Navigation:
Browse pkgsrc
(this page)| 2012-07-15 10:58:18 by John Marino | Files touched by this commit (2) |
Log message: comms/asterisk10: PLIST+= chan_mgcp.so (DragonFly Only) Defined new PLIST.mgcp variable for new file: lib/asterisks/modules/chan_mgcp.so |
| 2012-07-15 09:51:02 by John Nemeth | Files touched by this commit (3) |
Log message:
Update to Asterisk 10.6.0: this is a bugfix release
The Asterisk Development Team has announced the release of Asterisk 10.6.0.
The release of Asterisk 10.6.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following is a sample of the issues resolved in this release:
* --- format_mp3: Fix a possible crash in mp3_read().
* --- Fix local channel chains optimizing themselves out of a call.
* --- Re-add LastMsgsSent value for SIP peers
* --- Prevent sip_pvt refleak when an ast_channel outlasts its
corresponding sip_pvt.
* --- Send more accurate identification information in dialog-info SIP
NOTIFYs.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.6.0
Thank you for your continued support of Asterisk!
|
| 2012-07-06 23:10:11 by John Nemeth | Files touched by this commit (2) |
Log message: Update to Asterisk 10.5.2: this fixes two security issues, AST-2012-010 and AST-2012-011 The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.11 nd Asterisk 1.8 and 10. The available security releases are released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones. The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones resolve the following two issues: * If Asterisk sends a re-invite and an endpoint responds to the re-invite with a provisional response but never sends a final response, then the SIP dialog structure is never freed and the RTP ports for the call are never released. If an attacker has the ability to place a call, they could create a denial of service by using all available RTP ports. * If a single voicemail account is manipulated by two parties simultaneously, a condition can occur where memory is freed twice causing a crash. These issues and their resolution are described in the security advisories. For more information about the details of these vulnerabilities, please read security advisories AST-2012-010 and AST-2012-011, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2012-010.pdf * http://downloads.asterisk.org/pub/security/AST-2012-011.pdf Thank you for your continued support of Asterisk! |
| 2012-06-15 08:05:47 by John Nemeth | Files touched by this commit (2) |
Log message: Update to Asterisk 10.5.1: this fixes AST-2012-009. The Asterisk Development Team has announced a security release for Asterisk 10. This security release is released as version 10.5.1. The release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of Asterisk 10.5.1 resolves the following issue: * A remotely exploitable crash vulnerability was found in the Skinny (SCCP) Channel driver. When an SCCP client sends an Off Hook message, followed by a Key Pad Button Message, a structure that was previously set to NULL is dereferenced. This allows remote authenticated connections the ability to cause a crash in the server, denying services to legitimate users. This issue and its resolution is described in the security advisory. For more information about the details of this vulnerability, please read security advisory AST-2012-009, which was released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.1 The security advisory is available at: * http://downloads.asterisk.org/pub/security/AST-2012-009.pdf Thank you for your continued support of Asterisk! |
| 2012-06-14 09:45:42 by Steven Drake | Files touched by this commit (1202) |
Log message: Recursive PKGREVISION bump for libxml2 buildlink addition. |
| 2012-06-05 03:39:45 by John Nemeth | Files touched by this commit (7) |
Log message:
Update to Asterisk 10.5.0:
The Asterisk Development Team has announced the release of Asterisk
10.5.0.
The release of Asterisk 10.5.0 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following is a sample of the issues resolved in this release:
* --- Turn off warning message when bind address is set to any.
* --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit
machines
* --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply
before disconnecting the call.
* --- Fix recalled party B feature flags for a failed DTMF atxfer.
* --- Fix DTMF atxfer running h exten after the wrong bridge ends.
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.5.0
Thank you for your continued support of Asterisk!
|
2012-06-04 01:34:45 by John Nemeth | Files touched by this commit (2) |  |
Log message:
Update to Asterisk 10.4.2: this update fixes AST-2012-007 and
AST-2012-008 along with some general bug fixes.
----- 10.4.1 -----
The Asterisk Development Team has announced security releases for
Certified Asterisk 1.8.11 and Asterisk 1.8 and 10. The available
security releases are released as versions 1.8.11-cert2, 1.8.12.1,
and 10.4.1.
The release of Asterisk 1.8.11-cert2, 1.8.12.1, and 10.4.1 resolve
the following two issues:
* A remotely exploitable crash vulnerability exists in the IAX2
channel driver if an established call is placed on hold without
a suggested music class. Asterisk will attempt to use an invalid
pointer to the music on hold class name, potentially causing a
crash.
* A remotely exploitable crash vulnerability was found in the Skinny
(SCCP) Channel driver. When an SCCP client closes its connection
to the server, a pointer in a structure is set to NULL. If the
client was not in the on-hook state at the time the connection
was closed, this pointer is later dereferenced. This allows remote
authenticated connections the ability to cause a crash in the
server, denying services to legitimate users.
These issues and their resolution are described in the security
advisories.
For more information about the details of these vulnerabilities,
please read security advisories AST-2012-007 and AST-2012-008,
which were released at the same time as this announcement.
For a full list of changes in the current releases, please see the
ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.12.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.4.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-007.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-008.pdf
Thank you for your continued support of Asterisk!
----- 10.4.2 -----
The Asterisk Development Team has announced the release of Asterisk
10.4.2.
The release of Asterisk 10.4.2 resolves several issues reported by
the community and would have not been possible without your
participation. Thank you!
The following are the issues resolved in this release:
* --- Resolve crash in subscribing for MWI notifications
(Closes issue ASTERISK-19827. Reported by B. R)
* --- Fix crash in ConfBridge when user announcement is played for
more than 2 users
(Closes issue ASTERISK-19899. Reported by Florian Gilcher)
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.2
Thank you for your continued support of Asterisk!
|
| 2012-05-04 18:06:14 by Joerg Sonnenberger | Files touched by this commit (11) |
Log message: Don't override optimizer settings with absurd levels. Fix inline definitions to work with C99 compiler. |
| 2012-05-03 08:23:37 by John Nemeth | Files touched by this commit (3) |
Log message:
Update to Asterisk 10.4.0: this is a bug fix release.
The Asterisk Development Team has announced the release of Asterisk 10.4.0.
The release of Asterisk 10.4.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Prevent chanspy from binding to zombie channels
* --- Fix Dial m and r options and forked calls generating warnings
for voice frames.
* --- Remove ISDN hold restriction for non-bridged calls.
* --- Fix copying of CDR(accountcode) to local channels.
* --- Ensure Asterisk acknowledges ACKs to 4xx on Replaces errors
* --- Eliminate double close of file descriptor in manager.c
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.4.0
Thank you for your continued support of Asterisk!
|
| 2012-04-30 04:53:25 by John Nemeth | Files touched by this commit (2) | |
Log message: Update to Asterisk 10.3.1. This Fixes AST-2012-004, AST-2012-005, and AST-2012-006. The Asterisk Development Team has announced security releases for Asterisk 1.6.2 , 1.8, and 10. The available security releases are released as versions 1.6.2.24, 1.8.11.1, and 10.3.1. The release of Asterisk 1.6.2.24, 1.8.11.1, and 10.3.1 resolve the following two issues: * A permission escalation vulnerability in Asterisk Manager Interface. This would potentially allow remote authenticated users the ability to execute commands on the system shell with the privileges of the user running the Asterisk application. * A heap overflow vulnerability in the Skinny Channel driver. The keypad button message event failed to check the length of a fixed length buffer before appending a received digit to the end of that buffer. A remote authenticated user could send sufficient keypad button message events that th e buffer would be overrun. In addition, the release of Asterisk 1.8.11.1 and 10.3.1 resolve the following issue: * A remote crash vulnerability in the SIP channel driver when processing UPDATE requests. If a SIP UPDATE request was received indicating a connected line update after a channel was terminated but before the final destruction of the associated SIP dialog, Asterisk would attempt a connected line update on a non-existing channel, causing a crash. These issues and their resolution are described in the security advisories. For more information about the details of these vulnerabilities, please read security advisories AST-2012-004, AST-2012-005, and AST-2012-006, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.3.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2012-004.pdf * http://downloads.asterisk.org/pub/security/AST-2012-005.pdf * http://downloads.asterisk.org/pub/security/AST-2012-006.pdf Thank you for your continued support of Asterisk! |
New packages: