patch SIP denial of service vulnerability. bug #171467.

author Rajiv Aaron Manglani <rajiv@gentoo.org>

Mon, 19 Mar 2007 20:05:39 +0000 (20:05 +0000)

committer Rajiv Aaron Manglani <rajiv@gentoo.org>

Mon, 19 Mar 2007 20:05:39 +0000 (20:05 +0000)
author Rajiv Aaron Manglani <rajiv@gentoo.org>
Mon, 19 Mar 2007 20:05:39 +0000 (20:05 +0000)
committer Rajiv Aaron Manglani <rajiv@gentoo.org>
Mon, 19 Mar 2007 20:05:39 +0000 (20:05 +0000)
diff --git a/net-misc/asterisk/ChangeLog b/net-misc/asterisk/ChangeLog

index 23b5a454fea052b14e65679f8f427b0e6ce7598c..dd72ddd47694939bc3ffb9dd1e72ed9d12f20b00 100644 (file)
--- a/net-misc/asterisk/ChangeLog
+++ b/net-misc/asterisk/ChangeLog
@@ -1,6 +1,13 @@
  # ChangeLog for net-misc/asterisk
  # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v 1.150 2007/03/19 19:19:40 rajiv Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/ChangeLog,v 1.151 2007/03/19 20:05:39 rajiv Exp $
+
+*asterisk-1.0.12-r2 (19 Mar 2007)
+
+  19 Mar 2007; Rajiv Aaron Manglani <rajiv@gentoo.org>
+  +files/1.0.0/asterisk-1.0.12-r2-chan_sip.patch,
+  +asterisk-1.0.12-r2.ebuild:
+  patch SIP denial of service vulnerability. bug #171467.
  
    19 Mar 2007; Rajiv Aaron Manglani <rajiv@gentoo.org>
    -asterisk-1.0.12.ebuild:
diff --git a/net-misc/asterisk/Manifest b/net-misc/asterisk/Manifest

index 16cb87a78381b60f022d99379285441092c845ab..9a72dc82648c37417ab6dffb514f666ad75c69cd 100644 (file)
--- a/net-misc/asterisk/Manifest
+++ b/net-misc/asterisk/Manifest
@@ -18,6 +18,10 @@ AUX 1.0.0/asterisk-1.0.12-chan_sip.patch 690 RMD160 654cf5cdf373752df7592769f20d
  MD5 4dee507fb69e27b9b53ffb9b0d33a063 files/1.0.0/asterisk-1.0.12-chan_sip.patch 690
  RMD160 654cf5cdf373752df7592769f20df8530615a233 files/1.0.0/asterisk-1.0.12-chan_sip.patch 690
  SHA256 3a86a914c4c59af2ae08bb3919775249a3f9f4582a50884647b00ef89c91831b files/1.0.0/asterisk-1.0.12-chan_sip.patch 690
+AUX 1.0.0/asterisk-1.0.12-r2-chan_sip.patch 1138 RMD160 72fa8824b96266c502c0d211ce73a5004548f202 SHA1 1fa7230641f1b536b24dcb188fd748ffa1b1a733 SHA256 a8d88df0f5345c8c2a72a33f0b50324de3c35d8b6fdc9112345e7619d3572f27
+MD5 79d1d4291546b32352eafe7f8faaf5e6 files/1.0.0/asterisk-1.0.12-r2-chan_sip.patch 1138
+RMD160 72fa8824b96266c502c0d211ce73a5004548f202 files/1.0.0/asterisk-1.0.12-r2-chan_sip.patch 1138
+SHA256 a8d88df0f5345c8c2a72a33f0b50324de3c35d8b6fdc9112345e7619d3572f27 files/1.0.0/asterisk-1.0.12-r2-chan_sip.patch 1138
  AUX 1.0.0/asterisk-1.0.5-astcfg-0.0.2.diff 5829 RMD160 2983d78f8a1dd8768da919ddb3282511ebdb915c SHA1 cd17b5d631170e692b57f94227e832dc3b37c43a SHA256 b5787fa77d4ad0786ce9d243d597b1129f214f4e376c6e1b79929633ef6f35d1
  MD5 f20e5b869d5e221194187dd7f504d38b files/1.0.0/asterisk-1.0.5-astcfg-0.0.2.diff 5829
  RMD160 2983d78f8a1dd8768da919ddb3282511ebdb915c files/1.0.0/asterisk-1.0.5-astcfg-0.0.2.diff 5829
@@ -149,6 +153,10 @@ EBUILD asterisk-1.0.12-r1.ebuild 14878 RMD160 6b2111c8b09621bd8bc4149b05f24a049a
  MD5 eeea2e30d10dbc61667dfa5cbe26ab5e asterisk-1.0.12-r1.ebuild 14878
  RMD160 6b2111c8b09621bd8bc4149b05f24a049a2c6e91 asterisk-1.0.12-r1.ebuild 14878
  SHA256 e5b3caa43e2f0e151d503612b5444a1a6c5a1e803ecfbe000ed95c5012b0b954 asterisk-1.0.12-r1.ebuild 14878
+EBUILD asterisk-1.0.12-r2.ebuild 14896 RMD160 fcb78c215d0924e962a1a0c0d030f973bebf426c SHA1 ba252bc5beccd7b3cb1e6745e73d18aa09260a1b SHA256 cf71aeed5147f21b1854e6887abfcf5e5a1bf4680f4dc8243d673582e98b481d
+MD5 83d27efd700fe332f74452bc28ff72a4 asterisk-1.0.12-r2.ebuild 14896
+RMD160 fcb78c215d0924e962a1a0c0d030f973bebf426c asterisk-1.0.12-r2.ebuild 14896
+SHA256 cf71aeed5147f21b1854e6887abfcf5e5a1bf4680f4dc8243d673582e98b481d asterisk-1.0.12-r2.ebuild 14896
  EBUILD asterisk-1.2.13-r1.ebuild 12358 RMD160 05691d190eedac9cd3bf7c7f0922cd3af1d649cc SHA1 66fe0ce95e9c352af25378c48d5abdd6ddec9c3d SHA256 b0796f7d71e0351ace48ceea8894be3b7cc633b8a663546f9481dabc85d002e4
  MD5 432948d43d52d9de3c72631ce1423191 asterisk-1.2.13-r1.ebuild 12358
  RMD160 05691d190eedac9cd3bf7c7f0922cd3af1d649cc asterisk-1.2.13-r1.ebuild 12358
@@ -165,10 +173,10 @@ EBUILD asterisk-1.2.14.ebuild 11838 RMD160 834090ebf563ed70ec98cb63ab463159019c8
  MD5 08d28ca37d6b92bacc2298fb5fd5c515 asterisk-1.2.14.ebuild 11838
  RMD160 834090ebf563ed70ec98cb63ab463159019c8582 asterisk-1.2.14.ebuild 11838
  SHA256 7e3813497985452771afd493925519fb0783c300f2fc3784cf8875d2ee424aee asterisk-1.2.14.ebuild 11838
-MISC ChangeLog 29338 RMD160 f51db39c300b757a21a55ac0d5bbcd57c0ee0e03 SHA1 ee8982cf164f3326eb7bec7b5c709f3f5e904abd SHA256 bc66e11ec9e4a262d620dd5e50d3cb8bcbe46a7e8ed7468dd176dc66727773eb
-MD5 5b426941f9a1851c5416859400c7d068 ChangeLog 29338
-RMD160 f51db39c300b757a21a55ac0d5bbcd57c0ee0e03 ChangeLog 29338
-SHA256 bc66e11ec9e4a262d620dd5e50d3cb8bcbe46a7e8ed7468dd176dc66727773eb ChangeLog 29338
+MISC ChangeLog 29567 RMD160 b95d2b030c419d9f4ab3787196963f0c247d7035 SHA1 3617911f5a5c6207c1afd98a786cc1d2eb6cfabe SHA256 3d0ce048147bc0d8f88fb22a214ec4d6bb0c494876e4600c27a60f888f504076
+MD5 72d441a0a437e2763e993ee321158638 ChangeLog 29567
+RMD160 b95d2b030c419d9f4ab3787196963f0c247d7035 ChangeLog 29567
+SHA256 3d0ce048147bc0d8f88fb22a214ec4d6bb0c494876e4600c27a60f888f504076 ChangeLog 29567
  MISC metadata.xml 384 RMD160 f5de78add5676233b8e0b9e111eab08970443582 SHA1 0441844fb3a715d6979e6c548147ada23d73fec2 SHA256 674224368cb2be6f72655cd67ee19d4d2d0f3425d560aff22b698269e0adc6d8
  MD5 488aea6fbdb7537394cc049b0ff9e5d5 metadata.xml 384
  RMD160 f5de78add5676233b8e0b9e111eab08970443582 metadata.xml 384
@@ -176,6 +184,9 @@ SHA256 674224368cb2be6f72655cd67ee19d4d2d0f3425d560aff22b698269e0adc6d8 metadata
  MD5 95775bbb5f4119ba3b8258c6ef4540a4 files/digest-asterisk-1.0.12-r1 771
  RMD160 b40f27f08f1a9824ddd4f7d2117336012f03b26a files/digest-asterisk-1.0.12-r1 771
  SHA256 d4a885ca62e246da4e29af6c12377489dd23126caf424fa2338e7131b45f3458 files/digest-asterisk-1.0.12-r1 771
+MD5 95775bbb5f4119ba3b8258c6ef4540a4 files/digest-asterisk-1.0.12-r2 771
+RMD160 b40f27f08f1a9824ddd4f7d2117336012f03b26a files/digest-asterisk-1.0.12-r2 771
+SHA256 d4a885ca62e246da4e29af6c12377489dd23126caf424fa2338e7131b45f3458 files/digest-asterisk-1.0.12-r2 771
  MD5 041ef49546f5e16e3bd5fd5ff0719f70 files/digest-asterisk-1.2.13 1376
  RMD160 782b59125ab61b4e40f284bbf830bd1fe10b1d47 files/digest-asterisk-1.2.13 1376
  SHA256 63571a9178e245b14ca367735b833b0d1700e4e2595c3d7694df7e0d5bd3fe9f files/digest-asterisk-1.2.13 1376
diff --git a/net-misc/asterisk/asterisk-1.0.12-r2.ebuild b/net-misc/asterisk/asterisk-1.0.12-r2.ebuild

new file mode 100644 (file)

index 0000000..ba3050a
--- /dev/null
+++ b/net-misc/asterisk/asterisk-1.0.12-r2.ebuild
@@ -0,0 +1,512 @@
+# Copyright 1999-2007 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-misc/asterisk/asterisk-1.0.12-r2.ebuild,v 1.1 2007/03/19 20:05:39 rajiv Exp $
+
+inherit eutils perl-app
+
+ADDONS_VERSION="1.0.9"
+BRI_VERSION="0.2.0-RC8r"
+
+MY_P="${P/_p/.}"
+
+DESCRIPTION="Asterisk: A Modular Open Source PBX System"
+HOMEPAGE="http://www.asterisk.org/"
+SRC_URI="http://ftp1.digium.com/pub/telephony/${PN}/releases/${MY_P}.tar.gz
+        http://ftp1.digium.com/pub/telephony/${PN}/old-releases/${PN}-addons-${ADDONS_VERSION}.tar.gz
+        bri? ( http://www.junghanns.net/downloads/bristuff-${BRI_VERSION}.tar.gz )"
+
+S_ADDONS="${WORKDIR}/${PN}-addons-${ADDONS_VERSION}"
+S_BRI="${WORKDIR}/bristuff-${BRI_VERSION}"
+S="${WORKDIR}/${MY_P}"
+
+
+IUSE="alsa bri debug doc gtk hardened mmx mysql mysqlfriends postgres pri resperl speex ukcid vmdbmysql vmdbpostgres zaptel"
+SLOT="0"
+LICENSE="GPL-2"
+KEYWORDS="~ppc ~x86"
+
+DEPEND="dev-libs/newt
+       dev-libs/openssl
+       media-sound/mpg123
+       media-sound/sox
+       doc? ( app-doc/doxygen )
+       gtk? ( =x11-libs/gtk+-1.2* )
+       pri? ( <net-libs/libpri-1.2 )
+       bri? ( <net-libs/libpri-1.2
+               <net-misc/zaptel-1.2 )
+       alsa? ( media-libs/alsa-lib )
+       mysql? ( virtual/mysql )
+       speex? ( media-libs/speex )
+       zaptel? ( <net-misc/zaptel-1.2 )
+       postgres? ( dev-db/postgresql )
+       vmdbmysql? ( virtual/mysql )
+       mysqlfriends? ( virtual/mysql )
+       vmdbpostgres? ( dev-db/postgresql )
+       resperl? ( dev-lang/perl
+                  <net-misc/zaptel-1.2 )"
+
+pkg_setup() {
+       local n
+
+       #
+       # Warning about security changes...
+       #
+       ewarn "****************** Important changes warning! *********************"
+       ewarn
+       ewarn "- Asterisk runs as user asterisk, group asterisk by default"
+       ewarn
+       ewarn "- Permissions of /etc/asterisk have been changed to root:asterisk"
+       ewarn "  750 (directories) / 640 (files)"
+       ewarn
+       ewarn "- Permissions of /var/{log,lib,run,spool}/asterisk have been changed"
+       ewarn "  to asterisk:asterisk 750 (directories) / 640 (files)"
+       ewarn
+       ewarn "- Asterisk's unix socket and pidfile are now in /var/run/asterisk"
+       ewarn
+       ewarn "- More information at the end of this emerge"
+       ewarn
+       ewarn "     http://bugs.gentoo.org/show_bug.cgi?id=88732"
+       ewarn "     http://www.voip-info.org/wiki-Asterisk+non-root"
+       ewarn
+       einfo "Press Ctrl+C to abort"
+       echo
+       ebeep
+
+       n=15
+       while [[ $n -gt 0 ]]; do
+               echo -en "  Waiting $n seconds...\r"
+               sleep 1
+               (( n-- ))
+       done
+
+       #
+       # Regular checks
+       #
+       einfo "Running some pre-flight checks..."
+       if use resperl; then
+               # res_perl pre-flight check...
+               if ! $(perl -V | grep -q "usemultiplicity=define") ||\
+                  ! built_with_use dev-lang/perl ithreads || ! built_with_use sys-devel/libperl ithreads
+               then
+                       eerror "Embedded perl add-on needs Perl and libperl with built-in threads support"
+                       eerror "(rebuild perl and libperl with ithreads use-flag enabled)"
+                       die "Perl w/o threads support..."
+               fi
+               einfo "Perl with ithreads support found"
+       fi
+
+
+       # mysql and postgres voicemail support are mutually exclusive..
+       if use vmdbmysql && use vmdbpostgres; then
+               eerror "MySQL and PostgreSQL Voicemail support are mutually exclusive... choose one!"
+               die "Conflicting use-flags"
+       fi
+
+       # check if zaptel and libpri have been built with bri enabled
+       if use bri; then
+               if ! built_with_use net-misc/zaptel bri; then
+                       eerror "Re-emerge zaptel with bri use-flag enabled!"
+                       die "Zaptel without bri support detected"
+               fi
+
+               if ! built_with_use net-libs/libpri bri; then
+                       eerror "Re-emerge libpri with bri use-flag enabled!"
+                       die "Libpri without bri support detected"
+               fi
+       fi
+
+       # check if zaptel has been built with ukcid
+       if use ukcid && ! built_with_use net-misc/zaptel ukcid; then
+               eerror "Re-emerge zaptel with ukcid useflag enabled!"
+               die "Zaptel missing ukcid support"
+       fi
+}
+
+src_unpack() {
+       unpack ${A}
+       cd ${S}
+
+       # set cflags & mmx optimization
+       sed -i  -e "s:^\(OPTIMIZE+=\).*:\1 ${CFLAGS}:" \
+               -e "s:^\(CFLAGS+=\$(shell if \$(CC)\):#\1:" \
+               Makefile
+
+       # hppa patch for gsm codec
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0.8-hppa.patch
+
+       # mark adsi functions as weak references, things will blow
+       # on hardened otherwise (bug #100697 and #85655)
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0.10-weak-references.diff
+
+       # gsm codec still uses -fomit-frame-pointer, and other codecs have their
+       # own flags. We only change the arch.
+       sed -i  -e "s:^OPTIMIZE+=.*:OPTIMIZE=${CFLAGS}:" \
+               -e "s:^CFLAGS[\t ]\++=:CFLAGS =:" \
+               codecs/gsm/Makefile
+
+       if use mmx; then
+               if ! use hardened; then
+                       einfo "Enabling mmx optimization"
+                       sed -i  -e "s:^#\(K6OPT[\t ]\+= -DK6OPT\):\1:" \
+                               codecs/gsm/Makefile
+               else
+                       ewarn "Hardened use-flag is set, not enabling mmx optimization for codec_gsm!"
+
+               fi
+       fi
+       if ! use mmx || use hardened; then
+               # don't build + link asm mmx object file
+               # without this codec_gsm.so will include text relocations
+               sed -i  -e "/k6opt\.\(s\|o\)/ d" \
+                       codecs/gsm/Makefile
+       fi
+
+       if ! use debug; then
+               einfo "Disabling debugging"
+               sed -i -e "s:^\(DEBUG=\):#\1:" Makefile
+       fi
+
+       # change image path in voicemail cgi
+       sed -i -e "s:^\(\$astpath = \).*:\1 \"/asterisk\";:" contrib/scripts/vmail.cgi
+
+       #
+       # embedded perl
+       #
+       if use resperl; then
+               einfo "Patching asterisk for embedded perl support..."
+               epatch ${S_ADDONS}/res_perl/astmake.diff
+
+               # create necessary .c file
+               /usr/bin/perl -MExtUtils::Embed -e xsinit || die "Could not create perlxsi.c"
+
+               cd ${S_ADDONS}
+
+               # fix perl path, source location and remove res_musiconhold
+               sed -i -e "s:/usr/local/bin/perl:/usr/bin/perl:" \
+                       res_perl/Makefile \
+                       ${S}/Makefile \
+                       res_perl/INC/*.pm
+               sed -i -e "s:^ASTSRC.*:ASTSRC = ${S}:" \
+                       -e "s:\$(ASTLIBDIR)/modules/res_musiconhold.so::" \
+                       res_perl/Makefile
+
+               if use bri; then
+                       epatch ${FILESDIR}/1.0.0/res_perl-1.0.7-bristuff-0.2.0.diff
+               fi
+
+               cd ${S}
+       fi
+
+       #
+       # uclibc patch
+       #
+       if use elibc_uclibc; then
+               einfo "Patching asterisk for uclibc..."
+               epatch ${FILESDIR}/1.0.0/${PN}-1.0.5-uclibc-dns.diff
+       fi
+
+       #
+       # other patches
+       #
+
+       # fix lpc10 Makefile, remove the
+       # CFLAGS+=-march=$(shell uname -m) part
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0.5-lpc10flags.diff
+
+       # asterisk-config
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0.5-astcfg-0.0.2.diff
+
+       #
+       # database voicemail support
+       #
+       if use postgres; then
+               sed -i  -e "s:^#\(APPS+=app_sql_postgres.so\):\1:" \
+                       -e "s:/usr/local/pgsql/include:/usr/include/postgresql/pgsql:" \
+                       -e "s:/usr/local/pgsql/lib:/usr/lib/postgresql:" \
+                       apps/Makefile
+       fi
+
+       if use vmdbpostgres; then
+               einfo "Enabling PostgreSQL voicemail support"
+               sed -i  -e "s:^\(USE_POSTGRES_VM_INTERFACE\).*:\1=1:" \
+                       -e "s:/usr/local/pgsql/include:/usr/include/postgresql/pgsql:" \
+                       -e "s:/usr/local/pgsql/lib:/usr/lib/postgresql:" \
+                       apps/Makefile
+
+               # patch app_voicemail.c
+               sed -i -e "s:^#include <postgresql/libpq-fe\.h>:#include \"libpq-fe\.h\":" \
+                       apps/app_voicemail.c
+
+       elif use vmdbmysql; then
+               einfo "Enabling MySQL voicemail support"
+               sed -i  -e "s:^\(USE_MYSQL_VM_INTERFACE\).*:\1=1:" \
+                       -e "s:^\(CFLAGS+=-DUSEMYSQLVM\):\1 -I${S_ADDONS}:" \
+                       apps/Makefile
+       fi
+
+       #
+       # MySQL friends support
+       #
+       if use mysqlfriends; then
+               einfo "Enabling MySQL friends support for SIP and IAX"
+               sed -i  -e "s:^\(USE_MYSQL_FRIENDS\)=.*:\1=1:" \
+                       -e "s:^\(USE_SIP_MYSQL_FRIENDS\)=.*:\1=1:" \
+                       channels/Makefile
+       fi
+
+       #
+       # asterisk add-ons
+       #
+       cd ${S_ADDONS}
+       sed -i -e "s:-I../asterisk:-I${S} -I${S}/include:" Makefile
+       sed -i  -e "s:^OPTIMIZE+=.*:OPTIMIZE+=${CFLAGS}:" \
+               -e "s:^\(CFLAGS=\)\(.*\):\1-I${S}/include -fPIC \2:" \
+               format_mp3/Makefile
+
+
+       #
+       # BRI patches
+       #
+       if use bri; then
+               cd ${S}
+               einfo "Patching asterisk w/ BRI stuff"
+
+               # remove after new patch has been released
+               sed -i -e "s:^\([+-]\)1\.0\.10:\11.0.11.1:" \
+                       ${S_BRI}/patches/asterisk.patch
+
+               epatch ${S_BRI}/patches/asterisk.patch
+       fi
+
+       #
+       # Revived snmp plugin support
+       #
+#      if use snmp; then
+#              cd ${S}
+#              einfo "Patching snmp plugin helper functions"
+#              epatch ${FILESDIR}/1.0.0/ast-ax-snmp-1.0.6.diff
+#      fi
+
+       # fix path for non-root
+       cd ${S}
+       sed -i -e "s:^\(ASTVARRUNDIR=\).*:\1\$(INSTALL_PREFIX)/var/run/asterisk:" \
+               Makefile
+
+       # fix contrib scripts for non-root
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0.7-scripts.diff
+
+       # add initgroups support to asterisk, this is needed
+       # to support supplementary groups for the asterisk
+       # user (start-stop-daemons --chguid breaks realtime priority support)
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0.8-initgroups.diff
+
+       # UK callerid patch, adds support for british-telecoms callerid to x100p cards
+       # see http://www.lusyn.com/asterisk/patches.html for more information
+       use ukcid && \
+               epatch ${FILESDIR}/1.0.0/${PN}-1.0.9-ukcid.patch
+
+       # needed for >=freetds-0.63
+       if has_version ">=dev-db/freetds-0.63"; then
+               epatch ${FILESDIR}/1.0.0/${PN}-1.0.9-freetds.diff
+       fi
+
+       # security fix, bug #111836
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0.10-vmail.cgi.patch
+
+       # patch for mISDN
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0.10-misdn.patch
+
+       # CVE-2006-1827: integer signedness error in format_jpeg (#131096)
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0-CVE-2006-1827.patch
+
+       # security patches for chan_sip (#169616, #171467)
+       epatch ${FILESDIR}/1.0.0/${PN}-1.0.12-r2-chan_sip.patch
+}
+
+src_compile() {
+       # build asterisk first...
+       einfo "Building Asterisk..."
+       cd ${S}
+       emake -j1 || die "Make failed"
+
+       # create api docs
+       use doc && \
+               emake -j1 progdocs
+
+       #
+       # add-ons
+       #
+       einfo "Building additional stuff..."
+       cd ${S_ADDONS}
+       emake -j1 || die "Make failed"
+
+       if use resperl; then
+               cd ${S_ADDONS}/res_perl
+               emake -j1 || die "Building embedded perl failed"
+       fi
+}
+
+src_install() {
+       make DESTDIR=${D} install || die "Make install failed"
+       make DESTDIR=${D} samples || die "Make install samples failed"
+
+       # install astconf.h, a lot of external modules need this
+       insinto /usr/include/asterisk
+       doins   astconf.h
+
+       # install addmailbox and astgenkey
+       dosbin contrib/scripts/addmailbox
+       dosbin contrib/scripts/astgenkey
+
+       newinitd ${FILESDIR}/1.0.0/asterisk.rc6.sec asterisk
+       newconfd ${FILESDIR}/1.0.0/asterisk.confd.sec asterisk
+
+       # don't delete these, even if they are empty
+       keepdir /var/spool/asterisk/voicemail/default/1234/INBOX
+       keepdir /var/spool/asterisk/tmp
+       keepdir /var/log/asterisk/cdr-csv
+       keepdir /var/run/asterisk
+
+       # install standard docs...
+       dodoc BUGS CREDITS LICENSE ChangeLog HARDWARE README README.fpm
+       dodoc SECURITY doc/CODING-GUIDELINES doc/linkedlists.README
+       dodoc doc/README.*
+       dodoc doc/*.txt
+
+       docinto scripts
+       dodoc contrib/scripts/*
+       docinto firmware/iax
+       dodoc contrib/firmware/iax/*
+
+       # install api docs
+       if use doc; then
+               insinto /usr/share/doc/${PF}/api/html
+               doins doc/api/html/*
+       fi
+
+       insinto /usr/share/doc/${PF}/cgi
+       doins contrib/scripts/vmail.cgi
+       doins images/*.gif
+
+       #
+       # add-ons
+       #
+
+       # install additional modules...
+       einfo "Installing additional modules..."
+       cd ${S_ADDONS}
+       make INSTALL_PREFIX=${D} install || die "Make install failed"
+
+       if use resperl; then
+               perlinfo
+
+               cd ${S_ADDONS}/res_perl
+               make INSTALL_PREFIX=${D} install || die "Installation of perl AST_API failed"
+
+               # move AstApiBase.so to a proper place
+               dodir ${VENDOR_LIB}/auto/AstAPIBase
+               mv ${D}/etc/asterisk/perl/AstAPIBase.so ${D}${VENDOR_LIB}/auto/AstAPIBase
+
+               # move *.pm files to other location
+               dodir ${VENDOR_LIB}/AstAPI
+               dodir ${VENDOR_LIB}/AstAPIBase
+               for x in AstAPI.pm AstConfig.pm LoadFile.pm PerlSwitch.pm WebServer.pm; do
+                       mv ${D}/etc/asterisk/perl/${x} ${D}${VENDOR_LIB}/AstAPI
+                       dosed "s/^use[\t ]\+${x/.pm/};/use AstAPI::${x/.pm/};/" /etc/asterisk/perl/asterisk_init.pm
+               done
+               mv ${D}/etc/asterisk/perl/AstAPIBase.pm ${D}${VENDOR_LIB}/AstAPIBase
+               dosed "s/^use[\t ]\+AstAPI;/use AstAPI::AstAPI;/" /etc/asterisk/perl/asterisk_init.pm
+               dosed "s/^use[\t ]\+AstAPIBase;/use AstAPIBase::AstAPIBase;/" ${VENDOR_LIB}/AstAPI/AstAPI.pm
+
+               # move apps + htdocs to a proper place
+               dodir /var/lib/asterisk/perl
+               mv ${D}/etc/asterisk/perl/{apps,htdocs} ${D}/var/lib/asterisk/perl
+
+               # fix locations
+               sed -i -e "s:/etc/asterisk/perl:/var/lib/asterisk/perl:" \
+                       ${D}${VENDOR_LIB}/AstAPI/LoadFile.pm ${D}${VENDOR_LIB}/AstAPI/WebServer.pm
+       fi
+}
+
+pkg_preinst() {
+       einfo "Adding asterisk user and group"
+       enewgroup asterisk
+       enewuser asterisk -1 -1 /var/lib/asterisk asterisk
+}
+
+pkg_postinst() {
+       #
+       # Change permissions and ownerships of asterisk
+       # directories and files
+       #
+       einfo "Fixing permissions and ownerships"
+       # fix permissions in /var/...
+       for x in spool run lib log; do
+               chown -R asterisk:asterisk ${ROOT}var/${x}/asterisk
+               chmod -R u=rwX,g=rX,o=     ${ROOT}var/${x}/asterisk
+       done
+
+       chown -R root:asterisk ${ROOT}etc/asterisk
+       chmod -R u=rwX,g=rX,o= ${ROOT}etc/asterisk
+
+       #
+       # Fix locations for old installations (pre-non-root versions)
+       #
+       if [[ -z "$(grep "/var/run/asterisk" ${ROOT}etc/asterisk/asterisk.conf)" ]]
+       then
+               elog "Fixing astrundir in ${ROOT}etc/asterisk/asterisk.conf"
+               mv -f ${ROOT}etc/asterisk/asterisk.conf \
+                       ${ROOT}etc/asterisk/asterisk.conf.bak
+               sed -e "s:^\(astrundir[\t ]=>\).*:\1 /var/run/asterisk:" \
+                       ${ROOT}etc/asterisk/asterisk.conf.bak >\
+                       ${ROOT}etc/asterisk/asterisk.conf
+               elog "Backup has been saved as ${ROOT}etc/asterisk/asterisk.conf.bak"
+       fi
+
+       #
+       # Some messages
+       #
+       einfo "Asterisk has been installed"
+       einfo ""
+       elog "to add new Mailboxes use: /usr/sbin/addmailbox"
+       echo
+       elog "If you want to know more about asterisk, visit these sites:"
+       elog "http://www.asteriskdocs.org/"
+       elog "http://www.voip-info.org/wiki-Asterisk"
+       echo
+       elog "http://asterisk.xvoip.com/"
+       elog "http://junghanns.net/asterisk/"
+       elog "http://www.automated.it/guidetoasterisk.htm"
+       echo
+       elog "Gentoo VoIP IRC Channel:"
+       elog "#gentoo-voip @ irc.freenode.net"
+
+       #
+       # Warning about security changes...
+       #
+       ewarn "*********************** Important changes **************************"
+       ewarn
+       ewarn "- Asterisk runs as user asterisk, group asterisk by default"
+       ewarn
+       ewarn "- Make sure the asterisk user is a member of the proper groups if you want it"
+       ewarn "  to have access to hardware devices, e.g. \"audio\" for Alsa and OSS sound or"
+       ewarn "  \"dialout\" for zaptel!"
+       ewarn
+       ewarn "- Permissions of /etc/asterisk have been changed to root:asterisk"
+       ewarn "  750 (rwxr-x--- directories) / 640 (rw-r----- files)"
+       ewarn
+       ewarn "- Permissions of /var/{log,lib,run,spool}/asterisk have been changed"
+       ewarn "  to asterisk:asterisk 750 / 640"
+       ewarn
+       ewarn "- Asterisk's unix socket and pidfile are now in /var/run/astrisk"
+       ewarn
+       ewarn "- Asterisk cannot set the IP ToS bits when run as user,"
+       ewarn "  use something like this to make iptables set them for you:"
+       ewarn "  \"iptables -A OUTPUT -t mangle -p udp -m udp --dport 5060 -j DSCP --set-dscp 0x28\""
+       ewarn "  \"iptables -A OUTPUT -t mangle -p udp -m udp --sport 10000:20000 -j DSCP --set-dscp 0x28\""
+       ewarn "  (taken from voip-info.org comments (see below), thanks andrewid)"
+       ewarn
+       ewarn "For more details:"
+       ewarn "     http://bugs.gentoo.org/show_bug.cgi?id=88732"
+       ewarn "     http://www.voip-info.org/wiki-Asterisk+non-root"
+}
diff --git a/net-misc/asterisk/files/1.0.0/asterisk-1.0.12-r2-chan_sip.patch b/net-misc/asterisk/files/1.0.0/asterisk-1.0.12-r2-chan_sip.patch

new file mode 100644 (file)

index 0000000..ef79a53
--- /dev/null
+++ b/net-misc/asterisk/files/1.0.0/asterisk-1.0.12-r2-chan_sip.patch
@@ -0,0 +1,30 @@
+Ports from <http://svn.digium.com/view/asterisk?rev=57478&view=rev>,
+<http://svn.digium.com/view/asterisk?rev=59038&view=rev>
+More information at <http://bugs.gentoo.org/169616> and
+<http://bugs.gentoo.org/171467>.
+--- asterisk-1.0.12/channels/chan_sip.c        2005-11-29 13:24:39.000000000 -0500
++++ asterisk-1.0.12-r2/channels/chan_sip.c     2007-03-19 15:32:08.000000000 -0400
+@@ -7293,6 +7293,12 @@
+                  increasing */
+               p->icseq = seqno;
+ 
++      if (!e && (strcasecmp(cmd, "INVITE") == 0 || strcasecmp(cmd, "SUBSCRIBE") == 0 || strcasecmp(cmd, "REGISTER") == 0 || strcasecmp(cmd, "NOTIFY") == 0)) {
++              transmit_response(p, "503 Server error", req);
++              p->needdestroy = 1;
++              return -1;
++      }
++
+       /* Initialize the context if it hasn't been already */
+       if (!strcasecmp(cmd, "OPTIONS")) {
+               res = get_destination(p, req);
+@@ -7790,6 +7796,10 @@
+               if (sscanf(e, "%i %n", &respid, &len) != 1) {
+                       ast_log(LOG_WARNING, "Invalid response: '%s'\n", e);
+               } else {
++                      if (respid <= 0) {
++                              ast_log(LOG_WARNING, "Invalid SIP response code: '%d'\n", respid);
++                              return 0;
++                      }
+                       handle_response(p, respid, e + len, req,ignore);
+               }
+       } else {
diff --git a/net-misc/asterisk/files/digest-asterisk-1.0.12-r2 b/net-misc/asterisk/files/digest-asterisk-1.0.12-r2

new file mode 100644 (file)

index 0000000..39a3108
--- /dev/null
+++ b/net-misc/asterisk/files/digest-asterisk-1.0.12-r2
@@ -0,0 +1,9 @@
+MD5 d1a2f994cbeee02258c8da4a60b07bc1 asterisk-1.0.12.tar.gz 9641502
+RMD160 bb6d5d38e2945e43d367cb7aedf1e0f557808a29 asterisk-1.0.12.tar.gz 9641502
+SHA256 0b900a9614bb936334247ff6881edc9eb57d6a684fc5a4aab4e4dd4c7f597ff6 asterisk-1.0.12.tar.gz 9641502
+MD5 2b6e1da3ff097f9792d3123e7e5a0059 asterisk-addons-1.0.9.tar.gz 73716
+RMD160 98156861f790987fb4bf86b14c902aeca90b380b asterisk-addons-1.0.9.tar.gz 73716
+SHA256 4c878a4e5b5aabbdd93116ccbca5cf6465d55f480f4aa1e6438e9fc49c1f11fe asterisk-addons-1.0.9.tar.gz 73716
+MD5 4306e18c195e6b1a37af02fedd4a153e bristuff-0.2.0-RC8r.tar.gz 194888
+RMD160 d5dd31b9e4dcf30af6d2a62deb285a83f8a54019 bristuff-0.2.0-RC8r.tar.gz 194888
+SHA256 99f9da320d6335413384d12310e5ae9815572281c99d5908706022b6a4d6cb03 bristuff-0.2.0-RC8r.tar.gz 194888
author	Rajiv Aaron Manglani <rajiv@gentoo.org>
	Mon, 19 Mar 2007 20:05:39 +0000 (20:05 +0000)
committer	Rajiv Aaron Manglani <rajiv@gentoo.org>
	Mon, 19 Mar 2007 20:05:39 +0000 (20:05 +0000)
net-misc/asterisk/ChangeLog		patch \| blob \| history
net-misc/asterisk/Manifest		patch \| blob \| history
net-misc/asterisk/asterisk-1.0.12-r2.ebuild	[new file with mode: 0644]	patch \| blob
net-misc/asterisk/files/1.0.0/asterisk-1.0.12-r2-chan_sip.patch	[new file with mode: 0644]	patch \| blob
net-misc/asterisk/files/digest-asterisk-1.0.12-r2	[new file with mode: 0644]	patch \| blob