./net/asterisk10, The Asterisk Software PBX

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 10.12.4nb2, Package name: asterisk-10.12.4nb2, Maintainer: jnemeth

Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.

Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).

NOTE: This version does not work with the zaptel drivers. It
requires the newer DAHDI drivers which are still being ported.
So, there is no hardware support available at this moment.


Required to run:
[textproc/libxml2] [www/curl] [audio/speex] [lang/perl5] [textproc/iksemel]


Package options: jabber, ldap, speex

Master sites: (Expand)


Version history: (Expand)


CVS history: (Expand)


   2014-04-09 09:27:19 by OBATA Akio | Files touched by this commit (452)
Log message:
recursive bump from icu shlib major bump.
   2014-03-11 15:05:19 by Jonathan Perkin | Files touched by this commit (350)
Log message:
Remove example rc.d scripts from PLISTs.

These are now handled dynamically if INIT_SYSTEM is set to "rc.d", or
ignored otherwise.
   2014-02-13 00:18:57 by Matthias Scheler | Files touched by this commit (1568)
Log message:
Recursive PKGREVISION bump for OpenSSL API version bump.
   2013-12-17 06:37:10 by John Nemeth | Files touched by this commit (2) | Package updated
Log message:
Update to Asterisk 10.12.4:  this is a security fix update that fixes
AST-2013-006 and AST-2013-007.

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The available security
releases are released as versions 1.8.15-cert4, 11.2-cert3, 1.8.24.1, 10.12.4,
10.12.4-digiumphones, and 11.6.1.

The release of these versions resolve the following issues:

* A buffer overflow when receiving odd length 16 bit messages in app_sms. An
  infinite loop could occur which would overwrite memory when a message is
  received into the unpacksms16() function and the length of the message is an
  odd number of bytes.

* Prevent permissions escalation in the Asterisk Manager Interface. Asterisk
  now marks certain individual dialplan functions as 'dangerous', which will
  inhibit their execution from external sources.

  A 'dangerous' function is one which results in a privilege escalation. For
  example, if one were to read the channel variable SHELL(rm -rf /) Bad
  Things(TM) could happen; even if the external source has only read
  permissions.

  Execution from external sources may be enabled by setting 'live_dangerously'
  to 'yes' in the [options] section of asterisk.conf. Although doing so is not
  recommended.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities, please read
security advisories AST-2013-006 and AST-2013-007, which were
released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telep … g-1.8.24.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/secur … 13-006.pdf
 * http://downloads.asterisk.org/pub/secur … 13-007.pdf

Thank you for your continued support of Asterisk!
   2013-10-19 11:07:13 by Adam Ciarcinski | Files touched by this commit (346)
Log message:
Revbump after updating textproc/icu
   2013-10-10 16:42:40 by Ryo ONODERA | Files touched by this commit (1058)
Log message:
Recursive revbump from pango-1.36.0
   2013-09-02 21:51:33 by Adam Ciarcinski | Files touched by this commit (1071) | Package updated
Log message:
Revbump after cairo update
   2013-08-30 01:14:38 by John Nemeth | Files touched by this commit (2) | Package updated
Log message:
Update to Asterisk 10.12.3: this is a security fix release to fix
AST-2013-004 and AST-2013-005.

pkgsrc change:  disable detection of broken IP_PKTINFO on NetBSD

The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.15, 11.2, and Asterisk 1.8, 10, and 11. The
available security rele ases are released as versions 1.8.15-cert2,
11.2-cert2, 1.8.23.1, 10.12.3, 10.12.3-di giumphones, and 11.5.1.

The release of these versions resolve the following issues:

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an ACK with SDP is received after the channel
  has been terminated.  The handling code incorrectly assumes that
  the channel will always be present.

* A remotely exploitable crash vulnerability exists in the SIP
  channel driver if an invalid SDP is sent in a SIP request that
  defines media descriptions before connection information. The
  handling code incorrectly attempts to reference the socket address
  information even though that information has not yet been set.

These issues and their resolutions are described in the security advisories.

For more information about the details of these vulnerabilities,
please read security advisories AST-2013-004 and AST-2013-005,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telep … og-10.12.3

The security advisories are available at:

 * http://downloads.asterisk.org/pub/secur … 13-004.pdf
 * http://downloads.asterisk.org/pub/secur … 13-005.pdf

Thank you for your continued support of Asterisk!