[Astlinux-commits] SF.net SVN: astlinux:[6773] branches/1.0/package

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 6773
          http://sourceforge.net/p/astlinux/code/6773
Author:   abelbeck
Date:     2014-10-20 18:55:36 +0000 (Mon, 20 Oct 2014)
Log Message:
-----------
asterisk, version bump to 1.8.31.1 and 11.13.1, security fix - Credits the AstLinux Team for this fix related to the POODLE vulnerability

Modified Paths:
--------------
    branches/1.0/package/asterisk/asterisk.mk
    branches/1.0/package/prosody/prosody.init

Removed Paths:
-------------
    branches/1.0/package/asterisk/asterisk-1.8-jabber-tls.patch
    branches/1.0/package/asterisk/asterisk-11-jabber-xmpp-tls.patch

Deleted: branches/1.0/package/asterisk/asterisk-1.8-jabber-tls.patch
===================================================================

--- branches/1.0/package/asterisk/asterisk-1.8-jabber-tls.patch	2014-10-19 15:07:21 UTC (rev 6772)
+++ branches/1.0/package/asterisk/asterisk-1.8-jabber-tls.patch	2014-10-20 18:55:36 UTC (rev 6773)
@@ -1,21 +0,0 @@
---- asterisk-1.8.31.0/res/res_jabber.c.orig	2014-10-16 08:45:07.000000000 -0500
-+++ asterisk-1.8.31.0/res/res_jabber.c	2014-10-16 08:51:36.000000000 -0500
-@@ -1240,14 +1240,17 @@
- {
- 	int ret;
- 	int sock;
-+	long ssl_opts;
- 
- 	ast_debug(1, "Starting TLS handshake\n");
- 
- 	/* Choose an SSL/TLS protocol version, create SSL_CTX */
--	client->ssl_method = SSLv3_method();
-+	client->ssl_method = SSLv23_method();
- 	if (!(client->ssl_context = SSL_CTX_new((SSL_METHOD *) client->ssl_method))) {
- 		return IKS_NET_TLSFAIL;
- 	}
-+	ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-+	SSL_CTX_set_options(client->ssl_context, ssl_opts);
- 
- 	/* Create new SSL session */
- 	if (!(client->ssl_session = SSL_new(client->ssl_context))) {

Deleted: branches/1.0/package/asterisk/asterisk-11-jabber-xmpp-tls.patch
===================================================================
--- branches/1.0/package/asterisk/asterisk-11-jabber-xmpp-tls.patch	2014-10-19 15:07:21 UTC (rev 6772)
+++ branches/1.0/package/asterisk/asterisk-11-jabber-xmpp-tls.patch	2014-10-20 18:55:36 UTC (rev 6773)
@@ -1,45 +0,0 @@
---- asterisk-11.13.0/res/res_jabber.c.orig	2014-10-16 10:05:57.000000000 -0500
-+++ asterisk-11.13.0/res/res_jabber.c	2014-10-16 10:04:51.000000000 -0500
-@@ -1282,14 +1282,17 @@
- static int aji_tls_handshake(struct aji_client *client)
- {
- 	int sock;
-+	long ssl_opts;
- 
- 	ast_debug(1, "Starting TLS handshake\n");
- 
- 	/* Choose an SSL/TLS protocol version, create SSL_CTX */
--	client->ssl_method = SSLv3_method();
-+	client->ssl_method = SSLv23_method();
- 	if (!(client->ssl_context = SSL_CTX_new((SSL_METHOD *) client->ssl_method))) {
- 		return IKS_NET_TLSFAIL;
- 	}
-+	ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-+	SSL_CTX_set_options(client->ssl_context, ssl_opts);
- 
- 	/* Create new SSL session */
- 	if (!(client->ssl_session = SSL_new(client->ssl_context))) {
---- asterisk-11.13.0/res/res_xmpp.c.orig	2014-10-16 10:13:57.000000000 -0500
-+++ asterisk-11.13.0/res/res_xmpp.c	2014-10-16 10:16:49.000000000 -0500
-@@ -2501,6 +2501,7 @@
- {
- #ifdef HAVE_OPENSSL
- 	int sock;
-+	long ssl_opts;
- #endif
- 
- 	if (!strcmp(iks_name(node), "success")) {
-@@ -2519,10 +2520,12 @@
- 	ast_log(LOG_ERROR, "Somehow we managed to try to start TLS negotiation on client '%s' without OpenSSL support, disconnecting\n", client->name);
- 	return -1;
- #else
--	client->ssl_method = SSLv3_method();
-+	client->ssl_method = SSLv23_method();
- 	if (!(client->ssl_context = SSL_CTX_new((SSL_METHOD *) client->ssl_method))) {
- 		goto failure;
- 	}
-+	ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
-+	SSL_CTX_set_options(client->ssl_context, ssl_opts);
- 
- 	if (!(client->ssl_session = SSL_new(client->ssl_context))) {
- 		goto failure;

Modified: branches/1.0/package/asterisk/asterisk.mk
===================================================================
--- branches/1.0/package/asterisk/asterisk.mk	2014-10-19 15:07:21 UTC (rev 6772)
+++ branches/1.0/package/asterisk/asterisk.mk	2014-10-20 18:55:36 UTC (rev 6773)
@@ -4,9 +4,9 @@
 #
 ##############################################################
 ifeq ($(BR2_PACKAGE_ASTERISK_v1_8),y)
-ASTERISK_VERSION := 1.8.31.0
+ASTERISK_VERSION := 1.8.31.1
 else
-ASTERISK_VERSION := 11.13.0
+ASTERISK_VERSION := 11.13.1
 endif
 ASTERISK_SOURCE := asterisk-$(ASTERISK_VERSION).tar.gz
 ASTERISK_SITE := http://downloads.asterisk.org/pub/telephony/asterisk/releases

Modified: branches/1.0/package/prosody/prosody.init
===================================================================
--- branches/1.0/package/prosody/prosody.init	2014-10-19 15:07:21 UTC (rev 6772)
+++ branches/1.0/package/prosody/prosody.init	2014-10-20 18:55:36 UTC (rev 6773)
@@ -136,7 +136,7 @@
 ${ERROR_LOG}  error = \"/var/log/prosody/prosody.err\";
 }
 
--- Don't include ssl option \"no_sslv3\" since Asterisk 1.8 and 11 use SSLv3
+-- Don't include ssl option \"no_sslv3\" since pre-Asterisk 1.8.31.1 and 11.13.1 used SSLv3
 ssl = {
   options = { \"no_sslv2\", \"no_ticket\", \"no_compression\", \"cipher_server_preference\", \"single_dh_use\", \"single_ecdh_use\" };
   certificate = \"$cert\";

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.



