Update to Asterisk 11.21.1: this is mainly a bug patch update plus

fixes for AST-2016-001, AST-2016-002, and AST-2016-003.  Also some
pkglinting.

----- 11.21.1

The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and 13.1 and Asterisk 11 and 13. The available security releases
are released as versions 11.6-cert12, 11.21.1, 13.1-cert3, and 13.7.1.

The release of these versions resolves the following security vulnerabilities:

* AST-2016-001: BEAST vulnerability in HTTP server

  The Asterisk HTTP server currently has a default configuration which allows
  the BEAST vulnerability to be exploited if the TLS functionality is enabled.
  This can allow a man-in-the-middle attack to decrypt data passing through it.

* AST-2016-002: File descriptor exhaustion in chan_sip

  Setting the sip.conf timert1 value to a value higher than 1245 can cause an
  integer overflow and result in large retransmit timeout times. These large
  timeout values hold system file descriptors hostage and can cause the system
  to run out of file descriptors.

* AST-2016-003: Remote crash vulnerability receiving UDPTL FAX data.

  If no UDPTL packets are lost there is no problem. However, a lost packet
  causes Asterisk to use the available error correcting redundancy packets. If
  those redundancy packets have zero length then Asterisk uses an uninitialized
  buffer pointer and length value which can cause invalid memory accesses later
  when the packet is copied.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.21.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2016-001.pdf
 * http://downloads.asterisk.org/pub/security/AST-2016-002.pdf
 * http://downloads.asterisk.org/pub/security/AST-2016-003.pdf

Thank you for your continued support of Asterisk!

----- 11.21.0

The Asterisk Development Team has announced the release of Asterisk 11.21.0.

The release of Asterisk 11.21.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-25640 - pbx: Deadlock on features reload and state
      change hint. (Reported by Krzysztof Trempala)
 * ASTERISK-25364 - [patch]Issue a TCP connection(kernel) and
      thread of asterisk is not released (Reported by Hiroaki Komatsu)
 * ASTERISK-25569 - app_meetme: Audio quality issues (Reported by
      Corey Farrell)
 * ASTERISK-25609 - [patch]Asterisk may crash when calling
      ast_channel_get_t38_state(c) (Reported by Filip Jenicek)
 * ASTERISK-24146 - [patch]No audio on WebRtc caller side when
      answer waiting time is more than ~7sec (Reported by Aleksei
      Kulakov)
 * ASTERISK-25599 - [patch] SLIN Resampling Codec only 80 msec
      (Reported by Alexander Traud)
 * ASTERISK-25616 - Warning with a Codec Module which supports PLC
      with FEC (Reported by Alexander Traud)
 * ASTERISK-25610 - Asterisk crash during "sip reload" (Reported by
      Dudás József)
 * ASTERISK-25498 - Asterisk crashes when negotiating g729 without
      that module installed (Reported by Ben Langfeld)
 * ASTERISK-25476 - chan_sip loses registrations after a while
      (Reported by Michael Keuter)
 * ASTERISK-25593 - fastagi: record file closed after sending
      result (Reported by Kevin Harwell)
 * ASTERISK-25585 - [patch]rasterisk never hits most of main(), but
      it's assumed to (Reported by Walter Doekes)
 * ASTERISK-25552 - hashtab: Improve NULL tolerance (Reported by
      Joshua Colp)
 * ASTERISK-25449 - main/sched: Regression introduced by
      5c713fdf18f causes erroneous duplicate RTCP messages; other
      potential scheduling issues in chan_sip/chan_skinny (Reported by
      Matt Jordan)
 * ASTERISK-25537 - [patch] format-attribute module: RFC or
      internal defaults? (Reported by Alexander Traud)
 * ASTERISK-25373 -  add documentation for CALLERID(pres) and also
      the CONNECTEDLINE and REDIRECTING variants (Reported by Walter
      Doekes)
 * ASTERISK-25527 - Quirky xmldoc description wrapping (Reported by
      Walter Doekes)
 * ASTERISK-25434 - Compiler flags not reported in 'core show
      settings' despite usage during compilation (Reported by Rusty
      Newton)
 * ASTERISK-25494 - build:  GCC 5.1.x catches some new const, array
      bounds and missing paren issues (Reported by George Joseph)
 * ASTERISK-7803 - [patch] Update the maximum packetization values
      in frame.c (Reported by dea)
 * ASTERISK-25461 - Nested dialplan #includes don't work as
      expected. (Reported by Richard Mudgett)
 * ASTERISK-25455 - Deadlock of PJSIP realtime over
      res_config_pgsql  (Reported by mdu113)
 * ASTERISK-25135 - [patch]RTP Timeout hangup cause code missing
      (Reported by Olle Johansson)
 * ASTERISK-25400 - Hints broken when "CustomPresence" doesn't
      exist in AstDB (Reported by Andrew Nagy)
 * ASTERISK-25443 - [patch]IPv6 - Potential issue in via header
      parsing (Reported by ffs)
 * ASTERISK-25391 - AMI GetConfigJSON returns invalid JSON
      (Reported by Bojan Nemčić)
 * ASTERISK-25438 - res_rtp_asterisk: ICE role message even when
      ICE is not enabled (Reported by Joshua Colp)

Improvements made in this release:
-----------------------------------
 * ASTERISK-24718 - [patch]Add inital support of "sanitize" to
      configure (Reported by Badalian Vyacheslav)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.21.0

Thank you for your continued support of Asterisk!

4 files changed, 47 insertions, 45 deletions

diff --git a/comms/asterisk/Makefile b/comms/asterisk/Makefile
index 409c070f9b6..0ffd86a98d0 100644
--- a/comms/asterisk/Makefile
+++ b/comms/asterisk/Makefile
@@ -1,21 +1,23 @@
-# $NetBSD: Makefile,v 1.132 2015/11/02 12:02:23 tnn Exp $
+# $NetBSD: Makefile,v 1.133 2016/02/07 08:18:43 jnemeth Exp $
 #
 # NOTE: when updating this package, there are two places that sound
 #       tarballs need to be checked
 
-DISTNAME=	asterisk-11.20.0
-DIST_SUBDIR=	${PKGNAME_NOREV}
-DISTFILES=	${DEFAULT_DISTFILES}
-EXTRACT_ONLY=	${DISTNAME}.tar.gz
+DISTNAME=	asterisk-11.21.1
 CATEGORIES=	comms net audio
 MASTER_SITES=	http://downloads.asterisk.org/pub/telephony/asterisk/ \
 		http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ \
 		http://downloads.asterisk.org/pub/telephony/sounds/releases/
+DIST_SUBDIR=	${PKGNAME_NOREV}
+DISTFILES=	${DEFAULT_DISTFILES}
 
+COMMENT=	The Asterisk Software PBX
 OWNER=		jnemeth@NetBSD.org
 HOMEPAGE=	http://www.asterisk.org/
-COMMENT=	The Asterisk Software PBX
 LICENSE=	gnu-gpl-v2
+
+EXTRACT_ONLY=	${DISTNAME}.tar.gz
+
 MAKE_JOBS_SAFE=	NO
 
 # known to have issues on i386, block the package until the bug is fixed
@@ -54,17 +56,17 @@ INSTALLATION_DIRS+=	${ASTDATADIR}/sounds/en ${ASTDATADIR}/moh
 
 BUILD_DEFS+=		VARBASE
 
-ASTERISK_USER?=		asterisk
-ASTERISK_GROUP?=	asterisk
-PKG_GROUPS=		${ASTERISK_GROUP}
-PKG_USERS=		${ASTERISK_USER}:${ASTERISK_GROUP}
+ASTERISK_USER?=			asterisk
+ASTERISK_GROUP?=		asterisk
+PKG_GROUPS=			${ASTERISK_GROUP}
+PKG_USERS=			${ASTERISK_USER}:${ASTERISK_GROUP}
 PKG_GECOS.${ASTERISK_USER}=	Asterisk PBX
-PKG_GROUPS_VARS=	ASTERISK_GROUP
-PKG_USERS_VARS=		ASTERISK_USER
-FILES_SUBST+=		ASTERISK_USER=${ASTERISK_USER}
-FILES_SUBST+=		ASTERISK_GROUP=${ASTERISK_GROUP}
-MESSAGE_SUBST+=		ASTERISK_USER=${ASTERISK_USER}
-MESSAGE_SUBST+=		ASTERISK_GROUP=${ASTERISK_GROUP}
+PKG_GROUPS_VARS=		ASTERISK_GROUP
+PKG_USERS_VARS=			ASTERISK_USER
+FILES_SUBST+=			ASTERISK_USER=${ASTERISK_USER}
+FILES_SUBST+=			ASTERISK_GROUP=${ASTERISK_GROUP}
+MESSAGE_SUBST+=			ASTERISK_USER=${ASTERISK_USER}
+MESSAGE_SUBST+=			ASTERISK_GROUP=${ASTERISK_GROUP}
 
 # Various path settings for Asterisk
 PKG_SYSCONFSUBDIR=	asterisk
@@ -120,7 +122,7 @@ PLIST_VARS+=	mgcp
 .  if (exists(${dir}/sys/socket.h))
 NOSIGPIPE!=	${GREP} SO_NOSIGPIPE ${dir}/sys/socket.h || echo ""
 .    if ${NOSIGPIPE} != ""
-PLIST.mgcp= yes
+PLIST.mgcp=	yes
 .    endif
 .  endif
 .endfor
diff --git a/comms/asterisk/distinfo b/comms/asterisk/distinfo
index 6d05edfb020..62e20d6c2b5 100644
--- a/comms/asterisk/distinfo
+++ b/comms/asterisk/distinfo
@@ -1,13 +1,13 @@
-$NetBSD: distinfo,v 1.76 2015/11/03 01:34:52 agc Exp $
+$NetBSD: distinfo,v 1.77 2016/02/07 08:18:43 jnemeth Exp $
 
-SHA1 (asterisk-11.20.0/asterisk-11.20.0.tar.gz) = 350db38ab34b21ac8f51f6b917c15e3be2a777e4
-RMD160 (asterisk-11.20.0/asterisk-11.20.0.tar.gz) = c5257f4fa5dfa0091609b6517881cf5da671c04d
-SHA512 (asterisk-11.20.0/asterisk-11.20.0.tar.gz) = 179c5a11f70b2f5078002227be24e476570ee6a4afb387be852ece49f4cb4d11d523bf0b91e0aa4b5c7f0417e0db6066656200286802dd2c245d71e9e120b75c
-Size (asterisk-11.20.0/asterisk-11.20.0.tar.gz) = 34864289 bytes
-SHA1 (asterisk-11.20.0/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050
-RMD160 (asterisk-11.20.0/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150
-SHA512 (asterisk-11.20.0/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 3908fcb439fe7d08dc6cba45b7a6aeea9825299871332d30f60535957072521b2f3f60222a49689b6fe1f693f80e3605b91ce395d16e15b15c50025eb086c19b
-Size (asterisk-11.20.0/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes
+SHA1 (asterisk-11.21.1/asterisk-11.21.1.tar.gz) = da4035d81d8bac2cbd6eb2cc2bea564969403f89
+RMD160 (asterisk-11.21.1/asterisk-11.21.1.tar.gz) = b9600c82dc6eda53fbf53884b53a3d3bd2f2e54d
+SHA512 (asterisk-11.21.1/asterisk-11.21.1.tar.gz) = d52a14ebae872d62cbfa676bfd86b28790d8e9cfad97585e9255cf9e8ca1957dae509d41ac46cd5280478d38707bc9628bafb31551ab8345e7064aabdbd5dea3
+Size (asterisk-11.21.1/asterisk-11.21.1.tar.gz) = 34867941 bytes
+SHA1 (asterisk-11.21.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = fbb94494e31fc08eee8fdf2ce7d12eb274018050
+RMD160 (asterisk-11.21.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 53656a3d6771602504f220ad312093e3503e1150
+SHA512 (asterisk-11.21.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 3908fcb439fe7d08dc6cba45b7a6aeea9825299871332d30f60535957072521b2f3f60222a49689b6fe1f693f80e3605b91ce395d16e15b15c50025eb086c19b
+Size (asterisk-11.21.1/asterisk-extra-sounds-en-gsm-1.4.15.tar.gz) = 4409969 bytes
 SHA1 (patch-Makefile) = 5fd774779d3c8d85936beca8a3407dd3011af2dc
 SHA1 (patch-addons_chan__ooh323.c) = 57f61a2edf0f9f022e03837230ee572ec9cf47b4
 SHA1 (patch-apps_app__confbridge.c) = c815905994355a19c32e8e3e2eb5dc9f1679eb29
@@ -26,7 +26,7 @@ SHA1 (patch-cdr_cdr__pgsql.c) = b8c9a67b62bd0ce8dc373a7f5708fdf35f3be0aa
 SHA1 (patch-cel_cel__pgsql.c) = f295eca04505d011c6548cdb29ddc292d4540714
 SHA1 (patch-channels_chan__motif.c) = db6c97ba02a441633338d492032d78cd86f094f5
 SHA1 (patch-channels_chan__oss.c) = 0be259a83c4425d08b693a54c43896da039df721
-SHA1 (patch-channels_chan__sip.c) = e711bcb65336ed1803ed92989889258f1d416f6b
+SHA1 (patch-channels_chan__sip.c) = abde08da0038ae87401f682df9140ba0fb6e4557
 SHA1 (patch-channels_chan__unistim.c) = adb4dd1967ffdffbc0f8b9b52678b59b52ec5b77
 SHA1 (patch-channels_sip_sdp__crypto.c) = decb6cfe0d6893db912a9087b2155c225db5e1e8
 SHA1 (patch-codecs_codec__dahdi.c) = f412e1f60cb49076b8cabcd747c0f0168f1fa9e7
@@ -58,7 +58,7 @@ SHA1 (patch-main_manager.c) = 6700814350f6960ac7543f587ba6c27a443eeef2
 SHA1 (patch-main_named__acl.c) = 48c23ed0e558299679bbfc9e564383f9f7dd181f
 SHA1 (patch-main_netsock.c) = 015796266b9806425180c9bb05a1907116ef086d
 SHA1 (patch-main_pbx.c) = 049e9883ebbb4e8b2c8913e9e8f310717f6c2168
-SHA1 (patch-main_sched.c) = 2e95b8ee6b81fbed55ca0506f84f701c512728fc
+SHA1 (patch-main_sched.c) = 4b554ff9444e58faa685ec6a2963206b77a00836
 SHA1 (patch-main_stdtime_localtime.c) = afbdecc7fdf3b8ea3020a2282003b63d89adb0f3
 SHA1 (patch-main_test.c) = 3f239ed7611facbd937057f056ebc7495403dbaf
 SHA1 (patch-main_udptl.c) = 260586e4203b4bf51737ba171cbfe57621de8728
diff --git a/comms/asterisk/patches/patch-channels_chan__sip.c b/comms/asterisk/patches/patch-channels_chan__sip.c
index c4ea050bd9d..9522319d768 100644
--- a/comms/asterisk/patches/patch-channels_chan__sip.c
+++ b/comms/asterisk/patches/patch-channels_chan__sip.c
@@ -1,8 +1,8 @@
-$NetBSD: patch-channels_chan__sip.c,v 1.2 2015/05/19 07:52:14 jnemeth Exp $
+$NetBSD: patch-channels_chan__sip.c,v 1.3 2016/02/07 08:18:43 jnemeth Exp $
 
---- channels/chan_sip.c.orig	2015-03-19 09:39:28.000000000 +0000
+--- channels/chan_sip.c.orig	2016-02-03 21:23:32.000000000 +0000
 +++ channels/chan_sip.c
-@@ -17515,6 +17515,8 @@ static int get_rdnis(struct sip_pvt *p, 
+@@ -17571,6 +17571,8 @@ static int get_rdnis(struct sip_pvt *p, 
  	return 0;
  }
  
@@ -11,7 +11,7 @@ $NetBSD: patch-channels_chan__sip.c,v 1.2 2015/05/19 07:52:14 jnemeth Exp $
  /*!
   * \brief Find out who the call is for.
   *
-@@ -17532,7 +17534,7 @@ static int get_rdnis(struct sip_pvt *p, 
+@@ -17588,7 +17590,7 @@ static int get_rdnis(struct sip_pvt *p, 
  static enum sip_get_dest_result get_destination(struct sip_pvt *p, struct sip_request *oreq, int *cc_recall_core_id)
  {
  	char tmp[256] = "", *uri, *unused_password, *domain;
@@ -20,7 +20,7 @@ $NetBSD: patch-channels_chan__sip.c,v 1.2 2015/05/19 07:52:14 jnemeth Exp $
  	char *from = NULL;
  	struct sip_request *req;
  	char *decoded_uri;
-@@ -18405,6 +18407,8 @@ static enum check_auth_result check_peer
+@@ -18467,6 +18469,8 @@ static enum check_auth_result check_peer
  	return res;
  }
  
@@ -29,7 +29,7 @@ $NetBSD: patch-channels_chan__sip.c,v 1.2 2015/05/19 07:52:14 jnemeth Exp $
  
  /*! \brief  Check if matching user or peer is defined
   	Match user on From: user name and peer on IP/port
-@@ -18416,8 +18420,8 @@ static enum check_auth_result check_user
+@@ -18478,8 +18482,8 @@ static enum check_auth_result check_user
  					      struct ast_sockaddr *addr, struct sip_peer **authpeer)
  {
  	char *of, *name, *unused_password, *domain;
@@ -40,7 +40,7 @@ $NetBSD: patch-channels_chan__sip.c,v 1.2 2015/05/19 07:52:14 jnemeth Exp $
  	enum check_auth_result res = AUTH_DONT_KNOW;
  	char calleridname[256];
  	char *uri2 = ast_strdupa(uri);
-@@ -19054,7 +19058,7 @@ static int manager_show_registry(struct 
+@@ -19116,7 +19120,7 @@ static int manager_show_registry(struct 
  			"DomainPort: %d\r\n"
  			"Refresh: %d\r\n"
  			"State: %s\r\n"
@@ -49,7 +49,7 @@ $NetBSD: patch-channels_chan__sip.c,v 1.2 2015/05/19 07:52:14 jnemeth Exp $
  			"\r\n",
  			idtext,
  			iterator->hostname,
-@@ -19064,7 +19068,7 @@ static int manager_show_registry(struct 
+@@ -19126,7 +19130,7 @@ static int manager_show_registry(struct 
  			iterator->regdomainport ? iterator->regdomainport : STANDARD_SIP_PORT,
  			iterator->refresh,
  			regstate2str(iterator->regstate),
@@ -58,7 +58,7 @@ $NetBSD: patch-channels_chan__sip.c,v 1.2 2015/05/19 07:52:14 jnemeth Exp $
  		ASTOBJ_UNLOCK(iterator);
  		total++;
  	} while(0));
-@@ -29112,8 +29116,8 @@ static int check_rtp_timeout(struct sip_
+@@ -29237,8 +29241,8 @@ static int check_rtp_timeout(struct sip_
  					 */
  					return 0;
  				}
@@ -68,4 +68,4 @@ $NetBSD: patch-channels_chan__sip.c,v 1.2 2015/05/19 07:52:14 jnemeth Exp $
 +					ast_channel_name(dialog->owner), (intmax_t) (t - dialog->lastrtprx));
  				manager_event(EVENT_FLAG_CALL, "SessionTimeout", "Source: RTPTimeout\r\n"
  						"Channel: %s\r\nUniqueid: %s\r\n", ast_channel_name(dialog->owner), ast_channel_uniqueid(dialog->owner));
- 				/* Issue a softhangup */
+ 				/* Issue a softhangup - cause 44 (as used by Cisco for RTP timeouts) */
diff --git a/comms/asterisk/patches/patch-main_sched.c b/comms/asterisk/patches/patch-main_sched.c
index 23b332da647..971d934045f 100644
--- a/comms/asterisk/patches/patch-main_sched.c
+++ b/comms/asterisk/patches/patch-main_sched.c
@@ -1,17 +1,17 @@
-$NetBSD: patch-main_sched.c,v 1.2 2015/10/27 08:49:01 jnemeth Exp $
+$NetBSD: patch-main_sched.c,v 1.3 2016/02/07 08:18:43 jnemeth Exp $
 
---- main/sched.c.orig	2015-10-09 22:23:39.000000000 +0000
+--- main/sched.c.orig	2016-02-03 21:23:32.000000000 +0000
 +++ main/sched.c
-@@ -474,7 +474,7 @@ static int sched_settime(struct timeval 
- {
- 	struct timeval now = ast_tvnow();
+@@ -492,7 +492,7 @@ static int sched_settime(struct timeval 
+ 		ast_assert(0);
+ 	}
  
 -	/*ast_debug(1, "TV -> %lu,%lu\n", tv->tv_sec, tv->tv_usec);*/
-+	/*ast_debug(1, "TV -> %jd,%jd\n", tv->tv_sec, tv->tv_usec);*/
++	/*ast_debug(1, "TV -> %jd,%lu\n", (intmax_t)tv->tv_sec, tv->tv_usec);*/
  	if (ast_tvzero(*t))	/* not supplied, default to now */
  		*t = now;
  	*t = ast_tvadd(*t, ast_samp2tv(when, 1000));
-@@ -688,11 +688,11 @@ void ast_sched_dump(struct ast_sched_con
+@@ -706,11 +706,11 @@ void ast_sched_dump(struct ast_sched_con
  		struct timeval delta;
  		q = ast_heap_peek(con->sched_heap, x);
  		delta = ast_tvsub(q->when, when);