From 5047b7d692f0051b0df5b77ee5eda018f3d1e161 Mon Sep 17 00:00:00 2001 From: Guido Falsi Date: Thu, 4 Feb 2016 11:43:38 +0000 Subject: - Add security fixes to net/asterisk port (PORTVERSION bumped) - Update net/asterisk11 to 11.21.1 - Update net/asterisk13 to 13.7.1 The security update included in these commits introduces an unexpected incompatibility with FreeBSD 9.3 bundled OpenSSL. Unluckily simply forcing this port to use ports provided openssl on 9.x isn't viable, since ftp/curl by default links with base openssl. A default binary package would just crash on startup when loading the asterisk curl module, due to conflicting openssl implementations being used. This commit adds a check in the Makefile, copied from the ftp/curl port, which removes the offending (and unsupported on that openssl version) code from the source file when linking against base OpenSSL on 9.x. Security: 559f3d1b-cb1d-11e5-80a4-001999f8d30b MFH: 2016Q1 --- net/asterisk/files/patch-AST-2016-003 | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 net/asterisk/files/patch-AST-2016-003 (limited to 'net/asterisk/files/patch-AST-2016-003') diff --git a/net/asterisk/files/patch-AST-2016-003 b/net/asterisk/files/patch-AST-2016-003 new file mode 100644 index 000000000000..537e5055ac98 --- /dev/null +++ b/net/asterisk/files/patch-AST-2016-003 @@ -0,0 +1,28 @@ +diff --git a/main/udptl.c b/main/udptl.c +index a8244e8..6960487 100644 +--- main/udptl.c ++++ main/udptl.c +@@ -231,16 +231,15 @@ static int decode_open_type(uint8_t *buf, unsigned int limit, unsigned int *len, + if (decode_length(buf, limit, len, &octet_cnt) != 0) + return -1; + +- if (octet_cnt > 0) { +- /* Make sure the buffer contains at least the number of bits requested */ +- if ((*len + octet_cnt) > limit) +- return -1; +- +- *p_num_octets = octet_cnt; +- *p_object = &buf[*len]; +- *len += octet_cnt; ++ /* Make sure the buffer contains at least the number of bits requested */ ++ if ((*len + octet_cnt) > limit) { ++ return -1; + } + ++ *p_num_octets = octet_cnt; ++ *p_object = &buf[*len]; ++ *len += octet_cnt; ++ + return 0; + } + /*- End of function --------------------------------------------------------*/ -- cgit v1.2.3