[ATrpms-users] Asterisk rpms busted...
Axel Thimm
Axel.Thimm at ATrpms.net
Mon Jul 17 21:40:21 CEST 2006
On Mon, Jul 17, 2006 at 01:07:53PM -0400, Michael H. Warfield wrote:
> Axel...
>
> I figured I would ding you first before posting to any of the mailing
> lists.
Thanks, but there is no issue of disclosure due to security (or
embarrassment ;), so lists are fine.
> Asterisk released a security update to Asterisk and Zaptel this weekend
> and the pieces have shown up in atrpms but there seems to be problems
> with the Asterisk package (Zaptel seems fine).
>
> I'm seeing this error after updating an FC5 system to 1.2.10:
>
> asterisk -vvv
> : - lots of verbose stuff...
> [app_rxfax.so]Jul 17 12:55:11 WARNING[26304]: loader.c:325 __load_resource: /usr/lib/asterisk/modules/app_rxfax.so: undefined symbol: t30_get_far_ident
> Jul 17 12:55:11 WARNING[26304]: loader.c:554 load_modules: Loading module app_rxfax.so failed!
>
> rpm -qf /usr/lib/asterisk/modules/app_rxfax.so
> asterisk-1.2.10-26.fc5.at
t30_get_far_ident is a symbold defined in libspandsp. Isn't spandsp
installed on your system? What does ldd on app_rxfax.so say?
Anyone else using asterisk 1.2.10 with app_*fax?
> Also... In attempting to upgrade I ran into a critical dependency
> where I couldn't update the Zaptel packages because of conflicts with
> the zaptel-kmdl modules. I tried installing the newer modules, but that
> also failed. I had to erase the older modules from the system, then
> upgrade Asterisk and Zaptel and then install the newer zaptel-kmdl
> packages. Seems to be a catch-22 in the upgrade path there.
If the upgrade succeeds manually, then it's not a dependency issue
(otherwise you would run into it again, dependencies are static and
stateless), but probably more an issue with your depsolver, which I
guess is yum. Try smart or even apt and feel the difference ;)
> One of the security issues with Asterisk is a moderately serious
> spoofable unauthenticated resource amplification attack in IAX2 that can
> be exploited to hijack Asterisk into DoS'ing other networks through a
> UDP flood, so this is a moderately important update.
Thanks for the note, that's why the old packages were already removed.
--
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.atrpms.net/pipermail/atrpms-users/attachments/20060717/61595086/attachment.bin
More information about the atrpms-users
mailing list