- Add security fixes to net/asterisk port (PORTVERSION bumped)

- Update net/asterisk11 to 11.21.1
- Update net/asterisk13 to 13.7.1

The security update included in these commits introduces an unexpected
incompatibility with FreeBSD 9.3 bundled OpenSSL.
Unluckily simply forcing this port to use ports provided openssl
on 9.x isn't viable, since ftp/curl  by default links with base
openssl. A default binary package would just crash on startup
when loading the asterisk curl module, due to conflicting openssl
implementations being used.

This commit adds a check in the Makefile, copied from the ftp/curl
port, which removes the offending (and unsupported on that openssl
version) code from the source file when linking against base OpenSSL
on 9.x.

Security:	559f3d1b-cb1d-11e5-80a4-001999f8d30b
MFH:		2016Q1

1 files changed, 28 insertions, 0 deletions

diff --git a/net/asterisk/files/patch-AST-2016-003 b/net/asterisk/files/patch-AST-2016-003
new file mode 100644
index 000000000000..537e5055ac98
--- /dev/null
+++ b/net/asterisk/files/patch-AST-2016-003
@@ -0,0 +1,28 @@
+diff --git a/main/udptl.c b/main/udptl.c
+index a8244e8..6960487 100644
+--- main/udptl.c
++++ main/udptl.c
+@@ -231,16 +231,15 @@ static int decode_open_type(uint8_t *buf, unsigned int limit, unsigned int *len,
+ 	if (decode_length(buf, limit, len, &octet_cnt) != 0)
+ 		return -1;
+ 
+-	if (octet_cnt > 0) {
+-		/* Make sure the buffer contains at least the number of bits requested */
+-		if ((*len + octet_cnt) > limit)
+-			return -1;
+-
+-		*p_num_octets = octet_cnt;
+-		*p_object = &buf[*len];
+-		*len += octet_cnt;
++	/* Make sure the buffer contains at least the number of bits requested */
++	if ((*len + octet_cnt) > limit) {
++		return -1;
+ 	}
+ 
++	*p_num_octets = octet_cnt;
++	*p_object = &buf[*len];
++	*len += octet_cnt;
++
+ 	return 0;
+ }
+ /*- End of function --------------------------------------------------------*/