Update to the current 13.x release, see [0].
Drop merged patches and refresh the rest.
Get rid of the unknown --without-pwlib configure switch.
Drop the direct ncurses dependency, it's unused in case of an external
libedit [1].
[0] http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13-current
[1] https://issues.asterisk.org/jira/browse/ASTERISK-27761
Signed-off-by: Andre Heider <a.heider@gmail.com>
include $(TOPDIR)/rules.mk
PKG_NAME:=asterisk13
-PKG_VERSION:=13.20.0
-PKG_RELEASE:=4
+PKG_VERSION:=13.23.1
+PKG_RELEASE:=1
PKG_SOURCE:=asterisk-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://downloads.asterisk.org/pub/telephony/asterisk/releases
-PKG_HASH:=a3d6d953f844867ea11e0be22ee6225049cd4f5870df6ab23454623bcfbc94d5
+PKG_HASH:=c772acbfdddb9250bfe07f7e20a7efb6a79a6c123832727429486c78d44fc78c
PKG_BUILD_DIR:=$(BUILD_DIR)/asterisk-$(PKG_VERSION)
PKG_BUILD_DEPENDS:=libxml2/host
$(call Package/asterisk13/Default)
TITLE:=Complete open source PBX, v$(PKG_VERSION)
MENU:=1
- DEPENDS:=$(CXX_DEPENDS) +jansson +libcap +libedit +libncurses +libopenssl +libsqlite3 +libuuid +libxml2 +zlib
+ DEPENDS:=$(CXX_DEPENDS) +jansson +libcap +libedit +libopenssl +libsqlite3 +libuuid +libxml2 +zlib
endef
define Package/asterisk13/description
--without-nbs \
--with-libedit="$(STAGING_DIR)/usr" \
--with-libxml2 \
- --with-ncurses="$(STAGING_DIR)/usr" \
$(if $(CONFIG_PACKAGE_$(PKG_NAME)-res-snmp),--with-netsnmp="$(STAGING_DIR)/usr",--without-netsnmp) \
--without-newt \
$(if $(CONFIG_PACKAGE_$(PKG_NAME)-format-ogg-vorbis),--with-ogg="$(STAGING_DIR)/usr",--without-ogg) \
$(if $(CONFIG_PACKAGE_$(PKG_NAME)-pgsql),--with-postgres="$(STAGING_DIR)/usr",--without-postgres) \
$(if $(CONFIG_PACKAGE_$(PKG_NAME)-util-smsq),--with-popt="$(STAGING_DIR)/usr",--without-popt) \
$(if $(CONFIG_PACKAGE_$(PKG_NAME)-chan-console),--with-portaudio="$(STAGING_DIR)/usr",--without-portaudio) \
- --without-pwlib \
--without-radius \
$(if $(CONFIG_PACKAGE_$(PKG_NAME)-res-fax-spandsp),--with-spandsp="$(STAGING_DIR)/usr",--without-spandsp) \
--without-sdl \
--- a/configure.ac
+++ b/configure.ac
-@@ -953,19 +953,6 @@ AC_LINK_IFELSE(
+@@ -1016,19 +1016,6 @@ AC_LINK_IFELSE(
]
)
--- a/configure.ac
+++ b/configure.ac
-@@ -1287,7 +1287,6 @@ AC_LINK_IFELSE(
+@@ -1363,7 +1363,6 @@ AC_LINK_IFELSE(
#include <resolv.h>],
[int foo = res_ninit(NULL);])],
AC_MSG_RESULT(yes)
--- a/res/ael/ael.flex
+++ b/res/ael/ael.flex
-@@ -79,6 +79,12 @@
+@@ -79,6 +79,12 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revisi
#if !defined(GLOB_ABORTED)
#define GLOB_ABORTED GLOB_ABEND
#endif
#include "asterisk/logger.h"
#include "asterisk/utils.h"
-Only in asterisk-11.7.0: res/ael/ael.tab.o
--- a/res/ael/ael_lex.c
+++ b/res/ael/ael_lex.c
-@@ -838,6 +838,12 @@
+@@ -838,6 +838,12 @@ ASTERISK_FILE_VERSION(__FILE__, "$Revisi
#if !defined(GLOB_ABORTED)
#define GLOB_ABORTED GLOB_ABEND
#endif
--- a/configure.ac
+++ b/configure.ac
-@@ -170,6 +170,9 @@ case "${host_os}" in
+@@ -175,6 +175,9 @@ case "${host_os}" in
linux-gnu*)
OSARCH=linux-gnu
;;
kfreebsd*-gnu)
OSARCH=kfreebsd-gnu
;;
-@@ -1411,9 +1414,11 @@ if test "${PBX_BFD}" = "0"; then
- AST_EXT_LIB_CHECK([BFD], [bfd], [bfd_check_format], [bfd.h], [-ldl -liberty -lz])
- fi
+@@ -1495,9 +1498,11 @@ AST_EXT_LIB_CHECK([BFD], [bfd], [bfd_ope
+ # openSUSE requires -lz
+ AST_EXT_LIB_CHECK([BFD], [bfd], [bfd_openr], [bfd.h], [-ldl -liberty -lz])
-if test "x${OSARCH}" = "xlinux-gnu" ; then
+case "${OSARCH}" in
--- a/utils/Makefile
+++ b/utils/Makefile
-@@ -179,7 +179,6 @@ check_expr2: $(ASTTOPDIR)/main/ast_expr2
- $(CC) -g -o check_expr2 ast_expr2fz.o ast_expr2z.o -lm
+@@ -180,7 +180,6 @@ check_expr2: $(ASTTOPDIR)/main/ast_expr2
+ $(CC) -g -o check_expr2 ast_expr2fz.o ast_expr2z.o -lm $(_ASTLDFLAGS)
$(ECHO_PREFIX) echo " [RM] ast_expr2fz.o ast_expr2z.o"
rm ast_expr2z.o ast_expr2fz.o
- ./check_expr2 expr2.testinput
* build.h
--- a/Makefile
+++ b/Makefile
-@@ -480,7 +480,7 @@ doc/core-en_US.xml: makeopts .lastclean
+@@ -488,7 +488,7 @@ doc/core-en_US.xml: makeopts .lastclean
@echo "<docs xmlns:xi=\"http://www.w3.org/2001/XInclude\">" >> $@
@for x in $(MOD_SUBDIRS); do \
printf "$$x " ; \
+++ /dev/null
-From 4eeb16d1a316aa3d6f5710a2f6beffb0fecb6121 Mon Sep 17 00:00:00 2001
-From: Richard Mudgett <rmudgett@digium.com>
-Date: Mon, 30 Apr 2018 17:38:58 -0500
-Subject: [PATCH] AST-2018-008: Fix enumeration of endpoints from ACL rejected addresses.
-
-When endpoint specific ACL rules block a SIP request they respond with a
-403 forbidden. However, if an endpoint is not identified then a 401
-unauthorized response is sent. This vulnerability just discloses which
-requests hit a defined endpoint. The ACL rules cannot be bypassed to gain
-access to the disclosed endpoints.
-
-* Made endpoint specific ACL rules now respond with a 401 unauthorized
-which is the same as if an endpoint were not identified. The fix is
-accomplished by replacing the found endpoint with the artificial endpoint
-which always fails authentication.
-
-ASTERISK-27818
-
-Change-Id: Icb275a54ff8e2df6c671a6d9bda37b5d732b3b32
----
-
-diff --git a/res/res_pjsip/pjsip_distributor.c b/res/res_pjsip/pjsip_distributor.c
-index e056b60..19266df 100644
---- a/res/res_pjsip/pjsip_distributor.c
-+++ b/res/res_pjsip/pjsip_distributor.c
-@@ -666,6 +666,26 @@
- ao2_unlock(unid);
- }
-
-+static int apply_endpoint_acl(pjsip_rx_data *rdata, struct ast_sip_endpoint *endpoint);
-+static int apply_endpoint_contact_acl(pjsip_rx_data *rdata, struct ast_sip_endpoint *endpoint);
-+
-+static void apply_acls(pjsip_rx_data *rdata)
-+{
-+ struct ast_sip_endpoint *endpoint;
-+
-+ /* Is the endpoint allowed with the source or contact address? */
-+ endpoint = rdata->endpt_info.mod_data[endpoint_mod.id];
-+ if (endpoint != artificial_endpoint
-+ && (apply_endpoint_acl(rdata, endpoint)
-+ || apply_endpoint_contact_acl(rdata, endpoint))) {
-+ ast_debug(1, "Endpoint '%s' not allowed by ACL\n",
-+ ast_sorcery_object_get_id(endpoint));
-+
-+ /* Replace the rdata endpoint with the artificial endpoint. */
-+ ao2_replace(rdata->endpt_info.mod_data[endpoint_mod.id], artificial_endpoint);
-+ }
-+}
-+
- static pj_bool_t endpoint_lookup(pjsip_rx_data *rdata)
- {
- struct ast_sip_endpoint *endpoint;
-@@ -684,6 +704,7 @@
- ao2_unlink(unidentified_requests, unid);
- ao2_ref(unid, -1);
- }
-+ apply_acls(rdata);
- return PJ_FALSE;
- }
-
-@@ -743,6 +764,8 @@
- ast_sip_report_invalid_endpoint(name, rdata);
- }
- }
-+
-+ apply_acls(rdata);
- return PJ_FALSE;
- }
-
-@@ -826,16 +849,11 @@
-
- ast_assert(endpoint != NULL);
-
-- if (endpoint!=artificial_endpoint) {
-- if (apply_endpoint_acl(rdata, endpoint) || apply_endpoint_contact_acl(rdata, endpoint)) {
-- if (!is_ack) {
-- pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 403, NULL, NULL, NULL);
-- }
-- return PJ_TRUE;
-- }
-+ if (is_ack) {
-+ return PJ_FALSE;
- }
-
-- if (!is_ack && ast_sip_requires_authentication(endpoint, rdata)) {
-+ if (ast_sip_requires_authentication(endpoint, rdata)) {
- pjsip_tx_data *tdata;
- struct unidentified_request *unid;
-
-@@ -871,6 +889,10 @@
- return PJ_TRUE;
- }
- pjsip_tx_data_dec_ref(tdata);
-+ } else if (endpoint == artificial_endpoint) {
-+ /* Uh. Oh. The artificial endpoint couldn't challenge so block the request. */
-+ pjsip_endpt_respond_stateless(ast_sip_get_pjsip_endpoint(), rdata, 500, NULL, NULL, NULL);
-+ return PJ_TRUE;
- }
-
- return PJ_FALSE;
-
+++ /dev/null
-From e6b0c4d27e0392a7b4b4b6717a6d1e0ea049b550 Mon Sep 17 00:00:00 2001
-From: Sean Bright <sean.bright@gmail.com>
-Date: Thu, 16 Aug 2018 11:45:53 -0400
-Subject: [PATCH] AST-2018-009: Fix crash processing websocket HTTP Upgrade
- requests
-
-The HTTP request processing in res_http_websocket allocates additional
-space on the stack for various headers received during an Upgrade request.
-An attacker could send a specially crafted request that causes this code
-to overflow the stack, resulting in a crash.
-
-* No longer allocate memory from the stack in a loop to parse the header
-values. NOTE: There is a slight API change when using the passed in
-strings as is. We now require the passed in strings to no longer have
-leading or trailing whitespace. This isn't a problem as the only callers
-have already done this before passing the strings to the affected
-function.
-
-ASTERISK-28013 #close
-
-Change-Id: Ia564825a8a95e085fd17e658cb777fe1afa8091a
----
- res/res_http_websocket.c | 25 ++++++++++++++-----------
- 1 file changed, 14 insertions(+), 11 deletions(-)
-
-diff --git a/res/res_http_websocket.c b/res/res_http_websocket.c
-index 440bf41..0ff876b 100644
---- a/res/res_http_websocket.c
-+++ b/res/res_http_websocket.c
-@@ -736,7 +736,8 @@ static void websocket_bad_request(struct ast_tcptls_session_instance *ser)
- int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instance *ser, const struct ast_http_uri *urih, const char *uri, enum ast_http_method method, struct ast_variable *get_vars, struct ast_variable *headers)
- {
- struct ast_variable *v;
-- char *upgrade = NULL, *key = NULL, *key1 = NULL, *key2 = NULL, *protos = NULL, *requested_protocols = NULL, *protocol = NULL;
-+ const char *upgrade = NULL, *key = NULL, *key1 = NULL, *key2 = NULL, *protos = NULL;
-+ char *requested_protocols = NULL, *protocol = NULL;
- int version = 0, flags = 1;
- struct ast_websocket_protocol *protocol_handler = NULL;
- struct ast_websocket *session;
-@@ -755,16 +756,15 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
- /* Get the minimum headers required to satisfy our needs */
- for (v = headers; v; v = v->next) {
- if (!strcasecmp(v->name, "Upgrade")) {
-- upgrade = ast_strip(ast_strdupa(v->value));
-+ upgrade = v->value;
- } else if (!strcasecmp(v->name, "Sec-WebSocket-Key")) {
-- key = ast_strip(ast_strdupa(v->value));
-+ key = v->value;
- } else if (!strcasecmp(v->name, "Sec-WebSocket-Key1")) {
-- key1 = ast_strip(ast_strdupa(v->value));
-+ key1 = v->value;
- } else if (!strcasecmp(v->name, "Sec-WebSocket-Key2")) {
-- key2 = ast_strip(ast_strdupa(v->value));
-+ key2 = v->value;
- } else if (!strcasecmp(v->name, "Sec-WebSocket-Protocol")) {
-- requested_protocols = ast_strip(ast_strdupa(v->value));
-- protos = ast_strdupa(requested_protocols);
-+ protos = v->value;
- } else if (!strcasecmp(v->name, "Sec-WebSocket-Version")) {
- if (sscanf(v->value, "%30d", &version) != 1) {
- version = 0;
-@@ -778,7 +778,7 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
- ast_sockaddr_stringify(&ser->remote_address));
- ast_http_error(ser, 426, "Upgrade Required", NULL);
- return 0;
-- } else if (ast_strlen_zero(requested_protocols)) {
-+ } else if (ast_strlen_zero(protos)) {
- /* If there's only a single protocol registered, and the
- * client doesn't specify what protocol it's using, go ahead
- * and accept the connection */
-@@ -799,9 +799,12 @@ int AST_OPTIONAL_API_NAME(ast_websocket_uri_cb)(struct ast_tcptls_session_instan
- return 0;
- }
-
-- /* Iterate through the requested protocols trying to find one that we have a handler for */
-- while (!protocol_handler && (protocol = strsep(&requested_protocols, ","))) {
-- protocol_handler = ao2_find(server->protocols, ast_strip(protocol), OBJ_KEY);
-+ if (!protocol_handler && protos) {
-+ requested_protocols = ast_strdupa(protos);
-+ /* Iterate through the requested protocols trying to find one that we have a handler for */
-+ while (!protocol_handler && (protocol = strsep(&requested_protocols, ","))) {
-+ protocol_handler = ao2_find(server->protocols, ast_strip(protocol), OBJ_KEY);
-+ }
- }
-
- /* If no protocol handler exists bump this back to the requester */
---
-2.7.4
-
projects / feed / telephony.git / commitdiff