git: a876a1bf4a73 - 2026Q1 - net/asterisk22: Update 20.18.1 => 20.18.2

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Vladimir Druzenko <vvd_at_FreeBSD.org>
Date: Sun, 22 Feb 2026 21:57:34 UTC
The branch 2026Q1 has been updated by vvd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a876a1bf4a73b6e5a9c2b21752ded52049225fd9

commit a876a1bf4a73b6e5a9c2b21752ded52049225fd9
Author:     Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
AuthorDate: 2026-02-22 21:53:33 +0000
Commit:     Vladimir Druzenko <vvd@FreeBSD.org>
CommitDate: 2026-02-22 21:57:28 +0000

    net/asterisk22: Update 20.18.1 => 20.18.2
    
    Security Advisories Resolved: 4
    - GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
      leading to potential XXE Injection.
    - GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
      ast_debug_tools.conf from /etc/asterisk; potentially leading to
      privilege escalation.
    - GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
      page echos user supplied values(cookie and query string) without
      sanitization.
    - GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
      file to world writeable folder; leading to potential privilege
      escalation.
    
    Changelog:
    https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html
    
    PR:             293361
    Approved by:    Oleksandr Kryvulia <o.kryvulia@flex-it.com.ua>
    Security:       GHSA-85x7-54wr-vh42
    Security:       GHSA-rvch-3jmx-3jf3
    Security:       GHSA-v6hp-wh3r-cwxh
    Security:       GHSA-xpc6-x892-v83c
    MFH:            2026Q1
    
    (cherry picked from commit ab05146a6f7ec39a268ac534831bb1fb5dab0dee)
---
 net/asterisk20/Makefile | 2 +-
 net/asterisk20/distinfo | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/asterisk20/Makefile b/net/asterisk20/Makefile
index e5a3810f7847..74d4c0befc75 100644
--- a/net/asterisk20/Makefile
+++ b/net/asterisk20/Makefile
@@ -1,5 +1,5 @@
 PORTNAME=	asterisk
-DISTVERSION=	20.18.1
+DISTVERSION=	20.18.2
 CATEGORIES=	net
 MASTER_SITES=	https://downloads.asterisk.org/pub/telephony/%SUBDIR%/:DEFAULT,g729
 MASTER_SITE_SUBDIR=	asterisk/ \
diff --git a/net/asterisk20/distinfo b/net/asterisk20/distinfo
index 6be9cb6530f4..39457abda14c 100644
--- a/net/asterisk20/distinfo
+++ b/net/asterisk20/distinfo
@@ -1,6 +1,6 @@
-TIMESTAMP = 1769713379
-SHA256 (asterisk/asterisk-20.18.1.tar.gz) = fffc04d9348676c884224d5f66201c0c88468f382b3f58c41c2e5afd4a72868f
-SIZE (asterisk/asterisk-20.18.1.tar.gz) = 28627742
+TIMESTAMP = 1771750967
+SHA256 (asterisk/asterisk-20.18.2.tar.gz) = 247e47727856b113ad520f3142225b3b7e526e1ba471fb7d546bc0fa4a734592
+SIZE (asterisk/asterisk-20.18.2.tar.gz) = 28633144
 SHA256 (asterisk/asterisk-core-sounds-en-g729-1.6.tar.gz) = b49dec15e07bb9bff6af0da3a07180651a38ef54d3ea54a3f20c35f081ed8714
 SIZE (asterisk/asterisk-core-sounds-en-g729-1.6.tar.gz) = 1557798
 SHA256 (asterisk/asterisk-moh-opsound-g729-2.03.tar.gz) = 0147ca9a97f0c550227aacb7793499057c4d2c64e021c95f93722f27d5549585