:asterisk "${ROOT}"var/${x}/asterisk
                        chmod -R u=rwX,g=rwX,o=    "${ROOT}"var/${x}/asterisk
                done

                chown -R root:asterisk  "${ROOT}"etc/asterisk
                chmod -R u=rwX,g=rwX,o= "${ROOT}"etc/asterisk

                einfo "done"
        else
                einfo "skipping"
        fi
}




Reply via email to