./comms/asterisk, The Asterisk Software PBX

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 11.25.1nb4, Package name: asterisk-11.25.1nb4, Maintainer: jnemeth

Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive

Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).

This is a long term support version. It is scheduled to go to
security fixes only on October 25th, 2016, and EOL on October 25th,
2017. See here for more information about Asterisk versions:

NOTE: This version does not work with the zaptel drivers. It
requires the newer DAHDI drivers which are still being ported.
So, there is no hardware support available at this moment.

Required to run:
[textproc/libxml2] [www/curl] [audio/speex] [lang/perl5] [devel/libuuid] [textproc/iksemel] [audio/speexdsp]

Required to build:

Package options: asterisk-config, jabber, ldap, speex

Master sites: (Expand)

Version history: (Expand)

CVS history: (Expand)

   2017-04-22 23:04:05 by Adam Ciarcinski | Files touched by this commit (670) | Package updated
Log message:
Revbump after icu update
   2017-02-21 06:25:13 by Cherry G. Mathew | Files touched by this commit (1)
Log message:
Add an upper API version restriction.
The current only user of this buildlink file is asterisk-chan-dongle
(which is yet to be committed).
With further users, comms/asterisk may need to find a version specific
directory as newer versions are imported.
   2017-02-12 07:26:18 by Ryo ONODERA | Files touched by this commit (1451)
Log message:
Recursive revbump from fonts/harfbuzz
   2017-02-10 12:01:48 by Cherry G. Mathew | Files touched by this commit (1)
Log message:
Add buildlink support.
This will aid subsequent module builds
   2017-02-06 14:56:14 by Thomas Klausner | Files touched by this commit (1452)
Log message:
Recursive bump for harfbuzz's new graphite2 dependency.
   2017-01-19 19:52:30 by Alistair G. Crooks | Files touched by this commit (352)
Log message:
Convert all occurrences (353 by my count) of

	MASTER_SITES= 	site1 \

style continuation lines to be simple repeated


lines. As previewed on tech-pkg. With thanks to rillig for fixing pkglint
   2017-01-01 17:06:40 by Adam Ciarcinski | Files touched by this commit (616) | Package updated
Log message:
Revbump after boost update
   2016-12-11 01:50:15 by John Nemeth | Files touched by this commit (2) | Package updated
Log message:
Update to Asterisk 11.25.1:  this fixes AST-2016-009.

             Asterisk Project Security Advisory - ASTERISK-2016-009

         Product        Asterisk
    Nature of Advisory  Authentication Bypass
      Susceptibility    Remote unauthenticated sessions
         Severity       Minor
      Exploits Known    No
       Reported On      October 3, 2016
       Reported By      Walter Doekes
        Posted On
     Last Updated On    December 8, 2016
     Advisory Contact   Mmichelson AT digium DOT com
         CVE Name

    Description  The chan_sip channel driver has a liberal definition for
                 whitespace when attempting to strip the content between a
                 SIP header name and a colon character. Rather than
                 following RFC 3261 and stripping only spaces and horizontal
                 tabs, Asterisk treats any non-printable ASCII character as
                 if it were whitespace. This means that headers such as


                 will be seen as a valid Contact header.

                 This mostly does not pose a problem until Asterisk is
                 placed in tandem with an authenticating SIP proxy. In such
                 a case, a crafty combination of valid and invalid To
                 headers can cause a proxy to allow an INVITE request into
                 Asterisk without authentication since it believes the
                 request is an in-dialog request. However, because of the
                 bug described above, the request will look like an
                 out-of-dialog request to Asterisk. Asterisk will then
                 process the request as a new call. The result is that
                 Asterisk can process calls from unvetted sources without
                 any authentication.

                 If you do not use a proxy for authentication, then this
                 issue does not affect you.

                 If your proxy is dialog-aware (meaning that the proxy keeps
                 track of what dialogs are currently valid), then this issue
                 does not affect you.

                 If you use chan_pjsip instead of chan_sip, then this issue
                 does not affect you.

    Resolution  chan_sip has been patched to only treat spaces and
                horizontal tabs as whitespace following a header name. This
                allows for Asterisk and authenticating proxies to view
                requests the same way

                               Affected Versions
                         Product                       Release
                  Asterisk Open Source                  11.x    All Releases
                  Asterisk Open Source                  13.x    All Releases
                  Asterisk Open Source                  14.x    All Releases
                   Certified Asterisk                   13.8    All Releases

                                  Corrected In
          Product                              Release
    Asterisk Open Source               11.25.1, 13.13.1, 14.2.1
     Certified Asterisk                11.6-cert16, 13.8-cert4

                 SVN URL                              Revision


    Asterisk Project Security Advisories are posted at

    This document may be superseded by later versions; if so, the latest
    version will be posted at
    http://downloads.digium.com/pub/securit … 16-009.pdf and
    http://downloads.digium.com/pub/securit … 6-009.html

                                Revision History
                     Date                        Editor      Revisions Made
    November 28, 2016                        Mark Michelson  Initial writeup

             Asterisk Project Security Advisory - ASTERISK-2016-009
              Copyright (c) 2016 Digium, Inc. All Rights Reserved.
  Permission is hereby granted to distribute and publish this advisory in its
                           original, unaltered form.