Navigation:
Browse pkgsrc
(this page)| 2012-04-27 14:32:08 by OBATA Akio | Files touched by this commit (302) |
Log message: Recursive bump from icu shlib major bumped to 49. |
| 2012-04-07 22:05:57 by John Nemeth | Files touched by this commit (6) |
Log message:
Update to Asterisk 10.3.0:
pkgsrc change: eliminate ilbc option now that iLBC codec is always built
The Asterisk Development Team has announced the release of Asterisk 10.3.0.
The release of Asterisk 10.3.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!
The following are the issues resolved in this release:
* --- Fix potential buffer overrun and memory leak when executing "sip
show peers"
* --- Fix ACK routing for non-2xx responses.
* --- Remove possible segfaults from res_odbc by adding locks around
usage of odbc handle
* --- Fix blind transfer parking issues if the dialed extension is not
recognized as a parking extension.
* --- Copy CDR variables when set during a bridge
* --- push 'outgoing' flag from sig_XXX up to chan_dahdi
For a full list of changes in this release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.3.0
Thank you for your continued support of Asterisk!
|
| 2012-03-25 04:17:47 by John Nemeth | Files touched by this commit (7) |
Log message: Update to 10.2.1: This is a security fix release. It fixes AST-2012-002 and AST-2012-003. pkgsrc changes: - adapt to having iLBC source code included - fix building on Solaris - adapt to new sound tarball ----- 10.2.0 ----- The Asterisk Development Team has announced the release of Asterisk 10.2.0. The release of Asterisk 10.2.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release: * --- Prevent outbound SIP NOTIFY packets from displaying a port of 0 --- * --- Include iLBC source code for distribution with Asterisk --- * --- Fix callerid of originated calls --- * --- Fix outbound DTMF for inband mode of chan_ooh323 --- * --- Create and initialize udptl only when dialog requests image media --- * --- Don't prematurely stop SIP session timer --- For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.2.0 Thank you for your continued support of Asterisk! ----- 10.2.1 ----- The Asterisk Development Team has announced security releases for Asterisk 1.4, 1.6.2, 1.8, and 10. The available security releases are released as versions 1.4.44, 1.6.2.23, 1.8.10.1, and 10.2.1. The release of Asterisk 1.8.10.1 and 10.2.1 resolve two issues. First, they resolve the issue in app_milliwatt, wherein a buffer can potentially be overrun on the stack, but no remote code execution is possible. Second, they resolve an issue in HTTP AMI where digest authentication information can be used to overrun a buffer on the stack, allowing for code injection and execution. These issues and their resolution are described in the security advisory. For more information about the details of these vulnerabilities, please read the security advisories AST-2012-002 and AST-2012-003, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.2.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2012-002.pdf * http://downloads.asterisk.org/pub/security/AST-2012-003.pdf Thank you for your continued support of Asterisk! |
| 2012-03-03 13:54:23 by Thomas Klausner | Files touched by this commit (68) |
Log message: More pcre PKGREVISION bumps. |
| 2012-02-27 01:18:10 by John Nemeth | Files touched by this commit (2) |
Log message: Upgrade to 10.1.3: The Asterisk Development Team has announced the release of Asterisk 10.1.3. The release of Asterisk 10.1.3 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: * --- Fix ACK routing for non-2xx responses. (Closes issue ASTERISK-19389. Reported by: Karsten Wemheuer) * --- Fix regressions with regards to route-set creation on early dialogs --- (Closes issue ASTERISK-19358. Reported-by: Karsten Wemheuer) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.3 Thank you for your continued support of Asterisk! |
| 2012-02-12 21:17:17 by John Nemeth | Files touched by this commit (2) |
Log message: The release of Asterisk 10.1.2 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: * --- Fix SIP INFO DTMF handling for non-numeric codes --- (Closes issue ASTERISK-19290. Reported by: Ira Emus) * --- Fix crash in ParkAndAnnounce --- (Closes issue ASTERISK-19311. Reported-by: tootai) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.2 |
| 2012-02-08 06:42:33 by John Nemeth | Files touched by this commit (2) |
Log message: Update to 10.1.1: The release of Asterisk 10.1.1 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release: * --- Fixes deadlocks occuring in chan_agent --- * --- Ensure entering T.38 passthrough does not cause an infinite loop --- For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.1 Thank you for your continued support of Asterisk! |
2012-02-06 13:42:32 by Thomas Klausner | Files touched by this commit (1812) |  |
Log message: Revbump for a) tiff update to 4.0 (shlib major change) b) glib2 update 2.30.2 (adds libffi dependency to buildlink3.mk) Enjoy. |
| 2012-01-28 21:39:10 by John Nemeth | Files touched by this commit (3) |
Log message: Update to Asterisk 10.1.0: The Asterisk Development Team is pleased to announce the release of Asterisk 10.1.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 10.1.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following is a sample of the issues resolved in this release: * AST-2012-001: prevent crash when an SDP offer is received with an encrypted video stream when support for video is disabled and res_srtp is loaded. (closes issue ASTERISK-19202) Reported by: Catalin Sanda * Allow playback of formats that don't support seeking. ast_streamfile previously did unconditional seeking on files that broke playback of formats that don't support that functionality. This patch avoids the seek that was causing the problem. (closes issue ASTERISK-18994) Patched by: Timo Teras * Add pjmedia probation concepts to res_rtp_asterisk's learning mode. In order to better handle RTP sources with strictrtp enabled (which is the default setting in 10) using the learning mode to figure out new sources when they change is handled by checking for a number of consecutive (by sequence number) packets received to an rtp struct based on a new configurable value called 'probation'. Also, during learning mode instead of liberally accepting all packets received, we now reject packets until a clear source has been determined. * Handle AST_CONTROL_UPDATE_RTP_PEER frames in local bridge loop. Failing to handle AST_CONTROL_UPDATE_RTP_PEER frames in the local bridge loop causes the loop to exit prematurely. This causes a variety of negative side effects, depending on when the loop exits. This patch handles the frame by essentially swallowing the frame in the local loop, as the current channel drivers expect the RTP bridge to handle the frame, and, in the case of the local bridge loop, no additional action is necessary. (closes issue ASTERISK-19095) Reported by: Stefan Schmidt Tested by: Matt Jordan * Fix timing source dependency issues with MOH. Prior to this patch, res_musiconhold existed at the same module priority level as the timing sources that it depends on. This would cause a problem when music on hold was reloaded, as the timing source could be changed after res_musiconhold was processed. This patch adds a new module priority level, AST_MODPRI_TIMING, that the various timing modules are now loaded at. This now occurs before loading other resource modules, such that the timing source is guaranteed to be set prior to resolving the timing source dependencies. (closes issue ASTERISK-17474) Reporter: Luke H Tested by: Luke H, Vladimir Mikhelson, zzsurf, Wes Van Tlghem, elguero, Thomas Arimont Patched by elguero * Fix RTP reference leak. If a blind transfer were initiated using a REFER without a prior reINVITE to place the call on hold, AND if Asterisk were sending RTCP reports, then there was a reference leak for the RTP instance of the transferrer. (closes issue ASTERISK-19192) Reported by: Tyuta Vitali * Fix blind transfers from failing if an 'h' extension is present. This prevents the 'h' extension from being run on the transferee channel when it is transferred via a native transfer mechanism such as SIP REFER. (closes issue ASTERISK-19173) Reported by: Ross Beer Tested by: Kristjan Vrban Patches: ASTERISK-19173 by Mark Michelson (license 5049) * Restore call progress code for analog ports. Extracting sig_analog from chan_dahdi lost call progress detection functionality. Fix analog ports from considering a call answered immediately after dialing has completed if the callprogress option is enabled. (closes issue ASTERISK-18841) Reported by: Richard Miller Patched by Richard Miller * Fix regression that 'rtp/rtcp set debup ip' only works when a port was also specified. (closes issue ASTERISK-18693) Reported by: Davide Dal Reviewed by: Walter Doekes For a full list of changes in this release candidate, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-10.1.0 Thank you for your continued support of Asterisk! |
| 2012-01-20 08:29:09 by John Nemeth | Files touched by this commit (2) |
Log message:
Update to Asterisk 10.0.1. This fixes AST-2012-001:
Asterisk Project Security Advisory - AST-2012-001
+------------------------------------------------------------------------+
| Product | Asterisk |
|----------------------+-------------------------------------------------|
| Summary | SRTP Video Remote Crash Vulnerability |
|----------------------+-------------------------------------------------|
| Nature of Advisory | Denial of Service |
|----------------------+-------------------------------------------------|
| Susceptibility | Remote unauthenticated sessions |
|----------------------+-------------------------------------------------|
| Severity | Moderate |
|----------------------+-------------------------------------------------|
| Exploits Known | No |
|----------------------+-------------------------------------------------|
| Reported On | 2012-01-15 |
|----------------------+-------------------------------------------------|
| Reported By | Catalin Sanda |
|----------------------+-------------------------------------------------|
| Posted On | 2012-01-19 |
|----------------------+-------------------------------------------------|
| Last Updated On | January 19, 2012 |
|----------------------+-------------------------------------------------|
| Advisory Contact | Joshua Colp < jcolp AT digium DOT com > |
|----------------------+-------------------------------------------------|
| CVE Name | |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Description | An attacker attempting to negotiate a secure video |
| | stream can crash Asterisk if video support has not been |
| | enabled and the res_srtp Asterisk module is loaded. |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Resolution | Upgrade to one of the versions of Asterisk listed in the |
| | "Corrected In" section, or apply a patch specified \
in the |
| | "Patches" section. \
|
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Affected Versions |
|------------------------------------------------------------------------|
| Product | Release Series | |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 1.8.x | All versions |
|-------------------------------+----------------+-----------------------|
| Asterisk Open Source | 10.x | All versions |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Corrected In |
|------------------------------------------------------------------------|
| Product | Release |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 1.8.8.2 |
|------------------------------------------+-----------------------------|
| Asterisk Open Source | 10.0.1 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Patches |
|------------------------------------------------------------------------|
| SVN URL |Branch|
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-1.8.diff |v1.8 |
|-----------------------------------------------------------------+------|
|http://downloads.asterisk.org/pub/security/AST-2012-001-10.diff |v10 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Links | https://issues.asterisk.org/jira/browse/ASTERISK-19202 |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Asterisk Project Security Advisories are posted at |
| http://www.asterisk.org/security |
| |
| This document may be superseded by later versions; if so, the latest |
| version will be posted at |
| http://downloads.digium.com/pub/security/AST-2012-001.pdf and |
| http://downloads.digium.com/pub/security/AST-2012-001.html |
+------------------------------------------------------------------------+
+------------------------------------------------------------------------+
| Revision History |
|------------------------------------------------------------------------|
| Date | Editor | Revisions Made |
|-----------------+--------------------+---------------------------------|
| 12-01-19 | Joshua Colp | Initial release |
+------------------------------------------------------------------------+
Asterisk Project Security Advisory - AST-2012-001
Copyright (c) 2012 Digium, Inc. All Rights Reserved.
Permission is hereby granted to distribute and publish this advisory in its
original, unaltered form.
|
New packages: