./comms/asterisk18, The Asterisk Software PBX

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: pkgsrc-2015Q1, Version: 1.8.32.3nb3, Package name: asterisk-1.8.32.3nb3, Maintainer: jnemeth

Asterisk is a complete PBX in software. It provides all of the
features you would expect from a PBX and more. Asterisk does voice
over IP in three protocols, and can interoperate with almost all
standards-based telephony equipment using relatively inexpensive
hardware.

Asterisk provides Voicemail services with Directory, Call Conferencing,
Interactive Voice Response, Call Queuing. It has support for
three-way calling, caller ID services, ADSI, SIP and H.323 (as both
client and gateway).

NOTE: This version does not work with the zaptel drivers. It
requires the newer DAHDI drivers which are still being ported.
So, there is no hardware support available at this moment.

Asterisk 1.8 is a long term support version (i.e. it will be
supported for four years with an additional year of security only
fixes). See:

https://wiki.asterisk.org/wiki/display/AST/Asterisk+Versions


Required to run:
[lang/perl5] [textproc/iksemel] [textproc/libxml2] [www/curl] [audio/speexdsp] [audio/speex]


Package options: jabber, ldap, speex

Master sites: (Expand)


Version history: (Expand)


CVS history: (Expand)


   2015-06-10 22:38:43 by Matthias Scheler | Files touched by this commit (3) | Package updated
Log message:
Pullup ticket #4736 - requested by manu
comms/asterisk18: security update

Revisions pulled up:
- comms/asterisk18/Makefile                             1.94,1.97 via patch
- comms/asterisk18/distinfo                             1.60-1.61
- comms/asterisk18/patches/patch-main_loader.c          1.1

---
   Module Name:    pkgsrc
   Committed By:   jnemeth
   Date:           Sun Apr 12 03:35:39 UTC 2015

   Modified Files:
           pkgsrc/comms/asterisk18: Makefile distinfo

   Log message:
   Update to Asterisk 1.8.32.3:  this is a security fix update.

   The Asterisk Development Team has announced security releases for
   Certified Asterisk 1.8.28, 11.6, and 13.1 and Asterisk 1.8, 11,
   12, and 13. The available security releases are released as versions
   1.8.28.cert-5, 1.8.32.3, 11.6-cert11, 11.17.1, 12.8.2, 13.1-cert2,
   and 13.3.2.

   The release of these versions resolves the following security vulnerability:

   * AST-2015-003: TLS Certificate Common name NULL byte exploit

     When Asterisk registers to a SIP TLS device and verifies the
     server, Asterisk will accept signed certificates that match a
     common name other than the one Asterisk is expecting if the signed
     certificate has a common name containing a null byte after the
     portion of the common name that Asterisk expected. This potentially
     allows for a man in the middle attack.

   For more information about the details of this vulnerability, please read
   security advisory AST-2015-003, which was released at the same time as this
   announcement.

   For a full list of changes in the current releases, please see the Change Logs:

   http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.3

   The security advisory is available at:

   * http://downloads.asterisk.org/pub/security/AST-2015-003.pdf

   Thank you for your continued support of Asterisk!

---
   Module Name:    pkgsrc
   Committed By:   manu
   Date:           Tue Apr 28 08:48:11 UTC 2015

   Modified Files:
           pkgsrc/comms/asterisk18: Makefile distinfo
   Added Files:
           pkgsrc/comms/asterisk18/patches: patch-main_loader.c

   Log message:
   Fix crash in asterisk18 startup

   The added patch fixes startup crash and was submitted upstream.
   While there also remove the ban on i386, as it was tested to run fine.