summaryrefslogtreecommitdiff
path: root/comms
AgeCommit message (Collapse)AuthorFilesLines
2010-05-07Add an "ldap" option which defaults to enabled, since most modernjnemeth3-7/+15
systems come with LDAP support built-in. This has no effect on such systems. However, on older systems, it will pull in openldap-client. But, a builder may still disable the option if they wish. This fixes: PR pkg/41987 - Robert Elz -- comms/asterisk16 PLIST problem
2010-05-07Install various docs found in the tarball.jnemeth2-4/+112
README-SERIOUSLY.bestpractices.txt is the new README from 1.6.1.16 and AST-2010-002.
2010-05-07Add a dependency on p5-DBI for the webvmail option. Don't botherjnemeth1-1/+2
with a PKGREVISION bump since this doesn't affect the installed "binaries" and there have already been two bumps today.
2010-05-07Fix bug when reloading cdr_odbc.so.jnemeth3-3/+25
2010-05-06Add a webvmail option which installs the vmail.cgi script accessingjnemeth6-18/+228
voicemail using a browser.
2010-04-17remove dead mirror.zafer2-5/+3
2010-04-10Fix installation in non-DESTDIR case (hi joerg!)sborrill2-8/+15
2010-04-06add 'bin/jpilot-dial' on Linux from PR 42289sbd2-2/+4
Bump PKGREVISION OK wiz@
2010-03-17Fix installation.joerg2-4/+4
2010-03-15Update to 0.12.5:wiz3-12/+13
This is to get 0.12.5 out with the new Calendar code so J-Pilot can get their release out. I will be dropping a 0.12.5.1 release shortly after this with the patches rolled up from 0.12.4 to current pushed in.
2010-03-08- take over maintainship as I handle most Asterisk stuffjnemeth1-5/+8
- mark as destdir ready XXX The Makefile has a comment saying that "this program" is licensed under GPL. There is a README file saying that the sounds are licensed under a BSD licence. Need to check for updates and/or contact upstream for clarification and a proper licence file. XXX The PLIST needs some serious TLC.
2010-03-07this doesn't work on NetBSD 5+ (not even sure it will work on NetBSD 4+)jnemeth1-2/+2
2010-03-01 Update to Asterisk 1.6.1.17. This fixes AST-2010-001 andjnemeth6-38/+37
AST-2010-003. AST-2010-002 was just a warning about dialplan scripting errors that could lead to security issues. Asterisk 1.6.1.13: general bug fixes Asterisk 1.6.1.14: fix AST-2010-001 Asterisk 1.6.1.15: not released, skipped for security releases Asterisk 1.6.1.16: fix AST-2010-002 Asterisk 1.6.1.17: fix AST-2010-003 Note that the only change in Asterisk 1.6.1.16 was the addtion of a README file. However, the package doesn't install random docs. That is planned for a future update seperate from the upstream updates. ----- Asterisk 1.6.1.13: The release of Asterisk 1.6.1.13 resolved several issues reported by the community, and would have not been possible without your participation. Thank you! * Restarts busydetector (if enabled) when DTMF is received after call is bridged (Closes issue #16389. Reported, Tested, Patched by alecdavis.) * Send parking lot announcement to the channel which parked the call, not the park-ee. (Closes issue #16234. Reported, Tested by yeshuawatso. Patched by tilghman.) * When the field is blank, don't warn about the field being unable to be coerced just skip the column. (Closes http://lists.digium.com/pipermail/asterisk-dev/2009-December/041362.html) Reported by Nic Colledge on the -dev list.) * Don't queue frames to channels that have no means to process them. (Closes issue #15609. Reported, Tested by aragon. Patched by tilghman.) * Fixes holdtime playback issue in app_queue. (Closes issue #16168. Reported, Patched by nickilo. Tested by wonderg, nickilo.) A summary of changes in this release can be found in the release summary: http://downloads.asterisk.org/pub/telephony/asterisk/asterisk-1.6.1.13-summary.t xt For a full list of changes in this releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.13 ----- Asterisk 1.6.1.14: The releases of Asterisk 1.6.0.22, 1.6.1.14, and 1.6.2.2 include the fix described in security advisory AST-2010-001. The issue is that an attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash will occur when the FaxMaxDatagram field is omitted from the SDP, as well. For more information about the details of this vulnerability, please read the security advisory AST-2009-009, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.14 Security advisory AST-2010-001 is available at: http://downloads.asterisk.org/pub/security/AST-2010-001.pdf ----- Asterisk 1.6.1.16: The releases of Asterisk 1.2.40, 1.4.29.1, 1.6.0.24, 1.6.1.16, and 1.6.2.4 include documention describing a possible dialplan string injection with common usage of the ${EXTEN} (and other expansion variables). The issue and resolution are described in the AST-2010-002 security advisory. If you have a channel technology which can accept characters other than numbers and letters (such as SIP) it may be possible to craft an INVITE which sends data such as 300&Zap/g1/4165551212 which would create an additional outgoing channel leg that was not originally intended by the dialplan programmer. Please note that this is not limited to an specific protocol or the Dial() application. The expansion of variables into programmatically-interpreted strings is a common behavior in many script or script-like languages, Asterisk included. The ability for a variable to directly replace components of a command is a feature, not a bug - that is the entire point of string expansion. However, it is often the case due to expediency or design misunderstanding that a developer will not examine and filter string data from external sources before passing it into potentially harmful areas of their dialplan. With the flexibility of the design of Asterisk come these risks if the dialplan designer is not suitably cautious as to how foreign data is allowed to enter the system unchecked. This security release is intended to raise awareness of how it is possible to insert malicious strings into dialplans, and to advise developers to read the best practices documents so that they may easily avoid these dangers. For more information about the details of this vulnerability, please read the security advisory AST-2010-002, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.16 Security advisory AST-2010-002 is available at: http://downloads.asterisk.org/pub/security/AST-2010-002.pdf The README-SERIOUSLY.bestpractices.txt document is available in the top-level directory of your Asterisk sources, or available in all Asterisk branches from 1.2 and up. http://svn.asterisk.org/svn/asterisk/trunk/README-SERIOUSLY.bestpractices.txt ----- Asterisk 1.6.1.17: The releases of Asterisk 1.6.0.25, 1.6.1.17, and 1.6.2.5 resolve an issue with invalid parsing of ACL (Access Control List) rules leading to a possible compromise in security. The issue and resolution are described in the AST-2010-003 security advisory. For more information about the details of this vulnerability, please read the security advisory AST-2010-003, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.1.17 Security advisory AST-2010-003 is available at: http://downloads.asterisk.org/pub/security/AST-2010-003.pdf -----
2010-02-10Bump revision for PYTHON_VERSION_DEFAULT change.joerg1-2/+2
2010-02-10Retire comms/plptools.joerg25-601/+1
2010-02-02Fixing DESTDIR support (upon joerg@'s request)sno3-5/+26
Adding license
2010-01-31update master_sites.zafer1-2/+2
2010-01-31update master_sites.zafer1-2/+2
2010-01-29DESTDIR supportjoerg7-24/+59
2010-01-29DESTDIR readyjoerg1-1/+3
2010-01-29DESTDIR supportjoerg3-2/+30
2010-01-29DESTDIR supportjoerg5-14/+19
2010-01-27DESTDIR support. Based on patch from Steven Drake.joerg1-8/+9
2010-01-18Second try at jpeg-8 recursive PKGREVISION bump.wiz8-15/+16
2010-01-17resuscitate, with a distfile instead of a files subdirspz4-0/+38
2010-01-17Remove this, as demanded by Joerg.dholland95-26182/+0
2010-01-17Recursive PKGREVISION bump for jpeg update to 8.wiz6-9/+12
2010-01-17Remove unused files that appear to be leftovers from some pre-NetBSDdholland4-17/+0
makefile scheme. It's clear nobody'd maintained tn3270 in base for a long, long time.
2010-01-17whoops, should use the curses bl3. no version bump, ride the import.dholland1-1/+2
2010-01-17+tn3270dholland1-1/+2
2010-01-17The package bits for tn3270. This is a bit rough and probably not going todholland3-0/+36
build except on netbsd-5 and -current, but we can take that as it comes.
2010-01-17Use our own map3270 file instead of hardwiring /usr/share/misc.dholland1-4/+4
2010-01-17support PKGMANDIRdholland1-3/+8
2010-01-17fix slipup in man page namesdholland1-2/+2
2010-01-17New makefiles for this that don't depend on being in the base source tree.dholland15-201/+285
2010-01-17Import tn3270 from base as of 20100114, just before its removal. Thisdholland96-0/+26073
is just the sources, and they're unchanged from base except that the rcsids have been preserved. The package will be along shortly.
2010-01-15fairly minor update to 1.4.13plunky4-101/+22
- obexapp does not now require GNU libiconv (this was in pkgsrc already) - compiler errors fixed - no longer tries to provide username/groupname in file listings (info not available in chroot)
2010-01-13PR/42612 - Dima Veselov -- build problem when no options specifiedjnemeth2-3/+3
2010-01-07Use new ${LP64PLATFORMS} variable to restrict platforms instead of manualwiz1-2/+2
hardcoding. Note: This effectively adds x86_64 to NOT_FOR_PLATFORM for some packages.
2010-01-05Add workaround for broken Makefile.PL that eats an important argument.joerg2-1/+32
From Daniel Horecki.
2010-01-02 Fix build problem when no options are selected. Thanks to wiz@ forjnemeth1-2/+7
noticing the problem and seb@ for help with the Makefile contortions.
2009-12-30 Update to 1.6.1.12. 1.6.1.10 and 1.6.1.12 are general bugjnemeth6-64/+76
fix releases. For more information see: http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/asterisk-1.6.1.10-summary.html or http://tinyurl.com/yzyr9tt and http://downloads.asterisk.org/pub/telephony/asterisk/old-releases/asterisk-1.6.1.12-summary.html or http://tinyurl.com/yfxlyjp . 1.6.1.11 fixes AST-2009-010 which allows people to remotely crash the server. The description of the issue is: An attacker sending a valid RTP comfort noise payload containing a data length of 24 bytes or greater can remotely crash Asterisk. Commit during freeze approved by wiz@.
2009-12-18 Update to 1.2.37. This update is to fix two security issues.jnemeth2-6/+6
1.2.36 fixed AST-2009-008, and 1.2.37 fixed AST-2009-010. The problem in AST-2009-008 is: ----- It is possible to determine if a peer with a specific name is configured in Asterisk by sending a specially crafted REGISTER message twice. The username that is to be checked is put in the user portion of the URI in the To header. A bogus non-matching value is put into the username portion of the Digest in the Authorization header. If the peer does exist the second REGISTER will receive a response of "403 Authentication user name does not match account name". If the peer does not exist the response will be "404 Not Found" if alwaysauthreject is disabled and "401 Unauthorized" if alwaysauthreject is enabled. ----- And, the problem in AST-2009-010 is: ----- An attacker sending a valid RTP comfort noise payload containing a data length of 24 bytes or greater can remotely crash Asterisk. -----
2009-12-18You are in a maze of twisty little Makefiles, all with short install targetsabs47-120/+496
Somewhat more than 11 rooms later... PKG_DESTDIR_SUPPORT
2009-12-17PKG_DESTDIR_SUPPORTabs1-9/+10
2009-12-17Updated comms/xisp to 2.7p4abs5-27/+29
Updated from 2.7p1 to 2.7p4 as original distfile no longer available No changelog available added PKG_DESTDIR_SUPPORT
2009-12-17PKG_DESTDIR_SUPPORTabs5-12/+30
2009-12-15Recursive bump for libltdljoerg1-1/+2
2009-12-01Make this work with BSD native iconv(3).drochner3-7/+75
This was tested by sending vcards with non-ASCII names; the result was identical as before with GNU libiconv. bump PKGREVISION approved by plunky
2009-11-24update HOMEPAGE and MASTER_SITES as geocities is goneplunky1-3/+3