summaryrefslogtreecommitdiff
path: root/comms/asterisk18/PLIST
diff options
context:
space:
mode:
authortron <tron@pkgsrc.org>2014-12-06 16:57:53 +0000
committertron <tron@pkgsrc.org>2014-12-06 16:57:53 +0000
commitbf86b176eefd3c302a60edaba16b1eaad915cbbe (patch)
treee2f01aebfeee1a575c3854fa4a31c5da95e1311b /comms/asterisk18/PLIST
parent5c5b516c3a2837187ede359c936d541cb50980f2 (diff)
downloadpkgsrc-bf86b176eefd3c302a60edaba16b1eaad915cbbe.tar.gz
Pullup ticket #4566 - requested by jnemeth
comms/asterisk:: security update comms/asterisk18: security update Revisions pulled up: - comms/asterisk/Makefile 1.113-1.115 - comms/asterisk/PLIST 1.9 - comms/asterisk/distinfo 1.67-1.69 - comms/asterisk/patches/patch-contrib_scripts_autosupport deleted - comms/asterisk18/Makefile 1.88-1.90 - comms/asterisk18/PLIST 1.25 - comms/asterisk18/distinfo 1.56-1.58 --- Module Name: pkgsrc Committed By: jnemeth Date: Tue Oct 14 03:35:05 UTC 2014 Modified Files: pkgsrc/comms/asterisk18: Makefile PLIST distinfo Log Message: Update Asterisk to 1.8.31.0. This is mostly a bugfix release: The Asterisk Development Team has announced the release of Asterisk 1.8.31.0. The release of Asterisk 1.8.31.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-24032 - Gentoo compilation emits warning: "_FORTIFY_SOURCE" redefined (Reported by Kilburn) * ASTERISK-24225 - Dial option z is broken (Reported by dimitripietro) * ASTERISK-24178 - [patch]fromdomainport used even if not set (Reported by Elazar Broad) * ASTERISK-24019 - When a Music On Hold stream starts it restarts at beginning of file. (Reported by Jason Richards) * ASTERISK-24211 - testsuite: Fix the dial_LS_options test (Reported by Matt Jordan) * ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash Mohod) Improvements made in this release: ----------------------------------- * ASTERISK-24171 - [patch] Provide a manpage for the aelparse utility (Reported by Jeremy Lainé) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.31.0 Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Tue Oct 14 03:36:40 UTC 2014 Modified Files: pkgsrc/comms/asterisk: Makefile PLIST distinfo Log Message: Update Asterisk to 11.13.0. This is mostly a bugfix release: The Asterisk Development Team has announced the release of Asterisk 11.13.0. The release of Asterisk 11.13.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-24032 - Gentoo compilation emits warning: "_FORTIFY_SOURCE" redefined (Reported by Kilburn) * ASTERISK-24225 - Dial option z is broken (Reported by dimitripietro) * ASTERISK-24178 - [patch]fromdomainport used even if not set (Reported by Elazar Broad) * ASTERISK-22252 - res_musiconhold cleanup - REF_DEBUG reload warnings and ref leaks (Reported by Walter Doekes) * ASTERISK-23997 - chan_sip: port incorrectly incremented for RTCP ICE candidates in SDP answer (Reported by Badalian Vyacheslav) * ASTERISK-24019 - When a Music On Hold stream starts it restarts at beginning of file. (Reported by Jason Richards) * ASTERISK-23767 - [patch] Dynamic IAX2 registration stops trying if ever not able to resolve (Reported by David Herselman) * ASTERISK-24211 - testsuite: Fix the dial_LS_options test (Reported by Matt Jordan) * ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash Mohod) * ASTERISK-23577 - res_rtp_asterisk: Crash in ast_rtp_on_turn_rtp_state when RTP instance is NULL (Reported by Jay Jideliov) * ASTERISK-23634 - With TURN Asterisk crashes on multiple (7-10) concurrent WebRTC (avpg/encryption/icesupport) calls (Reported by Roman Skvirsky) * ASTERISK-24301 - Security: Out of call MESSAGE requests processed via Message channel driver can crash Asterisk (Reported by Matt Jordan) Improvements made in this release: ----------------------------------- * ASTERISK-24171 - [patch] Provide a manpage for the aelparse utility (Reported by Jeremy Lainé) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0 Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Wed Nov 19 08:30:57 UTC 2014 Modified Files: pkgsrc/comms/asterisk18: Makefile distinfo Log Message: Update to Asterisk 1.8.32.0: this is mostly a bug fix release. The Asterisk Development Team has announced the release of Asterisk 1.8.32.0. The release of Asterisk 1.8.32.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-24348 - Built-in editline tab complete segfault with MALLOC_DEBUG (Reported by Walter Doekes) * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls (Reported by Torrey Searle) * ASTERISK-23768 - [patch] Asterisk man page contains a (new) unquoted minus sign (Reported by Jeremy Lainé) * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits (Reported by Jeremy Lainé) * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with realtime peers (Reported by ibercom) * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell) * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM (Reported by Michael Myles) * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by NITESH BANSAL) * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by Torrey Searle) * ASTERISK-24406 - Some caller ID strings are parsed differently since 11.13.0 (Reported by Etienne Lessard) * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30 (Reported by Tzafrir Cohen) * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by Tzafrir Cohen) * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE (Reported by Paolo Compagnini) * ASTERISK-18923 - res_fax_spandsp usage counter is wrong (Reported by Grigoriy Puzankin) * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout (Reported by Dmitry Melekhov) * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy when sending qualify requests (Reported by Damian Ivereigh) * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566) (Reported by abelbeck) * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0 (Reported by Patrick Laimbock) * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers (Reported by Olle Johansson) * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by Nick Adams) * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled (Reported by Corey Farrell) * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream leaks (Reported by Corey Farrell) * ASTERISK-24307 - Unintentional memory retention in stringfields (Reported by Etienne Lessard) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.32.0 Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Wed Nov 19 08:32:48 UTC 2014 Modified Files: pkgsrc/comms/asterisk: Makefile distinfo Removed Files: pkgsrc/comms/asterisk/patches: patch-contrib_scripts_autosupport Log Message: Update to Asterisk 11.14.0: this is mostly a bugfix release. The Asterisk Development Team has announced the release of Asterisk 11.14.0. The release of Asterisk 11.14.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-24348 - Built-in editline tab complete segfault with MALLOC_DEBUG (Reported by Walter Doekes) * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to INVITE retransmissions of rejected calls (Reported by Torrey Searle) * ASTERISK-23768 - [patch] Asterisk man page contains a (new) unquoted minus sign (Reported by Jeremy Lainé) * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits (Reported by Jeremy Lainé) * ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir Cohen) * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with realtime peers (Reported by ibercom) * ASTERISK-24384 - chan_motif: format capabilities leak on module load error (Reported by Corey Farrell) * ASTERISK-24385 - chan_sip: process_sdp leaks on an error path (Reported by Corey Farrell) * ASTERISK-24378 - Release AMI connections on shutdown (Reported by Corey Farrell) * ASTERISK-24354 - AMI sendMessage closes AMI connection on error (Reported by Peter Katzmann) * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell) * ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are incorrectly attempted (Reported by Joshua Colp) * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too high on linux systems with lots of RAM (Reported by Michael Myles) * ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates received for component (Reported by Kevin Harwell) * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by NITESH BANSAL) * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP Re-INVITE results in a SIP channel leak (Reported by Torrey Searle) * ASTERISK-24406 - Some caller ID strings are parsed differently since 11.13.0 (Reported by Etienne Lessard) * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30 (Reported by Tzafrir Cohen) * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by Tzafrir Cohen) * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE (Reported by Paolo Compagnini) * ASTERISK-18923 - res_fax_spandsp usage counter is wrong (Reported by Grigoriy Puzankin) * ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by Corey Farrell) * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout (Reported by Dmitry Melekhov) * ASTERISK-23846 - Unistim multilines. Loss of voice after second call drops (on a second line). (Reported by Rustam Khankishyiev) * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy when sending qualify requests (Reported by Damian Ivereigh) * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of SSLv3, security fix POODLE (CVE-2014-3566) (Reported by abelbeck) * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling against libsrtp-1.5.0 (Reported by Patrick Laimbock) * ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing leak (Reported by Corey Farrell) * ASTERISK-24430 - missing letter "p" in word response in OriginateResponse event documentation (Reported by Dafi Ni) * ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by Corey Farrell) * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers (Reported by Olle Johansson) * ASTERISK-24304 - asterisk crashing randomly because of unistim channel (Reported by dhanapathy sathya) * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by Nick Adams) * ASTERISK-24466 - app_queue: fix a couple leaks to struct call_queue (Reported by Corey Farrell) * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled (Reported by Corey Farrell) * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream leaks (Reported by Corey Farrell) * ASTERISK-24307 - Unintentional memory retention in stringfields (Reported by Etienne Lessard) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0 Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Wed Dec 3 01:00:23 UTC 2014 Modified Files: pkgsrc/comms/asterisk18: Makefile distinfo Log Message: Update to Asterisk 1.8.32.1: this is a security fix release. The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1, 11.14.1, 12.7.1, and 13.0.1. The release of these versions resolves the following security vulnerabilities: * AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP address families Many modules in Asterisk that service incoming IP traffic have ACL options ("permit" and "deny") that can be used to whitelist or blacklist address ranges. A bug has been discovered where the address family of incoming packets is only compared to the IP address family of the first entry in the list of access control rules. If the source IP address for an incoming packet is not of the same address as the first ACL entry, that packet bypasses all ACL rules. * AST-2014-018: Permission Escalation through DB dialplan function The DB dialplan function when executed from an external protocol, such as AMI, could result in a privilege escalation. Users with a lower class authorization in AMI can access the internal Asterisk database without the required SYSTEM class authorization. For more information about the details of these vulnerabilities, please read security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015, AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf Thank you for your continued support of Asterisk! --- Module Name: pkgsrc Committed By: jnemeth Date: Wed Dec 3 01:57:37 UTC 2014 Modified Files: pkgsrc/comms/asterisk: Makefile distinfo Log Message: Update to Asterisk 11.14.1: this is a security fix release. The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1, 11.14.1, 12.7.1, and 13.0.1. The release of these versions resolves the following security vulnerabilities: * AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP address families Many modules in Asterisk that service incoming IP traffic have ACL options ("permit" and "deny") that can be used to whitelist or blacklist address ranges. A bug has been discovered where the address family of incoming packets is only compared to the IP address family of the first entry in the list of access control rules. If the source IP address for an incoming packet is not of the same address as the first ACL entry, that packet bypasses all ACL rules. * AST-2014-018: Permission Escalation through DB dialplan function The DB dialplan function when executed from an external protocol, such as AMI, could result in a privilege escalation. Users with a lower class authorization in AMI can access the internal Asterisk database without the required SYSTEM class authorization. In addition, the release of 11.6-cert8 and 11.14.1 resolves the following security vulnerability: * AST-2014-014: High call load with ConfBridge can result in resource exhaustion The ConfBridge application uses an internal bridging API to implement conference bridges. This internal API uses a state model for channels within the conference bridge and transitions between states as different things occur. Unload load it is possible for some state transitions to be delayed causing the channel to transition from being hung up to waiting for media. As the channel has been hung up remotely no further media will arrive and the channel will stay within ConfBridge indefinitely. In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves the following security vulnerability: * AST-2014-017: Permission Escalation via ConfBridge dialplan function and AMI ConfbridgeStartRecord Action The CONFBRIDGE dialplan function when executed from an external protocol (such as AMI) can result in a privilege escalation as certain options within that function can affect the underlying system. Additionally, the AMI ConfbridgeStartRecord action has options that would allow modification of the underlying system, and does not require SYSTEM class authorization in AMI. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf * http://downloads.asterisk.org/pub/security/AST-2014-014.pdf * http://downloads.asterisk.org/pub/security/AST-2014-017.pdf * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf Thank you for your continued support of Asterisk!
Diffstat (limited to 'comms/asterisk18/PLIST')
-rw-r--r--comms/asterisk18/PLIST16
1 files changed, 8 insertions, 8 deletions
diff --git a/comms/asterisk18/PLIST b/comms/asterisk18/PLIST
index 272475a148b..c302a101a23 100644
--- a/comms/asterisk18/PLIST
+++ b/comms/asterisk18/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.24 2014/07/02 03:20:43 jnemeth Exp $
+@comment $NetBSD: PLIST,v 1.24.2.1 2014/12/06 16:57:53 tron Exp $
include/asterisk.h
include/asterisk/_private.h
include/asterisk/abstract_jb.h
@@ -356,15 +356,15 @@ libdata/asterisk/phoneprov/000000000000.cfg
libdata/asterisk/phoneprov/polycom.xml
libdata/asterisk/phoneprov/polycom_line.xml
libdata/asterisk/phoneprov/snom-mac.xml
-libdata/asterisk/sounds/en/.asterisk-core-sounds-en-gsm-1.4.25
+libdata/asterisk/sounds/en/.asterisk-core-sounds-en-gsm-1.4.26
libdata/asterisk/sounds/en/1-for-am-2-for-pm.gsm
libdata/asterisk/sounds/en/1-yes-2-no.gsm
-libdata/asterisk/sounds/en/CHANGES-asterisk-core-en-1.4.25
-libdata/asterisk/sounds/en/CHANGES-asterisk-extra-en-1.4.14
-libdata/asterisk/sounds/en/CREDITS-asterisk-core-en-1.4.25
-libdata/asterisk/sounds/en/CREDITS-asterisk-extra-en-1.4.14
-libdata/asterisk/sounds/en/LICENSE-asterisk-core-en-1.4.25
-libdata/asterisk/sounds/en/LICENSE-asterisk-extra-en-1.4.14
+libdata/asterisk/sounds/en/CHANGES-asterisk-core-en-1.4.26
+libdata/asterisk/sounds/en/CHANGES-asterisk-extra-en-1.4.15
+libdata/asterisk/sounds/en/CREDITS-asterisk-core-en-1.4.26
+libdata/asterisk/sounds/en/CREDITS-asterisk-extra-en-1.4.15
+libdata/asterisk/sounds/en/LICENSE-asterisk-core-en-1.4.26
+libdata/asterisk/sounds/en/LICENSE-asterisk-extra-en-1.4.15
libdata/asterisk/sounds/en/OfficeSpace.gsm
libdata/asterisk/sounds/en/Randulo-allison.gsm
libdata/asterisk/sounds/en/SIP_Test_Failure.gsm