| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Xfce 4 Modem Lights panel plugin is intended to simplify establishing a ppp
connection via a modem. It is primarily designed to work with the debian ppp
package and the pon/poff scripts provided by that package, but should be usable
with any scripts that create a lock file during dialing and retain it through
the connection.
|
|
{perl>=5.16.6,p5-ExtUtils-ParseXS>=3.15}:../../devel/p5-ExtUtils-ParseXS
since pkgsrc enforces the newest perl version anyway, so they
should always pick perl, but sometimes (pkg_add) don't due to the
design of the {,} syntax.
No effective change for the above reason.
Ok joerg
|
|
|
|
NB: I'm not game enough to do it in the freeze, but it looks like the
JVM version detection patching could be removed - it appears no longer
necessary now that Pkgsrc passes in the correct RXTX_PATH and JHOME_PATH
itself. At any rate, adding version 8 is not required for the oracle-jdk8
build to complete smoothly.
|
|
This should fix the build for the moment.
|
|
having a PKGNAME of p5-*, or depending such a package,
for perl-5.22.0.
|
|
While here restore old behaviour of not alphabetically sorting memos by default.
Changes since 1.8.1:
1.8.2 - 05/18/14
Many bug fixes
Fixed VCard output
Added export for B-Folders
Added export for KeePassX
Changed the "enye" letter in Manana an "n", got tired of it causing problems
(Ma\303\261ana to Manana)
Made lots of stupid code changes to make the compiler warnings go away
|
|
pkgsrc changes:
- adapt to upstream support for clang
- more comprehensive sweep for 64-bit time_t related stuff
- XXX pjsip has its own time related stuff that is 32-bit only
-----
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-5, 1.8.32.3, 11.6-cert11,
11.17.1, 12.8.2, 13.1-cert2, and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and and verifies the server,
Asterisk will accept signed certificates that match a common name other than
the one Asterisk is expecting if the signed certificate has a common name
containing a null byte after the portion of the common name that Asterisk
expected. This potentially allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.17.1
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.17.0.
The release of Asterisk 11.17.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
New Features made in this release:
-----------------------------------
* ASTERISK-17899 - Handle crypto lifetime in SDES-SRTP negotiation
(Reported by Dwayne Hubbard)
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24742 - [patch] Fix ast_odbc_find_table function in
res_odbc (Reported by ibercom)
* ASTERISK-22436 - [patch] No BYE to masqueraded channel on INVITE
with replaces (Reported by Eelco Brolman)
* ASTERISK-24479 - Enable REF_DEBUG for module references
(Reported by Corey Farrell)
* ASTERISK-24701 - Stasis: Write timeout on WebSocket fails to
fully disconnect underlying socket, leading to events being
dropped with no additional information (Reported by Matt Jordan)
* ASTERISK-24772 - ODBC error in realtime sippeers when device
unregisters under MariaDB (Reported by Richard Miller)
* ASTERISK-24451 - chan_iax2: reference leak in sched_delay_remove
(Reported by Corey Farrell)
* ASTERISK-24799 - [patch] make fails with undefined reference to
SSLv3_client_method (Reported by Alexander Traud)
* ASTERISK-24787 - [patch] - Microsoft exchange incompatibility
for playing back messages stored in IMAP - play_message: No
origtime (Reported by Graham Barnett)
* ASTERISK-24814 - asterisk/lock.h: Fix syntax errors for non-gcc
OSX with 64 bit integers (Reported by Corey Farrell)
* ASTERISK-24796 - Codecs and bucket schema's prevent module
unload (Reported by Corey Farrell)
* ASTERISK-24724 - 'httpstatus' Web Page Produces Incomplete HTML
(Reported by Ashley Sanders)
* ASTERISK-24797 - bridge_softmix: G.729 codec license held
(Reported by Kevin Harwell)
* ASTERISK-24800 - Crash in __sip_reliable_xmit due to invalid
thread ID being passed to pthread_kill (Reported by JoshE)
* ASTERISK-17721 - Incoming SRTP calls that specify a key lifetime
fail (Reported by Terry Wilson)
* ASTERISK-23214 - chan_sip WARNING message 'We are requesting
SRTP for audio, but they responded without it' is ambiguous and
wrong in some cases (Reported by Rusty Newton)
* ASTERISK-15434 - [patch] When ast_pbx_start failed, both an
error response and BYE are sent to the caller (Reported by
Makoto Dei)
* ASTERISK-18105 - most of asterisk modules are unbuildable in
cygwin environment (Reported by feyfre)
* ASTERISK-24828 - Fix Frame Leaks (Reported by Kevin Harwell)
* ASTERISK-24838 - chan_sip: Locking inversion occurs when
building a peer causes a peer poke during request handling
(Reported by Richard Mudgett)
* ASTERISK-24825 - Caller ID not recognized using
Centrex/Distinctive dialing (Reported by Richard Mudgett)
* ASTERISK-24739 - [patch] - Out of files -- call fails --
numerous files with inodes from under /usr/share/zoneinfo,
mostly posixrules (Reported by Ed Hynan)
* ASTERISK-23390 - NewExten Event with application AGI shows up
before and after AGI runs (Reported by Benjamin Keith Ford)
* ASTERISK-24786 - [patch] - Asterisk terminates when playing a
voicemail stored in LDAP (Reported by Graham Barnett)
* ASTERISK-24808 - res_config_odbc: Improper escaping of
backslashes occurs with MySQL (Reported by Javier Acosta)
* ASTERISK-20850 - [patch]Nested functions aren't portable.
Adapting RAII_VAR to use clang/llvm blocks to get the
same/similar functionality. (Reported by Diederik de Groot)
* ASTERISK-19470 - Documentation on app_amd is incorrect (Reported
by Frank DiGennaro)
* ASTERISK-21038 - Bad command completion of "core set debug
channel" (Reported by Richard Kenner)
* ASTERISK-18708 - func_curl hangs channel under load (Reported by
Dave Cabot)
* ASTERISK-16779 - Cannot disallow unknown format '' (Reported by
Atis Lezdins)
* ASTERISK-24876 - Investigate reference leaks from
tests/channels/local/local_optimize_away (Reported by Corey
Farrell)
* ASTERISK-24817 - init_logger_chain: unreachable code block
(Reported by Corey Farrell)
* ASTERISK-24880 - [patch]Compilation under OpenBSD (Reported by
snuffy)
* ASTERISK-24879 - [patch]Compilation fails due to 64bit time
under OpenBSD (Reported by snuffy)
Improvements made in this release:
-----------------------------------
* ASTERISK-24790 - Reduce spurious noise in logs from voicemail -
Couldn't find mailbox %s in context (Reported by Graham Barnett)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.17.0
Thank you for your continued support of Asterisk!
-----
The Asterisk Development Team has announced the release of Asterisk 11.16.0.
The release of Asterisk 11.16.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-24472 - Asterisk Crash in OpenSSL when calling over WSS
from JSSIP (Reported by Badalian Vyacheslav)
* ASTERISK-24614 - Deadlock when DEBUG_THREADS compiler flag
enabled (Reported by Richard Mudgett)
* ASTERISK-24449 - Reinvite for T.38 UDPTL fails if SRTP is
enabled (Reported by Andreas Steinmetz)
* ASTERISK-24619 - [patch]Gcc 4.10 fixes in r413589 (1.8) wrongly
casts char to unsigned int (Reported by Walter Doekes)
* ASTERISK-24337 - Spammy DEBUG message needs to be at a higher
level - 'Remote address is null, most likely RTP has been
stopped' (Reported by Rusty Newton)
* ASTERISK-23733 - 'reload acl' fails if acl.conf is not present
on startup (Reported by Richard Kenner)
* ASTERISK-24628 - [patch] chan_sip - CANCEL is sent to wrong
destination when 'sendrpid=yes' (in proxy environment) (Reported
by Karsten Wemheuer)
* ASTERISK-24672 - [PATCH] Memory leak in func_curl CURLOPT
(Reported by Kristian Høgh)
* ASTERISK-20744 - [patch] Security event logging does not work
over syslog (Reported by Michael Keuter)
* ASTERISK-23850 - Park Application does not respect Return
Context Priority (Reported by Andrew Nagy)
* ASTERISK-23991 - [patch]asterisk.pc file contains a small error
in the CFlags returned (Reported by Diederik de Groot)
* ASTERISK-24288 - [patch] - ODBC usage with app_voicemail -
voicemail is not deleted after review, hangup (Reported by LEI
FU)
* ASTERISK-24048 - [patch] contrib/scripts/install_prereq selects
32-bit packages on 64-bit hosts (Reported by Ben Klang)
* ASTERISK-24709 - [patch] msg_create_from_file used by MixMonitor
m() option does not queue an MWI event (Reported by Gareth
Palmer)
* ASTERISK-24355 - [patch] chan_sip realtime uses case sensitive
column comparison for 'defaultuser' (Reported by
HZMI8gkCvPpom0tM)
* ASTERISK-24719 - ConfBridge recording channels get stuck when
recording started/stopped more than once (Reported by Richard
Mudgett)
* ASTERISK-24715 - chan_sip: stale nonce causes failure (Reported
by Kevin Harwell)
* ASTERISK-24728 - tcptls: Bad file descriptor error when
reloading chan_sip (Reported by Kevin Harwell)
* ASTERISK-24676 - Security Vulnerability: URL request injection
in libCURL (CVE-2014-8150) (Reported by Matt Jordan)
* ASTERISK-24711 - DTLS handshake broken with latest OpenSSL
versions (Reported by Jared Biel)
* ASTERISK-24646 - PJSIP changeset 4899 breaks TLS (Reported by
Stephan Eisvogel)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.16.0
Thank you for your continued support of Asterisk!
|
|
attempting to install into the built-in JAVA_HOME.
Use 'arm' as JAVA_MACHINE_ARCH generally (correct for at least Linux, as
well as NetBSD).
|
|
The added patch fixes startup crash and was submitted upstream.
While there also remove the ban on i386, as it was tested to run fine.
|
|
|
|
|
|
directory on NetBSD/ARM.
|
|
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
12, and 13. The available security releases are released as versions
1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
and 13.3.2.
The release of these versions resolves the following security vulnerability:
* AST-2015-003: TLS Certificate Common name NULL byte exploit
When Asterisk registers to a SIP TLS device and verifies the
server, Asterisk will accept signed certificates that match a
common name other than the one Asterisk is expecting if the signed
certificate has a common name containing a null byte after the
portion of the common name that Asterisk expected. This potentially
allows for a man in the middle attack.
For more information about the details of this vulnerability, please read
security advisory AST-2015-003, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2015-003.pdf
Thank you for your continued support of Asterisk!
|
|
|
|
|
|
|
|
nathanialsloss@yahoo.com.au
|
|
HIDAPI is a multi-platform library which allows an application to interface
with USB and Bluetooth HID-Class devices on Windows, Linux, and Mac OS X.
On Windows, a DLL is built. On other platforms (and optionally on Windows),
the single source file can simply be dropped into a target application.
HIDAPI has four back-ends:
* Windows (using hid.dll)
* Linux/hidraw (using the Kernel's hidraw driver)
* Linux/libusb (using libusb-1.0)
* Mac (using IOHidManager)
This package includes only the libusb backend.
|
|
This version is essentially a bugfix release, with:
- minor improvements to the user interface;
- possibility to build outside of the source tree;
- dropped dependency on DeforaOS Panel;
- all tests should pass.
Hopefully will fix the issue encountered in the latest bulk build report.
|
|
|
|
|
|
|
|
|
|
|
|
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
|
|
This update is just to accomodate the speex splitup.
Note that Asterisk 10.x is dead upstream and should not be used
anymore. This package will be removed at some point.
|
|
pkgsrc change: adapt to splitting up of speex
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2015-001: File descriptor leak when incompatible codecs are offered
Asterisk may be configured to only allow specific audio or
video codecs to be used when communicating with a
particular endpoint. When an endpoint sends an SDP offer
that only lists codecs not allowed by Asterisk, the offer
is rejected. However, in this case, RTP ports that are
allocated in the process are not reclaimed.
This issue only affects the PJSIP channel driver in
Asterisk. Users of the chan_sip channel driver are not
affected.
* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability
CVE-2014-8150 reported an HTTP request injection
vulnerability in libcURL. Asterisk uses libcURL in its
func_curl.so module (the CURL() dialplan function), as well
as its res_config_curl.so (cURL realtime backend) modules.
Since Asterisk may be configured to allow for user-supplied
URLs to be passed to libcURL, it is possible that an
attacker could use Asterisk as an attack vector to inject
unauthorized HTTP requests if the version of libcURL
installed on the Asterisk server is affected by
CVE-2014-8150.
For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf
Thank you for your continued support of Asterisk!
|
|
Patch provided by Kirk Russell in PR pkg/49546.
|
|
|
|
|
|
|
|
limit to NetBSD and then reject NetBSD-[0-3]*, instead of accepting
NetBSD-[4-9]*.
|
|
|
|
Remove now unnecessary overrides in various packages.
|
|
|
|
|
|
The Asterisk Development Team has announced the release of Asterisk 11.15.0.
The release of Asterisk 11.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
Bugs fixed in this release:
-----------------------------------
* ASTERISK-20127 - [Regression] Config.c config_text_file_load()
unescapes semicolons ("\;" -> ";") turning them into comments
(corruption) on rewrite of a config file (Reported by George
Joseph)
* ASTERISK-24307 - Unintentional memory retention in stringfields
(Reported by Etienne Lessard)
* ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
extra calls to ast_module_unref (Reported by Corey Farrell)
* ASTERISK-24504 - chan_console: Fix reference leaks to pvt
(Reported by Corey Farrell)
* ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
length exceeds 50 (roughly) national symbols (Reported by
Dmitriy Bubnov)
* ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
revision r227276 (Reported by Xavier Hienne)
* ASTERISK-20402 - Unable to cancel (features.conf) attended
transfer (Reported by Matt Riddell)
* ASTERISK-24505 - manager: http connections leak references
(Reported by Corey Farrell)
* ASTERISK-24502 - Build fails when dev-mode, dont optimize and
coverage are enabled (Reported by Corey Farrell)
* ASTERISK-24444 - PBX: Crash when generating extension for
pattern matching hint (Reported by Leandro Dardini)
* ASTERISK-24522 - ConfBridge: delay occurs between kicking all
endmarked users when last marked user leaves (Reported by Matt
Jordan)
* ASTERISK-15242 - transmit_refer leaks sip_refer structures
(Reported by David Woolley)
* ASTERISK-24440 - Call leak in Confbridge (Reported by Ben Klang)
* ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
allow blocked addresses through (Reported by Matt Jordan)
* ASTERISK-24516 - [patch]Asterisk segfaults when playing back
voicemail under high concurrency with an IMAP backend (Reported
by David Duncan Ross Palmer)
* ASTERISK-24572 - [patch]App_meetme is loaded without its
defaults when the configuration file is missing (Reported by
Nuno Borges)
* ASTERISK-24573 - [patch]Out of sync conversation recording when
divided in multiple recordings (Reported by Nuno Borges)
Improvements made in this release:
-----------------------------------
* ASTERISK-24283 - [patch]Microseconds precision in the eventtime
column in the cel_odbc module (Reported by Etienne Lessard)
* ASTERISK-24530 - [patch] app_record stripping 1/4 second from
recordings (Reported by Ben Smithurst)
* ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
lookups (Reported by Birger "WIMPy" Harzenetter)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.15.0
Thank you for your continued support of Asterisk!
|
|
The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.
The release of these versions resolves the following security vulnerability:
* AST-2014-019: Remote Crash Vulnerability in WebSocket Server
When handling a WebSocket frame the res_http_websocket module
dynamically changes the size of the memory used to allow the
provided payload to fit. If a payload length of zero was received
the code would incorrectly attempt to resize to zero. This
operation would succeed and end up freeing the memory but be
treated as a failure. When the session was subsequently torn down
this memory would get freed yet again causing a crash.
For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.
For a full list of changes in the current releases, please see the Change Logs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2
The security advisory is available at:
* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf
Thank you for your continued support of Asterisk!
|
|
|
|
termstyle is a simple python library for adding coloured output to terminal
(console) programs. The definitions come from ECMA-048, the "Control Functions
for Coded Character Sets" standard.
|
|
kamelderouiche@yahoo.com
|
|
Makes ANSI escape character sequences for producing colored terminal text and
cursor positioning work under MS Windows.
ANSI escape character sequences have long been used to produce colored terminal
text and cursor positioning on Unix and Macs. Colorama makes this work on
Windows, too, by wrapping stdout, stripping ANSI sequences it finds (which
otherwise show up as gobbledygook in your output), and converting them into the
appropriate win32 calls to modify the state of the terminal. On other platforms,
Colorama does nothing.
Colorama also provides some shortcuts to help generate ANSI sequences but works
fine in conjunction with any other ANSI sequence generation library, such as
Termcolor.
|
|
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
In addition, the release of 11.6-cert8 and 11.14.1 resolves the following
security vulnerability:
* AST-2014-014: High call load with ConfBridge can result in resource exhaustion
The ConfBridge application uses an internal bridging API to implement
conference bridges. This internal API uses a state model for channels within
the conference bridge and transitions between states as different things
occur. Unload load it is possible for some state transitions to be delayed
causing the channel to transition from being hung up to waiting for media. As
the channel has been hung up remotely no further media will arrive and the
channel will stay within ConfBridge indefinitely.
In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves
the following security vulnerability:
* AST-2014-017: Permission Escalation via ConfBridge dialplan function and
AMI ConfbridgeStartRecord Action
The CONFBRIDGE dialplan function when executed from an external protocol (such
as AMI) can result in a privilege escalation as certain options within that
function can affect the underlying system. Additionally, the AMI
ConfbridgeStartRecord action has options that would allow modification of the
underlying system, and does not require SYSTEM class authorization in AMI.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-017.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
|
|
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.
The release of these versions resolves the following security vulnerabilities:
* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
address families
Many modules in Asterisk that service incoming IP traffic have ACL options
("permit" and "deny") that can be used to whitelist or blacklist address
ranges. A bug has been discovered where the address family of incoming
packets is only compared to the IP address family of the first entry in the
list of access control rules. If the source IP address for an incoming
packet is not of the same address as the first ACL entry, that packet
bypasses all ACL rules.
* AST-2014-018: Permission Escalation through DB dialplan function
The DB dialplan function when executed from an external protocol, such as AMI,
could result in a privilege escalation. Users with a lower class authorization
in AMI can access the internal Asterisk database without the required SYSTEM
class authorization.
For more information about the details of these vulnerabilities, please read
security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015,
AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same
time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2014-018.pdf
Thank you for your continued support of Asterisk!
|
|
Changes since OpenOBEX-1.7:
- Add OBEX_FL_STREAM_CONTINUE
- Several fixes
|
|
|
|
- Add two CMAKE_ARGS (silence and) to maintain the similar PLIST leve
# silence warning
CMAKE_ARGS+= -Wno-dev
CMAKE_ARGS+= -DINSTALL_DOC=ON
- Add post-install: target to Remove PaxHeader garbage
- Add comment on patch
(upstream) Update 1.26.1 to 1.33.0
|
|
- Add two CMAKE_ARGS (silence and) to maintain the similar PLIST leve
# silence warning
CMAKE_ARGS+= -Wno-dev
CMAKE_ARGS+= -DINSTALL_DOC=ON
- Add post-install: target to Remove PaxHeader garbage
- Add comment on patch
(upstream) Update 1.26.1 to 1.33.0
... sorry some 300 lines of ChangeLog
=========
20130529 - 1.33.00
[-] * Various translation improvements.
[-] * Improved support for Huawei E173, thanks to Gautier Minster.
[-] * Fixed buffer overflow in MMS decoder.
[-] * Fixed several memory leaks.
[-] * Improved compatibility with Qualcomm devices (bug #1654).
[-] * Various documentation improvements.
[-] * Updated version of sms-gammu2android, thanks to Shadow Walker.
[-] * Fixed compilation on Mac OS X, thanks to Soren Jorvang.
[-] * Fixed SMSD with CheckSecurity = 0 (bug #1672).
20120627 - 1.32.0
[-] * Fixed auto installation of EventLog registry.
[-] * Improved support for Arduino GPRS shield (bug #1592).
[-] * Fixed communication with Cross PD1101wi (bug #1617).
[-] * Ignore another unknown block in Nokia phonebook (bug #1614).
[-] * Do not encode number when setting up diverts.
20120224 - 1.31.90
[-] * Improved compatibility with ES75 (bug #1586).
[!] * Changed API for call diverts.
[+] * Added support for call diverts in Python API.
[+] * AT backend supports manipulating with call diverts.
[+] * Added support for suspending/resuming SMSD using SIGUSR1/2.
[!] * Changed protocol for S60 applet.
[+] * S60 applet now handles SMS with new lines.
[+] * Improved support for Windows Event Log.
20111221 - 1.31.0
[-] * Fixed compilation with latest libusb.
[-] * Improved error handling in SQL backend of SMSD.
[-] * SMSD documentation improvements.
[-] * Indonesian translation updates.
20111213 - 1.30.92
[-] * Improved vCard parser to better handle location for various fields, thanks to Vladimir Serbinenko for initial patch.
[-] * Fixed reading calls from some Nokia phones (bug #1553).
[-] * Improved text mode SMS parsing in AT driver, thanks to Vladimir Serbinenko.
[-] * Use glib's MD5 implementation if available.
20111129 - 1.30.91
[+] * Improved documentation for configuring Gammu.
[-] * Fixed parsing birthday from vCard in some cases.
[+] * Added option not to use configured logging in SMSD inject and monitor (bug #1539).
[+] * Added SMSD configuration LogFacility (bug #1539).
[-] * Fixed reading of data from OBEX phones (LP#891803).
[-] * Fixed double reply detection (bug #1544).
[-] * Increase maximal number of caller groups (bug #1541).
[-] * Cancel all calls on maketerminated call if we don't get call ID.
[-] * Fixed SMSC handling in some cases in SMSD (bug #1547).
20111107 - 1.30.90
[-] * Various documentation improvements.
[-] * Detect Alcatel style reply on CPIN response (bug #1502).
[-] * Fix build on some Win32 systems (bug #1496).
[-] * Make jadmaker handle names with spaces (Rapha l Droz).
[-] * Display 8-bit messages in hex (Nicolas Pitre).
[-] * Do not use AT+CUSD=2 on some phones (bug #1508).
[-] * Fixed gammu-monitor with Windows service (bug #1515).
[-] * Cleanup of contrib directory.
[-] * Better support for Samsung AT phones (bug #1513).
[-] * Fixed handling of MMS notification SMSes (bug #1530).
[-] * Fixed CPIN reply handling (bug #1532).
[+] * SMSD checks for PIN status just after connect (bug #1532).
[-] * Fixed various MSVC compilation issues.
20110719 - 1.30.0
[*] * Improved SMSD logging of configuration settings.
[-] * Fix possible crash in fbus2 driver.
[-] * Fix possible crash of ODBC driver on Windows (bug #1482).
[-] * Fixed usage of dbi plugins from Python module.
20110607 - 1.29.93
[-] * Properly initialize atobex driver with Sony-Ericsson phones.
[-] * Updated list of country and network codes.
[-] * Escape fields in SQL queries (bug#1415).
[-] * Escape fields in PostgreSQL SQL script (bug#1415).
[-] * Default to GSM encoding for text messages in SQL backend for SMSD.
[-] * Add option to override which SQL dialect to use in SMSD (bug #1427).
[-] * Improved m-obex protocol support, thanks to Vladimir Serbinenko.
[-] * Various fixes for Samsung B2100, thanks to Vladimir Serbinenko.
[-] * Fix check for AT+CPROT support (bug #1438).
[-] * Fix memory leak in s60 protocol driver (bug #1441).
[-] * Reverted change to SignalStrength because of SQL escaping we have now (bug #1380).
[-] * Improved vCard parser to handle vCards from Gmail.
[-] * Fixed LDIF parser to cope with multiple LDIF in single file.
20110315 - 1.29.92
[-] * Documentation improvements and fixes.
[-] * Saner error handling in Windows serial driver.
[-] * Cleanup in SMSD internals.
[+] * Added ODBC driver to SMSD.
20110225 - 1.29.91
[+] * Added screenshot function for Sony-Ericssonn phones (M rton N meth).
[-] * Fixed parsing of some Nokia SMSes (bug #1402).
[-] * Properly report error on deleting non deletable entries (bug #1396).
[-] * Slower switch from m-obex to AT (bug #1382).
[-] * Faster initialization for AT phones without enabled echo.
20110210 - 1.29.90
[-] * Fix detection of MySQL libraries (bug #1370).
[!] * Changed default connection settings to at and ttyACM0 (bug #1078).
[+] * Add new API call to abort existing operation (bug #1155).
[+] * Change database structure to avoid using reserved word Signal (bug #1380).
[+] * Possibility to limit time of day for SMS in SMSD (bug #1203).
[-] * Enforce limits on SMS payload length.
[+] * Made GSM_SMSCounter public (bug #1356).
[+] * Support for S60 phones using Series60 applet (bug #423).
[-] * Do not fail on 0x7b field in Nokia 3600s phonebook (bug #1385).
[!] * Disabled two stage probing for most protocols.
[-] * Fixed saving of SMS backups (bug #1392).
[+] * Screenshot functionality for DCT4 phones (bug #1390).
20110119 - 1.29.0
[+] * Added option to enter new PIN when entering PUK, thanks to Peter
Stuge for pointing out this requirement.
[-] * Improved documentation of SMSD backend services.
20110107 - 1.28.95
[-] * Fix decoding of SMS without date on DCT4 phones (bug #1368).
[+] * Added gammu-detect tool to detect available devices on system.
[-] * Fixed parsing of Philips reply to SPBR (bug #1366).
[-] * Fixed testsuite not to depend on system timezone.
[-] * Check if phone is waiting for requested security code before
entering.
[-] * Fixup invalid international numbers with double prefix (+00) in
SMS (bug #1364).
[-] * Fixed m-obex protocol implementation, thanks to Matthieu Patou (bug #1375).
[-] * Fixed build on Mac OS X, thanks to Matthieu Patou (bug #1374).
[-] * Fixed decoding of some SMS messages on S40 phones (bug #1243).
20101227 - 1.28.94
[+] * New convertbackup command to convert between backup formats.
[+] * Changed database structure to version 12, you need to upgrade it.
[-] * Try harder to find dn for LDIF export (bug #1363).
[-] * Better names for some fields in LDIF export (bug #1363).
[-] * Implement parsing of LDIF for all fields we save (bug #1363).
[-] * Various minor fixes in SMSD SQL backend.
[-] * Improved test suite coverage.
[-] * Improved dummy driver to allow more testing.
20101202 - 1.28.93
[+] * New SMSD configuration RunOnFailure.
[-] * Fix invalid SQL when storing 8bit SMS (bug #1329).
[-] * Probe if phone supports m-obex protocol (bug #1286).
[+] * Experimental support fo m-obex protocol (bug #1286).
[-] * Fix detection of delivery reports in MySQL and PostgreSQL backends
(bug #313).
[+] * Include udev rules for Nokia phones (bug #1251).
[-] * Fix parsing LG VX9200 reply on getting battery state (bug #1264).
[-] * Fix handling of SMS text mode (bug #1189).
[!] * Default to no retries of the send commands on the link.
[-] * Wait for more USSD replies on getussd command (bug #1346).
[!] * New unified SQL SMSD backend handling all SQL databases.
[+] * SQL queries in SQL SMSD backend can be configured.
20101004 - 1.28.92
[+] * New SMSD config option HardResetFrequency.
[+] * Gammu now supports freedesktop.org/XDG specs for config file
locations and reads ~/.config/gammu/config.
[-] * Increase timeout for AT+CMGL (bug #1317).
[+] * Added support for optional delivery report parts as defined by
ETSI 123 040, section 9.2.2.3 (bug #1304).
[+] * SMSD database host configuration is now named "host" not "PC".
20100916 - 1.28.91
[-] * Fixed locales compilation/support.
[-] * Set memory to use for MPBR/SBNR/SPBR commands as well (bug #1128).
[-] * Handle errors from CMGL same way as from CMGR (bug #1211).
[-] * Fixed parsing of AT+CPMS=? reply (bug #1296).
[+] * Implemented matching by serial number.
[+] * SMSD can now be configured just for sending/receiving.
[-] * Fixed battery status for S40 phones (bug #1301).
[-] * Improved compatibility with Motorola phonebook (bug #1128).
[+] * Lot of documentation improvements, check <http://wammu.eu/docs/devel/docs/>.
20100827 - 1.28.90
[-] * Fixed handling of empty reply on CREG/CGREG (bug #1245).
[-] * Prefer storing delivery reports over forwarding them.
[-] * Fix leak and crash when handling MMS notifications in Python.
[-] * Fixed parsing of date from AT phones (bug #1256).
[-] * Simplify handling text comment in SMS backup to keep new lines.
[+] * New command gammu battery.
[-] * Fail to send SMS without set SMSC.
[-] * Avoid updating SMSD backend frequently than StatusFrequency defines.
[-] * Store SIM phonebook to vCard on backup (bug #1281).
[-] * Fixed waiting for multipart messages (bug #1279).
[-] * Fixed crash on too long GPRS access point names in backup (bug #1267).
[-] * Fallback to using SMSC from phone in SMSD if none provided.
[-] * Improved guessing of HEX/GSM charsets for phone number in AT engine.
20100712 - 1.28.0
[+] * Support for adding notes using addnew command.
[-] * Better log errors when moving message in SMSD.
[!] * Removed checkfirmware command as the server is not existing anymore.
[-] * Proper closing of Bluetooth sockets on Windows (bug #1239).
[-] * Properly decode another way of MMS notification SMS.
[+] * Support for selecting USB device to use on Linux.
[-] * Fix storing text in SMS backup comment for multiline SMS.
[-] * Fixed crash when passing invalid parameters to SMS encoder.
20100629 - 1.27.95
[+] * Support for getting packet network state (bug #1220).
[-] * Fix parsing of AT replies from Nokia 2730 (bug #1224).
[-] * Nokia E61 needs encoded USSD requests (bug #1228).
[!] * Rename Port configuration directive to Device.
[-] * Try to reconnect after lost connection to MySQL error.
[-] * Actually enable -f processing in SMSD.
[+] * Configurable number of backend retries.
[-] * Prefer GSM charset for USSD requests (bug #1228).
20100603 - 1.27.94
[-] * Fixed folder detection for Nokia S40 phones (bug #1191).
[-] * Fixed smsd-inject for long messages.
[-] * Fixed waiting for more multipart messages (bug #1193).
[-] * Fixed parsing of cellid reply with different locales (bug #1202).
[-] * Fixed handling of timeouts from libusb (bug #1207).
[-] * Properly detect birthday on Nokia 2700 (bug #1213).
[-] * Provide fallback value for note type (bug #1213).
[-] * Rewritten parsing of CREG: reply to properly parse all replies (bug #1220).
20100413 - 1.27.93
[-] * Fix crash when SMS in Nokia has too many recipients (bug #1136).
[-] * Better handling of Bluetooth errors on Windows (bug #1146).
[-] * Build with -Wl,--as-needed to avoid not required dependencies.
[-] * Python module now uses more PEP-3 compliant naming.
[-] * Fix compilation while disabling some features.
[-] * Include message reference in FILES backend logs for SMSD.
[-] * Fix crash when adding file to Nokia (bug #1163).
[+] * Added function EncodePDU to python-gammu.
[-] * Fix storing message status on multiple delivery reports (bug #1167).
[-] * Force AT^SBNR support on Siemens AX75.
20100217 - 1.27.92
[+] * Write support for Siemens phonebook (bug #1129).
[-] * Properly decode UTF-8 version 3.0 vCards (bug #1132).
[-] * Fixed wrong counting of favorite messaging numbers (bug #1010).
[+] * Implement SendDTMF in Python bindings.
20100204 - 1.27.91
[-] * Add ID for Nokia 6275i (bug #1096).
[-] * Fix Windows build by not defining MSVC version.
[-] * Correctly use first entry location in MPBR (bug #1076).
[-] * Avoid buffer overrun when parsing SM30 SMS (bug #1110).
[-] * Properly detect user home directory.
[+] * Improved MMS notifications encoding.
[+] * Allow to specify MMS notification class.
[+] * Implemented decoding of MMS notification (bug #1100).
[+] * SMSD now properly groups multipart messages together.
[+] * New NULL service for SMSD.
[+] * RunOnReceive now gets environment variables with SMS data.
[-] * Fixed AT lines splitting to work properly with quotes.
[-] * Separate getting information for Motorola phones (bug #1076).
[-] * Fixed reading of Samsung contacts (bug #1105).
[-] * Re-enable classic AT commands for adding Samsung contact (bug #1105).
[+] * SMSD no longer requires support for SMS status, so it works with Nokia S40 phones.
[-] * Fix finding of empty location for some AT phones (bug #1119).
[-] * Restore phone phonebook also to phones not supporting status (bug #1122).
[-] * Avoid reading phone memory on reading SIM (bug #1123).
20100106 - 1.27.90
[-] * Simplify code in FILES smsd service.
[-] * FILES service can send smsbackup messages.
[+] * Configurable outbox format for SMSD/FILES.
[-] * Improve conversion of boolean settings from Python.
[-] * Do not use MPBR/SPBR for other than phone memory (bug #1076).
[-] * Fix crash with unknown CME error (bug #1082).
[-] * Fixed connecting to Onda devices (LP #501025).
[+] * SMSD can terminate itself after defined number of failures.
[-] * Improved decoding of SM30 Nokia messages (bug #1091).
20091222 - 1.27.0
[+] * Initial support for reading Motorola calendar (bug#338).
[-] * Avoid parsing boolean config values all around the code.
[+] * FILES backend of SMSD now support message injecting.
[-] * Ignore duplicate lines in AT reply (bug#1069).
20091212 - 1.26.93
[-] * Add ID for MTK1/MTK2 phones (bug#1051).
[+] * Add DecodePDU to Python bindings.
[+] * Added sample SQL trigger for SMSD polls.
[-] * Display sent SMS time if it is available (bug#1053).
[-] * Added bunch of new testcases.
[-] * Distinguish silent/tone alarms in own backup format.
[-] * Fixed compilation with Clang compiler.
[-] * Fixed handling of SMS memories with Samsung (bug#1063).
[+] * Reporting location based on OpenCellID database (bug#1039).
20091203 - 1.26.92
[-] * Compare full name of config section.
[-] * Add ID for Nokia 6111 (bug#1045).
[-] * Handle CME error 601 (bug#1044).
[+] * Support for reading birthday from Samsung phonebook (bug#1038).
[+] * Report GPRS state when getting network status (bug#1023).
[-] * Fix reading of Siemens phonebook (bug#1046).
[+] * Make gammu error codes map to GSM_Error.
[-] * Various code cleanups.
[-] * Add ID for Huawei E169.
20091119 - 1.26.91
[-] * Fixed parsing of vCards with lowercase types (bug #1006).
[-] * Handle forward references in Nokia phonebook (bug #1009).
[-] * Save timestamp to SMS backup for all messages.
[-] * Store PDU type in SMS backup.
[+] * More flexible handling of exclude/include lists in SMSD.
[+] * Add support for external list of exclude/include numbers (bug#1008).
[-] * Workaround decoding of messages padded by 0xFF by phone.
[-] * Force enabling of OBEX for SE S312 (bug#1016).
[-] * Recognize Motorola A1200 error replies (bug#1019).
[-] * Disable AT/Obex for Motorola A1200e (bug#1019).
[-] * Properly detect if phone does not support AT+MODE (bug#1019).
[-] * Disable AT/Obex for Motorola E790 (bug#1018).
[+] * Add option to filter messages by SMSC (bug#1020).
[-] * Implement retries when waiting for message prompt.
[-] * Fixed logic of detecting incoming calls.
[-] * Fixed loading of non ASCII messages from files in SMSD (bug#1011).
[+] * Added example showing reading of messages.
[-] * Build Windows release with Python 2.6.
[-] * Fixed compilation in MSVC because of missing S_ISDIR.
[-] * Fixed parsing of different Samsung reply (bug#1038).
[-] * Proper error code when SMSC is empty (bug#1032).
[-] * Fixed compilation of python-gammu in MSVC.
20091012 - 1.26.90
[-] * Fixed parsing of SMS with empty recipient (bug #998).
[-] * Correct setting of time on Huawei phones.
[+] * Addnew command can now change memory type being used.
[-] * Proper handling of locations and memory type in vCards.
[-] * Added IDs for several recent Sony-Ericsson phones.
[-] * Fix decoding of phone numbers in some cases (bug #999).
[-] * Replace MD5 implementation with public domain one (bug #964).
[-] * Huawei E17X has broken UCS-2, do not use it (bug #962).
[-] * Do not fail if phone does not support extended SMS params (bug #927).
[+] * Added support for Samsung calendar (bug #839).
[-] * Do not choke on OK in message text.
[-] * Add ID of Nokia 6020b (bug #1004).
[-] * Fix decoding of SMS with extended characters.
[-] * Fixed handling of DCT4 specific functions.
[-] * Add workaround for especially broken Ubinetics GDC201.
|
