The NetBSD Project

CVS log for pkgsrc/comms/asterisk/Attic/distinfo

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / comms / asterisk

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.87, Sun Sep 22 19:56:09 2019 UTC (3 years, 4 months ago) by jnemeth
Branch: MAIN
CVS Tags: HEAD
Changes since 1.86: +1 -1 lines
FILE REMOVED

delete ancient Asterisk 11.*

Revision 1.86 / (download) - annotate - [select for diffs], Sun Aug 18 05:22:17 2019 UTC (3 years, 5 months ago) by maya
Branch: MAIN
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)

asterisk: remove redundant patch hunk. We REPLACE_PERL this script, no need
to do it manually.

Revision 1.85 / (download) - annotate - [select for diffs], Mon Jul 16 23:21:58 2018 UTC (4 years, 6 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2, pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.84: +9 -9 lines
Diff to previous 1.84 (colored)

Update to Asterisk 11.25.3.  This is a security update to fix
AST-2017-005, AST-2017-006, and AST-2017-008.  There was no release
announcement as only security patches were issued.  I just found
this update while looking to see what updates I was missing for
more recent versions of Asterisk.  The Asterisk 11.x series was
declared end-of-life on Oct. 25th, 2017, so there will not be any
more updates to this package (other then PKGREVISION bumps for
dependencies) before it gets deleted.  There is a reasonable chance
that there are unpatched vulnerabilities in this package.  Anybody
still using it should upgrade a newer version as soon as possibble.

-----  AST-2017-2005  -----

    Description  The "strictrtp" option in rtp.conf enables a feature of the
                 RTP stack that learns the source address of media for a
                 session and drops any packets that do not originate from
                 the expected address. This option is enabled by default in
                 Asterisk 11 and above.

                 The "nat" and "rtp_symmetric" options for chan_sip and
                 chan_pjsip respectively enable symmetric RTP support in the
                 RTP stack. This uses the source address of incoming media
                 as the target address of any sent media. This option is not
                 enabled by default but is commonly enabled to handle
                 devices behind NAT.

                 A change was made to the strict RTP support in the RTP
                 stack to better tolerate late media when a reinvite occurs.
                 When combined with the symmetric RTP support this
                 introduced an avenue where media could be hijacked. Instead
                 of only learning a new address when expected the new code
                 allowed a new source address to be learned at all times.

                 If a flood of RTP traffic was received the strict RTP
                 support would allow the new address to provide media and
                 with symmetric RTP enabled outgoing traffic would be sent
                 to this new address, allowing the media to be hijacked.
                 Provided the attacker continued to send traffic they would
                 continue to receive traffic as well.

    Resolution  The RTP stack will now only learn a new source address if it
                has been told to expect the address to change. The RTCP
                support has now also been updated to drop RTCP reports that
                are not regarding the RTP session currently in progress. The
                strict RTP learning progress has also been improved to guard
                against a flood of RTP packets attempting to take over the
                media stream.

-----  AST-2017-006  -----

    Description  The app_minivm module has an "externnotify" program
                 configuration option that is executed by the MinivmNotify
                 dialplan application. The application uses the caller-id
                 name and number as part of a built string passed to the OS
                 shell for interpretation and execution. Since the caller-id
                 name and number can come from an untrusted source, a
                 crafted caller-id name or number allows an arbitrary shell
                 command injection.

    Resolution  Patched Asterisk's app_minivm module to use a different
                system call that passes argument strings in an array instead
                of having the OS shell determine the application parameter
                boundaries.

-----  AST-2017-008  -----

    Description  This is a follow up advisory to AST-2017-005.

                 Insufficient RTCP packet validation could allow reading
                 stale buffer contents and when combined with the "nat" and
                 "symmetric_rtp" options allow redirecting where Asterisk
                 sends the next RTCP report.

                 The RTP stream qualification to learn the source address of
                 media always accepted the first RTP packet as the new
                 source and allowed what AST-2017-005 was mitigating. The
                 intent was to qualify a series of packets before accepting
                 the new source address.

    Resolution  The RTP/RTCP stack will now validate RTCP packets before
                processing them. Packets failing validation are discarded.
                RTP stream qualification now requires the intended series of
                packets from the same address without seeing packets from a
                different source address to accept a new source address.

Revision 1.84 / (download) - annotate - [select for diffs], Sun Dec 11 00:50:15 2016 UTC (6 years, 1 month ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1, pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3, pkgsrc-2017Q2-base, pkgsrc-2017Q2, pkgsrc-2017Q1-base, pkgsrc-2017Q1, pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.83: +9 -9 lines
Diff to previous 1.83 (colored)

Update to Asterisk 11.25.1:  this fixes AST-2016-009.

             Asterisk Project Security Advisory - ASTERISK-2016-009

         Product        Asterisk
         Summary
    Nature of Advisory  Authentication Bypass
      Susceptibility    Remote unauthenticated sessions
         Severity       Minor
      Exploits Known    No
       Reported On      October 3, 2016
       Reported By      Walter Doekes
        Posted On
     Last Updated On    December 8, 2016
     Advisory Contact   Mmichelson AT digium DOT com
         CVE Name

    Description  The chan_sip channel driver has a liberal definition for
                 whitespace when attempting to strip the content between a
                 SIP header name and a colon character. Rather than
                 following RFC 3261 and stripping only spaces and horizontal
                 tabs, Asterisk treats any non-printable ASCII character as
                 if it were whitespace. This means that headers such as

                 Contact\x01:

                 will be seen as a valid Contact header.

                 This mostly does not pose a problem until Asterisk is
                 placed in tandem with an authenticating SIP proxy. In such
                 a case, a crafty combination of valid and invalid To
                 headers can cause a proxy to allow an INVITE request into
                 Asterisk without authentication since it believes the
                 request is an in-dialog request. However, because of the
                 bug described above, the request will look like an
                 out-of-dialog request to Asterisk. Asterisk will then
                 process the request as a new call. The result is that
                 Asterisk can process calls from unvetted sources without
                 any authentication.

                 If you do not use a proxy for authentication, then this
                 issue does not affect you.

                 If your proxy is dialog-aware (meaning that the proxy keeps
                 track of what dialogs are currently valid), then this issue
                 does not affect you.

                 If you use chan_pjsip instead of chan_sip, then this issue
l
                 does not affect you.

    Resolution  chan_sip has been patched to only treat spaces and
                horizontal tabs as whitespace following a header name. This
                allows for Asterisk and authenticating proxies to view
                requests the same way

                               Affected Versions
                         Product                       Release
                                                       Series
                  Asterisk Open Source                  11.x    All Releases
                  Asterisk Open Source                  13.x    All Releases
                  Asterisk Open Source                  14.x    All Releases
                   Certified Asterisk                   13.8    All Releases


                                  Corrected In
          Product                              Release
    Asterisk Open Source               11.25.1, 13.13.1, 14.2.1
     Certified Asterisk                11.6-cert16, 13.8-cert4

                                    Patches
                 SVN URL                              Revision

           Links

    Asterisk Project Security Advisories are posted at
    http://www.asterisk.org/security

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/security/ASTERISK-2016-009.pdf and
    http://downloads.digium.com/pub/security/ASTERISK-2016-009.html

                                Revision History
                     Date                        Editor      Revisions Made
    November 28, 2016                        Mark Michelson  Initial writeup

             Asterisk Project Security Advisory - ASTERISK-2016-009
              Copyright (c) 2016 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.

Revision 1.83 / (download) - annotate - [select for diffs], Sun Nov 27 04:42:26 2016 UTC (6 years, 2 months ago) by jnemeth
Branch: MAIN
Changes since 1.82: +9 -9 lines
Diff to previous 1.82 (colored)

Update to Asterisk 11.25.0:  this is a bug fix release.

The Asterisk Development Team has announced the release of Asterisk 11.25.0.

The release of Asterisk 11.25.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-26503 - app_voicemail: Asterisk crashes when
      MailboxExists is used (Reported by Doug Lytle)
 * ASTERISK-26480 - [patch] CLI: core set debug: Auto-completes
      File not Module (Reported by Alexander Traud)
 * ASTERISK-26356 - menuselect: invalid test for GTK2 (Reported by
      Tzafrir Cohen)
 * ASTERISK-26462 - [patch] app_queue: While using queues with
      realtime, setting back to an empty context doesn't stop the exit
      key usage (Reported by Leandro Dardini)
 * ASTERISK-26457 - [patch] force_rport,auto_comedia: No NAT
      detection triggered. (Reported by Alexander Traud)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.25.0

Thank you for your continued support of Asterisk!

Revision 1.82 / (download) - annotate - [select for diffs], Fri Oct 28 07:26:26 2016 UTC (6 years, 3 months ago) by jnemeth
Branch: MAIN
Changes since 1.81: +9 -9 lines
Diff to previous 1.81 (colored)

Update to Asterisk 11.24.1: this is a critical bug fix release.

The Asterisk Development Team has announced the release of Asterisk 11.24.1.

The release of Asterisk 11.24.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!

The following is the issue resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-26503 - app_voicemail: Asterisk crashes when
      MailboxExists is used (Reported by Doug Lytle)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.24.1

Thank you for your continued support of Asterisk!

Revision 1.81 / (download) - annotate - [select for diffs], Wed Oct 26 05:53:37 2016 UTC (6 years, 3 months ago) by jnemeth
Branch: MAIN
Changes since 1.80: +10 -9 lines
Diff to previous 1.80 (colored)

Update to Asterisk 11.24.0: this is a bug fix release.

The Asterisk Development Team has announced the release of Asterisk 11.24.0.

The release of Asterisk 11.24.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-26438 - [patch] chan_sip: auto_force_rport: No NAT = No
      Symmetric Response. (Reported by Alexander Traud)
 * ASTERISK-18232 - Broken REGISTER sent to IPv4 server when
      bindaddr=[::] (Reported by Jacek)
 * ASTERISK-26359 - [patch] cdr_mysql: fails to use UTC if so
      instructed (Reported by Tzafrir Cohen)
 * ASTERISK-19968 - TCP Session-Timers not dropping call (Reported
      by Aaron Hamstra)
 * ASTERISK-26360 - app_queue: "queue show" output gets "failed to
      extend from 240 to 327" msgs. (Reported by Richard Mudgett)
 * ASTERISK-26272 - chan_sip: File descriptors leak (UDP sockets)
      (Reported by Etienne Lessard)
 * ASTERISK-26288 - followme: fails to reset config items to
      default values on reload (Reported by Tzafrir Cohen)
 * ASTERISK-26282 - AEL: macro-call in Dial application, macro
      "lacks 's' extension" (Reported by chris de rock)
 * ASTERISK-26226 - pbx: Asterisk crash on AMI action
      "ShowDialplan" when there's a circular dependency between
      contexts (Reported by Etienne Lessard)
 * ASTERISK-26299 - app_queue: Queue application sometimes stops
      calling members with Local interface (Reported by Etienne
      Lessard)
 * ASTERISK-26306 - channel: Hang-up crashes, chan_pjsip not
      cleaning up properly (Reported by Alexander Traud)
 * ASTERISK-26203 - res_fax: Deadlock when using
      FAXOPT(gateway)=yes with Local channels (Reported by Etienne
      Lessard)
 * ASTERISK-24822 - Deadlock: Fax Gateway framehook creates locking
      inversion in T.38 query option with features bridging code
      (Reported by David Brillert)
 * ASTERISK-22732 - Deadlock potential in res_fax and CCSS with
      local channels. (Reported by Richard Mudgett)
 * ASTERISK-24841 - ConfBridge: Strange sampling rates chosen when
      channels have multiple native formats (Reported by Matt Jordan)
 * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
      SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
      abelbeck)
 * ASTERISK-25706 - pbx: Abort asterisk on features reload
      (handle_hint_change) (Reported by Krzysztof Trempala)
 * ASTERISK-26233 - pbx: Failure to remove inconsistent extension
      names (Reported by Corey Farrell)
 * ASTERISK-26267 - ast_register_atexit callbacks should be run on
      failed startup. (Reported by Corey Farrell)
 * ASTERISK-26265 - Errors ignored from some parts of system
      initialization. (Reported by Corey Farrell)
 * ASTERISK-25996 - Remove "live_dangerously" requirement on
      DB(read) (Reported by Andrew Nagy)
 * ASTERISK-26237 - Fax is detected on regular calls. (Reported by
      Richard Mudgett)
 * ASTERISK-23013 - [patch] Deadlock between 'sip show channels'
      command and attended transfer handling (Reported by Ben
      Smithurst)
 * ASTERISK-26211 - Unit tests: AST_TEST_DEFINE should be used in
      conditional code. (Reported by Corey Farrell)
 * ASTERISK-26207 - [patch] sRTP: Count a roll-over of the sequence
      number even on lost packets. (Reported by Alexander Traud)
 * ASTERISK-26038 - 'make install' doesn't seem to install OS/X
      init files (Reported by Tzafrir Cohen)
 * ASTERISK-26133 - app_queue: Queue members receive multiple calls
      (Reported by Richard Miller)
 * ASTERISK-26196 - pbx: Time based includes can leak timezone
      string (Reported by Corey Farrell)
 * ASTERISK-25659 - res_rtp_asterisk: ECDH not negotiated causing
      DTLS failure occurred on RTP instance (Reported by Edwin
      Vandamme)
 * ASTERISK-26046 - [patch] Avoid obsolete warnings on autoconf.
      (Reported by Alexander Traud)
 * ASTERISK-25289 - Build System does not respect CFLAGS and
      CXXFLAGS when building menuselect (Reported by Jeffrey Walton)
 * ASTERISK-26119 - [patch] fix: memory leaks, resource leaks, out
      of bounds and bugs (Reported by Alexei Gradinari)
 * ASTERISK-26179 - chan_sip: Second T.38 request fails (Reported
      by Joshua Colp)
 * ASTERISK-26157 - Build:   Fix errors highlighted by GCC 6.x
      (Reported by George Joseph)

Improvements made in this release:
-----------------------------------
 * ASTERISK-26220 - Add support for noreturn function attributes.
      (Reported by Corey Farrell)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.24.0

Thank you for your continued support of Asterisk!

Revision 1.80 / (download) - annotate - [select for diffs], Fri Sep 23 19:16:29 2016 UTC (6 years, 4 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.79: +12 -11 lines
Diff to previous 1.79 (colored)

Update to Asterisk 11.23.1:  this is a security fix release to fix
AST-2016-007.  Note that on Oct. 25th, this branch of Asterisk will
switch to security fixes, and one year later it will read end-of-life.

pkgsrc changes:
- don't use gethostbyname_r on NetBSD
- eliminate conflict with new hmac(1) function on NetBSd

----- AST-2016-007

The overlap dialing feature in chan_sip allows chan_sip to report
to a device that the number that has been dialed is incomplete and
more digits are required. If this functionality is used with a
device that has performed username/password authentication RTP
resources are leaked.  This occurs because the code fails to release
the old RTP resources before allocating new ones in this scenario.
If all resources are used then RTP port exhaustion will occur and
no RTP sessions are able to be set up.

Revision 1.79 / (download) - annotate - [select for diffs], Sat Jul 23 08:27:44 2016 UTC (6 years, 6 months ago) by jnemeth
Branch: MAIN
Changes since 1.78: +10 -12 lines
Diff to previous 1.78 (colored)

Update to Asterisk 11.23.0: this is a bug fix release.

The Asterisk Development Team has announced the release of Asterisk 11.23.0.

The release of Asterisk 11.23.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-26141 - res_fax: fax_v21_session_new leaks reference to
      v21_details (Reported by Corey Farrell)
 * ASTERISK-26140 - res_rtp_asterisk: gcc 6 caught a
      self-comparison (Reported by George Joseph)
 * ASTERISK-26138 - chan_unistim:  Under FreeBSD, chan_unistim
      generates a compile error (Reported by George Joseph)
 * ASTERISK-26130 - [patch] WebRTC: Should use latest DTLS version.
      (Reported by Alexander Traud)
 * ASTERISK-26126 - [patch] leverage 'bindaddr' for TLS in
      http.conf (Reported by Alexander Traud)
 * ASTERISK-26069 - Asterisk truncates To: header, dropping the
      closing '>' (Reported by Vasil Kolev)
 * ASTERISK-26097 - [patch] CLI: show maximum file descriptors
      (Reported by Alexander Traud)
 * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
      against libsrtp-1.5.0 (Reported by Patrick Laimbock)
 * ASTERISK-26091 - [patch] ar cru creates warning, instead use ar
      cr (Reported by Alexander Traud)
 * ASTERISK-26038 - 'make install' doesn't seem to install OS/X
      init files (Reported by Tzafrir Cohen)
 * ASTERISK-26034 - T.38 passthrough problem behind firewall due to
      early nosignal packet (Reported by George Joseph)
 * ASTERISK-26030 - call cut because of double Session-Expires
      header in re-invite after proxy authentication is required
      (Reported by George Joseph)
 * ASTERISK-26008 - app_followme does not delete recorded name
      prompt (Reported by Tzafrir Cohen)
 * ASTERISK-24463 - Voicemail email address corrupt or not sent
      when message is in the process of being recorded during reload
      (Reported by John Campbell)
 * ASTERISK-25917 - [patch]app_voicemail: passwordlocation=spooldir
      only works if you manually add secret.conf yourself (Reported by
      Jonathan R. Rose)
 * ASTERISK-25954 - Manager QueueSummary and QueueStatus Actions
      are case sensitive to QueueName (Reported by Javier Acosta)
 * ASTERISK-16115 - [patch] problem with ringinuse=no, queue
      members receive sometimes two calls (Reported by nik600)
 * ASTERISK-25934 - chan_sip should not require sipregs or
      updateable sippeers table unless rt (Reported by Jaco Kroon)
 * ASTERISK-25888 - Frequent segfaults in function can_ring_entry()
      of app_queue.c (Reported by Sébastien Couture)
 * ASTERISK-25874 - app_voicemail: Stack buffer overflow in
      test_voicemail_notify_endl (Reported by Badalian Vyacheslav)
 * ASTERISK-25912 - chan_local passes AST_CONTROL_PVT_CAUSE_CODE
      without adding them to the local hangupcauses via
      ast_channel_hangupcause_hash_set (Reported by Jaco Kroon)
 * ASTERISK-25407 - Asterisk fails to log to multiple syslog
      destinations (Reported by Elazar Broad)
 * ASTERISK-25510 - [patch]Log to syslog failing (Reported by
      Michael Newton)

Improvements made in this release:
-----------------------------------
 * ASTERISK-25444 - [patch]Music On Hold Warning misleading
      (Reported by Conrad de Wet)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.23.0

Thank you for your continued support of Asterisk!

Revision 1.78 / (download) - annotate - [select for diffs], Thu May 5 02:00:33 2016 UTC (6 years, 9 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q2
Changes since 1.77: +10 -10 lines
Diff to previous 1.77 (colored)

Update to Asterisk 11.22.0: this is mostly a bug fix release.

----- 11.22.0

The Asterisk Development Team has announced the release of Asterisk 11.22.0.

The release of Asterisk 11.22.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-25857 - func_aes: incorrect use of strlen() leads to
      data corruption (Reported by Gianluca Merlo)
 * ASTERISK-25321 - [patch]DeadLock ChanSpy with call over Local
      channel (Reported by Filip Frank)
 * ASTERISK-25800 - [patch] Calculate talktime when is first call
      answered (Reported by Rodrigo Ramirez Norambuena)
 * ASTERISK-25272 - [patch]The ICONV dialplan function sometimes
      returns garbage (Reported by Etienne Lessard)
 * ASTERISK-20987 - non-admin users, who join muted conference are
      not being muted (Reported by hristo)
 * ASTERISK-24972 - Transport Layer Security (TLS) Protocol BEAST
      Vulnerability - Investigate vulnerability of HTTP server
      (Reported by Alex A. Welzl)
 * ASTERISK-25603 - [patch]udptl: Uninitialized lengths and bufs in
      udptl_rx_packet cause ast_frdup crash (Reported by Walter
      Doekes)
 * ASTERISK-25742 - Secondary IFP Packets can result in accessing
      uninitialized pointers and a crash (Reported by Torrey Searle)
 * ASTERISK-25397 - [patch]chan_sip: File descriptor leak with
      non-default timert1 (Reported by Alexander Traud)
 * ASTERISK-25730 - build:  make uninstall after make distclean
      tries to remove root (Reported by George Joseph)
 * ASTERISK-25722 - ASAN & testsute: stack-buffer-overflow in
      sip_sipredirect (Reported by Badalian Vyacheslav)
 * ASTERISK-25714 - ASAN:heap-buffer-overflow in logger.c (Reported
      by Badalian Vyacheslav)
 * ASTERISK-24801 - ASAN: ast_el_read_char stack-buffer-overflow
      (Reported by Badalian Vyacheslav)
 * ASTERISK-25701 - core: Endless loop in "core show
      taskprocessors" (Reported by ibercom)
 * ASTERISK-25700 - main/config: Clean config maps on shutdown.
      (Reported by Corey Farrell)
 * ASTERISK-25690 - Hanging up when executing connected line sub
      does not cause hangup (Reported by Joshua Colp)
 * ASTERISK-25687 - res_musiconhold: Concurrent invocations of 'moh
      reload' cause a crash (Reported by Sean Bright)
 * ASTERISK-25394 - pbx: Incorrect device and presence state when
      changing hint details (Reported by Joshua Colp)
 * ASTERISK-25640 - pbx: Deadlock on features reload and state
      change hint. (Reported by Krzysztof Trempala)
 * ASTERISK-25681 - devicestate: Engine thread is not shut down
      (Reported by Corey Farrell)
 * ASTERISK-25680 - manager: manager_channelvars is not cleaned at
      shutdown (Reported by Corey Farrell)
 * ASTERISK-25679 - res_calendar leaks scheduler. (Reported by
      Corey Farrell)
 * ASTERISK-25677 - pbx_dundi: leaks during failed load. (Reported
      by Corey Farrell)
 * ASTERISK-25673 - res_crypto leaks CLI entries (Reported by Corey
      Farrell)
 * ASTERISK-25647 - bug of cel_radius.c: wrong point of
      ADD_VENDOR_CODE (Reported by Aaron An)
 * ASTERISK-25614 - DTLS negotiation delays (Reported by Dade
      Brandon)
 * ASTERISK-25442 - using realtime (mysql) queue members are never
      updated in wait_our_turn function (app_queue.c)  (Reported by
      Carlos Oliva)
 * ASTERISK-25624 - AMI Event OriginateResponse bug (Reported by
      sungtae kim)

Improvements made in this release:
-----------------------------------
 * ASTERISK-24813 - asterisk.c: #if statement in listener()
      confuses code folding editors (Reported by Corey Farrell)
 * ASTERISK-25767 - [patch] Add check to configure for sanitizes
      (Reported by Badalian Vyacheslav)
 * ASTERISK-25068 - Move commonly used FreePBX extra sounds to the
      core set (Reported by Rusty Newton)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.22.0

Thank you for your continued support of Asterisk!

----- 11.21.2

The Asterisk Development Team has announced the release of Asterisk 11.21.2.

The release of Asterisk 11.21.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!

The following is the issue resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-25770 - Check for OpenSSL defines before trying to use
      them. (Reported by Kevin Harwell)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.21.2

Thank you for your continued support of Asterisk!

Revision 1.77 / (download) - annotate - [select for diffs], Sun Feb 7 08:18:43 2016 UTC (6 years, 11 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2016Q1-base, pkgsrc-2016Q1
Changes since 1.76: +11 -11 lines
Diff to previous 1.76 (colored)

Update to Asterisk 11.21.1:  this is mainly a bug patch update plus
fixes for AST-2016-001, AST-2016-002, and AST-2016-003.  Also some
pkglinting.

----- 11.21.1

The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases
are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1.

The release of these versions resolves the following security vulnerabilities:

* AST-2016-001: BEAST vulnerability in HTTP server

  The Asterisk HTTP server currently has a default configuration which allows
  the BEAST vulnerability to be exploited if the TLS functionality is enabled.
  This can allow a man-in-the-middle attack to decrypt data passing through it.

* AST-2016-002: File descriptor exhaustion in chan_sip

  Setting the sip.conf timert1 value to a value higher than 1245 can cause an
  integer overflow and result in large retransmit timeout times. These large
  timeout values hold system file descriptors hostage and can cause the system
  to run out of file descriptors.

* AST-2016-003: Remote crash vulnerability receiving UDPTL FAX data.

  If no UDPTL packets are lost there is no problem. However, a lost packet
  causes Asterisk to use the available error correcting redundancy packets. If
  those redundancy packets have zero length then Asterisk uses an uninitialized
  buffer pointer and length value which can cause invalid memory accesses later
  when the packet is copied.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.21.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2016-001.pdf
 * http://downloads.asterisk.org/pub/security/AST-2016-002.pdf
 * http://downloads.asterisk.org/pub/security/AST-2016-003.pdf

Thank you for your continued support of Asterisk!

----- 11.21.0

The Asterisk Development Team has announced the release of Asterisk 11.21.0.

The release of Asterisk 11.21.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-25640 - pbx: Deadlock on features reload and state
      change hint. (Reported by Krzysztof Trempala)
 * ASTERISK-25364 - [patch]Issue a TCP connection(kernel) and
      thread of asterisk is not released (Reported by Hiroaki Komatsu)
 * ASTERISK-25569 - app_meetme: Audio quality issues (Reported by
      Corey Farrell)
 * ASTERISK-25609 - [patch]Asterisk may crash when calling
      ast_channel_get_t38_state(c) (Reported by Filip Jenicek)
 * ASTERISK-24146 - [patch]No audio on WebRtc caller side when
      answer waiting time is more than ~7sec (Reported by Aleksei
      Kulakov)
 * ASTERISK-25599 - [patch] SLIN Resampling Codec only 80 msec
      (Reported by Alexander Traud)
 * ASTERISK-25616 - Warning with a Codec Module which supports PLC
      with FEC (Reported by Alexander Traud)
 * ASTERISK-25610 - Asterisk crash during "sip reload" (Reported by
      Dudás József)
 * ASTERISK-25498 - Asterisk crashes when negotiating g729 without
      that module installed (Reported by Ben Langfeld)
 * ASTERISK-25476 - chan_sip loses registrations after a while
      (Reported by Michael Keuter)
 * ASTERISK-25593 - fastagi: record file closed after sending
      result (Reported by Kevin Harwell)
 * ASTERISK-25585 - [patch]rasterisk never hits most of main(), but
      it's assumed to (Reported by Walter Doekes)
 * ASTERISK-25552 - hashtab: Improve NULL tolerance (Reported by
      Joshua Colp)
 * ASTERISK-25449 - main/sched: Regression introduced by
      5c713fdf18f causes erroneous duplicate RTCP messages; other
      potential scheduling issues in chan_sip/chan_skinny (Reported by
      Matt Jordan)
 * ASTERISK-25537 - [patch] format-attribute module: RFC or
      internal defaults? (Reported by Alexander Traud)
 * ASTERISK-25373 -  add documentation for CALLERID(pres) and also
      the CONNECTEDLINE and REDIRECTING variants (Reported by Walter
      Doekes)
 * ASTERISK-25527 - Quirky xmldoc description wrapping (Reported by
      Walter Doekes)
 * ASTERISK-25434 - Compiler flags not reported in 'core show
      settings' despite usage during compilation (Reported by Rusty
      Newton)
 * ASTERISK-25494 - build:  GCC 5.1.x catches some new const, array
      bounds and missing paren issues (Reported by George Joseph)
 * ASTERISK-7803 - [patch] Update the maximum packetization values
      in frame.c (Reported by dea)
 * ASTERISK-25461 - Nested dialplan #includes don't work as
      expected. (Reported by Richard Mudgett)
 * ASTERISK-25455 - Deadlock of PJSIP realtime over
      res_config_pgsql  (Reported by mdu113)
 * ASTERISK-25135 - [patch]RTP Timeout hangup cause code missing
      (Reported by Olle Johansson)
 * ASTERISK-25400 - Hints broken when "CustomPresence" doesn't
      exist in AstDB (Reported by Andrew Nagy)
 * ASTERISK-25443 - [patch]IPv6 - Potential issue in via header
      parsing (Reported by ffs)
 * ASTERISK-25391 - AMI GetConfigJSON returns invalid JSON
      (Reported by Bojan Nemi)
 * ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
      ICE is not enabled (Reported by Joshua Colp)

Improvements made in this release:
-----------------------------------
 * ASTERISK-24718 - [patch]Add inital support of "sanitize" to
      configure (Reported by Badalian Vyacheslav)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.21.0

Thank you for your continued support of Asterisk!

Revision 1.76 / (download) - annotate - [select for diffs], Tue Nov 3 01:34:52 2015 UTC (7 years, 3 months ago) by agc
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base, pkgsrc-2015Q4
Changes since 1.75: +3 -1 lines
Diff to previous 1.75 (colored)

Add SHA512 digests for distfiles for comms category

Existing SHA1 digests verified, all found to be the same on the
machine holding the existing distfiles (morden).  Existing SHA1
digests retained for now as an audit trail.

Revision 1.75 / (download) - annotate - [select for diffs], Tue Oct 27 08:49:01 2015 UTC (7 years, 3 months ago) by jnemeth
Branch: MAIN
Changes since 1.74: +26 -13 lines
Diff to previous 1.74 (colored)

Update Asterisk to 11.20.0: this is mainly a bug fix release.

pkgsrc changes:
- from joerg@
  - srtp support
  - new asterisk-config option to control installing of sample config files
  - manifest.xml for Solaris' SMF
  - various bugfixes, some reworked by myself
- backport kqueue timer update from Asterisk 13

-----

The Asterisk Development Team has announced the release of Asterisk 11.20.0.

The release of Asterisk 11.20.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-25449 - main/sched: Regression introduced by
      5c713fdf18f causes erroneous duplicate RTCP messages; other
      potential scheduling issues in chan_sip/chan_skinny (Reported by
      Matt Jordan)
 * ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
      ICE is not enabled (Reported by Joshua Colp)
 * ASTERISK-25427 - Callerid change does not always emit
      NewCallerid AMI event (Reported by Ivan Poddubny)
 * ASTERISK-25407 - Asterisk fails to log to multiple syslog
      destinations (Reported by Elazar Broad)
 * ASTERISK-25410 - app_record: RECORDED_FILE variable not being
      populated (Reported by Kevin Harwell)
 * ASTERISK-25394 - pbx: Incorrect device and presence state when
      changing hint details (Reported by Joshua Colp)
 * ASTERISK-25396 - chan_sip: Extremely long callerid name causes
      invalid SIP (Reported by Walter Doekes)
 * ASTERISK-25353 - [patch] Transcoding while different in Frame
      size = Frames lost (Reported by Alexander Traud)
 * ASTERISK-25227 - No audio at in-band announcements in ooh323
      channel (Reported by Alexandr Dranchuk)
 * ASTERISK-25346 - chan_sip: Overwriting answered elsewhere hangup
      cause on call pickup (Reported by Joshua Colp)
 * ASTERISK-25215 - Differences in queue.log between Set
      QUEUE_MEMBER and using PauseQueueMember (Reported by Lorne
      Gaetz)
 * ASTERISK-25320 - chan_sip.c: sip_report_security_event searches
      for wrong or non existent peer on invite (Reported by Kevin
      Harwell)
 * ASTERISK-25315 - DAHDI channels send shortened duration DTMF
      tones. (Reported by Richard Mudgett)
 * ASTERISK-25312 - res_http_websocket: Terminate connection on
      fatal cases (Reported by Joshua Colp)
 * ASTERISK-25265 - [patch]DTLS Failure when calling WebRTC-peer on
      Firefox 39 - add ECDH support and fallback to prime256v1
      (Reported by Stefan Engström)

Improvements made in this release:
-----------------------------------
 * ASTERISK-25310 - [patch]on FreeBSD also pthread_attr_init()
      defaults to PTHREAD_EXPLICIT_SCHED (Reported by Guido Falsi)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.20.0

Thank you for your continued support of Asterisk!

Revision 1.74 / (download) - annotate - [select for diffs], Sun Aug 9 04:07:13 2015 UTC (7 years, 5 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base, pkgsrc-2015Q3
Changes since 1.73: +11 -10 lines
Diff to previous 1.73 (colored)

Update to Asterisk 11.19.0: this is mainly a bug fix release with
minor features

pkgsrc changes:
- new version of core sounds
- add options for SNMP and PostgreSQL from Mike Bowie in PR/49661
  and by popular demand
- add back support for menuselect personalization as that's how I was
  doing menuselect non-interactively
  - XXX need to look at a better way of doing this
- disable PJSIP for now as it doesn't work well on NetBSD from Mike Bowie

Since I added an option for PostgreSQL I also looked at adding an
option for directly using MySQL.  Turns out that all the MySQL
modules are in the addons directory and are marked as being
deprecated.  So I didn't bother.  While investigating this, I also
noted that all the pgsql modules are marked as "extended" support.
This basically means that it is supported by the community, but
there is no one person listed as being responsible who would take
the lead for maintaining them.  This basically means that they are
unsupported / low priority.  See
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Module+Support+States .
Also with the pgsql modules, there is no way to do a database query
from the dialplan.  Thus it is recommended to use the unixodbc
option as the modules are supported and offer the most functionality.

-----

The Asterisk Development Team has announced the release of Asterisk 11.19.0.

The release of Asterisk 11.19.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-25250 - chan_sip - Despite the channel being answered,
      caller on a call established via Local channel continues to hear
      ringback (Reported by Etienne Lessard)
 * ASTERISK-25247 - choppy audio when spying on a g722 channel,
      chan_sip or chan_pjsip (Reported by hristo)
 * ASTERISK-24853 - Documentation claims chan_sip outbound
      registrations support WS or WSS as valid transports (not true)
      (Reported by PSDK)
 * ASTERISK-25257 - [patch]channels/sig_pri.h -> sig_pri_span ->
      force_restart_unavailable_chans in wrong scope (Reported by
      Patric Marschall)
 * ASTERISK-25103 - Roundup - investigate Asterisk DTLS crashes
      (Reported by Rusty Newton)
 * ASTERISK-22805 - res_rtp_asterisk: Crash when calling
      BIO_ctrl_pending in dtls_srtp_check_pending when dialed by JSSIP
      (Reported by Dmitry Burilov)
 * ASTERISK-24550 - res_rtp_asterisk: Crash in
      ast_rtp_on_ice_complete during DTLS handshake (Reported by
      Osaulenko Alexander)
 * ASTERISK-24651 - [patch] Fix race condition in DTLS (Reported by
      Badalian Vyacheslav)
 * ASTERISK-24832 - [patch]DTLS-crashes within openssl  (Reported
      by Stefan Engström)
 * ASTERISK-25127 - DTLS crashes following "Unable to cancel
      schedule ID" in dtls_srtp_check_pending (Reported by Dade
      Brandon)
 * ASTERISK-25213 - [patch]Possibility of deadlock in chan_sip
      INVITE early Replace code (Reported by Walter Doekes)
 * ASTERISK-25220 - [patch]Closing of fd -1 in chan_mgcp.c
      (Reported by Walter Doekes)
 * ASTERISK-25219 - [patch]Source and destination overlap in memcpy
      in rtp_engine.c (Reported by Walter Doekes)
 * ASTERISK-25212 - [patch]Segfault when using DEBUG_FD_LEAKS
      (Reported by Walter Doekes)
 * ASTERISK-19277 - [patch]endlessly repeating error: "poll failed:
      Bad file descriptor" (Reported by Barry Chern)
 * ASTERISK-25202 - Hints extension state broken between 13.3.2 and
      13.4 (Reported by cervajs)
 * ASTERISK-25154 - [patch]fromtag may need to be updated after
      successful call dialog match (Reported by Damian Ivereigh)
 * ASTERISK-25139 - Malicious transfer sequence locks up Asterisk
      (Reported by Gregory Massel)
 * ASTERISK-25094 - PBX core: Investigate thread safety issues
      (Reported by Corey Farrell)
 * ASTERISK-22559 - gcc 4.6 and higher supports weakref attribute
      but asterisk doesn't detect it. (Reported by ibercom)
 * ASTERISK-24717 - ASAN: global-buffer-overflow codec_{ilbc | gsm
      | adpcm | ipc10} (Reported by Badalian Vyacheslav)
 * ASTERISK-25100 - asterisk coredump if host has an IPv6 address
      that end with ::80 (Reported by Mark Petersen)

Improvements made in this release:
-----------------------------------
 * ASTERISK-25040 - pbx: Improve performance of reloads by making
      hint destruction more performant (Reported by Matt Jordan)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.19.0

Thank you for your continued support of Asterisk!

-----

The Asterisk Development Team has announced the release of Asterisk 11.18.0.

The release of Asterisk 11.18.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-25112 - Logger: Configuration settings are not reset to
      default during reload. (Reported by Corey Farrell)
 * ASTERISK-24887 - [patch]tags in a=crypto lines do not accept 2
      or more digits (Reported by Makoto Dei)
 * ASTERISK-24944 - main/audiohook.c change prevents G722 call
      recording (Reported by Ronald Raikes)
 * ASTERISK-25083 - Message.c: Message channel becomes saturated
      with frames leading to spammy log messages (Reported by Jonathan
      Rose)
 * ASTERISK-25041 - [patch]Broken column type checking in
      res_config_mysql addon (Reported by Alexandre Fournier)
 * ASTERISK-21893 - Segfault after call hangup, in
      ast_channel_hangupcause_set, at channel_internal_api.c (Reported
      by Alexandr Gordeev)
 * ASTERISK-25074 - Regression: Recent clang-related change broke
      cross compiling of Asterisk (Reported by Sebastian Kemper)
 * ASTERISK-25042 - asterisk.conf options override command-line
      options. (Reported by Corey Farrell)
 * ASTERISK-24442 - Outgoing call files don't work properly when
      set in the future (Reported by tootai)
 * ASTERISK-25034 - chan_dahdi: Some telco switches occasionally
      ignore ISDN RESTART requests. (Reported by Richard Mudgett)
 * ASTERISK-25038 - Queue log "EXITWITHTIMEOUT" does not always
      contain waiting time (Reported by Etienne Lessard)
 * ASTERISK-22708 - res_odbc.conf negative_connection_cache option
      not respected, failover between DSNs doesn't work (Reported by
      JoshE)
 * ASTERISK-25028 - Build System: Unneeded defines in
      asterisk/buildopts.h (Reported by Corey Farrell)
 * ASTERISK-19608 - Asterisk-1.8.x  starts rejecting calls with
      cause code 44 after some time. (Reported by Denis Alberto
      Martinez)
 * ASTERISK-24976 - cdr_odbc not include new columns added on 1.8
      (Reported by Rodrigo Ramirez Norambuena)
 * ASTERISK-25022 - Memory leak setting up DTLS/SRTP calls
      (Reported by Steve Davies)
 * ASTERISK-22790 - check_modem_rate() may return incorrect rate
      for V.27 (Reported by not here)
 * ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
      to minrate=2400, then res_fax refuse to load (Reported by David
      Brillert)
 * ASTERISK-24955 - res_fax: v.27ter support baud rate of 2400,
      which is disallowed in res_fax's check_modem_rate (Reported by
      Matt Jordan)
 * ASTERISK-24916 - Increasing memory usage when multiple reinvite
      during call (Reported by Christophe Osuna)
 * ASTERISK-19538 - Asterisk segfaults on sippeers realtime
      redundancy (Reported by Alex)
 * ASTERISK-24749 - ConfBridge: Wrong language on playing
      conf-hasjoin and conf-hasleft when played to bridge (Reported by
      Philippe Bolduc)
 * ASTERISK-24991 - Check for ao2_alloc failure in
      __ast_channel_internal_alloc (Reported by Corey Farrell)
 * ASTERISK-24895 - After hangup on the side of the ISDN network no
      HangupRequest event comes for the dahdi channel. (Reported by
      Andrew Zherdin)
 * ASTERISK-24774 - Segfault in ast_context_destroy with
      extensions.ael and extensions.conf (Reported by Corey Farrell)
 * ASTERISK-24975 - Enabling 'DEBUG_THREADLOCALS' Causes the Build
      to Fail (Reported by Ashley Sanders)
 * ASTERISK-24959 - [patch]CLI command cdr show pgsql status
      (Reported by Rodrigo Ramirez Norambuena)
 * ASTERISK-24954 - Git migration: Asterisk version numbers are
      incompatible with the Test Suite (Reported by Matt Jordan)
 * ASTERISK-21777 - Asterisk tries to transcode video instead of
      audio (Reported by Nick Ruggles)
 * ASTERISK-24380 - core: Native formats are set to h264 with
      certain audio/video codec configuration, resulting in path
      translation WARNINGs (Reported by Matt Jordan)
 * ASTERISK-22352 - [patch] IAX2 custom qualify timer is not taken
      into account (Reported by Frederic Van Espen)
 * ASTERISK-24894 - [patch] iax2_poke_noanswer expiration timer too
      short (Reported by Y Ateya)
 * ASTERISK-23319 - Segmentation fault in queue_exec at app_queue.c
      (Reported by Vadim)
 * ASTERISK-24847 - [security] [patch] tcptls: certificate CN NULL
      byte prefix bug (Reported by Matt Jordan)
 * ASTERISK-21211 - chan_iax2 - unprotected access of
      iaxs[peer->callno] potentially results in segfault (Reported by
      Jaco Kroon)
 * ASTERISK-18032 - [patch] - IPv6 and IPv4 NAT not working
      (Reported by Christoph Timm)
 * ASTERISK-24942 - Voicemail API: message is deleted when
      destination mailbox is at maxmsg (Reported by Scott Griepentrog)
 * ASTERISK-24932 - Asterisk 13.x does not build with GCC 5.0
      (Reported by Jeffrey C. Ollie)
 * ASTERISK-21854 - Long Asterisk-version strings display
      improperly in the 'Connected to ...' line upon remote console
      connection (Reported by klaus3000)
 * ASTERISK-24155 - [patch]Non-portable and non-reliable recursion
      detection in ast_malloc (Reported by Timo Teräs)
 * ASTERISK-24142 - CCSS: crash during shutdown due to device
      lookup in destroyed container (Reported by David Brillert)
 * ASTERISK-24683 - Crash in PBX ast_hashtab_lookup_internal during
      core restart now (Reported by Peter Katzmann)
 * ASTERISK-24805 - [patch] - ASAN: Race condition
      (heap-use-after-free) on asterisk closing (Reported by Badalian
      Vyacheslav)
 * ASTERISK-24881 - ast_register_atexit should only be used when
      absolutely needed (Reported by Corey Farrell)
 * ASTERISK-24864 - app_confbridge: file playback blocks dtmf
      (Reported by Kevin Harwell)
 * ASTERISK-14233 - [patch] Buddies are always auto-registered when
      processing the roster (Reported by Simon Arlott)
 * ASTERISK-24780 - [patch] - Buddies are always auto-registered
      when processing the roster (Reported by Simon Arlott)

Improvements made in this release:
-----------------------------------
 * ASTERISK-24744 - Swedish Core Voice prompts (Reported by Tove
      Hjelm)
 * ASTERISK-25043 - [patch] Avoiding ERR_remove_state in OpenSSL
      (Reported by Alexander Traud)
 * ASTERISK-24917 - [patch] clang compilation warnings (Reported by
      Diederik de Groot)
 * ASTERISK-25040 - pbx: Improve performance of reloads by making
      hint destruction more performant (Reported by Matt Jordan)
 * ASTERISK-24965 - cel_pgsql - log_error string references CDR
      instead of CEL (Reported by Rodrigo Ramirez Norambuena)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.18.0

Thank you for your continued support of Asterisk!

Revision 1.73 / (download) - annotate - [select for diffs], Tue May 19 07:52:14 2015 UTC (7 years, 8 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.72: +38 -22 lines
Diff to previous 1.72 (colored)

Update to Asterisk 11.17.1: this contains a security fix, plus various bugs.

pkgsrc changes:
- adapt to upstream support for clang
- more comprehensive sweep for 64-bit time_t related stuff
- XXX pjsip has its own time related stuff that is 32-bit only

-----

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,
11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.

The release of these versions resolves the following security vulnerability:

* AST-2015-003: TLS Certificate Common name NULL byte exploit

  When Asterisk registers to a SIP TLS device and and verifies the server,
  Asterisk will accept signed certificates that match a common name other than
  the one Asterisk is expecting if the signed certificate has a common name
  containing a null byte after the portion of the common name that Asterisk
  expected. This potentially allows for a man in the middle attack.

For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1

The security advisory is available at:

* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

Thank you for your continued support of Asterisk!

-----

The Asterisk Development Team has announced the release of Asterisk 11.17.0.

The release of Asterisk 11.17.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

New Features made in this release:
-----------------------------------
 * ASTERISK-17899 - Handle crypto lifetime in SDES-SRTP negotiation
      (Reported by Dwayne Hubbard)

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-24742 - [patch] Fix ast_odbc_find_table function in
      res_odbc (Reported by ibercom)
 * ASTERISK-22436 - [patch] No BYE to masqueraded channel on INVITE
      with replaces (Reported by Eelco Brolman)
 * ASTERISK-24479 - Enable REF_DEBUG for module references
      (Reported by Corey Farrell)
 * ASTERISK-24701 - Stasis: Write timeout on WebSocket fails to
      fully disconnect underlying socket, leading to events being
      dropped with no additional information (Reported by Matt Jordan)
 * ASTERISK-24772 - ODBC error in realtime sippeers when device
      unregisters under MariaDB (Reported by Richard Miller)
 * ASTERISK-24451 - chan_iax2: reference leak in sched_delay_remove
      (Reported by Corey Farrell)
 * ASTERISK-24799 - [patch] make fails with undefined reference to
      SSLv3_client_method (Reported by Alexander Traud)
 * ASTERISK-24787 - [patch] - Microsoft exchange incompatibility
      for playing back messages stored in IMAP - play_message: No
      origtime (Reported by Graham Barnett)
 * ASTERISK-24814 - asterisk/lock.h: Fix syntax errors for non-gcc
      OSX with 64 bit integers (Reported by Corey Farrell)
 * ASTERISK-24796 - Codecs and bucket schema's prevent module
      unload (Reported by Corey Farrell)
 * ASTERISK-24724 - 'httpstatus' Web Page Produces Incomplete HTML
      (Reported by Ashley Sanders)
 * ASTERISK-24797 - bridge_softmix: G.729 codec license held
      (Reported by Kevin Harwell)
 * ASTERISK-24800 - Crash in __sip_reliable_xmit due to invalid
      thread ID being passed to pthread_kill (Reported by JoshE)
 * ASTERISK-17721 - Incoming SRTP calls that specify a key lifetime
      fail (Reported by Terry Wilson)
 * ASTERISK-23214 - chan_sip WARNING message 'We are requesting
      SRTP for audio, but they responded without it' is ambiguous and
      wrong in some cases (Reported by Rusty Newton)
 * ASTERISK-15434 - [patch] When ast_pbx_start failed, both an
      error response and BYE are sent to the caller (Reported by
      Makoto Dei)
 * ASTERISK-18105 - most of asterisk modules are unbuildable in
      cygwin environment (Reported by feyfre)
 * ASTERISK-24828 - Fix Frame Leaks (Reported by Kevin Harwell)
 * ASTERISK-24838 - chan_sip: Locking inversion occurs when
      building a peer causes a peer poke during request handling
      (Reported by Richard Mudgett)
 * ASTERISK-24825 - Caller ID not recognized using
      Centrex/Distinctive dialing (Reported by Richard Mudgett)
 * ASTERISK-24739 - [patch] - Out of files -- call fails --
      numerous files with inodes from under /usr/share/zoneinfo,
      mostly posixrules (Reported by Ed Hynan)
 * ASTERISK-23390 - NewExten Event with application AGI shows up
      before and after AGI runs (Reported by Benjamin Keith Ford)
 * ASTERISK-24786 - [patch] - Asterisk terminates when playing a
      voicemail stored in LDAP (Reported by Graham Barnett)
 * ASTERISK-24808 - res_config_odbc: Improper escaping of
      backslashes occurs with MySQL (Reported by Javier Acosta)
 * ASTERISK-20850 - [patch]Nested functions aren't portable.
      Adapting RAII_VAR to use clang/llvm blocks to get the
      same/similar functionality. (Reported by Diederik de Groot)
 * ASTERISK-19470 - Documentation on app_amd is incorrect (Reported
      by Frank DiGennaro)
 * ASTERISK-21038 - Bad command completion of "core set debug
      channel" (Reported by Richard Kenner)
 * ASTERISK-18708 - func_curl hangs channel under load (Reported by
      Dave Cabot)
 * ASTERISK-16779 - Cannot disallow unknown format '' (Reported by
      Atis Lezdins)
 * ASTERISK-24876 - Investigate reference leaks from
      tests/channels/local/local_optimize_away (Reported by Corey
      Farrell)
 * ASTERISK-24817 - init_logger_chain: unreachable code block
      (Reported by Corey Farrell)
 * ASTERISK-24880 - [patch]Compilation under OpenBSD  (Reported by
      snuffy)
 * ASTERISK-24879 - [patch]Compilation fails due to 64bit time
      under OpenBSD (Reported by snuffy)

Improvements made in this release:
-----------------------------------
 * ASTERISK-24790 - Reduce spurious noise in logs from voicemail -
      Couldn't find mailbox %s in context (Reported by Graham Barnett)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.17.0

Thank you for your continued support of Asterisk!

-----

The Asterisk Development Team has announced the release of Asterisk 11.16.0.

The release of Asterisk 11.16.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-24472 - Asterisk Crash in OpenSSL when calling over WSS
      from JSSIP (Reported by Badalian Vyacheslav)
 * ASTERISK-24614 - Deadlock when DEBUG_THREADS compiler flag
      enabled (Reported by Richard Mudgett)
 * ASTERISK-24449 - Reinvite for T.38 UDPTL fails if SRTP is
      enabled (Reported by Andreas Steinmetz)
 * ASTERISK-24619 - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly
      casts char to unsigned int (Reported by Walter Doekes)
 * ASTERISK-24337 - Spammy DEBUG message needs to be at a higher
      level - 'Remote address is null, most likely RTP has been
      stopped' (Reported by Rusty Newton)
 * ASTERISK-23733 - 'reload acl' fails if acl.conf is not present
      on startup (Reported by Richard Kenner)
 * ASTERISK-24628 - [patch] chan_sip - CANCEL is sent to wrong
      destination when 'sendrpid=yes' (in proxy environment) (Reported
      by Karsten Wemheuer)
 * ASTERISK-24672 - [PATCH] Memory leak in func_curl CURLOPT
      (Reported by Kristian Høgh)
 * ASTERISK-20744 - [patch] Security event logging does not work
      over syslog (Reported by Michael Keuter)
 * ASTERISK-23850 - Park Application does not respect Return
      Context Priority (Reported by Andrew Nagy)
 * ASTERISK-23991 - [patch]asterisk.pc file contains a small error
      in the CFlags returned (Reported by Diederik de Groot)
 * ASTERISK-24288 - [patch] - ODBC usage with app_voicemail -
      voicemail is not deleted after review, hangup (Reported by LEI
      FU)
 * ASTERISK-24048 - [patch] contrib/scripts/install_prereq selects
      32-bit packages on 64-bit hosts (Reported by Ben Klang)
 * ASTERISK-24709 - [patch] msg_create_from_file used by MixMonitor
      m() option does not queue an MWI event (Reported by Gareth
      Palmer)
 * ASTERISK-24355 - [patch] chan_sip realtime uses case sensitive
      column comparison for 'defaultuser' (Reported by
      HZMI8gkCvPpom0tM)
 * ASTERISK-24719 - ConfBridge recording channels get stuck when
      recording started/stopped more than once (Reported by Richard
      Mudgett)
 * ASTERISK-24715 - chan_sip: stale nonce causes failure (Reported
      by Kevin Harwell)
 * ASTERISK-24728 - tcptls: Bad file descriptor error when
      reloading chan_sip (Reported by Kevin Harwell)
 * ASTERISK-24676 - Security Vulnerability: URL request injection
      in libCURL (CVE-2014-8150) (Reported by Matt Jordan)
 * ASTERISK-24711 - DTLS handshake broken with latest OpenSSL
      versions (Reported by Jared Biel)
 * ASTERISK-24646 - PJSIP changeset 4899 breaks TLS (Reported by
      Stephan Eisvogel)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.16.0

Thank you for your continued support of Asterisk!

Revision 1.72 / (download) - annotate - [select for diffs], Thu Jan 29 21:54:33 2015 UTC (8 years ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base, pkgsrc-2015Q1
Changes since 1.71: +7 -7 lines
Diff to previous 1.71 (colored)

Update to Asterisk 11.15.1:  this is a security fix.

pkgsrc change: adapt to splitting up of speex

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.

The release of these versions resolves the following security vulnerabilities:

* AST-2015-001: File descriptor leak when incompatible codecs are offered

                Asterisk may be configured to only allow specific audio or
                video codecs to be used when communicating with a
                particular endpoint. When an endpoint sends an SDP offer
                that only lists codecs not allowed by Asterisk, the offer
                is rejected. However, in this case, RTP ports that are
                allocated in the process are not reclaimed.

                This issue only affects the PJSIP channel driver in
                Asterisk. Users of the chan_sip channel driver are not
                affected.

* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability

                CVE-2014-8150 reported an HTTP request injection
                vulnerability in libcURL. Asterisk uses libcURL in its
                func_curl.so module (the CURL() dialplan function), as well
                as its res_config_curl.so (cURL realtime backend) modules.

                Since Asterisk may be configured to allow for user-supplied
                URLs to be passed to libcURL, it is possible that an
                attacker could use Asterisk as an attack vector to inject
                unauthorized HTTP requests if the version of libcURL
                installed on the Asterisk server is affected by
                CVE-2014-8150.

For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf

Thank you for your continued support of Asterisk!

Revision 1.71 / (download) - annotate - [select for diffs], Tue Dec 16 01:00:22 2014 UTC (8 years, 1 month ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.70: +8 -8 lines
Diff to previous 1.70 (colored)

Update to Asterisk 11.15.0: this is mostly a bug fix release.

The Asterisk Development Team has announced the release of Asterisk 11.15.0.

The release of Asterisk 11.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-20127 - [Regression] Config.c config_text_file_load()
      unescapes semicolons ("\;" -> ";") turning them into comments
      (corruption) on rewrite of a config file (Reported by George
      Joseph)
 * ASTERISK-24307 - Unintentional memory retention in stringfields
      (Reported by Etienne Lessard)
 * ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
      extra calls to ast_module_unref (Reported by Corey Farrell)
 * ASTERISK-24504 - chan_console: Fix reference leaks to pvt
      (Reported by Corey Farrell)
 * ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
      length exceeds 50 (roughly) national symbols (Reported by
      Dmitriy Bubnov)
 * ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
      revision r227276 (Reported by Xavier Hienne)
 * ASTERISK-20402 - Unable to cancel (features.conf) attended
      transfer (Reported by Matt Riddell)
 * ASTERISK-24505 - manager: http connections leak references
      (Reported by Corey Farrell)
 * ASTERISK-24502 - Build fails when dev-mode, dont optimize and
      coverage are enabled (Reported by Corey Farrell)
 * ASTERISK-24444 - PBX: Crash when generating extension for
      pattern matching hint (Reported by Leandro Dardini)
 * ASTERISK-24522 - ConfBridge: delay occurs between kicking all
      endmarked users when last marked user leaves (Reported by Matt
      Jordan)
 * ASTERISK-15242 - transmit_refer leaks sip_refer structures
      (Reported by David Woolley)
 * ASTERISK-24440 - Call leak in Confbridge (Reported by Ben Klang)
 * ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
      allow blocked addresses through (Reported by Matt Jordan)
 * ASTERISK-24516 - [patch]Asterisk segfaults when playing back
      voicemail under high concurrency with an IMAP backend (Reported
      by David Duncan Ross Palmer)
 * ASTERISK-24572 - [patch]App_meetme is loaded without its
      defaults when the configuration file is missing (Reported by
      Nuno Borges)
 * ASTERISK-24573 - [patch]Out of sync conversation recording when
      divided in multiple recordings (Reported by Nuno Borges)

Improvements made in this release:
-----------------------------------
 * ASTERISK-24283 - [patch]Microseconds precision in the eventtime
      column in the cel_odbc module (Reported by Etienne Lessard)
 * ASTERISK-24530 - [patch] app_record stripping 1/4 second from
      recordings (Reported by Ben Smithurst)
 * ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
      lookups (Reported by Birger "WIMPy" Harzenetter)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.15.0

Thank you for your continued support of Asterisk!

Revision 1.66.2.2 / (download) - annotate - [select for diffs], Sun Dec 14 09:52:57 2014 UTC (8 years, 1 month ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.66.2.1: +6 -6 lines
Diff to previous 1.66.2.1 (colored) to branchpoint 1.66 (colored) next main 1.67 (colored)

Pullup ticket #4572 - requested by jnemeth
comms/asterisk: security update

Revisions pulled up:
- comms/asterisk/Makefile                                       1.116
- comms/asterisk/distinfo                                       1.70

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Fri Dec 12 22:12:56 UTC 2014

   Modified Files:
           pkgsrc/comms/asterisk: Makefile distinfo

   Log Message:
   Update to Asterisk 11.14.2: this is a security fix release.

   The Asterisk Development Team has announced security releases for
   Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
   security releases are released as versions 11.6-cert9, 11.14.2,
   12.7.2, and 13.0.2.

   The release of these versions resolves the following security vulnerability:

   * AST-2014-019: Remote Crash Vulnerability in WebSocket Server

     When handling a WebSocket frame the res_http_websocket module
     dynamically changes the size of the memory used to allow the
     provided payload to fit. If a payload length of zero was received
     the code would incorrectly attempt to resize to zero. This
     operation would succeed and end up freeing the memory but be
     treated as a failure. When the session was subsequently torn down
     this memory would get freed yet again causing a crash.

   For more information about the details of this vulnerability, please read
   security advisory AST-2014-019, which was released at the same time as this
   announcement.

   For a full list of changes in the current releases, please see the Change Logs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2

   The security advisory is available at:

   * http://downloads.asterisk.org/pub/security/AST-2014-019.pdf

   Thank you for your continued support of Asterisk!

Revision 1.70 / (download) - annotate - [select for diffs], Fri Dec 12 22:12:56 2014 UTC (8 years, 1 month ago) by jnemeth
Branch: MAIN
Changes since 1.69: +7 -7 lines
Diff to previous 1.69 (colored)

Update to Asterisk 11.14.2: this is a security fix release.

The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.

The release of these versions resolves the following security vulnerability:

* AST-2014-019: Remote Crash Vulnerability in WebSocket Server

  When handling a WebSocket frame the res_http_websocket module
  dynamically changes the size of the memory used to allow the
  provided payload to fit. If a payload length of zero was received
  the code would incorrectly attempt to resize to zero. This
  operation would succeed and end up freeing the memory but be
  treated as a failure. When the session was subsequently torn down
  this memory would get freed yet again causing a crash.

For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the Change Logs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2

The security advisory is available at:

* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf

Thank you for your continued support of Asterisk!

Revision 1.66.2.1 / (download) - annotate - [select for diffs], Sat Dec 6 16:57:53 2014 UTC (8 years, 1 month ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.66: +7 -8 lines
Diff to previous 1.66 (colored)

Pullup ticket #4566 - requested by jnemeth
comms/asterisk:: security update
comms/asterisk18: security update

Revisions pulled up:
- comms/asterisk/Makefile                                       1.113-1.115
- comms/asterisk/PLIST                                          1.9
- comms/asterisk/distinfo                                       1.67-1.69
- comms/asterisk/patches/patch-contrib_scripts_autosupport      deleted
- comms/asterisk18/Makefile                                     1.88-1.90
- comms/asterisk18/PLIST                                        1.25
- comms/asterisk18/distinfo                                     1.56-1.58

---
   Module Name:	pkgsrc
   Committed By:	jnemeth
   Date:		Tue Oct 14 03:35:05 UTC 2014

   Modified Files:
   	pkgsrc/comms/asterisk18: Makefile PLIST distinfo

   Log Message:
   Update Asterisk to 1.8.31.0.  This is mostly a bugfix release:

   The Asterisk Development Team has announced the release of Asterisk 1.8.31.0.

   The release of Asterisk 1.8.31.0 resolves several issues reported by the
   community and would have not been possible without your participation.
   Thank you!

   The following are the issues resolved in this release:

   Bugs fixed in this release:
   -----------------------------------
    * ASTERISK-24032 - Gentoo compilation emits warning:
         "_FORTIFY_SOURCE" redefined (Reported by Kilburn)
    * ASTERISK-24225 - Dial option z is broken (Reported by
         dimitripietro)
    * ASTERISK-24178 - [patch]fromdomainport used even if not set
         (Reported by Elazar Broad)
    * ASTERISK-24019 - When a Music On Hold stream starts it restarts
         at beginning of file. (Reported by Jason Richards)
    * ASTERISK-24211 - testsuite: Fix the dial_LS_options test
         (Reported by Matt Jordan)
    * ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
         Mohod)

   Improvements made in this release:
   -----------------------------------
    * ASTERISK-24171 - [patch] Provide a manpage for the aelparse
         utility (Reported by Jeremy Lainé)

   For a full list of changes in this release, please see the ChangeLog:

   http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.31.0

   Thank you for your continued support of Asterisk!

---
   Module Name:	pkgsrc
   Committed By:	jnemeth
   Date:		Tue Oct 14 03:36:40 UTC 2014

   Modified Files:
   	pkgsrc/comms/asterisk: Makefile PLIST distinfo

   Log Message:
   Update Asterisk to 11.13.0.  This is mostly a bugfix release:

   The Asterisk Development Team has announced the release of Asterisk 11.13.0.

   The release of Asterisk 11.13.0 resolves several issues reported by the
   community and would have not been possible without your participation.
   Thank you!

   The following are the issues resolved in this release:

   Bugs fixed in this release:
   -----------------------------------
    * ASTERISK-24032 - Gentoo compilation emits warning:
         "_FORTIFY_SOURCE" redefined (Reported by Kilburn)
    * ASTERISK-24225 - Dial option z is broken (Reported by
         dimitripietro)
    * ASTERISK-24178 - [patch]fromdomainport used even if not set
         (Reported by Elazar Broad)
    * ASTERISK-22252 - res_musiconhold cleanup - REF_DEBUG reload
         warnings and ref leaks (Reported by Walter Doekes)
    * ASTERISK-23997 - chan_sip: port incorrectly incremented for RTCP
         ICE candidates in SDP answer (Reported by Badalian Vyacheslav)
    * ASTERISK-24019 - When a Music On Hold stream starts it restarts
         at beginning of file. (Reported by Jason Richards)
    * ASTERISK-23767 - [patch] Dynamic IAX2 registration stops trying
         if ever not able to resolve (Reported by David Herselman)
    * ASTERISK-24211 - testsuite: Fix the dial_LS_options test
         (Reported by Matt Jordan)
    * ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
         Mohod)
    * ASTERISK-23577 - res_rtp_asterisk: Crash in
         ast_rtp_on_turn_rtp_state when RTP instance is NULL (Reported by
         Jay Jideliov)
    * ASTERISK-23634 - With TURN Asterisk crashes on multiple (7-10)
         concurrent WebRTC (avpg/encryption/icesupport) calls (Reported
         by Roman Skvirsky)
    * ASTERISK-24301 - Security: Out of call MESSAGE requests
         processed via Message channel driver can crash Asterisk
         (Reported by Matt Jordan)

   Improvements made in this release:
   -----------------------------------
    * ASTERISK-24171 - [patch] Provide a manpage for the aelparse
         utility (Reported by Jeremy Lainé)

   For a full list of changes in this release, please see the ChangeLog:

   http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0

   Thank you for your continued support of Asterisk!

---
   Module Name:	pkgsrc
   Committed By:	jnemeth
   Date:		Wed Nov 19 08:30:57 UTC 2014

   Modified Files:
   	pkgsrc/comms/asterisk18: Makefile distinfo

   Log Message:
   Update to Asterisk 1.8.32.0: this is mostly a bug fix release.

   The Asterisk Development Team has announced the release of Asterisk 1.8.32.0.

   The release of Asterisk 1.8.32.0 resolves several issues reported by the
   community and would have not been possible without your participation.
   Thank you!

   The following are the issues resolved in this release:

   Bugs fixed in this release:
   -----------------------------------
    * ASTERISK-24348 - Built-in editline tab complete segfault with
         MALLOC_DEBUG (Reported by Walter Doekes)
    * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
         INVITE retransmissions of rejected calls (Reported by Torrey
         Searle)
    * ASTERISK-23768 - [patch] Asterisk man page contains a (new)
         unquoted minus sign (Reported by Jeremy Lainé)
    * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
         (Reported by Jeremy Lainé)
    * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
         realtime peers (Reported by ibercom)
    * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
         ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
    * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
         high on linux systems with lots of RAM (Reported by Michael
         Myles)
    * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
         results in a SIP channel leak (Reported by NITESH BANSAL)
    * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
         Re-INVITE results in a SIP channel leak (Reported by Torrey
         Searle)
    * ASTERISK-24406 - Some caller ID strings are parsed differently
         since 11.13.0 (Reported by Etienne Lessard)
    * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
         (Reported by Tzafrir Cohen)
    * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
         Tzafrir Cohen)
    * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
         (Reported by Paolo Compagnini)
    * ASTERISK-18923 - res_fax_spandsp usage counter is wrong
         (Reported by Grigoriy Puzankin)
    * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
         (Reported by Dmitry Melekhov)
    * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
         when sending qualify requests (Reported by Damian Ivereigh)
    * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
         SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
         abelbeck)
    * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
         against libsrtp-1.5.0 (Reported by Patrick Laimbock)
    * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
         (Reported by Olle Johansson)
    * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
         Nick Adams)
    * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
         (Reported by Corey Farrell)
    * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
         leaks (Reported by Corey Farrell)
    * ASTERISK-24307 - Unintentional memory retention in stringfields
         (Reported by Etienne Lessard)

   For a full list of changes in this release, please see the ChangeLog:

   http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0

   Thank you for your continued support of Asterisk!

---
   Module Name:	pkgsrc
   Committed By:	jnemeth
   Date:		Wed Nov 19 08:32:48 UTC 2014

   Modified Files:
   	pkgsrc/comms/asterisk: Makefile distinfo
   Removed Files:
   	pkgsrc/comms/asterisk/patches: patch-contrib_scripts_autosupport

   Log Message:
   Update to Asterisk 11.14.0: this is mostly a bugfix release.

   The Asterisk Development Team has announced the release of Asterisk 11.14.0.

   The release of Asterisk 11.14.0 resolves several issues reported by the
   community and would have not been possible without your participation.
   Thank you!

   The following are the issues resolved in this release:

   Bugs fixed in this release:
   -----------------------------------
    * ASTERISK-24348 - Built-in editline tab complete segfault with
         MALLOC_DEBUG (Reported by Walter Doekes)
    * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
         INVITE retransmissions of rejected calls (Reported by Torrey
         Searle)
    * ASTERISK-23768 - [patch] Asterisk man page contains a (new)
         unquoted minus sign (Reported by Jeremy Lainé)
    * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
         (Reported by Jeremy Lainé)
    * ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir
         Cohen)
    * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
         realtime peers (Reported by ibercom)
    * ASTERISK-24384 - chan_motif: format capabilities leak on module
         load error (Reported by Corey Farrell)
    * ASTERISK-24385 - chan_sip: process_sdp leaks on an error path
         (Reported by Corey Farrell)
    * ASTERISK-24378 - Release AMI connections on shutdown (Reported
         by Corey Farrell)
    * ASTERISK-24354 - AMI sendMessage closes AMI connection on error
         (Reported by Peter Katzmann)
    * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
         ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
    * ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are
         incorrectly attempted (Reported by Joshua Colp)
    * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
         high on linux systems with lots of RAM (Reported by Michael
         Myles)
    * ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates
         received for component (Reported by Kevin Harwell)
    * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
         results in a SIP channel leak (Reported by NITESH BANSAL)
    * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
         Re-INVITE results in a SIP channel leak (Reported by Torrey
         Searle)
    * ASTERISK-24406 - Some caller ID strings are parsed differently
         since 11.13.0 (Reported by Etienne Lessard)
    * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
         (Reported by Tzafrir Cohen)
    * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
         Tzafrir Cohen)
    * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
         (Reported by Paolo Compagnini)
    * ASTERISK-18923 - res_fax_spandsp usage counter is wrong
         (Reported by Grigoriy Puzankin)
    * ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by
         Corey Farrell)
    * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
         (Reported by Dmitry Melekhov)
    * ASTERISK-23846 - Unistim multilines. Loss of voice after second
         call drops (on a second line). (Reported by Rustam Khankishyiev)
    * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
         when sending qualify requests (Reported by Damian Ivereigh)
    * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
         SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
         abelbeck)
    * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
         against libsrtp-1.5.0 (Reported by Patrick Laimbock)
    * ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
         leak (Reported by Corey Farrell)
    * ASTERISK-24430 - missing letter "p" in word response in
         OriginateResponse event documentation (Reported by Dafi Ni)
    * ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
         Corey Farrell)
    * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
         (Reported by Olle Johansson)
    * ASTERISK-24304 - asterisk crashing randomly because of unistim
         channel (Reported by dhanapathy sathya)
    * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
         Nick Adams)
    * ASTERISK-24466 - app_queue: fix a couple leaks to struct
         call_queue (Reported by Corey Farrell)
    * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
         (Reported by Corey Farrell)
    * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
         leaks (Reported by Corey Farrell)
    * ASTERISK-24307 - Unintentional memory retention in stringfields
         (Reported by Etienne Lessard)

   For a full list of changes in this release, please see the ChangeLog:

   http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0

   Thank you for your continued support of Asterisk!

---
   Module Name:	pkgsrc
   Committed By:	jnemeth
   Date:		Wed Dec  3 01:00:23 UTC 2014

   Modified Files:
   	pkgsrc/comms/asterisk18: Makefile distinfo

   Log Message:
   Update to Asterisk 1.8.32.1: this is a security fix release.

   The Asterisk Development Team has announced security releases for Certified
   Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
   security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
   11.14.1, 12.7.1, and 13.0.1.

   The release of these versions resolves the following security vulnerabilities:

   * AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
     address families

     Many modules in Asterisk that service incoming IP traffic have ACL options
     ("permit" and "deny") that can be used to whitelist or blacklist address
     ranges. A bug has been discovered where the address family of incoming
     packets is only compared to the IP address family of the first entry in the
     list of access control rules. If the source IP address for an incoming
     packet is not of the same address as the first ACL entry, that packet
     bypasses all ACL rules.

   * AST-2014-018: Permission Escalation through DB dialplan function

     The DB dialplan function when executed from an external protocol, such as AMI,
     could result in a privilege escalation. Users with a lower class authorization
     in AMI can access the internal Asterisk database without the required SYSTEM
     class authorization.

   For more information about the details of these vulnerabilities, please read
   security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015,
   AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same
   time as this announcement.

   For a full list of changes in the current releases, please see the ChangeLogs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1

   The security advisories are available at:

    * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
    * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf

   Thank you for your continued support of Asterisk!

---
   Module Name:	pkgsrc
   Committed By:	jnemeth
   Date:		Wed Dec  3 01:57:37 UTC 2014

   Modified Files:
   	pkgsrc/comms/asterisk: Makefile distinfo

   Log Message:
   Update to Asterisk 11.14.1:  this is a security fix release.

   The Asterisk Development Team has announced security releases for Certified
   Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
   security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
   11.14.1, 12.7.1, and 13.0.1.

   The release of these versions resolves the following security vulnerabilities:

   * AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
     address families

     Many modules in Asterisk that service incoming IP traffic have ACL options
     ("permit" and "deny") that can be used to whitelist or blacklist address
     ranges. A bug has been discovered where the address family of incoming
     packets is only compared to the IP address family of the first entry in the
     list of access control rules. If the source IP address for an incoming
     packet is not of the same address as the first ACL entry, that packet
     bypasses all ACL rules.

   * AST-2014-018: Permission Escalation through DB dialplan function

     The DB dialplan function when executed from an external protocol, such as AMI,
     could result in a privilege escalation. Users with a lower class authorization
     in AMI can access the internal Asterisk database without the required SYSTEM
     class authorization.

   In addition, the release of 11.6-cert8 and 11.14.1 resolves the following
   security vulnerability:

   * AST-2014-014: High call load with ConfBridge can result in resource exhaustion

     The ConfBridge application uses an internal bridging API to implement
     conference bridges. This internal API uses a state model for channels within
     the conference bridge and transitions between states as different things
     occur. Unload load it is possible for some state transitions to be delayed
     causing the channel to transition from being hung up to waiting for media. As
     the channel has been hung up remotely no further media will arrive and the
     channel will stay within ConfBridge indefinitely.

   In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves
   the following security vulnerability:

   * AST-2014-017: Permission Escalation via ConfBridge dialplan function and
                   AMI ConfbridgeStartRecord Action

     The CONFBRIDGE dialplan function when executed from an external protocol (such
     as AMI) can result in a privilege escalation as certain options within that
     function can affect the underlying system. Additionally, the AMI
     ConfbridgeStartRecord action has options that would allow modification of the
     underlying system, and does not require SYSTEM class authorization in AMI.

   For a full list of changes in the current releases, please see the ChangeLogs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1

   The security advisories are available at:

    * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
    * http://downloads.asterisk.org/pub/security/AST-2014-014.pdf
    * http://downloads.asterisk.org/pub/security/AST-2014-017.pdf
    * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf

   Thank you for your continued support of Asterisk!

Revision 1.69 / (download) - annotate - [select for diffs], Wed Dec 3 01:57:37 2014 UTC (8 years, 2 months ago) by jnemeth
Branch: MAIN
Changes since 1.68: +7 -7 lines
Diff to previous 1.68 (colored)

Update to Asterisk 11.14.1:  this is a security fix release.

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.

The release of these versions resolves the following security vulnerabilities:

* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
  address families

  Many modules in Asterisk that service incoming IP traffic have ACL options
  ("permit" and "deny") that can be used to whitelist or blacklist address
  ranges. A bug has been discovered where the address family of incoming
  packets is only compared to the IP address family of the first entry in the
  list of access control rules. If the source IP address for an incoming
  packet is not of the same address as the first ACL entry, that packet
  bypasses all ACL rules.

* AST-2014-018: Permission Escalation through DB dialplan function

  The DB dialplan function when executed from an external protocol, such as AMI,
  could result in a privilege escalation. Users with a lower class authorization
  in AMI can access the internal Asterisk database without the required SYSTEM
  class authorization.

In addition, the release of 11.6-cert8 and 11.14.1 resolves the following
security vulnerability:

* AST-2014-014: High call load with ConfBridge can result in resource exhaustion

  The ConfBridge application uses an internal bridging API to implement
  conference bridges. This internal API uses a state model for channels within
  the conference bridge and transitions between states as different things
  occur. Unload load it is possible for some state transitions to be delayed
  causing the channel to transition from being hung up to waiting for media. As
  the channel has been hung up remotely no further media will arrive and the
  channel will stay within ConfBridge indefinitely.

In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves
the following security vulnerability:

* AST-2014-017: Permission Escalation via ConfBridge dialplan function and
                AMI ConfbridgeStartRecord Action

  The CONFBRIDGE dialplan function when executed from an external protocol (such
  as AMI) can result in a privilege escalation as certain options within that
  function can affect the underlying system. Additionally, the AMI
  ConfbridgeStartRecord action has options that would allow modification of the
  underlying system, and does not require SYSTEM class authorization in AMI.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-014.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-017.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf

Thank you for your continued support of Asterisk!

Revision 1.68 / (download) - annotate - [select for diffs], Wed Nov 19 08:32:48 2014 UTC (8 years, 2 months ago) by jnemeth
Branch: MAIN
Changes since 1.67: +7 -8 lines
Diff to previous 1.67 (colored)

Update to Asterisk 11.14.0: this is mostly a bugfix release.

The Asterisk Development Team has announced the release of Asterisk 11.14.0.

The release of Asterisk 11.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-24348 - Built-in editline tab complete segfault with
      MALLOC_DEBUG (Reported by Walter Doekes)
 * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
      INVITE retransmissions of rejected calls (Reported by Torrey
      Searle)
 * ASTERISK-23768 - [patch] Asterisk man page contains a (new)
      unquoted minus sign (Reported by Jeremy Lainé)
 * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
      (Reported by Jeremy Lainé)
 * ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir
      Cohen)
 * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
      realtime peers (Reported by ibercom)
 * ASTERISK-24384 - chan_motif: format capabilities leak on module
      load error (Reported by Corey Farrell)
 * ASTERISK-24385 - chan_sip: process_sdp leaks on an error path
      (Reported by Corey Farrell)
 * ASTERISK-24378 - Release AMI connections on shutdown (Reported
      by Corey Farrell)
 * ASTERISK-24354 - AMI sendMessage closes AMI connection on error
      (Reported by Peter Katzmann)
 * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
      ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
 * ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are
      incorrectly attempted (Reported by Joshua Colp)
 * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
      high on linux systems with lots of RAM (Reported by Michael
      Myles)
 * ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates
      received for component (Reported by Kevin Harwell)
 * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
      results in a SIP channel leak (Reported by NITESH BANSAL)
 * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
      Re-INVITE results in a SIP channel leak (Reported by Torrey
      Searle)
 * ASTERISK-24406 - Some caller ID strings are parsed differently
      since 11.13.0 (Reported by Etienne Lessard)
 * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
      (Reported by Tzafrir Cohen)
 * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
      Tzafrir Cohen)
 * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
      (Reported by Paolo Compagnini)
 * ASTERISK-18923 - res_fax_spandsp usage counter is wrong
      (Reported by Grigoriy Puzankin)
 * ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by
      Corey Farrell)
 * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
      (Reported by Dmitry Melekhov)
 * ASTERISK-23846 - Unistim multilines. Loss of voice after second
      call drops (on a second line). (Reported by Rustam Khankishyiev)
 * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
      when sending qualify requests (Reported by Damian Ivereigh)
 * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
      SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
      abelbeck)
 * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
      against libsrtp-1.5.0 (Reported by Patrick Laimbock)
 * ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
      leak (Reported by Corey Farrell)
 * ASTERISK-24430 - missing letter "p" in word response in
      OriginateResponse event documentation (Reported by Dafi Ni)
 * ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
      Corey Farrell)
 * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
      (Reported by Olle Johansson)
 * ASTERISK-24304 - asterisk crashing randomly because of unistim
      channel (Reported by dhanapathy sathya)
 * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
      Nick Adams)
 * ASTERISK-24466 - app_queue: fix a couple leaks to struct
      call_queue (Reported by Corey Farrell)
 * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
      (Reported by Corey Farrell)
 * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
      leaks (Reported by Corey Farrell)
 * ASTERISK-24307 - Unintentional memory retention in stringfields
      (Reported by Etienne Lessard)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0

Thank you for your continued support of Asterisk!

Revision 1.67 / (download) - annotate - [select for diffs], Tue Oct 14 03:36:40 2014 UTC (8 years, 3 months ago) by jnemeth
Branch: MAIN
Changes since 1.66: +7 -7 lines
Diff to previous 1.66 (colored)

Update Asterisk to 11.13.0.  This is mostly a bugfix release:

The Asterisk Development Team has announced the release of Asterisk 11.13.0.

The release of Asterisk 11.13.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-24032 - Gentoo compilation emits warning:
      "_FORTIFY_SOURCE" redefined (Reported by Kilburn)
 * ASTERISK-24225 - Dial option z is broken (Reported by
      dimitripietro)
 * ASTERISK-24178 - [patch]fromdomainport used even if not set
      (Reported by Elazar Broad)
 * ASTERISK-22252 - res_musiconhold cleanup - REF_DEBUG reload
      warnings and ref leaks (Reported by Walter Doekes)
 * ASTERISK-23997 - chan_sip: port incorrectly incremented for RTCP
      ICE candidates in SDP answer (Reported by Badalian Vyacheslav)
 * ASTERISK-24019 - When a Music On Hold stream starts it restarts
      at beginning of file. (Reported by Jason Richards)
 * ASTERISK-23767 - [patch] Dynamic IAX2 registration stops trying
      if ever not able to resolve (Reported by David Herselman)
 * ASTERISK-24211 - testsuite: Fix the dial_LS_options test
      (Reported by Matt Jordan)
 * ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
      Mohod)
 * ASTERISK-23577 - res_rtp_asterisk: Crash in
      ast_rtp_on_turn_rtp_state when RTP instance is NULL (Reported by
      Jay Jideliov)
 * ASTERISK-23634 - With TURN Asterisk crashes on multiple (7-10)
      concurrent WebRTC (avpg/encryption/icesupport) calls (Reported
      by Roman Skvirsky)
 * ASTERISK-24301 - Security: Out of call MESSAGE requests
      processed via Message channel driver can crash Asterisk
      (Reported by Matt Jordan)

Improvements made in this release:
-----------------------------------
 * ASTERISK-24171 - [patch] Provide a manpage for the aelparse
      utility (Reported by Jeremy Lainé)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0

Thank you for your continued support of Asterisk!

Revision 1.66 / (download) - annotate - [select for diffs], Sat Sep 20 19:12:16 2014 UTC (8 years, 4 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Changes since 1.65: +7 -7 lines
Diff to previous 1.65 (colored)

Update to Asterisk 11.12.1: this is mainly a security fix for AST-2014-010.

The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and Asterisk 11 and 12. The available security releases are
released as versions 11.6-cert6, 11.12.1, and 12.5.1.

Please note that the release of these versions resolves the following security
vulnerability:

* AST-2014-010: Remote Crash when Handling Out of Call Message in Certain
                Dialplan Configurations

Note that the crash described in AST-2014-010 can be worked around through
dialplan configuration. Given the likelihood of the issue, an advisory was
deemed to be warranted.

For more information about the details of these vulnerabilities, please read
security advisories AST-2014-009 and AST-2014-010, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.12.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-010.pdf

Thank you for your continued support of Asterisk!

Revision 1.65 / (download) - annotate - [select for diffs], Thu Aug 28 01:19:12 2014 UTC (8 years, 5 months ago) by jnemeth
Branch: MAIN
Changes since 1.64: +7 -7 lines
Diff to previous 1.64 (colored)

Update to Asterisk 11.12.0: this is mainly a bugfix release.

The Asterisk Development Team has announced the release of Asterisk 11.12.0.

The release of Asterisk 11.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-23911 - URIENCODE/URIDECODE: WARNING about passing an
      empty string is a bit over zealous (Reported by Matt Jordan)
 * ASTERISK-23985 - PresenceState Action response does not contain
      ActionID; duplicates Message Header (Reported by Matt Jordan)
 * ASTERISK-23814 - No call started after peer dialed (Reported by
      Igor Goncharovsky)
 * ASTERISK-24087 - [patch]chan_sip: sip_subscribe_mwi_destroy
      should not call sip_destroy (Reported by Corey Farrell)
 * ASTERISK-23818 - PBX_Lua: after asterisk startup module is
      loaded, but dialplan not available (Reported by Dennis Guse)
 * ASTERISK-18345 - [patch] sips connection dropped by asterisk
      with a large INVITE (Reported by Stephane Chazelas)
 * ASTERISK-23508 - Memory Corruption in
      __ast_string_field_ptr_build_va (Reported by Arnd Schmitter)

Improvements made in this release:
-----------------------------------
 * ASTERISK-21178 - Improve documentation for manager command
      Getvar, Setvar (Reported by Rusty Newton)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.12.0

Thank you for your continued support of Asterisk!

Revision 1.64 / (download) - annotate - [select for diffs], Tue Jul 29 04:20:55 2014 UTC (8 years, 6 months ago) by jnemeth
Branch: MAIN
Changes since 1.63: +9 -8 lines
Diff to previous 1.63 (colored)

Update to Asterisk 11.11.0: this is primarily a bugfix release.

pkgsrc change: MAKE_JOBS_SAFE=NO from joerg@

The Asterisk Development Team has announced the release of Asterisk 11.11.0.

The release of Asterisk 11.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-22551 - Session timer : UAS (Asterisk) starts counting
      at Invite, UAC starts counting at 200 OK. (Reported by i2045)
 * ASTERISK-23792 - Mutex left locked in chan_unistim.c (Reported
      by Peter Whisker)
 * ASTERISK-23582 - [patch]Inconsistent column length in *odbc
      (Reported by Walter Doekes)
 * ASTERISK-23803 - AMI action UpdateConfig EmptyCat clears all
      categories but the requested one (Reported by zvision)
 * ASTERISK-23035 - ConfBridge with name longer than max (32 chars)
      results in several bridges with same conf_name (Reported by
      Iñaki Cívico)
 * ASTERISK-23824 - ConfBridge: Users cannot be muted via CLI or
      AMI when waiting to enter a conference (Reported by Matt Jordan)
 * ASTERISK-23683 - #includes - wildcard character in a path more
      than one directory deep - results in no config parsing on module
      reload (Reported by tootai)
 * ASTERISK-23827 - autoservice thread doesn't exit at shutdown
      (Reported by Corey Farrell)
 * ASTERISK-23609 - Security: AMI action MixMonitor allows
      arbitrary programs to be run (Reported by Corey Farrell)
 * ASTERISK-23673 - Security: DOS by consuming the number of
      allowed HTTP connections. (Reported by Richard Mudgett)
 * ASTERISK-23246 - DEBUG messages in sdp_crypto.c display despite
      a DEBUG level of zero (Reported by Rusty Newton)
 * ASTERISK-23766 - [patch] Specify timeout for database write in
      SQLite (Reported by Igor Goncharovsky)
 * ASTERISK-23844 - Load of pbx_lua fails on sample extensions.lua
      with Lua 5.2 or greater due to addition of goto statement
      (Reported by Rusty Newton)
 * ASTERISK-23818 - PBX_Lua: after asterisk startup module is
      loaded, but dialplan not available (Reported by Dennis Guse)
 * ASTERISK-23834 - res_rtp_asterisk debug message gives wrong
      length if ICE (Reported by Richard Kenner)
 * ASTERISK-23790 - [patch] - SIP From headers longer than 256
      characters result in dropped call and 'No closing bracket'
      warnings. (Reported by uniken1)
 * ASTERISK-23917 - res_http_websocket: Delay in client processing
      large streams of data causes disconnect and stuck socket
      (Reported by Matt Jordan)
 * ASTERISK-23908 - [patch]When using FEC error correction,
      asterisk tries considers negative sequence numbers as missing
      (Reported by Torrey Searle)
 * ASTERISK-23921 - refcounter.py uses excessive ram for large refs
      files  (Reported by Corey Farrell)
 * ASTERISK-23948 - REF_DEBUG fails to record ao2_ref against
      objects that were already freed (Reported by Corey Farrell)
 * ASTERISK-23916 - [patch]SIP/SDP fmtp line may include whitespace
      between attributes (Reported by Alexander Traud)
 * ASTERISK-23984 - Infinite loop possible in ast_careful_fwrite()
      (Reported by Steve Davies)
 * ASTERISK-23897 - [patch]Change in SETUP ACK handling (checking
      PI) in revision 413765 breaks working environments (Reported by
      Pavel Troller)

Improvements made in this release:
-----------------------------------
 * ASTERISK-23492 - Add option to safe_asterisk to disable
      backgrounding (Reported by Walter Doekes)
 * ASTERISK-22961 - [patch] DTLS-SRTP not working with SHA-256
      (Reported by Jay Jideliov)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.11.0

Thank you for your continued support of Asterisk!

Revision 1.63 / (download) - annotate - [select for diffs], Wed Jul 2 03:06:24 2014 UTC (8 years, 7 months ago) by jnemeth
Branch: MAIN
Changes since 1.62: +12 -9 lines
Diff to previous 1.62 (colored)

Update to Asterisk 11.10.2: this fixes multiple security issues along
with general bug fixes.  The security issues fixed are:  AST-2014-001,
AST-2014-002, AST-2014-006, and AST-2014-007.

-----

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert7,
11.6-cert4, 1.8.28.2, 11.10.2, and 12.3.2.

These releases resolve security vulnerabilities that were previously
fixed in 1.8.15-cert6, 11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.
Unfortunately, the fix for AST-2014-007 inadvertently introduced
a regression in Asterisk's TCP and TLS handling that prevented
Asterisk from sending data over these transports. This regression
and the security vulnerabilities have been fixed in the versions
specified in this release announcement.

Please note that the release of these versions resolves the following security
vulnerabilities:

* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
                Shell Access

* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
                Connections

For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released with the previous
versions that addressed these vulnerabilities.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.2

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-007.pdf

Thank you for your continued support of Asterisk!

-----

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert6,
11.6-cert3, 1.8.28.1, 11.10.1, and 12.3.1.

The release of these versions resolves the following issue:

* AST-2014-007: Denial of Service via Exhaustion of Allowed Concurrent HTTP
                Connections

  Establishing a TCP or TLS connection to the configured HTTP or HTTPS port
  respectively in http.conf and then not sending or completing a HTTP request
  will tie up a HTTP session. By doing this repeatedly until the maximum number
  of open HTTP sessions is reached, legitimate requests are blocked.

Additionally, the release of 11.6-cert3, 11.10.1, and 12.3.1 resolves the
following issue:

* AST-2014-006: Permission Escalation via Asterisk Manager User Unauthorized
                Shell Access

  Manager users can execute arbitrary shell commands with the MixMonitor manager
  action. Asterisk does not require system class authorization for a manager
  user to use the MixMonitor action, so any manager user who is permitted to use
  manager commands can potentially execute shell commands as the user executing
  the Asterisk process.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities,
please read security advisories AST-2014-005, AST-2014-006,
AST-2014-007, and AST-2014-008, which were released at the same
time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.10.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-006.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-007.pdf

Thank you for your continued support of Asterisk!

-----

The Asterisk Development Team has announced the release of Asterisk 11.10.0.

The release of Asterisk 11.10.0 resolves several issues reported
by the community and would have not been possible without your
participation.  Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-23547 - [patch] app_queue removing callers from queue
      when reloading (Reported by Italo Rossi)
 * ASTERISK-23559 - app_voicemail fails to load after fix to
      dialplan functions (Reported by Corey Farrell)
 * ASTERISK-22846 - testsuite: masquerade super test fails on all
      branches (still) (Reported by Matt Jordan)
 * ASTERISK-23545 - Confbridge talker detection settings
      configuration load bug (Reported by John Knott)
 * ASTERISK-23546 - CB_ADD_LEN does not do what you'd think
      (Reported by Walter Doekes)
 * ASTERISK-23620 - Code path in app_stack fails to unlock list
      (Reported by Bradley Watkins)
 * ASTERISK-23616 - Big memory leak in logger.c (Reported by
      ibercom)
 * ASTERISK-23576 - Build failure on SmartOS / Illumos / SunOS
      (Reported by Sebastian Wiedenroth)
 * ASTERISK-23550 - Newer sound sets don't show up in menuselect
      (Reported by Rusty Newton)
 * ASTERISK-18331 - app_sms failure (Reported by David Woodhouse)
 * ASTERISK-19465 - P-Asserted-Identity Privacy (Reported by
      Krzysztof Chmielewski)
 * ASTERISK-23605 - res_http_websocket: Race condition in shutting
      down websocket causes crash (Reported by Matt Jordan)
 * ASTERISK-23707 - Realtime Contacts: Apparent mismatch between
      PGSQL database state and Asterisk state (Reported by Mark
      Michelson)
 * ASTERISK-23381 - [patch]ChanSpy- Barge only works on the initial
      'spy', if the spied-on channel makes a new call, unable to
      barge. (Reported by Robert Moss)
 * ASTERISK-23665 - Wrong mime type for codec H263-1998 (h263+)
      (Reported by Guillaume Maudoux)
 * ASTERISK-23664 - Incorrect H264 specification in SDP. (Reported
      by Guillaume Maudoux)
 * ASTERISK-22977 - chan_sip+CEL: missing ANSWER and PICKUP event
      for INVITE/w/replaces pickup (Reported by Walter Doekes)
 * ASTERISK-23709 - Regression in Dahdi/Analog/waitfordialtone
      (Reported by Steve Davies)

Improvements made in this release:
-----------------------------------
 * ASTERISK-23649 - [patch]Support for DTLS retransmission
      (Reported by NITESH BANSAL)
 * ASTERISK-23564 - [patch]TLS/SRTP status of channel not currently
      available in a CLI command (Reported by Patrick Laimbock)
 * ASTERISK-23754 - [patch] Use var/lib directory for log file
      configured in asterisk.conf (Reported by Igor Goncharovsky)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.10.0

Thank you for your continued support of Asterisk!

-----

The Asterisk Development Team has announced the release of Asterisk 11.9.0.

The release of Asterisk 11.9.0 resolves several issues reported by
the community and would have not been possible without your
participation.  Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-22790 - check_modem_rate() may return incorrect rate
      for V.27 (Reported by Paolo Compagnini)
 * ASTERISK-23034 - [patch] manager Originate doesn't abort on
      failed format_cap allocation (Reported by Corey Farrell)
 * ASTERISK-23061 - [Patch] 'textsupport' setting not mentioned in
      sip.conf.sample (Reported by Eugene)
 * ASTERISK-23028 - [patch] Asterisk man pages contains unquoted
      minus signs (Reported by Jeremy Lainé)
 * ASTERISK-23046 - Custom CDR fields set during a GoSUB called
      from app_queue are not inserted (Reported by Denis Pantsyrev)
 * ASTERISK-23027 - [patch] Spelling typo "transfered" instead of
      "transferred" (Reported by Jeremy Lainé)
 * ASTERISK-23008 - Local channels loose CALLERID name when DAHDI
      channel connects (Reported by Michael Cargile)
 * ASTERISK-23100 - [patch] In chan_mgcp the ident in transmitted
      request and request queue may differ - fix for locking (Reported
      by adomjan)
 * ASTERISK-22988 - [patch]T38 , SIP 488 after Rejecting image
      media offer due to invalid or unsupported syntax (Reported by
      adomjan)
 * ASTERISK-22861 - [patch]Specifying a null time as parameter to
      GotoIfTime or ExecIfTime causes segmentation fault (Reported by
      Sebastian Murray-Roberts)
 * ASTERISK-17837 - extconfig.conf - Maximum Include level (1)
      exceeded (Reported by pz)
 * ASTERISK-22662 - Documentation fix? - queues.conf says
      persistentmembers defaults to yes, it appears to lie (Reported
      by Rusty Newton)
 * ASTERISK-23134 - [patch] res_rtp_asterisk port selection cannot
      handle selinux port restrictions (Reported by Corey Farrell)
 * ASTERISK-23220 - STACK_PEEK function with no arguments causes
      crash/core dump (Reported by James Sharp)
 * ASTERISK-19773 - Asterisk crash on issuing Asterisk-CLI 'reload'
      command multiple times on cli_aliases (Reported by Joel Vandal)
 * ASTERISK-22757 - segfault in res_clialiases.so on reload when
      mapping "module reload" command (Reported by Gareth Blades)
 * ASTERISK-17727 - [patch] TLS doesn't get all certificate chain
      (Reported by LN)
 * ASTERISK-23178 - devicestate.h: device state setting functions
      are documented with the wrong return values (Reported by
      Jonathan Rose)
 * ASTERISK-23232 - LocalBridge AMI Event LocalOptimization value
      is opposite to what's expected (Reported by Leon Roy)
 * ASTERISK-23098 - [patch]possible null pointer dereference in
      format.c (Reported by Marcello Ceschia)
 * ASTERISK-23297 - Asterisk 12, pbx_config.so segfaults if
      res_parking.so is not loaded, or if res_parking.conf has no
      configuration (Reported by CJ Oster)
 * ASTERISK-23069 - Custom CDR variable not recorded when set in
      macro called from app_queue (Reported by Bryan Anderson)
 * ASTERISK-19499 - ConfBridge MOH is not working for transferee
      after attended transfer (Reported by Timo Teräs)
 * ASTERISK-23261 - [patch]Output mixup in
      ${CHANNEL(rtpqos,audio,all)} (Reported by rsw686)
 * ASTERISK-23279 - [patch]Asterisk doesn't support the dynamic
      payload change in rtp mapping in the 200 OK response (Reported
      by NITESH BANSAL)
 * ASTERISK-23255 - UUID included for Redhat, but missing for
      Debian distros in install_prereq script (Reported by Rusty
      Newton)
 * ASTERISK-23260 - [patch]ForkCDR v option does not keep CDR
      variables for subsequent records (Reported by zvision)
 * ASTERISK-23141 - Asterisk crashes on Dial(), in
      pbx_find_extension at pbx.c (Reported by Maxim)
 * ASTERISK-23336 - Asterisk warning "Don't know how to indicate
      condition 33 on ooh323c" on outgoing calls from H323 to SIP peer
      (Reported by Alexander Semych)
 * ASTERISK-23231 - Since 405693 If we have res_fax.conf file set
      to minrate=2400, then res_fax refuse to load (Reported by David
      Brillert)
 * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
      - probably introduced in 11.7.0 (Reported by OK)
 * ASTERISK-23323 - [patch]chan_sip: missing p->owner checks in
      handle_response_invite (Reported by Walter Doekes)
 * ASTERISK-23406 - [patch]Fix typo in "sip show peer" (Reported by
      ibercom)
 * ASTERISK-23310 - bridged channel crashes in bridge_p2p_rtp_write
      (Reported by Jeremy Lainé)
 * ASTERISK-22911 - [patch]Asterisk fails to resume WebRTC call
      from hold (Reported by Vytis Valentinaviius)
 * ASTERISK-23104 - Specifying the SetVar AMI without a Channel
      cause Asterisk to crash (Reported by Joel Vandal)
 * ASTERISK-21930 - [patch]WebRTC over WSS is not working.
      (Reported by John)
 * ASTERISK-23383 - Wrong sense test on stat return code causes
      unchanged config check to break with include files. (Reported by
      David Woolley)
 * ASTERISK-20149 - Crash when faxing SIP to SIP with strictrtp set
      to yes (Reported by Alexandr Gordeev)
 * ASTERISK-17523 - Qualify for static realtime peers does not work
      (Reported by Maciej Krajewski)
 * ASTERISK-21406 - [patch] chan_sip deadlock on monlock between
      unload_module and do_monitor (Reported by Corey Farrell)
 * ASTERISK-23373 - [patch]Security: Open FD exhaustion with
      chan_sip Session-Timers (Reported by Corey Farrell)
 * ASTERISK-23340 - Security Vulnerability: stack allocation of
      cookie headers in loop allows for unauthenticated remote denial
      of service attack (Reported by Matt Jordan)
 * ASTERISK-23311 - Manager - MoH Stop Event fails to show up when
      leaving Conference (Reported by Benjamin Keith Ford)
 * ASTERISK-23420 - [patch]Memory leak in manager_add_filter
      function in manager.c (Reported by Etienne Lessard)
 * ASTERISK-23488 - Logic error in callerid checksum processing
      (Reported by Russ Meyerriecks)
 * ASTERISK-23461 - Only first user is muted when joining
      confbridge with 'startmuted=yes' (Reported by Chico Manobela)
 * ASTERISK-20841 - fromdomain not honored on outbound INVITE
      request (Reported by Kelly Goedert)
 * ASTERISK-22079 - Segfault: INTERNAL_OBJ (user_data=0x6374652f)
      at astobj2.c:120 (Reported by Jamuel Starkey)
 * ASTERISK-23509 - [patch]SayNumber for Polish language tries to
      play empty files for numbers divisible by 100 (Reported by
      zvision)
 * ASTERISK-23103 - [patch]Crash in ast_format_cmp, in ao2_find
      (Reported by JoshE)
 * ASTERISK-23391 - Audit dialplan function usage of channel
      variable (Reported by Corey Farrell)
 * ASTERISK-23548 - POST to ARI sometimes returns no body on
      success (Reported by Scott Griepentrog)
 * ASTERISK-23460 - ooh323 channel stuck if call is placed directly
      and gatekeeper is not available (Reported by Dmitry Melekhov)

Improvements made in this release:
-----------------------------------
 * ASTERISK-22980 - [patch]Allow building cdr_radius and cel_radius
      against libfreeradius-client (Reported by Jeremy Lainé)
 * ASTERISK-22661 - Unable to exit ChanSpy if spied channel does
      not have a call in progress (Reported by Chris Hillman)
 * ASTERISK-23099 - [patch] WSS: enable ast_websocket_read()
      function to read the whole available data at first and then wait
      for any fragmented packets (Reported by Thava Iyer)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.9.0

Thank you for your continued support of Asterisk!

-----

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The
available security releases are released as versions 1.8.15-cert5,
11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1.

The release of these versions resolve the following issues:

* AST-2014-001: Stack overflow in HTTP processing of Cookie headers.

  Sending a HTTP request that is handled by Asterisk with a large number of
  Cookie headers could overflow the stack.

  Another vulnerability along similar lines is any HTTP request with a
  ridiculous number of headers in the request could exhaust system memory.

* AST-2014-002: chan_sip: Exit early on bad session timers request

  This change allows chan_sip to avoid creation of the channel and
  consumption of associated file descriptors altogether if the inbound
  request is going to be rejected anyway.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities,
please read security advisories AST-2014-001, AST-2014-002,
AST-2014-003, and AST-2014-004, which were released at the same
time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-001.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-002.pdf

Thank you for your continued support of Asterisk!

-----

The Asterisk Development Team has announced the release of Asterisk 11.8.0.

The release of Asterisk 11.8.0 resolves several issues reported by
the community and would have not been possible without your
participation.  Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-22544 - Italian prompt vm-options has advertisement in
      it (Reported by Rusty Newton)
 * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from
      Asterisk to Chrome (Reported by Shaun Clark)
 * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom
      DTMF menus in ConfBridge (processed as directive) (Reported by
      Nicolas Tanski)
 * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for
      every register message (Reported by Pawel Pierscionek)
 * ASTERISK-20862 - Asterisk min and max member penalties not
      honored when set with 0 (Reported by Schmooze Com)
 * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id
      read (Reported by Michael Walton)
 * ASTERISK-22788 - [patch] main/translate.c: access to variable f
      after free in ast_translate() (Reported by Corey Farrell)
 * ASTERISK-21242 - Segfault when T.38 re-invite retransmission
      receives 200 OK (Reported by Ashley Winters)
 * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving
      16 bit multipart SMS with app_sms (Reported by Jan Juergens)
 * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous'
      from being executed from external interfaces (Reported by Matt
      Jordan)
 * ASTERISK-23021 - Typos in code : "avaliable" instead of
      "available" (Reported by Jeremy Lainé)
 * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported
      by Gareth Palmer)
 * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry
      Melekhov)
 * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in
      sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger
      "WIMPy" Harzenetter)
 * ASTERISK-22942 - [patch] - Asterisk crashed after
      Set(FAXOPT(faxdetect)=t38) (Reported by adomjan)
 * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes
      instead of seconds (Reported by Robert Mordec)
 * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and
      core_event_dispatcher taskprocessor thread (Reported by Etienne
      Lessard)
 * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping
      memory when <replace-char> is empty (Reported by Gareth Palmer)
 * ASTERISK-22871 - cel_pgsql module not loading after "reload" or
      "reload cel_pgsql.so" command (Reported by Matteo)
 * ASTERISK-23084 - [patch]rasterisk needlessly prints the
      AST-2013-007 warning (Reported by Tzafrir Cohen)
 * ASTERISK-17138 - [patch] Asterisk not re-registering after it
      receives "Forbidden - wrong password on authentication"
      (Reported by Rudi)
 * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support
      lua 5.2 (Reported by George Joseph)
 * ASTERISK-22834 - Parking by blind transfer when lot full orphans
      channels (Reported by rsw686)
 * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed
      SIP transfer to parking space (Reported by Tommy Thompson)
 * ASTERISK-22946 - Local From tag regression with sipgate.de
      (Reported by Stephan Eisvogel)
 * ASTERISK-23010 - No BYE message sent when sip INVITE is received
      (Reported by Ryan Tilton)
 * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set
      - probably introduced in 11.7.0 (Reported by OK)

Improvements made in this release:
-----------------------------------
 * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport'
      When Running "sip show peers" (Reported by Michael L. Young)
 * ASTERISK-22659 - Make a new core and extra sounds release
      (Reported by Rusty Newton)
 * ASTERISK-22919 - core show channeltypes slicing  (Reported by
      outtolunc)
 * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on
      output (Reported by outtolunc)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0

Thank you for your continued support of Asterisk!

Revision 1.62 / (download) - annotate - [select for diffs], Tue Jan 7 11:07:03 2014 UTC (9 years ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base, pkgsrc-2014Q2, pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.61: +7 -7 lines
Diff to previous 1.61 (colored)

Update to Asterisk 11.7.0: this is a minor bugfix update

The Asterisk Development Team has announced the release of Asterisk 11.7.0.

The release of Asterisk 11.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- app_confbridge: Can now set the language used for announcements
      to the conference.

* --- app_queue: Fix CLI "queue remove member" queue_log entry.

* --- chan_sip: Do not increment the SDP version between 183 and 200
      responses.

* --- chan_sip: Allow a sip peer to accept both AVP and AVPF calls

* --- chan_sip: Fix Realtime Peer Update Problem When Un-registering
      And Expires Header In 200ok

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.7.0

Thank you for your continued support of Asterisk!

Revision 1.61 / (download) - annotate - [select for diffs], Mon Dec 23 01:34:03 2013 UTC (9 years, 1 month ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.60: +13 -10 lines
Diff to previous 1.60 (colored)

Update to Asterisk 11.6.1: this is a security fix update to fix
AST-2013-006 and AST-2013-007, and a minor bug fix update.

pkgsrc change: disable SRTP on NetBSD as it doesn't link

---- 11.6.1 ----

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.

The release of these versions resolve the following issues:

* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
  infinite loop could occur which would overwrite memory when a message is
  received into the unpacksms16() function and the length of the message is an
  odd number of bytes.

* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
  now marks certain individual dialplan functions as 'dangerous', which will
  inhibit their execution from external sources.

  A 'dangerous' function is one which results in a privilege escalation. For
  example, if one were to read the channel variable SHELL(rm -rf /) Bad
  Things(TM) could happen; even if the external source has only read
  permissions.

  Execution from external sources may be enabled by setting 'live_dangerously'
  to 'yes' in the [options] section of asterisk.conf. Although doing so is not
  recommended.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.6.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-007.pdf

Thank you for your continued support of Asterisk!

----- 11.6.0 -----

The Asterisk Development Team has announced the release of Asterisk 11.6.0.

The release of Asterisk 11.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Confbridge: empty conference not being torn down
  (Closes issue ASTERISK-21859. Reported by Chris Gentle)

* --- Let Queue wrap up time influence member availability
  (Closes issue ASTERISK-22189. Reported by Tony Lewis)

* --- Fix a longstanding issue with MFC-R2 configuration that
      prevented users
  (Closes issue ASTERISK-21117. Reported by Rafael Angulo)

* --- chan_iax2: Fix saving the wrong expiry time in astdb.
  (Closes issue ASTERISK-22504. Reported by Stefan Wachtler)

* --- Fix segfault for certain invalid WebSocket input.
  (Closes issue ASTERISK-21825. Reported by Alfred Farrugia)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.6.0

Thank you for your continued support of Asterisk!

Revision 1.60 / (download) - annotate - [select for diffs], Fri Aug 30 05:49:51 2013 UTC (9 years, 5 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.59: +7 -7 lines
Diff to previous 1.59 (colored)

Update to Asterisk 11.5.1: this is a security fix release to fix
AST-2013-004 and AST-2013-005.

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.

The release of these versions resolve the following issues:

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an ACK with SDP is received after the channel
  has been terminated.  The handling code incorrectly assumes that
  the channel will always be present.

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an invalid SDP is sent in a SIP request that
  defines media descriptions before connection information. The
  handling code incorrectly attempts to reference the socket address
  information even though that information has not yet been set.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.5.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-005.pdf

Thank you for your continued support of Asterisk!

Revision 1.59 / (download) - annotate - [select for diffs], Thu Aug 8 00:45:10 2013 UTC (9 years, 5 months ago) by jnemeth
Branch: MAIN
Changes since 1.58: +13 -2 lines
Diff to previous 1.58 (colored)

Add patches to convert RAII_VAR to a method that doesn't use nested
functions, thus making Asterisk portable to all C compilers.  The
patches from joerg@ (with one missing file added by myself).

Revision 1.58 / (download) - annotate - [select for diffs], Sun Jul 21 06:55:53 2013 UTC (9 years, 6 months ago) by jnemeth
Branch: MAIN
Changes since 1.57: +7 -7 lines
Diff to previous 1.57 (colored)

Upgrade to Asterisk 11.5.0: this is a general bug fix release

pkgsrc changes:
  - add dependency on libuuid
  - work around NetBSD's incompatible implementation of IP_PKTINFO

The Asterisk Development Team has announced the release of Asterisk 11.5.0.

The release of Asterisk 11.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Fix Segfault In app_queue When "persistentmembers" Is Enabled
      And Using Realtime

* --- IAX2: fix race condition with nativebridge transfers.

* --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
      Bit

* --- Fix One-Way Audio With auto_* NAT Settings When SIP Calls
      Initiated By PBX

* --- chan_sip: NOTIFYs for BLF start queuing up and fail to be sent
      out after retries fail

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.5.0

Thank you for your continued support of Asterisk!

Revision 1.57 / (download) - annotate - [select for diffs], Fri Jun 14 04:26:55 2013 UTC (9 years, 7 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.56: +7 -5 lines
Diff to previous 1.56 (colored)

- fix PLIST when jabber option is disabled
- fix compile problem on newer NetBSD systems that have newlocale support
- fix a couple of cases where ctype functions called with plain char
- last two items from joerg@

Revision 1.56 / (download) - annotate - [select for diffs], Sat May 18 03:40:17 2013 UTC (9 years, 8 months ago) by jnemeth
Branch: MAIN
Changes since 1.55: +11 -11 lines
Diff to previous 1.55 (colored)

Update to Asterisk 11.4.0: this is a general bugfix release.

The Asterisk Development Team has announced the release of Asterisk 11.4.0.

The release of Asterisk 11.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Fix Sorting Order For Parking Lots Stored In Static Realtime

* --- Fix StopMixMonitor Hanging Up When Unable To Stop MixMonitor On
      A Channel

* --- When a session timer expires during a T.38 call, re-invite with
      correct SDP

* --- Fix white noise on SRTP decryption

* --- Fix reload skinny with active devices.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.4.0

Thank you for your continued support of Asterisk!

Revision 1.55 / (download) - annotate - [select for diffs], Sun May 5 01:32:34 2013 UTC (9 years, 9 months ago) by jnemeth
Branch: MAIN
Changes since 1.54: +10 -10 lines
Diff to previous 1.54 (colored)

Update to Asterisk 11.3.0:  this is a bugfix release.

The Asterisk Development Team has announced the release of Asterisk 11.3.0.

The release of Asterisk 11.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Fix issue where chan_mobile fails to bind to first available port

* --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
      Extension Present

* --- Retain XMPP filters across reconnections so external modules
      continue to function as expected.

* --- Ensure that a declined media stream is terminated with a '\r\n'

* --- Fix pjproject compilation in certain circumstances

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.3.0

Thank you for your continued support of Asterisk!

Revision 1.53.2.1 / (download) - annotate - [select for diffs], Thu Apr 11 22:12:55 2013 UTC (9 years, 9 months ago) by tron
Branch: pkgsrc-2013Q1
Changes since 1.53: +7 -7 lines
Diff to previous 1.53 (colored) next main 1.54 (colored)

Pullup ticket #4116 - requested by jnemeth
comms/asterisk: security update
comms/asterisk10: security update
comms/asterisk18: security update

Revisions pulled up:
- comms/asterisk/Makefile                                       1.84
- comms/asterisk/distinfo                                       1.54
- comms/asterisk10/Makefile                                     1.43
- comms/asterisk10/distinfo                                     1.26
- comms/asterisk18/Makefile                                     1.61
- comms/asterisk18/distinfo                                     1.44

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Wed Apr 10 05:24:39 UTC 2013

   Modified Files:
           pkgsrc/comms/asterisk18: Makefile distinfo

   Log Message:
   Update to Asterisk 1.2.20.2: this is a security update which fixes
   AST-2013-001, AST-2013-002, and AST-2013-003.

   The Asterisk Development Team has announced security releases for Certified
   Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
   are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
   and 11.2.2.

   The release of these versions resolve the following issues:

   * A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
     in January of this year, contained a fix for Asterisk's HTTP server for a
     remotely-triggered crash. While the fix prevented the crash from being
     triggered, a denial of service vector still exists with that solution if an
     attacker sends one or more HTTP POST requests with very large Content-Length
     values.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   * A potential username disclosure exists in the SIP channel driver. When
     authenticating a SIP request with alwaysauthreject enabled, allowguest
     disabled, and autocreatepeer disabled, Asterisk discloses whether a user
     exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   These issues and their resolutions are described in the security advisories.

   For more information about the details of these vulnerabilities, please read
   security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
   released at the same time as this announcement.

   For a full list of changes in the current releases, please see the ChangeLogs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2

   The security advisories are available at:

    * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

   Thank you for your continued support of Asterisk!

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Wed Apr 10 05:27:08 UTC 2013

   Modified Files:
           pkgsrc/comms/asterisk10: Makefile distinfo

   Log Message:
   Update to Asterisk 10.12.2:  this is a security update which fixes
   AST-2013-001, AST-2013-002, and AST-2013-003.

   The Asterisk Development Team has announced security releases for Certified
   Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
   are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
   and 11.2.2.

   The release of these versions resolve the following issues:

   * A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
     in January of this year, contained a fix for Asterisk's HTTP server for a
     remotely-triggered crash. While the fix prevented the crash from being
     triggered, a denial of service vector still exists with that solution if an
     attacker sends one or more HTTP POST requests with very large Content-Length
     values.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   * A potential username disclosure exists in the SIP channel driver. When
     authenticating a SIP request with alwaysauthreject enabled, allowguest
     disabled, and autocreatepeer disabled, Asterisk discloses whether a user
     exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   These issues and their resolutions are described in the security advisories.

   For more information about the details of these vulnerabilities, please read
   security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
   released at the same time as this announcement.

   For a full list of changes in the current releases, please see the ChangeLogs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2

   The security advisories are available at:

    * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

   Thank you for your continued support of Asterisk!

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Wed Apr 10 05:28:56 UTC 2013

   Modified Files:
           pkgsrc/comms/asterisk: Makefile distinfo

   Log Message:
   Update to Asterisk 11.2.2:  this is a security update which fixes
   AST-2013-001, AST-2013-002, and AST-213-003.

   The Asterisk Development Team has announced security releases for Certified
   Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
   are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
   and 11.2.2.

   The release of these versions resolve the following issues:

   * A possible buffer overflow during H.264 format negotiation. The format
     attribute resource for H.264 video performs an unsafe read against a media
     attribute when parsing the SDP.

     This vulnerability only affected Asterisk 11.

   * A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
     in January of this year, contained a fix for Asterisk's HTTP server for a
     remotely-triggered crash. While the fix prevented the crash from being
     triggered, a denial of service vector still exists with that solution if an
     attacker sends one or more HTTP POST requests with very large Content-Length
     values.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   * A potential username disclosure exists in the SIP channel driver. When
     authenticating a SIP request with alwaysauthreject enabled, allowguest
     disabled, and autocreatepeer disabled, Asterisk discloses whether a user
     exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

     This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

   These issues and their resolutions are described in the security advisories.

   For more information about the details of these vulnerabilities, please read
   security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
   released at the same time as this announcement.

   For a full list of changes in the current releares, please see the ChangeLogs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2

   The security advisories are available at:

    * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
    * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

   Thank you for your continued support of Asterisk!

Revision 1.54 / (download) - annotate - [select for diffs], Wed Apr 10 05:28:56 2013 UTC (9 years, 9 months ago) by jnemeth
Branch: MAIN
Changes since 1.53: +7 -7 lines
Diff to previous 1.53 (colored)

Update to Asterisk 11.2.2:  this is a security update which fixes
AST-2013-001, AST-2013-002, and AST-2013-003.

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.

The release of these versions resolve the following issues:

* A possible buffer overflow during H.264 format negotiation. The format
  attribute resource for H.264 video performs an unsafe read against a media
  attribute when parsing the SDP.

  This vulnerability only affected Asterisk 11.

* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
  in January of this year, contained a fix for Asterisk's HTTP server for a
  remotely-triggered crash. While the fix prevented the crash from being
  triggered, a denial of service vector still exists with that solution if an
  attacker sends one or more HTTP POST requests with very large Content-Length
  values.

  This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

* A potential username disclosure exists in the SIP channel driver. When
  authenticating a SIP request with alwaysauthreject enabled, allowguest
  disabled, and autocreatepeer disabled, Asterisk discloses whether a user
  exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.

  This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
 * http://downloads.asterisk.org/pub/security/AST-2013-003.pdf

Thank you for your continued support of Asterisk!

Revision 1.53 / (download) - annotate - [select for diffs], Sun Feb 10 20:18:50 2013 UTC (9 years, 11 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2013Q1-base
Branch point for: pkgsrc-2013Q1
Changes since 1.52: +7 -7 lines
Diff to previous 1.52 (colored)

Update to Asterisk 11.2.1: this is a minor bug fix release.

----- 11.2.1:

The Asterisk Development Team has announced the release of Asterisk 11.2.1.

The release of Asterisk 11.2.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- Fix astcanary startup problem due to wrong pid value from before
      daemon call

* --- Update init.d scripts to handle stderr; readd splash screen for
      remote consoles

* --- Reset RTP timestamp; sequence number on SSRC change

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.2.1

Thank you for your continued support of Asterisk!

----- 11.2.0:

The Asterisk Development Team has announced the release of Asterisk 11.2.0.

The release of Asterisk 11.2.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- app_meetme: Fix channels lingering when hung up under certain
      conditions

* --- Fix stuck DTMF when bridge is broken.

* --- Add missing support for "who hung up" to chan_motif.

* --- Remove a fixed size limitation for producing SDP and change how
      ICE support is disabled by default.

* --- Fix chan_sip websocket payload handling

* --- Fix pjproject compilation in certain circumstances

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.2.0

Thank you for your continued support of Asterisk!

Revision 1.51.2.1 / (download) - annotate - [select for diffs], Fri Jan 4 18:48:00 2013 UTC (10 years ago) by tron
Branch: pkgsrc-2012Q4
Changes since 1.51: +7 -7 lines
Diff to previous 1.51 (colored) next main 1.52 (colored)

Pullup ticket #3999 - requested by jnemeth
comms/asterisk: security update

Revisions pulled up:
- comms/asterisk/Makefile                                       1.79
- comms/asterisk/distinfo                                       1.52

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Fri Jan  4 03:09:56 UTC 2013

   Modified Files:
           pkgsrc/comms/asterisk: Makefile distinfo

   Log Message:
   Update to Asterisk 11.1.2:  this is a security update for AST-2012-014
   and AST-2012-015.  Apparently the last update didn't completely
   fix the issues.

   The Asterisk Development Team has announced a security release for
   Asterisk 11, Asterisk 11.1.2. This release addresses the security
   vulnerabilities reported in AST-2012-014 and AST-2012-015, and
   replaces the previous version of Asterisk 11 released for these
   security vulnerabilities. The prior release left open a vulnerability
   in res_xmpp that exists only in Asterisk 11; as such, other versions
   of Asterisk were resolved correctly by the previous releases.

   The release of these versions resolve the following two issues:

   * Stack overflows that occur in some portions of Asterisk that manage a TCP
     connection. In SIP, this is exploitable via a remote unauthenticated session;
     in XMPP and HTTP connections, this is exploitable via remote authenticated
     sessions. The vulnerabilities in SIP and HTTP were corrected in a prior
     release of Asterisk; the vulnerability in XMPP is resolved in this release.

   * A denial of service vulnerability through exploitation of the device state
     cache. Anonymous calls had the capability to create devices in Asterisk that
     would never be disposed of. Handling the cachability of device states
     aggregated via XMPP is handled in this release.

   These issues and their resolutions are described in the security advisories.

   For more information about the details of these vulnerabilities, please read
   security advisories AST-2012-014 and AST-2012-015.

   For a full list of changes in the current release, please see the ChangeLog:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.2

   The security advisories are available at:

    * http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
    * http://downloads.asterisk.org/pub/security/AST-2012-015.pdf

   Thank you for your continued support of Asterisk - and we apologize for having
   to do this twice!

Revision 1.52 / (download) - annotate - [select for diffs], Fri Jan 4 03:09:56 2013 UTC (10 years, 1 month ago) by jnemeth
Branch: MAIN
Changes since 1.51: +7 -7 lines
Diff to previous 1.51 (colored)

Update to Asterisk 11.1.2:  this is a security update for AST-2012-014
and AST-2012-015.  Apparently the last update didn't completely
fix the issues.

The Asterisk Development Team has announced a security release for
Asterisk 11, Asterisk 11.1.2. This release addresses the security
vulnerabilities reported in AST-2012-014 and AST-2012-015, and
replaces the previous version of Asterisk 11 released for these
security vulnerabilities. The prior release left open a vulnerability
in res_xmpp that exists only in Asterisk 11; as such, other versions
of Asterisk were resolved correctly by the previous releases.

The release of these versions resolve the following two issues:

* Stack overflows that occur in some portions of Asterisk that manage a TCP
  connection. In SIP, this is exploitable via a remote unauthenticated session;
  in XMPP and HTTP connections, this is exploitable via remote authenticated
  sessions. The vulnerabilities in SIP and HTTP were corrected in a prior
  release of Asterisk; the vulnerability in XMPP is resolved in this release.

* A denial of service vulnerability through exploitation of the device state
  cache. Anonymous calls had the capability to create devices in Asterisk that
  would never be disposed of. Handling the cachability of device states
  aggregated via XMPP is handled in this release.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015.

For a full list of changes in the current release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.2

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
 * http://downloads.asterisk.org/pub/security/AST-2012-015.pdf

Thank you for your continued support of Asterisk - and we apologize for having
to do this twice!

Revision 1.51 / (download) - annotate - [select for diffs], Thu Jan 3 02:11:19 2013 UTC (10 years, 1 month ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2012Q4-base
Branch point for: pkgsrc-2012Q4
Changes since 1.50: +7 -7 lines
Diff to previous 1.50 (colored)

Upgrade to Asterisk 11.1.1;  this is a security fix to fix AST-2012-14
and AST-2012-015.

Approved for commit during freeze by: agc

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.

The release of these versions resolve the following two issues:

* Stack overflows that occur in some portions of Asterisk that manage a TCP
  connection. In SIP, this is exploitable via a remote unauthenticated session;
  in XMPP and HTTP connections, this is exploitable via remote authenticated
  sessions.

* A denial of service vulnerability through exploitation of the device state
  cache. Anonymous calls had the capability to create devices in Asterisk that
  would never be disposed of.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
 * http://downloads.asterisk.org/pub/security/AST-2012-015.pdf

Thank you for your continued support of Asterisk!

Revision 1.50 / (download) - annotate - [select for diffs], Tue Dec 11 08:22:48 2012 UTC (10 years, 1 month ago) by jnemeth
Branch: MAIN
Changes since 1.49: +39 -18 lines
Diff to previous 1.49 (colored)

Update to Asterisk 11.1.0:  this is a major new long term support release.

As this is a major release, you should read the information about updating:

https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11

You can also find documentation in:  /usr/pkg/share/doc/asterisk

----- 11.1.0:

The Asterisk Development Team has announced the release of Asterisk 11.1.0.

The release of Asterisk 11.1.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Fix execution of 'i' extension due to uninitialized variable.

* --- Prevent resetting of NATted realtime peer address on reload.

* --- Fix ConfBridge crash if no timing module loaded.

* --- Fix the Park 'r' option when a channel parks itself.

* --- Fix an issue where outgoing calls would fail to establish audio
      due to ICE negotiation failures.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.1.0

----- 11.0.1:

The Asterisk Development Team has announced the release of Asterisk 11.0.1.

The release of Asterisk 11.0.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

* --- chan_sip: Fix a bug causing SIP reloads to remove all entries
      from the registry

* --- confbridge: Fix a bug which made conferences not record with
      AMI/CLI commands

* --- Fix an issue with res_http_websocket where the chan_sip
      WebSocket handler could not be registered.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.0.1

Thank you for your continued support of Asterisk!

----- 11.0.0:

The Asterisk Development Team is pleased to announce the release of
Asterisk 11.0.0.

Asterisk 11 is the next major release series of Asterisk.  It is a Long Term
Support (LTS) release, similar to Asterisk 1.8.  For more information about
support time lines for Asterisk releases, see the Asterisk versions page:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions

For important information regarding upgrading to Asterisk 11, please see the
Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Upgrading+to+Asterisk+11

A short list of new features includes:

* A new channel driver named chan_motif has been added which provides support
  for Google Talk and Jingle in a single channel driver.  This new channel
  driver includes support for both audio and video, RFC2833 DTMF, all codecs
  supported by Asterisk, hold, unhold, and ringing notification. It is also
  compliant with the current Jingle specification, current Google Jingle
  specification, and the original Google Talk protocol.

* Support for the WebSocket transport for chan_sip.

* SIP peers can now be configured to support negotiation of ICE candidates.

* The app_page application now no longer depends on DAHDI or app_meetme. It
  has been re-architected to use app_confbridge internally.

* Hangup handlers can be attached to channels using the CHANNEL() function.
  Hangup handlers will run when the channel is hung up similar to the h
  extension; however, unlike an h extension, a hangup handler is associated with
  the actual channel and will execute anytime that channel is hung up,
  regardless of where it is in the dialplan.

* Added pre-dial handlers for the Dial and Follow-Me applications.  Pre-dial
  allows you to execute a dialplan subroutine on a channel before a call is
  placed but after the application performing a dial action is invoked. This
  means that the handlers are executed after the creation of the callee
  channels, but before any actions have been taken to actually dial the callee
  channels.

* Log messages can now be easily associated with a certain call by looking at
  a new unique identifier, "Call Id".  Call ids are attached to log messages for
  just about any case where it can be determined that the message is related
  to a particular call.

* Introduced Named ACLs as a new way to define Access Control Lists (ACLs) in
  Asterisk. Unlike traditional ACLs defined in specific module configuration
  files, Named ACLs can be shared across multiple modules.

* The Hangup Cause family of functions and dialplan applications allow for
  inspection of the hangup cause codes for each channel involved in a call.
  This allows a dialplan writer to determine, for each channel, who hung up and
  for what reason(s).

* Two new functions have been added: FEATURE() and FEATUREMAP(). FEATURE()
  lets you set some of the configuration options from the general section
  of features.conf on a per-channel basis. FEATUREMAP() lets you customize
  the key sequence used to activate built-in features, such as blindxfer,
  and automon.

* Support for DTLS-SRTP in chan_sip.

* Support for named pickupgroups/callgroups, allowing any number of pickupgroups
  and callgroups to be defined for several channel drivers.

* IPv6 Support for AMI, AGI, ExternalIVR, and the SIP Security Event Framework.

More information about the new features can be found on the Asterisk wiki:

https://wiki.asterisk.org/wiki/display/AST/Asterisk+11+Documentation

A full list of all new features can also be found in the CHANGES file.

http://svnview.digium.com/svn/asterisk/branches/11/CHANGES

For a full list of changes in the current release, please see the ChangeLog.

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.0.0

Thank you for your continued support of Asterisk!

Revision 1.49 / (download) - annotate - [select for diffs], Sat Jun 9 18:44:51 2012 UTC (10 years, 7 months ago) by dholland
Branch: MAIN
CVS Tags: pkgsrc-2012Q3-base, pkgsrc-2012Q3, pkgsrc-2012Q2-base, pkgsrc-2012Q2
Changes since 1.48: +2 -2 lines
Diff to previous 1.48 (colored)

Add missing rpath in curl plugin.

Revision 1.48 / (download) - annotate - [select for diffs], Sat Jun 9 08:29:41 2012 UTC (10 years, 7 months ago) by dholland
Branch: MAIN
Changes since 1.47: +2 -2 lines
Diff to previous 1.47 (colored)

With the latest curl, the output of curl-config --vernum contains
hex digits, so patching the makefile to compare it as decimal will
not work. Just patch out the test entirely, as pkgsrc guarantees
curl will always be present and the packaging is not equipped to
deal with this check failing anyhow.

Revision 1.47 / (download) - annotate - [select for diffs], Fri May 4 16:06:13 2012 UTC (10 years, 9 months ago) by joerg
Branch: MAIN
Changes since 1.46: +2 -1 lines
Diff to previous 1.46 (colored)

Don't override optimizer settings with absurd levels.
Fix inline definitions to work with C99 compiler.

Revision 1.46 / (download) - annotate - [select for diffs], Thu Feb 16 16:21:36 2012 UTC (10 years, 11 months ago) by hans
Branch: MAIN
CVS Tags: pkgsrc-2012Q1-base, pkgsrc-2012Q1
Changes since 1.45: +3 -2 lines
Diff to previous 1.45 (colored)

Fix build on SunOS.

Revision 1.45 / (download) - annotate - [select for diffs], Fri Dec 18 14:39:26 2009 UTC (13 years, 1 month ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2011Q4-base, pkgsrc-2011Q4, pkgsrc-2011Q3-base, pkgsrc-2011Q3, pkgsrc-2011Q2-base, pkgsrc-2011Q2, pkgsrc-2011Q1-base, pkgsrc-2011Q1, pkgsrc-2010Q4-base, pkgsrc-2010Q4, pkgsrc-2010Q3-base, pkgsrc-2010Q3, pkgsrc-2010Q2-base, pkgsrc-2010Q2, pkgsrc-2010Q1-base, pkgsrc-2010Q1, pkgsrc-2009Q4-base, pkgsrc-2009Q4
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored)

     Update to 1.2.37.  This update is to fix two security issues.
1.2.36 fixed AST-2009-008, and 1.2.37 fixed AST-2009-010.  The
problem in AST-2009-008 is:

-----

It is possible to determine if a peer with a specific name is
configured in Asterisk by sending a specially crafted REGISTER
message twice. The username that is to be checked is put in the
user portion of the URI in the To header. A bogus non-matching
value is put into the username portion of the Digest in the
Authorization header. If the peer does exist the second REGISTER
will receive a response of "403 Authentication user name does not
match account name". If the peer does not exist the response will
be "404 Not Found" if alwaysauthreject is disabled and "401
Unauthorized" if alwaysauthreject is enabled.

-----

And, the problem in AST-2009-010 is:

-----

An attacker sending a valid RTP comfort noise payload containing
a data length of 24 bytes or greater can remotely crash Asterisk.

-----

Revision 1.40.2.3 / (download) - annotate - [select for diffs], Sun Sep 6 14:31:35 2009 UTC (13 years, 4 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.40.2.2: +3 -3 lines
Diff to previous 1.40.2.2 (colored) to branchpoint 1.40 (colored) next main 1.41 (colored)

Pullup ticket #2882 - requested by jnemeth
asterisk: security update

Revisions pulled up:
- comms/asterisk/Makefile		1.68
- comms/asterisk/PLIST.common		1.17
- comms/asterisk/distinfo		1.44
---
Module Name:    pkgsrc
Committed By:   jnemeth
Date:           Sat Sep  5 01:44:19 UTC 2009

Modified Files:
        pkgsrc/comms/asterisk: Makefile PLIST.common distinfo

Log Message:
update to asterisk 1.2.35 which fixes AST-2009-006 -- IAX2 DOS vulnerability

Revision 1.44 / (download) - annotate - [select for diffs], Sat Sep 5 01:44:18 2009 UTC (13 years, 5 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2009Q3-base, pkgsrc-2009Q3
Changes since 1.43: +4 -4 lines
Diff to previous 1.43 (colored)

update to asterisk 1.2.35 which fixes AST-2009-006 -- IAX2 DOS vulnerability

Revision 1.40.2.2 / (download) - annotate - [select for diffs], Thu Aug 27 11:35:17 2009 UTC (13 years, 5 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.40.2.1: +3 -3 lines
Diff to previous 1.40.2.1 (colored) to branchpoint 1.40 (colored)

Pullup ticket #2872 - requested by jnemeth
asterisk: security update

Revisions pulled up:
- comms/asterisk/Makefile		1.67
- comms/asterisk/distinfo		1.43
---
Module Name:    pkgsrc
Committed By:   jnemeth
Date:           Sun Aug 23 09:22:24 UTC 2009

Modified Files:
        pkgsrc/comms/asterisk: Makefile distinfo

Log Message:
This update is just to fix a hypothetical security issue (AST-2009-005)
which is most likely not exploitable.

Revision 1.43 / (download) - annotate - [select for diffs], Sun Aug 23 09:22:23 2009 UTC (13 years, 5 months ago) by jnemeth
Branch: MAIN
Changes since 1.42: +4 -4 lines
Diff to previous 1.42 (colored)

This update is just to fix a hypothetical security issue (AST-2009-005)
which is most likely not exploitable.

Revision 1.40.2.1 / (download) - annotate - [select for diffs], Fri Aug 21 12:17:35 2009 UTC (13 years, 5 months ago) by tron
Branch: pkgsrc-2009Q2
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored)

Pullup ticket #2870 - requested by jnemeth
asterisk: build fix

Revisions pulled up:
- comms/asterisk/Makefile			1.64-1.66
- comms/asterisk/PLIST.common			1.16
- comms/asterisk/distinfo			1.41-1.42
---
Module Name:    pkgsrc
Committed By:   jnemeth
Date:           Thu Aug 20 22:31:41 UTC 2009

Modified Files:
        pkgsrc/comms/asterisk: Makefile PLIST.common distinfo

Log Message:
Digium in its infinite wisdom changed the Music-On-Hold sound files in all
release tarballs.  Update for that change.

While here, do some pkglint cleanup and add LICENSE=gplv2.
---
Module Name:    pkgsrc
Committed By:   jnemeth
Date:           Thu Aug 20 22:33:47 UTC 2009

Modified Files:
        pkgsrc/comms/asterisk: Makefile

Log Message:
bump PKGREVISION for previous
---
Module Name:	pkgsrc
Committed By:	jnemeth
Date:		Fri Aug 21 08:34:25 UTC 2009

Modified Files:
	pkgsrc/comms/asterisk: Makefile

Log Message:
Change DIST_SUBDIR to avoid people having to manually remove the old
distfile.  Requested by wiz@.
---
Module Name:    pkgsrc
Committed By:   wiz
Date:           Fri Aug 21 08:46:16 UTC 2009

Modified Files:
        pkgsrc/comms/asterisk: distinfo

Log Message:
regen (for DIST_SUBDIR change).

Revision 1.42 / (download) - annotate - [select for diffs], Fri Aug 21 08:46:16 2009 UTC (13 years, 5 months ago) by wiz
Branch: MAIN
Changes since 1.41: +4 -4 lines
Diff to previous 1.41 (colored)

regen (for DIST_SUBDIR change).

Revision 1.41 / (download) - annotate - [select for diffs], Thu Aug 20 22:31:41 2009 UTC (13 years, 5 months ago) by jnemeth
Branch: MAIN
Changes since 1.40: +4 -4 lines
Diff to previous 1.40 (colored)

Digium in its infinite wisdom changed the Music-On-Hold sound files in all
release tarballs.  Update for that change.

While here, do some pkglint cleanup and add LICENSE=gplv2.

Revision 1.40 / (download) - annotate - [select for diffs], Fri Jun 5 23:07:11 2009 UTC (13 years, 8 months ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2009Q2-base
Branch point for: pkgsrc-2009Q2
Changes since 1.39: +4 -4 lines
Diff to previous 1.39 (colored)

Upgrade to 1.2.33.  Provides a fix related to AST-2009-001.

Revision 1.39 / (download) - annotate - [select for diffs], Tue Apr 7 19:34:10 2009 UTC (13 years, 9 months ago) by hasso
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)

Make it build on DragonFly master and recent versions of FreeBSD (probably).

Revision 1.38 / (download) - annotate - [select for diffs], Mon Jan 26 13:15:49 2009 UTC (14 years ago) by jnemeth
Branch: MAIN
CVS Tags: pkgsrc-2009Q1-base, pkgsrc-2009Q1
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)

PR/38351 - Miro Voutilainen -- app_curl does not build

Revision 1.36.6.1 / (download) - annotate - [select for diffs], Thu Jan 22 12:39:44 2009 UTC (14 years ago) by tron
Branch: pkgsrc-2008Q4
Changes since 1.36: +4 -4 lines
Diff to previous 1.36 (colored) next main 1.37 (colored)

Pullup ticket #2646 - requested by obache
asterisk: security update

Revisons pulled up:
- comms/asterisk/Makefile		1.59
- comms/asterisk/distinfo		1.37
---
Module Name:	pkgsrc
Committed By:	obache
Date:		Wed Jan 21 05:35:07 UTC 2009

Modified Files:
	pkgsrc/comms/asterisk: Makefile distinfo

Log Message:
Update asterisk to 1.2.31.
While here, update MASTER_SITES and honor PKGMANDIR.

ChangeLog-1.2.31:
2009-01-06  Leif Madsen <lmadsen@digium.com>

	* Asterisk 1.2.31 released

2009-01-06 20:44 +0000 [r167259]  Tilghman Lesher <tlesher@digium.com>

	* channels/chan_iax2.c: Security fix AST-2009-001.

2008-12-10  Tilghman Lesher <tlesher@digium.com>

	* Asterisk 1.2.30.4 released

2008-12-10 21:06 +0000 [r162868]  Tilghman Lesher <tlesher@digium.com>

	* channels/chan_iax2.c: Fix for AST-2008-012

2008-12-05 20:50 +0000 [r161421]  Sean Bright <sean.bright@gmail.com>

	* include/asterisk/astobj2.h, astobj2.c: Fix build errors on
	  FreeBSD (uint -> unsigned int). (closes issue #14006) Reported
	  by: alphaque Patches: astobj2.h-patch uploaded by alphaque
	  (license 259) (Slightly modified by seanbright)

2008-12-01  Tilghman Lesher <tlesher@digium.com>

	* Asterisk 1.2.30.3 released

2008-11-25 21:37 +0000 [r159245]  Tilghman Lesher <tlesher@digium.com>

	* channels/chan_iax2.c: Regression fix for last security fix. Set
	  the iseqno correctly. (closes issue #13918) Reported by:
	  ffloimair Patches: 20081119__bug13918.diff.txt uploaded by
	  Corydon76 (license 14) Tested by: ffloimair

2008-08-09  Tilghman Lesher <tlesher@digium.com>

	* Asterisk 1.2.30.2 released

2008-08-09 15:24 +0000 [r136945]  Tilghman Lesher <tlesher@digium.com>

	* include/asterisk/compat.h, include/asterisk/astobj2.h: Regression
	  fixes for Solaris

2008-07-25 15:00 +0000 [r133577]  Russell Bryant <russell@digium.com>

	* LICENSE: Fix the IAX2 URI for calling Digium

2008-07-23  Tilghman Lesher <tlesher@digium.com>

	* Asterisk 1.2.30.1 released

2008-07-24 03:46 +0000 [r133360]  Tilghman Lesher <tlesher@digium.com>

	* channels/chan_iax2.c: This part was not correctly patched for
	  AST-2008-010.

Revision 1.37 / (download) - annotate - [select for diffs], Wed Jan 21 05:35:07 2009 UTC (14 years ago) by obache
Branch: MAIN
Changes since 1.36: +4 -4 lines
Diff to previous 1.36 (colored)

Update asterisk to 1.2.31.
While here, update MASTER_SITES and honor PKGMANDIR.

ChangeLog-1.2.31:
2009-01-06  Leif Madsen <lmadsen@digium.com>

	* Asterisk 1.2.31 released

2009-01-06 20:44 +0000 [r167259]  Tilghman Lesher <tlesher@digium.com>

	* channels/chan_iax2.c: Security fix AST-2009-001.

2008-12-10  Tilghman Lesher <tlesher@digium.com>

	* Asterisk 1.2.30.4 released

2008-12-10 21:06 +0000 [r162868]  Tilghman Lesher <tlesher@digium.com>

	* channels/chan_iax2.c: Fix for AST-2008-012

2008-12-05 20:50 +0000 [r161421]  Sean Bright <sean.bright@gmail.com>

	* include/asterisk/astobj2.h, astobj2.c: Fix build errors on
	  FreeBSD (uint -> unsigned int). (closes issue #14006) Reported
	  by: alphaque Patches: astobj2.h-patch uploaded by alphaque
	  (license 259) (Slightly modified by seanbright)

2008-12-01  Tilghman Lesher <tlesher@digium.com>

	* Asterisk 1.2.30.3 released

2008-11-25 21:37 +0000 [r159245]  Tilghman Lesher <tlesher@digium.com>

	* channels/chan_iax2.c: Regression fix for last security fix. Set
	  the iseqno correctly. (closes issue #13918) Reported by:
	  ffloimair Patches: 20081119__bug13918.diff.txt uploaded by
	  Corydon76 (license 14) Tested by: ffloimair

2008-08-09  Tilghman Lesher <tlesher@digium.com>

	* Asterisk 1.2.30.2 released

2008-08-09 15:24 +0000 [r136945]  Tilghman Lesher <tlesher@digium.com>

	* include/asterisk/compat.h, include/asterisk/astobj2.h: Regression
	  fixes for Solaris

2008-07-25 15:00 +0000 [r133577]  Russell Bryant <russell@digium.com>

	* LICENSE: Fix the IAX2 URI for calling Digium

2008-07-23  Tilghman Lesher <tlesher@digium.com>

	* Asterisk 1.2.30.1 released

2008-07-24 03:46 +0000 [r133360]  Tilghman Lesher <tlesher@digium.com>

	* channels/chan_iax2.c: This part was not correctly patched for
	  AST-2008-010.

Revision 1.35.4.1 / (download) - annotate - [select for diffs], Thu Jul 24 10:19:44 2008 UTC (14 years, 6 months ago) by rtr
Branch: pkgsrc-2008Q2
Changes since 1.35: +4 -4 lines
Diff to previous 1.35 (colored) next main 1.36 (colored)

pullup ticket #2457 requested by tonnerre
asterisk: update package fixes for DoS vulnerabilities

revisions pulled up:
pkgsrc/comms/asterisk/Makefile	1.57
pkgsrc/comms/asterisk/distinfo	1.36

   Module Name:	pkgsrc
   Committed By:	tonnerre
   Date:		Thu Jul 24 00:10:50 UTC 2008

   Modified Files:
   	pkgsrc/comms/asterisk: Makefile distinfo

   Log Message:
   Update Asterisk to version 1.2.30, fixing two Denial of Service
   vulnerabilities (CVE-2008-3263 and CVE-2008-3264).

Revision 1.36 / (download) - annotate - [select for diffs], Thu Jul 24 00:10:50 2008 UTC (14 years, 6 months ago) by tonnerre
Branch: MAIN
CVS Tags: pkgsrc-2008Q4-base, pkgsrc-2008Q3-base, pkgsrc-2008Q3, cube-native-xorg-base, cube-native-xorg
Branch point for: pkgsrc-2008Q4
Changes since 1.35: +4 -4 lines
Diff to previous 1.35 (colored)

Update Asterisk to version 1.2.30, fixing two Denial of Service
vulnerabilities (CVE-2008-3263 and CVE-2008-3264).
cvs: ----------------------------------------------------------------------

Revision 1.35 / (download) - annotate - [select for diffs], Fri Jun 13 10:10:33 2008 UTC (14 years, 7 months ago) by mjl
Branch: MAIN
CVS Tags: pkgsrc-2008Q2-base, cwrapper
Branch point for: pkgsrc-2008Q2
Changes since 1.34: +4 -4 lines
Diff to previous 1.34 (colored)

Update to 1.2.29. Security update.

* channels/chan_sip.c: Copy the From header into a variable so that
          pedantic SIP handling does not try to mess with a NULL pointer.
          (AST-2008-008)
* channels/chan_iax2.c: When we receive a full frame that is
          supposed to contain our call number, ensure that it has the
          correct one. (closes issue #10078) (AST-2008-006)

Revision 1.34 / (download) - annotate - [select for diffs], Thu Apr 24 09:04:55 2008 UTC (14 years, 9 months ago) by wiz
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)

Another try at fixing installation of the pkgconfig file under pbulk.

Revision 1.33 / (download) - annotate - [select for diffs], Wed Mar 19 10:32:02 2008 UTC (14 years, 10 months ago) by mjl
Branch: MAIN
CVS Tags: pkgsrc-2008Q1-base, pkgsrc-2008Q1
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)

Update asterisk to 1.2.27

Update for several critical security issues:

   * astobj.h: Fix character string being treated as format string
   * chan_sip.c: Do not return with a successful
     authentication if the From header ends up empty. (AST-2008-003)
   * chan_iax2.c: Fix another potential seg fault (closes issue #11606)
   * chan_iax2.c: Fix a couple of places where it's possible
     to dereference a NULL pointer.
   * chan_sip.c, channels/chan_iax2.c: Fixing AST-2007-027
   * cdr_pgsql.c: Properly escape src and dst fields (Fixes AST-2007-026)

Revision 1.32 / (download) - annotate - [select for diffs], Wed Feb 20 10:14:19 2008 UTC (14 years, 11 months ago) by wiz
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)

Create pkgconfig file in correct location. Add it to PLIST.
Bump PKGREVISION.

Revision 1.31 / (download) - annotate - [select for diffs], Fri Aug 10 00:03:28 2007 UTC (15 years, 5 months ago) by mjl
Branch: MAIN
CVS Tags: pkgsrc-2007Q4-base, pkgsrc-2007Q4, pkgsrc-2007Q3-base, pkgsrc-2007Q3
Changes since 1.30: +4 -4 lines
Diff to previous 1.30 (colored)

Update asterisk to 1.2.24.

Version 1.2.24 is the final 1.2 release that contains normal bug fixes.
The 1.2 branch will only be maintained with security fix releases from
now until it is completely deprecated.

Revision 1.30 / (download) - annotate - [select for diffs], Fri Aug 3 22:40:01 2007 UTC (15 years, 6 months ago) by mjl
Branch: MAIN
Changes since 1.29: +4 -4 lines
Diff to previous 1.29 (colored)

Update asterisk to 1.2.23

        * channels/chan_iax2.c: Don't create the Asterisk channel until we
          are starting the PBX on it. (ASA-2007-018)
        * channels/chan_agent.c: (closes issue #5866) Reported by: tyler Do
          not force channel format changes when a generator is present. The
          generator may have changed the formats itself and changing them
          back would cause issues.
        * channels/chan_sip.c: (closes issue #10236) Reported by: homesick
          Patches: rpid_1.4_75840.patch uploaded by homesick (license 91)
          Accept Remote Party ID on guest calls.
        * include/asterisk/app.h: We should not use C++ reserved words in
          API headers (closes issue #10266)
        * channels/chan_sip.c: Backport a fix for a memory leak that was
          fixed in trunk in reivision 76221 by rizzo. The memory used for
          the localaddr list was not freed during a configuration reload.
        * channels/chan_sip.c: (closes issue #10247) Reported by:
          fkasumovic Patches: chan_sip.patch uploaded by fkasumovic
          (license #101) Drop any peer realm authentication entries when
          reloading so multiple entries do not get added to the peer.
        * channels/chan_iax2.c: When processing full frames, take sequence
          number wraparound into account when deciding whether or not we
          need to request retransmissions by sending a VNAK. This code
          could cause VNAKs to be sent erroneously in some cases, and to
          not be sent in other cases when it should have been. (closes
          issue #10237, reported and patched by mihai)
        * channels/chan_iax2.c: When traversing the queue of frames for
          possible retransmission after receiving a VNAK, handle sequence
          number wraparound so that all frames that should be retransmitted
          actually do get retransmitted. (issue #10227, reported and
          patched by mihai)
        * apps/app_voicemail.c: Store prior to copy (closes issue #10193)
        * apps/app_queue.c: removed the word 'pissed' from ast_log(...)

Revision 1.29 / (download) - annotate - [select for diffs], Thu Jul 19 09:39:57 2007 UTC (15 years, 6 months ago) by mjl
Branch: MAIN
Changes since 1.28: +5 -5 lines
Diff to previous 1.28 (colored)

Update to 1.2.22

	* channels/chan_skinny.c: Properly check for the length in the
	  skinny packet to prevent an invalid memcpy. (ASA-2007-016)

	* channels/iax2-parser.h, channels/chan_iax2.c,
	  channels/iax2-parser.c: Ensure that when encoding the contents of
	  an ast_frame into an iax_frame, that the size of the destination
	  buffer is known in the iax_frame so that code won't write past
	  the end of the allocated buffer when sending outgoing frames.
	  (ASA-2007-014)

	* channels/chan_iax2.c: After parsing information elements in IAX
	  frames, set the data length to zero, so that code later on does
	  not think it has data to copy. (ASA-2007-015)

	* res/res_musiconhold.c: Fix a couple potential minor memory leaks.
	  load_moh_classes() could return without destroying the loaded
	  configuration.

	* apps/app_chanspy.c: Fixed an issue where chanspy flags were
	  uninitialized if no options were passed.

	* res/res_musiconhold.c: Ensure that adding a user to the list of
	  users of a specific music on hold class is not done at the same
	  time as any of the other operations on this list to prevent list
	  corruption.

	* channels/chan_iax2.c: The function make_trunk() can fail and
	  return -1 instead of a valid new call number. Fix the uses of
	  this function to handle this instead of treating it as the new
	  call number. This would cause a deadlock and memory corruption.

	* channels/chan_agent.c: The cli command "agent logoff Agent/x
	  soft" did not work...at all. Now it does.

	* res/res_config_odbc.c: Make sure that the ESCAPE immediately
	  follows the condition that uses LIKE. This fixes realtime
	  extensions with ODBC.

	* apps/app_queue.c: Fix an issue where it was possible to have a
	  service level of over 100% Between the time recalc_holdtime and
	  update_queue was called, it was possible that the call could have
	  been hungup.

	* dns.c: Use res_ndestroy on systems that have it. Otherwise, use
	  res_nclose. This prevents a memleak on NetBSD - and possibly
	  others.

Revision 1.28 / (download) - annotate - [select for diffs], Wed Jul 11 14:28:47 2007 UTC (15 years, 6 months ago) by mjl
Branch: MAIN
Changes since 1.27: +4 -4 lines
Diff to previous 1.27 (colored)

Update asterisk to 1.2.21.1.

Revision 1.27 / (download) - annotate - [select for diffs], Sun Jul 8 12:02:18 2007 UTC (15 years, 6 months ago) by mjl
Branch: MAIN
Changes since 1.26: +4 -4 lines
Diff to previous 1.26 (colored)

Updated asterisk to 1.2.20

This release is a regular maintenance release. It has been made just
a couple of weeks after the previous set of releases because the
development team has been working especially hard on fixing bugs
lately. There has been a large volume of issues fixed in just two weeks.

Revision 1.26 / (download) - annotate - [select for diffs], Sun Jun 24 07:52:47 2007 UTC (15 years, 7 months ago) by mjl
Branch: MAIN
CVS Tags: pkgsrc-2007Q2-base, pkgsrc-2007Q2
Changes since 1.25: +4 -4 lines
Diff to previous 1.25 (colored)

Updated asterisk to 1.2.19.

Revision 1.25 / (download) - annotate - [select for diffs], Thu Apr 26 09:43:15 2007 UTC (15 years, 9 months ago) by mjl
Branch: MAIN
Changes since 1.24: +5 -5 lines
Diff to previous 1.24 (colored)

Updated asterisk to 1.2.18

This release contains a large number of fixes, including:

- A recently published security vulnerability in the manager
  interface (ASA-2007-012)
- Another recently published security vulnerability in the
  SIP channel driver (ASA-2007-011)

Revision 1.24 / (download) - annotate - [select for diffs], Thu Mar 22 12:57:26 2007 UTC (15 years, 10 months ago) by mjl
Branch: MAIN
CVS Tags: pkgsrc-2007Q1-base, pkgsrc-2007Q1
Changes since 1.23: +4 -4 lines
Diff to previous 1.23 (colored)

Upgrade to 1.2.17.

Along with minor bug fixes, this release incorporates a fix for the
SIP DoS vulnerability recently discovered by INRIA Lorraine.

All users of Asterisk 1.2 with the SIP channel driver loaded and
connected to an untrusted network are urged to update to this release
to avoid the possibility of experiencing this problem.


Note that the option "zaptel" won't compile any more since version 1.2.16.
This needs an upgrade of the netbsd zaptel driver.

Revision 1.22.2.1 / (download) - annotate - [select for diffs], Fri Mar 9 16:49:16 2007 UTC (15 years, 10 months ago) by salo
Branch: pkgsrc-2006Q4
Changes since 1.22: +4 -4 lines
Diff to previous 1.22 (colored) next main 1.23 (colored)

Pullup ticket 2048 - requested by drochner
security update for asterisk

Revisions pulled up:
- pkgsrc/comms/asterisk/Makefile			1.35
- pkgsrc/comms/asterisk/distinfo			1.23

   Module Name:		pkgsrc
   Committed By:	drochner
   Date:		Wed Mar  7 12:10:29 UTC 2007

   Modified Files:
   	pkgsrc/comms/asterisk: Makefile distinfo

   Log Message:
   update to 1.2.16
   changes:
   1.2.15: This release contains a significant Astribank (XPP) driver update,
    support for Digium's TE120P card, and various bug fixes.
   1.2.16: This release contains a number of bug fixes, including a fix for
    a recently discovered security vulnerability. All Asterisk 1.2 users are
    urged to update to this release as soon as possible.

   This is in response to PR pkg/35924 by David Wetzel. The PR suggests
   to update to 1.4.1, but since I'm not using Asterisk myself I prefer
   to do just the minor update (which also fixes the security vulnerability)
   for now.

Revision 1.23 / (download) - annotate - [select for diffs], Wed Mar 7 12:10:29 2007 UTC (15 years, 11 months ago) by drochner
Branch: MAIN
Changes since 1.22: +4 -4 lines
Diff to previous 1.22 (colored)

update to 1.2.16
changes:
1.2.15: This release contains a significant Astribank (XPP) driver update,
 support for Digium's TE120P card, and various bug fixes.
1.2.16: This release contains a number of bug fixes, including a fix for
 a recently discovered security vulnerability. All Asterisk 1.2 users are
 urged to update to this release as soon as possible.

This is in response to PR pkg/35924 by David Wetzel. The PR suggests
to update to 1.4.1, but since I'm not using Asterisk myself I prefer
to do just the minor update (which also fixes the security vulnerability)
for now.

Revision 1.22 / (download) - annotate - [select for diffs], Wed Dec 20 11:34:55 2006 UTC (16 years, 1 month ago) by mjl
Branch: MAIN
CVS Tags: pkgsrc-2006Q4-base
Branch point for: pkgsrc-2006Q4
Changes since 1.21: +4 -4 lines
Diff to previous 1.21 (colored)

Update asterisk to 1.2.14.

Revision 1.21 / (download) - annotate - [select for diffs], Thu Oct 19 14:02:07 2006 UTC (16 years, 3 months ago) by mjl
Branch: MAIN
Changes since 1.20: +4 -4 lines
Diff to previous 1.20 (colored)

Update to asterisk 1.2.13

This release contains a fix for a security vulnerability recently
found in the chan_skinny channel driver (for Cisco SCCP phones).
This vulnerability would enable an attacker to remotely execute
code as the system user running Asterisk (frequently 'root').
The exploit does not require that the skinny.conf contain any
valid phone entries, only that chan_skinny is loaded and operational.

This release also contains a number of bug fixes, and some improvements
to the chan_sip channel driver (for SIP devices) to mitigate the impacts
of a certain class of denial-of-service attacks that have recently been
published.

All Asterisk 1.2 users are urged to update to this release if they use
the chan_skinny channel driver, or to stop loading it if it is not
needed ('noload=>chan_skinny.so' in modules.conf will cause this behavior).

Revision 1.20 / (download) - annotate - [select for diffs], Sat Sep 16 15:29:35 2006 UTC (16 years, 4 months ago) by hira
Branch: MAIN
CVS Tags: pkgsrc-2006Q3-base, pkgsrc-2006Q3
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)

Add missing RCS Id.

Revision 1.19 / (download) - annotate - [select for diffs], Wed Sep 13 09:28:35 2006 UTC (16 years, 4 months ago) by mjl
Branch: MAIN
Changes since 1.18: +4 -4 lines
Diff to previous 1.18 (colored)

Update asterisk to 1.2.12.1.

Revision 1.18 / (download) - annotate - [select for diffs], Wed Sep 13 09:08:55 2006 UTC (16 years, 4 months ago) by mjl
Branch: MAIN
Changes since 1.17: +5 -5 lines
Diff to previous 1.17 (colored)

Update to asterisk 1.2.12

Asterisk 1.2.11 includes a number of bug fixes, along with an update
to the chan_misdn driver for mISDN devices.
Asterisk 1.2.12 includes a number of bug fixes, including fixes for
two regressions that occurred in the 1.2.11 release. Specifically,
the AGI 'GET VARIABLE' command has now gone back to its previous
behavior, and CDR records now reflect the CallerID number instead
of ANI in the situations that this was the case in earlier 1.2 releases.

Revision 1.17 / (download) - annotate - [select for diffs], Fri Aug 18 11:32:51 2006 UTC (16 years, 5 months ago) by adam
Branch: MAIN
Changes since 1.16: +6 -5 lines
Diff to previous 1.16 (colored)

Changes 1.2.10:
* Number of bug fixes
* New option to help to avoid a potential denial of service in IAX2 channel driver
* Support for TE407P and TE412P quad T1/E1 interface cards

Revision 1.16 / (download) - annotate - [select for diffs], Sat Jul 1 13:26:50 2006 UTC (16 years, 7 months ago) by riz
Branch: MAIN
CVS Tags: pkgsrc-2006Q2-base, pkgsrc-2006Q2
Changes since 1.15: +4 -4 lines
Diff to previous 1.15 (colored)

Update asterisk to 1.2.9.1 - fixes a vulnerability in the IAX2 channel
driver most importantly.

Revision 1.15 / (download) - annotate - [select for diffs], Mon Jun 12 14:35:35 2006 UTC (16 years, 7 months ago) by joerg
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

Ensure that PROC is set on DragonFly.

Revision 1.14 / (download) - annotate - [select for diffs], Wed May 31 18:43:15 2006 UTC (16 years, 8 months ago) by adam
Branch: MAIN
Changes since 1.13: +5 -6 lines
Diff to previous 1.13 (colored)

Changes 1.2.8:
* Number of bug fixes, including IAX2 channel driver fixes.

Revision 1.11.2.1 / (download) - annotate - [select for diffs], Wed May 3 08:57:02 2006 UTC (16 years, 9 months ago) by salo
Branch: pkgsrc-2006Q1
Changes since 1.11: +8 -8 lines
Diff to previous 1.11 (colored) next main 1.12 (colored)

Pullup ticket 1510 - requested by riz
security update for asterisk

Revisions pulled up:
- pkgsrc/comms/asterisk/Makefile			1.23, 1.24
- pkgsrc/comms/asterisk/PLIST.common			1.6
- pkgsrc/comms/asterisk/distinfo			1.12, 1.13
- pkgsrc/comms/asterisk/patches/patch-aa		1.8
- pkgsrc/comms/asterisk/patches/patch-ae		1.3
- pkgsrc/comms/asterisk/patches/patch-af		1.4
- pkgsrc/comms/asterisk/patches/patch-ag		1.2

   Module Name:		pkgsrc
   Committed By:	adam
   Date:		Thu Apr 13 08:47:06 UTC 2006

   Modified Files:
   	pkgsrc/comms/asterisk: Makefile PLIST.common distinfo
   	pkgsrc/comms/asterisk/patches: patch-aa patch-ae patch-af patch-ag

   Log Message:
   Changes 1.2.7:
   * Important bug fixes
   * SIP handling
   * MixMonitor call recording
---
   Module Name:		pkgsrc
   Committed By:	mjl
   Date:		Thu Apr 13 18:36:58 UTC 2006

   Modified Files:
   	pkgsrc/comms/asterisk: Makefile distinfo

   Log Message:
   Update to asterisk 1.2.7.1

     * apps/app_page.c: oops... let's not set a variable and then
       immediately overwrite it while assuming its old value will
       magically return
     * pbx.c: Bug 6957 - variable names beginning with CALLERID weren't
       substituted correctly

Revision 1.13 / (download) - annotate - [select for diffs], Thu Apr 13 18:36:58 2006 UTC (16 years, 9 months ago) by mjl
Branch: MAIN
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)

Update to asterisk 1.2.7.1

  * apps/app_page.c: oops... let's not set a variable and then
    immediately overwrite it while assuming its old value will
    magically return
  * pbx.c: Bug 6957 - variable names beginning with CALLERID weren't
    substituted correctly

Revision 1.12 / (download) - annotate - [select for diffs], Thu Apr 13 08:47:06 2006 UTC (16 years, 9 months ago) by adam
Branch: MAIN
Changes since 1.11: +8 -8 lines
Diff to previous 1.11 (colored)

Changes 1.2.7:
* Important bug fixes
* SIP handling
* MixMonitor call recording

Revision 1.11 / (download) - annotate - [select for diffs], Wed Feb 1 01:45:29 2006 UTC (17 years ago) by mjl
Branch: MAIN
CVS Tags: pkgsrc-2006Q1-base
Branch point for: pkgsrc-2006Q1
Changes since 1.10: +4 -4 lines
Diff to previous 1.10 (colored)

Update to asterisk 1.2.4. This is a bugfix release.

	* channels/chan_zap.c: disable buggy PRI user-user code until it
	  can be fixed
	* channels/chan_sip.c: Issue 6182 - Don't remove scheduled event
	  until it's really done.
	* channels/chan_sip.c: Issue 6362 - Register without Contact: and
	  Expires: fails
	* ast_expr2.h, ast_expr2f.c, ast_expr2.c: Bug 6072 - Revisions to
	  the source bison and flex files don't auto-regenerate these files
	* channels/chan_zap.c: fix problem with dtmf on e&m (issue #6364)
	* channels/chan_sip.c: Issue 5898: Registrations does not get
	  deleted if there's an active SIP dialog
	* channels/chan_sip.c: don't call ast_update_realtime with
	  uninitialized variables if we get a registration with an expirey
	  of 0 seconds (issue #6173)
	* channels/chan_features.c: fix memory leak (inspired by issue
	  #6351)

Revision 1.10 / (download) - annotate - [select for diffs], Sun Jan 29 01:21:45 2006 UTC (17 years ago) by rillig
Branch: MAIN
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)

- Fixed some pkglint warnings.
- Replaced absolute directories like /usr/pkg and /var with ${PREFIX} and
  ${VARBASE}.
- USE_TOOLS+=perl:run, since there is one Perl program installed with the
  package.
- Bumped PKGREVISION.

Revision 1.9 / (download) - annotate - [select for diffs], Wed Jan 25 17:48:43 2006 UTC (17 years ago) by riz
Branch: MAIN
Changes since 1.8: +4 -4 lines
Diff to previous 1.8 (colored)

Update to asterisk 1.2.3 - bugfixes only.

Revision 1.8 / (download) - annotate - [select for diffs], Wed Jan 18 11:39:54 2006 UTC (17 years ago) by mjl
Branch: MAIN
Changes since 1.7: +4 -4 lines
Diff to previous 1.7 (colored)

Update to asterisk 1.2.2

Changes are bugfixes only.

Revision 1.7 / (download) - annotate - [select for diffs], Fri Jan 13 20:32:38 2006 UTC (17 years ago) by riz
Branch: MAIN
Changes since 1.6: +15 -15 lines
Diff to previous 1.6 (colored)

Update asterisk to version 1.2.1.  Many, many bugfixes, and some
new features, including support for DUNDi.  (http://www.dundi.com/ for
more information)

The initial framework and porting of this package upgrade was done by
Martin J. Laubach, with lots of feature/PLIST fixes by me.  DragonFly
support added by Joerg Sonnenberger.

Revision 1.6 / (download) - annotate - [select for diffs], Mon Jan 2 16:02:10 2006 UTC (17 years, 1 month ago) by joerg
Branch: MAIN
Changes since 1.5: +8 -2 lines
Diff to previous 1.5 (colored)

DragonFly support. Override config.guess and config.sub.

Revision 1.5 / (download) - annotate - [select for diffs], Mon Oct 10 21:45:08 2005 UTC (17 years, 3 months ago) by rh
Branch: MAIN
CVS Tags: pkgsrc-2005Q4-base, pkgsrc-2005Q4
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

Make this compile with newer versions of Darwin that have poll(2).

Revision 1.4 / (download) - annotate - [select for diffs], Fri Sep 2 12:58:34 2005 UTC (17 years, 5 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2005Q3-base, pkgsrc-2005Q3
Changes since 1.3: +6 -6 lines
Diff to previous 1.3 (colored)

Changes 1.0.9:
 -- fix bug in callerid matching in the dialplan that was introduced in 1.0.8

Changes 1.0.8:
 -- chan_zap
    -- Asterisk will now also look in the regular context for the fax extension
       while executing a macro.  Previously, for this to work, the fax extension
       would have to be included in the macro definition.
    -- On some systems, ALERTING will be sent after PROCEEDING, so code has been
       added to account for this case.
    -- If no extension is specified on an overlap call, the 's' extension will
       be used.
 -- chan_sip
    -- We no longer send a "to" tag on "100 Trying" messages, as it is
       inappropriate to do so.
    -- We now respond correctly to an invite for T.38 with a "488 Not acceptable
       here"
    -- We now discard saved tags on 401/407 responses in case the provider we're
       talking to tries to pull a dirty trick on us and change it.
    -- rtptimeout options will now be correctly set on a peer basis rather than
       only global
 -- chan_mgcp
    -- Fixed setting of accountcode
    -- Fixed where *67 to block callerid only worked for first call
 -- chan_agent
    -- We now will not pass audio until the agent has acked the call if the
       configuration
       is set up for the agent to do so.
 -- chan_alsa
    -- Fixed problems with the unloading of this module
 -- res_agi
    -- A fix has been added to prevent calls from being hung up when more than
       one call is executing an AGI script calling the GET DATA command.
    -- AGI scripts will now continue to run even if a file was not found with
       the GET DATA command.
    -- When calling SAY NUMBER with a number like 09, we will now say "nine"
       instead of "zero"
 -- app_dial
    -- There was a problem where text frames would not be forwarded before the
       channel has been answered.
 -- app_disa
    -- Fixed the timeout used when no password is set
 -- app_queue
    -- Distinctive ring has been fixed to work for queue members
  -- rtp
    -- Fixed a logic error when setting the "rtpchecksums" option
 -- say.c
    -- A problem has been fixed with saying the date in Spanish.
 -- Makefile
    -- A line was missing for the autosupport script that caused "make rpm" to
       fail
 -- format_wav_gsm
    -- Fixed a problem with wav formatting that prevented files from being
       played in some media players
 -- pbx_spool
    -- Fixed if the last line of text in a file for the call spool did not
       contain a new line, it would not be processed
 -- logger
    -- Fixed the logger so that color escape sequences wouldn't be sent to the
       logs
 -- format_sln
    -- A lot of changes were made to correctly handle signed linear format on
       big endian machines

Revision 1.3 / (download) - annotate - [select for diffs], Tue May 24 14:29:06 2005 UTC (17 years, 8 months ago) by riz
Branch: MAIN
CVS Tags: pkgsrc-2005Q2-base, pkgsrc-2005Q2
Changes since 1.2: +3 -1 lines
Diff to previous 1.2 (colored)

Fix the build of asterisk on powerpc platforms.  Approved by jmcneill.

Revision 1.2 / (download) - annotate - [select for diffs], Wed Apr 13 19:23:56 2005 UTC (17 years, 9 months ago) by riz
Branch: MAIN
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)

Rework patch-aa so that machines with different MACHINE and MACHINE_ARCH
stand a chance of working.  Fixes build on NetBSD/amd64 - have not
tested functionality.  Approved by jmcneill.

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Fri Apr 8 03:10:52 2005 UTC (17 years, 9 months ago) by riz
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Initial import of asterisk-1.0.7, from pkgsrc-wip.  Approved by jmcneill.

There are still some features not enabled by default, but this is a
solid foundation upon which to build - a fully-functional PBX can be
built, including PSTN gatewaying using the comms/zaptel-netbsd package.

From the DESCR:
Asterisk is a complete PBX in software.  It provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.

Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).

Revision 1.1 / (download) - annotate - [select for diffs], Fri Apr 8 03:10:52 2005 UTC (17 years, 9 months ago) by riz
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>