Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
to enable res_fax_spandsp.so. Don't bother with a PKGREVISION bump since
this doesn't change default builds and there is no need tobother people
that don't need the option.
|
|
for NetBSD style atomic ops) has been reported upstream. No change to
binary package, so no REVISION bump.
|
|
without cranking the version number.
|
|
pkgsrc: fix issue with patch for detecting sys/atomic.h
The Asterisk Development Team has announced the release of Asterisk 1.8.2.3.
The release of Asterisk 1.8.2.3 resolves the following issue:
* Reimplemented fax session reservation to reverse the ABI breakage introduced
in r297486.
(Reported by Jeremy Kister on the asterisk-users mailing list. Patched by
mnicholson)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2.3
|
|
This is to fix AST-2011-001: Stack buffer overflow in SIP channel driver
Asterisk Project Security Advisory - AST-2011-001
Product Asterisk
Summary Stack buffer overflow in SIP channel driver
Nature of Advisory Exploitable Stack Buffer Overflow
Susceptibility Remote Authenticated Sessions
Severity Moderate
Exploits Known No
Reported On January 11, 2011
Reported By Matthew Nicholson
Posted On January 18, 2011
Last Updated On January 18, 2011
Advisory Contact Matthew Nicholson <mnicholson at digium.com>
CVE Name
Description When forming an outgoing SIP request while in pedantic mode, a
stack buffer can be made to overflow if supplied with
carefully crafted caller ID information. This vulnerability
also affects the URIENCODE dialplan function and in some
versions of asterisk, the AGI dialplan application as well.
The ast_uri_encode function does not properly respect the size
of its output buffer and can write past the end of it when
encoding URIs.
For full details, see:
http://downloads.digium.com/pub/security/AST-2011-001.html
|
|
The release of Asterisk 1.8.2 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* 'sip notify clear-mwi' needs terminating CRLF.
(Closes issue #18275. Reported, patched by klaus3000)
* Patch for deadlock from ordering issue between channel/queue locks in
app_queue (set_queue_variables).
(Closes issue #18031. Reported by rain. Patched by bbryant)
* Fix cache of device state changes for multiple servers.
(Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
by russellb)
* Resolve issue where channel redirect function (CLI or AMI) hangs up the call
instead of redirecting the call.
(Closes issue #18171. Reported by: SantaFox)
(Closes issue #18185. Reported by: kwemheuer)
(Closes issue #18211. Reported by: zahir_koradia)
(Closes issue #18230. Reported by: vmarrone)
(Closes issue #18299. Reported by: mbrevda)
(Closes issue #18322. Reported by: nerbos)
* Fix reloading of peer when a user is requested. Prevent peer reloading from
causing multiple MWI subscriptions to be created when using realtime.
(Closes issue #18342. Reported, patched by nivek.)
* Fix XMPP PubSub-based distributed device state. Initialize pubsubflags to 0
so res_jabber doesn't think there is already an XMPP connection sending
device state. Also clean up CLI commands a bit.
(Closes issue #18272. Reported by klaus3000. Patched by Marquis42)
* Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
setting peer->cdr = NULL, set it to not post.
(Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
* Fixes issue with outbound google voice calls not working. Thanks to az1234
and nevermind_quack for their input in helping debug the issue.
(Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.2
|
|
|
|
Don't bother bumping the version since it didn't build on DFBSD
before there is no binary package that could have changed, and this
doesn't change the binary packages on other systems.
|
|
|
|
The release of Asterisk 1.8.1.1 resolves two issues reported by the community
since the release of Asterisk 1.8.1.
* Don't crash after Set(CDR(userfield)=...) in ast_bridge_call. Instead of
setting peer->cdr = NULL, set it to not post.
(Closes issue #18415. Reported by macbrody. Patched, tested by jsolares)
* Fixes issue with outbound google voice calls not working. Thanks to az1234
and nevermind_quack for their input in helping debug the issue.
(Closes issue #18412. Reported by nevermind_quack. Patched by dvossel)
For a full list of changes in this release candidate, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1.1
|
|
Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.
Asterisk 1.8 is a long term support version (i.e. it will be
supported for four years with an additional year of security only
fixes). See:
https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions
What's new:
Asterisk 1.8 is the next major release series of Asterisk.
The release of Asterisk 1.8.0 would not have been possible without the support
and contributions of the community. Since Asterisk 1.6.2, we've had over 500
reporters, more than 300 testers and greater than 200 developers contributed to
this release.
You can find a summary of the work involved with the 1.8.0 release in the
sumary:
http://svn.asterisk.org/svn/asterisk/tags/1.8.0/asterisk-1.8.0-summary.txt
A short list of available features includes:
* Secure RTP
* IPv6 Support in the SIP channel driver
* Connected Party Identification Support
* Calendaring Integration
* A new call logging system, Channel Event Logging (CEL)
* Distributed Device State using Jabber/XMPP PubSub
* Call Completion Supplementary Services support
* Advice of Charge support
* Much, much more!
A full list of new features can be found in the CHANGES file.
http://svn.digium.com/view/asterisk/branches/1.8/CHANGES?view=markup
For a full list of changes in the current release candidate, please see the
ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.0
-----
The Asterisk Development Team has announced the release of Asterisk 1.8.1.
The release of Asterisk 1.8.1 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* Fix issue when using directmedia. Asterisk needs to limit the codecs offered
to just the ones that both sides recognize, otherwise they may end up sending
audio that the other side doesn't understand.
(Closes issue #17403. Reported, patched by one47. Tested by one47, falves11)
* Resolve issue where Party A in an analog 3-way call would continue to hear
ringback after party C answers.
(Patched by rmudgett)
* Fix playback failure when using IAX with the timerfd module.
(Closes issue #18110. Reported, tested by tpanton. Patched by jpeeler)
* Fix problem with qualify option packets for realtime peers never stopping.
The option packets not only never stopped, but if a realtime peer was not in
the peer list multiple options dialogs could accumulate over time.
(Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
jpeeler)
* Fix issue where it is possible to crash Asterisk by feeding the curl engine
invalid data.
(Closes issue #18161. Reported by wdoekes. Patched by tilghman)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.1
|