Subject: CVS commit: pkgsrc/comms/asterisk10
From: John Nemeth
Date: 2012-03-25 04:17:47
Message id: 20120325021747.D0F56175DD@cvs.netbsd.org

Log Message:
Update to 10.2.1:

This is a security fix release.  It fixes AST-2012-002 and AST-2012-003.

pkgsrc changes:

- adapt to having iLBC source code included
- fix building on Solaris
- adapt to new sound tarball

----- 10.2.0 -----

The Asterisk Development Team has announced the release of Asterisk 10.2.0.

The release of Asterisk 10.2.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following is a sample of the issues resolved in this release:

* --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 ---

* --- Include iLBC source code for distribution with Asterisk ---

* --- Fix callerid of originated calls ---

* --- Fix outbound DTMF for inband mode of chan_ooh323 ---

* --- Create and initialize udptl only when dialog requests image media ---

* --- Don't prematurely stop SIP session timer ---

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.2.0

Thank you for your continued support of Asterisk!

----- 10.2.1 -----

The Asterisk Development Team has announced security releases for
Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases
are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1.

The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues.
First, they resolve the issue in app_milliwatt, wherein a buffer
can potentially be overrun on the stack, but no remote code execution
is possible.  Second, they resolve an issue in HTTP AMI where digest
authentication information can be used to overrun a buffer on the
stack, allowing for code injection and execution.

These issues and their resolution are described in the security
advisory.

For more information about the details of these vulnerabilities,
please read the security advisories AST-2012-002 and AST-2012-003,
which were released at the same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.2.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2012-002.pdf
 * http://downloads.asterisk.org/pub/security/AST-2012-003.pdf

Thank you for your continued support of Asterisk!

Files:
RevisionActionfile
1.10modifypkgsrc/comms/asterisk10/Makefile
1.4modifypkgsrc/comms/asterisk10/PLIST
1.7modifypkgsrc/comms/asterisk10/distinfo
1.3modifypkgsrc/comms/asterisk10/options.mk
1.2modifypkgsrc/comms/asterisk10/patches/patch-channels_chan__oss.c
1.2modifypkgsrc/comms/asterisk10/patches/patch-configure
1.2modifypkgsrc/comms/asterisk10/patches/patch-contrib_scripts_autosupport