NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
11db258cd6
kumquat-buildroot/package/asterisk/asterisk.mk
Peter Korsgaard 289a15f33b package/asterisk: security bump to version 16.21.1 
Fixes the following security issues:

16.15.0:
- ASTERISK-29057: pjsip: Crash on call rejection during high load

16.15.1:
- AST-2020-003: Remote crash in res_pjsip_diversion
  A crash can occur in Asterisk when a SIP message is received that has a
  History-Info header, which contains a tel-uri.
  https://downloads.asterisk.org/pub/security/AST-2020-003.pdf

- AST-2020-004: Remote crash in res_pjsip_diversion
  A crash can occur in Asterisk when a SIP 181 response is received that has
  a Diversion header, which contains a tel-uri.
  https://downloads.asterisk.org/pub/security/AST-2020-004.pdf

16.16.0:
- ASTERISK-29219: res_pjsip_diversion: Crash if Tel URI contains History-Info

16.16.1:
- AST-2021-001: Remote crash in res_pjsip_diversion
  If a registered user is tricked into dialing a malicious number that sends
  lots of 181 responses to Asterisk, each one will cause a 181 to be sent
  back to the original caller with an increasing number of entries in the
  “Supported” header.  Eventually the number of entries in the header
  exceeds the size of the entry array and causes a crash.
  https://downloads.asterisk.org/pub/security/AST-2021-001.pdf

- AST-2021-002: Remote crash possible when negotiating T.38
  When re-negotiating for T.38 if the initial remote response was delayed
  just enough Asterisk would send both audio and T.38 in the SDP.  If this
  happened, and the remote responded with a declined T.38 stream then
  Asterisk would crash.
  https://downloads.asterisk.org/pub/security/AST-2021-002.pdf

- AST-2021-003: Remote attacker could prematurely tear down SRTP calls
  An unauthenticated remote attacker could replay SRTP packets which could
  cause an Asterisk instance configured without strict RTP validation to
  tear down calls prematurely.
  https://downloads.asterisk.org/pub/security/AST-2021-003.pdf

- AST-2021-004: An unsuspecting user could crash Asterisk with multiple
  hold/unhold requests
  Due to a signedness comparison mismatch, an authenticated WebRTC client
  could cause a stack overflow and Asterisk crash by sending multiple
  hold/unhold requests in quick succession.
  https://downloads.asterisk.org/pub/security/AST-2021-004.pdf

- AST-2021-005: Remote Crash Vulnerability in PJSIP channel driver
  Given a scenario where an outgoing call is placed from Asterisk to a
  remote SIP server it is possible for a crash to occur.
  https://downloads.asterisk.org/pub/security/AST-2021-005.pdf

16.16.2:
- AST-2021-006: Crash when negotiating T.38 with a zero port
  When Asterisk sends a re-invite initiating T.38 faxing and the endpoint
  responds with a m=image line and zero port, a crash will occur in
  Asterisk.
  This is a reoccurrence of AST-2019-004.
  https://downloads.asterisk.org/pub/security/AST-2021-006.pdf

16.17.0:
- ASTERISK-29203 / AST-2021-002 — Another scenario is causing a crash

- ASTERISK-29260: sRTP Replay Protection ignored; even tears down long calls

- ASTERISK-29227: res_pjsip_diversion: sending multiple 181 responses causes
  memory corruption and crash

16.19.1:
- AST-2021-007: Remote Crash Vulnerability in PJSIP channel driver
  When Asterisk receives a re-INVITE without SDP after having sent a BYE
  request a crash will occur.  This occurs due to the Asterisk channel no
  longer being present while code assumes it is.
  https://downloads.asterisk.org/pub/security/AST-2021-007.pdf

- AST-2021-008: Remote crash when using IAX2 channel driver
  If the IAX2 channel driver receives a packet that contains an unsupported
  media format it can cause a crash to occur in Asterisk.
  https://downloads.asterisk.org/pub/security/AST-2021-008.pdf

- AST-2021-009: pjproject/pjsip: crash when SSL socket destroyed during
  handshake
  Depending on the timing, it’s possible for Asterisk to crash when using a
  TLS connection if the underlying socket parent/listener gets destroyed
  during the handshake.
  https://downloads.asterisk.org/pub/security/AST-2021-009.pdf

16.20.0:
- ASTERISK-29415: Crash in PJSIP TLS transport

- ASTERISK-29381: chan_pjsip: Remote denial of service by an authenticated
  user

In addition, a large number of bugfixes.

Drop now upstreamed
0006-AC_HEADER_STDC-causes-a-compile-failure-with-autoconf-2-70.patch.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2021-10-24 16:13:44 +02:00

344 lines
8.8 KiB
Makefile
Raw Blame History

################################################################################
#
# asterisk
#
################################################################################
ASTERISK_VERSION = 16.21.1
# Use the github mirror: it's an official mirror maintained by Digium, and
# provides tarballs, which the main Asterisk git tree (behind Gerrit) does not.
ASTERISK_SITE = $(call github,asterisk,asterisk,$(ASTERISK_VERSION))
ASTERISK_SOUNDS_BASE_URL = http://downloads.asterisk.org/pub/telephony/sounds/releases
ASTERISK_EXTRA_DOWNLOADS = \
$(ASTERISK_SOUNDS_BASE_URL)/asterisk-core-sounds-en-gsm-1.6.1.tar.gz \
$(ASTERISK_SOUNDS_BASE_URL)/asterisk-moh-opsound-wav-2.03.tar.gz
ASTERISK_LICENSE = GPL-2.0, BSD-3c (SHA1, resample), BSD-4c (db1-ast)
ASTERISK_LICENSE_FILES = \
COPYING \
main/sha1.c \
codecs/speex/speex_resampler.h \
utils/db1-ast/include/db.h
ASTERISK_CPE_ID_VENDOR = asterisk
ASTERISK_CPE_ID_PRODUCT = open_source
ASTERISK_SELINUX_MODULES = asterisk
# For patches 0002, 0003 and 0005
ASTERISK_AUTORECONF = YES
ASTERISK_AUTORECONF_OPTS = -Iautoconf -Ithird-party -Ithird-party/pjproject -Ithird-party/jansson
ASTERISK_DEPENDENCIES = \
host-asterisk \
jansson \
libcurl \
libedit \
libxml2 \
sqlite \
util-linux
# Asterisk wants to run its menuselect tool (a highly tweaked derivative of
# kconfig), but builds it using the target tools. So we build it in the host
# variant (see below), and copy the full build tree of menuselect.
define ASTERISK_COPY_MENUSELECT
rm -rf $(@D)/menuselect
cp -a $(HOST_ASTERISK_DIR)/menuselect $(@D)/menuselect
endef
ASTERISK_PRE_CONFIGURE_HOOKS += ASTERISK_COPY_MENUSELECT
ASTERISK_CONF_OPTS = \
--disable-xmldoc \
--disable-internal-poll \
--disable-asteriskssl \
--disable-rpath \
--without-bfd \
--without-cap \
--without-cpg \
--without-curses \
--without-gtk2 \
--without-gmime \
--without-hoard \
--without-iconv \
--without-iksemel \
--without-imap \
--without-inotify \
--without-iodbc \
--without-isdnnet \
--without-jack \
--without-uriparser \
--without-kqueue \
--without-libedit \
--without-libxslt \
--without-lua \
--without-misdn \
--without-mysqlclient \
--without-nbs \
--without-neon29 \
--without-newt \
--without-openr2 \
--without-osptk \
--without-oss \
--without-postgres \
--without-pjproject \
--without-pjproject-bundled \
--without-popt \
--without-resample \
--without-sdl \
--without-SDL_image \
--without-sqlite \
--without-suppserv \
--without-tds \
--without-termcap \
--without-timerfd \
--without-tinfo \
--without-unbound \
--without-unixodbc \
--without-vpb \
--without-x11 \
--with-crypt \
--with-jansson \
--with-libcurl \
--with-ilbc \
--with-libxml2 \
--with-libedit="$(STAGING_DIR)/usr" \
--with-sqlite3="$(STAGING_DIR)/usr" \
--with-sounds-cache=$(ASTERISK_DL_DIR)
# avcodec are from ffmpeg. There is virtually zero chance this could
# even work; asterisk is looking for ffmpeg/avcodec.h which has not
# been installed in this location since early 2007 (~10 years ago at
# the time of this writing).
ASTERISK_CONF_OPTS += --without-avcodec
# asterisk is not compatible with freeswitch spandsp
ASTERISK_CONF_OPTS += --without-spandsp
ASTERISK_CONF_ENV = \
ac_cv_file_bridges_bridge_softmix_include_hrirs_h=true \
ac_cv_path_CONFIG_LIBXML2=$(STAGING_DIR)/usr/bin/xml2-config
# Uses __atomic_fetch_add_4
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
ASTERISK_CONF_ENV += LIBS="-latomic"
endif
ifeq ($(BR2_TOOLCHAIN_USES_GLIBC),y)
ASTERISK_CONF_OPTS += --with-execinfo
else
ASTERISK_CONF_OPTS += --without-execinfo
endif
ifeq ($(BR2_PACKAGE_LIBGSM),y)
ASTERISK_DEPENDENCIES += libgsm
ASTERISK_CONF_OPTS += --with-gsm
else
ASTERISK_CONF_OPTS += --without-gsm
endif
ifeq ($(BR2_PACKAGE_ALSA_LIB),y)
ASTERISK_DEPENDENCIES += alsa-lib
ASTERISK_CONF_OPTS += --with-asound
else
ASTERISK_CONF_OPTS += --without-asound
endif
ifeq ($(BR2_PACKAGE_BLUEZ5_UTILS),y)
ASTERISK_DEPENDENCIES += bluez5_utils
ASTERISK_CONF_OPTS += --with-bluetooth
else
ASTERISK_CONF_OPTS += --without-bluetooth
endif
ifeq ($(BR2_PACKAGE_LIBICAL),y)
ASTERISK_DEPENDENCIES += libical
ASTERISK_CONF_OPTS += --with-ical
else
ASTERISK_CONF_OPTS += --without-ical
endif
ifeq ($(BR2_PACKAGE_OPENLDAP),y)
ASTERISK_DEPENDENCIES += openldap
ASTERISK_CONF_OPTS += --with-ldap
else
ASTERISK_CONF_OPTS += --without-ldap
endif
ifeq ($(BR2_PACKAGE_NEON),y)
ASTERISK_DEPENDENCIES += neon
ASTERISK_CONF_OPTS += --with-neon
ASTERISK_CONF_ENV += \
ac_cv_path_CONFIG_NEON=$(STAGING_DIR)/usr/bin/neon-config
else
ASTERISK_CONF_OPTS += --without-neon
endif
ifeq ($(BR2_PACKAGE_NETSNMP),y)
ASTERISK_DEPENDENCIES += netsnmp
ASTERISK_CONF_OPTS += --with-netsnmp=$(STAGING_DIR)/usr
else
ASTERISK_CONF_OPTS += --without-netsnmp
endif
ifeq ($(BR2_PACKAGE_LIBOGG),y)
ASTERISK_DEPENDENCIES += libogg
ASTERISK_CONF_OPTS += --with-ogg
else
ASTERISK_CONF_OPTS += --without-ogg
endif
ifeq ($(BR2_PACKAGE_OPUS),y)
ASTERISK_DEPENDENCIES += opus
ASTERISK_CONF_OPTS += --with-opus
else
ASTERISK_CONF_OPTS += --without-opus
endif
ifeq ($(BR2_PACKAGE_PORTAUDIO),y)
ASTERISK_DEPENDENCIES += portaudio
ASTERISK_CONF_OPTS += --with-portaudio
else
ASTERISK_CONF_OPTS += --without-portaudio
endif
ifeq ($(BR2_PACKAGE_FREERADIUS_CLIENT),y)
ASTERISK_DEPENDENCIES += freeradius-client
ASTERISK_CONF_OPTS += --with-radius
else
ASTERISK_CONF_OPTS += --without-radius
endif
ifeq ($(BR2_PACKAGE_DAHDI_LINUX)$(BR2_PACKAGE_DAHDI_TOOLS),yy)
ASTERISK_DEPENDENCIES += dahdi-linux dahdi-tools
ASTERISK_CONF_OPTS += --with-dahdi --with-tonezone
ifeq ($(BR2_PACKAGE_LIBPRI),y)
ASTERISK_DEPENDENCIES += libpri
ASTERISK_CONF_OPTS += --with-pri
else
ASTERISK_CONF_OPTS += --without-pri
endif # PRI
ifeq ($(BR2_PACKAGE_LIBSS7),y)
ASTERISK_DEPENDENCIES += libss7
ASTERISK_CONF_OPTS += --with-ss7
else
ASTERISK_CONF_OPTS += --without-ss7
endif # SS7
else
ASTERISK_CONF_OPTS += \
--without-dahdi --without-tonezone \
--without-pri --without-ss7
endif # DAHDI
ifeq ($(BR2_PACKAGE_OPENSSL),y)
ASTERISK_DEPENDENCIES += openssl
ASTERISK_CONF_OPTS += --with-ssl
else
ASTERISK_CONF_OPTS += --without-ssl
endif
ifeq ($(BR2_PACKAGE_SPEEX)$(BR2_PACKAGE_SPEEXDSP),yy)
ASTERISK_DEPENDENCIES += speex
ASTERISK_CONF_OPTS += --with-speex --with-speexdsp
else
ASTERISK_CONF_OPTS += --without-speex --without-speexdsp
endif
# asterisk needs an openssl-enabled libsrtp
ifeq ($(BR2_PACKAGE_LIBSRTP)$(BR2_PACKAGE_OPENSSL)x$(BR2_STATIC_LIBS),yyx)
ASTERISK_DEPENDENCIES += libsrtp
ASTERISK_CONF_OPTS += --with-srtp
else
ASTERISK_CONF_OPTS += --without-srtp
endif
ifeq ($(BR2_PACKAGE_LIBVORBIS),y)
ASTERISK_DEPENDENCIES += libvorbis
ASTERISK_CONF_OPTS += --with-vorbis
else
ASTERISK_CONF_OPTS += --without-vorbis
endif
ifeq ($(BR2_PACKAGE_ZLIB),y)
ASTERISK_DEPENDENCIES += zlib
ASTERISK_CONF_OPTS += --with-z
else
ASTERISK_CONF_OPTS += --without-z
endif
ASTERISK_DIRS = \
ASTVARLIBDIR="/usr/lib/asterisk" \
ASTDATADIR="/usr/lib/asterisk" \
ASTKEYDIR="/usr/lib/asterisk" \
ASTDBDIR="/usr/lib/asterisk"
ASTERISK_MAKE_OPTS = $(ASTERISK_DIRS)
# Uses __atomic_fetch_add_4
ifeq ($(BR2_TOOLCHAIN_HAS_LIBATOMIC),y)
ASTERISK_MAKE_OPTS += ASTLDFLAGS="-latomic"
endif
# Remove default -O3 optimization flag
ASTERISK_MAKE_OPTS += OPTIMIZE=""
ASTERISK_CFLAGS = $(TARGET_CFLAGS)
ifeq ($(BR2_TOOLCHAIN_HAS_GCC_BUG_93847),y)
ASTERISK_CFLAGS += -O0
endif
ASTERISK_CONF_OPTS += CFLAGS="$(ASTERISK_CFLAGS)"
# We want to install sample configuration files, too.
ASTERISK_INSTALL_TARGET_OPTS = \
$(ASTERISK_DIRS) \
DESTDIR=$(TARGET_DIR) \
LDCONFIG=true \
install samples
$(eval $(autotools-package))
#-------------------------------------------------------------------------------
# This part deals with building the menuselect tool as a host package
HOST_ASTERISK_DEPENDENCIES = host-pkgconf host-libxml2 host-ncurses
HOST_ASTERISK_SUBDIR = menuselect
HOST_ASTERISK_LICENSE = GPL-2.0
HOST_ASTERISK_LICENSE_FILES = COPYING
# No need to autoreconf for the host variant,
# so do not inherit the target setup.
HOST_ASTERISK_AUTORECONF = NO
HOST_ASTERISK_CONF_ENV = CONFIG_LIBXML2=$(HOST_DIR)/bin/xml2-config
HOST_ASTERISK_CONF_OPTS = \
--without-newt \
--without-curses \
--with-ncurses=$(HOST_DIR)
# Not an automake package, so does not inherit LDFLAGS et al. from
# the configure run.
HOST_ASTERISK_MAKE_ENV = $(HOST_CONFIGURE_OPTS)
# Even though menuselect is an autotools package, it is not an automake
# package and does not have an 'install' rule, as asterisk does expect
# it to be in a sub-directory of its source tree. We do so by copying
# the full menuselect build tree as a pre-configure hook in the target
# variant.
# However, the sanity checks on host packages are not run on menuselect.
# But we still want to catch that menuselect has the proper rpath set,
# for example, as it uses host libraries that we do build, like
# host-libxml2.
# So we do manually install the menuselect tool.
define HOST_ASTERISK_INSTALL_CMDS
$(INSTALL) -D -m 0755 $(@D)/menuselect/menuselect \
$(HOST_DIR)/bin/asterisk-menuselect
endef
$(eval $(host-autotools-package))
Reference in New Issue View Git Blame Copy Permalink