Log message:
NOT_FOR_PLATFORM->BROKEN_ON_PLATFORM as requested by dholland@

Log message:
Update to Asterisk 11.15.1:  this is a security fix.

pkgsrc change: adapt to splitting up of speex

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28.cert-4, 1.8.32.2, 11.6-cert10,
11.15.1, 12.8.1, and 13.1.1.

The release of these versions resolves the following security vulnerabilities:

* AST-2015-001: File descriptor leak when incompatible codecs are offered

                Asterisk may be configured to only allow specific audio or
                video codecs to be used when communicating with a
                particular endpoint. When an endpoint sends an SDP offer
                that only lists codecs not allowed by Asterisk, the offer
                is rejected. However, in this case, RTP ports that are
                allocated in the process are not reclaimed.

                This issue only affects the PJSIP channel driver in
                Asterisk. Users of the chan_sip channel driver are not
                affected.

* AST-2015-002: Mitigation for libcURL HTTP request injection vulnerability

                CVE-2014-8150 reported an HTTP request injection
                vulnerability in libcURL. Asterisk uses libcURL in its
                func_curl.so module (the CURL() dialplan function), as well
                as its res_config_curl.so (cURL realtime backend) modules.

                Since Asterisk may be configured to allow for user-supplied
                URLs to be passed to libcURL, it is possible that an
                attacker could use Asterisk as an attack vector to inject
                unauthorized HTTP requests if the version of libcURL
                installed on the Asterisk server is affected by
                CVE-2014-8150.

For more information about the details of these vulnerabilities, please read
security advisory AST-2015-001 and AST-2015-002, which were released at the same
time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.2
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.15.1

The security advisories are available at:

* http://downloads.asterisk.org/pub/security/AST-2015-001.pdf
* http://downloads.asterisk.org/pub/security/AST-2015-002.pdf

Thank you for your continued support of Asterisk!

Log message:
Update to Asterisk 11.15.0: this is mostly a bug fix release.

The Asterisk Development Team has announced the release of Asterisk 11.15.0.

The release of Asterisk 11.15.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-20127 - [Regression] Config.c config_text_file_load()
      unescapes semicolons ("\;" -> ";") turning them \ 
into comments
      (corruption) on rewrite of a config file (Reported by George
      Joseph)
 * ASTERISK-24307 - Unintentional memory retention in stringfields
      (Reported by Etienne Lessard)
 * ASTERISK-24492 - main/file.c: ast_filestream sometimes causes
      extra calls to ast_module_unref (Reported by Corey Farrell)
 * ASTERISK-24504 - chan_console: Fix reference leaks to pvt
      (Reported by Corey Farrell)
 * ASTERISK-24468 - Incoming UCS2 encoded SMS truncated if SMS
      length exceeds 50 (roughly) national symbols (Reported by
      Dmitriy Bubnov)
 * ASTERISK-24500 - Regression introduced in chan_mgcp by SVN
      revision r227276 (Reported by Xavier Hienne)
 * ASTERISK-20402 - Unable to cancel (features.conf) attended
      transfer (Reported by Matt Riddell)
 * ASTERISK-24505 - manager: http connections leak references
      (Reported by Corey Farrell)
 * ASTERISK-24502 - Build fails when dev-mode, dont optimize and
      coverage are enabled (Reported by Corey Farrell)
 * ASTERISK-24444 - PBX: Crash when generating extension for
      pattern matching hint (Reported by Leandro Dardini)
 * ASTERISK-24522 - ConfBridge: delay occurs between kicking all
      endmarked users when last marked user leaves (Reported by Matt
      Jordan)
 * ASTERISK-15242 - transmit_refer leaks sip_refer structures
      (Reported by David Woolley)
 * ASTERISK-24440 - Call leak in Confbridge (Reported by Ben Klang)
 * ASTERISK-24469 - Security Vulnerability: Mixed IPv4/IPv6 ACLs
      allow blocked addresses through (Reported by Matt Jordan)
 * ASTERISK-24516 - [patch]Asterisk segfaults when playing back
      voicemail under high concurrency with an IMAP backend (Reported
      by David Duncan Ross Palmer)
 * ASTERISK-24572 - [patch]App_meetme is loaded without its
      defaults when the configuration file is missing (Reported by
      Nuno Borges)
 * ASTERISK-24573 - [patch]Out of sync conversation recording when
      divided in multiple recordings (Reported by Nuno Borges)

Improvements made in this release:
-----------------------------------
 * ASTERISK-24283 - [patch]Microseconds precision in the eventtime
      column in the cel_odbc module (Reported by Etienne Lessard)
 * ASTERISK-24530 - [patch] app_record stripping 1/4 second from
      recordings (Reported by Ben Smithurst)
 * ASTERISK-24577 - Speed up loopback switches by avoiding unneeded
      lookups (Reported by Birger "WIMPy" Harzenetter)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.15.0

Thank you for your continued support of Asterisk!

Log message:
Update to Asterisk 11.14.2: this is a security fix release.

The Asterisk Development Team has announced security releases for
Certified Asterisk 11.6 and Asterisk 11, 12, and 13. The available
security releases are released as versions 11.6-cert9, 11.14.2,
12.7.2, and 13.0.2.

The release of these versions resolves the following security vulnerability:

* AST-2014-019: Remote Crash Vulnerability in WebSocket Server

  When handling a WebSocket frame the res_http_websocket module
  dynamically changes the size of the memory used to allow the
  provided payload to fit. If a payload length of zero was received
  the code would incorrectly attempt to resize to zero. This
  operation would succeed and end up freeing the memory but be
  treated as a failure. When the session was subsequently torn down
  this memory would get freed yet again causing a crash.

For more information about the details of this vulnerability, please read
security advisory AST-2014-019, which was released at the same time as this
announcement.

For a full list of changes in the current releases, please see the Change Logs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.2

The security advisory is available at:

* http://downloads.asterisk.org/pub/security/AST-2014-019.pdf

Thank you for your continued support of Asterisk!

Log message:
Update to Asterisk 11.14.1:  this is a security fix release.

The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available
security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1,
11.14.1, 12.7.1, and 13.0.1.

The release of these versions resolves the following security vulnerabilities:

* AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP
  address families

  Many modules in Asterisk that service incoming IP traffic have ACL options
  ("permit" and "deny") that can be used to whitelist or \ 
blacklist address
  ranges. A bug has been discovered where the address family of incoming
  packets is only compared to the IP address family of the first entry in the
  list of access control rules. If the source IP address for an incoming
  packet is not of the same address as the first ACL entry, that packet
  bypasses all ACL rules.

* AST-2014-018: Permission Escalation through DB dialplan function

  The DB dialplan function when executed from an external protocol, such as AMI,
  could result in a privilege escalation. Users with a lower class authorization
  in AMI can access the internal Asterisk database without the required SYSTEM
  class authorization.

In addition, the release of 11.6-cert8 and 11.14.1 resolves the following
security vulnerability:

* AST-2014-014: High call load with ConfBridge can result in resource exhaustion

  The ConfBridge application uses an internal bridging API to implement
  conference bridges. This internal API uses a state model for channels within
  the conference bridge and transitions between states as different things
  occur. Unload load it is possible for some state transitions to be delayed
  causing the channel to transition from being hung up to waiting for media. As
  the channel has been hung up remotely no further media will arrive and the
  channel will stay within ConfBridge indefinitely.

In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves
the following security vulnerability:

* AST-2014-017: Permission Escalation via ConfBridge dialplan function and
                AMI ConfbridgeStartRecord Action

  The CONFBRIDGE dialplan function when executed from an external protocol (such
  as AMI) can result in a privilege escalation as certain options within that
  function can affect the underlying system. Additionally, the AMI
  ConfbridgeStartRecord action has options that would allow modification of the
  underlying system, and does not require SYSTEM class authorization in AMI.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-014.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-017.pdf
 * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf

Thank you for your continued support of Asterisk!

Log message:
Update to Asterisk 11.14.0: this is mostly a bugfix release.

The Asterisk Development Team has announced the release of Asterisk 11.14.0.

The release of Asterisk 11.14.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-24348 - Built-in editline tab complete segfault with
      MALLOC_DEBUG (Reported by Walter Doekes)
 * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to
      INVITE retransmissions of rejected calls (Reported by Torrey
      Searle)
 * ASTERISK-23768 - [patch] Asterisk man page contains a (new)
      unquoted minus sign (Reported by Jeremy Lainé)
 * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits
      (Reported by Jeremy Lainé)
 * ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir
      Cohen)
 * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with
      realtime peers (Reported by ibercom)
 * ASTERISK-24384 - chan_motif: format capabilities leak on module
      load error (Reported by Corey Farrell)
 * ASTERISK-24385 - chan_sip: process_sdp leaks on an error path
      (Reported by Corey Farrell)
 * ASTERISK-24378 - Release AMI connections on shutdown (Reported
      by Corey Farrell)
 * ASTERISK-24354 - AMI sendMessage closes AMI connection on error
      (Reported by Peter Katzmann)
 * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with
      ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell)
 * ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are
      incorrectly attempted (Reported by Joshua Colp)
 * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too
      high on linux systems with lots of RAM (Reported by Michael
      Myles)
 * ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates
      received for component (Reported by Kevin Harwell)
 * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE
      results in a SIP channel leak (Reported by NITESH BANSAL)
 * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP
      Re-INVITE results in a SIP channel leak (Reported by Torrey
      Searle)
 * ASTERISK-24406 - Some caller ID strings are parsed differently
      since 11.13.0 (Reported by Etienne Lessard)
 * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30
      (Reported by Tzafrir Cohen)
 * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by
      Tzafrir Cohen)
 * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE
      (Reported by Paolo Compagnini)
 * ASTERISK-18923 - res_fax_spandsp usage counter is wrong
      (Reported by Grigoriy Puzankin)
 * ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by
      Corey Farrell)
 * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout
      (Reported by Dmitry Melekhov)
 * ASTERISK-23846 - Unistim multilines. Loss of voice after second
      call drops (on a second line). (Reported by Rustam Khankishyiev)
 * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy
      when sending qualify requests (Reported by Damian Ivereigh)
 * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of
      SSLv3, security fix POODLE (CVE-2014-3566) (Reported by
      abelbeck)
 * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling
      against libsrtp-1.5.0 (Reported by Patrick Laimbock)
 * ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing
      leak (Reported by Corey Farrell)
 * ASTERISK-24430 - missing letter "p" in word response in
      OriginateResponse event documentation (Reported by Dafi Ni)
 * ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by
      Corey Farrell)
 * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers
      (Reported by Olle Johansson)
 * ASTERISK-24304 - asterisk crashing randomly because of unistim
      channel (Reported by dhanapathy sathya)
 * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by
      Nick Adams)
 * ASTERISK-24466 - app_queue: fix a couple leaks to struct
      call_queue (Reported by Corey Farrell)
 * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled
      (Reported by Corey Farrell)
 * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream
      leaks (Reported by Corey Farrell)
 * ASTERISK-24307 - Unintentional memory retention in stringfields
      (Reported by Etienne Lessard)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0

Thank you for your continued support of Asterisk!

Log message:
Update Asterisk to 11.13.0.  This is mostly a bugfix release:

The Asterisk Development Team has announced the release of Asterisk 11.13.0.

The release of Asterisk 11.13.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-24032 - Gentoo compilation emits warning:
      "_FORTIFY_SOURCE" redefined (Reported by Kilburn)
 * ASTERISK-24225 - Dial option z is broken (Reported by
      dimitripietro)
 * ASTERISK-24178 - [patch]fromdomainport used even if not set
      (Reported by Elazar Broad)
 * ASTERISK-22252 - res_musiconhold cleanup - REF_DEBUG reload
      warnings and ref leaks (Reported by Walter Doekes)
 * ASTERISK-23997 - chan_sip: port incorrectly incremented for RTCP
      ICE candidates in SDP answer (Reported by Badalian Vyacheslav)
 * ASTERISK-24019 - When a Music On Hold stream starts it restarts
      at beginning of file. (Reported by Jason Richards)
 * ASTERISK-23767 - [patch] Dynamic IAX2 registration stops trying
      if ever not able to resolve (Reported by David Herselman)
 * ASTERISK-24211 - testsuite: Fix the dial_LS_options test
      (Reported by Matt Jordan)
 * ASTERISK-24249 - SIP debugs do not stop (Reported by Avinash
      Mohod)
 * ASTERISK-23577 - res_rtp_asterisk: Crash in
      ast_rtp_on_turn_rtp_state when RTP instance is NULL (Reported by
      Jay Jideliov)
 * ASTERISK-23634 - With TURN Asterisk crashes on multiple (7-10)
      concurrent WebRTC (avpg/encryption/icesupport) calls (Reported
      by Roman Skvirsky)
 * ASTERISK-24301 - Security: Out of call MESSAGE requests
      processed via Message channel driver can crash Asterisk
      (Reported by Matt Jordan)

Improvements made in this release:
-----------------------------------
 * ASTERISK-24171 - [patch] Provide a manpage for the aelparse
      utility (Reported by Jeremy Lainé)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.13.0

Thank you for your continued support of Asterisk!

Log message:
Revbump after updating libwebp and icu

Log message:
Update to Asterisk 11.12.1: this is mainly a security fix for AST-2014-010.

The Asterisk Development Team has announced security releases for Certified
Asterisk 11.6 and Asterisk 11 and 12. The available security releases are
released as versions 11.6-cert6, 11.12.1, and 12.5.1.

Please note that the release of these versions resolves the following security
vulnerability:

* AST-2014-010: Remote Crash when Handling Out of Call Message in Certain
                Dialplan Configurations

Note that the crash described in AST-2014-010 can be worked around through
dialplan configuration. Given the likelihood of the issue, an advisory was
deemed to be warranted.

For more information about the details of these vulnerabilities, please read
security advisories AST-2014-009 and AST-2014-010, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLogs:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.12.1

The security advisories are available at:

 * http://downloads.asterisk.org/pub/security/AST-2014-010.pdf

Thank you for your continued support of Asterisk!

Log message:
Update to Asterisk 11.12.0: this is mainly a bugfix release.

The Asterisk Development Team has announced the release of Asterisk 11.12.0.

The release of Asterisk 11.12.0 resolves several issues reported by the
community and would have not been possible without your participation.
Thank you!

The following are the issues resolved in this release:

Bugs fixed in this release:
-----------------------------------
 * ASTERISK-23911 - URIENCODE/URIDECODE: WARNING about passing an
      empty string is a bit over zealous (Reported by Matt Jordan)
 * ASTERISK-23985 - PresenceState Action response does not contain
      ActionID; duplicates Message Header (Reported by Matt Jordan)
 * ASTERISK-23814 - No call started after peer dialed (Reported by
      Igor Goncharovsky)
 * ASTERISK-24087 - [patch]chan_sip: sip_subscribe_mwi_destroy
      should not call sip_destroy (Reported by Corey Farrell)
 * ASTERISK-23818 - PBX_Lua: after asterisk startup module is
      loaded, but dialplan not available (Reported by Dennis Guse)
 * ASTERISK-18345 - [patch] sips connection dropped by asterisk
      with a large INVITE (Reported by Stephane Chazelas)
 * ASTERISK-23508 - Memory Corruption in
      __ast_string_field_ptr_build_va (Reported by Arnd Schmitter)

Improvements made in this release:
-----------------------------------
 * ASTERISK-21178 - Improve documentation for manager command
      Getvar, Setvar (Reported by Rusty Newton)

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.12.0

Thank you for your continued support of Asterisk!