[asterisk-users] change date

Klaus Schwarzkopf schwarzkopf at sensortherm.de
Mon Nov 29 03:04:15 CST 2010


Am 29.11.2010 08:20, schrieb Tilghman Lesher:
> On Saturday 27 November 2010 04:52:31 Klaus Schwarzkopf wrote:
> > Hi,
> >
> > why have many files on
> > http://downloads.asterisk.org/pub/telephony/asterisk/releases/ the
> > change date 18 aug 2009? See:
> >
> > asterisk-1.2.24-patch.gz    07-Aug-2007 17:10    3.2K
> > asterisk-1.2.24-patch.gz.asc    07-Aug-2007 17:10    1.1K
> > asterisk-1.2.24-patch.gz.sha1    07-Aug-2007 17:10     67
> > asterisk-1.2.24.tar.gz        18-Aug-2009 16:33     28M
> > asterisk-1.2.24.tar.gz.asc    18-Aug-2009 16:33    1.0K
> > asterisk-1.2.24.tar.gz.sha1    18-Aug-2009 16:33     65
> > asterisk-1.2.25-patch.gz    29-Nov-2007 15:59    1.5K
> > asterisk-1.2.25-patch.gz.asc    29-Nov-2007 15:59    567
> >
> >
> > I try to repair the openembedded recipes an the recipe have also an
> > different checksum.
> >
> > NOTE: fetch
> > http://downloads.asterisk.org/pub/telephony/asterisk/releases/asterisk-1
> > .2.24.tar.gz NOTE: The checksums for
> > '/home/klaus/development/oe/downloads/asterisk-1.2.24.tar.gz' did not
> > match. Expected MD5: '63dc8b7be4cd10375c5fbda893c780bc' and Got:
> > 'db7bcaaa494804af361157a37c224dfa'
> > Expected SHA256:
> > '9debaf410636fa477e1e1f09fe0b16a1c2814afaf7195f34f29e4ce5b8debbbd' and
> > Got: 'eed3493b1409d7100e0f983af0486bd7f8965e9e47b7a6d5ab8539b2dd3609aa'
> > NOTE: Your checksums:
> > SRC_URI[md5sum] = "db7bcaaa494804af361157a37c224dfa"
> > SRC_URI[sha256sum] =
> > "eed3493b1409d7100e0f983af0486bd7f8965e9e47b7a6d5ab8539b2dd3609aa"
>
> Due to a licensing issue with some of the files we distributed with 
> previous
> tarballs, we removed those files from archived tarballs in order to avoid
> continuing to distribute those files in any form.  So yes, the checksums
> will have changed, although the checksums we distribute with the tarballs
> were also updated at the same time.
>
> Given that most of the changes since 1.2.24 have been security fixes, I
> would strongly encourage you to update your packages.  There is no excuse
> for distributing vulnerable packages beyond the date that the 
> vulnerability
> is disclosed, plus a brief period necessary for releasing updated 
> packages.
>
> Additionally, the 1.2 branch has been EOLed, which means if any additional
> security issues are found, we will not be releasing updated packages to
> deal with those issues.  For this reason, you would be better off putting
> forth the work to release packages based upon 1.4 or 1.8.
>


Thanks for the detailed information. There are recipes with the new 
version. I recommend to delete the old one.


Greetings,

Klaus



More information about the asterisk-users mailing list