Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 185713 (CVE-2007-3762) - net-misc/asterisk Multiple issues (CVE-2007-{376[234]|4103})
Summary: net-misc/asterisk Multiple issues (CVE-2007-{376[234]|4103})
Status: RESOLVED FIXED
Alias: CVE-2007-3762
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Highest major (vote)
Assignee: Gentoo Security
URL: http://lists.digium.com/pipermail/ast...
Whiteboard: B1 [glsa] jaervosz
Keywords:
: 188256 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-07-17 23:08 UTC by Rajiv Aaron Manglani (RETIRED)
Modified: 2008-02-26 22:34 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
failed patch log (asterisk-1.2.11-jb.patch-5442.out,34.55 KB, text/plain)
2007-09-09 15:31 UTC, Christian Faulhammer (RETIRED)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Rajiv Aaron Manglani (RETIRED) gentoo-dev 2007-07-17 23:08:34 UTC
From: The Asterisk Development Team <asteriskteam@digium.com>
To: undisclosed-recipients:  ;
Date: Tue, 17 Jul 2007 17:22:21 -0500
Subject: [asterisk-announce] Critical Updates: Asterisk 1.2.22 and 1.4.8
    	released

The Asterisk development team has released Asterisk versions 1.2.22 and
1.4.8.

These releases contain fixes for four critical security vulnerabilities.
 One of these vulnerabilities is a remotely exploitable stack buffer
overflow, which could allow an attacker to execute arbitrary code on the
target machine.  The other three are all remotely exploitable crash
vulnerabilities.

We have released Asterisk Security Advisories for each of the
vulnerabilities.  The current version of each advisory can be downloaded
from the ftp site.

http://ftp.digium.com/pub/asa/ASA-2007-014.pdf
 * Affected systems include those that bridge calls between chan_iax2
and any channel driver that uses RTP for media

http://ftp.digium.com/pub/asa/ASA-2007-015.pdf
 * Affected systems include any system that has chan_iax2 enabled

http://ftp.digium.com/pub/asa/ASA-2007-016.pdf
 * Affected systems include any system that has chan_skinny enabled

http://ftp.digium.com/pub/asa/ASA-2007-017.pdf
 * Affected systems include any 1.4 system that has any channel driver
that uses RTP for media enabled

All users that have systems that meet any of the criteria listed above
should upgrade as soon as possible.

Thank you very much for your support.
Comment 1 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2007-07-24 23:37:43 UTC
another release: http://lists.digium.com/pipermail/asterisk-announce/2007-July/000084.html

The Asterisk development team has released Asterisk versions 1.2.23 and
1.4.9.

These releases contain bug fixes, including one for a security vulnerability.
The vulnerability is a potential Denial of Service attack when the Asterisk
IAX2 channel driver is configured to allow unauthenticated calls.

We have released an Asterisk Security Advisory for the vulnerability.  The 
current version of the advisory can be downloaded from the ftp site.

http://ftp.digium.com/pub/asa/ASA-2007-018.pdf
 * Affected systems include all Asterisk installations running an affected version
that allow unauthenticated IAX2 calls.  Affected open source versions include
1.2.20 through 1.2.22, and 1.4.5 through 1.4.8.

All users that have systems that meet the criteria listed above should 
upgrade as soon as possible.

Thank you very much for your support.
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-31 08:14:20 UTC
voip, any news here?
Comment 3 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2007-08-07 22:33:48 UTC
fyi, asterisk 1.2.24 has been released. no security fixes.
http://lists.digium.com/pipermail/asterisk-announce/2007-August/000088.html
Comment 4 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2007-08-07 22:34:47 UTC
however asterisk 1.4.10 does have security fixes (but the 1.4.x branch is not
currently in portage).
Comment 5 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2007-08-09 20:02:38 UTC
*** Bug 188256 has been marked as a duplicate of this bug. ***
Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-08-21 06:14:47 UTC
voip any further news here?
Comment 7 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2007-08-21 21:02:35 UTC
fyi, asterisk 1.4.11 (1.4.x is not currently in portage) fixes chan_sip issues.
http://downloads.digium.com/pub/asa/AST-2007-020.html
Comment 8 Doug Goldstein (RETIRED) gentoo-dev 2007-08-28 18:51:18 UTC
you're quite late on the 1.4.11 issue as I added it about an hour after the tarballs were available to the overlay...
Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-08-28 20:26:29 UTC
We still need a fix for 1.2.x.
Comment 10 Stefan Knoblich (RETIRED) gentoo-dev 2007-08-28 21:36:48 UTC
Commited asterisk-1.2.17-r1 and asterisk-1.2.21-r1, the following patches have been added:

1.2.17-r1:   ASA-2007-14, -15, -16 (<1.2.20 is not affected by ASA-2007-18)

1.2.21.1-r1: ASA-2007-14, -15, -16, -18 
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-09-08 15:26:42 UTC
Thanks Stefan (and sorry for the my delay here).

Arches please test and mark stable.
Comment 12 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-09 15:31:17 UTC
Created attachment 130419 [details]
failed patch log


USE=genericjb leads to failing patch:

* Applying asterisk-1.2.11-jb.patch ...

 * Failed Patch: asterisk-1.2.11-jb.patch !
 *  ( /var/tmp/portage/net-misc/asterisk-1.2.17-r1/work/asterisk-1.2.11-jb.patch )
 * 
 * Include in your bugreport the contents of:
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-09-09 19:00:08 UTC
Back to ebuild to get this fixed.

CVE note:

AST-2007-14 = CVE-2007-3762
AST-2007-15 = CVE-2007-3763
AST-2007-16 = CVE-2007-3764
AST-2007-18 = CVE-2007-4103
Comment 14 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-09 19:31:14 UTC
Maybe I should tell that even the -r0 fails patching and that this is an experimental feature which is added from a third party.  So this can be dropped if there is no Asterisk guru available.
Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-09-10 06:25:10 UTC
Thx for the note opfer. Back to stable marking.
Comment 16 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-10 06:29:28 UTC
(In reply to comment #15)
> Thx for the note opfer. Back to stable marking.

 So should I remove the jb patches or stable with broken patching?
Comment 17 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-09-10 08:02:24 UTC
If it's not a regression from a previous version I'd say go ahead and mark stable.

Stefan can you please look into it?
Comment 18 Christian Faulhammer (RETIRED) gentoo-dev 2007-09-10 16:53:54 UTC
x86 stable and I am out of here, too
Comment 19 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2007-09-21 09:31:52 UTC
I get an error when trying to build asterisk on my sparc264.

[ebuild  N    ] net-misc/asterisk-1.2.17-r1  USE="alsa curl h323 sqlite ssl (-bri) -debug -doc -genericjb -gtk (-hardened) -lowmem (-mmx) -nosamples -odbc (-osp) -postgres -pri -speex (-zaptel)" 0 kB 

 * Building H.323 wrapper lib...
make: Entering directory `/var/tmp/portage/net-misc/asterisk-1.2.17-r1/work/asterisk-1.2.17/channels/h323'
g++ -O2 -mcpu=ultrasparc3 -pipe -I/usr/include/openh323   -c -o ast_h323.o ast_h323.cpp
ast_h323.cpp:1:1: warning: "_GNU_SOURCE" redefined
<command line>:1:1: warning: this is the location of the previous definition
ast_h323.cpp:44:29: error: asterisk/logger.h: No such file or directory
ast_h323.cpp:45:30: error: asterisk/channel.h: No such file or directory
chan_h323.h:55: error: 'AST_MAX_ACCOUNT_CODE' was not declared in this scope
ast_h323.cpp: In member function 'virtual int PAsteriskLog::Buffer::sync()':
ast_h323.cpp:133: error: 'ast_verbose' was not declared in this scope
ast_h323.cpp: In function 'void PAssertFunc(const char*)':
ast_h323.cpp:169: error: 'LOG_ERROR' was not declared in this scope
ast_h323.cpp:169: error: 'ast_log' was not declared in this scope
make: *** [ast_h323.o] Error 1

It seems those includes aren't correct. Both channel.h and logger.h are available at the root of the asterisk dir.
Comment 20 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2007-09-21 09:32:32 UTC
sparc64 emerge --info:

Portage 2.1.3.9 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.5-r4, 2.6.17-gentoo-r8 sparc64)
=================================================================
System uname: 2.6.17-gentoo-r8 sparc64 sun4u
Timestamp of tree: Thu, 20 Sep 2007 00:50:01 +0000
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="sparc"
CBUILD="sparc-unknown-linux-gnu"
CFLAGS="-O2 -mcpu=ultrasparc3 -pipe"
CHOST="sparc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -mcpu=ultrasparc3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protection distlocks metadata-transfer parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.gentoo-pt.org/pub/gentoo ftp://mirrors1.netvisao.pt/gentoo/ http://trumpetti.tut.atm.fi/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://atl64.acores.pt/gentoo-portage"
USE="bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm iconv isdnlog midi mudflap nls nptl nptlonly openmp pam pcre ppds pppd reflection session sparc spl tcpd test truetype-fonts type1-fonts unicode vhosts xorg" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="dummy fbdev glint mach64 mga r128 radeon sunbw2 suncg14 suncg3 suncg6 sunffb sunleo tdfx v4l voodoo"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Comment 21 Ferris McCormick (RETIRED) gentoo-dev 2007-09-24 14:21:15 UTC
(In reply to comment #19)
> I get an error when trying to build asterisk on my sparc264.
> 
> [ebuild  N    ] net-misc/asterisk-1.2.17-r1  USE="alsa curl h323 sqlite ssl
> (-bri) -debug -doc -genericjb -gtk (-hardened) -lowmem (-mmx) -nosamples -odbc
> (-osp) -postgres -pri -speex (-zaptel)" 0 kB 
> 
>  * Building H.323 wrapper lib...
> make: Entering directory
> `/var/tmp/portage/net-misc/asterisk-1.2.17-r1/work/asterisk-1.2.17/channels/h323'
> g++ -O2 -mcpu=ultrasparc3 -pipe -I/usr/include/openh323   -c -o ast_h323.o
> ast_h323.cpp
> ast_h323.cpp:1:1: warning: "_GNU_SOURCE" redefined
> <command line>:1:1: warning: this is the location of the previous definition
> ast_h323.cpp:44:29: error: asterisk/logger.h: No such file or directory
> ast_h323.cpp:45:30: error: asterisk/channel.h: No such file or directory
> chan_h323.h:55: error: 'AST_MAX_ACCOUNT_CODE' was not declared in this scope
> ast_h323.cpp: In member function 'virtual int PAsteriskLog::Buffer::sync()':
> ast_h323.cpp:133: error: 'ast_verbose' was not declared in this scope
> ast_h323.cpp: In function 'void PAssertFunc(const char*)':
> ast_h323.cpp:169: error: 'LOG_ERROR' was not declared in this scope
> ast_h323.cpp:169: error: 'ast_log' was not declared in this scope
> make: *** [ast_h323.o] Error 1
> 
> It seems those includes aren't correct. Both channel.h and logger.h are
> available at the root of the asterisk dir.
> 

I see the same error on my SB1000 when building asterisk-1.2.17-r1 with the same    USE flags.  USE='-h323' is OK.  But this is still a failure; please tell us how to resolve.
Comment 22 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2007-09-27 17:10:04 UTC
I was able to emerge successfully asterisk with the following use flags:

net-misc/asterisk-1.2.17-r1 (alsa curl sqlite ssl)
net-misc/asterisk-1.2.17-r1 (alsa curl doc speex sqlite ssl)
net-misc/asterisk-1.2.21.1 (alsa curl sqlite ssl)
net-misc/asterisk-1.2.21.1 (alsa curl doc speex sqlite ssl)

However, I got a *few* warnings, some repeat many, *many* times, that I'm going to post on the next entries.

emerPortage 2.1.3.9 (default-linux/sparc/sparc64/2007.0, gcc-4.1.2, glibc-2.5-r4, 2.6.17-gentoo-r8 sparc64)
=================================================================
System uname: 2.6.17-gentoo-r8 sparc64 sun4u
Timestamp of tree: Wed, 26 Sep 2007 22:50:01 +0000
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="sparc"
CBUILD="sparc-unknown-linux-gnu"
CFLAGS="-O2 -mcpu=ultrasparc3 -pipe"
CHOST="sparc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -mcpu=ultrasparc3 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="collision-protection distlocks metadata-transfer parallel-fetch sandbox sfperms strict test unmerge-orphans userfetch"
GENTOO_MIRRORS="http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ ftp://ftp.gentoo-pt.org/pub/gentoo ftp://mirrors1.netvisao.pt/gentoo/ http://trumpetti.tut.atm.fi/gentoo"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://atl64.acores.pt/gentoo-portage"
USE="bitmap-fonts cli cracklib crypt cups dri fortran gdbm gpm iconv isdnlog midi mudflap nls nptl nptlonly openmp pam pcre ppds pppd reflection session sparc spl tcpd test truetype-fonts type1-fonts unicode vhosts xorg" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="dummy fbdev glint mach64 mga r128 radeon sunbw2 suncg14 suncg3 suncg6 sunffb sunleo tdfx v4l voodoo"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
ge --info for sparc64
Comment 23 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2007-09-27 17:11:39 UTC
Warnings for the above emerge processes:

net-misc/asterisk-1.2.17-r1 (alsa curl sqlite ssl)

*************************************************************
*** You have the WRONG version of mpg123... you need .59r ***
*** Use 'make mpg123' to get the right verison            ***
*************************************************************

 * QA Notice: Package has poor programming practices which may compile
 *            fine but exhibit random runtime failures.
 * analys.c:566: warning: implicit declaration of function 'placev_'
analys.c:622: warning: implicit declaration of function 'placea_'
synths.c:401: warning: implicit declaration of function 'irc2pc_'
synths.c:402: warning: implicit declaration of function 'bsynz_'


net-misc/asterisk-1.2.17-r1 (alsa curl doc speex sqlite ssl)

/var/tmp/portage/net-misc/asterisk-1.2.17-r1/work/asterisk-1.2.17/asterisk.c:147 Warning: unable to resolve reference to `Config_ast' for \ref command
/var/tmp/portage/net-misc/asterisk-1.2.17-r1/work/asterisk-1.2.17/include/asterisk/doxyref.h:409 Warning: unable to resolve reference to `Config_mod' for \ref command
/var/tmp/portage/net-misc/asterisk-1.2.17-r1/work/asterisk-1.2.17/include/asterisk/doxyref.h:416 Warning: unable to resolve reference to `Config_mod' for \ref command
/var/tmp/portage/net-misc/asterisk-1.2.17-r1/work/asterisk-1.2.17/include/asterisk/doxyref.h:421 Warning: unable to resolve reference to `ast_register_application()' for \ref command

Generating docs for file acl.c...
Renderer type: "png" not recognized. Use one of: canon cmap cmapx dia dot fig gd gd2 gif hpgl imap ismap mif mp pcl pic plain 
plain-ext ps ps2 svg svgz vtx wbmp xdot
Problems running dot: exit code=1, command='dot', arguments='"acl_8c__incl.dot" -Tpng -o "acl_8c__incl.png"'

*************************************************************
*** You have the WRONG version of mpg123... you need .59r ***
*** Use 'make mpg123' to get the right verison            ***
*************************************************************

 * QA Notice: Package has poor programming practices which may compile
 *            fine but exhibit random runtime failures.
 * analys.c:566: warning: implicit declaration of function 'placev_'
analys.c:622: warning: implicit declaration of function 'placea_'
synths.c:401: warning: implicit declaration of function 'irc2pc_'
synths.c:402: warning: implicit declaration of function 'bsynz_'


net-misc/asterisk-1.2.21.1 (alsa curl sqlite ssl)

(no warnings)

net-misc/asterisk-1.2.21.1 (alsa curl doc speex sqlite ssl)

format_gsm.c: In function 'gsm_write':
msgsm.h:459: warning: 'xmc[48]' may be used uninitialized in this function

/var/tmp/portage/net-misc/asterisk-1.2.21.1/work/asterisk-1.2.21.1/asterisk.c:147 Warning: unable to resolve reference to `Config_ast' for \ref command
/var/tmp/portage/net-misc/asterisk-1.2.21.1/work/asterisk-1.2.21.1/include/asterisk/doxyref.h:409 Warning: unable to resolve reference to `Config_mod' for \ref command
/var/tmp/portage/net-misc/asterisk-1.2.21.1/work/asterisk-1.2.21.1/include/asterisk/doxyref.h:416 Warning: unable to resolve reference to `Config_mod' for \ref command
/var/tmp/portage/net-misc/asterisk-1.2.21.1/work/asterisk-1.2.21.1/include/asterisk/doxyref.h:421 Warning: unable to resolve reference to `ast_register_application()' for \ref command
/var/tmp/portage/net-misc/asterisk-1.2.21.1/work/asterisk-1.2.21.1/include/asterisk/dundi.h:21 Warning: unable to resolve reference to `AstDUNDi' for \ref command

Renderer type: "png" not recognized. Use one of: canon cmap cmapx dia dot fig gd gd2 gif hpgl imap ismap mif mp pcl pic plain 
plain-ext ps ps2 svg svgz vtx wbmp xdot
Problems running dot: exit code=1, command='dot', arguments='"acl_8c__incl.dot" -Tpng -o "acl_8c__incl.png"'

 * QA Notice: Package has poor programming practices which may compile
 *            fine but exhibit random runtime failures.
 * analys.c:566: warning: implicit declaration of function 'placev_'
analys.c:622: warning: implicit declaration of function 'placea_'
synths.c:401: warning: implicit declaration of function 'irc2pc_'
synths.c:402: warning: implicit declaration of function 'bsynz_'
Comment 24 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-10-20 09:54:17 UTC
voip, any news on the sparc build issues?
Comment 25 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-11-02 23:20:01 UTC
(In reply to comment #24)
> voip, any news on the sparc build issues?
> 

*ping*
Comment 26 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-11-07 19:55:56 UTC
Ok, let's release a GLSA saying that there are no fixed version for sparc for now. GLSA request filed.
Comment 27 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-12 07:48:56 UTC
Sparc any news on this one?
Comment 28 Ferris McCormick (RETIRED) gentoo-dev 2008-02-12 12:44:22 UTC
(In reply to comment #27)
> Sparc any news on this one?
> 
Both 17-r1 and 21.1-r1 stable on sparc, and closing.
Comment 29 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-12 12:49:18 UTC
please don't close security bugs...
Comment 30 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2008-02-12 14:38:48 UTC
jaervosz,

for the record, we never got any reply from voip about the compilation errors with USE="h323".
Comment 31 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-12 17:27:26 UTC
Until voip responds what about disabling h323 for sparc?
Comment 32 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2008-02-12 19:57:36 UTC
armin76 has package.use.mask'ed it for now.
Comment 33 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-12 20:01:11 UTC
Seems like I forgot to add amd64 in the first round of stable marking :(
Comment 34 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-20 11:44:10 UTC
(In reply to comment #33)
> Seems like I forgot to add amd64 in the first round of stable marking :(
> 

@amd64: could you please take care of this one ASAP? The draft has been waiting for a long time.
Comment 35 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2008-02-21 04:12:34 UTC
do you still want to send out a glsa for this? there are new, open security bugs in asterisk which have yet to be fixed in our tree. eg bugs #200792 #202733.
Comment 36 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-21 07:41:55 UTC
I don't see any reason to wait for ebuilds on the other bugs before we release this one.
Comment 37 Peter Weller (RETIRED) gentoo-dev 2008-02-21 18:44:46 UTC
amd64 done.
Comment 38 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2008-02-24 13:21:55 UTC
This one is ready for GLSA. GLSAmaker NOT updated.
Comment 39 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-02-26 22:34:58 UTC
GLSA 200802-11, sorry for the long delay.