| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
|
|
This update is just to accomodate the speex splitup.
Note that Asterisk 10.x is dead upstream and should not be used
anymore. This package will be removed at some point.
|
|
|
|
Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
|
|
Fix PR pkg/48777
|
|
|
|
These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
|
|
|
|
AST-2013-006 and AST-2013-007.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.
The release of these versions resolve the following issues:
* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
infinite loop could occur which would overwrite memory when a message is
received into the unpacksms16() function and the length of the message is an
odd number of bytes.
* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
now marks certain individual dialplan functions as 'dangerous', which will
inhibit their execution from external sources.
A 'dangerous' function is one which results in a privilege escalation. For
example, if one were to read the channel variable SHELL(rm -rf /) Bad
Things(TM) could happen; even if the external source has only read
permissions.
Execution from external sources may be enabled by setting 'live_dangerously'
to 'yes' in the [options] section of asterisk.conf. Although doing so is not
recommended.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.24.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-006.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-007.pdf
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
|
|
AST-2013-004 and AST-2013-005.
pkgsrc change: disable detection of broken IP_PKTINFO on NetBSD
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.3
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
|
|
sysutils/user_* packages.
|
|
as such until the bug is found and fixed.
|
|
- fix build when newlocale is detected, patch from joerg@
|
|
NetBSD 6, requested by tron.
|
|
Recursively bump package revisions again after the "freetype2" and
"fontconfig" handling was fixed.
|
|
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
|
|
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
|
|
pkglint warnings aren't gospel! They need to be verified in an
intelligent manner. After variable substitution, the lines will
be shorter then 80 characters, thus there was no need to shorten
them.
|
|
|
|
|
|
----- 10.12.1
The Asterisk Development Team has announced the release of Asterisk 10.12.1.
The release of Asterisk 10.12.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix astcanary startup problem due to wrong pid value from before
daemon call
* --- Update init.d scripts to handle stderr; readd splash screen for
remote consoles
* --- Reset RTP timestamp; sequence number on SSRC change
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.1
Thank you for your continued support of Asterisk!
----- 10.12.0
The Asterisk Development Team has announced the release of Asterisk 10.12.0.
The release of Asterisk 10.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- app_meetme: Fix channels lingering when hung up under certain
conditions
* --- Fix stuck DTMF when bridge is broken.
* --- Improve Code Readability And Fix Setting natdetected Flag
* --- Fix extension matching with the '-' char.
* --- Fix call files when astspooldir is relative.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.12.0
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
|
|
|
|
Note that Asterisk 10.* will be going into security fix only mode
on Dec. 15th, 2012. Users may wish to consider moving to one of
the Long Term Support versions: comms/asterisk18 (Asterisk 1.8.*)
or comms/asterisk (which currently has Asterisk 11.*). See
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions for
information on Asterisk versions.
----- 10.11.0:
The Asterisk Development Team has announced the release of Asterisk 10.11.0.
The release of Asterisk 10.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Prevent resetting of NATted realtime peer address on reload.
* --- Do not use a FILE handle when doing SIP TCP reads.
* --- Fix ConfBridge crash if no timing module loaded.
* --- confbridge: Fix a bug which made conferences not record with
AMI/CLI commands
* --- Fix execution of 'i' extension due to uninitialized variable.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.11.0
Thank you for your continued support of Asterisk!
----- 10.10.1:
The Asterisk Development Team has announced the release of Asterisk 10.10.1.
The release of Asterisk 10.10.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- chan_local: Fix local_pvt ref leak in local_devicestate().
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.10.1
Thank you for your continued support of Asterisk!
|
|
The Asterisk Development Team has announced the release of Asterisk 10.10.0.
The release of Asterisk 10.10.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Resolve issues in ConfBridge regarding marked, waitmarked, and
unmarked users
* --- dsp.c User Configurable DTMF_HITS_TO_BEGIN and
DTMF_MISSES_TO_END
* --- Fix error where improper IMAP greetings would be deleted.
* --- iax2-provision: Fix improper return on failed cache retrieval
* --- Fix T.38 support when used with chan_local in between.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.10.0
Thank you for your continued support of Asterisk!
|
|
The Asterisk Development Team has announced the release of Asterisk 10.9.0.
The release of Asterisk 10.9.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix channel reference leak in ChanSpy.
* --- dsp.c: Fix multiple issues when no-interdigit delay is present,
and fast DTMF 50ms/50ms
* --- Fix bug where final queue member would not be removed from
memory.
* --- Fix memory leak when CEL is successfully written to PostgreSQL
database
* --- Fix DUNDi message routing bug when neighboring peer is
unreachable
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.9.0
Thank you for your continued support of Asterisk!
|
|
|
|
are called p5-*.
I hope that's all of them.
|
|
|
|
requested by Thomas Klausner.
|
|
This is the second attempt to fix the build problem that some people
have seen (I have received inconsistent reports). This should
force chan_mgcp to build on systems where it can. It was tested
on NetBSD 5.0, thus ensuring that it doesn't break previously
working systems; and NetBSD 6.99.7, where I finally saw the problem
that some people were reporting.
|
|
(additionaly, reset PKGREVISION of qt4-* sub packages from base qt4 update)
|
|
AST-2012-013, and some general bugs.
The Asterisk Development Team has announced the release of Asterisk 10.8.0.
The release of Asterisk 10.8.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- AST-2012-012: Resolve AMI User Unauthorized Shell Access through
ExternalIVR
* --- AST-2012-013: Resolve ACL rules being ignored during calls by
some IAX2 peers
* --- Handle extremely out of order RFC 2833 DTMF
* --- Resolve severe memory leak in CEL logging modules.
* --- Only re-create an SRTP session when needed
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.8.0
Thank you for your continued support of Asterisk!
|
|
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
resolve the following two issues:
* A permission escalation vulnerability in Asterisk Manager Interface. This
would potentially allow remote authenticated users the ability to execute
commands on the system shell with the privileges of the user running the
Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
file delivered with Asterisk has been updated due to this and other related
vulnerabilities fixed in previous versions of Asterisk.
* When an IAX2 call is made using the credentials of a peer defined in a
dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
peer are not applied to the call attempt. This allows for a remote attacker
who is aware of a peer's credentials to bypass the ACL rules set for that
peer.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-012 and AST-2012-013, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-013.pdf
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
chan_mgcp.so being built and installed causing PLIST issues.
|
|
The release of Asterisk 10.7.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix deadlock potential with ast_set_hangupsource() calls.
* --- Fix request routing issue when outboundproxy is used.
* --- Set the Caller ID "tag" on peers even if remote party
information is present.
* --- Fix NULL pointer segfault in ast_sockaddr_parse()
* --- Do not perform install on existing directories
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.7.0
Thank you for your continued support of Asterisk!
|
|
- this package is marked OWNER= for a reason!
- need to figure out why chan_mgcp is only built in some situation
instead of adding gross hacks
- upgrade to Asterisk 10.6.1: this is a bugfix release
The release of Asterisk 10.6.1 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!
The following is the issue resolved in this release:
* --- Remove a superfluous and dangerous freeing of an SSL_CTX.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.1
Thank you for your continued support of Asterisk!
|
|
Defined new PLIST.mgcp variable for new file:
lib/asterisks/modules/chan_mgcp.so
|
