| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Don't pass formatted buffers as format string. Bump revision.
|
|
|
|
|
|
|
|
|
|
AST-2013-004 and AST-2013-005.
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.5.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
|
|
AST-2013-004 and AST-2013-005.
pkgsrc change: disable detection of broken IP_PKTINFO on NetBSD
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.3
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
|
|
AST-2013-004 and AST-2013-005.
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.
The release of these versions resolve the following issues:
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an ACK with SDP is received after the channel
has been terminated. The handling code incorrectly assumes that
the channel will always be present.
* A remotely exploitable crash vulnerability exists in the SIP
channel driver if an invalid SDP is sent in a SIP request that
defines media descriptions before connection information. The
handling code incorrectly attempts to reference the socket address
information even though that information has not yet been set.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.23.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-004.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-005.pdf
Thank you for your continued support of Asterisk!
|
|
Bump PKGREVISION.
|
|
functions, thus making Asterisk portable to all C compilers. The
patches from joerg@ (with one missing file added by myself).
|
|
pkgsrc changes:
- add work around for NetBSD's incompatible implementation of IP_PKTINFO
- core sounds package was updated to 1.4.24
The Asterisk Development Team has announced the release of Asterisk 1.8.23.0.
The release of Asterisk 1.8.23.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix a memory copying bug in slinfactory which was causing
mixmonitor issues.
* --- IAX2: fix race condition with nativebridge transfers.
* --- Fix crash in chan_sip when a core initiated op occurs at the
same time as a BYE
* --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
Bit
* --- chan_sip: Session-Expires: Set timer to correctly expire at
(~2/3) of the interval when not the refresher
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.23.0
Thank you for your continued support of Asterisk!
|
|
pkgsrc changes:
- add dependency on libuuid
- work around NetBSD's incompatible implementation of IP_PKTINFO
The Asterisk Development Team has announced the release of Asterisk 11.5.0.
The release of Asterisk 11.5.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Segfault In app_queue When "persistentmembers" Is Enabled
And Using Realtime
* --- IAX2: fix race condition with nativebridge transfers.
* --- Fix The Payload Being Set On CN Packets And Do Not Set Marker
Bit
* --- Fix One-Way Audio With auto_* NAT Settings When SIP Calls
Initiated By PBX
* --- chan_sip: NOTIFYs for BLF start queuing up and fail to be sent
out after retries fail
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.5.0
Thank you for your continued support of Asterisk!
|
|
|
|
(devel/readline/buildlink3.mk => mk/readline.buildlink3.mk)
|
|
are replaced with .include "../../devel/readline/buildlink3.mk", and
USE_GNU_READLINE are removed,
* .include "../../devel/readline/buildlink3.mk" without USE_GNU_READLINE
are replaced with .include "../../mk/readline.buildlink3.mk".
|
|
sysutils/user_* packages.
|
|
as such until the bug is found and fixed.
|
|
|
|
- improvements to the user interface
- better phone log support
- support for changing the SIM PIN code (via the new "password" plug-in)
- optional "pulseaudio" plug-in (instead of builtin to the "profiles" plug-in)
- fixes to the "video" plug-in
- new manual pages
- more portable Makefiles
|
|
- fix build when newlocale is detected, patch from joerg@
|
|
- fix compile problem on newer NetBSD systems that have newlocale support
- fix a couple of cases where ctype functions called with plain char
- last two items from joerg@
|
|
|
|
Commented 2/3 patches. Added gsed to USE_TOOLS. Buildlink'd pthread. Added
fortran77 to USE_LANGUAGES. Included options.mk file to enable the user to
build with mmx, sse, and "tests" option, which uses pcap, X11, sndfile,
libxml2, fltk, and fftw to run some tests. All of these options are
disabled by default. Some of these changes were already present in
wip/spandsp and were merged into this package after its removal. All
PKG_OPTIONS are disabled by default. There are no noticeable changes to
the package from this update.
|
|
NetBSD 6, requested by tron.
|
|
Recursively bump package revisions again after the "freetype2" and
"fontconfig" handling was fixed.
|
|
to address issues with NetBSD-6(and earlier)'s fontconfig not being
new enough for pango.
While doing that, also bump freetype2 dependency to current pkgsrc
version.
Suggested by tron in PR 47882
|
|
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
|
|
|
|
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
|
|
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
|
|
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
|
|
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
|
|
"Tilp is a Linking Program" - The TiLP project aims to develop a multi-platform
linking program for use with all TI graphing calculators (TI73 ... V200PLT).
Supported link cables are: GrayLink, BlackLink, SilverLink, DirectLink Parallel
Link, VTi (virtual) and TiEmu (virtual).
Supported hand-helds are: TI73, TI82, TI83, TI83+, TI84+, TI85, TI86, TI89,
Titanium, TI92, TI92+, V200, NSpire, NSpire-CAS.
Capabilities: silent link, screendump, directory listing, send/recv of vars,
send/Recv of backups, send/recv of FLASH apps, send of OS, ROM dumping, ID LIST,
clock, create folder, delete var/app...
|
|
|
|
Added libgcrypt support
Added support for Calendar app
Export function for KeyRing data
Overhaul of Expense plugin
Overhaul VCARD export including adding IM, Birthday, Website fields
GUI changes: ToDo items due today are marked by a soft green color
GUI changes: new alarm clock and lock icons
GUI changes: radio buttons to select between timed and untimed events
Fixed Mac OS X bugs/crash
Resolve segmentation fault when editing Contacts with attached pictures
Resolve error where Contacts created on Palm could not be deleted with Jpilot
Resolve sync error with simultaneously modified Contacts
Fix Bug 1991 : Categories are lost during first sync
|
|
|
|
|
|
The Asterisk Development Team has announced the release of Asterisk 11.4.0.
The release of Asterisk 11.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Sorting Order For Parking Lots Stored In Static Realtime
* --- Fix StopMixMonitor Hanging Up When Unable To Stop MixMonitor On
A Channel
* --- When a session timer expires during a T.38 call, re-invite with
correct SDP
* --- Fix white noise on SRTP decryption
* --- Fix reload skinny with active devices.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.4.0
Thank you for your continued support of Asterisk!
|
|
The Asterisk Development Team has announced the release of Asterisk 1.8.22.0.
The release of Asterisk 1.8.22.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix Sorting Order For Parking Lots Stored In Static Realtime
* --- Make ParkAndAnnounce return to priority + 1 when return context
is not defined
* --- When a session timer expires during a T.38 call, re-invite with
correct SDP
* --- Fix several unreleased mutex locks that cause problem with
processing calls
* --- Fix crash when AMI redirect action redirects two channels out of
a bridge.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.22.0
Thank you for your continued support of Asterisk!
|
|
Thanks to joerg@ for pointing it out.
|
|
|
|
The Asterisk Development Team has announced the release of Asterisk 11.3.0.
The release of Asterisk 11.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix issue where chan_mobile fails to bind to first available port
* --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
Extension Present
* --- Retain XMPP filters across reconnections so external modules
continue to function as expected.
* --- Ensure that a declined media stream is terminated with a '\r\n'
* --- Fix pjproject compilation in certain circumstances
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.3.0
Thank you for your continued support of Asterisk!
|
|
|
|
The Asterisk Development Team has announced the release of Asterisk 1.8.21.0.
The release of Asterisk 1.8.21.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- Fix issue where chan_mobile fails to bind to first available port
* --- Fix station ringback; trunk hangup issues in SLA
* --- Fix Queue Log Reporting Every Call COMPLETECALLER With "h"
Extension Present
* --- Fix Record-Route parsing for large headers.
* --- Fix AMI redirect action with two channels failing to redirect
both channels.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.21.0
Thank you for your continued support of Asterisk!
|
|
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A possible buffer overflow during H.264 format negotiation. The format
attribute resource for H.264 video performs an unsafe read against a media
attribute when parsing the SDP.
This vulnerability only affected Asterisk 11.
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.2.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
|
|
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.12.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
|
|
AST-2013-001, AST-2013-002, and AST-2013-003.
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.15-cert2, 1.8.20.2, 10.12.2, 10.12.2-digiumphones,
and 11.2.2.
The release of these versions resolve the following issues:
* A denial of service exists in Asterisk's HTTP server. AST-2012-014, fixed
in January of this year, contained a fix for Asterisk's HTTP server for a
remotely-triggered crash. While the fix prevented the crash from being
triggered, a denial of service vector still exists with that solution if an
attacker sends one or more HTTP POST requests with very large Content-Length
values.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
* A potential username disclosure exists in the SIP channel driver. When
authenticating a SIP request with alwaysauthreject enabled, allowguest
disabled, and autocreatepeer disabled, Asterisk discloses whether a user
exists for INVITE, SUBSCRIBE, and REGISTER transactions in multiple ways.
This vulnerability affects Certified Asterisk 1.8.15, Asterisk 1.8, 10, and 11
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2013-001, AST-2013-002, and AST-2013-003, which were
released at the same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.20.2
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2013-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-002.pdf
* http://downloads.asterisk.org/pub/security/AST-2013-003.pdf
Thank you for your continued support of Asterisk!
|
|
File too long (should be no more than 24 lines).
Line too long (should be no more than 80 characters).
Trailing empty lines.
Trailing white-space.
Trucated the long files as best as possible while preserving the most info
contained in them.
|
|
pkglint warnings aren't gospel! They need to be verified in an
intelligent manner. After variable substitution, the lines will
be shorter then 80 characters, thus there was no need to shorten
them.
|
