Subject: CVS commit: pkgsrc/comms/asterisk13
From: John Nemeth
Date: 2016-09-23 19:50:19
Message id: 20160923175019.BFD9CFBD1@cvs.NetBSD.org
Log Message:
Update to Asterisk 13.11.2: this is mainly a bug fix release
including two security issues:  AST-2016-006 and AST-2016-007.
Note that AST-2016-006 only affected setups using PJSIP, which
pkgsrc Asterisk does not.

pkgsrc changes:
- don't use gethostbyname_r on NetBSD
- eliminte conflict with new hmac(1) function on NetBSD

----- AST-2016-006

Asterisk can be crashed remotely by sending an ACK to it from an
endpoint username that Asterisk does not recognize.  Most SIP
request types result in an "artificial" endpoint being looked up,
but ACKs bypass this lookup. The resulting NULL pointer results in
a crash when attempting to determine if ACLs should be applied.

This issue was introduced in the Asterisk 13.10 release and only
affects that release.

This issue only affects users using the PJSIP stack with Asterisk.
Those users that use chan_sip are unaffected.

----- AST-2016-007

The overlap dialing feature in chan_sip allows chan_sip to report
to a device that the number that has been dialed is incomplete and
more digits are required. If this functionality is used with a
device that has performed username/password authentication RTP
resources are leaked.  This occurs because the code fails to release
the old RTP resources before allocating new ones in this scenario.
If all resources are used then RTP port exhaustion will occur and
no RTP sessions are able to be set up.

----- 13.11.2

The Asterisk Development Team has announced the release of Asterisk 13.11.2.

The release of Asterisk 13.11.2 resolves an issue reported by the
community and would have not been possible without your participation.
Thank you!

The following is the issue resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-26349 -  13.11.1 res_pjsip/pjsip_distributor.c: Request
      'REGISTER' failed (Reported by Dmitry Melekhov)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.11.2

Thank you for your continued support of Asterisk!

----- 13.11.0

The Asterisk Development Team has announced the release of Asterisk 13.11.0.

The release of Asterisk 13.11.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

New Features made in this release:
-----------------------------------
 * ASTERISK-25904 - PJSIP: add contact.updated event (Reported by
      Alexei Gradinari)

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-26269 - res_pjsip: Wrong state for aors without
      registered contacts after startup (Reported by nappsoft)
 * ASTERISK-26299 - app_queue: Queue application sometimes stops
      calling members with Local interface (Reported by Etienne
      Lessard)
 * ASTERISK-26148 - pjsip: Cannot compile 13.10.0-rc1:
      "libasteriskpj.so: undefined reference to..." (Reported by Hans
      van Eijsden)
 * ASTERISK-26237 - Fax is detected on regular calls. (Reported by
      Richard Mudgett)
 * ASTERISK-26227 - sqlalchemy error due to long identifier name
      (Reported by Mark Michelson)
 * ASTERISK-19968 - TCP Session-Timers not dropping call (Reported
      by Aaron Hamstra)
 * ASTERISK-26214 - Allow arbitrary time for fax detection to end
      on a channel (Reported by Richard Mudgett)
 * ASTERISK-23013 - [patch] Deadlock between 'sip show channels'
      command and attended transfer handling (Reported by Ben
      Smithurst)
 * ASTERISK-26216 - res_fax: Deadlock when detect fax while channel
      executing Playback (Reported by Richard Mudgett)
 * ASTERISK-26212 - [patch] Makefile: Retain XML Declaration and
      DTD in docs. (Reported by Alexander Traud)
 * ASTERISK-26211 - Unit tests: AST_TEST_DEFINE should be used in
      conditional code. (Reported by Corey Farrell)
 * ASTERISK-26207 - [patch] sRTP: Count a roll-over of the sequence
      number even on lost packets. (Reported by Alexander Traud)
 * ASTERISK-26038 - 'make install' doesn't seem to install OS/X
      init files (Reported by Tzafrir Cohen)
 * ASTERISK-26200 - [patch] res_pjsip_mwi: improve realtime
      performance - remove unneeded check on endpoint's contacts.
      (Reported by Alexei Gradinari)
 * ASTERISK-26133 - app_queue: Queue members receive multiple calls
      (Reported by Richard Miller)
 * ASTERISK-26196 - pbx: Time based includes can leak timezone
      string (Reported by Corey Farrell)
 * ASTERISK-26193 - chan_sip: reference leak in mwi_event_cb
      (Reported by Corey Farrell)
 * ASTERISK-25659 - res_rtp_asterisk: ECDH not negotiated causing
      DTLS failure occurred on RTP instance (Reported by Edwin
      Vandamme)
 * ASTERISK-26191 - threadpool: Leak on duplicate taskprocessor for
      ast_threadpool_serializer_group (Reported by Corey Farrell)
 * ASTERISK-26046 - [patch] Avoid obsolete warnings on autoconf.
      (Reported by Alexander Traud)
 * ASTERISK-26160 - pjsip: Updated->Reachable during qualify
      (Reported by Matt Jordan)
 * ASTERISK-25289 - Build System does not respect CFLAGS and
      CXXFLAGS when building menuselect (Reported by Jeffrey Walton)
 * ASTERISK-26119 - [patch] fix: memory leaks, resource leaks, out
      of bounds and bugs (Reported by Alexei Gradinari)
 * ASTERISK-26177 - func_odbc: Database handle is kept when it
      should be released (Reported by Leandro Dardini)
 * ASTERISK-26184 - chan_sip: Reference leaks in error paths.
      (Reported by Corey Farrell)
 * ASTERISK-26181 - REF_DEBUG: Node object incorrectly logged
      during duplicate replacement (Reported by Corey Farrell)
 * ASTERISK-26180 - PJSIP: provide valid tcp nodelay option for
      reuse (Reported by Scott Griepentrog)
 * ASTERISK-26179 - chan_sip: Second T.38 request fails (Reported
      by Joshua Colp)
 * ASTERISK-26172 - res_sorcery_realtime: fix bug when successful
      sql UPDATE is treated as failed if there is no affected rows.
      (Reported by Alexei Gradinari)
 * ASTERISK-25772 - res_pjsip: Unexpected two BYE when answered
      (Reported by Dmitriy Serov)
 * ASTERISK-26099 - res_pjsip_pubsub: Crash when sending request
      due to server timeout (Reported by Ross Beer)
 * ASTERISK-26144 - Crash on loading codecs g729/g723 (Reported by
      Alexei Gradinari)
 * ASTERISK-26157 - Build:   Fix errors highlighted by GCC 6.x
      (Reported by George Joseph)
 * ASTERISK-26021 - Build codecs siren7 and siren14 for Asterisk 13
      (Reported by Daniel Denson)
 * ASTERISK-26326 - Crash when dialing MulticastRTP channel
      (Reported by George Joseph)

Improvements made in this release:
-----------------------------------
 * ASTERISK-26220 - Add support for noreturn function attributes.
      (Reported by Corey Farrell)
 * ASTERISK-22131 - Update the make dependencies script to pull,
      build, and install the correct pjproject (Reported by Matt
      Jordan)
 * ASTERISK-25471 - [patch]Add subscribe_context to res_pjsip
      (Reported by JoshE)
 * ASTERISK-26159 - res_hep: enabled by default and information
      sent to default address (Reported by Ross Beer)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-13.11.0

Thank you for your continued support of Asterisk!
Files:
RevisionActionfile
1.12modifypkgsrc/comms/asterisk13/Makefile
1.7modifypkgsrc/comms/asterisk13/PLIST
1.7modifypkgsrc/comms/asterisk13/distinfo
1.2modifypkgsrc/comms/asterisk13/patches/patch-configure
1.2modifypkgsrc/comms/asterisk13/patches/patch-configure.ac
1.1addpkgsrc/comms/asterisk13/patches/patch-include_asterisk_sha1.h